From nobody Mon Oct  3 09:28:05 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A24F0129405 for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 09:28:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wIPhS_osxK1r for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 09:28:03 -0700 (PDT)
Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com [IPv6:2607:f8b0:400e:c03::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BCB81293FF for <lisp@ietf.org>; Mon,  3 Oct 2016 09:28:03 -0700 (PDT)
Received: by mail-pa0-x22c.google.com with SMTP id ik13so9875035pac.2 for <lisp@ietf.org>; Mon, 03 Oct 2016 09:28:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:content-transfer-encoding:subject:date:references:to :message-id:mime-version; bh=POuB0tYx5XwO+bYXPtUStKn9Ke49LukK2iZRnxDgv/I=; b=UfwgbKnA680I5qa/cyxxOZbDZ2tcXICMgywr8ll30RlU+pxhua69l9GMwQ1Qck7+A1 ZndkFx/o5KsRJ6ygBxMHWxZgGdL3tHvGzHIZH5o9shpMYJup25vpt+I0rZUSkDXD1Xvo BtVYR22tLkQMLYVYv9KzHTlqj9GD2JfTdjvooT+87QNjK7+ZFpaPyXAQls5xGya1i2dk ZuN1F7ms99nY65swzdbHlfYZNOBt4h3eFES/r0xbHDyigQg7+PHuGIfeprYVYkJOq2CQ puI8+Z1zqQkrd5supF15rvliXeMLyAsJQokr+esR5R3Xh1UC1Zhrk2cabSCAztxrQggb cWSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject:date :references:to:message-id:mime-version; bh=POuB0tYx5XwO+bYXPtUStKn9Ke49LukK2iZRnxDgv/I=; b=mVfgSuWJfPq9b9xQv4hhUct7Hgr5cEPC5EfW70PUcJIeRrrHKfQtlqS7ccaHIh5u/p 81jWCqiFP0/O85NM6TrjzbTDMfLxm9Xb7h7eKN/tbdLNoji58aT0VOsEL0crJQ4D83RO Ap+UxhvVIDveThQxoav5K2Cwc5GJxsgupZ3ol9NCh+AAVoMptIwUYhtAwM4miE/S+xRo +cGahUNVnqtTmPzL/yvfYihhV88+bZzgZ63asvaOQDHT+D3ZV/JGCxR4BNSmu7QobwZD mKslGSn8GRTTg/SW5BNK/SICpkxcohEvgzuyCW/rU91Ya3aEzl4SHVVdVl0kRtm3iO/W +J8A==
X-Gm-Message-State: AA6/9Rl5/4Md5zWqhrLyeiL2B3R750qEq4GeARAicU+GLeYLHWbhMEndpoVJ94JHOFT7qw==
X-Received: by 10.66.190.201 with SMTP id gs9mr7209022pac.42.1475512082671; Mon, 03 Oct 2016 09:28:02 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id b197sm2639789pfb.52.2016.10.03.09.28.01 for <lisp@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 03 Oct 2016 09:28:02 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Mon, 3 Oct 2016 09:28:12 -0700
References: <147549493037.27448.323198583189545921.idtracker@ietfa.amsl.com>
To: LISP mailing list list <lisp@ietf.org>
Message-Id: <76204687-378C-4DD9-BE9F-B33B09896B7E@gmail.com>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/iTLftoFy4DtHducpIHyMwSP3v9k>
Subject: [lisp] Fwd: Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 16:28:04 -0000

Folks, I am going to update this draft so it doesn=E2=80=99t expire. At =
this time, I would like to request this a working group document. It is =
a very simple draft and would like to see if there are any comments and =
if we can start a last call on it. Chairs?

Dino

> Begin forwarded message:
>=20
> From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
> Subject: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
> Date: October 3, 2016 at 4:42:10 AM PDT
> To: <draft-farinacci-lisp-name-encoding@ietf.org>
> Resent-From: <alias-bounces@ietf.org>
> Resent-To: farinacci@gmail.com
>=20
> The following draft will expire soon:
>=20
> Name:     draft-farinacci-lisp-name-encoding
> Title:    LISP Distinguished Name Encoding
> State:    I-D Exists
> Expires:  2016-10-15 (in 1 week, 4 days)
>=20


From nobody Mon Oct  3 13:09:48 2016
Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62141129515 for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:09:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level: 
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05haN-lwYYUT for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:09:46 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C18812950A for <lisp@ietf.org>; Mon,  3 Oct 2016 13:09:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id E9EFB240CD2; Mon,  3 Oct 2016 13:09:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1475525385; bh=VRCZ0kswBd5cJm8cyF0R8i82VU1rIc9bp1Ej5xte7OU=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Dd4KsEqUEFltAgPBrAeMQDxp8euQ4k8nt35/1u4H1UW8E70Hke7c2jzRDsykQ2Gqv xZISb5XwnIALBstsW9sUyo8LJWgl3+esOTDuARrAMmZKFvNq+vQSOf8hzpHr+AO4Cv +/ORLtLj6uSTdah8x4bK3qE3aCNQ32y8Kw3B/nQw=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (unknown [104.129.194.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 80B7A240273; Mon,  3 Oct 2016 13:09:45 -0700 (PDT)
To: Dino Farinacci <farinacci@gmail.com>, LISP mailing list list <lisp@ietf.org>
References: <147549493037.27448.323198583189545921.idtracker@ietfa.amsl.com> <76204687-378C-4DD9-BE9F-B33B09896B7E@gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <3d078c9e-a21b-18de-e10c-b2b7ff834df6@joelhalpern.com>
Date: Mon, 3 Oct 2016 16:09:45 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <76204687-378C-4DD9-BE9F-B33B09896B7E@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/0ZlrAN9wtpzDbv7nVp3Udkdrre0>
Subject: Re: [lisp] Fwd: Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 20:09:47 -0000

Are we sure that all the use cases for this AFI fall into the ASCII 
character set.  DNS names clearly do meet that restriction.  But many 
other names do not.  And while people can and do define escapes, it 
produces complicated and messy situations.

I ask because as defined, even if we wanted to, this can not be used to 
carry UTF-8 to the fact that bytes of all 0 may occur in UTF-8.

There are many good reasons to keep this simple scope.  If we want to 
keep that restrictions, it seems to me that the introduction should be 
clear about the scope.

Yours,
Joel M. Halpern

On 10/3/16 12:28 PM, Dino Farinacci wrote:
> Folks, I am going to update this draft so it doesn’t expire. At this time, I would like to request this a working group document. It is a very simple draft and would like to see if there are any comments and if we can start a last call on it. Chairs?
>
> Dino
>
>> Begin forwarded message:
>>
>> From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
>> Subject: Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
>> Date: October 3, 2016 at 4:42:10 AM PDT
>> To: <draft-farinacci-lisp-name-encoding@ietf.org>
>> Resent-From: <alias-bounces@ietf.org>
>> Resent-To: farinacci@gmail.com
>>
>> The following draft will expire soon:
>>
>> Name:     draft-farinacci-lisp-name-encoding
>> Title:    LISP Distinguished Name Encoding
>> State:    I-D Exists
>> Expires:  2016-10-15 (in 1 week, 4 days)
>>
>
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
>


From nobody Mon Oct  3 13:13:19 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44769129516 for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:13:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LZ5Jj16IC_6p for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:13:16 -0700 (PDT)
Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com [IPv6:2607:f8b0:400e:c03::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB4FD12950A for <lisp@ietf.org>; Mon,  3 Oct 2016 13:13:16 -0700 (PDT)
Received: by mail-pa0-x22b.google.com with SMTP id rz1so9680325pab.1 for <lisp@ietf.org>; Mon, 03 Oct 2016 13:13:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KoIZWIh21VzChm6dyY0NGN6vI+6ClExachNEt9NSvxk=; b=f/8qjmibSTY11eRUvLgKE73cg5/KSziVsvgbBm8DGlCzck0s+RgktsOm9HGCzqPnn3 sAUGB27nf/9U4rw0AbnwERoDsSUzJB7tI3nJdgQuUbH12P/TZzHH18b4fRuZnPz9tsEi WWn+aPCl2T0x7NjE+K/F5hDquTjVjqVI+bFDku3OR787R13UY7OWz3oF1A9e6VJvCDca pm7lQySoJq46Z/3JJDm8QBvTxapn1iZfDtulJphvPcnFuGiJoBychxHdJ1Ty2rmUSSc6 yMjI4JBFLr4SXmKjM3TmljyvVgcGGmJgS1QCjVarQdemVggMaMCTmu1xqeRs7fLEQdcG IlDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=KoIZWIh21VzChm6dyY0NGN6vI+6ClExachNEt9NSvxk=; b=d5s/PV2JqAk5kBUPbZ/6pX1svAIFfVGqzyhPqa70smClfFtU+He9bCasvbrD35IsmL QftfoVgu2yeDD75FzHgTg/rN/TDKRw09ZYZ2tYzyA2r3KhUUKugwZvVggQ9ALdwlvxfd QDHECsjDwiukhCCtYdO4kiD2RF0kIxfKmAo07hS9CPY0VC1ZA5LLHUB3fdLzq42naz3f 9VhsY805o98wM5hrsyfBnczLH7t6XQPQJLLiif3RZL6YFF+x1zxB6xzrT3OFZFsf3TQ0 VXn7pdUeLuIMAX2IWMAK/5r8RL2Pv1eR26rr/GgbCoft0Bt4FrlIYnzRlrMUPI3s/+6z SNkg==
X-Gm-Message-State: AA6/9RkjOOiQRfuJkFosQCaGjCDqOo86PPXYixaOJ6nyWvxPCBWkZ9up/llYNfPw/wy4dQ==
X-Received: by 10.66.193.71 with SMTP id hm7mr40773084pac.164.1475525596222; Mon, 03 Oct 2016 13:13:16 -0700 (PDT)
Received: from [172.16.1.29] (c-98-207-51-38.hsd1.ca.comcast.net. [98.207.51.38]) by smtp.gmail.com with ESMTPSA id ra13sm49352508pac.29.2016.10.03.13.13.14 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 03 Oct 2016 13:13:15 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <3d078c9e-a21b-18de-e10c-b2b7ff834df6@joelhalpern.com>
Date: Mon, 3 Oct 2016 13:13:11 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <3AEA1AB4-C46D-4942-8B48-F93EE09EB992@gmail.com>
References: <147549493037.27448.323198583189545921.idtracker@ietfa.amsl.com> <76204687-378C-4DD9-BE9F-B33B09896B7E@gmail.com> <3d078c9e-a21b-18de-e10c-b2b7ff834df6@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/Dn938TBqkb-lTAup6DJkOEEGBCg>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Fwd: Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 20:13:18 -0000

> Are we sure that all the use cases for this AFI fall into the ASCII =
character set.  DNS names clearly do meet that restriction.  But many =
other names do not.  And while people can and do define escapes, it =
produces complicated and messy situations.

I would say so but maybe we should ask the group if there is a =
requirement for this feature to be in any non alphabetic languages.

> I ask because as defined, even if we wanted to, this can not be used =
to carry UTF-8 to the fact that bytes of all 0 may occur in UTF-8.

I am fine with documenting the restriction.

> There are many good reasons to keep this simple scope.  If we want to =
keep that restrictions, it seems to me that the introduction should be =
clear about the scope.

Let=E2=80=99s see if there is any input from the WG.=20

So let me ask this question, can DNS names be transmitted in, say, a =
chinese character set?

Dino

>=20
> Yours,
> Joel M. Halpern
>=20
> On 10/3/16 12:28 PM, Dino Farinacci wrote:
>> Folks, I am going to update this draft so it doesn=E2=80=99t expire. =
At this time, I would like to request this a working group document. It =
is a very simple draft and would like to see if there are any comments =
and if we can start a last call on it. Chairs?
>>=20
>> Dino
>>=20
>>> Begin forwarded message:
>>>=20
>>> From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
>>> Subject: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
>>> Date: October 3, 2016 at 4:42:10 AM PDT
>>> To: <draft-farinacci-lisp-name-encoding@ietf.org>
>>> Resent-From: <alias-bounces@ietf.org>
>>> Resent-To: farinacci@gmail.com
>>>=20
>>> The following draft will expire soon:
>>>=20
>>> Name:     draft-farinacci-lisp-name-encoding
>>> Title:    LISP Distinguished Name Encoding
>>> State:    I-D Exists
>>> Expires:  2016-10-15 (in 1 week, 4 days)
>>>=20
>>=20
>> _______________________________________________
>> lisp mailing list
>> lisp@ietf.org
>> https://www.ietf.org/mailman/listinfo/lisp
>>=20


From nobody Mon Oct  3 13:25:41 2016
Return-Path: <jmh.direct@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9A7129519 for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:25:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level: 
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qi3mnVgkD5j1 for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:25:38 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64A9D129508 for <lisp@ietf.org>; Mon,  3 Oct 2016 13:25:38 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 4F7BB8612AA; Mon,  3 Oct 2016 13:25:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1475526338; bh=sXGFek+enoxnRNVGkZzEOybtKvOhzxkk1VFKGUvlB9U=; h=Date:Subject:From:To:Cc:From; b=SZL9P0d+I1D2ageeqVSnilxWmQYNlwFFAYnuFMz9MN1cGa989Wdit74IXQkA/DPbM krSWRjHEp4qv/2nmVOHzfka3M97TX7xGZyucOvVkOsB4Pzh7oLheTRhslKLuryXX8F UC55zz4zE2RsRQ6/i7/bKfroeepRzsoVKz/CT0R4=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from [10.183.243.48] (mobile-166-171-057-084.mycingular.net [166.171.57.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 61DEE8612B2; Mon,  3 Oct 2016 13:25:37 -0700 (PDT)
Date: Mon, 03 Oct 2016 16:25:32 -0400
Message-ID: <d6a5u7il5vthm1s7l1td9bqx.1475526332736@email.android.com>
Importance: normal
From: "jmh.direct" <jmh.direct@joelhalpern.com>
To: Dino Farinacci <farinacci@gmail.com>, "Joel M. Halpern" <jmh@joelhalpern.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.samsung.android.email_94312547595360"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/uWxF2cyb8qEdG_w-uhzfvH9uO6I>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Fwd: Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 20:25:40 -0000

----_com.samsung.android.email_94312547595360
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64

RE5TIG5hbWVzIG9uIHRoZSB3aXJlIGFyZSBhc2NpaS4gwqBTbyB0aGUgcHJpbWFyeSB1c2UgY2Fz
ZSBpcyBjb3ZlcmVkIGFzIGlzIGFzIGZhciBhcyBJIGNhbiB0ZWxsLgpZb3VycyxKb2VsCgoKU2Vu
dCB2aWEgdGhlIFNhbXN1bmcgR2FsYXh5IFPCriA2LCBhbiBBVCZUIDRHIExURSBzbWFydHBob25l
Ci0tLS0tLS0tIE9yaWdpbmFsIG1lc3NhZ2UgLS0tLS0tLS1Gcm9tOiBEaW5vIEZhcmluYWNjaSA8
ZmFyaW5hY2NpQGdtYWlsLmNvbT4gRGF0ZTogMTAvMy8xNiAgNDoxMyBQTSAgKEdNVC0wNTowMCkg
VG86ICJKb2VsIE0uIEhhbHBlcm4iIDxqbWhAam9lbGhhbHBlcm4uY29tPiBDYzogTElTUCBtYWls
aW5nIGxpc3QgbGlzdCA8bGlzcEBpZXRmLm9yZz4gU3ViamVjdDogUmU6IFtsaXNwXSBGd2Q6IEV4
cGlyYXRpb24gaW1wZW5kaW5nOiA8ZHJhZnQtZmFyaW5hY2NpLWxpc3AtbmFtZS1lbmNvZGluZy0w
MC50eHQ+IAo+IEFyZSB3ZSBzdXJlIHRoYXQgYWxsIHRoZSB1c2UgY2FzZXMgZm9yIHRoaXMgQUZJ
IGZhbGwgaW50byB0aGUgQVNDSUkgY2hhcmFjdGVyIHNldC7CoCBETlMgbmFtZXMgY2xlYXJseSBk
byBtZWV0IHRoYXQgcmVzdHJpY3Rpb24uwqAgQnV0IG1hbnkgb3RoZXIgbmFtZXMgZG8gbm90LsKg
IEFuZCB3aGlsZSBwZW9wbGUgY2FuIGFuZCBkbyBkZWZpbmUgZXNjYXBlcywgaXQgcHJvZHVjZXMg
Y29tcGxpY2F0ZWQgYW5kIG1lc3N5IHNpdHVhdGlvbnMuCgpJIHdvdWxkIHNheSBzbyBidXQgbWF5
YmUgd2Ugc2hvdWxkIGFzayB0aGUgZ3JvdXAgaWYgdGhlcmUgaXMgYSByZXF1aXJlbWVudCBmb3Ig
dGhpcyBmZWF0dXJlIHRvIGJlIGluIGFueSBub24gYWxwaGFiZXRpYyBsYW5ndWFnZXMuCgo+IEkg
YXNrIGJlY2F1c2UgYXMgZGVmaW5lZCwgZXZlbiBpZiB3ZSB3YW50ZWQgdG8sIHRoaXMgY2FuIG5v
dCBiZSB1c2VkIHRvIGNhcnJ5IFVURi04IHRvIHRoZSBmYWN0IHRoYXQgYnl0ZXMgb2YgYWxsIDAg
bWF5IG9jY3VyIGluIFVURi04LgoKSSBhbSBmaW5lIHdpdGggZG9jdW1lbnRpbmcgdGhlIHJlc3Ry
aWN0aW9uLgoKPiBUaGVyZSBhcmUgbWFueSBnb29kIHJlYXNvbnMgdG8ga2VlcCB0aGlzIHNpbXBs
ZSBzY29wZS7CoCBJZiB3ZSB3YW50IHRvIGtlZXAgdGhhdCByZXN0cmljdGlvbnMsIGl0IHNlZW1z
IHRvIG1lIHRoYXQgdGhlIGludHJvZHVjdGlvbiBzaG91bGQgYmUgY2xlYXIgYWJvdXQgdGhlIHNj
b3BlLgoKTGV04oCZcyBzZWUgaWYgdGhlcmUgaXMgYW55IGlucHV0IGZyb20gdGhlIFdHLiAKClNv
IGxldCBtZSBhc2sgdGhpcyBxdWVzdGlvbiwgY2FuIEROUyBuYW1lcyBiZSB0cmFuc21pdHRlZCBp
biwgc2F5LCBhIGNoaW5lc2UgY2hhcmFjdGVyIHNldD8KCkRpbm8KCj4gCj4gWW91cnMsCj4gSm9l
bCBNLiBIYWxwZXJuCj4gCj4gT24gMTAvMy8xNiAxMjoyOCBQTSwgRGlubyBGYXJpbmFjY2kgd3Jv
dGU6Cj4+IEZvbGtzLCBJIGFtIGdvaW5nIHRvIHVwZGF0ZSB0aGlzIGRyYWZ0IHNvIGl0IGRvZXNu
4oCZdCBleHBpcmUuIEF0IHRoaXMgdGltZSwgSSB3b3VsZCBsaWtlIHRvIHJlcXVlc3QgdGhpcyBh
IHdvcmtpbmcgZ3JvdXAgZG9jdW1lbnQuIEl0IGlzIGEgdmVyeSBzaW1wbGUgZHJhZnQgYW5kIHdv
dWxkIGxpa2UgdG8gc2VlIGlmIHRoZXJlIGFyZSBhbnkgY29tbWVudHMgYW5kIGlmIHdlIGNhbiBz
dGFydCBhIGxhc3QgY2FsbCBvbiBpdC4gQ2hhaXJzPwo+PiAKPj4gRGlubwo+PiAKPj4+IEJlZ2lu
IGZvcndhcmRlZCBtZXNzYWdlOgo+Pj4gCj4+PiBGcm9tOiBJRVRGIFNlY3JldGFyaWF0IDxpZXRm
LXNlY3JldGFyaWF0LXJlcGx5QGlldGYub3JnPgo+Pj4gU3ViamVjdDogRXhwaXJhdGlvbiBpbXBl
bmRpbmc6IDxkcmFmdC1mYXJpbmFjY2ktbGlzcC1uYW1lLWVuY29kaW5nLTAwLnR4dD4KPj4+IERh
dGU6IE9jdG9iZXIgMywgMjAxNiBhdCA0OjQyOjEwIEFNIFBEVAo+Pj4gVG86IDxkcmFmdC1mYXJp
bmFjY2ktbGlzcC1uYW1lLWVuY29kaW5nQGlldGYub3JnPgo+Pj4gUmVzZW50LUZyb206IDxhbGlh
cy1ib3VuY2VzQGlldGYub3JnPgo+Pj4gUmVzZW50LVRvOiBmYXJpbmFjY2lAZ21haWwuY29tCj4+
PiAKPj4+IFRoZSBmb2xsb3dpbmcgZHJhZnQgd2lsbCBleHBpcmUgc29vbjoKPj4+IAo+Pj4gTmFt
ZTrCoMKgwqDCoCBkcmFmdC1mYXJpbmFjY2ktbGlzcC1uYW1lLWVuY29kaW5nCj4+PiBUaXRsZTrC
oMKgwqAgTElTUCBEaXN0aW5ndWlzaGVkIE5hbWUgRW5jb2RpbmcKPj4+IFN0YXRlOsKgwqDCoCBJ
LUQgRXhpc3RzCj4+PiBFeHBpcmVzOsKgIDIwMTYtMTAtMTUgKGluIDEgd2VlaywgNCBkYXlzKQo+
Pj4gCj4+IAo+PiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
Xwo+PiBsaXNwIG1haWxpbmcgbGlzdAo+PiBsaXNwQGlldGYub3JnCj4+IGh0dHBzOi8vd3d3Lmll
dGYub3JnL21haWxtYW4vbGlzdGluZm8vbGlzcAo+PiAKCg==

----_com.samsung.android.email_94312547595360
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64

PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0
L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPjwvaGVhZD48Ym9keT48ZGl2PkROUyBuYW1lcyBvbiB0aGUg
d2lyZSBhcmUgYXNjaWkuICZuYnNwO1NvIHRoZSBwcmltYXJ5IHVzZSBjYXNlIGlzIGNvdmVyZWQg
YXMgaXMgYXMgZmFyIGFzIEkgY2FuIHRlbGwuPC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5Zb3Vy
cyw8L2Rpdj48ZGl2PkpvZWw8L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2
Pjxicj48L2Rpdj48ZGl2IGlkPSJjb21wb3Nlcl9zaWduYXR1cmUiPjxkaXYgc3R5bGU9ImZvbnQt
c2l6ZTo4NSU7Y29sb3I6IzU3NTc1NyIgZGlyPSJhdXRvIj5TZW50IHZpYSB0aGUgU2Ftc3VuZyBH
YWxheHkgU8KuIDYsIGFuIEFUJmFtcDtUIDRHIExURSBzbWFydHBob25lPC9kaXY+PC9kaXY+PGRp
dj48YnI+PC9kaXY+PGRpdiBzdHlsZT0iZm9udC1zaXplOjEwMCU7Y29sb3I6IzAwMDAwMCI+PCEt
LSBvcmlnaW5hbE1lc3NhZ2UgLS0+PGRpdj4tLS0tLS0tLSBPcmlnaW5hbCBtZXNzYWdlIC0tLS0t
LS0tPC9kaXY+PGRpdj5Gcm9tOiBEaW5vIEZhcmluYWNjaSAmbHQ7ZmFyaW5hY2NpQGdtYWlsLmNv
bSZndDsgPC9kaXY+PGRpdj5EYXRlOiAxMC8zLzE2ICA0OjEzIFBNICAoR01ULTA1OjAwKSA8L2Rp
dj48ZGl2PlRvOiAiSm9lbCBNLiBIYWxwZXJuIiAmbHQ7am1oQGpvZWxoYWxwZXJuLmNvbSZndDsg
PC9kaXY+PGRpdj5DYzogTElTUCBtYWlsaW5nIGxpc3QgbGlzdCAmbHQ7bGlzcEBpZXRmLm9yZyZn
dDsgPC9kaXY+PGRpdj5TdWJqZWN0OiBSZTogW2xpc3BdIEZ3ZDogRXhwaXJhdGlvbiBpbXBlbmRp
bmc6ICZsdDtkcmFmdC1mYXJpbmFjY2ktbGlzcC1uYW1lLWVuY29kaW5nLTAwLnR4dCZndDsgPC9k
aXY+PGRpdj48YnI+PC9kaXY+PC9kaXY+Jmd0OyBBcmUgd2Ugc3VyZSB0aGF0IGFsbCB0aGUgdXNl
IGNhc2VzIGZvciB0aGlzIEFGSSBmYWxsIGludG8gdGhlIEFTQ0lJIGNoYXJhY3RlciBzZXQuJm5i
c3A7IEROUyBuYW1lcyBjbGVhcmx5IGRvIG1lZXQgdGhhdCByZXN0cmljdGlvbi4mbmJzcDsgQnV0
IG1hbnkgb3RoZXIgbmFtZXMgZG8gbm90LiZuYnNwOyBBbmQgd2hpbGUgcGVvcGxlIGNhbiBhbmQg
ZG8gZGVmaW5lIGVzY2FwZXMsIGl0IHByb2R1Y2VzIGNvbXBsaWNhdGVkIGFuZCBtZXNzeSBzaXR1
YXRpb25zLjxicj48YnI+SSB3b3VsZCBzYXkgc28gYnV0IG1heWJlIHdlIHNob3VsZCBhc2sgdGhl
IGdyb3VwIGlmIHRoZXJlIGlzIGEgcmVxdWlyZW1lbnQgZm9yIHRoaXMgZmVhdHVyZSB0byBiZSBp
biBhbnkgbm9uIGFscGhhYmV0aWMgbGFuZ3VhZ2VzLjxicj48YnI+Jmd0OyBJIGFzayBiZWNhdXNl
IGFzIGRlZmluZWQsIGV2ZW4gaWYgd2Ugd2FudGVkIHRvLCB0aGlzIGNhbiBub3QgYmUgdXNlZCB0
byBjYXJyeSBVVEYtOCB0byB0aGUgZmFjdCB0aGF0IGJ5dGVzIG9mIGFsbCAwIG1heSBvY2N1ciBp
biBVVEYtOC48YnI+PGJyPkkgYW0gZmluZSB3aXRoIGRvY3VtZW50aW5nIHRoZSByZXN0cmljdGlv
bi48YnI+PGJyPiZndDsgVGhlcmUgYXJlIG1hbnkgZ29vZCByZWFzb25zIHRvIGtlZXAgdGhpcyBz
aW1wbGUgc2NvcGUuJm5ic3A7IElmIHdlIHdhbnQgdG8ga2VlcCB0aGF0IHJlc3RyaWN0aW9ucywg
aXQgc2VlbXMgdG8gbWUgdGhhdCB0aGUgaW50cm9kdWN0aW9uIHNob3VsZCBiZSBjbGVhciBhYm91
dCB0aGUgc2NvcGUuPGJyPjxicj5MZXTigJlzIHNlZSBpZiB0aGVyZSBpcyBhbnkgaW5wdXQgZnJv
bSB0aGUgV0cuIDxicj48YnI+U28gbGV0IG1lIGFzayB0aGlzIHF1ZXN0aW9uLCBjYW4gRE5TIG5h
bWVzIGJlIHRyYW5zbWl0dGVkIGluLCBzYXksIGEgY2hpbmVzZSBjaGFyYWN0ZXIgc2V0Pzxicj48
YnI+RGlubzxicj48YnI+Jmd0OyA8YnI+Jmd0OyBZb3Vycyw8YnI+Jmd0OyBKb2VsIE0uIEhhbHBl
cm48YnI+Jmd0OyA8YnI+Jmd0OyBPbiAxMC8zLzE2IDEyOjI4IFBNLCBEaW5vIEZhcmluYWNjaSB3
cm90ZTo8YnI+Jmd0OyZndDsgRm9sa3MsIEkgYW0gZ29pbmcgdG8gdXBkYXRlIHRoaXMgZHJhZnQg
c28gaXQgZG9lc27igJl0IGV4cGlyZS4gQXQgdGhpcyB0aW1lLCBJIHdvdWxkIGxpa2UgdG8gcmVx
dWVzdCB0aGlzIGEgd29ya2luZyBncm91cCBkb2N1bWVudC4gSXQgaXMgYSB2ZXJ5IHNpbXBsZSBk
cmFmdCBhbmQgd291bGQgbGlrZSB0byBzZWUgaWYgdGhlcmUgYXJlIGFueSBjb21tZW50cyBhbmQg
aWYgd2UgY2FuIHN0YXJ0IGEgbGFzdCBjYWxsIG9uIGl0LiBDaGFpcnM/PGJyPiZndDsmZ3Q7IDxi
cj4mZ3Q7Jmd0OyBEaW5vPGJyPiZndDsmZ3Q7IDxicj4mZ3Q7Jmd0OyZndDsgQmVnaW4gZm9yd2Fy
ZGVkIG1lc3NhZ2U6PGJyPiZndDsmZ3Q7Jmd0OyA8YnI+Jmd0OyZndDsmZ3Q7IEZyb206IElFVEYg
U2VjcmV0YXJpYXQgJmx0O2lldGYtc2VjcmV0YXJpYXQtcmVwbHlAaWV0Zi5vcmcmZ3Q7PGJyPiZn
dDsmZ3Q7Jmd0OyBTdWJqZWN0OiBFeHBpcmF0aW9uIGltcGVuZGluZzogJmx0O2RyYWZ0LWZhcmlu
YWNjaS1saXNwLW5hbWUtZW5jb2RpbmctMDAudHh0Jmd0Ozxicj4mZ3Q7Jmd0OyZndDsgRGF0ZTog
T2N0b2JlciAzLCAyMDE2IGF0IDQ6NDI6MTAgQU0gUERUPGJyPiZndDsmZ3Q7Jmd0OyBUbzogJmx0
O2RyYWZ0LWZhcmluYWNjaS1saXNwLW5hbWUtZW5jb2RpbmdAaWV0Zi5vcmcmZ3Q7PGJyPiZndDsm
Z3Q7Jmd0OyBSZXNlbnQtRnJvbTogJmx0O2FsaWFzLWJvdW5jZXNAaWV0Zi5vcmcmZ3Q7PGJyPiZn
dDsmZ3Q7Jmd0OyBSZXNlbnQtVG86IGZhcmluYWNjaUBnbWFpbC5jb208YnI+Jmd0OyZndDsmZ3Q7
IDxicj4mZ3Q7Jmd0OyZndDsgVGhlIGZvbGxvd2luZyBkcmFmdCB3aWxsIGV4cGlyZSBzb29uOjxi
cj4mZ3Q7Jmd0OyZndDsgPGJyPiZndDsmZ3Q7Jmd0OyBOYW1lOiZuYnNwOyZuYnNwOyZuYnNwOyZu
YnNwOyBkcmFmdC1mYXJpbmFjY2ktbGlzcC1uYW1lLWVuY29kaW5nPGJyPiZndDsmZ3Q7Jmd0OyBU
aXRsZTombmJzcDsmbmJzcDsmbmJzcDsgTElTUCBEaXN0aW5ndWlzaGVkIE5hbWUgRW5jb2Rpbmc8
YnI+Jmd0OyZndDsmZ3Q7IFN0YXRlOiZuYnNwOyZuYnNwOyZuYnNwOyBJLUQgRXhpc3RzPGJyPiZn
dDsmZ3Q7Jmd0OyBFeHBpcmVzOiZuYnNwOyAyMDE2LTEwLTE1IChpbiAxIHdlZWssIDQgZGF5cyk8
YnI+Jmd0OyZndDsmZ3Q7IDxicj4mZ3Q7Jmd0OyA8YnI+Jmd0OyZndDsgX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX188YnI+Jmd0OyZndDsgbGlzcCBtYWlsaW5n
IGxpc3Q8YnI+Jmd0OyZndDsgbGlzcEBpZXRmLm9yZzxicj4mZ3Q7Jmd0OyBodHRwczovL3d3dy5p
ZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2xpc3A8YnI+Jmd0OyZndDsgPGJyPjxicj48L2JvZHk+
PC9odG1sPg==

----_com.samsung.android.email_94312547595360--


From nobody Mon Oct  3 13:31:40 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0574712951F for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:31:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FgZsqI58uEfQ for <lisp@ietfa.amsl.com>; Mon,  3 Oct 2016 13:31:36 -0700 (PDT)
Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C45B129504 for <lisp@ietf.org>; Mon,  3 Oct 2016 13:31:36 -0700 (PDT)
Received: by mail-pf0-x22d.google.com with SMTP id e6so11458136pfk.1 for <lisp@ietf.org>; Mon, 03 Oct 2016 13:31:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=39YzfWkRh7vKADN7DNm8SLbcbRCatNagsOZ9inzsJWQ=; b=TCZ1X1tIZDBXHhL+VAOhDPYR5KwYyo688iGMyIn1oP2MYIBAwVOpHd82QkwDtpAidu Iz6AqUiv6W8zHgQNpcszNEbj0Zzfiplxc2Xgt+r7qMzneFce5iqaSekvNia+s4juERkx FInBadOZ4TjEuiILSXCiz2y6mvMiUQDHWOJ1Vt2JCUAvvcN5c2eaX/LU1J3WT4qyJnZd kMONKNNKQUmlyvTiS2gWdHN75RoYLDr4EcPSTXse7PG6VQZI+O2DGDYsjwv5c4T1TJST A0dMueUNugCWZn6wBnaEL8TRr4iXzZtb1PrrqHEb0kBnwhTRXA4ptDj4iXm3jHDwsK1j l87g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=39YzfWkRh7vKADN7DNm8SLbcbRCatNagsOZ9inzsJWQ=; b=UKMPL/FxYgPYwPVFBCE2FiPNFA+hNAu83bWrKwq1XivC1L6g4lxS7wT7JOAWf3UbAD ZoDy8Lx8NUC5kzKgYgQ9ktznCAx9se8AsK6x98JY+1Zmv3Kw9OOITYmcb8z4sruCi/+s R0ZKWmnvcopZCCsRZ3V4kba+Ld02NaS6X1t9EC/KrrKcM9YJY8MnjI7OS+lx3toQWVyb zRtAW9YNo+x9nthdg4y4m07UghxQItXsskHEicRa4bxkbjTvGSVeXXSdkZ0UTPGQndpi tplez5oejs2d+0OhA5umYZPxLcFBtyhy1W6czqfy7DZqIm/Ie1ZZN/15p1r/R1LKg7HR 0oBA==
X-Gm-Message-State: AA6/9RlLpJDCuzu0DkAo3Q3Ad3CyK+QjeTI257GUJON6JlJ04DjE/M2PZM41ERCDzlhGWg==
X-Received: by 10.98.56.147 with SMTP id f141mr20164965pfa.83.1475526695540; Mon, 03 Oct 2016 13:31:35 -0700 (PDT)
Received: from [172.16.1.29] (c-98-207-51-38.hsd1.ca.comcast.net. [98.207.51.38]) by smtp.gmail.com with ESMTPSA id r29sm49277277pfd.37.2016.10.03.13.31.33 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 03 Oct 2016 13:31:35 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <d6a5u7il5vthm1s7l1td9bqx.1475526332736@email.android.com>
Date: Mon, 3 Oct 2016 13:31:32 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <B0B64BD8-4AAF-45B1-9A9D-0DAF2B4B6C22@gmail.com>
References: <d6a5u7il5vthm1s7l1td9bqx.1475526332736@email.android.com>
To: "jmh.direct" <jmh.direct@joelhalpern.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/-8nv-TPyh7qmBr4sEXkI1237uCk>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Fwd: Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 20:31:38 -0000

> DNS names on the wire are ascii.  So the primary use case is covered =
as is as far as I can tell.

So we should be the same and put the restriction in the draft. Agree?

Dino

>=20
> Yours,
> Joel
>=20
>=20
>=20
> Sent via the Samsung Galaxy S=C2=AE 6, an AT&T 4G LTE smartphone
>=20
> -------- Original message --------
> From: Dino Farinacci <farinacci@gmail.com>
> Date: 10/3/16 4:13 PM (GMT-05:00)
> To: "Joel M. Halpern" <jmh@joelhalpern.com>
> Cc: LISP mailing list list <lisp@ietf.org>
> Subject: Re: [lisp] Fwd: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
>=20
> > Are we sure that all the use cases for this AFI fall into the ASCII =
character set.  DNS names clearly do meet that restriction.  But many =
other names do not.  And while people can and do define escapes, it =
produces complicated and messy situations.
>=20
> I would say so but maybe we should ask the group if there is a =
requirement for this feature to be in any non alphabetic languages.
>=20
> > I ask because as defined, even if we wanted to, this can not be used =
to carry UTF-8 to the fact that bytes of all 0 may occur in UTF-8.
>=20
> I am fine with documenting the restriction.
>=20
> > There are many good reasons to keep this simple scope.  If we want =
to keep that restrictions, it seems to me that the introduction should =
be clear about the scope.
>=20
> Let=E2=80=99s see if there is any input from the WG.=20
>=20
> So let me ask this question, can DNS names be transmitted in, say, a =
chinese character set?
>=20
> Dino
>=20
> >=20
> > Yours,
> > Joel M. Halpern
> >=20
> > On 10/3/16 12:28 PM, Dino Farinacci wrote:
> >> Folks, I am going to update this draft so it doesn=E2=80=99t =
expire. At this time, I would like to request this a working group =
document. It is a very simple draft and would like to see if there are =
any comments and if we can start a last call on it. Chairs?
> >>=20
> >> Dino
> >>=20
> >>> Begin forwarded message:
> >>>=20
> >>> From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
> >>> Subject: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
> >>> Date: October 3, 2016 at 4:42:10 AM PDT
> >>> To: <draft-farinacci-lisp-name-encoding@ietf.org>
> >>> Resent-From: <alias-bounces@ietf.org>
> >>> Resent-To: farinacci@gmail.com
> >>>=20
> >>> The following draft will expire soon:
> >>>=20
> >>> Name:     draft-farinacci-lisp-name-encoding
> >>> Title:    LISP Distinguished Name Encoding
> >>> State:    I-D Exists
> >>> Expires:  2016-10-15 (in 1 week, 4 days)
> >>>=20
> >>=20
> >> _______________________________________________
> >> lisp mailing list
> >> lisp@ietf.org
> >> https://www.ietf.org/mailman/listinfo/lisp
> >>=20
>=20


From nobody Mon Oct  3 14:20:41 2016
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B6079129578; Mon,  3 Oct 2016 14:20:40 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Sender: <iesg-secretary@ietf.org>
Message-ID: <147552964070.29763.1529522793353766614.idtracker@ietfa.amsl.com>
Date: Mon, 03 Oct 2016 14:20:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/fvFnTATG3ug2Ml3qe4glt4FIMmU>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-ddt@ietf.org, lisp@ietf.org
Subject: [lisp] Last Call: <draft-ietf-lisp-ddt-08.txt> (LISP Delegated Database Tree) to Experimental RFC
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Reply-To: ietf@ietf.org
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 21:20:41 -0000

The IESG has received a request from the Locator/ID Separation Protocol
WG (lisp) to consider the following document:
- 'LISP Delegated Database Tree'
  <draft-ietf-lisp-ddt-08.txt> as Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-10-17. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   This document describes the LISP Delegated Database Tree (LISP-DDT),
   a hierarchical, distributed database which embodies the delegation of
   authority to provide mappings from LISP Endpoint Identifiers (EIDs)
   to Routing Locators (RLOCs).  It is a statically-defined distribution
   of the EID namespace among a set of LISP-speaking servers, called DDT
   nodes.  Each DDT node is configured as "authoritative" for one or
   more EID-prefixes, along with the set of RLOCs for Map Servers or
   "child" DDT nodes to which more-specific EID-prefixes are delegated.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/ballot/


No IPR declarations have been submitted directly on this I-D.





From nobody Mon Oct  3 15:06:44 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A66161295A8; Mon,  3 Oct 2016 15:06:39 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147553239967.29792.18358224015079534034.idtracker@ietfa.amsl.com>
Date: Mon, 03 Oct 2016 15:06:39 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/CbCLLzjhozPMb-43Bwugi8A9JoY>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-sec-11.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2016 22:06:40 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP-Security (LISP-SEC)
        Authors         : Fabio Maino
                          Vina Ermagan
                          Albert Cabellos
                          Damien Saucez
	Filename        : draft-ietf-lisp-sec-11.txt
	Pages           : 19
	Date            : 2016-10-03

Abstract:
   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-sec/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-sec-11

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-sec-11


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Tue Oct  4 03:38:19 2016
Return-Path: <ggx@gigix.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C80BD1297BA for <lisp@ietfa.amsl.com>; Tue,  4 Oct 2016 03:38:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level: 
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gigix-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C0REwFcmF5uu for <lisp@ietfa.amsl.com>; Tue,  4 Oct 2016 03:38:16 -0700 (PDT)
Received: from mail-wm0-x235.google.com (mail-wm0-x235.google.com [IPv6:2a00:1450:400c:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76FF51297B9 for <lisp@ietf.org>; Tue,  4 Oct 2016 03:38:15 -0700 (PDT)
Received: by mail-wm0-x235.google.com with SMTP id p138so203744970wmb.1 for <lisp@ietf.org>; Tue, 04 Oct 2016 03:38:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigix-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rROWW2TZTpJITraWDaKxTWbNb0mqU1i2BquJONLcvxQ=; b=H8GGxMnkim+c+Or9m4ZIau1m+d2x9tt5cgbphewOUpcaY/c5YlLLaNR28b6UGQ/9Un h1HZRR8Q6lPXIojWTFlqWEZj4dKsVI87PnRxyf8YqrG2BLPQpth+e6/3sKBD0lK4oALk lBPCgHBuEBzXFl81ITYGTVaPviwpOnJl4HwPFGEsuJjnesvWR2ZDQdoYowErFrbDL/A4 GDTWzRFoe/YnYeob+t7IwK/hpKBm8i0KeFULH28IU8qHeNJ5R5LjHKgj5ybRHX249N7A oAQlscn70DFFekxYhmILwxLvLhd2lJtD0okcInhN3louif9D38WedG/+FF2nC02BtUCy FBvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rROWW2TZTpJITraWDaKxTWbNb0mqU1i2BquJONLcvxQ=; b=f3BzLeiMgsbkRjwdT+FObHAZSNhaHm0rPvqPjbrPRo8/zZlNjIut/nSDch7pXrrTOF Ea0LA00KmHO7v5yMKxXfRDLxam6k07/o/3SthCO7C2UugUboTsqRuzwj6Qh6OORWELa6 Uv+hFQwX6lcW1Pohz29tVbCMYyJ0No/PQl/3DkHIjrfd+dYMVVTS2Py+pF3yH7am12CX d0im8jVYsC1fnbkKrbA+n3S7/LlEVREC4pzYYGhPB1sH6174EG2Z9cpAybnhbevMFFs6 iixZz2fHPT8hX7gN84AZrJflZdfLJuxTFjpqv1Dap8eU8dsTH/opUB38Nk6WYQPib6s1 Pr1A==
X-Gm-Message-State: AA6/9RnUr1BGEUkE+aFWcia35CHAXWnQPT2vLKegOOpkoTHH8J9WVZXmi0aOgIyn5vDrgg==
X-Received: by 10.28.19.194 with SMTP id 185mr13457374wmt.51.1475577493714; Tue, 04 Oct 2016 03:38:13 -0700 (PDT)
Received: from ?IPv6:2a01:e35:1381:3430:2436:6506:1640:9278? ([2a01:e35:1381:3430:2436:6506:1640:9278]) by smtp.gmail.com with ESMTPSA id a1sm2808756wju.41.2016.10.04.03.38.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 04 Oct 2016 03:38:12 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Luigi Iannone <ggx@gigix.net>
In-Reply-To: <B0B64BD8-4AAF-45B1-9A9D-0DAF2B4B6C22@gmail.com>
Date: Tue, 4 Oct 2016 12:38:11 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <B707CA32-60F0-4EA5-B063-FBC6D8D3A54E@gigix.net>
References: <d6a5u7il5vthm1s7l1td9bqx.1475526332736@email.android.com> <B0B64BD8-4AAF-45B1-9A9D-0DAF2B4B6C22@gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/33zc9q_5cc9FQ8cekXt32Lkmvx4>
Cc: "jmh.direct" <jmh.direct@joelhalpern.com>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2016 10:38:18 -0000

> On 3 Oct 2016, at 22:31, Dino Farinacci <farinacci@gmail.com> wrote:
>=20
>> DNS names on the wire are ascii.  So the primary use case is covered =
as is as far as I can tell.
>=20
> So we should be the same and put the restriction in the draft. Agree?

For clarification: The restriction would be that the document covers =
ascii-only encodings?

If yes, can you do the modifications before WG adoption call?

ciao

L.



>=20
> Dino
>=20
>>=20
>> Yours,
>> Joel
>>=20
>>=20
>>=20
>> Sent via the Samsung Galaxy S=C2=AE 6, an AT&T 4G LTE smartphone
>>=20
>> -------- Original message --------
>> From: Dino Farinacci <farinacci@gmail.com>
>> Date: 10/3/16 4:13 PM (GMT-05:00)
>> To: "Joel M. Halpern" <jmh@joelhalpern.com>
>> Cc: LISP mailing list list <lisp@ietf.org>
>> Subject: Re: [lisp] Fwd: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
>>=20
>>> Are we sure that all the use cases for this AFI fall into the ASCII =
character set.  DNS names clearly do meet that restriction.  But many =
other names do not.  And while people can and do define escapes, it =
produces complicated and messy situations.
>>=20
>> I would say so but maybe we should ask the group if there is a =
requirement for this feature to be in any non alphabetic languages.
>>=20
>>> I ask because as defined, even if we wanted to, this can not be used =
to carry UTF-8 to the fact that bytes of all 0 may occur in UTF-8.
>>=20
>> I am fine with documenting the restriction.
>>=20
>>> There are many good reasons to keep this simple scope.  If we want =
to keep that restrictions, it seems to me that the introduction should =
be clear about the scope.
>>=20
>> Let=E2=80=99s see if there is any input from the WG.=20
>>=20
>> So let me ask this question, can DNS names be transmitted in, say, a =
chinese character set?
>>=20
>> Dino
>>=20
>>>=20
>>> Yours,
>>> Joel M. Halpern
>>>=20
>>> On 10/3/16 12:28 PM, Dino Farinacci wrote:
>>>> Folks, I am going to update this draft so it doesn=E2=80=99t =
expire. At this time, I would like to request this a working group =
document. It is a very simple draft and would like to see if there are =
any comments and if we can start a last call on it. Chairs?
>>>>=20
>>>> Dino
>>>>=20
>>>>> Begin forwarded message:
>>>>>=20
>>>>> From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
>>>>> Subject: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
>>>>> Date: October 3, 2016 at 4:42:10 AM PDT
>>>>> To: <draft-farinacci-lisp-name-encoding@ietf.org>
>>>>> Resent-From: <alias-bounces@ietf.org>
>>>>> Resent-To: farinacci@gmail.com
>>>>>=20
>>>>> The following draft will expire soon:
>>>>>=20
>>>>> Name:     draft-farinacci-lisp-name-encoding
>>>>> Title:    LISP Distinguished Name Encoding
>>>>> State:    I-D Exists
>>>>> Expires:  2016-10-15 (in 1 week, 4 days)
>>>>>=20
>>>>=20
>>>> _______________________________________________
>>>> lisp mailing list
>>>> lisp@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/lisp
>>>>=20
>>=20
>=20
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp


From nobody Tue Oct  4 10:26:42 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 201461293E4; Tue,  4 Oct 2016 10:26:40 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147560200012.12899.15029267003252756117.idtracker@ietfa.amsl.com>
Date: Tue, 04 Oct 2016 10:26:40 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/Qt31vtFyc_Ozk6m50Q6gf3SiJjQ>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-lcaf-16.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2016 17:26:40 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Canonical Address Format (LCAF)
        Authors         : Dino Farinacci
                          Dave Meyer
                          Job Snijders
	Filename        : draft-ietf-lisp-lcaf-16.txt
	Pages           : 43
	Date            : 2016-10-04

Abstract:
   This draft defines a canonical address format encoding used in LISP
   control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-lcaf-16

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-lcaf-16


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Wed Oct  5 10:20:17 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26C6B120726 for <lisp@ietfa.amsl.com>; Wed,  5 Oct 2016 10:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Level: 
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HTML_ATTACH=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3p9BipbBRS9 for <lisp@ietfa.amsl.com>; Wed,  5 Oct 2016 10:20:13 -0700 (PDT)
Received: from mail-pf0-x231.google.com (mail-pf0-x231.google.com [IPv6:2607:f8b0:400e:c00::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E908E1204D9 for <lisp@ietf.org>; Wed,  5 Oct 2016 10:20:12 -0700 (PDT)
Received: by mail-pf0-x231.google.com with SMTP id 190so43965122pfv.0 for <lisp@ietf.org>; Wed, 05 Oct 2016 10:20:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc:message-id:references :to; bh=G2HavQD2ZolyXi6GTTDSzJU2yeNm2eRFFyiOcHnt2T4=; b=KF98spW3KS+/Sm+XMpdIGa5lDqgyvaMYpCMEpKjhM5OzvTWcY1ErVKyUlm+JGx/lRV Dv4N47Otopq32MMEsdmBgnQBqO6q+5JGisCFcIvJ6lqjtXWQ5y82e7OLFVI0a7jY3HZy B89qw7cAlRGbO10nE5YnCdtQqGU30tFuSFPdEwC+lK1QPg486P56U/U+DzQxBOa3WWAU fvYe8DmlfkIbexKhabJmy/r9+7zPHPqcKZmwKbEpYlbA6nO7FwG2PwdMSLDbAvwvv8kb hT8Isk8tOCcXsxAu008uqcwz2MeD3esFG0SJIH+aBeb6U5qtVrLW4szQi+gV7M6P59cU mihQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=G2HavQD2ZolyXi6GTTDSzJU2yeNm2eRFFyiOcHnt2T4=; b=jYZ7hZmnlJJdQcTne8EPkKP0Ugu/e3FoSmroZG/d2LXoLwtZTZ+G3gVGAiw/ZNlbnk qBg09ny2davYtu+wkcYZdiHS9SEpwNbgKLTPhtB3yEkAls0dArAS3pAlNiNBFIvfTd0f j++tP3X4JORA9ZfBFhlYYLc/GwioW9jNW19bo0LOPLoRI2fRfGH+losxjXa9yKSL8Q4g YXuvVXo1970i+4sNglDmRZTCLJWxYI7loazbUxG6yW8ws8euxKwDQhH6+O0RL0IWg5+o KnWVZ8bw45Q2PQWEyPzLf5Vww4Cqip7Sb2jTZzlnrsxo3Sm+Of2SClIHW2Eu0xUnihMI PtHQ==
X-Gm-Message-State: AA6/9RmkSPuZBqYbqvJMy6ijajh6VK5IzjIXEfCwr2uIJIcGKSMDeJY1mGeYOEomPx7/dw==
X-Received: by 10.98.16.193 with SMTP id 62mr8822651pfq.73.1475688012478; Wed, 05 Oct 2016 10:20:12 -0700 (PDT)
Received: from ?IPv6:2603:3024:151c:55f0:3dd4:35ac:900a:8e75? ([2603:3024:151c:55f0:3dd4:35ac:900a:8e75]) by smtp.gmail.com with ESMTPSA id i4sm15716526pav.27.2016.10.05.10.20.11 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 05 Oct 2016 10:20:12 -0700 (PDT)
Content-Type: multipart/mixed; boundary="Apple-Mail=_EBA4A04C-B4E1-4975-A0C4-7AA7639685E3"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <B707CA32-60F0-4EA5-B063-FBC6D8D3A54E@gigix.net>
Date: Wed, 5 Oct 2016 10:20:11 -0700
Message-Id: <D861E292-9EEB-4099-8EF8-0A64A11AD1A6@gmail.com>
References: <d6a5u7il5vthm1s7l1td9bqx.1475526332736@email.android.com> <B0B64BD8-4AAF-45B1-9A9D-0DAF2B4B6C22@gmail.com> <B707CA32-60F0-4EA5-B063-FBC6D8D3A54E@gigix.net>
To: Luigi Iannone <ggx@gigix.net>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/KCnaDwE3bhYDfAN-Su6vn3Zl0Tw>
Cc: "jmh.direct" <jmh.direct@joelhalpern.com>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Expiration impending: <draft-farinacci-lisp-name-encoding-00.txt>
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Oct 2016 17:20:16 -0000

--Apple-Mail=_EBA4A04C-B4E1-4975-A0C4-7AA7639685E3
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii


>> On 3 Oct 2016, at 22:31, Dino Farinacci <farinacci@gmail.com> wrote:
>>=20
>>> DNS names on the wire are ascii.  So the primary use case is covered =
as is as far as I can tell.
>>=20
>> So we should be the same and put the restriction in the draft. Agree?
>=20
> For clarification: The restriction would be that the document covers =
ascii-only encodings?

Right.

> If yes, can you do the modifications before WG adoption call?

Submitting a new draft now. See diff file attached. Please ack.

Dino


--Apple-Mail=_EBA4A04C-B4E1-4975-A0C4-7AA7639685E3
Content-Disposition: attachment;
	filename=rfcdiff.html
Content-Type: text/html;
	name="rfcdiff.html"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" =
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=3D(0030)https://tools.ietf.org/rfcdiff -->
<html xmlns=3D"http://www.w3.org/1999/xhtml"><head><meta =
http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8">=20
  =20
  <meta http-equiv=3D"Content-Style-Type" content=3D"text/css">=20
  <title>Diff: draft-farinacci-lisp-name-encoding-01.txt - =
draft-farinacci-lisp-name-encoding-02.txt</title>=20
  <style type=3D"text/css">=20
    body    { margin: 0.4ex; margin-right: auto; }=20
    tr      { }=20
    td      { white-space: pre; font-family: monospace; vertical-align: =
top; font-size: 0.86em;}=20
    th      { font-size: 0.86em; }=20
    .small  { font-size: 0.6em; font-style: italic; font-family: =
Verdana, Helvetica, sans-serif; }=20
    .left   { background-color: #EEE; }=20
    .right  { background-color: #FFF; }=20
    .diff   { background-color: #CCF; }=20
    .lblock { background-color: #BFB; }=20
    .rblock { background-color: #FF8; }=20
    .insert { background-color: #8FF; }=20
    .delete { background-color: #ACF; }=20
    .void   { background-color: #FFB; }=20
    .cont   { background-color: #EEE; }=20
    .linebr { background-color: #AAA; }=20
    .lineno { color: red; background-color: #FFF; font-size: 0.7em; =
text-align: right; padding: 0 2px; }=20
    .elipsis{ background-color: #AAA; }=20
    .left .cont { background-color: #DDD; }=20
    .right .cont { background-color: #EEE; }=20
    .lblock .cont { background-color: #9D9; }=20
    .rblock .cont { background-color: #DD6; }=20
    .insert .cont { background-color: #0DD; }=20
    .delete .cont { background-color: #8AD; }=20
    .stats, .stats td, .stats th { background-color: #EEE; padding: 2px =
0; }=20
    span.hide { display: none; color: #aaa;}    a:hover span { display: =
inline; }    tr.change { background-color: gray; }=20
    tr.change a { text-decoration: none; color: black }=20
  </style>=20
     <script>
var chunk_index =3D 0;
var old_chunk =3D null;

function format_chunk(index) {
    var prefix =3D "diff";
    var str =3D index.toString();
    for (x=3D0; x<(4-str.length); ++x) {
        prefix+=3D'0';
    }
    return prefix + str;
}

function find_chunk(n){
    return document.querySelector('tr[id$=3D"' + n + '"]');
}

function change_chunk(offset) {
    var index =3D chunk_index + offset;
    var new_str;
    var new_chunk;

    new_str =3D format_chunk(index);
    new_chunk =3D find_chunk(new_str);
    if (!new_chunk) {
        return;
    }
    if (old_chunk) {
        old_chunk.style.outline =3D "";
    }
    old_chunk =3D new_chunk;
    old_chunk.style.outline =3D "1px solid red";
    window.location.hash =3D "#" + new_str;
    window.scrollBy(0,-100);
    chunk_index =3D index;
}

document.onkeydown =3D function(e) {
    switch (e.keyCode) {
    case 78:
        change_chunk(1);
        break;
    case 80:
        change_chunk(-1);
        break;
    }
};
   </script>=20
</head>=20
<body>=20
  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0">=20
  <tbody><tr id=3D"part-1" bgcolor=3D"orange"><th></th><th><a =
href=3D"https://tools.ietf.org/rfcdiff?url2=3Ddraft-farinacci-lisp-name-en=
coding-01.txt" style=3D"color:#008; =
text-decoration:none;">&lt;</a>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-farinacci-lisp-name-encoding-01.=
txt" =
style=3D"color:#008">draft-farinacci-lisp-name-encoding-01.txt</a>&nbsp;</=
th><th> </th><th>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-farinacci-lisp-name-encoding-02.=
txt" =
style=3D"color:#008">draft-farinacci-lisp-name-encoding-02.txt</a>&nbsp;<a=
 =
href=3D"https://tools.ietf.org/rfcdiff?url1=3Ddraft-farinacci-lisp-name-en=
coding-02.txt" style=3D"color:#008; =
text-decoration:none;">&gt;</a></th><th></th></tr>=20
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Network Working =
Group                                       D. Farinacci</td><td> =
</td><td class=3D"right">Network Working Group                           =
            D. Farinacci</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Internet-Draft    =
                                           lispers.net</td><td> </td><td =
class=3D"right">Internet-Draft                                           =
    lispers.net</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0001"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">Intended =
status: Experimental                            October <span =
class=3D"delete">3,</span> 2016</td><td> </td><td =
class=3D"rblock">Intended status: Experimental                           =
 October <span class=3D"insert">5,</span> 2016</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">Expires: April =
<span class=3D"delete">6,</span> 2017</td><td> </td><td =
class=3D"rblock">Expires: April <span class=3D"insert">8,</span> =
2017</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
  LISP Distinguished Name Encoding</td><td> </td><td class=3D"right">    =
                LISP Distinguished Name Encoding</td><td =
class=3D"lineno"></td></tr>
      <tr id=3D"diff0002"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
 draft-farinacci-lisp-name-encoding-0<span =
class=3D"delete">1</span></td><td> </td><td class=3D"rblock">            =
     draft-farinacci-lisp-name-encoding-0<span =
class=3D"insert">2</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Abstract</td><td> =
</td><td class=3D"right">Abstract</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This draft =
defines how to use the AFI=3D17 Distinguished Names in LISP.</td><td> =
</td><td class=3D"right">   This draft defines how to use the AFI=3D17 =
Distinguished Names in LISP.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Status of This =
Memo</td><td> </td><td class=3D"right">Status of This Memo</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This =
Internet-Draft is submitted in full conformance with the</td><td> =
</td><td class=3D"right">   This Internet-Draft is submitted in full =
conformance with the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   provisions of =
BCP 78 and BCP 79.</td><td> </td><td class=3D"right">   provisions of =
BCP 78 and BCP 79.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are working documents of the Internet =
Engineering</td><td> </td><td class=3D"right">   Internet-Drafts are =
working documents of the Internet Engineering</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Task Force =
(IETF).  Note that other groups may also distribute</td><td> </td><td =
class=3D"right">   Task Force (IETF).  Note that other groups may also =
distribute</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   working =
documents as Internet-Drafts.  The list of current Internet-</td><td> =
</td><td class=3D"right">   working documents as Internet-Drafts.  The =
list of current Internet-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td> </td><td =
class=3D"right">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are draft documents valid for a maximum of six =
months</td><td> </td><td class=3D"right">   Internet-Drafts are draft =
documents valid for a maximum of six months</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   and may be =
updated, replaced, or obsoleted by other documents at any</td><td> =
</td><td class=3D"right">   and may be updated, replaced, or obsoleted =
by other documents at any</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   time.  It is =
inappropriate to use Internet-Drafts as reference</td><td> </td><td =
class=3D"right">   time.  It is inappropriate to use Internet-Drafts as =
reference</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   material or to =
cite them other than as "work in progress."</td><td> </td><td =
class=3D"right">   material or to cite them other than as "work in =
progress."</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0003"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   This =
Internet-Draft will expire on April <span class=3D"delete">6</span>, =
2017.</td><td> </td><td class=3D"rblock">   This Internet-Draft will =
expire on April <span class=3D"insert">8</span>, 2017.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Copyright =
Notice</td><td> </td><td class=3D"right">Copyright Notice</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Copyright (c) =
2016 IETF Trust and the persons identified as the</td><td> </td><td =
class=3D"right">   Copyright (c) 2016 IETF Trust and the persons =
identified as the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   document =
authors.  All rights reserved.</td><td> </td><td class=3D"right">   =
document authors.  All rights reserved.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td =
class=3D"right">   This document is subject to BCP 78 and the IETF =
Trust's Legal</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Provisions =
Relating to IETF Documents</td><td> </td><td class=3D"right">   =
Provisions Relating to IETF Documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
(http://trustee.ietf.org/license-info) in effect on the date of</td><td> =
</td><td class=3D"right">   (http://trustee.ietf.org/license-info) in =
effect on the date of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   publication of =
this document.  Please review these documents</td><td> </td><td =
class=3D"right">   publication of this document.  Please review these =
documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-2" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> =
page 2, line 15<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> page 2, line 15<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Table of =
Contents</td><td> </td><td class=3D"right">Table of Contents</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   1.  =
Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   =
2</td><td> </td><td class=3D"right">   1.  Introduction  . . . . . . . . =
. . . . . . . . . . . . . . . .   2</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   2.  Definition =
of Terms . . . . . . . . . . . . . . . . . . . . .   3</td><td> </td><td =
class=3D"right">   2.  Definition of Terms . . . . . . . . . . . . . . . =
. . . . . .   3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   3.  =
Distinguished Name Format . . . . . . . . . . . . . . . . . .   =
3</td><td> </td><td class=3D"right">   3.  Distinguished Name Format . . =
. . . . . . . . . . . . . . . .   3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   4.  Security =
Considerations . . . . . . . . . . . . . . . . . . .   4</td><td> =
</td><td class=3D"right">   4.  Security Considerations . . . . . . . . =
. . . . . . . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   5.  IANA =
Considerations . . . . . . . . . . . . . . . . . . . . .   4</td><td> =
</td><td class=3D"right">   5.  IANA Considerations . . . . . . . . . . =
. . . . . . . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   6.  Normative =
References  . . . . . . . . . . . . . . . . . . . .   4</td><td> =
</td><td class=3D"right">   6.  Normative References  . . . . . . . . . =
. . . . . . . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix A.  =
Acknowledgments  . . . . . . . . . . . . . . . . . .   4</td><td> =
</td><td class=3D"right">   Appendix A.  Acknowledgments  . . . . . . . =
. . . . . . . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix B.  =
Document Change Log  . . . . . . . . . . . . . . . .   4</td><td> =
</td><td class=3D"right">   Appendix B.  Document Change Log  . . . . . =
. . . . . . . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0004"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.1.  =
Changes to <span =
class=3D"delete">draft-farinacci-lisp-name-encoding-01.txt</span>  . .   =
4</td><td> </td><td class=3D"rblock">     B.1.  Changes to <span =
class=3D"insert">draft-farinacci-lisp-name-encoding-02.txt</span>  . .   =
4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.2.  =
Changes to <span =
class=3D"delete">draft-farinacci-lisp-name-encoding-00.txt</span>  . .   =
4</td><td> </td><td class=3D"rblock">     B.2.  Changes to <span =
class=3D"insert">draft-farinacci-lisp-name-encoding-01.txt</span>  . .   =
4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Author's =
Address  . . . . . . . . . . . . . . . . . . . . . . . .   <span =
class=3D"delete">4</span></td><td> </td><td class=3D"rblock">     <span =
class=3D"insert">B.3.  Changes to =
draft-farinacci-lisp-name-encoding-00.txt  . .   5</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   Author's Address  . . . . . . . . . . . . . =
. . . . . . . . . . .   <span class=3D"insert">5</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">1.  =
Introduction</td><td> </td><td class=3D"right">1.  Introduction</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The LISP =
architecture and protocols [RFC6830] introduces two new</td><td> =
</td><td class=3D"right">   The LISP architecture and protocols =
[RFC6830] introduces two new</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   numbering =
spaces, Endpoint Identifiers (EIDs) and Routing Locators</td><td> =
</td><td class=3D"right">   numbering spaces, Endpoint Identifiers =
(EIDs) and Routing Locators</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   (RLOCs) which =
are intended to replace most use of IP addresses on the</td><td> =
</td><td class=3D"right">   (RLOCs) which are intended to replace most =
use of IP addresses on the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Internet.  To =
provide flexibility for current and future</td><td> </td><td =
class=3D"right">   Internet.  To provide flexibility for current and =
future</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   applications, =
these values can be encoded in LISP control messages</td><td> </td><td =
class=3D"right">   applications, these values can be encoded in LISP =
control messages</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   using a =
general syntax that includes Address Family Identifier (AFI)</td><td> =
</td><td class=3D"right">   using a general syntax that includes Address =
Family Identifier (AFI)</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[RFC1700].</td><td> </td><td class=3D"right">   [RFC1700].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-3" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> =
page 4, line 5<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> page 3, line 24<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   An AFI=3D17 =
Distinguished Name is encoded as:</td><td> </td><td class=3D"right">   =
An AFI=3D17 Distinguished Name is encoded as:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     0            =
       1                   2                   3</td><td> </td><td =
class=3D"right">     0                   1                   2           =
        3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     0 1 2 3 4 5 =
6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">    =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    |            =
AFI =3D 17           |       ASCII String ...        |</td><td> </td><td =
class=3D"right">    |            AFI =3D 17           |       ASCII =
String ...        |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">    =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    |             =
  ...  ASCII String             |       0         |</td><td> </td><td =
class=3D"right">    |               ...  ASCII String             |      =
 0         |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">    =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0005"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">The string of =
characters are encoded in the ASCII character-set</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   definition =
[RFC0020].</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.  Security =
Considerations</td><td> </td><td class=3D"right">4.  Security =
Considerations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   There are no =
security considerations.</td><td> </td><td class=3D"right">   There are =
no security considerations.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">5.  IANA =
Considerations</td><td> </td><td class=3D"right">5.  IANA =
Considerations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The code-point =
values in this specification are already allocated in</td><td> </td><td =
class=3D"right">   The code-point values in this specification are =
already allocated in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[AFI].</td><td> </td><td class=3D"right">   [AFI].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">6.  Normative =
References</td><td> </td><td class=3D"right">6.  Normative =
References</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [AFI]      =
IANA, , "Address Family Identifier (AFIs)", ADDRESS FAMILY</td><td> =
</td><td class=3D"right">   [AFI]      IANA, , "Address Family =
Identifier (AFIs)", ADDRESS FAMILY</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
NUMBERS http://www.iana.org/numbers.html, Febuary 2007.</td><td> =
</td><td class=3D"right">              NUMBERS =
http://www.iana.org/numbers.html, Febuary 2007.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0006"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">[RFC0020]  Cerf, V., =
"ASCII format for network interchange", STD 80,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              RFC 20, =
DOI 10.17487/RFC0020, October 1969,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
&lt;http://www.rfc-editor.org/info/rfc20&gt;.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC1700]  =
Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700,</td><td> =
</td><td class=3D"right">   [RFC1700]  Reynolds, J. and J. Postel, =
"Assigned Numbers", RFC 1700,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC1700, October 1994,</td><td> </td><td class=3D"right">       =
       DOI 10.17487/RFC1700, October 1994,</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc1700&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc1700&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC6830]  =
Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The</td><td> =
</td><td class=3D"right">   [RFC6830]  Farinacci, D., Fuller, V., Meyer, =
D., and D. Lewis, "The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Locator/ID Separation Protocol (LISP)", RFC 6830,</td><td> </td><td =
class=3D"right">              Locator/ID Separation Protocol (LISP)", =
RFC 6830,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC6830, January 2013,</td><td> </td><td class=3D"right">       =
       DOI 10.17487/RFC6830, January 2013,</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc6830&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc6830&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Appendix A.  =
Acknowledgments</td><td> </td><td class=3D"right">Appendix A.  =
Acknowledgments</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The author =
would like to thank the LISP WG for their review and</td><td> </td><td =
class=3D"right">   The author would like to thank the LISP WG for their =
review and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   acceptance of =
this draft.</td><td> </td><td class=3D"right">   acceptance of this =
draft.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Appendix B.  =
Document Change Log</td><td> </td><td class=3D"right">Appendix B.  =
Document Change Log</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0007"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1.  Changes =
to draft-farinacci-lisp-name-encoding-0<span =
class=3D"delete">1</span>.txt</td><td> </td><td class=3D"rblock">B.1.  =
Changes to draft-farinacci-lisp-name-encoding-0<span =
class=3D"insert">2</span>.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
October 2016.</td><td> </td><td class=3D"right">   o  Submitted October =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0008"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   o  <span =
class=3D"delete">Updated docuemnt timer.</span></td><td> </td><td =
class=3D"rblock">   o  <span class=3D"insert">Add a comment that the =
distinguished-name encoding is restricted</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      to ASCII =
character encodings only.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0009"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.2.  Changes =
to draft-farinacci-lisp-name-encoding-00.txt</td><td> </td><td =
class=3D"rblock">B.2.  Changes to <span =
class=3D"insert">draft-farinacci-lisp-name-encoding-01.txt</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Submitted October =
2016.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Update document =
timer.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">B.3.  Changes to</span> =
draft-farinacci-lisp-name-encoding-00.txt</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Initial =
draft submitted April 2016.</td><td> </td><td class=3D"right">   o  =
Initial draft submitted April 2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Author's =
Address</td><td> </td><td class=3D"right">Author's Address</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Dino =
Farinacci</td><td> </td><td class=3D"right">   Dino Farinacci</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
lispers.net</td><td> </td><td class=3D"right">   lispers.net</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   San Jose, =
CA</td><td> </td><td class=3D"right">   San Jose, CA</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   USA</td><td> =
</td><td class=3D"right">   USA</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>

     <tr><td></td><td class=3D"left"></td><td> </td><td =
class=3D"right"></td><td></td></tr>
     <tr id=3D"end" bgcolor=3D"gray"><th colspan=3D"5" =
align=3D"center">&nbsp;End of changes. 9 change blocks.&nbsp;</th></tr>
     <tr class=3D"stats"><td></td><th><i>10 lines changed or =
deleted</i></th><th><i> </i></th><th><i>25 lines changed or =
added</i></th><td></td></tr>
     <tr><td colspan=3D"5" align=3D"center" class=3D"small"><br>This =
html diff was produced by rfcdiff 1.45. The latest version is available =
from <a =
href=3D"http://www.tools.ietf.org/tools/rfcdiff/">http://tools.ietf.org/to=
ols/rfcdiff/</a> </td></tr>
   </tbody></table>
  =20
  =20
</body></html>=

--Apple-Mail=_EBA4A04C-B4E1-4975-A0C4-7AA7639685E3
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8



>=20
> ciao
>=20
> L.
>=20
>=20
>=20
>>=20
>> Dino
>>=20
>>>=20
>>> Yours,
>>> Joel
>>>=20
>>>=20
>>>=20
>>> Sent via the Samsung Galaxy S=C2=AE 6, an AT&T 4G LTE smartphone
>>>=20
>>> -------- Original message --------
>>> From: Dino Farinacci <farinacci@gmail.com>
>>> Date: 10/3/16 4:13 PM (GMT-05:00)
>>> To: "Joel M. Halpern" <jmh@joelhalpern.com>
>>> Cc: LISP mailing list list <lisp@ietf.org>
>>> Subject: Re: [lisp] Fwd: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
>>>=20
>>>> Are we sure that all the use cases for this AFI fall into the ASCII =
character set.  DNS names clearly do meet that restriction.  But many =
other names do not.  And while people can and do define escapes, it =
produces complicated and messy situations.
>>>=20
>>> I would say so but maybe we should ask the group if there is a =
requirement for this feature to be in any non alphabetic languages.
>>>=20
>>>> I ask because as defined, even if we wanted to, this can not be =
used to carry UTF-8 to the fact that bytes of all 0 may occur in UTF-8.
>>>=20
>>> I am fine with documenting the restriction.
>>>=20
>>>> There are many good reasons to keep this simple scope.  If we want =
to keep that restrictions, it seems to me that the introduction should =
be clear about the scope.
>>>=20
>>> Let=E2=80=99s see if there is any input from the WG.=20
>>>=20
>>> So let me ask this question, can DNS names be transmitted in, say, a =
chinese character set?
>>>=20
>>> Dino
>>>=20
>>>>=20
>>>> Yours,
>>>> Joel M. Halpern
>>>>=20
>>>> On 10/3/16 12:28 PM, Dino Farinacci wrote:
>>>>> Folks, I am going to update this draft so it doesn=E2=80=99t =
expire. At this time, I would like to request this a working group =
document. It is a very simple draft and would like to see if there are =
any comments and if we can start a last call on it. Chairs?
>>>>>=20
>>>>> Dino
>>>>>=20
>>>>>> Begin forwarded message:
>>>>>>=20
>>>>>> From: IETF Secretariat <ietf-secretariat-reply@ietf.org>
>>>>>> Subject: Expiration impending: =
<draft-farinacci-lisp-name-encoding-00.txt>
>>>>>> Date: October 3, 2016 at 4:42:10 AM PDT
>>>>>> To: <draft-farinacci-lisp-name-encoding@ietf.org>
>>>>>> Resent-From: <alias-bounces@ietf.org>
>>>>>> Resent-To: farinacci@gmail.com
>>>>>>=20
>>>>>> The following draft will expire soon:
>>>>>>=20
>>>>>> Name:     draft-farinacci-lisp-name-encoding
>>>>>> Title:    LISP Distinguished Name Encoding
>>>>>> State:    I-D Exists
>>>>>> Expires:  2016-10-15 (in 1 week, 4 days)
>>>>>>=20
>>>>>=20
>>>>> _______________________________________________
>>>>> lisp mailing list
>>>>> lisp@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/lisp
>>>>>=20
>>>=20
>>=20
>> _______________________________________________
>> lisp mailing list
>> lisp@ietf.org
>> https://www.ietf.org/mailman/listinfo/lisp
>=20


--Apple-Mail=_EBA4A04C-B4E1-4975-A0C4-7AA7639685E3--


From nobody Tue Oct 11 18:19:26 2016
Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 020D51296B0; Tue, 11 Oct 2016 18:19:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Suresh Krishnan" <suresh.krishnan@ericsson.com>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147623516500.32062.14329856304069383522.idtracker@ietfa.amsl.com>
Date: Tue, 11 Oct 2016 18:19:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/2Yl9MAmHNVLohepmsgWULMN5vO0>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, lisp@ietf.org
Subject: [lisp] Suresh Krishnan's Discuss on draft-ietf-lisp-lcaf-16: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 01:19:25 -0000

Suresh Krishnan has entered the following ballot position for
draft-ietf-lisp-lcaf-16: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

The way that the length field is specified in this document is
inconsistent, extremely confusing and sometimes wrong. 

e.g. In Section ASCII Names in the Mapping Database 

Length value n:  length in bytes AFI=17 field and the null-terminated
ASCII string (the last byte of 0 is included).

but the field mentions 2+n. Only one of these can be correct

Similarly in Section 4.9.  Replication List Entries for Multicast
Forwarding

   Length value n:  length in bytes of fields that follow.

but the field mentions 4+n. Again one of these can be correct.

Similar error in Section 5.2 (Generic Database Mapping Lookups)

* Section 4.10.4.  Using Recursive LISP Canonical Address Encodings

The "IP TOS, IPv6 QQS or Flow Label" field is underspecified and cannot
be implemented in an interoperable manner. There are multiple ways to
encode the 8 bit values (the IP TOS and the IPv6 Traffic Class) into the
24 bit field. Similarly, there are at least two obvious ways to encode
the 20 bit flow label into this field.

Also the "IPv6 QoS" needs to be renamed to "IPv6 Traffic Class"


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

* Can you please clarify why Rsvd2 is reserved for future use but this
document already ends up specifying it under "Segmentation"

* I think the reference for AFI is not correct. Shouldn't it be
http://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml?
The current reference leads to a generic IANA page.

* Section 4.8:

Is the explanation for the AFI correct? The source dest lookups don't
seem to be multicast addresses.

"When a specific AFI has its own encoding of a multicast address, this
field must be either
      a group address or a broadcast address."



From nobody Wed Oct 12 12:28:03 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E2C2C129539; Wed, 12 Oct 2016 12:27:59 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147630047992.6385.12418417730880086389.idtracker@ietfa.amsl.com>
Date: Wed, 12 Oct 2016 12:27:59 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/zR1wx9t9OUelI9kDXYZx040i4A8>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-lcaf-17.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 19:28:00 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Canonical Address Format (LCAF)
        Authors         : Dino Farinacci
                          Dave Meyer
                          Job Snijders
	Filename        : draft-ietf-lisp-lcaf-17.txt
	Pages           : 43
	Date            : 2016-10-12

Abstract:
   This draft defines a canonical address format encoding used in LISP
   control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-lcaf-17

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-lcaf-17


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Wed Oct 12 12:30:31 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 71E12129569; Wed, 12 Oct 2016 12:30:27 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147630062745.6341.6813463277433079230.idtracker@ietfa.amsl.com>
Date: Wed, 12 Oct 2016 12:30:27 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/UYEB5yx5p49CWjvrJ02CmnDB34g>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-crypto-09.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 19:30:27 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Data-Plane Confidentiality
        Authors         : Dino Farinacci
                          Brian Weis
	Filename        : draft-ietf-lisp-crypto-09.txt
	Pages           : 21
	Date            : 2016-10-12

Abstract:
   This document describes a mechanism for encrypting LISP encapsulated
   traffic.  The design describes how key exchange is achieved using
   existing LISP control-plane mechanisms as well as how to secure the
   LISP data-plane from third-party surveillance attacks.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-crypto-09

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-crypto-09


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Wed Oct 12 13:41:43 2016
Return-Path: <Kathleen.Moriarty.ietf@gmail.com>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A62C129400; Wed, 12 Oct 2016 13:41:38 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Kathleen Moriarty" <Kathleen.Moriarty.ietf@gmail.com>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147630489842.6289.6818242861462956200.idtracker@ietfa.amsl.com>
Date: Wed, 12 Oct 2016 13:41:38 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/_kj28PjX344FXO6RAA2P3cqY1sU>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, draft-ietf-lisp-crypto@ietf.org
Subject: [lisp] Kathleen Moriarty's No Objection on draft-ietf-lisp-crypto-09: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Oct 2016 20:41:38 -0000

Kathleen Moriarty has entered the following ballot position for
draft-ietf-lisp-crypto-09: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for your work on this draft.  I think the draft would read better
if the content of the Abstract is repeated in the introduction.  If you
read just the introduction, it is not clear what this draft is about, the
abstract text is needed to have an understanding.

In the introduction, I'm not sure what this means:
   Packets that arrive at
   the ITR or PITR are typically not modified, which means no protection
   or privacy of the data is added.

Do you mean modified as in 'not encrypted' or something else?  It would
be easier to read if what you meant was clearly stated.

It's followed by this sentence:
   If the source host encrypts the
   data stream then the encapsulated packets can be encrypted but would
   be redundant.

But the introduction doesn't clearly say what this would be redundant to.
 Can you clarify this text too?

Thanks for addressing the SecDir review.
https://www.ietf.org/mail-archive/web/secdir/current/msg06835.html



From nobody Wed Oct 12 17:07:08 2016
Return-Path: <ben@nostrum.com>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D4B8129438; Wed, 12 Oct 2016 17:07:03 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Ben Campbell" <ben@nostrum.com>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com>
Date: Wed, 12 Oct 2016 17:07:03 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/gaVWO6pXJZvzCbOMV3jZUz9OVqc>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, lisp@ietf.org
Subject: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 00:07:03 -0000

Ben Campbell has entered the following ballot position for
draft-ietf-lisp-lcaf-17: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Section 4.3 talks about geo coordinates. I think I understand that these
coordinates may give the location of a device. Is there any expectation
that said device can be associated with a person? The security
considerations mention this briefly. Have the working group considered
whether the guidance in RFC 6280/BCP 160 is applicable here?



From nobody Wed Oct 12 18:57:39 2016
Return-Path: <presnick@qti.qualcomm.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47287129405; Wed, 12 Oct 2016 18:57:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.016
X-Spam-Level: 
X-Spam-Status: No, score=-10.016 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=qti.qualcomm.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IXgzzaQ8uGhr; Wed, 12 Oct 2016 18:57:35 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) (using TLSv1.2 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7966C1295C4; Wed, 12 Oct 2016 18:57:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qti.qualcomm.com; i=@qti.qualcomm.com; q=dns/txt; s=qcdkim; t=1476323855; x=1507859855; h=from:to:subject:date:message-id:mime-version; bh=1sgHNyDk9KMvQ/eENi5zQlyvr14bEmJfDMpqDdGEGL4=; b=NeYFFKy2Bqm8dYvQoGHzjoZUZOc0gcfR5C8LuoCU84nl49KF3ojpXtno gXlEQPq9oNaVEKWrIdd3J68BsJU+Bk1utcoU/kiD/VcmTM9dZ/pscrHh6 X8RP1oBgWzUrCRN6HVKT4w4Wvp9pxuVvBxMkO2vwhoyCLYDINzAUuR0zs 4=;
X-IronPort-AV: E=Sophos;i="5.31,338,1473145200";  d="scan'208,217";a="326513763"
Received: from unknown (HELO Ironmsg03-L.qualcomm.com) ([10.53.140.110]) by wolverine02.qualcomm.com with ESMTP; 12 Oct 2016 18:57:33 -0700
X-IronPort-AV: E=McAfee;i="5700,7163,8316"; a="1241252520"
Received: from nasanexm01f.na.qualcomm.com ([10.85.0.32]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 12 Oct 2016 18:57:33 -0700
Received: from [10.64.166.72] (10.80.80.8) by NASANEXM01F.na.qualcomm.com (10.85.0.32) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Wed, 12 Oct 2016 18:57:32 -0700
From: Pete Resnick <presnick@qti.qualcomm.com>
To: General Area Review Team <gen-art@ietf.org>, IETF discussion list <ietf@ietf.org>, <draft-ietf-lisp-crypto.all@ietf.org>, <lisp@ietf.org>
Date: Wed, 12 Oct 2016 18:57:32 -0700
Message-ID: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_6063941C-5AC7-46A0-922E-7B0DBCEC8ECA_="
X-Mailer: MailMate (1.9.5r5263)
X-Originating-IP: [10.80.80.8]
X-ClientProxiedBy: NASANEXM01E.na.qualcomm.com (10.85.0.31) To NASANEXM01F.na.qualcomm.com (10.85.0.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/MuB29nJlPkfmsjAdH3oWAO767qc>
Subject: [lisp] Gen-ART Review for draft-ietf-lisp-crypto-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 01:57:37 -0000

--=_MailMate_6063941C-5AC7-46A0-922E-7B0DBCEC8ECA_=
Content-Type: text/plain; format=flowed; markup=markdown

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair. Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq.

Document: draft-ietf-lisp-crypto-09
Reviewer: Pete Resnick
Review Date: 2016-10-12
IETF LC End Date: 2016-10-04
IESG Telechat date: 2016-10-13

Summary: This draft is ready for publication as an Experimental RFC

Though this is not an area of expertise for me, the document is clearly 
written, I reviewed the data structures and they appear correct, and the 
document seems ready to go forward. (I do find it dicey that this is an 
Experimental document. I understand there is history here, but this is a 
full-fledged protocol document and the fact that it is only required to 
be subjected to a cursory review for Experimental status and can pass 
IESG review with one "YES" and everyone else "ABSTAIN"ing seems kinda 
ridiculous. But that's not a reason to stop this document.)

Major issues:

None

Minor issues:

None

Nits/editorial comments:

Section 9, second to last paragraph: "Otherwise, the packet has been 
tampered with and is discarded." The "tampered with" is probably 
overstating the case. I would simply say "invalid".

-- 
Pete Resnick <http://www.qualcomm.com/~presnick/>
Qualcomm Technologies, Inc. - +1 (858)651-4478
--=_MailMate_6063941C-5AC7-46A0-922E-7B0DBCEC8ECA_=
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"=
>
</head>
<body>
<div style=3D"font-family:sans-serif"><div style=3D"white-space:normal">
<p dir=3D"auto">I am the assigned Gen-ART reviewer for this draft. The Ge=
neral Area<br>
Review Team (Gen-ART) reviews all IETF documents being processed<br>
by the IESG for the IETF Chair. Please treat these comments just<br>
like any other last call comments.</p>

<p dir=3D"auto">For more information, please see the FAQ at</p>

<p dir=3D"auto"><a href=3D"http://wiki.tools.ietf.org/area/gen/trac/wiki/=
GenArtfaq" style=3D"color:#3983C4">http://wiki.tools.ietf.org/area/gen/tr=
ac/wiki/GenArtfaq</a>.</p>

<p dir=3D"auto">Document: draft-ietf-lisp-crypto-09<br>
Reviewer: Pete Resnick<br>
Review Date: 2016-10-12<br>
IETF LC End Date: 2016-10-04<br>
IESG Telechat date: 2016-10-13</p>

<p dir=3D"auto">Summary: This draft is ready for publication as an Experi=
mental RFC</p>

<p dir=3D"auto">Though this is not an area of expertise for me, the docum=
ent is clearly written, I reviewed the data structures and they appear co=
rrect, and the document seems ready to go forward. (I do find it dicey th=
at this is an Experimental document. I understand there is history here, =
but this is a full-fledged protocol document and the fact that it is only=
 required to be subjected to a cursory review for Experimental status and=
 can pass IESG review with one "YES" and everyone else "ABSTAIN"ing seems=
 kinda ridiculous. But that's not a reason to stop this document.)</p>

<p dir=3D"auto">Major issues:</p>

<p dir=3D"auto">None</p>

<p dir=3D"auto">Minor issues:</p>

<p dir=3D"auto">None</p>

<p dir=3D"auto">Nits/editorial comments:</p>

<p dir=3D"auto">Section 9, second to last paragraph: "Otherwise, the pack=
et has been tampered with and is discarded." The "tampered with" is proba=
bly overstating the case. I would simply say "invalid".</p>

<p dir=3D"auto">-- <br>
Pete Resnick <a href=3D"http://www.qualcomm.com/%7Epresnick/" style=3D"co=
lor:#3983C4">http://www.qualcomm.com/~presnick/</a><br>
Qualcomm Technologies, Inc. - +1 (858)651-4478</p>
</div>
</div>
</body>
</html>

--=_MailMate_6063941C-5AC7-46A0-922E-7B0DBCEC8ECA_=--


From nobody Thu Oct 13 00:30:41 2016
Return-Path: <jari.arkko@piuha.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8A012963D; Thu, 13 Oct 2016 00:30:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.896
X-Spam-Level: 
X-Spam-Status: No, score=-4.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7xESEgsDp0tM; Thu, 13 Oct 2016 00:30:34 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [193.234.218.130]) by ietfa.amsl.com (Postfix) with ESMTP id 9D45F128DF6; Thu, 13 Oct 2016 00:30:33 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 657052CCAE; Thu, 13 Oct 2016 10:30:31 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w1WzAJEd1WwL; Thu, 13 Oct 2016 10:30:30 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id DE8732CC40; Thu, 13 Oct 2016 10:30:29 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_592F2599-8811-42F2-862D-A5620209009B"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com>
Date: Thu, 13 Oct 2016 10:30:29 +0300
Message-Id: <B4E99B52-FDBF-4450-8012-73D2454540C0@piuha.net>
References: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/bRrnFJMFpnPeg4YNI-MtsUBy0yA>
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-lisp-crypto.all@ietf.org, lisp@ietf.org
Subject: Re: [lisp] [Gen-art] Gen-ART Review for draft-ietf-lisp-crypto-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 07:30:36 -0000

--Apple-Mail=_592F2599-8811-42F2-862D-A5620209009B
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=windows-1252

Many thanks for your review, Pete.

I have balloted no-objection for this document in today=92s IESG =
telechat.

Authors, please note Pete=92s editorial suggestion.

Jari


--Apple-Mail=_592F2599-8811-42F2-862D-A5620209009B
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX/zgVAAoJEM80gCTQU46qg9gP/3OMrsxqIgkFSE71tKPAARR7
tea5+UTdEywcgMobiJgKMeWxi2mM1u4iMoTdRigPxlcq2mVNjqHI7wVCPN/8Iufj
J0yIEb/sxP1U20s5orbCx3VHSy5pLv/i9EX0KFRqJAGi1AnFDDtQTQjRc+kUEzM1
369tjV+cUpfWwBO6BubxAvugcrvwjjLXvxEmHq+V2433fPBdosHr0RzvxDpK3MEI
ofDQeLkGjZEgAN377KOUsIp2e2i2DqgjwGeg6xIxx3diTb0lYJHa2QgIl5g1VTii
uMHt3JmNNXKZeZt27DFkhOWmv/GjXBEkDqrqXpSxzJ41CWwyGVcsiCgB1ya1rl6k
KYNZyxqzgDNT2XSbWSt3fBBXhYW9LD5HhMyrPTcpd6ScevkxA51fVlqyNYKJnIOs
ryT2aP6x7TnBNJDooMfq+muT4/ikKjND8QpLAH3QyhsBU/FvIJIWvINaP9PyxsEi
ofoYaccEO9OgL8wzPUycOWmBysk7lRe3bvYlojenQAH30/Tyu6M2ZheK/DiBYHP7
umA3z/+S0wrVQeTuHs72GzJrtdzkiOltrgQ5ExKbge0FyTSmfO7/5pAarVeWEPaH
tBgKcweqrLein/nX4g26mIC2J6fNvF1WP2IWyIwvQjELonm3xA9jNuF/fHT0gH9u
MXO2SNVNkJNPxH8qN13a
=6St2
-----END PGP SIGNATURE-----

--Apple-Mail=_592F2599-8811-42F2-862D-A5620209009B--


From nobody Thu Oct 13 01:48:51 2016
Return-Path: <jari.arkko@piuha.net>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E7168129575; Thu, 13 Oct 2016 01:48:49 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Jari Arkko" <jari.arkko@piuha.net>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147634852994.2910.361748252588624377.idtracker@ietfa.amsl.com>
Date: Thu, 13 Oct 2016 01:48:49 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/H5JrndWXHAkkDLkz97Vtylp9u9U>
Cc: lisp-chairs@ietf.org, peter@akayla.com, draft-ietf-lisp-lcaf@ietf.org, lisp@ietf.org
Subject: [lisp] Jari Arkko's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 08:48:50 -0000

Jari Arkko has entered the following ballot position for
draft-ietf-lisp-lcaf-17: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thanks for writing this doc. I plan to recommend its approval, but there
were a couple of things that I think should be fixed for clarity before
issuing the RFC. First, I agree with Peter Yee who did a Gen-ART review
on this document:

> Page 6, Rsvd2 definition: the definition both says "reserved for future
use"
> and then says some types actually use it.  That sounds like present
use.
> And to generically say that it should be sent as zero and ignored, but
then
> to give uses (such as Type 2)  for it  is confusing.  I suggest
rethinking
> the wording here.

The type that seems to differ from the "ignore" advice in Section 3 is
Type 14. Perhaps you can reword somehow, or name the Rsvd2 field to
Flags, and let the Subsections define that as "set to 0 and ignore on
receipt". Or something along those lines?

I also agree with this comment and believe the text should be corrected:

> Page 6, Length definition: there's mention of a "Reserved" field
that's
> included in the minimum length of 8 bytes that are not part of the
length
> value.  Since there are actually Rsvd1 and Rsvd2 fields in the generic
> version of the LCAF and sometimes even Rsvd3 and Rsvd4 fields when
using
> specific Types, it might be better to spell out which reserved fields
(Rsvd1
> and Rsvd2) are meant here rather than giving the field a summary name
that
> doesn't actually appear in the format.  This is also important because
any
> Rsvd3 and Rsvd4 fields are included in the Length field, so using a
generic
> "Reserved" description is ambiguous at best.

And this seems like a bug as well:

> Page 13, RTR RLOC Address definition, 4th sentence: The ability to
determine
> the number of RTRs encoded by looking at the value of the LCAF length
> doesn't seem feasible.  3 IPv4 RTR RLOCs will produce the same LCAF
Length
> as 1 IPv6 RTR RLOC.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Subsections under Section 4 treat some of the fields in different ways.
For instance, in most cases the subsections do not indicate anything
about the base fields, but for instance Subsection 4.9 does say something
about Rsvd1 and Rsvd2:

   Rsvd{1,2,3,4}:  must be set to zero and ignore on receipt.

This text was raised as an issue by Peter as well:

      When there are no RTRs
      supplied, the RTR fields can be omitted and reflected by the LCAF
      length field or an AFI of 0 can be used to indicate zero RTRs
      encoded.

Why are we giving two options? Or is this a
be-conservative-what-you-send-but-liberal-in-what-you-accept situation?



From nobody Thu Oct 13 04:17:12 2016
Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AE15112966D; Thu, 13 Oct 2016 04:17:10 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Alexey Melnikov" <aamelnikov@fastmail.fm>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147635743070.2992.2178442839246963670.idtracker@ietfa.amsl.com>
Date: Thu, 13 Oct 2016 04:17:10 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/dABWxRtsdQkveBBzbSXyyqgiV08>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, draft-ietf-lisp-crypto@ietf.org
Subject: [lisp] Alexey Melnikov's No Objection on draft-ietf-lisp-crypto-09: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 11:17:10 -0000

Alexey Melnikov has entered the following ballot position for
draft-ietf-lisp-crypto-09: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thank you for this document.

I would like to double check that I understand the document correctly. Is
the following scenario possible:

ITR requests negotiation of 3 keys, then in a later request ITR can
request change to 1 (or 2) of the keys, while continuing to use the
remaining keys?



From nobody Thu Oct 13 05:06:50 2016
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CBA9C129426; Thu, 13 Oct 2016 05:06:48 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147636040882.2853.15585935442738597963.idtracker@ietfa.amsl.com>
Date: Thu, 13 Oct 2016 05:06:48 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/zpe_-n4aI7HDxHr3zzeo48L4vPo>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, draft-ietf-lisp-crypto@ietf.org
Subject: [lisp] Stephen Farrell's Yes on draft-ietf-lisp-crypto-09: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 12:06:49 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-lisp-crypto-09: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


Thanks for doing this. Great to see folks incorporating such
things where we can and I'll be interested to see how the
experiments with this pan out.

- intro: (nit) "PKI infrastructure" - the I in PKI
already means infrastructure:-)

- intro: (another nit) I don't get why " o  Packet
transport is optimized due to less packet headers.
Packet loss is reduced by a more efficient key exchange."
is true.

- 3: (more nittyness:) AEAD is defined in RFC5116.

- section 6 non-nit: I don't see why you want cipher
suites 1, 2 and 4. The set of 3,5 and 6 seems to me like
it'd be plenty. If it's not too late, I'd encourage you
to either drop 1,2 and 4 or say those are OPTIONAL and
3,5 and 6 are RECOMMENDED.

- section 7: I think you should embed the KDF into the
cipher suite. It's ok to only have one KDF now, but later
you may want others and it's fairly easy to include the
KDF as part of the definition of the ciphersuite.

- section 7: Why didn't you choose RFC 5869 for the KDF?
That's a more accessible reference I think and just as
good.



From nobody Thu Oct 13 06:05:16 2016
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C0EA1294F5; Thu, 13 Oct 2016 06:05:11 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147636391150.3004.8744692629400023314.idtracker@ietfa.amsl.com>
Date: Thu, 13 Oct 2016 06:05:11 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/LSJryNsu9wjikuzxGLZRFqt-JOk>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, lisp@ietf.org
Subject: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 13:05:11 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-lisp-lcaf-17: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


I basically support Alexey's discuss position and Ben's
comment but with a bit more detail below.

- section 3: I don't see how you can produce a canonical
order of the LCAF encodings if two can contain e.g. the
same values other than different URLs, since there is no
canonical way to order URLs (or JSON structures etc.)
without a lot more specification.

- 4.3: I agree with Ben's comment. You ought include some
text here to the effect that this information can be
privacy senseitive and to recommend not sending or
storing it in such cases.

- 4.4: there are also potential privacy issues here if
this could be used to identify traffic that is from one
specific host behind a NAT. A similar privacy warning
should be included.

- 4.7: Sorry, when is key material sent in a message? How
is that protected? (Key ids are fine, but not key values)

- 4.10.2: The same privacy issues apply here as for 4.3
and 4.4, if the MAC address maps to e.g.  a portable
device carried by a person.

- 4.10.3 and all of section 5: What are these for?  I
don't see the sense in defining these if there is no well
defined way to use them. Any of these might have
undesirable security and/or privacy characteristics.

- Section 6: There are security considerations.  See
above.





From nobody Thu Oct 13 06:31:06 2016
Return-Path: <manishkr.online@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49DD51296DE; Thu, 13 Oct 2016 06:31:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K0FN_Ur4oeEY; Thu, 13 Oct 2016 06:30:58 -0700 (PDT)
Received: from mail-pf0-x22d.google.com (mail-pf0-x22d.google.com [IPv6:2607:f8b0:400e:c00::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B09211293F4; Thu, 13 Oct 2016 06:30:57 -0700 (PDT)
Received: by mail-pf0-x22d.google.com with SMTP id s8so35294012pfj.2; Thu, 13 Oct 2016 06:30:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=z5ADYMKDgUSq5N2cqHmPwFk1HWRvOIW4zjl5k3D+d5Q=; b=XQNW1X+6g+ua3OrGiIY3gZ8DIDFDvmpgjOHQKIZzhnLe4+CVIOBfuBPj/HKcHXxkGp i0XBqkOyBdN1tQCKlaoNxfrR6R/o8C2ITNCZDlv1hM6LXvupVvekQriLGRn0gT87BsGJ ad9kdm1clhiPIQQorPfZ8q/t24GKWtQXUZD43fCDt350J4wp4a96YYq49UXE3t8OmTt3 B+/gyNbmDGDygMkAEScQ+B+IbuxaHNbbRfPvicda/j0za3TvrRv59Ko0CBr0pEL3Vtnq 7rYteNHWD2fKno8UR/ejGA6UgvCLrzS/DCLeucr8ED1RIsr2uwMF+6W2AJCVSgVScJaK GgXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=z5ADYMKDgUSq5N2cqHmPwFk1HWRvOIW4zjl5k3D+d5Q=; b=BvVvBrAIER2E9hMwVEXjC9bganu/mt23aiuwb/L7w8UAIZWira0RTQyVZQUHoIMNEe qViHTv16Cbisq5HQwCdvRu+aJkrZM+gefjZAD6lzyd1DJVQHrTkq4C4BwHZ1XzyK9H58 bnfTchAKqij0JC1gjufKvEBOUQh+N2ixclOSRQuLoKBpkUXTuyiEaYW9SK8sem9pU4Lk ykusF/TC029R82smGzjTL79jS4CCcvCVLsiWLMAYa1u6pgRYCpOy/6SnrKvM7fczUSJQ QGD0hULEtUqHJJh/CGMJfrwwPwVC4Gyersb/UeS90cnnhXIZum3YHLyWyL59qNOF5TCq OlEQ==
X-Gm-Message-State: AA6/9RkBoCfZrIHtG4+buXmS3FKu7Bhme0caAiZjpMoRJKt3STF2vIkMy1HXFogHak039g==
X-Received: by 10.99.44.212 with SMTP id s203mr8422032pgs.47.1476365457323; Thu, 13 Oct 2016 06:30:57 -0700 (PDT)
Received: from ?IPv6:2001:420:c0e0:1005::134? ([2001:420:c0e0:1005::134]) by smtp.gmail.com with ESMTPSA id y125sm19897650pfg.61.2016.10.13.06.30.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Oct 2016 06:30:56 -0700 (PDT)
From: Manish Kumar <manishkr.online@gmail.com>
Message-Id: <F9C17115-476F-41A7-AA9B-B58E0EFF6C8D@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_B5145847-A29B-4F1C-85DB-2B55192001FF"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Date: Thu, 13 Oct 2016 19:00:48 +0530
In-Reply-To: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
References: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/9JoScs-4G6JdMzu0P9K_5lrxdI0>
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-lisp-crypto.all@ietf.org, IETF discussion list <ietf@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Gen-ART Review for draft-ietf-lisp-crypto-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 13:31:01 -0000

--Apple-Mail=_B5145847-A29B-4F1C-85DB-2B55192001FF
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

I guess I did mention this before but just in case that was missed - the =
idea of a separate confidentiality mechanism for each =
encapsulation/overlay protocol when these are all IP based does seem a =
bit inapposite to me. At a minimum, it opens up scope for additional =
security holes to prey upon (as against using a standard mechanism like =
IPsec).

Thanks,
Manish

> On 13-Oct-2016, at 7:27 AM, Pete Resnick <presnick@qti.qualcomm.com> =
wrote:
>=20
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair. Please treat these comments just
> like any other last call comments.
>=20
> For more information, please see the FAQ at
>=20
> http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq =
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>=20
> Document: draft-ietf-lisp-crypto-09
> Reviewer: Pete Resnick
> Review Date: 2016-10-12
> IETF LC End Date: 2016-10-04
> IESG Telechat date: 2016-10-13
>=20
> Summary: This draft is ready for publication as an Experimental RFC
>=20
> Though this is not an area of expertise for me, the document is =
clearly written, I reviewed the data structures and they appear correct, =
and the document seems ready to go forward. (I do find it dicey that =
this is an Experimental document. I understand there is history here, =
but this is a full-fledged protocol document and the fact that it is =
only required to be subjected to a cursory review for Experimental =
status and can pass IESG review with one "YES" and everyone else =
"ABSTAIN"ing seems kinda ridiculous. But that's not a reason to stop =
this document.)
>=20
> Major issues:
>=20
> None
>=20
> Minor issues:
>=20
> None
>=20
> Nits/editorial comments:
>=20
> Section 9, second to last paragraph: "Otherwise, the packet has been =
tampered with and is discarded." The "tampered with" is probably =
overstating the case. I would simply say "invalid".
>=20
> --=20
> Pete Resnick http://www.qualcomm.com/~presnick/ =
<http://www.qualcomm.com/%7Epresnick/>
> Qualcomm Technologies, Inc. - +1 (858)651-4478
>=20
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp


--Apple-Mail=_B5145847-A29B-4F1C-85DB-2B55192001FF
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">I guess I did mention this before but just in case that was =
missed - the idea of a separate confidentiality mechanism for each =
encapsulation/overlay protocol when these are all IP based does seem a =
bit inapposite to me. At a minimum, it opens up scope =
for&nbsp;additional&nbsp;security holes to prey upon (as against using a =
standard mechanism like IPsec).<div class=3D""><br class=3D""></div><div =
class=3D"">Thanks,</div><div class=3D"">Manish<br class=3D""><div =
class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On 13-Oct-2016, at 7:27 AM, Pete Resnick &lt;<a =
href=3D"mailto:presnick@qti.qualcomm.com" =
class=3D"">presnick@qti.qualcomm.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D"">


<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8" =
class=3D"">

<div class=3D"">
<div style=3D"font-family:sans-serif" class=3D""><div =
style=3D"white-space:normal" class=3D""><p dir=3D"auto" class=3D"">I am =
the assigned Gen-ART reviewer for this draft. The General Area<br =
class=3D"">
Review Team (Gen-ART) reviews all IETF documents being processed<br =
class=3D"">
by the IESG for the IETF Chair. Please treat these comments just<br =
class=3D"">
like any other last call comments.</p><p dir=3D"auto" class=3D"">For =
more information, please see the FAQ at</p><p dir=3D"auto" class=3D""><a =
href=3D"http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq" =
style=3D"color:#3983C4" =
class=3D"">http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq</a>.</p=
><p dir=3D"auto" class=3D"">Document: draft-ietf-lisp-crypto-09<br =
class=3D"">
Reviewer: Pete Resnick<br class=3D"">
Review Date: 2016-10-12<br class=3D"">
IETF LC End Date: 2016-10-04<br class=3D"">
IESG Telechat date: 2016-10-13</p><p dir=3D"auto" class=3D"">Summary: =
This draft is ready for publication as an Experimental RFC</p><p =
dir=3D"auto" class=3D"">Though this is not an area of expertise for me, =
the document is clearly written, I reviewed the data structures and they =
appear correct, and the document seems ready to go forward. (I do find =
it dicey that this is an Experimental document. I understand there is =
history here, but this is a full-fledged protocol document and the fact =
that it is only required to be subjected to a cursory review for =
Experimental status and can pass IESG review with one "YES" and everyone =
else "ABSTAIN"ing seems kinda ridiculous. But that's not a reason to =
stop this document.)</p><p dir=3D"auto" class=3D"">Major issues:</p><p =
dir=3D"auto" class=3D"">None</p><p dir=3D"auto" class=3D"">Minor =
issues:</p><p dir=3D"auto" class=3D"">None</p><p dir=3D"auto" =
class=3D"">Nits/editorial comments:</p><p dir=3D"auto" class=3D"">Section =
9, second to last paragraph: "Otherwise, the packet has been tampered =
with and is discarded." The "tampered with" is probably overstating the =
case. I would simply say "invalid".</p><p dir=3D"auto" class=3D"">-- <br =
class=3D"">
Pete Resnick <a href=3D"http://www.qualcomm.com/%7Epresnick/" =
style=3D"color:#3983C4" =
class=3D"">http://www.qualcomm.com/~presnick/</a><br class=3D"">
Qualcomm Technologies, Inc. - +1 (858)651-4478</p>
</div>
</div>
</div>

_______________________________________________<br class=3D"">lisp =
mailing list<br class=3D""><a href=3D"mailto:lisp@ietf.org" =
class=3D"">lisp@ietf.org</a><br =
class=3D"">https://www.ietf.org/mailman/listinfo/lisp<br =
class=3D""></div></blockquote></div><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_B5145847-A29B-4F1C-85DB-2B55192001FF--


From nobody Thu Oct 13 06:56:31 2016
Return-Path: <ietf@kuehlewind.net>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C6EC71298C7; Thu, 13 Oct 2016 06:56:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "Mirja Kuehlewind" <ietf@kuehlewind.net>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147636698880.2902.2626134281302974239.idtracker@ietfa.amsl.com>
Date: Thu, 13 Oct 2016 06:56:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/fUBVParKjAD8XBQyUqGnEflh0mo>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, lisp@ietf.org
Subject: [lisp] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-lisp-lcaf-17=3A_=28with_COMMENT=29?=
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 13:56:29 -0000

Mirja Kühlewind has entered the following ballot position for
draft-ietf-lisp-lcaf-17: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I support Stephen's discuss. It is unclear if and how this information is
used and if this is the right channel to transmit the information;
further the security considerations are not sufficient and should be more
specific regarding the information provided.



From nobody Thu Oct 13 07:05:58 2016
Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5093C1298B2; Thu, 13 Oct 2016 07:05:53 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Suresh Krishnan" <suresh.krishnan@ericsson.com>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147636755332.2834.138192802547552407.idtracker@ietfa.amsl.com>
Date: Thu, 13 Oct 2016 07:05:53 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/g7-z_lBZWP4EAL8pvYGtRFTjYtA>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, lisp@ietf.org
Subject: [lisp] Suresh Krishnan's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 14:05:53 -0000

Suresh Krishnan has entered the following ballot position for
draft-ietf-lisp-lcaf-17: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for taking care of my DISCUSS points. I will clear but I note that
the COMMENT points below still seem pertinent.

* Can you please clarify why Rsvd2 is reserved for future use but this
document already ends up specifying it under "Segmentation"

* I think the reference for AFI is not correct. Shouldn't it be
http://www.iana.org/assignments/address-family-numbers/address-family-numbers.xhtml?
The current reference leads to a generic IANA page.

* Section 4.8:

Is the explanation for the AFI correct? The source dest lookups don't
seem to be multicast addresses.

"When a specific AFI has its own encoding of a multicast address, this
field must be either
      a group address or a broadcast address."



From nobody Thu Oct 13 08:02:31 2016
Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5934912952A for <lisp@ietfa.amsl.com>; Thu, 13 Oct 2016 08:02:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level: 
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PqvmzVctPudk for <lisp@ietfa.amsl.com>; Thu, 13 Oct 2016 08:02:27 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27A83129449 for <lisp@ietf.org>; Thu, 13 Oct 2016 08:02:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 14830253679 for <lisp@ietf.org>; Thu, 13 Oct 2016 08:02:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1476370947; bh=jFVvgw0JCMFeQj3pa/0WP4wVmsRKF6T8beZgwXDKNnA=; h=Subject:References:To:From:Date:In-Reply-To:From; b=A+wTvO9p6SeoRtt75b7ePGjWeO0DKiNu8hzc0qHpS1EfmRfPPEOOTXhHnStUBa9bj Pr3S5Zq53JU5ZVyDWaTtCZh0NoOvkVj+tzjj+i3nRieNiU/1Wpie23X1kJLs05gb0j XbEQBWB49NhcaKd/q3n/7cH3Aga+wkwQG/jbpH1M=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id A8DB5240CFC for <lisp@ietf.org>; Thu, 13 Oct 2016 08:02:26 -0700 (PDT)
References: <1DE56EBF-3C11-42BA-AD14-28E317CEAF0B@isoc.org>
To: "lisp@ietf.org" <lisp@ietf.org>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Forwarded-Message-Id: <1DE56EBF-3C11-42BA-AD14-28E317CEAF0B@isoc.org>
Message-ID: <415dc2a1-b77a-5a29-2148-77f9e4399a91@joelhalpern.com>
Date: Thu, 13 Oct 2016 11:04:10 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <1DE56EBF-3C11-42BA-AD14-28E317CEAF0B@isoc.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/usL-xTOx2EgivPhzWcZe41dF3ss>
Subject: [lisp] Fwd: Re: CodeStand
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 15:02:29 -0000

FYI...


-------- Forwarded Message --------
Subject: Re: CodeStand
Date: Thu, 13 Oct 2016 12:59:43 +0000
From: Christian O'Flaherty <oflaherty@isoc.org>
To: routing-discussion@ietf.org <routing-discussion@ietf.org>
CC: codestand-develop@ietf.org <codestand-develop@ietf.org>

Please note that a project in CodeStand can be created to document 
existing code without having a code request and it can be either open 
source or proprietary code.

The site will be announced to students next week at the Grace Hopper 
Celebration so we would like to have as many code requests as possible 
available in the tool.
The CodeStand team
> On Oct 12, 2016, at 7:00 PM, Christian O'Flaherty <oflaherty@isoc.org> wrote:
>
>
> Hi all,
>
> In Berlin at the Routing Area Open Meeting we announced a web site aimed to document coding projects based on IETF documents. Unfortunately, the name we used was taken and we had to turn it off after the presentation.
>
> The new name for the project is CodeStand and the new site is: https://codestand.ietf.org
>
> We’re now looking for volunteers willing to create “Code Requests” for their documents.
> Students will create “Projects" referencing your “Code Request”.
>
> You can Sign In using your current Datatracker credentials.
>
> Please provide feedback to codestand-develop@ietf.org
>
> Thanks to the Brazilian Team (Wanderson and Matheus) for their great work.
>
> The CodeStand team
>

_______________________________________________
routing-discussion mailing list
routing-discussion@ietf.org
https://www.ietf.org/mailman/listinfo/routing-discussion


From nobody Thu Oct 13 12:22:32 2016
Return-Path: <rogerj@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0C11129606; Thu, 13 Oct 2016 12:22:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.22
X-Spam-Level: 
X-Spam-Status: No, score=-2.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xgy-JDI9SLjK; Thu, 13 Oct 2016 12:22:25 -0700 (PDT)
Received: from mail-qt0-f175.google.com (mail-qt0-f175.google.com [209.85.216.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CC8A8129502; Thu, 13 Oct 2016 12:22:24 -0700 (PDT)
Received: by mail-qt0-f175.google.com with SMTP id m5so55832899qtb.3; Thu, 13 Oct 2016 12:22:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=iWXxzuSqTFogGWatxlYE/anwEbjAiiIlryMu162pzU0=; b=JlYSpoEXkiYxnYaKH56fxUeHie0iO4c3VyEj47wG9V356oDz187fja9WR0q7smvZD+ fVSvmSa4HPNitrzatG4shm7IOFYOE7N39dniO3DJS5Z3+f02LHn3ZiK34dNdhKsCluhO ivaUTPkAsqBAsTZIPjhgvpemcL1BeiM2DpVBrfOd4N89SpGjdW2fsqkYFSffneVHWK5C 3IifXkyeJdIMMYpa+8RYr6mP2xhbF5zuBuV8woy6KaOLi9uXgljw6HAl8LpSv0aCsO0z zQ/X/kalBB9F07MDuCjluOZSFf82BPYI+ij6kn/l+UF2HlfFDoSd+A3mojEYe9zqZLEY /hYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=iWXxzuSqTFogGWatxlYE/anwEbjAiiIlryMu162pzU0=; b=N/XXFlQYZnKDFA6nDgrXzB+PrEpZL9cUhE2q3B9Lc5OhTLuMMXSroJ90vX32l1i+mI ldGita8Nym5Q4IFWsN+Enh8H1bywdv31ZZSnlGx1WeI0eX72RnwXO1CLMfiii7vw7dQJ YsP97mH9b9k90ka7B5D2nxAby3jDwVYPbo87joC8iUOC0wUO59WX4bnAFZGS/x18S+a4 tjzUd0g0AFjIIIPD7TmA1r6OKa0N5znbwrM7KnaKcHY94UEwQoUQ6jP/k90Dfs+sU8cK kgvt3kQvIDL2ROoDfnr3PKNSM5wcA9blWK3HmPtxK2B8pxLYpO47voA+xIHNY5MMNUl9 K4Qw==
X-Gm-Message-State: AA6/9RmIZ/CzcKlUW24aHKHc9QqvRVRDgi7cOCblSyMVZWILAMbHry5ZB2mNElcfVoML3w8BzAH7s05Gwt1c1w==
X-Received: by 10.28.40.3 with SMTP id o3mr3160140wmo.68.1476386483893; Thu, 13 Oct 2016 12:21:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.144.108 with HTTP; Thu, 13 Oct 2016 12:21:23 -0700 (PDT)
In-Reply-To: <F9C17115-476F-41A7-AA9B-B58E0EFF6C8D@gmail.com>
References: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com> <F9C17115-476F-41A7-AA9B-B58E0EFF6C8D@gmail.com>
From: =?UTF-8?Q?Roger_J=C3=B8rgensen?= <rogerj@gmail.com>
Date: Thu, 13 Oct 2016 21:21:23 +0200
Message-ID: <CAKFn1SH5C0VsqZ6Qz5CWPHhuwt7xra4bGuvqFN+QMCw1zzDsSg@mail.gmail.com>
To: Manish Kumar <manishkr.online@gmail.com>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/EKiTWt5W62-V7iwfURzBQaRIuEk>
Cc: Pete Resnick <presnick@qti.qualcomm.com>, draft-ietf-lisp-crypto.all@ietf.org, "lisp@ietf.org" <lisp@ietf.org>, General Area Review Team <gen-art@ietf.org>, IETF discussion list <ietf@ietf.org>
Subject: Re: [lisp] Gen-ART Review for draft-ietf-lisp-crypto-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Oct 2016 19:22:27 -0000

On Thu, Oct 13, 2016 at 3:30 PM, Manish Kumar <manishkr.online@gmail.com> wrote:
> I guess I did mention this before but just in case that was missed - the
> idea of a separate confidentiality mechanism for each encapsulation/overlay
> protocol when these are all IP based does seem a bit inapposite to me. At a
> minimum, it opens up scope for additional security holes to prey upon (as
> against using a standard mechanism like IPsec).
<snip>

I was going to respond to the original question but somehow it got lost...

The idea went through alot of discussion with different security guys to make
sure it would be as good as it could be, if I remember correctly we did all that
before it was requested to be a LISP-wg document..


I would suggest you read the introduction part again, are a few things
there that
made IPSec or any form of outer encryption out of scope. Not to forget that if
using IPSec we would have to encapsulate an already encapsulated packet...

Some other background on the document - I had two ideas, one was that we
should encrypt the xTR - xTR traffic to make it a bit more secure over whatever
medium it was crossing - and an idea that as a LISP site I should somehow be
able to signal alongside my EID that i only wanted encrypted traffic
to arrive at
my xTR's, or that I only supported a few given encryption scheme.
This and some ideas Dino already combined with other input morphed into
the document we are discussing now.



-- 

Roger Jorgensen           | ROJO9-RIPE
rogerj@gmail.com          | - IPv6 is The Key!
http://www.jorgensen.no   | roger@jorgensen.no


From nobody Fri Oct 14 01:46:46 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C3F5129485; Fri, 14 Oct 2016 01:46:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5qMSTtGaQih; Fri, 14 Oct 2016 01:46:43 -0700 (PDT)
Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7DBF128DF6; Fri, 14 Oct 2016 01:46:42 -0700 (PDT)
Received: by mail-lf0-x236.google.com with SMTP id x79so189412384lff.0; Fri, 14 Oct 2016 01:46:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=n+oS+bVmXF6kzrNdm614kXkFUj4tVMvOSKFt80Blsjg=; b=P0YjuOgqQ+ijUIUg8gE1Khzs2KM/EQEziAzAHW3SQB7QgiVfJtr5rrk/Vtb0rAfbI6 UDjgJJMomBAYbfR3zI6EDLw8PlkAjbPb06oxN/Nfq4KjlsdaWmhcE8zXSFSpiOQV1eiR G8WNmYS+Z9qdaNhg2byBg+aetlKYnR79znvUUD3TcfrCrBzWCYNuTe9nhqxqifYgOm2K lOoXTB+iGOGdOMhMFC5CyWdhksAMwKxv2vNsSOFoNCTgr5kLySgu8tiGoyVt/dCGdyfc NQCtjEh5jCiDHo07OUx9RonatqQl3kETfiYoEt24sLV28h3Tpt+0i7h53tgfD3g1FwEr yyzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=n+oS+bVmXF6kzrNdm614kXkFUj4tVMvOSKFt80Blsjg=; b=KfouFmU3Ph94hGlosyyAYlcok0ioRP06YMD1c5I0kdUYpPHV01IkOD0noAMnJMLiv1 BNeh2Gyq7wwdqxe4yWmRVqlhWE83U34ugmEy6YG0S7zVIlPOFB7OTWlvqH8VeycBkPU3 wYWXCkAQ6po8hEx3qWV08BzOdvvWC1ZpOE0M+sQFUKhRLwkRYe66ydgG5Eo+7qaD/Lt4 5vDhniFUG57/cub+0SYU/Gr/WTMgDhB7b3TA1wMcRkiFJUigTlQU5nTEHnpaIxowbUKW KenuEinH5MrKq/8000d/GHEEVvzrDvMhOVnBjDXo5YqdySDYHSjTZrfx+pZ73s1vedXI Sfnw==
X-Gm-Message-State: AA6/9RlZOXXMOdXoPTCS6QGJ1DjoR3XVKx6YkrvOxca8kh/mPe5PALeb+P5gpoUVFQ+4Xg==
X-Received: by 10.28.128.143 with SMTP id b137mr846767wmd.95.1476434800780; Fri, 14 Oct 2016 01:46:40 -0700 (PDT)
Received: from [10.21.68.29] ([89.248.140.9]) by smtp.gmail.com with ESMTPSA id io3sm9402364wjb.24.2016.10.14.01.46.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 01:46:40 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 01:46:39 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/FJB37BZHAyGjJEYpPxMwgRZ_z-k>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 08:46:44 -0000

> Section 4.3 talks about geo coordinates. I think I understand that =
these
> coordinates may give the location of a device. Is there any =
expectation
> that said device can be associated with a person? The security
> considerations mention this briefly. Have the working group considered
> whether the guidance in RFC 6280/BCP 160 is applicable here?

A mapping database entry could identify an individual. We think that =
confidentiality of the control-plane could be used for protecting data =
in transit from LISP site to the mapping system. For retrieving =
information from the mapping system, the transport can provide =
confidentiality protection but also who can access the information.

How about I put a reference to RFC6280/BCP160 in the Security =
Considerstaions section?

Dino


From nobody Fri Oct 14 05:03:50 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF5A812972D; Fri, 14 Oct 2016 05:03:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7K1KTXFT_f0; Fri, 14 Oct 2016 05:03:47 -0700 (PDT)
Received: from mail-qt0-x22e.google.com (mail-qt0-x22e.google.com [IPv6:2607:f8b0:400d:c0d::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EAD4129729; Fri, 14 Oct 2016 05:03:47 -0700 (PDT)
Received: by mail-qt0-x22e.google.com with SMTP id q7so72814659qtq.1; Fri, 14 Oct 2016 05:03:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=iJRfuoFN73LxRhN4T+rzHenPNgtXH9mKH/Bq3Bl9k/0=; b=cF5+DQA5oSsQH4Xp2n7nb/heB8muQUEVvRkC6dQ7AD4qjooOXoYKis4buROaHdg6sU pQlWgdThoCiMjMngCtWu7C8DS3CLpb4MMsOmrB45hpX6/aWm3PLjc56ugttSYbXTbjwO ge0FVCeh9p7/nhl/FWCkbmVp8DsAwxjX8WDBOzDwra/36Rqn4CvLhCOxcqkyN1R4sBeT NDSx3hXsrnPPHKk5WQA2CuQmJJrf/hdVRQ17Pp2n6Ku4R2lhJ7/ULLQxAWr5DjvHRk4w njdVY23lOQz98QPaZyyWW3rtkcYLizPbBebqyE4jgUh3LgO1kpkHDjt7RyfTdU29LHS+ Hv7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=iJRfuoFN73LxRhN4T+rzHenPNgtXH9mKH/Bq3Bl9k/0=; b=jvmA77ZGglqWyX8HCIVmfmd9jf/cBECFuV+f8pLRn4MepEIHy2mj9H5lAkex/deaYB Xqx9r/V7gGLDtHLal/zyTW/W9uuccEc802PAsXb6yebjhbwCTfXed3OAbpCZ0UXxCTeZ hpTjZfp569snLj+HCCsi8ihyO56ZMm+hEd2FURTdPProX0CwC6uRmxoMQlUoTdINhlCg Jdww2cQ5DhMrKTqnHmZUX1aKkQeMSVu/cioQchLQb/w4fJ6YTYYHQmR580IUuK6oEh11 8eee0E53/kRI8gz4X1R59FhXC/Vnrk21LQqGSgs2WHsLCuFaSMwLdE12cqLVWeJ4zr3B iwVw==
X-Gm-Message-State: AA6/9Rl7HTV+q9EszSZam0qev+G4WdvCglH4FW37B/Ctra6lYbbmfXfkHDqIlFBWMtFzDQ==
X-Received: by 10.28.91.149 with SMTP id p143mr5301565wmb.20.1476446626359; Fri, 14 Oct 2016 05:03:46 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id g9sm31405101wjk.25.2016.10.14.05.03.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 05:03:45 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147636698880.2902.2626134281302974239.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 02:38:36 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <A5AB9D6A-8D49-46C4-B0D7-A3B35AACC932@gmail.com>
References: <147636698880.2902.2626134281302974239.idtracker@ietfa.amsl.com>
To: Mirja Kuehlewind <ietf@kuehlewind.net>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/WXtInx1CqTjF91jSQ4r2kewe2_M>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-lisp-lcaf-17=3A_=28with_COMMENT=29?=
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 12:03:49 -0000

> I support Stephen's discuss. It is unclear if and how this information =
is
> used and if this is the right channel to transmit the information;
> further the security considerations are not sufficient and should be =
more
> specific regarding the information provided.

Thanks for your comments Mirja. As for the Security Considerations =
section, we added text and where there is a reference to an individual =
or a specific device, we refer to the Security Considerations section to =
discuss suggestions for privacy protection.

As for the LCAF Type usage, the working group decided to include types =
we plan on using soon (already documented in drafts), but not put =
references to them because some are individual contributions and not =
working group documents yet.

Thanks,
Dino


From nobody Fri Oct 14 05:04:39 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96E4A129733; Fri, 14 Oct 2016 05:04:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 92vRRwBRTtio; Fri, 14 Oct 2016 05:04:06 -0700 (PDT)
Received: from mail-lf0-x234.google.com (mail-lf0-x234.google.com [IPv6:2a00:1450:4010:c07::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D540D129741; Fri, 14 Oct 2016 05:03:51 -0700 (PDT)
Received: by mail-lf0-x234.google.com with SMTP id l131so150658366lfl.2; Fri, 14 Oct 2016 05:03:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jBFVB1ryxODtwBw3ZS5dkqo+SFABwjEpJac5obZd02s=; b=vmV89ksQFek+DQV0uxlPgTzZaKDPtD9pdHlvsAezQ0sa5M8WP59UREBvgIu6RFHAD1 ELtUIkoRpIHaj0PTBtU4SIGBB6JG0IjZn59/x+vkLUREP8Vzuwl+hNpDNz2L7s/k2TTQ S/1q5hhfmcE+i3deXv0ICvudc8FZ24MKn1hCrqet98X5D+qfQCeH78jvKT1tSnz+5tmi dY/oL5MzkdeoTKrjomd+vshaNYfY5UhHcTV2aK/+5w4yHv80aNatlGxcjCkhnzKGvQ7T rez5dk3sVSFmzRR45uMaW2HV/eT9iPGy76Hws1F1NeGuLIXn9EImFsZlqRtChoXQiaH0 dYeQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jBFVB1ryxODtwBw3ZS5dkqo+SFABwjEpJac5obZd02s=; b=gj7RsEVTuz3YBzOmg343/mqCYoSSas+gpQtqjWZPSP+Z/wn5smRfb72b8JI8HrVeAs oJT9z2FgZ6RPIb8qSiw144G7BL4JVrNYIlYt832mtC8UjcRhVKIAPOqihrgrbhDLOmZ3 n5JIa6dFCubxUVV/Tcq53Hqy8IKklnMoEfLLleypanhCAhmoqaSxoQAhUYM3z39kk6oe +OAGqvD8D2BjzdZ+U15vfh/NRa4BhCqB3jhc3BnljxPwBkC8j/RBuxMYHxaQETNqahMH 4ONWcGOB2u8elGTjeEPsNIVtwdSdohCi4cgAkgHRzAJXzFD7TtI88qAtqblItKRa6bRh S8AA==
X-Gm-Message-State: AA6/9RkWjO7qWnNuhUaEsQnvXo98udS5Jj5lY05hskm5emJZ9AWnA1+ZIpYSaMpgPlLu3Q==
X-Received: by 10.28.166.147 with SMTP id p141mr5333317wme.27.1476446627910; Fri, 14 Oct 2016 05:03:47 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id g9sm31405101wjk.25.2016.10.14.05.03.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 05:03:46 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147636755332.2834.138192802547552407.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 02:43:07 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <4A6E95E3-2363-4C82-B8FB-F1BE847B828C@gmail.com>
References: <147636755332.2834.138192802547552407.idtracker@ietfa.amsl.com>
To: Suresh Krishnan <suresh.krishnan@ericsson.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/p-k8nhEpGkAc8BfCbmzlAj6CACw>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Suresh Krishnan's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 12:04:13 -0000

> Thanks for taking care of my DISCUSS points. I will clear but I note =
that
> the COMMENT points below still seem pertinent.

Thanks again for your comments Suresh.

> * Can you please clarify why Rsvd2 is reserved for future use but this
> document already ends up specifying it under =E2=80=9CSegmentation"

I have done fixed this.

> * I think the reference for AFI is not correct. Shouldn't it be
> =
http://www.iana.org/assignments/address-family-numbers/address-family-numb=
ers.xhtml?
> The current reference leads to a generic IANA page.

I missed this on your first set of comments. Added now.

> * Section 4.8:
>=20
> Is the explanation for the AFI correct? The source dest lookups don't
> seem to be multicast addresses.
>=20
> "When a specific AFI has its own encoding of a multicast address, this
> field must be either
>      a group address or a broadcast address.=E2=80=9D

I fixed this to refer to =E2=80=9Cy=E2=80=9D for the destination prefix =
only.=20

Thanks,
Dino


From nobody Fri Oct 14 05:04:45 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEC8D1297E2; Fri, 14 Oct 2016 05:04:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1
X-Spam-Level: 
X-Spam-Status: No, score=-1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nXICM9gj-fNL; Fri, 14 Oct 2016 05:04:24 -0700 (PDT)
Received: from mail-lf0-x229.google.com (mail-lf0-x229.google.com [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1746D12972E; Fri, 14 Oct 2016 05:04:04 -0700 (PDT)
Received: by mail-lf0-x229.google.com with SMTP id x79so197640917lff.0; Fri, 14 Oct 2016 05:04:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kz7qpwf97n9Fnr9btmc7pwyscoaAg/ynlFe2PFXWgiE=; b=ZzPNcG0fQR92eHv4gzFzrAxqkv2D/x09EyJqoEwgH/LlL05+0g1QQScbqWoWUJw+/r qop5aJ1e61efyeu+7xcJhvn5UM1Fvp0KxapaE75sFX+7FV4kdNMkaW4IKpJ+N2H4G3ir HtBq0UNK3OFVBljdVL4op6RO97s9IyL5FkcW4/be7P07jW0TOl0cNPWxTYmAZCHdp5aF B7DT6NZukkJe3+PpCWY94Tq8A+FqV6hENG1i8v+MZTIfk5hqMhcdbyE79c7tuoFzGBnM +SfvKIW/shQ7gBNNjOrSWcsdIngCeSPc/i8k3ycQIeYoVYsaXe5Xk9b42hheStvceKWt ZzRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=kz7qpwf97n9Fnr9btmc7pwyscoaAg/ynlFe2PFXWgiE=; b=BcX7umRSBf21LRQXmt4iJo8sjJfWmuBAdPYor826v8pBdvrMaErRauiHLQ5A0EwNjf JfWEPBgvKn3vWVHCCdq4XpJX9uBvmrovtNWPeKuGQFik1jnu6XgkYBRDA8u+ZtpyLnhM P92j0S0krH2m/xxVZIbMQGusqxrb28QKWZSwRk53awmsKer47E3dsGAxr9S28oXVhOS/ JR2nOyHr2E3b0XeMQDz8fCAt3OnpaoUedujmxgzxUQe6VcS5izGaIJh9vZECl3o12uMf axWs2lHZoUWRIEJaFWMvHyrWMzWqnAhwk4jraiZf67OzzuH2ECzUBnhkPUfhoohyW6KJ Xmtw==
X-Gm-Message-State: AA6/9RmJBWihlJhoQgwP7aFBr2LIKrbBDTln7c6Ws39CE1W47bxJ/pnwK9aA+a0e7sqDbA==
X-Received: by 10.28.230.66 with SMTP id d63mr1434759wmh.120.1476446642255; Fri, 14 Oct 2016 05:04:02 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id g9sm31405101wjk.25.2016.10.14.05.04.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 05:04:01 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAKFn1SH5C0VsqZ6Qz5CWPHhuwt7xra4bGuvqFN+QMCw1zzDsSg@mail.gmail.com>
Date: Fri, 14 Oct 2016 03:43:43 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <6C4ED0F7-F7C4-491A-B91F-1835E270046C@gmail.com>
References: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com> <F9C17115-476F-41A7-AA9B-B58E0EFF6C8D@gmail.com> <CAKFn1SH5C0VsqZ6Qz5CWPHhuwt7xra4bGuvqFN+QMCw1zzDsSg@mail.gmail.com>
To: Roger Jorgensen <rogerj@gmail.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/7R5unLTUqpCt-IjcR4V0mQfLA5c>
Cc: "lisp@ietf.org" <lisp@ietf.org>, Pete Resnick <presnick@qti.qualcomm.com>, draft-ietf-lisp-crypto.all@ietf.org, General Area Review Team <gen-art@ietf.org>, IETF discussion list <ietf@ietf.org>
Subject: Re: [lisp] Gen-ART Review for draft-ietf-lisp-crypto-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 12:04:26 -0000

Manish, we wanted a more integrated solution. Many products can=E2=80=99t =
do encapsulation and encryption at one time in one router. There are =
2-box solutions are there. Plus, there are more RTT packet exchanges for =
IPsec which would cause more packet loss when the ITR would have to =
resolve an EID to an RLOC and do key exchange. We did this all together =
in one RTT so we have efficiency and integration.

Plus, we can do rekeying more efficiently and quicker. And we don=E2=80=99=
t have to store keys and have a PKI.

Dino

> On Oct 13, 2016, at 12:21 PM, Roger J=C3=B8rgensen <rogerj@gmail.com> =
wrote:
>=20
> On Thu, Oct 13, 2016 at 3:30 PM, Manish Kumar =
<manishkr.online@gmail.com> wrote:
>> I guess I did mention this before but just in case that was missed - =
the
>> idea of a separate confidentiality mechanism for each =
encapsulation/overlay
>> protocol when these are all IP based does seem a bit inapposite to =
me. At a
>> minimum, it opens up scope for additional security holes to prey upon =
(as
>> against using a standard mechanism like IPsec).
> <snip>
>=20
> I was going to respond to the original question but somehow it got =
lost...
>=20
> The idea went through alot of discussion with different security guys =
to make
> sure it would be as good as it could be, if I remember correctly we =
did all that
> before it was requested to be a LISP-wg document..
>=20
>=20
> I would suggest you read the introduction part again, are a few things
> there that
> made IPSec or any form of outer encryption out of scope. Not to forget =
that if
> using IPSec we would have to encapsulate an already encapsulated =
packet...
>=20
> Some other background on the document - I had two ideas, one was that =
we
> should encrypt the xTR - xTR traffic to make it a bit more secure over =
whatever
> medium it was crossing - and an idea that as a LISP site I should =
somehow be
> able to signal alongside my EID that i only wanted encrypted traffic
> to arrive at
> my xTR's, or that I only supported a few given encryption scheme.
> This and some ideas Dino already combined with other input morphed =
into
> the document we are discussing now.
>=20
>=20
>=20
> --=20
>=20
> Roger Jorgensen           | ROJO9-RIPE
> rogerj@gmail.com          | - IPv6 is The Key!
> http://www.jorgensen.no   | roger@jorgensen.no


From nobody Fri Oct 14 05:10:15 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62C3C1294C2; Fri, 14 Oct 2016 05:10:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q769yCZslrC2; Fri, 14 Oct 2016 05:10:08 -0700 (PDT)
Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B0A21297C7; Fri, 14 Oct 2016 05:03:53 -0700 (PDT)
Received: by mail-qk0-x232.google.com with SMTP id n189so144368648qke.0; Fri, 14 Oct 2016 05:03:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=5HV7bbAEwsV4+qHsRjtw/zPNjyRDQw/Hr8hWiP+7mg4=; b=AQ+5SKfQ1D/TKNzGMQ/ACNkNE8SWR2NmIZGU5vbXk6KGus1ysMymbxqEguSn9UP6H5 e2A+UsayqkewMkJ0wn7N4GiTU9y5k+CVQL8+6c+DVDBF0lQhfv/0zPw6ZYgigVuH66U9 rczSk7mLmZzLKKtv6xOI3fW79YRG+sTIRrVXIwq7k8/Mj2kaXdMUK+q4zMzeMPh3Cdq4 DWHkuFPoTEODiVU9Gwdb1izqdd4Od+sBT2X7fmyRqyzTRepg3T/y1kgAvEDdaQskgkUI U1ZXTGwsDDwu6kuLdIluUtB8jC5fYkWnXLZsHQqJISIdBPZhHTOUybpcul14vM2y51fD LsQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=5HV7bbAEwsV4+qHsRjtw/zPNjyRDQw/Hr8hWiP+7mg4=; b=PG4S7QbotS3s57whBjwk10FbX5ysiC1eM6mYjOk/xwRpuJIbi6KD3cDiWclKaR7o6A 5yjFCB9DRS3TAKvqXl5H4ggPVwTA0pSKGBVFw1BtOvWowkcoU8YUe06Dccdu/CElYfgY 0UNt09Ec3Q/iZxdyKh4NkTr+NQBESNpojzWa/IO506wH0CQ3XifbbRvmTlxNqTfipdZp qZpLoTHV7Z/iQGmqf4jaWfT4DaMPv5m0LmuqR9LY7WVensM2CcPxKy3io4w74SXy8y81 gtOj1ZSaCLWwiNJiVoiny2ooCs1gYRKRD9RtiePC0ZZu25lzGFrUzlv1Mrn1yggOTRbP /iqQ==
X-Gm-Message-State: AA6/9RmGPjK0UZ1ygDNcHmRU2JgjOxZlt34DH/rUHzlsAtHO8CzjHbtbimf7gP2+R0Ka8g==
X-Received: by 10.194.115.230 with SMTP id jr6mr1747754wjb.3.1476446633029; Fri, 14 Oct 2016 05:03:53 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id g9sm31405101wjk.25.2016.10.14.05.03.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 05:03:52 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147635743070.2992.2178442839246963670.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 03:44:58 -0700
Content-Transfer-Encoding: 7bit
Message-Id: <843870B7-65B5-41CD-9D5D-75F38E7BEC15@gmail.com>
References: <147635743070.2992.2178442839246963670.idtracker@ietfa.amsl.com>
To: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/pIn9qxNlO4IhXVO0fj1ZsrHQJNA>
Cc: lisp-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-crypto@ietf.org, lisp@ietf.org
Subject: Re: [lisp] Alexey Melnikov's No Objection on draft-ietf-lisp-crypto-09: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 12:10:09 -0000

> Thank you for this document.

Thanks for your question Alexey.

> I would like to double check that I understand the document correctly. Is
> the following scenario possible:
> 
> ITR requests negotiation of 3 keys, then in a later request ITR can

Yep.

> request change to 1 (or 2) of the keys, while continuing to use the
> remaining keys?

That is correct.

Dino


From nobody Fri Oct 14 05:37:54 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07D11129746; Fri, 14 Oct 2016 05:37:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.888
X-Spam-Level: *
X-Spam-Status: No, score=1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, MANY_SPAN_IN_TEXT=2.696, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_HTML_ATTACH=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EGg1FVzaW4mK; Fri, 14 Oct 2016 05:37:41 -0700 (PDT)
Received: from mail-qt0-f172.google.com (mail-qt0-f172.google.com [209.85.216.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB9551297F6; Fri, 14 Oct 2016 05:37:40 -0700 (PDT)
Received: by mail-qt0-f172.google.com with SMTP id s49so72002408qta.0; Fri, 14 Oct 2016 05:37:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:mime-version:subject:message-id:date:cc:to; bh=SjeSrzg8ZuMf/2/KJsWjjJ6Op14vCt7D7SsTtswIjVQ=; b=Zg7G03u+6+695yeAPfAT5cbBuSi4jphjgW1XMO3+bvUcmVI4z9KDgVA30i7YpYw4WD 2I2TNNiOf1yNzxbBV1gPmaE1BFZdhlRnUxJlaNhIXp+jNZuCAkR8XePGL9lR9enql9LO 7Fc93Z+MEaNLMqfvMan+RTn34XHwSlv2T3+xjj9FNOK2M1qSJXeTCnEpnFFyM1AV82qc DQbWTs6zzMj+U5ztoj2fiRdzKvp7RQEC/Ln1Rb6q3q+qsd/7KmhOMt29yDVCd5DyC4Hi s6pPwdjmzBD0Bw6ArX55cgPlezDfJeWvgLTGW4IJMx7iW9ejH5nCXZ0xUvHf3PR/JF1y 4lPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:mime-version:subject:message-id:date:cc:to; bh=SjeSrzg8ZuMf/2/KJsWjjJ6Op14vCt7D7SsTtswIjVQ=; b=RQJaAFbr0y4KjL1rz+wiOnYVPSTj9n0EtQv2iHPkg259bO/bbJdVFV4r8Tc+Xdlxhs 5JbLpPxUxahQgGxw+LBM1zi+VD/qNvP1OwYgGJDQ6j48synSUybdpAAWXQuNn207kS+X owUrkcTTtbAHmPxdt0qEe9Uf/rafW2i9HTyZi8DAi5Z/1aulOSTr7wBvDqdwsrbr2Hxy J1g8fJwv5x49o7B8KUkNjxt3GDoImxMQ7v609S6Uo+u54aDgb8GHMsEaNeXAJPaQbdEl SMrRX/kXXhFNlJ83EN+9DqcDfEFPMk0LO2Yo+EFiP2FtwvSUFZM6rPsW5RTcg/dMaYAB KmmA==
X-Gm-Message-State: AA6/9Rlh7ZhuX+u6fH87ww/SB0kO6ujhYd947YAm1mlZ9HObE3H7+/gyOfakPunnu/I1xw==
X-Received: by 10.194.59.18 with SMTP id v18mr1885445wjq.69.1476448597767; Fri, 14 Oct 2016 05:36:37 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id q8sm31484738wjj.7.2016.10.14.05.36.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 05:36:36 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Content-Type: multipart/mixed; boundary="Apple-Mail=_FA021435-AEE2-4DC5-8667-760FC260A266"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Message-Id: <D26386DA-0D94-4686-B896-1B17E1EFD1CE@gmail.com>
Date: Fri, 14 Oct 2016 05:36:33 -0700
To: The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org, lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/Nj9IElxlBsaNMfleFKVESs6-O3Q>
Cc: David Meyer <dmm@1-4-5.net>, Job Snijders <job@ntt.net>
Subject: [lisp] Proposed draft-ietf-lisp-lcaf-18.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 12:37:49 -0000

--Apple-Mail=_FA021435-AEE2-4DC5-8667-760FC260A266
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Folks, I have updated the LCAF draft reflecting comments from 6 people =
post telechat. Enclosed is a diff and txt file. I=E2=80=99ll wait to =
submit until the end of the weekend to make sure I satisfied =
everyone=E2=80=99s concerns and comments.

Thanks,
Dino/Dave/Job


--Apple-Mail=_FA021435-AEE2-4DC5-8667-760FC260A266
Content-Disposition: attachment;
	filename=rfcdiff-lcaf.html
Content-Type: text/html;
	x-unix-mode=0644;
	name="rfcdiff-lcaf.html"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" =
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=3D(0030)https://tools.ietf.org/rfcdiff -->
<html xmlns=3D"http://www.w3.org/1999/xhtml"><head><meta =
http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8">=20
  =20
  <meta http-equiv=3D"Content-Style-Type" content=3D"text/css">=20
  <title>Diff: draft-ietf-lisp-lcaf-17.txt - =
draft-ietf-lisp-lcaf-18.txt</title>=20
  <style type=3D"text/css">=20
    body    { margin: 0.4ex; margin-right: auto; }=20
    tr      { }=20
    td      { white-space: pre; font-family: monospace; vertical-align: =
top; font-size: 0.86em;}=20
    th      { font-size: 0.86em; }=20
    .small  { font-size: 0.6em; font-style: italic; font-family: =
Verdana, Helvetica, sans-serif; }=20
    .left   { background-color: #EEE; }=20
    .right  { background-color: #FFF; }=20
    .diff   { background-color: #CCF; }=20
    .lblock { background-color: #BFB; }=20
    .rblock { background-color: #FF8; }=20
    .insert { background-color: #8FF; }=20
    .delete { background-color: #ACF; }=20
    .void   { background-color: #FFB; }=20
    .cont   { background-color: #EEE; }=20
    .linebr { background-color: #AAA; }=20
    .lineno { color: red; background-color: #FFF; font-size: 0.7em; =
text-align: right; padding: 0 2px; }=20
    .elipsis{ background-color: #AAA; }=20
    .left .cont { background-color: #DDD; }=20
    .right .cont { background-color: #EEE; }=20
    .lblock .cont { background-color: #9D9; }=20
    .rblock .cont { background-color: #DD6; }=20
    .insert .cont { background-color: #0DD; }=20
    .delete .cont { background-color: #8AD; }=20
    .stats, .stats td, .stats th { background-color: #EEE; padding: 2px =
0; }=20
    span.hide { display: none; color: #aaa;}    a:hover span { display: =
inline; }    tr.change { background-color: gray; }=20
    tr.change a { text-decoration: none; color: black }=20
  </style>=20
     <script>
var chunk_index =3D 0;
var old_chunk =3D null;

function format_chunk(index) {
    var prefix =3D "diff";
    var str =3D index.toString();
    for (x=3D0; x<(4-str.length); ++x) {
        prefix+=3D'0';
    }
    return prefix + str;
}

function find_chunk(n){
    return document.querySelector('tr[id$=3D"' + n + '"]');
}

function change_chunk(offset) {
    var index =3D chunk_index + offset;
    var new_str;
    var new_chunk;

    new_str =3D format_chunk(index);
    new_chunk =3D find_chunk(new_str);
    if (!new_chunk) {
        return;
    }
    if (old_chunk) {
        old_chunk.style.outline =3D "";
    }
    old_chunk =3D new_chunk;
    old_chunk.style.outline =3D "1px solid red";
    window.location.hash =3D "#" + new_str;
    window.scrollBy(0,-100);
    chunk_index =3D index;
}

document.onkeydown =3D function(e) {
    switch (e.keyCode) {
    case 78:
        change_chunk(1);
        break;
    case 80:
        change_chunk(-1);
        break;
    }
};
   </script>=20
</head>=20
<body>=20
  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0">=20
  <tbody><tr id=3D"part-1" bgcolor=3D"orange"><th></th><th><a =
href=3D"https://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-lisp-lcaf-17.txt"=
 style=3D"color:#008; text-decoration:none;">&lt;</a>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-ietf-lisp-lcaf-17.txt" =
style=3D"color:#008">draft-ietf-lisp-lcaf-17.txt</a>&nbsp;</th><th> =
</th><th>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-ietf-lisp-lcaf-18.txt" =
style=3D"color:#008">draft-ietf-lisp-lcaf-18.txt</a>&nbsp;<a =
href=3D"https://tools.ietf.org/rfcdiff?url1=3Ddraft-ietf-lisp-lcaf-18.txt"=
 style=3D"color:#008; text-decoration:none;">&gt;</a></th><th></th></tr>=20=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Network Working =
Group                                       D. Farinacci</td><td> =
</td><td class=3D"right">Network Working Group                           =
            D. Farinacci</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Internet-Draft    =
                                           lispers.net</td><td> </td><td =
class=3D"right">Internet-Draft                                           =
    lispers.net</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Intended status: =
Experimental                                   D. Meyer</td><td> =
</td><td class=3D"right">Intended status: Experimental                   =
                D. Meyer</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0001"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">Expires: April =
1<span class=3D"delete">5</span>, 2017                                   =
       Brocade</td><td> </td><td class=3D"rblock">Expires: April 1<span =
class=3D"insert">7</span>, 2017                                          =
Brocade</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
                                           J. Snijders</td><td> </td><td =
class=3D"right">                                                         =
    J. Snijders</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
                                    NTT Communications</td><td> </td><td =
class=3D"right">                                                      =
NTT Communications</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0002"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                        October 1<span =
class=3D"delete">2</span>, 2016</td><td> </td><td class=3D"rblock">      =
                                                  October 1<span =
class=3D"insert">4</span>, 2016</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
LISP Canonical Address Format (LCAF)</td><td> </td><td class=3D"right">  =
                LISP Canonical Address Format (LCAF)</td><td =
class=3D"lineno"></td></tr>
      <tr id=3D"diff0003"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
        draft-ietf-lisp-lcaf-1<span class=3D"delete">7</span></td><td> =
</td><td class=3D"rblock">                        =
draft-ietf-lisp-lcaf-1<span class=3D"insert">8</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Abstract</td><td> =
</td><td class=3D"right">Abstract</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This draft =
defines a canonical address format encoding used in LISP</td><td> =
</td><td class=3D"right">   This draft defines a canonical address =
format encoding used in LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   control =
messages and in the encoding of lookup keys for the LISP</td><td> =
</td><td class=3D"right">   control messages and in the encoding of =
lookup keys for the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Mapping =
Database System.</td><td> </td><td class=3D"right">   Mapping Database =
System.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Requirements =
Language</td><td> </td><td class=3D"right">Requirements Language</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The key words =
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td> </td><td =
class=3D"right">   The key words "MUST", "MUST NOT", "REQUIRED", =
"SHALL", "SHALL NOT",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-2" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> =
page 1, line 41<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> page 1, line 41<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are working documents of the Internet =
Engineering</td><td> </td><td class=3D"right">   Internet-Drafts are =
working documents of the Internet Engineering</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Task Force =
(IETF).  Note that other groups may also distribute</td><td> </td><td =
class=3D"right">   Task Force (IETF).  Note that other groups may also =
distribute</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   working =
documents as Internet-Drafts.  The list of current Internet-</td><td> =
</td><td class=3D"right">   working documents as Internet-Drafts.  The =
list of current Internet-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td> </td><td =
class=3D"right">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are draft documents valid for a maximum of six =
months</td><td> </td><td class=3D"right">   Internet-Drafts are draft =
documents valid for a maximum of six months</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   and may be =
updated, replaced, or obsoleted by other documents at any</td><td> =
</td><td class=3D"right">   and may be updated, replaced, or obsoleted =
by other documents at any</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   time.  It is =
inappropriate to use Internet-Drafts as reference</td><td> </td><td =
class=3D"right">   time.  It is inappropriate to use Internet-Drafts as =
reference</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   material or to =
cite them other than as "work in progress."</td><td> </td><td =
class=3D"right">   material or to cite them other than as "work in =
progress."</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0004"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   This =
Internet-Draft will expire on April 1<span class=3D"delete">5</span>, =
2017.</td><td> </td><td class=3D"rblock">   This Internet-Draft will =
expire on April 1<span class=3D"insert">7</span>, 2017.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Copyright =
Notice</td><td> </td><td class=3D"right">Copyright Notice</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Copyright (c) =
2016 IETF Trust and the persons identified as the</td><td> </td><td =
class=3D"right">   Copyright (c) 2016 IETF Trust and the persons =
identified as the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   document =
authors.  All rights reserved.</td><td> </td><td class=3D"right">   =
document authors.  All rights reserved.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td =
class=3D"right">   This document is subject to BCP 78 and the IETF =
Trust's Legal</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Provisions =
Relating to IETF Documents</td><td> </td><td class=3D"right">   =
Provisions Relating to IETF Documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
(http://trustee.ietf.org/license-info) in effect on the date of</td><td> =
</td><td class=3D"right">   (http://trustee.ietf.org/license-info) in =
effect on the date of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   publication of =
this document.  Please review these documents</td><td> </td><td =
class=3D"right">   publication of this document.  Please review these =
documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-3" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> =
page 2, line 40<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> page 2, line 40<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       4.10.3.  =
ASCII Names in the Mapping Database  . . . . . . . .  24</td><td> =
</td><td class=3D"right">       4.10.3.  ASCII Names in the Mapping =
Database  . . . . . . . .  24</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       4.10.4.  =
Using Recursive LISP Canonical Address Encodings . .  25</td><td> =
</td><td class=3D"right">       4.10.4.  Using Recursive LISP Canonical =
Address Encodings . .  25</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       4.10.5.  =
Compatibility Mode Use Case  . . . . . . . . . . . .  26</td><td> =
</td><td class=3D"right">       4.10.5.  Compatibility Mode Use Case  . =
. . . . . . . . . . .  26</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   5.  =
Experimental LISP Canonical Address Applications  . . . . . .  =
27</td><td> </td><td class=3D"right">   5.  Experimental LISP Canonical =
Address Applications  . . . . . .  27</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.1.  Convey =
Application Specific Data  . . . . . . . . . . . .  27</td><td> </td><td =
class=3D"right">     5.1.  Convey Application Specific Data  . . . . . . =
. . . . . .  27</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.2.  =
Generic Database Mapping Lookups  . . . . . . . . . . . .  29</td><td> =
</td><td class=3D"right">     5.2.  Generic Database Mapping Lookups  . =
. . . . . . . . . . .  29</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.3.  PETR =
Admission Control Functionality  . . . . . . . . . .  30</td><td> =
</td><td class=3D"right">     5.3.  PETR Admission Control Functionality =
 . . . . . . . . . .  30</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.4.  Data =
Model Encoding . . . . . . . . . . . . . . . . . . .  31</td><td> =
</td><td class=3D"right">     5.4.  Data Model Encoding . . . . . . . . =
. . . . . . . . . . .  31</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.5.  =
Encoding Key/Value Address Pairs  . . . . . . . . . . . .  32</td><td> =
</td><td class=3D"right">     5.5.  Encoding Key/Value Address Pairs  . =
. . . . . . . . . . .  32</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.6.  =
Multiple Data-Planes  . . . . . . . . . . . . . . . . . .  33</td><td> =
</td><td class=3D"right">     5.6.  Multiple Data-Planes  . . . . . . . =
. . . . . . . . . . .  33</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0005"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   6.  Security =
Considerations . . . . . . . . . . . . . . . . . . .  3<span =
class=3D"delete">6</span></td><td> </td><td class=3D"rblock">   6.  =
Security Considerations . . . . . . . . . . . . . . . . . . .  3<span =
class=3D"insert">5</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   7.  IANA =
Considerations . . . . . . . . . . . . . . . . . . . . .  36</td><td> =
</td><td class=3D"right">   7.  IANA Considerations . . . . . . . . . . =
. . . . . . . . . . .  36</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0006"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   8.  =
References  . . . . . . . . . . . . . . . . . . . . . . . . .  <span =
class=3D"delete">37</span></td><td> </td><td class=3D"rblock">   8.  =
References  . . . . . . . . . . . . . . . . . . . . . . . . .  <span =
class=3D"insert">36</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     8.1.  =
Normative References  . . . . . . . . . . . . . . . . . .  <span =
class=3D"delete">37</span></td><td> </td><td class=3D"rblock">     8.1.  =
Normative References  . . . . . . . . . . . . . . . . . .  <span =
class=3D"insert">36</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     8.2.  =
Informative References  . . . . . . . . . . . . . . . . .  38</td><td> =
</td><td class=3D"right">     8.2.  Informative References  . . . . . . =
. . . . . . . . . . .  38</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix A.  =
Acknowledgments  . . . . . . . . . . . . . . . . . .  39</td><td> =
</td><td class=3D"right">   Appendix A.  Acknowledgments  . . . . . . . =
. . . . . . . . . . .  39</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix B.  =
Document Change Log  . . . . . . . . . . . . . . . .  40</td><td> =
</td><td class=3D"right">   Appendix B.  Document Change Log  . . . . . =
. . . . . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0007"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.1.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-17.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.1.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-18.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.2.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-16.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.2.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-17.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.3.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-15.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.3.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-16.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.4.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-14.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.4.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-15.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.5.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-13.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.5.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-14.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.6.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-12.txt</span>  . =
. . . . . . . .  <span class=3D"delete">40</span></td><td> </td><td =
class=3D"rblock">     B.6.  Changes to <span =
class=3D"insert">draft-ietf-lisp-lcaf-13.txt</span>  . . . . . . . . .  =
<span class=3D"insert">41</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.7.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-11.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.7.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-12.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.8.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-10.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.8.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-11.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.9.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-09.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.9.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-10.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.10. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-08.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.10. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-09.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.11. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-07.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.11. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-08.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.12. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-06.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.12. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-07.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.13. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-05.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.13. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-06.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.14. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-04.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.14. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-05.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.15. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-03.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.15. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-04.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.16. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-02.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.16. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-03.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.17. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-01.txt</span>  . =
. . . . . . . .  43</td><td> </td><td class=3D"rblock">     B.17. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-02.txt</span>  . =
. . . . . . . .  43</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.18. =
Changes to draft-ietf-lisp-lcaf-00.txt  . . . . . . . . .  43</td><td> =
</td><td class=3D"rblock">     B.18. <span class=3D"insert">Changes to =
draft-ietf-lisp-lcaf-01.txt  . . . . . . . . .  43</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">     B.19.</span> =
Changes to draft-ietf-lisp-lcaf-00.txt  . . . . . . . . .  43</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Authors' =
Addresses  . . . . . . . . . . . . . . . . . . . . . . .  43</td><td> =
</td><td class=3D"right">   Authors' Addresses  . . . . . . . . . . . . =
. . . . . . . . . . .  43</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">1.  =
Introduction</td><td> </td><td class=3D"right">1.  Introduction</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The LISP =
architecture and protocols [RFC6830] introduces two new</td><td> =
</td><td class=3D"right">   The LISP architecture and protocols =
[RFC6830] introduces two new</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   numbering =
spaces, Endpoint Identifiers (EIDs) and Routing Locators</td><td> =
</td><td class=3D"right">   numbering spaces, Endpoint Identifiers =
(EIDs) and Routing Locators</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   (RLOCs).  To =
provide flexibility for current and future applications,</td><td> =
</td><td class=3D"right">   (RLOCs).  To provide flexibility for current =
and future applications,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   these values =
can be encoded in LISP control messages using a general</td><td> =
</td><td class=3D"right">   these values can be encoded in LISP control =
messages using a general</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   syntax that =
includes Address Family Identifier (AFI), length, and</td><td> </td><td =
class=3D"right">   syntax that includes Address Family Identifier (AFI), =
length, and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   value =
fields.</td><td> </td><td class=3D"right">   value fields.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-4" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-4"><em> =
page 4, line 38<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-4"><em> page 4, line 38<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      encoding in =
a packet.  Address families are defined for IPv4 and</td><td> </td><td =
class=3D"right">      encoding in a packet.  Address families are =
defined for IPv4 and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      IPv6.  See =
[AFI] and [RFC3232] for details.  The reserved AFI</td><td> </td><td =
class=3D"right">      IPv6.  See [AFI] and [RFC3232] for details.  The =
reserved AFI</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      value of 0 =
is used in this specification to indicate an</td><td> </td><td =
class=3D"right">      value of 0 is used in this specification to =
indicate an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      unspecified =
encoded address where the length of the address is 0</td><td> </td><td =
class=3D"right">      unspecified encoded address where the length of =
the address is 0</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      bytes =
following the 16-bit AFI value of 0.</td><td> </td><td class=3D"right">  =
    bytes following the 16-bit AFI value of 0.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Unspecified =
Address Format:</td><td> </td><td class=3D"right">   Unspecified Address =
Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0008"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+=
-+-+-+-+</span></td><td> </td><td class=3D"rblock">   <span =
class=3D"insert">+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   |            =
AFI =3D 0            |    <span class=3D"delete">&lt;nothing follows =
AFI=3D0&gt;    |</span></td><td> </td><td class=3D"rblock">   |          =
  AFI =3D 0            |      <span class=3D"insert">&lt;no address =
follows&gt;</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></=
td><td> </td><td class=3D"rblock"><span class=3D"insert">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Endpoint ID =
(EID):   a 32-bit (for IPv4) or 128-bit (for IPv6) value</td><td> =
</td><td class=3D"right">   Endpoint ID (EID):   a 32-bit (for IPv4) or =
128-bit (for IPv6) value</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      used in the =
source and destination address fields of the first</td><td> </td><td =
class=3D"right">      used in the source and destination address fields =
of the first</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      (most =
inner) LISP header of a packet.  The host obtains a</td><td> </td><td =
class=3D"right">      (most inner) LISP header of a packet.  The host =
obtains a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      destination =
EID the same way it obtains a destination address</td><td> </td><td =
class=3D"right">      destination EID the same way it obtains a =
destination address</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      today, for =
example through a DNS lookup or SIP exchange.  The</td><td> </td><td =
class=3D"right">      today, for example through a DNS lookup or SIP =
exchange.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      source EID =
is obtained via existing mechanisms used to set a</td><td> </td><td =
class=3D"right">      source EID is obtained via existing mechanisms =
used to set a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      host's =
"local" IP address.  An EID is allocated to a host from an</td><td> =
</td><td class=3D"right">      host's "local" IP address.  An EID is =
allocated to a host from an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      EID-prefix =
block associated with the site where the host is</td><td> </td><td =
class=3D"right">      EID-prefix block associated with the site where =
the host is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      located.  =
An EID can be used by a host to refer to other hosts.</td><td> </td><td =
class=3D"right">      located.  An EID can be used by a host to refer to =
other hosts.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-5" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-5"><em> =
page 5, line 45<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-5"><em> page 5, line 45<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |    Type      =
 |     Rsvd2     |            Length             |</td><td> </td><td =
class=3D"right">   |    Type       |     Rsvd2     |            Length   =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
               . . .                             |</td><td> </td><td =
class=3D"right">   |                             . . .                   =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0009"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd1:  this</span> 8-bit <span class=3D"delete">field =
is</span> reserved for future use and MUST be</td><td> </td><td =
class=3D"rblock">   <span class=3D"insert">Rsvd1/Rsvd2:  these</span> =
8-bit <span class=3D"insert">fields are</span> reserved for future use =
and MUST</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      =
transmitted as 0 and ignored on receipt.</td><td> </td><td =
class=3D"rblock">      be transmitted as 0 and ignored on =
receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Flags:  this =
8-bit field is for future definition and use.  For now,</td><td> =
</td><td class=3D"right">   Flags:  this 8-bit field is for future =
definition and use.  For now,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      set to zero =
on transmission and ignored on receipt.</td><td> </td><td class=3D"right">=
      set to zero on transmission and ignored on receipt.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Type:  this =
8-bit field is specific to the LISP Canonical Address</td><td> </td><td =
class=3D"right">   Type:  this 8-bit field is specific to the LISP =
Canonical Address</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0010"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      formatted =
encodings<span class=3D"delete">, c</span>urrently allocated values =
are:</td><td> </td><td class=3D"rblock">      formatted encodings<span =
class=3D"insert">.  C</span>urrently allocated values are:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 0:  =
Null Body Type</td><td> </td><td class=3D"right">     Type 0:  Null Body =
Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 1:  AFI =
List Type</td><td> </td><td class=3D"right">     Type 1:  AFI List =
Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 2:  =
Instance ID Type</td><td> </td><td class=3D"right">     Type 2:  =
Instance ID Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 3:  AS =
Number Type</td><td> </td><td class=3D"right">     Type 3:  AS Number =
Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 4:  =
Application Data Type</td><td> </td><td class=3D"right">     Type 4:  =
Application Data Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-6" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-6"><em> =
page 6, line 39<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-6"><em> page 6, line 39<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 12:  =
Source/Dest Key Type</td><td> </td><td class=3D"right">     Type 12:  =
Source/Dest Key Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 13:  =
Replication List Entry Type</td><td> </td><td class=3D"right">     Type =
13:  Replication List Entry Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 14:  =
JSON Data Model Type</td><td> </td><td class=3D"right">     Type 14:  =
JSON Data Model Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 15:  =
Key/Value Address Pair Type</td><td> </td><td class=3D"right">     Type =
15:  Key/Value Address Pair Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 16:  =
Encapsulation Format Type</td><td> </td><td class=3D"right">     Type =
16:  Encapsulation Format Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0011"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd2:  this LCAF Type-dependent 8-bit field is =
reserved for future</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">      use and MUST be transmitted as 0 and ignored on =
receipt.  See</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">      specific LCAF Type for specific bits not =
reserved.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  this =
16-bit field is in units of bytes and covers all of the</td><td> =
</td><td class=3D"right">   Length:  this 16-bit field is in units of =
bytes and covers all of the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      LISP =
Canonical Address payload, starting and including the byte</td><td> =
</td><td class=3D"right">      LISP Canonical Address payload, starting =
and including the byte</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      after the =
Length field.  When including the AFI, an LCAF encoded</td><td> </td><td =
class=3D"right">      after the Length field.  When including the AFI, =
an LCAF encoded</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      address =
will have a minimum length of 8 bytes when the Length</td><td> </td><td =
class=3D"right">      address will have a minimum length of 8 bytes when =
the Length</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0012"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      field is =
0.  The 8 bytes include the AFI, Flags, Type, <span =
class=3D"delete">Reserved,</span></td><td> </td><td class=3D"rblock">    =
  field is 0.  The 8 bytes include the AFI, Flags, Type, <span =
class=3D"insert">Rsvd1,</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      and =
Length fields.  When the AFI is not next to an encoded address</td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      Rsvd2,</span> and =
Length fields.  When the AFI is not next to an encoded</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      in a =
control message, then the encoded address will have a minimum</td><td> =
</td><td class=3D"rblock">      address in a control message, then the =
encoded address will have a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      length of =
6 bytes when the Length field is 0.  The 6 bytes include</td><td> =
</td><td class=3D"rblock">      minimum length of 6 bytes when the =
Length field is 0.  The 6 bytes</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      the =
Flags, Type, <span class=3D"delete">Reserved,</span> and Length =
fields.</td><td> </td><td class=3D"rblock">      include the Flags, =
Type, <span class=3D"insert">Rsvd1, Rsvd2,</span> and Length =
fields.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC6830] =
states RLOC records are sorted when encoded in control</td><td> </td><td =
class=3D"right">   [RFC6830] states RLOC records are sorted when encoded =
in control</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   messages so =
the locator-set has consistent order across all xTRs for</td><td> =
</td><td class=3D"right">   messages so the locator-set has consistent =
order across all xTRs for</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   a given EID.  =
The sort order is based on sort-key {afi, RLOC-</td><td> </td><td =
class=3D"right">   a given EID.  The sort order is based on sort-key =
{afi, RLOC-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   address}. When =
an RLOC is LCAF encoded, the sort-key is {afi, LCAF-</td><td> </td><td =
class=3D"right">   address}. When an RLOC is LCAF encoded, the sort-key =
is {afi, LCAF-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Type}. =
Therefore, when a locator-set has a mix of AFI records and</td><td> =
</td><td class=3D"right">   Type}. Therefore, when a locator-set has a =
mix of AFI records and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LCAF records, =
they are ordered from smallest to largest AFI value.</td><td> </td><td =
class=3D"right">   LCAF records, they are ordered from smallest to =
largest AFI value.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.  LISP =
Canonical Address Applications</td><td> </td><td class=3D"right">4.  =
LISP Canonical Address Applications</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-7" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-7"><em> =
page 8, line 47<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-7"><em> page 8, line 43<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      limiting =
the maximum number of instances per xTR to 2^24.  If an</td><td> =
</td><td class=3D"right">      limiting the maximum number of instances =
per xTR to 2^24.  If an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      xTR is =
configured with multiple instance-IDs where the value in</td><td> =
</td><td class=3D"right">      xTR is configured with multiple =
instance-IDs where the value in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      the =
high-order 8 bits are the same, then the low-order 24 bits</td><td> =
</td><td class=3D"right">      the high-order 8 bits are the same, then =
the low-order 24 bits</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      MUST be =
unique.</td><td> </td><td class=3D"right">      MUST be unique.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].</td><td> </td><td class=3D"right">   =
AFI =3D x:  x can be any AFI value from [AFI].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This LISP =
Canonical Address Type can be used to encode either EID or</td><td> =
</td><td class=3D"right">   This LISP Canonical Address Type can be used =
to encode either EID or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RLOC =
addresses.</td><td> </td><td class=3D"right">   RLOC addresses.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0013"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Usage: When =
used as a lookup key, the EID is regarded as a extended-</td><td> =
</td><td class=3D"rblock">   Usage: When used as a lookup key, the EID =
is regarded as a<span class=3D"insert">n</span> extended-</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   EID in the =
mapping system.  This encoding is used in EID records in</td><td> =
</td><td class=3D"right">   EID in the mapping system.  This encoding is =
used in EID records in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Map-Requests, =
Map-Replies, Map-Registers, and Map-Notify messages.</td><td> </td><td =
class=3D"right">   Map-Requests, Map-Replies, Map-Registers, and =
Map-Notify messages.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When LISP-DDT =
[I-D.ietf-lisp-ddt] is used as the mapping system</td><td> </td><td =
class=3D"right">   When LISP-DDT [I-D.ietf-lisp-ddt] is used as the =
mapping system</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   mechanism, =
extended EIDs are used in Map-Referral messages.</td><td> </td><td =
class=3D"right">   mechanism, extended EIDs are used in Map-Referral =
messages.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.2.  Carrying AS =
Numbers in the Mapping Database</td><td> </td><td class=3D"right">4.2.  =
Carrying AS Numbers in the Mapping Database</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When an AS =
number is stored in the LISP Mapping Database System for</td><td> =
</td><td class=3D"right">   When an AS number is stored in the LISP =
Mapping Database System for</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   either policy =
or documentation reasons, it can be encoded in a LISP</td><td> </td><td =
class=3D"right">   either policy or documentation reasons, it can be =
encoded in a LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Canonical =
Address.</td><td> </td><td class=3D"right">   Canonical Address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-8" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-8"><em> =
page 9, line 29<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-8"><em> page 9, line 29<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
             AS Number                           |</td><td> </td><td =
class=3D"right">   |                           AS Number                 =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |         Address  ...          |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |         Address  =
...          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AS Number:  =
the 32-bit AS number of the autonomous system that has</td><td> </td><td =
class=3D"right">   AS Number:  the 32-bit AS number of the autonomous =
system that has</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0014"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      been =
assigned either the EID or RLOC that follows.</td><td> </td><td =
class=3D"rblock">      been assigned <span class=3D"insert">to =
</span>either the EID or RLOC that follows.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].</td><td> </td><td class=3D"right">   =
AFI =3D x:  x can be any AFI value from [AFI].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The AS Number =
Canonical Address Type can be used to encode either EID</td><td> =
</td><td class=3D"right">   The AS Number Canonical Address Type can be =
used to encode either EID</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   or RLOC =
addresses.  The former is used to describe the LISP-ALT AS</td><td> =
</td><td class=3D"right">   or RLOC addresses.  The former is used to =
describe the LISP-ALT AS</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   number the =
EID-prefix for the site is being carried for.  The latter</td><td> =
</td><td class=3D"right">   number the EID-prefix for the site is being =
carried for.  The latter</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   is used to =
describe the AS that is carrying RLOC based prefixes in</td><td> =
</td><td class=3D"right">   is used to describe the AS that is carrying =
RLOC based prefixes in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   the underlying =
routing system.</td><td> </td><td class=3D"right">   the underlying =
routing system.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID or RLOC records in Map-</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in EID or RLOC =
records in Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-9" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-9"><em> =
page 13, line 15<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-9"><em> page 13, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Private ETR =
RLOC Address:  this is an address known to be a private</td><td> =
</td><td class=3D"right">   Private ETR RLOC Address:  this is an =
address known to be a private</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      address =
inserted in this LCAF by a LISP router that resides on the</td><td> =
</td><td class=3D"right">      address inserted in this LCAF by a LISP =
router that resides on the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      private =
side of a NAT device.</td><td> </td><td class=3D"right">      private =
side of a NAT device.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RTR RLOC =
Address:  this is an encapsulation address used by an ITR or</td><td> =
</td><td class=3D"right">   RTR RLOC Address:  this is an encapsulation =
address used by an ITR or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      PITR which =
resides behind a NAT device.  This address is known to</td><td> </td><td =
class=3D"right">      PITR which resides behind a NAT device.  This =
address is known to</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      have state =
in a NAT device so packets can flow from it to the LISP</td><td> =
</td><td class=3D"right">      have state in a NAT device so packets can =
flow from it to the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      ETR behind =
the NAT.  There can be one or more NAT Reencapsulating</td><td> </td><td =
class=3D"right">      ETR behind the NAT.  There can be one or more NAT =
Reencapsulating</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Tunnel =
Router (RTR) [I-D.ermagan-lisp-nat-traversal] addresses</td><td> =
</td><td class=3D"right">      Tunnel Router (RTR) =
[I-D.ermagan-lisp-nat-traversal] addresses</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      supplied in =
these set of fields.  The number of RTRs encoded is</td><td> </td><td =
class=3D"right">      supplied in these set of fields.  The number of =
RTRs encoded is</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0015"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      =
determined by <span class=3D"delete">the LCAF lengt</span>h field.  When =
there are no RTRs</td><td> </td><td class=3D"rblock">      determined by =
<span class=3D"insert">parsing eac</span>h field.  When there are no =
RTRs</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      supplied, =
the RTR fields can be omitted and reflected by the LCAF</td><td> =
</td><td class=3D"right">      supplied, the RTR fields can be omitted =
and reflected by the LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      length =
field or an AFI of 0 can be used to indicate zero RTRs</td><td> </td><td =
class=3D"right">      length field or an AFI of 0 can be used to =
indicate zero RTRs</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
encoded.</td><td> </td><td class=3D"right">      encoded.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in Info-Request and Info-Reply</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in Info-Request and =
Info-Reply</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   messages.  The =
mapping system does not store this information.  The</td><td> </td><td =
class=3D"right">   messages.  The mapping system does not store this =
information.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   information is =
used by an xTR and Map-Server to convey private and</td><td> </td><td =
class=3D"right">   information is used by an xTR and Map-Server to =
convey private and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   public address =
information when traversing NAT and firewall devices.</td><td> </td><td =
class=3D"right">   public address information when traversing NAT and =
firewall devices.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.5.  Multicast =
Group Membership Information</td><td> </td><td class=3D"right">4.5.  =
Multicast Group Membership Information</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-10" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-10"><em> page 14, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-10"><em> page 14, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RLOC group =
addresses or RLOC unicast addresses.  The intent of this</td><td> =
</td><td class=3D"right">   RLOC group addresses or RLOC unicast =
addresses.  The intent of this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   type of =
unicast replication is to deliver packets to multiple ETRs at</td><td> =
</td><td class=3D"right">   type of unicast replication is to deliver =
packets to multiple ETRs at</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   receiver LISP =
multicast sites.  The locator-set encoding for this EID</td><td> =
</td><td class=3D"right">   receiver LISP multicast sites.  The =
locator-set encoding for this EID</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   record type =
can be a list of ETRs when they each register with "Merge</td><td> =
</td><td class=3D"right">   record type can be a list of ETRs when they =
each register with "Merge</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Semantics".  =
The encoding can be a typical AFI-encoded locator</td><td> </td><td =
class=3D"right">   Semantics".  The encoding can be a typical =
AFI-encoded locator</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   address.  When =
an RTR list is being registered (with multiple levels</td><td> </td><td =
class=3D"right">   address.  When an RTR list is being registered (with =
multiple levels</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   according to =
[I-D.coras-lisp-re]), the Replication List Entry LCAF</td><td> </td><td =
class=3D"right">   according to [I-D.coras-lisp-re]), the Replication =
List Entry LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   type is used =
for locator encoding.</td><td> </td><td class=3D"right">   type is used =
for locator encoding.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This LCAF =
encoding can be used to send broadcast packets to all</td><td> </td><td =
class=3D"right">   This LCAF encoding can be used to send broadcast =
packets to all</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0016"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   members of a =
subnet when an EID is away from it<span class=3D"delete">'</span>s home =
subnet</td><td> </td><td class=3D"rblock">   members of a subnet when an =
EID is away from its home subnet</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
location.</td><td> </td><td class=3D"right">   location.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Multicast Info =
Canonical Address Format:</td><td> </td><td class=3D"right">   Multicast =
Info Canonical Address Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D 9 =
   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 9    |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-11" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-11"><em> page 15, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-11"><em> page 15, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Source =
MaskLen:  the mask length of the source prefix that follows.</td><td> =
</td><td class=3D"right">   Source MaskLen:  the mask length of the =
source prefix that follows.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      The length =
is the number of high-order mask bits set.</td><td> </td><td =
class=3D"right">      The length is the number of high-order mask bits =
set.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Group MaskLen: =
 the mask length of the group prefix that follows.</td><td> </td><td =
class=3D"right">   Group MaskLen:  the mask length of the group prefix =
that follows.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      The length =
is the number of high-order mask bits set.</td><td> </td><td =
class=3D"right">      The length is the number of high-order mask bits =
set.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].  When a specific address</td><td> =
</td><td class=3D"right">   AFI =3D x:  x can be any AFI value from =
[AFI].  When a specific address</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      family has =
a multicast address semantic, this field must be either</td><td> =
</td><td class=3D"right">      family has a multicast address semantic, =
this field must be either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      a group =
address or a broadcast address.</td><td> </td><td class=3D"right">      =
a group address or a broadcast address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0017"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   =
Source/Subnet <span class=3D"delete">Address</span>  is the source =
address or prefix for encoding a</td><td> </td><td class=3D"rblock">   =
Source/Subnet <span class=3D"insert">Address:</span>  is the source =
address or prefix for encoding</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      (S,G) =
multicast entry.</td><td> </td><td class=3D"rblock">      a (S,G) =
multicast entry.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0018"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Group =
Address  is the group address or group prefix for encoding</td><td> =
</td><td class=3D"rblock">   Group Address<span class=3D"insert">:</span> =
 is the group address or group prefix for encoding</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      (S,G) or =
(*,G) multicast entries.</td><td> </td><td class=3D"right">      (S,G) =
or (*,G) multicast entries.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID records in Map-Requests, Map-</td><td> =
</td><td class=3D"right">   Usage: This encoding can be used in EID =
records in Map-Requests, Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Replies, =
Map-Registers, and Map-Notify messages.  When LISP-DDT</td><td> </td><td =
class=3D"right">   Replies, Map-Registers, and Map-Notify messages.  =
When LISP-DDT</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-ddt] is used as the mapping system mechanism, =
extended</td><td> </td><td class=3D"right">   [I-D.ietf-lisp-ddt] is =
used as the mapping system mechanism, extended</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   EIDs are used =
in Map-Referral messages.</td><td> </td><td class=3D"right">   EIDs are =
used in Map-Referral messages.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.6.  Traffic =
Engineering using Re-encapsulating Tunnels</td><td> </td><td =
class=3D"right">4.6.  Traffic Engineering using Re-encapsulating =
Tunnels</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   For a given =
EID lookup into the mapping database, this LCAF can be</td><td> </td><td =
class=3D"right">   For a given EID lookup into the mapping database, =
this LCAF can be</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-12" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-12"><em> page 16, line =
49<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-12"><em> page 16, line =
49<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RLOC-Probe bit =
(P):  this is the RLOC-probe bit which means the</td><td> </td><td =
class=3D"right">   RLOC-Probe bit (P):  this is the RLOC-probe bit which =
means the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Reencap Hop =
allows RLOC-probe messages to be sent to it.  When the</td><td> </td><td =
class=3D"right">      Reencap Hop allows RLOC-probe messages to be sent =
to it.  When the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      R-bit is =
set to 0, RLOC-probes must not be sent.  When a Reencap</td><td> =
</td><td class=3D"right">      R-bit is set to 0, RLOC-probes must not =
be sent.  When a Reencap</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Hop is an =
anycast address then multiple physical Reencap Hops are</td><td> =
</td><td class=3D"right">      Hop is an anycast address then multiple =
physical Reencap Hops are</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      using the =
same RLOC address.  In this case, RLOC-probes are not</td><td> </td><td =
class=3D"right">      using the same RLOC address.  In this case, =
RLOC-probes are not</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      needed =
because when the closest RLOC address is not reachable</td><td> </td><td =
class=3D"right">      needed because when the closest RLOC address is =
not reachable</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      another =
RLOC address can be reachable.</td><td> </td><td class=3D"right">      =
another RLOC address can be reachable.</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Strict bit =
(S):  this is the strict bit which means the associated</td><td> =
</td><td class=3D"right">   Strict bit (S):  this is the strict bit =
which means the associated</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0019"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      Rencap =
Hop is required to be used.  If this bit is 0, the</td><td> </td><td =
class=3D"rblock">      Re<span class=3D"insert">e</span>ncap Hop is =
required to be used.  If this bit is 0, the</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
reencapsulator can skip this Reencap Hop and go to the next one =
in</td><td> </td><td class=3D"right">      reencapsulator can skip this =
Reencap Hop and go to the next one in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      the =
list.</td><td> </td><td class=3D"right">      the list.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].  When a specific AFI has</td><td> =
</td><td class=3D"right">   AFI =3D x:  x can be any AFI value from =
[AFI].  When a specific AFI has</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      its own =
encoding of a multicast address, this field must be either</td><td> =
</td><td class=3D"right">      its own encoding of a multicast address, =
this field must be either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      a group =
address or a broadcast address.</td><td> </td><td class=3D"right">      =
a group address or a broadcast address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in RLOC records in Map-Requests,</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in RLOC records in =
Map-Requests,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Map-Replies, =
Map-Registers, and Map-Notify messages.  This encoding</td><td> </td><td =
class=3D"right">   Map-Replies, Map-Registers, and Map-Notify messages.  =
This encoding</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   does not need =
to be understood by the mapping system for mapping</td><td> </td><td =
class=3D"right">   does not need to be understood by the mapping system =
for mapping</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-13" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-13"><em> page 18, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-13"><em> page 18, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
          ... Key Material                       |</td><td> </td><td =
class=3D"right">   |                        ... Key Material             =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |       Locator Address ...     |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |       Locator =
Address ...     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Count:  =
the Key Count field declares the number of Key sections</td><td> =
</td><td class=3D"right">   Key Count:  the Key Count field declares the =
number of Key sections</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0020"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      included =
in this LCAF.  A key section is made up <span class=3D"delete">the</span> =
"Key Length"</td><td> </td><td class=3D"rblock">      included in this =
LCAF.  A key section is made up <span class=3D"insert">of</span> "Key =
Length"</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and "Key =
Material" fields.</td><td> </td><td class=3D"right">      and "Key =
Material" fields.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Rsvd3:  this =
field is reserved for future use and MUST be transmitted</td><td> =
</td><td class=3D"right">   Rsvd3:  this field is reserved for future =
use and MUST be transmitted</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      as 0 and =
ignored on receipt.</td><td> </td><td class=3D"right">      as 0 and =
ignored on receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Algorithm: =
 the Algorithm field identifies the key's</td><td> </td><td =
class=3D"right">   Key Algorithm:  the Algorithm field identifies the =
key's</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
cryptographic algorithm and specifies the format of the Public =
Key</td><td> </td><td class=3D"right">      cryptographic algorithm and =
specifies the format of the Public Key</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left">      field.  =
Refer to the [I-D.ietf-lisp-ddt] and</td><td> </td><td class=3D"right">  =
    field.  Refer to the [I-D.ietf-lisp-ddt] and</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
[I-D.ietf-lisp-crypto] use cases for definitions of this field.</td><td> =
</td><td class=3D"right">      [I-D.ietf-lisp-crypto] use cases for =
definitions of this field.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-14" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-14"><em> page 18, line =
51<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-14"><em> page 18, line =
51<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   R bit:  this =
is the revoke bit and, if set, it specifies that this</td><td> </td><td =
class=3D"right">   R bit:  this is the revoke bit and, if set, it =
specifies that this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Key is =
being Revoked.</td><td> </td><td class=3D"right">      Key is being =
Revoked.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Length:  =
this field determines the length in bytes of the Key</td><td> </td><td =
class=3D"right">   Key Length:  this field determines the length in =
bytes of the Key</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Material =
field.</td><td> </td><td class=3D"right">      Material field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Material:  =
the Key Material field stores the key material.  The</td><td> </td><td =
class=3D"right">   Key Material:  the Key Material field stores the key =
material.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      format of =
the key material stored depends on the Key Algorithm</td><td> </td><td =
class=3D"right">      format of the key material stored depends on the =
Key Algorithm</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
field.</td><td> </td><td class=3D"right">      field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0021"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   AFI =3D x:  =
x can be any AFI value from [AFI].This is the locator</td><td> </td><td =
class=3D"rblock">   AFI =3D x:  x can be any AFI value from [AFI].<span =
class=3D"insert">  </span>This is the locator</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      address =
that owns the encoded security key.</td><td> </td><td class=3D"right">   =
   address that owns the encoded security key.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID or RLOC records in Map-</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in EID or RLOC =
records in Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Requests, =
Map-Replies, Map-Registers, and Map-Notify messages.  When</td><td> =
</td><td class=3D"right">   Requests, Map-Replies, Map-Registers, and =
Map-Notify messages.  When</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LISP-DDT =
[I-D.ietf-lisp-ddt] is used as the mapping system mechanism,</td><td> =
</td><td class=3D"right">   LISP-DDT [I-D.ietf-lisp-ddt] is used as the =
mapping system mechanism,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   extended EIDs =
are used in Map-Referral messages.</td><td> </td><td class=3D"right">   =
extended EIDs are used in Map-Referral messages.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.8.  =
Source/Destination 2-Tuple Lookups</td><td> </td><td class=3D"right">4.8. =
 Source/Destination 2-Tuple Lookups</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When both a =
source and destination address of a flow need</td><td> </td><td =
class=3D"right">   When both a source and destination address of a flow =
need</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-15" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-15"><em> page 20, line =
18<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-15"><em> page 20, line =
18<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
12   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 12   |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |            =
Reserved           |   Source-ML   |    Dest-ML    |</td><td> </td><td =
class=3D"right">   |            Reserved           |   Source-ML   |    =
Dest-ML    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |         Source-Prefix ...     |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |         =
Source-Prefix ...     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr id=3D"diff0022"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   |            =
  AFI =3D <span class=3D"delete">x</span>          |     =
Destination-Prefix ...    |</td><td> </td><td class=3D"rblock">   |      =
        AFI =3D <span class=3D"insert">y</span>          |     =
Destination-Prefix ...    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Reserved:  =
must be set to zero and ignore on receipt.</td><td> </td><td =
class=3D"right">   Reserved:  must be set to zero and ignore on =
receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Source-ML:  =
the mask length of the source prefix that follows.  The</td><td> =
</td><td class=3D"right">   Source-ML:  the mask length of the source =
prefix that follows.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      length is =
the number of high-order mask bits set.</td><td> </td><td class=3D"right">=
      length is the number of high-order mask bits set.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Dest-ML:  the =
mask length of the destination prefix that follows.</td><td> </td><td =
class=3D"right">   Dest-ML:  the mask length of the destination prefix =
that follows.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      The length =
is the number of high-order mask bits set.</td><td> </td><td =
class=3D"right">      The length is the number of high-order mask bits =
set.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0023"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   AFI =3D x:  =
x can be any AFI value from [AFI].  When a specific <span =
class=3D"delete">AFI</span> has</td><td> </td><td class=3D"rblock">   =
AFI =3D x:  x can be any AFI value from [AFI].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      <span =
class=3D"delete">its own encoding of</span> a multicast <span =
class=3D"delete">address,</span> this field must be either</td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">AFI =3D y:  y can be =
any AFI value from [AFI].</span>  When a specific <span =
class=3D"insert">address</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      family</span> has =
a multicast <span class=3D"insert">address semantic,</span> this field =
must be either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      a group =
address or a broadcast address.</td><td> </td><td class=3D"right">      =
a group address or a broadcast address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID records in Map-Requests, Map-</td><td> =
</td><td class=3D"right">   Usage: This encoding can be used in EID =
records in Map-Requests, Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Replies, =
Map-Registers, and Map-Notify messages.  When LISP-DDT</td><td> </td><td =
class=3D"right">   Replies, Map-Registers, and Map-Notify messages.  =
When LISP-DDT</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-ddt] is used as the mapping system mechanism, =
extended</td><td> </td><td class=3D"right">   [I-D.ietf-lisp-ddt] is =
used as the mapping system mechanism, extended</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   EIDs are used =
in Map-Referral messages.  Refer to</td><td> </td><td class=3D"right">   =
EIDs are used in Map-Referral messages.  Refer to</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.farinacci-lisp-te] for usage details of this LCAF type.</td><td> =
</td><td class=3D"right">   [I-D.farinacci-lisp-te] for usage details of =
this LCAF type.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.9.  Replication =
List Entries for Multicast Forwarding</td><td> </td><td =
class=3D"right">4.9.  Replication List Entries for Multicast =
Forwarding</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-16" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-16"><em> page 21, line =
36<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-16"><em> page 21, line =
36<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |           RTR/ETR #1 ...      |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |           RTR/ETR =
#1 ...      |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
Rsvd3            |     Rsvd4     |  Level Value  |</td><td> </td><td =
class=3D"right">   |              Rsvd3            |     Rsvd4     |  =
Level Value  |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |           RTR/ETR  #n ...     |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |           RTR/ETR =
 #n ...     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0024"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Rsvd<span =
class=3D"delete">{1,2,3,4}</span>:  must be set to zero and ignore on =
receipt.</td><td> </td><td class=3D"rblock">   Rsvd<span =
class=3D"insert">3/Rsvd4</span>:  must be set to zero and ignore on =
receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Level Value:  =
this value is associated with the level within the</td><td> </td><td =
class=3D"right">   Level Value:  this value is associated with the level =
within the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      overlay =
distribution tree hierarchy where the RTR resides.  The</td><td> =
</td><td class=3D"right">      overlay distribution tree hierarchy where =
the RTR resides.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      level =
numbers are ordered from lowest value being close to the ITR</td><td> =
</td><td class=3D"right">      level numbers are ordered from lowest =
value being close to the ITR</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      (meaning =
that ITRs replicate to level-0 RTRs) and higher levels</td><td> </td><td =
class=3D"right">      (meaning that ITRs replicate to level-0 RTRs) and =
higher levels</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      are further =
downstream on the distribution tree closer to ETRs of</td><td> </td><td =
class=3D"right">      are further downstream on the distribution tree =
closer to ETRs of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      multicast =
receiver sites.</td><td> </td><td class=3D"right">      multicast =
receiver sites.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].  A specific AFI has its</td><td> =
</td><td class=3D"right">   AFI =3D x:  x can be any AFI value from =
[AFI].  A specific AFI has its</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      own =
encoding of either a unicast or multicast locator address.</td><td> =
</td><td class=3D"right">      own encoding of either a unicast or =
multicast locator address.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-17" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-17"><em> page 23, line =
33<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-17"><em> page 23, line =
33<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This address =
format can be used to connect layer-2 domains together</td><td> </td><td =
class=3D"right">   This address format can be used to connect layer-2 =
domains together</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   using LISP =
over an IPv4 or IPv6 core network to create a layer-2 VPN.</td><td> =
</td><td class=3D"right">   using LISP over an IPv4 or IPv6 core network =
to create a layer-2 VPN.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   In this use =
case, a MAC address is being used as an EID, and the</td><td> </td><td =
class=3D"right">   In this use case, a MAC address is being used as an =
EID, and the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   locator-set =
that this EID maps to can be an IPv4 or IPv6 RLOCs, or</td><td> </td><td =
class=3D"right">   locator-set that this EID maps to can be an IPv4 or =
IPv6 RLOCs, or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   even another =
MAC address being used as an RLOC.  See</td><td> </td><td class=3D"right">=
   even another MAC address being used as an RLOC.  See</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.portoles-lisp-eid-mobility] for how layer-2 VPNs operate =
when</td><td> </td><td class=3D"right">   =
[I-D.portoles-lisp-eid-mobility] for how layer-2 VPNs operate =
when</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0025"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   doing EID =
mobility.</td><td> </td><td class=3D"rblock">   doing EID mobility.  =
<span class=3D"insert">Refer to the Security Considerations section =
for</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   privacy =
protection.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.10.3.  ASCII =
Names in the Mapping Database</td><td> </td><td class=3D"right">4.10.3.  =
ASCII Names in the Mapping Database</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   If DNS names =
or URIs are stored in the LISP Mapping Database System,</td><td> =
</td><td class=3D"right">   If DNS names or URIs are stored in the LISP =
Mapping Database System,</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0026"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   the AFI List =
Type can be used to carry an ASCII <span class=3D"delete">string where =
it is</span></td><td> </td><td class=3D"rblock">   the AFI List Type can =
be used to carry an ASCII <span class=3D"insert">string.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">   delimited by length 'n' of the LCAF Length =
encoding.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   ASCII LISP =
Canonical Address Format:</td><td> </td><td class=3D"right">   ASCII =
LISP Canonical Address Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D 1 =
   |     Rsvd2     |            Length             |</td><td> </td><td =
class=3D"right">   |   Type =3D 1    |     Rsvd2     |            Length =
            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-18" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-18"><em> page 26, line =
47<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-18"><em> page 26, line =
47<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length2:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length2:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length2 =
field.</td><td> </td><td class=3D"right">      Length2 field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   If a system =
does not recognized the Geo Coordinate LCAF Type that is</td><td> =
</td><td class=3D"right">   If a system does not recognized the Geo =
Coordinate LCAF Type that is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   accompanying a =
locator address, an encoder can include the Geo</td><td> </td><td =
class=3D"right">   accompanying a locator address, an encoder can =
include the Geo</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Coordinate =
LCAF Type embedded in a AFI List LCAF Type where the AFI</td><td> =
</td><td class=3D"right">   Coordinate LCAF Type embedded in a AFI List =
LCAF Type where the AFI</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0027"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   in the Geo =
Coordinate LCAF is set to 0 and the AFI<span =
class=3D"delete">-</span>encoded next in</td><td> </td><td =
class=3D"rblock">   in the Geo Coordinate LCAF is set to 0 and the =
AFI<span class=3D"insert"> </span>encoded next in</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   the list is =
encoded with a valid AFI value to identify the locator</td><td> </td><td =
class=3D"right">   the list is encoded with a valid AFI value to =
identify the locator</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
address.</td><td> </td><td class=3D"right">   address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   A LISP system =
is required to support the AFI List LCAF Type to use</td><td> </td><td =
class=3D"right">   A LISP system is required to support the AFI List =
LCAF Type to use</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   this =
procedure.  It would skip over 10 bytes of the Geo Coordinate</td><td> =
</td><td class=3D"right">   this procedure.  It would skip over 10 bytes =
of the Geo Coordinate</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LCAF Type to =
get to the locator address encoding (an IPv4 locator</td><td> </td><td =
class=3D"right">   LCAF Type to get to the locator address encoding (an =
IPv4 locator</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   address).  A =
LISP system that does support the Geo Coordinate LCAF</td><td> </td><td =
class=3D"right">   address).  A LISP system that does support the Geo =
Coordinate LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Type can =
support parsing the locator address within the Geo</td><td> </td><td =
class=3D"right">   Type can support parsing the locator address within =
the Geo</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Coordinate =
LCAF encoding or in the locator encoding that follows in</td><td> =
</td><td class=3D"right">   Coordinate LCAF encoding or in the locator =
encoding that follows in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   the AFI List =
LCAF.</td><td> </td><td class=3D"right">   the AFI List LCAF.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-19" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-19"><em> page 29, line =
28<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-19"><em> page 29, line =
28<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D 6 =
   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 6    |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   | Key Field =
Num |      Key Wildcard Fields      |   Key . . .   |</td><td> </td><td =
class=3D"right">   | Key Field Num |      Key Wildcard Fields      |   =
Key . . .   |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
         . . . Key                               |</td><td> </td><td =
class=3D"right">   |                       . . . Key                     =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0028"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Key Field =
Num:  the value of this field is the <span class=3D"delete">the</span> =
number of "Key"</td><td> </td><td class=3D"rblock">   Key Field Num:  =
the value of this field is the number of "Key" <span =
class=3D"insert">sub-</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      <span =
class=3D"delete">sub-fields</span> minus 1, the "Key" field can be =
broken up into.  So if</td><td> </td><td class=3D"rblock"><span =
class=3D"insert">      fields</span> minus 1, the "Key" field can be =
broken up into.  So if this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      this =
field has a value of 0, there is 1 sub-field in the "Key".</td><td> =
</td><td class=3D"rblock">      field has a value of 0, there is 1 =
sub-field in the "Key".  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      The width =
of the sub-fields are fixed length.  So for a key size</td><td> </td><td =
class=3D"rblock">      width of the sub-fields are fixed length.  So for =
a key size of 8</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      of 8 =
bytes, with a Key Field Num of 3, allows 4 sub-fields of 2</td><td> =
</td><td class=3D"rblock">      bytes, with a Key Field Num of 3, allows =
4 sub-fields of 2 bytes</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      bytes =
each in length.  Allowing for a reasonable number of 16 <span =
class=3D"delete">sub-</span></td><td> </td><td class=3D"rblock">      =
each in length.  Allowing for a reasonable number of 16 <span =
class=3D"insert">sub-field</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">      field</span> separators, valid values range from =
0 to 15.</td><td> </td><td class=3D"rblock">      separators, valid =
values range from 0 to 15.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Wildcard =
Fields:  describes which fields in the key are not used</td><td> =
</td><td class=3D"right">   Key Wildcard Fields:  describes which fields =
in the key are not used</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      as part of =
the key lookup.  This wildcard encoding is a bitfield.</td><td> </td><td =
class=3D"right">      as part of the key lookup.  This wildcard encoding =
is a bitfield.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Each bit is =
a don't-care bit for a corresponding field in the key.</td><td> </td><td =
class=3D"right">      Each bit is a don't-care bit for a corresponding =
field in the key.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Bit 0 (the =
low-order bit) in this bitfield corresponds the first</td><td> </td><td =
class=3D"right">      Bit 0 (the low-order bit) in this bitfield =
corresponds the first</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      field, the =
low-order field in the key, bit 1 the second field, and</td><td> =
</td><td class=3D"right">      field, the low-order field in the key, =
bit 1 the second field, and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      so on.  =
When a bit is set in the bitfield it is a don't-care bit</td><td> =
</td><td class=3D"right">      so on.  When a bit is set in the bitfield =
it is a don't-care bit</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and should =
not be considered as part of the database lookup.  When</td><td> =
</td><td class=3D"right">      and should not be considered as part of =
the database lookup.  When</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      the entire =
16-bits is set to 0, then all bits of the key are used</td><td> </td><td =
class=3D"right">      the entire 16-bits is set to 0, then all bits of =
the key are used</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      for the =
database lookup.</td><td> </td><td class=3D"right">      for the =
database lookup.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-20" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-20"><em> page 31, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-20"><em> page 31, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
14   |    Rsvd2    |B|            Length             |</td><td> </td><td =
class=3D"right">   |   Type =3D 14   |    Rsvd2    |B|            Length =
            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
JSON length         | JSON binary/text encoding ... |</td><td> </td><td =
class=3D"right">   |           JSON length         | JSON binary/text =
encoding ... |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |       Optional Address ...    |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |       Optional =
Address ...    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0029"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd{1,2}:  must be set to zero and ignore on =
receipt.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   B bit:  =
indicates that the JSON field is binary encoded according to</td><td> =
</td><td class=3D"right">   B bit:  indicates that the JSON field is =
binary encoded according to</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
[JSON-BINARY] when the bit is set to 1.  Otherwise the encoding =
is</td><td> </td><td class=3D"right">      [JSON-BINARY] when the bit is =
set to 1.  Otherwise the encoding is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      based on =
text encoding according to [RFC7159].</td><td> </td><td class=3D"right"> =
     based on text encoding according to [RFC7159].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   JSON length:  =
length in octets of the following 'JSON binary/text</td><td> </td><td =
class=3D"right">   JSON length:  length in octets of the following 'JSON =
binary/text</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      encoding' =
field.</td><td> </td><td class=3D"right">      encoding' field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   JSON =
binary/text encoding field:  a variable length field that</td><td> =
</td><td class=3D"right">   JSON binary/text encoding field:  a variable =
length field that</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      contains =
either binary or text encodings.</td><td> </td><td class=3D"right">      =
contains either binary or text encodings.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-21" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-21"><em> page 32, line =
11<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-21"><em> page 32, line =
11<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This is =
an experimental type where the usage has not been</td><td> </td><td =
class=3D"right">   Usage: This is an experimental type where the usage =
has not been</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   defined =
yet.</td><td> </td><td class=3D"right">   defined yet.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">5.5.  Encoding =
Key/Value Address Pairs</td><td> </td><td class=3D"right">5.5.  Encoding =
Key/Value Address Pairs</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The Key/Value =
pair is, for example, useful for attaching attributes</td><td> </td><td =
class=3D"right">   The Key/Value pair is, for example, useful for =
attaching attributes</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   to other =
elements of LISP packets, such as EIDs or RLOCs.  When</td><td> </td><td =
class=3D"right">   to other elements of LISP packets, such as EIDs or =
RLOCs.  When</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   attaching =
attributes to EIDs or RLOCs, it's necessary to distinguish</td><td> =
</td><td class=3D"right">   attaching attributes to EIDs or RLOCs, it's =
necessary to distinguish</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   between the =
element that should be used as EID or RLOC, and hence as</td><td> =
</td><td class=3D"right">   between the element that should be used as =
EID or RLOC, and hence as</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0030"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   key for =
lookups, and additional attributes.  This is especially the</td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">the</span> key for =
lookups, and additional attributes.  This is especially</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   case when =
the difference cannot be determined from the types of the</td><td> =
</td><td class=3D"rblock">   the case when the difference cannot be =
determined from the types of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   elements, =
such as when two IP addresses are being used.</td><td> </td><td =
class=3D"rblock">   the elements, such as when two IP addresses are =
being used.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key/Value Pair =
Address Format:</td><td> </td><td class=3D"right">   Key/Value Pair =
Address Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
15   |     Rsvd2     |            Length             |</td><td> </td><td =
class=3D"right">   |   Type =3D 15   |     Rsvd2     |            Length =
            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |       Address as Key ...      |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |       Address as =
Key ...      |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D y          |       Address as Value ...    |</td><td> </td><td =
class=3D"right">   |              AFI =3D y          |       Address as =
Value ...    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0031"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd{1,2}:  must be set to zero and ignore on =
receipt.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
is the "Address as Key" AFI that can have any value from</td><td> =
</td><td class=3D"right">   AFI =3D x:  x is the "Address as Key" AFI =
that can have any value from</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      [AFI].  A =
specific AFI has its own encoding of either a unicast or</td><td> =
</td><td class=3D"right">      [AFI].  A specific AFI has its own =
encoding of either a unicast or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      multicast =
locator address.  All RTR/ETR entries for the same level</td><td> =
</td><td class=3D"right">      multicast locator address.  All RTR/ETR =
entries for the same level</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      should be =
combined together by a Map-Server to avoid searching</td><td> </td><td =
class=3D"right">      should be combined together by a Map-Server to =
avoid searching</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      through the =
entire multi-level list of locator entries in a Map-</td><td> </td><td =
class=3D"right">      through the entire multi-level list of locator =
entries in a Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Reply =
message.</td><td> </td><td class=3D"right">      Reply message.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Address as =
Key:  this AFI-encoded address will be attached with the</td><td> =
</td><td class=3D"right">   Address as Key:  this AFI-encoded address =
will be attached with the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      attributes =
encoded in "Address as Value" which follows this field.</td><td> =
</td><td class=3D"right">      attributes encoded in "Address as Value" =
which follows this field.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-22" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-22"><em> page 34, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-22"><em> page 34, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
16   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 16   |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |        =
Reserved-for-Future-Encapsulations       |U|G|N|v|V|l|L|</td><td> =
</td><td class=3D"right">   |        Reserved-for-Future-Encapsulations  =
     |U|G|N|v|V|l|L|</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |          Address ...          |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |          Address =
...          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0032"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd1/Rsvd2:  must be set to zero and ignored on =
receipt.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Reserved-for-Future-Encapsulations:  must be set to zero and =
ignored</td><td> </td><td class=3D"right">   =
Reserved-for-Future-Encapsulations:  must be set to zero and =
ignored</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      on receipt. =
 This field will get bits allocated to future</td><td> </td><td =
class=3D"right">      on receipt.  This field will get bits allocated to =
future</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
encapsulations, as they are created.</td><td> </td><td class=3D"right">  =
    encapsulations, as they are created.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   L: The RLOCs =
listed in the AFI-encoded addresses in the next longword</td><td> =
</td><td class=3D"right">   L: The RLOCs listed in the AFI-encoded =
addresses in the next longword</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      can accept =
layer 3 LISP encapsulation using destination UDP port</td><td> </td><td =
class=3D"right">      can accept layer 3 LISP encapsulation using =
destination UDP port</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      4341 =
[RFC6830].</td><td> </td><td class=3D"right">      4341 =
[RFC6830].</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-23" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-23"><em> page 36, line =
14<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-23"><em> page 36, line =
8<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">6.  Security =
Considerations</td><td> </td><td class=3D"right">6.  Security =
Considerations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   There are no =
security considerations for this specification.  The</td><td> </td><td =
class=3D"right">   There are no security considerations for this =
specification.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   security =
considerations are documented for the protocols that use</td><td> =
</td><td class=3D"right">   security considerations are documented for =
the protocols that use</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LISP Canonical =
Addressing.</td><td> </td><td class=3D"right">   LISP Canonical =
Addressing.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The use of the =
Geo-Coordinates LCAF Type may raise physical privacy</td><td> </td><td =
class=3D"right">   The use of the Geo-Coordinates LCAF Type may raise =
physical privacy</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   issues.  Care =
should be taken when configuring the mapping system to</td><td> </td><td =
class=3D"right">   issues.  Care should be taken when configuring the =
mapping system to</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   use specific =
policy parameters so geo-location information is not</td><td> </td><td =
class=3D"right">   use specific policy parameters so geo-location =
information is not</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0033"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   returned =
gratuitously.</td><td> </td><td class=3D"rblock">   returned =
gratuitously.  <span class=3D"insert">It is recommended to examine =
[RFC6280] and</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   [BCP160] =
architectures for location-based privacy protection.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">7.  IANA =
Considerations</td><td> </td><td class=3D"right">7.  IANA =
Considerations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
defines a canonical address format encoding used in</td><td> </td><td =
class=3D"right">   This document defines a canonical address format =
encoding used in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LISP control =
messages and in the encoding of lookup keys for the LISP</td><td> =
</td><td class=3D"right">   LISP control messages and in the encoding of =
lookup keys for the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Mapping =
Database System.  Such address format is based on a fixed AFI</td><td> =
</td><td class=3D"right">   Mapping Database System.  Such address =
format is based on a fixed AFI</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   (16387) and a =
LISP LCAF Type field.</td><td> </td><td class=3D"right">   (16387) and a =
LISP LCAF Type field.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The LISP LCAF =
Type field is an 8-bit field specific to the LISP</td><td> </td><td =
class=3D"right">   The LISP LCAF Type field is an 8-bit field specific =
to the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Canonical =
Address formatted encodings, for which IANA is to create</td><td> =
</td><td class=3D"right">   Canonical Address formatted encodings, for =
which IANA is to create</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-24" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-24"><em> page 37, line =
9<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-24"><em> page 36, line =
48<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">           | 12   =
 | Source/Dest Key Type         | Section 3  |</td><td> </td><td =
class=3D"right">           | 12    | Source/Dest Key Type         | =
Section 3  |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">           | 13   =
 | Replication List Entry Type  | Section 3  |</td><td> </td><td =
class=3D"right">           | 13    | Replication List Entry Type  | =
Section 3  |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">           =
+-------+------------------------------+------------+</td><td> </td><td =
class=3D"right">           =
+-------+------------------------------+------------+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
Table 1: LISP LCAF Type Initial Values</td><td> </td><td class=3D"right"> =
                 Table 1: LISP LCAF Type Initial Values</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">8.  =
References</td><td> </td><td class=3D"right">8.  References</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">8.1.  Normative =
References</td><td> </td><td class=3D"right">8.1.  Normative =
References</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0034"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">[BCP160]   "An =
Architecture for Location and Location Privacy in</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              Internet =
Applications", Best Current Practices</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
https://www.rfc-editor.org/bcp/bcp160.txt, July 2011.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC1918]  =
Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,</td><td> =
</td><td class=3D"right">   [RFC1918]  Rekhter, Y., Moskowitz, B., =
Karrenberg, D., de Groot, G.,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              and =
E. Lear, "Address Allocation for Private Internets",</td><td> </td><td =
class=3D"right">              and E. Lear, "Address Allocation for =
Private Internets",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              BCP =
5, RFC 1918, DOI 10.17487/RFC1918, February 1996,</td><td> </td><td =
class=3D"right">              BCP 5, RFC 1918, DOI 10.17487/RFC1918, =
February 1996,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc1918&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc1918&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC2119]  =
Bradner, S., "Key words for use in RFCs to Indicate</td><td> </td><td =
class=3D"right">   [RFC2119]  Bradner, S., "Key words for use in RFCs to =
Indicate</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Requirement Levels", BCP 14, RFC 2119,</td><td> </td><td class=3D"right"> =
             Requirement Levels", BCP 14, RFC 2119,</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC2119, March 1997,</td><td> </td><td class=3D"right">         =
     DOI 10.17487/RFC2119, March 1997,</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc2119&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc2119&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC3232]  =
Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced</td><td> =
</td><td class=3D"right">   [RFC3232]  Reynolds, J., Ed., "Assigned =
Numbers: RFC 1700 is Replaced</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              by =
an On-line Database", RFC 3232, DOI 10.17487/RFC3232,</td><td> </td><td =
class=3D"right">              by an On-line Database", RFC 3232, DOI =
10.17487/RFC3232,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
January 2002, &lt;http://www.rfc-editor.org/info/rfc3232&gt;.</td><td> =
</td><td class=3D"right">              January 2002, =
&lt;http://www.rfc-editor.org/info/rfc3232&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC5226]  =
Narten, T. and H. Alvestrand, "Guidelines for Writing an</td><td> =
</td><td class=3D"right">   [RFC5226]  Narten, T. and H. Alvestrand, =
"Guidelines for Writing an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
IANA Considerations Section in RFCs", BCP 26, RFC 5226,</td><td> =
</td><td class=3D"right">              IANA Considerations Section in =
RFCs", BCP 26, RFC 5226,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC5226, May 2008,</td><td> </td><td class=3D"right">           =
   DOI 10.17487/RFC5226, May 2008,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc5226&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc5226&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0035"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">[RFC6280]  Barnes, =
R., Lepinski, M., Cooper, A., Morris, J.,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
Tschofenig, H., and H. Schulzrinne, "An Architecture for</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              Location =
and Location Privacy in Internet Applications",</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              BCP 160, =
RFC 6280, DOI 10.17487/RFC6280, July 2011,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
&lt;http://www.rfc-editor.org/info/rfc6280&gt;.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC6830]  =
Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The</td><td> =
</td><td class=3D"right">   [RFC6830]  Farinacci, D., Fuller, V., Meyer, =
D., and D. Lewis, "The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Locator/ID Separation Protocol (LISP)", RFC 6830,</td><td> </td><td =
class=3D"right">              Locator/ID Separation Protocol (LISP)", =
RFC 6830,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC6830, January 2013,</td><td> </td><td class=3D"right">       =
       DOI 10.17487/RFC6830, January 2013,</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc6830&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc6830&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC6836]  =
Fuller, V., Farinacci, D., Meyer, D., and D. Lewis,</td><td> </td><td =
class=3D"right">   [RFC6836]  Fuller, V., Farinacci, D., Meyer, D., and =
D. Lewis,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
"Locator/ID Separation Protocol Alternative Logical</td><td> </td><td =
class=3D"right">              "Locator/ID Separation Protocol =
Alternative Logical</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836,</td><td> </td><td =
class=3D"right">              Topology (LISP+ALT)", RFC 6836, DOI =
10.17487/RFC6836,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
January 2013, &lt;http://www.rfc-editor.org/info/rfc6836&gt;.</td><td> =
</td><td class=3D"right">              January 2013, =
&lt;http://www.rfc-editor.org/info/rfc6836&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-25" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-25"><em> page 38, line =
8<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-25"><em> page 38, line =
13<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc7348&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc7348&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC7637]  =
Garg, P., Ed. and Y. Wang, Ed., "NVGRE: Network</td><td> </td><td =
class=3D"right">   [RFC7637]  Garg, P., Ed. and Y. Wang, Ed., "NVGRE: =
Network</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Virtualization Using Generic Routing Encapsulation",</td><td> </td><td =
class=3D"right">              Virtualization Using Generic Routing =
Encapsulation",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              RFC =
7637, DOI 10.17487/RFC7637, September 2015,</td><td> </td><td =
class=3D"right">              RFC 7637, DOI 10.17487/RFC7637, September =
2015,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc7637&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc7637&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">8.2.  Informative =
References</td><td> </td><td class=3D"right">8.2.  Informative =
References</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [AFI]      =
IANA, , "Address Family Identifier (AFIs)", ADDRESS FAMILY</td><td> =
</td><td class=3D"right">   [AFI]      IANA, , "Address Family =
Identifier (AFIs)", ADDRESS FAMILY</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0036"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">              =
NUMBERS <span class=3D"delete">http://www.iana.org/numbers.html,</span> =
Febuary 2007.</td><td> </td><td class=3D"rblock">              NUMBERS =
<span =
class=3D"insert">http://www.iana.org/assignments/address-family-</span></t=
d><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
numbers/address-family-numbers.xhtml?,</span> Febuary 2007.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.coras-lisp-re]</td><td> </td><td class=3D"right">   =
[I-D.coras-lisp-re]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Coras, F., Cabellos-Aparicio, A., Domingo-Pascual, J.,</td><td> </td><td =
class=3D"right">              Coras, F., Cabellos-Aparicio, A., =
Domingo-Pascual, J.,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Maino, F., and D. Farinacci, "LISP Replication</td><td> </td><td =
class=3D"right">              Maino, F., and D. Farinacci, "LISP =
Replication</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Engineering", draft-coras-lisp-re-08 (work in progress),</td><td> =
</td><td class=3D"right">              Engineering", =
draft-coras-lisp-re-08 (work in progress),</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
November 2015.</td><td> </td><td class=3D"right">              November =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ermagan-lisp-nat-traversal]</td><td> </td><td class=3D"right">   =
[I-D.ermagan-lisp-nat-traversal]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Ermagan, V., Farinacci, D., Lewis, D., Skriver, J., Maino,</td><td> =
</td><td class=3D"right">              Ermagan, V., Farinacci, D., =
Lewis, D., Skriver, J., Maino,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              F., =
and C. White, "NAT traversal for LISP", draft-ermagan-</td><td> </td><td =
class=3D"right">              F., and C. White, "NAT traversal for =
LISP", draft-ermagan-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-26" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-26"><em> page 38, line =
39<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-26"><em> page 38, line =
45<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Generic Network Virtualization Encapsulation", draft-</td><td> </td><td =
class=3D"right">              Generic Network Virtualization =
Encapsulation", draft-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
gross-geneve-02 (work in progress), October 2014.</td><td> </td><td =
class=3D"right">              gross-geneve-02 (work in progress), =
October 2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.herbert-gue]</td><td> </td><td class=3D"right">   =
[I-D.herbert-gue]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Herbert, T., Yong, L., and O. Zia, "Generic UDP</td><td> </td><td =
class=3D"right">              Herbert, T., Yong, L., and O. Zia, =
"Generic UDP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Encapsulation", draft-herbert-gue-03 (work in progress),</td><td> =
</td><td class=3D"right">              Encapsulation", =
draft-herbert-gue-03 (work in progress),</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
March 2015.</td><td> </td><td class=3D"right">              March =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-crypto]</td><td> </td><td class=3D"right">   =
[I-D.ietf-lisp-crypto]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Farinacci, D. and B. Weis, "LISP Data-Plane</td><td> </td><td =
class=3D"right">              Farinacci, D. and B. Weis, "LISP =
Data-Plane</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0037"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">              =
Confidentiality", <span class=3D"delete">draft-ietf-lisp-crypto-08</span> =
(work in</td><td> </td><td class=3D"rblock">              =
Confidentiality", <span class=3D"insert">draft-ietf-lisp-crypto-09</span> =
(work in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">              =
progress), <span class=3D"delete">September</span> 2016.</td><td> =
</td><td class=3D"rblock">              progress), <span =
class=3D"insert">October</span> 2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-ddt]</td><td> </td><td class=3D"right">   =
[I-D.ietf-lisp-ddt]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Fuller, V., Lewis, D., Ermagan, V., Jain, A., and A.</td><td> </td><td =
class=3D"right">              Fuller, V., Lewis, D., Ermagan, V., Jain, =
A., and A.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Smirnov, "LISP Delegated Database Tree", draft-ietf-lisp-</td><td> =
</td><td class=3D"right">              Smirnov, "LISP Delegated Database =
Tree", draft-ietf-lisp-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
ddt-08 (work in progress), September 2016.</td><td> </td><td =
class=3D"right">              ddt-08 (work in progress), September =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.portoles-lisp-eid-mobility]</td><td> </td><td class=3D"right">   =
[I-D.portoles-lisp-eid-mobility]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Portoles-Comeras, M., Ashtaputre, V., Moreno, V., Maino,</td><td> =
</td><td class=3D"right">              Portoles-Comeras, M., Ashtaputre, =
V., Moreno, V., Maino,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              F., =
and D. Farinacci, "LISP L2/L3 EID Mobility Using a</td><td> </td><td =
class=3D"right">              F., and D. Farinacci, "LISP L2/L3 EID =
Mobility Using a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Unified Control Plane", draft-portoles-lisp-eid-</td><td> </td><td =
class=3D"right">              Unified Control Plane", =
draft-portoles-lisp-eid-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-27" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-27"><em> page 40, line =
9<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-27"><em> page 40, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Thanks goes to =
Michiel Blokzijl and Alberto Rodriguez-Natal for</td><td> </td><td =
class=3D"right">   Thanks goes to Michiel Blokzijl and Alberto =
Rodriguez-Natal for</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   suggesting new =
LCAF types.</td><td> </td><td class=3D"right">   suggesting new LCAF =
types.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Thanks also =
goes to Terry Manderson for assistance obtaining a LISP</td><td> =
</td><td class=3D"right">   Thanks also goes to Terry Manderson for =
assistance obtaining a LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI value from =
IANA.</td><td> </td><td class=3D"right">   AFI value from IANA.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Appendix B.  =
Document Change Log</td><td> </td><td class=3D"right">Appendix B.  =
Document Change Log</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC Editor: =
Please delete this section on publication as RFC.]</td><td> </td><td =
class=3D"right">   [RFC Editor: Please delete this section on =
publication as RFC.]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0038"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1.  Changes =
to draft-ietf-lisp-lcaf-17.txt</td><td> </td><td class=3D"rblock">B.1.  =
Changes to <span =
class=3D"insert">draft-ietf-lisp-lcaf-18.txt</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Submitted October =
2016 after October 13th telechat.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Addressed =
comments from Ben Campbell, Jari Arrko, Stephen Farrel,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      Peter Yee, Dale =
Worley, Mirja Kuehlewind, and Suresh Krishnan.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">B.2.  Changes to</span> =
draft-ietf-lisp-lcaf-17.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
October 2016.</td><td> </td><td class=3D"right">   o  Submitted October =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Gen-ART reviewer Peter Yee.</td><td> </td><td =
class=3D"right">   o  Addressed comments from Gen-ART reviewer Peter =
Yee.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
IESG last-call comments from Suresh Krishnan.</td><td> </td><td =
class=3D"right">   o  Addressed IESG last-call comments from Suresh =
Krishnan.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0039"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">2</span>.  Changes to =
draft-ietf-lisp-lcaf-16.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">3</span>.  Changes to =
draft-ietf-lisp-lcaf-16.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
October 2016.</td><td> </td><td class=3D"right">   o  Submitted October =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Security Directorate reviewer David</td><td> </td><td =
class=3D"right">   o  Addressed comments from Security Directorate =
reviewer David</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
Mandelberg.</td><td> </td><td class=3D"right">      Mandelberg.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0040"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">3</span>.  Changes to =
draft-ietf-lisp-lcaf-15.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">4</span>.  Changes to =
draft-ietf-lisp-lcaf-15.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
September 2016.</td><td> </td><td class=3D"right">   o  Submitted =
September 2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Routing Directorate reviewer Stig Venass.</td><td> =
</td><td class=3D"right">   o  Addressed comments from Routing =
Directorate reviewer Stig Venass.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0041"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">4</span>.  Changes to =
draft-ietf-lisp-lcaf-14.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">5</span>.  Changes to =
draft-ietf-lisp-lcaf-14.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
July 2016.</td><td> </td><td class=3D"right">   o  Submitted July =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix IDnits =
errors and comments from Luigi Iannone, document</td><td> </td><td =
class=3D"right">   o  Fix IDnits errors and comments from Luigi Iannone, =
document</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
shepherd.</td><td> </td><td class=3D"right">      shepherd.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0042"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">5</span>.  Changes to =
draft-ietf-lisp-lcaf-13.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">6</span>.  Changes to =
draft-ietf-lisp-lcaf-13.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
May 2016.</td><td> </td><td class=3D"right">   o  Submitted May =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Explain the =
Instance-ID LCAF Type is 32-bits in length and the</td><td> </td><td =
class=3D"right">   o  Explain the Instance-ID LCAF Type is 32-bits in =
length and the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Instance-ID =
field in the LISP encapsulation header is 24-bits.</td><td> </td><td =
class=3D"right">      Instance-ID field in the LISP encapsulation header =
is 24-bits.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0043"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">6</span>.  Changes to =
draft-ietf-lisp-lcaf-12.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">7</span>.  Changes to =
draft-ietf-lisp-lcaf-12.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
March 2016.</td><td> </td><td class=3D"right">   o  Submitted March =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Updated =
references and document timer.</td><td> </td><td class=3D"right">   o  =
Updated references and document timer.</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Removed the =
R, J, and L bits from the Multicast Info Type LCAF</td><td> </td><td =
class=3D"right">   o  Removed the R, J, and L bits from the Multicast =
Info Type LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      since =
working group decided to not go forward with draft-</td><td> </td><td =
class=3D"right">      since working group decided to not go forward with =
draft-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
farinacci-lisp-mr-signaling-03.txt in favor of draft- =
ietf-lisp-</td><td> </td><td class=3D"right">      =
farinacci-lisp-mr-signaling-03.txt in favor of draft- ietf-lisp-</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
signal-free-00.txt.</td><td> </td><td class=3D"right">      =
signal-free-00.txt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0044"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">7</span>.  Changes to =
draft-ietf-lisp-lcaf-11.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">8</span>.  Changes to =
draft-ietf-lisp-lcaf-11.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
September 2015.</td><td> </td><td class=3D"right">   o  Submitted =
September 2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Reflecting =
comments from Prague LISP working group.</td><td> </td><td =
class=3D"right">   o  Reflecting comments from Prague LISP working =
group.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Readying =
document for a LISP LCAF registry, RFC publication, and</td><td> =
</td><td class=3D"right">   o  Readying document for a LISP LCAF =
registry, RFC publication, and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      for new use =
cases that will be defined in the new charter.</td><td> </td><td =
class=3D"right">      for new use cases that will be defined in the new =
charter.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0045"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">8</span>.  Changes to =
draft-ietf-lisp-lcaf-10.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">9</span>.  Changes to =
draft-ietf-lisp-lcaf-10.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
June 2015.</td><td> </td><td class=3D"right">   o  Submitted June =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix =
coauthor Job's contact information.</td><td> </td><td class=3D"right">   =
o  Fix coauthor Job's contact information.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0046"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">9</span>.  Changes to =
draft-ietf-lisp-lcaf-09.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">10</span>.  Changes to =
draft-ietf-lisp-lcaf-09.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
June 2015.</td><td> </td><td class=3D"right">   o  Submitted June =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix IANA =
Considerations section to request a registry to allocate</td><td> =
</td><td class=3D"right">   o  Fix IANA Considerations section to =
request a registry to allocate</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and track =
LCAF Type values.</td><td> </td><td class=3D"right">      and track LCAF =
Type values.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0047"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">0</span>.  Changes to =
draft-ietf-lisp-lcaf-08.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">1</span>.  Changes to =
draft-ietf-lisp-lcaf-08.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
April 2015.</td><td> </td><td class=3D"right">   o  Submitted April =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Comment =
from Florin.  The Application Data Type length field has a</td><td> =
</td><td class=3D"right">   o  Comment from Florin.  The Application =
Data Type length field has a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      typo.  The =
field should be labeled "12 + n" and not "8 + n".</td><td> </td><td =
class=3D"right">      typo.  The field should be labeled "12 + n" and =
not "8 + n".</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix length =
fields in the sections titled "Using Recursive LISP</td><td> </td><td =
class=3D"right">   o  Fix length fields in the sections titled "Using =
Recursive LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Canonical =
Address Encodings", "Generic Database Mapping Lookups",</td><td> =
</td><td class=3D"right">      Canonical Address Encodings", "Generic =
Database Mapping Lookups",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and "Data =
Model Encoding".</td><td> </td><td class=3D"right">      and "Data Model =
Encoding".</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0048"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">1</span>.  Changes to =
draft-ietf-lisp-lcaf-07.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">2</span>.  Changes to =
draft-ietf-lisp-lcaf-07.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
December 2014.</td><td> </td><td class=3D"right">   o  Submitted =
December 2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add a new =
LCAF Type called "Encapsulation Format" so decapsulating</td><td> =
</td><td class=3D"right">   o  Add a new LCAF Type called "Encapsulation =
Format" so decapsulating</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      xTRs can =
inform encapsulating xTRs what data-plane encapsulations</td><td> =
</td><td class=3D"right">      xTRs can inform encapsulating xTRs what =
data-plane encapsulations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      they =
support.</td><td> </td><td class=3D"right">      they support.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0049"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">2</span>.  Changes to =
draft-ietf-lisp-lcaf-06.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">3</span>.  Changes to =
draft-ietf-lisp-lcaf-06.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
October 2014.</td><td> </td><td class=3D"right">   o  Submitted October =
2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Make it =
clear how sorted RLOC records are done when LCAFs are used</td><td> =
</td><td class=3D"right">   o  Make it clear how sorted RLOC records are =
done when LCAFs are used</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      as the RLOC =
record.</td><td> </td><td class=3D"right">      as the RLOC =
record.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0050"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">3</span>.  Changes to =
draft-ietf-lisp-lcaf-05.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">4</span>.  Changes to =
draft-ietf-lisp-lcaf-05.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
May 2014.</td><td> </td><td class=3D"right">   o  Submitted May =
2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add a =
length field of the JSON payload that can be used for either</td><td> =
</td><td class=3D"right">   o  Add a length field of the JSON payload =
that can be used for either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      binary or =
text encoding of JSON data.</td><td> </td><td class=3D"right">      =
binary or text encoding of JSON data.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0051"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">4</span>.  Changes to =
draft-ietf-lisp-lcaf-04.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">5</span>.  Changes to =
draft-ietf-lisp-lcaf-04.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
January 2014.</td><td> </td><td class=3D"right">   o  Submitted January =
2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Agreement =
among ELP implementors to have the AFI 16-bit field</td><td> </td><td =
class=3D"right">   o  Agreement among ELP implementors to have the AFI =
16-bit field</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      adjacent to =
the address.  This will make the encoding consistent</td><td> </td><td =
class=3D"right">      adjacent to the address.  This will make the =
encoding consistent</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      with all =
other LCAF type address encodings.</td><td> </td><td class=3D"right">    =
  with all other LCAF type address encodings.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0052"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">5</span>.  Changes to =
draft-ietf-lisp-lcaf-03.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">6</span>.  Changes to =
draft-ietf-lisp-lcaf-03.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
September 2013.</td><td> </td><td class=3D"right">   o  Submitted =
September 2013.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Updated =
references and author's affilations.</td><td> </td><td class=3D"right">  =
 o  Updated references and author's affilations.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Added =
Instance-ID to the Multicast Info Type so there is relative</td><td> =
</td><td class=3D"right">   o  Added Instance-ID to the Multicast Info =
Type so there is relative</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      ease in =
parsing (S,G) entries within a VPN.</td><td> </td><td class=3D"right">   =
   ease in parsing (S,G) entries within a VPN.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add port =
range encodings to the Application Data LCAF Type.</td><td> </td><td =
class=3D"right">   o  Add port range encodings to the Application Data =
LCAF Type.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add a new =
JSON LCAF Type.</td><td> </td><td class=3D"right">   o  Add a new JSON =
LCAF Type.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add Address =
Key/Value LCAF Type to allow attributes to be attached</td><td> </td><td =
class=3D"right">   o  Add Address Key/Value LCAF Type to allow =
attributes to be attached</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      to an =
address.</td><td> </td><td class=3D"right">      to an address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0053"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">6</span>.  Changes to =
draft-ietf-lisp-lcaf-02.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">7</span>.  Changes to =
draft-ietf-lisp-lcaf-02.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
March 2013.</td><td> </td><td class=3D"right">   o  Submitted March =
2013.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Added new =
LCAF Type "Replication List Entry" to support LISP</td><td> </td><td =
class=3D"right">   o  Added new LCAF Type "Replication List Entry" to =
support LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      replication =
engineering use cases.</td><td> </td><td class=3D"right">      =
replication engineering use cases.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Changed =
references to new LISP RFCs.</td><td> </td><td class=3D"right">   o  =
Changed references to new LISP RFCs.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0054"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">7</span>.  Changes to =
draft-ietf-lisp-lcaf-01.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">8</span>.  Changes to =
draft-ietf-lisp-lcaf-01.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
January 2013.</td><td> </td><td class=3D"right">   o  Submitted January =
2013.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Change =
longitude range from 0-90 to 0-180 in section 4.4.</td><td> </td><td =
class=3D"right">   o  Change longitude range from 0-90 to 0-180 in =
section 4.4.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Added =
reference to WGS-84 in section 4.4.</td><td> </td><td class=3D"right">   =
o  Added reference to WGS-84 in section 4.4.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0055"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">8</span>.  Changes to =
draft-ietf-lisp-lcaf-00.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">9</span>.  Changes to =
draft-ietf-lisp-lcaf-00.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
first working group draft August 2012.</td><td> </td><td class=3D"right"> =
  o  Posted first working group draft August 2012.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  This draft =
was renamed from draft-farinacci-lisp-lcaf-10.txt.</td><td> </td><td =
class=3D"right">   o  This draft was renamed from =
draft-farinacci-lisp-lcaf-10.txt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Authors' =
Addresses</td><td> </td><td class=3D"right">Authors' Addresses</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Dino =
Farinacci</td><td> </td><td class=3D"right">   Dino Farinacci</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
lispers.net</td><td> </td><td class=3D"right">   lispers.net</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   San Jose, =
CA</td><td> </td><td class=3D"right">   San Jose, CA</td><td =
class=3D"lineno"></td></tr>

     <tr><td></td><td class=3D"left"></td><td> </td><td =
class=3D"right"></td><td></td></tr>
     <tr id=3D"end" bgcolor=3D"gray"><th colspan=3D"5" =
align=3D"center">&nbsp;End of changes. 55 change blocks.&nbsp;</th></tr>
     <tr class=3D"stats"><td></td><th><i>96 lines changed or =
deleted</i></th><th><i> </i></th><th><i>108 lines changed or =
added</i></th><td></td></tr>
     <tr><td colspan=3D"5" align=3D"center" class=3D"small"><br>This =
html diff was produced by rfcdiff 1.45. The latest version is available =
from <a =
href=3D"http://www.tools.ietf.org/tools/rfcdiff/">http://tools.ietf.org/to=
ols/rfcdiff/</a> </td></tr>
   </tbody></table>
  =20
  =20
</body></html>=

--Apple-Mail=_FA021435-AEE2-4DC5-8667-760FC260A266
Content-Disposition: attachment;
	filename=draft-ietf-lisp-lcaf-18.txt
Content-Type: text/plain;
	x-unix-mode=0644;
	name="draft-ietf-lisp-lcaf-18.txt"
Content-Transfer-Encoding: quoted-printable





Network Working Group                                       D. Farinacci
Internet-Draft                                               lispers.net
Intended status: Experimental                                   D. Meyer
Expires: April 17, 2017                                          Brocade
                                                             J. Snijders
                                                      NTT Communications
                                                        October 14, 2016


                  LISP Canonical Address Format (LCAF)
                        draft-ietf-lisp-lcaf-18

Abstract

   This draft defines a canonical address format encoding used in LISP
   control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 17, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents



Farinacci, et al.        Expires April 17, 2017                 [Page 1]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Definition of Terms . . . . . . . . . . . . . . . . . . . . .   4
   3.  LISP Canonical Address Format Encodings . . . . . . . . . . .   5
   4.  LISP Canonical Address Applications . . . . . . . . . . . . .   7
     4.1.  Segmentation using LISP . . . . . . . . . . . . . . . . .   7
     4.2.  Carrying AS Numbers in the Mapping Database . . . . . . .   9
     4.3.  Assigning Geo Coordinates to Locator Addresses  . . . . .  10
     4.4.  NAT Traversal Scenarios . . . . . . . . . . . . . . . . .  12
     4.5.  Multicast Group Membership Information  . . . . . . . . .  14
     4.6.  Traffic Engineering using Re-encapsulating Tunnels  . . .  16
     4.7.  Storing Security Data in the Mapping Database . . . . . .  17
     4.8.  Source/Destination 2-Tuple Lookups  . . . . . . . . . . .  19
     4.9.  Replication List Entries for Multicast Forwarding . . . .  21
     4.10. Applications for AFI List Type  . . . . . . . . . . . . .  22
       4.10.1.  Binding IPv4 and IPv6 Addresses  . . . . . . . . . .  22
       4.10.2.  Layer-2 VPNs . . . . . . . . . . . . . . . . . . . .  23
       4.10.3.  ASCII Names in the Mapping Database  . . . . . . . .  24
       4.10.4.  Using Recursive LISP Canonical Address Encodings . .  25
       4.10.5.  Compatibility Mode Use Case  . . . . . . . . . . . .  26
   5.  Experimental LISP Canonical Address Applications  . . . . . .  27
     5.1.  Convey Application Specific Data  . . . . . . . . . . . .  27
     5.2.  Generic Database Mapping Lookups  . . . . . . . . . . . .  29
     5.3.  PETR Admission Control Functionality  . . . . . . . . . .  30
     5.4.  Data Model Encoding . . . . . . . . . . . . . . . . . . .  31
     5.5.  Encoding Key/Value Address Pairs  . . . . . . . . . . . .  32
     5.6.  Multiple Data-Planes  . . . . . . . . . . . . . . . . . .  33
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  35
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  36
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  36
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  36
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  38
   Appendix A.  Acknowledgments  . . . . . . . . . . . . . . . . . .  39
   Appendix B.  Document Change Log  . . . . . . . . . . . . . . . .  40
     B.1.  Changes to draft-ietf-lisp-lcaf-18.txt  . . . . . . . . .  40
     B.2.  Changes to draft-ietf-lisp-lcaf-17.txt  . . . . . . . . .  40
     B.3.  Changes to draft-ietf-lisp-lcaf-16.txt  . . . . . . . . .  40
     B.4.  Changes to draft-ietf-lisp-lcaf-15.txt  . . . . . . . . .  40
     B.5.  Changes to draft-ietf-lisp-lcaf-14.txt  . . . . . . . . .  40



Farinacci, et al.        Expires April 17, 2017                 [Page 2]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


     B.6.  Changes to draft-ietf-lisp-lcaf-13.txt  . . . . . . . . .  41
     B.7.  Changes to draft-ietf-lisp-lcaf-12.txt  . . . . . . . . .  41
     B.8.  Changes to draft-ietf-lisp-lcaf-11.txt  . . . . . . . . .  41
     B.9.  Changes to draft-ietf-lisp-lcaf-10.txt  . . . . . . . . .  41
     B.10. Changes to draft-ietf-lisp-lcaf-09.txt  . . . . . . . . .  41
     B.11. Changes to draft-ietf-lisp-lcaf-08.txt  . . . . . . . . .  41
     B.12. Changes to draft-ietf-lisp-lcaf-07.txt  . . . . . . . . .  42
     B.13. Changes to draft-ietf-lisp-lcaf-06.txt  . . . . . . . . .  42
     B.14. Changes to draft-ietf-lisp-lcaf-05.txt  . . . . . . . . .  42
     B.15. Changes to draft-ietf-lisp-lcaf-04.txt  . . . . . . . . .  42
     B.16. Changes to draft-ietf-lisp-lcaf-03.txt  . . . . . . . . .  42
     B.17. Changes to draft-ietf-lisp-lcaf-02.txt  . . . . . . . . .  43
     B.18. Changes to draft-ietf-lisp-lcaf-01.txt  . . . . . . . . .  43
     B.19. Changes to draft-ietf-lisp-lcaf-00.txt  . . . . . . . . .  43
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  43

1.  Introduction

   The LISP architecture and protocols [RFC6830] introduces two new
   numbering spaces, Endpoint Identifiers (EIDs) and Routing Locators
   (RLOCs).  To provide flexibility for current and future applications,
   these values can be encoded in LISP control messages using a general
   syntax that includes Address Family Identifier (AFI), length, and
   value fields.

   Currently defined AFIs include IPv4 and IPv6 addresses, which are
   formatted according to code-points assigned in [AFI] as follows:

   IPv4 Encoded Address:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 1            |       IPv4 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv4 Address         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+














Farinacci, et al.        Expires April 17, 2017                 [Page 3]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   IPv6 Encoded Address:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 2            |       IPv6 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv6 Address         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   This document describes the currently-defined AFIs the LISP protocol
   uses along with their encodings and introduces the LISP Canonical
   Address Format (LCAF) that can be used to define the LISP-specific
   encodings for arbitrary AFI values.

2.  Definition of Terms

   Address Family Identifier (AFI):  a term used to describe an address
      encoding in a packet.  Address families are defined for IPv4 and
      IPv6.  See [AFI] and [RFC3232] for details.  The reserved AFI
      value of 0 is used in this specification to indicate an
      unspecified encoded address where the length of the address is 0
      bytes following the 16-bit AFI value of 0.

   Unspecified Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 0            |      <no address follows>
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Endpoint ID (EID):   a 32-bit (for IPv4) or 128-bit (for IPv6) value
      used in the source and destination address fields of the first
      (most inner) LISP header of a packet.  The host obtains a
      destination EID the same way it obtains a destination address
      today, for example through a DNS lookup or SIP exchange.  The
      source EID is obtained via existing mechanisms used to set a
      host's "local" IP address.  An EID is allocated to a host from an
      EID-prefix block associated with the site where the host is
      located.  An EID can be used by a host to refer to other hosts.




Farinacci, et al.        Expires April 17, 2017                 [Page 4]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Routing Locator (RLOC):   the IPv4 or IPv6 address of an egress
      tunnel router (ETR).  It is the output of a EID-to-RLOC mapping
      lookup.  An EID maps to one or more RLOCs.  Typically, RLOCs are
      numbered from topologically aggregatable blocks that are assigned
      to a site at each point to which it attaches to the global
      Internet; where the topology is defined by the connectivity of
      provider networks, RLOCs can be thought of as Provider-Assigned
      (PA) addresses.  Multiple RLOCs can be assigned to the same ETR
      device or to multiple ETR devices at a site.

3.  LISP Canonical Address Format Encodings

   IANA has assigned AFI value 16387 (0x4003) to the LISP architecture
   and protocols.  This specification defines the encoding format of the
   LISP Canonical Address (LCA).  This section defines all types for
   which an initial allocation in the LISP-LCAF registry is requested.
   See IANA Considerations section for the complete list of such types.

   The Address Family AFI definitions from [AFI] only allocate code-
   points for the AFI value itself.  The length of the address or entity
   that follows is not defined and is implied based on conventional
   experience.  When the LISP protocol uses LCAF definitions from this
   document, the AFI-based address lengths are specified in this
   document.  When new LCAF definitions are defined in other use case
   documents, the AFI-based address lengths for any new AFI encoded
   addresses are specified in those documents.

   The first 6 bytes of an LISP Canonical Address are followed by a
   variable number of fields of variable length:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Type       |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             . . .                             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Rsvd1/Rsvd2:  these 8-bit fields are reserved for future use and MUST
      be transmitted as 0 and ignored on receipt.

   Flags:  this 8-bit field is for future definition and use.  For now,
      set to zero on transmission and ignored on receipt.

   Type:  this 8-bit field is specific to the LISP Canonical Address
      formatted encodings.  Currently allocated values are:



Farinacci, et al.        Expires April 17, 2017                 [Page 5]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


     Type 0:  Null Body Type

     Type 1:  AFI List Type

     Type 2:  Instance ID Type

     Type 3:  AS Number Type

     Type 4:  Application Data Type

     Type 5:  Geo Coordinates Type

     Type 6:  Opaque Key Type

     Type 7:  NAT-Traversal Type

     Type 8:  Nonce Locator Type

     Type 9:  Multicast Info Type

     Type 10:  Explicit Locator Path Type

     Type 11:  Security Key Type

     Type 12:  Source/Dest Key Type

     Type 13:  Replication List Entry Type

     Type 14:  JSON Data Model Type

     Type 15:  Key/Value Address Pair Type

     Type 16:  Encapsulation Format Type

   Length:  this 16-bit field is in units of bytes and covers all of the
      LISP Canonical Address payload, starting and including the byte
      after the Length field.  When including the AFI, an LCAF encoded
      address will have a minimum length of 8 bytes when the Length
      field is 0.  The 8 bytes include the AFI, Flags, Type, Rsvd1,
      Rsvd2, and Length fields.  When the AFI is not next to an encoded
      address in a control message, then the encoded address will have a
      minimum length of 6 bytes when the Length field is 0.  The 6 bytes
      include the Flags, Type, Rsvd1, Rsvd2, and Length fields.

   [RFC6830] states RLOC records are sorted when encoded in control
   messages so the locator-set has consistent order across all xTRs for
   a given EID.  The sort order is based on sort-key {afi, RLOC-
   address}. When an RLOC is LCAF encoded, the sort-key is {afi, LCAF-



Farinacci, et al.        Expires April 17, 2017                 [Page 6]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Type}. Therefore, when a locator-set has a mix of AFI records and
   LCAF records, they are ordered from smallest to largest AFI value.































4.  LISP Canonical Address Applications

4.1.  Segmentation using LISP

   When multiple organizations inside of a LISP site are using private
   addresses [RFC1918] as EID-prefixes, their address spaces must remain
   segregated due to possible address duplication.  An Instance ID in
   the address encoding can aid in making the entire AFI-based address
   unique.

   Another use for the Instance ID LISP Canonical Address Format is when
   creating multiple segmented VPNs inside of a LISP site where keeping
   EID-prefix based subnets is desirable.





Farinacci, et al.        Expires April 17, 2017                 [Page 7]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Instance ID LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 2    | IID mask-len  |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Instance ID                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IID mask-len:  if the AFI is set to 0, then this format is not
      encoding an extended EID-prefix but rather an instance-ID range
      where the 'IID mask-len' indicates the number of high-order bits
      used in the Instance ID field for the range.  The low-order bits
      of the Instance ID field must be 0.

   Length:  length in bytes starting and including the byte after this
      Length field.

   Instance ID:  the low-order 24-bits that can go into a LISP data
      header when the I-bit is set.  See [RFC6830] for details.  The
      reason for the length difference is so that the maximum number of
      instances supported per mapping system is 2^32 while conserving
      space in the LISP data header.  This comes at the expense of
      limiting the maximum number of instances per xTR to 2^24.  If an
      xTR is configured with multiple instance-IDs where the value in
      the high-order 8 bits are the same, then the low-order 24 bits
      MUST be unique.

   AFI =3D x:  x can be any AFI value from [AFI].

   This LISP Canonical Address Type can be used to encode either EID or
   RLOC addresses.

   Usage: When used as a lookup key, the EID is regarded as an extended-
   EID in the mapping system.  This encoding is used in EID records in
   Map-Requests, Map-Replies, Map-Registers, and Map-Notify messages.
   When LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system
   mechanism, extended EIDs are used in Map-Referral messages.








Farinacci, et al.        Expires April 17, 2017                 [Page 8]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.2.  Carrying AS Numbers in the Mapping Database

   When an AS number is stored in the LISP Mapping Database System for
   either policy or documentation reasons, it can be encoded in a LISP
   Canonical Address.

   AS Number LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 3    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           AS Number                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   AS Number:  the 32-bit AS number of the autonomous system that has
      been assigned to either the EID or RLOC that follows.

   AFI =3D x:  x can be any AFI value from [AFI].

   The AS Number Canonical Address Type can be used to encode either EID
   or RLOC addresses.  The former is used to describe the LISP-ALT AS
   number the EID-prefix for the site is being carried for.  The latter
   is used to describe the AS that is carrying RLOC based prefixes in
   the underlying routing system.

   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  When
   LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system mechanism,
   extended EIDs are used in Map-Referral messages.













Farinacci, et al.        Expires April 17, 2017                 [Page 9]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.3.  Assigning Geo Coordinates to Locator Addresses

   If an ETR desires to send a Map-Reply describing the Geo Coordinates
   for each locator in its locator-set, it can use the Geo Coordinate
   Type to convey physical location information.

   Coordinates are specified using the WGS-84 (World Geodetic System)
   reference coordinate system [WGS-84].

   Geo Coordinate LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 5    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |N|     Latitude Degrees        |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |E|     Longitude Degrees       |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                            Altitude                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   N: When set to 1 means North, otherwise South.

   Latitude Degrees:  Valid values range from 0 to 90 degrees above or
      below the equator (northern or southern hemisphere, respectively).

   Latitude Minutes:  Valid values range from 0 to 59.

   Latitude Seconds:  Valid values range from 0 to 59.

   E: When set to 1 means East, otherwise West.

   Longitude Degrees:  Valid values are from 0 to 180 degrees right or
      left of the Prime Meridian.

   Longitude Minutes:  Valid values range from 0 to 59.

   Longitude Seconds:  Valid values range from 0 to 59.




Farinacci, et al.        Expires April 17, 2017                [Page 10]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Altitude:  Height relative to sea level in meters.  This is a two's
      complement signed integer meaning that the altitude could be below
      sea level.  A value of 0x7fffffff indicates no Altitude value is
      encoded.

   AFI =3D x:  x can be any AFI value from [AFI].

   The Geo Coordinates Canonical Address Type can be used to encode
   either EID or RLOC addresses.  When used for EID encodings, you can
   determine the physical location of an EID along with the topological
   location by observing the locator-set.

   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  When
   LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system mechanism,
   extended EIDs are used in Map-Referral messages.



































Farinacci, et al.        Expires April 17, 2017                [Page 11]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.4.  NAT Traversal Scenarios

   When a LISP system is conveying global address and mapped port
   information when traversing through a NAT device, the NAT-Traversal
   LCAF Type is used.  See [I-D.ermagan-lisp-nat-traversal] for details.

   NAT-Traversal Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 7    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       MS UDP Port Number      |      ETR UDP Port Number      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |  Global ETR RLOC Address  ... |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       MS RLOC Address  ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          | Private ETR RLOC Address  ... |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |      RTR RLOC Address 1 ...   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |      RTR RLOC Address k ...   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   MS UDP Port Number:  this is the UDP port number of the Map-Server
      and is set to 4342.

   ETR UDP Port Number:  this is the port number returned to a LISP
      system which was copied from the source port from a packet that
      has flowed through a NAT device.

   AFI =3D x:  x can be any AFI value from [AFI].

   Global ETR RLOC Address:  this is an address known to be globally
      unique built by NAT-traversal functionality in a LISP router.

   MS RLOC Address:  this is the address of the Map-Server used in the
      destination RLOC of a packet that has flowed through a NAT device.






Farinacci, et al.        Expires April 17, 2017                [Page 12]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Private ETR RLOC Address:  this is an address known to be a private
      address inserted in this LCAF by a LISP router that resides on the
      private side of a NAT device.

   RTR RLOC Address:  this is an encapsulation address used by an ITR or
      PITR which resides behind a NAT device.  This address is known to
      have state in a NAT device so packets can flow from it to the LISP
      ETR behind the NAT.  There can be one or more NAT Reencapsulating
      Tunnel Router (RTR) [I-D.ermagan-lisp-nat-traversal] addresses
      supplied in these set of fields.  The number of RTRs encoded is
      determined by parsing each field.  When there are no RTRs
      supplied, the RTR fields can be omitted and reflected by the LCAF
      length field or an AFI of 0 can be used to indicate zero RTRs
      encoded.

   Usage: This encoding can be used in Info-Request and Info-Reply
   messages.  The mapping system does not store this information.  The
   information is used by an xTR and Map-Server to convey private and
   public address information when traversing NAT and firewall devices.
































Farinacci, et al.        Expires April 17, 2017                [Page 13]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.5.  Multicast Group Membership Information

   Multicast group information can be published in the mapping database.
   So a lookup on a group address EID can return a replication list of
   RLOC group addresses or RLOC unicast addresses.  The intent of this
   type of unicast replication is to deliver packets to multiple ETRs at
   receiver LISP multicast sites.  The locator-set encoding for this EID
   record type can be a list of ETRs when they each register with "Merge
   Semantics".  The encoding can be a typical AFI-encoded locator
   address.  When an RTR list is being registered (with multiple levels
   according to [I-D.coras-lisp-re]), the Replication List Entry LCAF
   type is used for locator encoding.

   This LCAF encoding can be used to send broadcast packets to all
   members of a subnet when an EID is away from its home subnet
   location.

   Multicast Info Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 9    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Instance-ID                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Reserved           | Source MaskLen| Group MaskLen |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |   Source/Subnet Address  ...  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Group Address  ...      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved:  must be set to zero and ignored on receipt.

   Instance ID:  the low-order 24-bits that can go into a LISP data
      header when the I-bit is set.  See [RFC6830] for details.  The use
      of the Instance-ID in this LCAF type is to associate a multicast
      forwarding entry for a given VPN.  The instance-ID describes the
      VPN and is registered to the mapping database system as a 3-tuple
      of (Instance-ID, S-prefix, G-prefix).





Farinacci, et al.        Expires April 17, 2017                [Page 14]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Source MaskLen:  the mask length of the source prefix that follows.
      The length is the number of high-order mask bits set.

   Group MaskLen:  the mask length of the group prefix that follows.
      The length is the number of high-order mask bits set.

   AFI =3D x:  x can be any AFI value from [AFI].  When a specific =
address
      family has a multicast address semantic, this field must be either
      a group address or a broadcast address.

   Source/Subnet Address:  is the source address or prefix for encoding
      a (S,G) multicast entry.

   Group Address:  is the group address or group prefix for encoding
      (S,G) or (*,G) multicast entries.

   Usage: This encoding can be used in EID records in Map-Requests, Map-
   Replies, Map-Registers, and Map-Notify messages.  When LISP-DDT
   [I-D.ietf-lisp-ddt] is used as the mapping system mechanism, extended
   EIDs are used in Map-Referral messages.































Farinacci, et al.        Expires April 17, 2017                [Page 15]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.6.  Traffic Engineering using Re-encapsulating Tunnels

   For a given EID lookup into the mapping database, this LCAF can be
   returned to provide a list of locators in an explicit re-
   encapsulation path.  See [I-D.farinacci-lisp-te] for details.

   Explicit Locator Path (ELP) Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 10   |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Rsvd3         |L|P|S|           AFI =3D x             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Reencap Hop 1  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Rsvd3         |L|P|S|           AFI =3D x             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Reencap Hop k  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Rsvd3:  this field is reserved for future use and MUST be transmitted
      as 0 and ignored on receipt.

   Lookup bit (L):  this is the Lookup bit used to indicate to the user
      of the ELP to not use this address for encapsulation but to look
      it up in the mapping database system to obtain an encapsulating
      RLOC address.

   RLOC-Probe bit (P):  this is the RLOC-probe bit which means the
      Reencap Hop allows RLOC-probe messages to be sent to it.  When the
      R-bit is set to 0, RLOC-probes must not be sent.  When a Reencap
      Hop is an anycast address then multiple physical Reencap Hops are
      using the same RLOC address.  In this case, RLOC-probes are not
      needed because when the closest RLOC address is not reachable
      another RLOC address can be reachable.

   Strict bit (S):  this is the strict bit which means the associated
      Reencap Hop is required to be used.  If this bit is 0, the
      reencapsulator can skip this Reencap Hop and go to the next one in
      the list.




Farinacci, et al.        Expires April 17, 2017                [Page 16]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   AFI =3D x:  x can be any AFI value from [AFI].  When a specific AFI =
has
      its own encoding of a multicast address, this field must be either
      a group address or a broadcast address.

   Usage: This encoding can be used in RLOC records in Map-Requests,
   Map-Replies, Map-Registers, and Map-Notify messages.  This encoding
   does not need to be understood by the mapping system for mapping
   database lookups since this LCAF type is not a lookup key.





















4.7.  Storing Security Data in the Mapping Database

   When a locator in a locator-set has a security key associated with
   it, this LCAF will be used to encode key material.  See
   [I-D.ietf-lisp-ddt] for details.

















Farinacci, et al.        Expires April 17, 2017                [Page 17]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Security Key Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 11   |      Rsvd2    |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Key Count   |      Rsvd3    | Key Algorithm |   Rsvd4     |R|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Key Length          |       Key Material ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        ... Key Material                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Locator Address ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Key Count:  the Key Count field declares the number of Key sections
      included in this LCAF.  A key section is made up of "Key Length"
      and "Key Material" fields.

   Rsvd3:  this field is reserved for future use and MUST be transmitted
      as 0 and ignored on receipt.

   Key Algorithm:  the Algorithm field identifies the key's
      cryptographic algorithm and specifies the format of the Public Key
      field.  Refer to the [I-D.ietf-lisp-ddt] and
      [I-D.ietf-lisp-crypto] use cases for definitions of this field.

   Rsvd4:  this field is reserved for future use and MUST be transmitted
      as 0 and ignored on receipt.

   R bit:  this is the revoke bit and, if set, it specifies that this
      Key is being Revoked.

   Key Length:  this field determines the length in bytes of the Key
      Material field.

   Key Material:  the Key Material field stores the key material.  The
      format of the key material stored depends on the Key Algorithm
      field.

   AFI =3D x:  x can be any AFI value from [AFI].  This is the locator
      address that owns the encoded security key.



Farinacci, et al.        Expires April 17, 2017                [Page 18]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  When
   LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system mechanism,
   extended EIDs are used in Map-Referral messages.





















4.8.  Source/Destination 2-Tuple Lookups

   When both a source and destination address of a flow need
   consideration for different locator-sets, this 2-tuple key is used in
   EID fields in LISP control messages.  When the Source/Dest key is
   registered to the mapping database, it can be encoded as a source-
   prefix and destination-prefix.  When the Source/Dest is used as a key
   for a mapping database lookup the source and destination come from a
   data packet.

















Farinacci, et al.        Expires April 17, 2017                [Page 19]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Source/Dest Key Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 12   |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Reserved           |   Source-ML   |    Dest-ML    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Source-Prefix ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D y          |     Destination-Prefix ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved:  must be set to zero and ignore on receipt.

   Source-ML:  the mask length of the source prefix that follows.  The
      length is the number of high-order mask bits set.

   Dest-ML:  the mask length of the destination prefix that follows.
      The length is the number of high-order mask bits set.

   AFI =3D x:  x can be any AFI value from [AFI].

   AFI =3D y:  y can be any AFI value from [AFI].  When a specific =
address
      family has a multicast address semantic, this field must be either
      a group address or a broadcast address.

   Usage: This encoding can be used in EID records in Map-Requests, Map-
   Replies, Map-Registers, and Map-Notify messages.  When LISP-DDT
   [I-D.ietf-lisp-ddt] is used as the mapping system mechanism, extended
   EIDs are used in Map-Referral messages.  Refer to
   [I-D.farinacci-lisp-te] for usage details of this LCAF type.













Farinacci, et al.        Expires April 17, 2017                [Page 20]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.9.  Replication List Entries for Multicast Forwarding

   The Replication List Entry LCAF type is an encoding for a locator
   being used for unicast replication according to the specification in
   [I-D.coras-lisp-re].  This locator encoding is pointed to by a
   Multicast Info LCAF Type and is registered by Re-encapsulating Tunnel
   Routers (RTRs) that are participating in an overlay distribution
   tree.  Each RTR will register its locator address and its configured
   level in the distribution tree.

   Replication List Entry Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 13   |    Rsvd2      |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Rsvd3            |     Rsvd4     |  Level Value  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |           RTR/ETR #1 ...      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Rsvd3            |     Rsvd4     |  Level Value  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |           RTR/ETR  #n ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Rsvd3/Rsvd4:  must be set to zero and ignore on receipt.

   Level Value:  this value is associated with the level within the
      overlay distribution tree hierarchy where the RTR resides.  The
      level numbers are ordered from lowest value being close to the ITR
      (meaning that ITRs replicate to level-0 RTRs) and higher levels
      are further downstream on the distribution tree closer to ETRs of
      multicast receiver sites.

   AFI =3D x:  x can be any AFI value from [AFI].  A specific AFI has =
its
      own encoding of either a unicast or multicast locator address.
      For efficiency reasons, all RTR/ETR entries for the same level
      should be combined together by a Map-Server to avoid searching
      through the entire multi-level list of locator entries in a Map-
      Reply message.





Farinacci, et al.        Expires April 17, 2017                [Page 21]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This encoding can be used in RLOC records in Map-Requests,
   Map-Replies, Map-Registers, and Map-Notify messages.

4.10.  Applications for AFI List Type

4.10.1.  Binding IPv4 and IPv6 Addresses

   When header translation between IPv4 and IPv6 is desirable a LISP
   Canonical Address can use the AFI List Type to carry a variable
   number of AFIs in one LCAF AFI.

   Address Binding LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 1            |       IPv4 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv4 Address         |            AFI =3D 2            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          IPv6 Address ...                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   This type of address format can be included in a Map-Request when the
   address is being used as an EID, but the Mapping Database System
   lookup destination can use only the IPv4 address.  This is so a
   Mapping Database Service Transport System, such as LISP-ALT
   [RFC6836], can use the Map-Request destination address to route the
   control message to the desired LISP site.

   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  See
   subsections in this section for specific use cases.





Farinacci, et al.        Expires April 17, 2017                [Page 22]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.2.  Layer-2 VPNs

   When MAC addresses are stored in the LISP Mapping Database System,
   the AFI List Type can be used to carry AFI 6.

   MAC Address LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             AFI =3D 6           |    Layer-2 MAC Address  ...   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    ... Layer-2 MAC Address                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   This address format can be used to connect layer-2 domains together
   using LISP over an IPv4 or IPv6 core network to create a layer-2 VPN.
   In this use case, a MAC address is being used as an EID, and the
   locator-set that this EID maps to can be an IPv4 or IPv6 RLOCs, or
   even another MAC address being used as an RLOC.  See
   [I-D.portoles-lisp-eid-mobility] for how layer-2 VPNs operate when
   doing EID mobility.  Refer to the Security Considerations section for
   privacy protection.





















Farinacci, et al.        Expires April 17, 2017                [Page 23]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.3.  ASCII Names in the Mapping Database

   If DNS names or URIs are stored in the LISP Mapping Database System,
   the AFI List Type can be used to carry an ASCII string.

   ASCII LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             AFI =3D 17          |      DNS Name or URI  ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.
































Farinacci, et al.        Expires April 17, 2017                [Page 24]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.4.  Using Recursive LISP Canonical Address Encodings

   When any combination of above is desirable, the AFI List Type value
   can be used to carry within the LCAF AFI another LCAF AFI (for
   example, Application Specific Data see Section 5.1.

   Recursive LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 4    |     Rsvd2     |            Length2            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   IP TOS, IPv6 TC or Flow Label               |    Protocol   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Local Port (lower-range)   |    Local Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Remote Port (lower-range)   |   Remote Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 1            |       IPv4 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv4 Address         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Length2:  length in bytes starting and including the byte after this
      Length2 field.

   This format could be used by a Mapping Database Transport System,
   such as LISP-ALT [RFC6836], where the AFI=3D1 IPv4 address is used as
   an EID and placed in the Map-Request destination address by the
   sending LISP system.  The ALT system can deliver the Map-Request to
   the LISP destination site independent of the Application Data Type
   AFI payload values.  When this AFI is processed by the destination
   LISP site, it can return different locator-sets based on the type of
   application or level of service that is being requested.







Farinacci, et al.        Expires April 17, 2017                [Page 25]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.5.  Compatibility Mode Use Case

   A LISP system should use the AFI List Type format when sending to
   LISP systems that do not support a particular LCAF Type used to
   encode locators.  This allows the receiving system to be able to
   parse a locator address for encapsulation purposes.  The list of AFIs
   in an AFI List LCAF Type has no semantic ordering and a receiver
   should parse each AFI element no matter what the ordering.

   Compatibility Mode Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |           Length              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 5    |     Rsvd2     |           Length2             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |N|     Latitude Degrees        |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |E|     Longitude Degrees       |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                            Altitude                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D 0          |           AFI =3D 1             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          IPv4 Address                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Length2:  length in bytes starting and including the byte after this
      Length2 field.

   If a system does not recognized the Geo Coordinate LCAF Type that is
   accompanying a locator address, an encoder can include the Geo
   Coordinate LCAF Type embedded in a AFI List LCAF Type where the AFI
   in the Geo Coordinate LCAF is set to 0 and the AFI encoded next in
   the list is encoded with a valid AFI value to identify the locator
   address.

   A LISP system is required to support the AFI List LCAF Type to use
   this procedure.  It would skip over 10 bytes of the Geo Coordinate



Farinacci, et al.        Expires April 17, 2017                [Page 26]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   LCAF Type to get to the locator address encoding (an IPv4 locator
   address).  A LISP system that does support the Geo Coordinate LCAF
   Type can support parsing the locator address within the Geo
   Coordinate LCAF encoding or in the locator encoding that follows in
   the AFI List LCAF.































5.  Experimental LISP Canonical Address Applications

5.1.  Convey Application Specific Data

   When a locator-set needs to be conveyed based on the type of
   application or the Per-Hop Behavior (PHB) of a packet, the
   Application Data Type can be used.








Farinacci, et al.        Expires April 17, 2017                [Page 27]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Application Data LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 4    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       IP TOS, IPv6 TC, or Flow Label          |    Protocol   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Local Port (lower-range)   |    Local Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Remote Port (lower-range)   |   Remote Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   IP TOS, IPv6 TC, or Flow Label:  this field stores the 8-bit IPv4 TOS
      field used in an IPv4 header, the 8-bit IPv6 Traffic Class or Flow
      Label used in an IPv6 header.

   Local Port/Remote Port Ranges:  these fields are from the TCP, UDP,
      or SCTP transport header.  A range can be specified by using a
      lower value and an upper value.  When a single port is encoded,
      the lower and upper value fields are the same.

   AFI =3D x:  x can be any AFI value from [AFI].

   The Application Data Canonical Address Type is used for an EID
   encoding when an ITR wants a locator-set for a specific application.
   When used for an RLOC encoding, the ETR is supplying a locator-set
   for each specific application is has been configured to advertise.

   Usage: This encoding can be used in EID records in Map-Requests, Map-
   Replies, Map-Registers, and Map-Notify messages.  When LISP-DDT
   [I-D.ietf-lisp-ddt] is used as the mapping system mechanism, extended
   EIDs are used in Map-Referral messages.  This LCAF type is used as a
   lookup key to the mapping system that can return a longest-match or
   exact-match entry.








Farinacci, et al.        Expires April 17, 2017                [Page 28]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.2.  Generic Database Mapping Lookups

   When the LISP Mapping Database system holds information accessed by a
   generic formatted key (where the key is not the usual IPv4 or IPv6
   address), an opaque key may be desirable.

   Opaque Key LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 6    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Key Field Num |      Key Wildcard Fields      |   Key . . .   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       . . . Key                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Key Field Num:  the value of this field is the number of "Key" sub-
      fields minus 1, the "Key" field can be broken up into.  So if this
      field has a value of 0, there is 1 sub-field in the "Key".  The
      width of the sub-fields are fixed length.  So for a key size of 8
      bytes, with a Key Field Num of 3, allows 4 sub-fields of 2 bytes
      each in length.  Allowing for a reasonable number of 16 sub-field
      separators, valid values range from 0 to 15.

   Key Wildcard Fields:  describes which fields in the key are not used
      as part of the key lookup.  This wildcard encoding is a bitfield.
      Each bit is a don't-care bit for a corresponding field in the key.
      Bit 0 (the low-order bit) in this bitfield corresponds the first
      field, the low-order field in the key, bit 1 the second field, and
      so on.  When a bit is set in the bitfield it is a don't-care bit
      and should not be considered as part of the database lookup.  When
      the entire 16-bits is set to 0, then all bits of the key are used
      for the database lookup.

   Key:  the variable length key used to do a LISP Database Mapping
      lookup.  The length of the key is the value n (as shown above).

   Usage: This is an experimental type where the usage has not been
   defined yet.





Farinacci, et al.        Expires April 17, 2017                [Page 29]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.3.  PETR Admission Control Functionality

   When a public PETR device wants to verify who is encapsulating to it,
   it can check for a specific nonce value in the LISP encapsulated
   packet.  To convey the nonce to admitted ITRs or PITRs, this LCAF is
   used in a Map-Register or Map-Reply locator-record.

   Nonce Locator Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 8    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Reserved    |                  Nonce                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved:  must be set to zero and ignore on receipt.

   Nonce:  this is a nonce value returned by an ETR in a Map-Reply
      locator-record to be used by an ITR or PITR when encapsulating to
      the locator address encoded in the AFI field of this LCAF type.
      This nonce value is inserted in the nonce field in the LISP header
      encapsulation.

   AFI =3D x:  x can be any AFI value from [AFI].

   Usage: This is an experimental type where the usage has not been
   defined yet.















Farinacci, et al.        Expires April 17, 2017                [Page 30]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.4.  Data Model Encoding

   This type allows a JSON data model to be encoded either as an EID or
   RLOC.

   JSON Data Model Type Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 14   |    Rsvd2    |B|            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           JSON length         | JSON binary/text encoding ... |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Optional Address ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   B bit:  indicates that the JSON field is binary encoded according to
      [JSON-BINARY] when the bit is set to 1.  Otherwise the encoding is
      based on text encoding according to [RFC7159].

   JSON length:  length in octets of the following 'JSON binary/text
      encoding' field.

   JSON binary/text encoding field:  a variable length field that
      contains either binary or text encodings.

   AFI =3D x:  x can be any AFI value from [AFI].  A specific AFI has =
its
      own encoding of either a unicast or multicast locator address.
      All RTR/ETR entries for the same level should be combined together
      by a Map-Server to avoid searching through the entire multi-level
      list of locator entries in a Map-Reply message.

   Usage: This is an experimental type where the usage has not been
   defined yet.











Farinacci, et al.        Expires April 17, 2017                [Page 31]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.5.  Encoding Key/Value Address Pairs

   The Key/Value pair is, for example, useful for attaching attributes
   to other elements of LISP packets, such as EIDs or RLOCs.  When
   attaching attributes to EIDs or RLOCs, it's necessary to distinguish
   between the element that should be used as EID or RLOC, and hence as
   the key for lookups, and additional attributes.  This is especially
   the case when the difference cannot be determined from the types of
   the elements, such as when two IP addresses are being used.

   Key/Value Pair Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 15   |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Address as Key ...      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D y          |       Address as Value ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   AFI =3D x:  x is the "Address as Key" AFI that can have any value =
from
      [AFI].  A specific AFI has its own encoding of either a unicast or
      multicast locator address.  All RTR/ETR entries for the same level
      should be combined together by a Map-Server to avoid searching
      through the entire multi-level list of locator entries in a Map-
      Reply message.

   Address as Key:  this AFI-encoded address will be attached with the
      attributes encoded in "Address as Value" which follows this field.

   AFI =3D y:  y is the "Address of Value" AFI that can have any value
      from [AFI].  A specific AFI has its own encoding of either a
      unicast or multicast locator address.  All RTR/ETR entries for the
      same level should be combined together by a Map-Server to avoid
      searching through the entire multi-level list of locator entries
      in a Map-Reply message.

   Address as Value:  this AFI-encoded address will be the attribute
      address that goes along with "Address as Key" which precedes this
      field.




Farinacci, et al.        Expires April 17, 2017                [Page 32]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This is an experimental type where the usage has not been
   defined yet.































5.6.  Multiple Data-Planes

   Overlays are becoming popular in many parts of the network which have
   created an explosion of data-plane encapsulation headers.  Since the
   LISP mapping system can hold many types of address formats, it can
   represent the encapsulation format supported by an RLOC as well.
   When an encapsulator receives a Map-Reply with an Encapsulation
   Format LCAF Type encoded in an RLOC-record, it can select an
   encapsulation format, that it can support, from any of the
   encapsulation protocols which have the bit set to 1 in this LCAF
   type.







Farinacci, et al.        Expires April 17, 2017                [Page 33]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Encapsulation Format Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 16   |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Reserved-for-Future-Encapsulations       |U|G|N|v|V|l|L|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |          Address ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved-for-Future-Encapsulations:  must be set to zero and ignored
      on receipt.  This field will get bits allocated to future
      encapsulations, as they are created.

   L: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept layer 3 LISP encapsulation using destination UDP port
      4341 [RFC6830].

   l: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept layer 2 LISP encapsulation using destination UDP port
      8472 [I-D.smith-lisp-layer2].

   V: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept VXLAN encapsulation using destination UDP port 4789
      [RFC7348].

   v: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept VXLAN-GPE encapsulation using destination UDP port 4790
      [I-D.quinn-vxlan-gpe].

   N: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept NV-GRE encapsulation using IPv4/ IPv6 protocol number
      47 [RFC7637].

   G: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept GENEVE encapsulation using destination UDP port 6081
      [I-D.gross-geneve].

   U: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept GUE encapsulation using destination UDP port TBD
      [I-D.herbert-gue].



Farinacci, et al.        Expires April 17, 2017                [Page 34]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This encoding can be used in RLOC records in Map-Requests,
   Map-Replies, Map-Registers, and Map-Notify messages.









































6.  Security Considerations

   There are no security considerations for this specification.  The
   security considerations are documented for the protocols that use
   LISP Canonical Addressing.



Farinacci, et al.        Expires April 17, 2017                [Page 35]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   The use of the Geo-Coordinates LCAF Type may raise physical privacy
   issues.  Care should be taken when configuring the mapping system to
   use specific policy parameters so geo-location information is not
   returned gratuitously.  It is recommended to examine [RFC6280] and
   [BCP160] architectures for location-based privacy protection.

7.  IANA Considerations

   This document defines a canonical address format encoding used in
   LISP control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.  Such address format is based on a fixed AFI
   (16387) and a LISP LCAF Type field.

   The LISP LCAF Type field is an 8-bit field specific to the LISP
   Canonical Address formatted encodings, for which IANA is to create
   and maintain a new registry (as outlined in [RFC5226]) entitled "LISP
   LCAF Type".  Initial values for the LISP LCAF Type registry are given
   below.  Future assignments are to be made through expert review with
   a specification required publication.  Assignments consist of a LISP
   LCAF Type name and its associated value:

           +-------+------------------------------+------------+
           | Value | LISP LCAF Type Name          | Definition |
           +-------+------------------------------+------------+
           | 0     | Null Body Type               | Section 3  |
           | 1     | AFI List Type                | Section 3  |
           | 2     | Instance ID Type             | Section 3  |
           | 3     | AS Number Type               | Section 3  |
           | 5     | Geo Coordinates Type         | Section 3  |
           | 7     | NAT-Traversal Type           | Section 3  |
           | 9     | Multicast Info Type          | Section 3  |
           | 10    | Explicit Locator Path Type   | Section 3  |
           | 11    | Security Key Type            | Section 3  |
           | 12    | Source/Dest Key Type         | Section 3  |
           | 13    | Replication List Entry Type  | Section 3  |
           +-------+------------------------------+------------+

                  Table 1: LISP LCAF Type Initial Values

8.  References

8.1.  Normative References

   [BCP160]   "An Architecture for Location and Location Privacy in
              Internet Applications", Best Current Practices
              https://www.rfc-editor.org/bcp/bcp160.txt, July 2011.





Farinacci, et al.        Expires April 17, 2017                [Page 36]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   [RFC1918]  Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
              and E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
              <http://www.rfc-editor.org/info/rfc1918>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC3232]  Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced
              by an On-line Database", RFC 3232, DOI 10.17487/RFC3232,
              January 2002, <http://www.rfc-editor.org/info/rfc3232>.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              <http://www.rfc-editor.org/info/rfc5226>.

   [RFC6280]  Barnes, R., Lepinski, M., Cooper, A., Morris, J.,
              Tschofenig, H., and H. Schulzrinne, "An Architecture for
              Location and Location Privacy in Internet Applications",
              BCP 160, RFC 6280, DOI 10.17487/RFC6280, July 2011,
              <http://www.rfc-editor.org/info/rfc6280>.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              <http://www.rfc-editor.org/info/rfc6830>.

   [RFC6836]  Fuller, V., Farinacci, D., Meyer, D., and D. Lewis,
              "Locator/ID Separation Protocol Alternative Logical
              Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836,
              January 2013, <http://www.rfc-editor.org/info/rfc6836>.

   [RFC7159]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
              2014, <http://www.rfc-editor.org/info/rfc7159>.

   [RFC7348]  Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger,
              L., Sridhar, T., Bursell, M., and C. Wright, "Virtual
              eXtensible Local Area Network (VXLAN): A Framework for
              Overlaying Virtualized Layer 2 Networks over Layer 3
              Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
              <http://www.rfc-editor.org/info/rfc7348>.






Farinacci, et al.        Expires April 17, 2017                [Page 37]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   [RFC7637]  Garg, P., Ed. and Y. Wang, Ed., "NVGRE: Network
              Virtualization Using Generic Routing Encapsulation",
              RFC 7637, DOI 10.17487/RFC7637, September 2015,
              <http://www.rfc-editor.org/info/rfc7637>.

8.2.  Informative References

   [AFI]      IANA, , "Address Family Identifier (AFIs)", ADDRESS FAMILY
              NUMBERS http://www.iana.org/assignments/address-family-
              numbers/address-family-numbers.xhtml?, Febuary 2007.

   [I-D.coras-lisp-re]
              Coras, F., Cabellos-Aparicio, A., Domingo-Pascual, J.,
              Maino, F., and D. Farinacci, "LISP Replication
              Engineering", draft-coras-lisp-re-08 (work in progress),
              November 2015.

   [I-D.ermagan-lisp-nat-traversal]
              Ermagan, V., Farinacci, D., Lewis, D., Skriver, J., Maino,
              F., and C. White, "NAT traversal for LISP", draft-ermagan-
              lisp-nat-traversal-11 (work in progress), August 2016.

   [I-D.farinacci-lisp-te]
              Farinacci, D., Kowal, M., and P. Lahiri, "LISP Traffic
              Engineering Use-Cases", draft-farinacci-lisp-te-11 (work
              in progress), September 2016.

   [I-D.gross-geneve]
              Gross, J., Sridhar, T., Garg, P., Wright, C., Ganga, I.,
              Agarwal, P., Duda, K., Dutt, D., and J. Hudson, "Geneve:
              Generic Network Virtualization Encapsulation", draft-
              gross-geneve-02 (work in progress), October 2014.

   [I-D.herbert-gue]
              Herbert, T., Yong, L., and O. Zia, "Generic UDP
              Encapsulation", draft-herbert-gue-03 (work in progress),
              March 2015.

   [I-D.ietf-lisp-crypto]
              Farinacci, D. and B. Weis, "LISP Data-Plane
              Confidentiality", draft-ietf-lisp-crypto-09 (work in
              progress), October 2016.

   [I-D.ietf-lisp-ddt]
              Fuller, V., Lewis, D., Ermagan, V., Jain, A., and A.
              Smirnov, "LISP Delegated Database Tree", draft-ietf-lisp-
              ddt-08 (work in progress), September 2016.




Farinacci, et al.        Expires April 17, 2017                [Page 38]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   [I-D.portoles-lisp-eid-mobility]
              Portoles-Comeras, M., Ashtaputre, V., Moreno, V., Maino,
              F., and D. Farinacci, "LISP L2/L3 EID Mobility Using a
              Unified Control Plane", draft-portoles-lisp-eid-
              mobility-01 (work in progress), October 2016.

   [I-D.quinn-vxlan-gpe]
              Quinn, P., Manur, R., Kreeger, L., Lewis, D., Maino, F.,
              Smith, M., Agarwal, P., Yong, L., Xu, X., Elzur, U., Garg,
              P., and D. Melman, "Generic Protocol Extension for VXLAN",
              draft-quinn-vxlan-gpe-04 (work in progress), February
              2015.

   [I-D.smith-lisp-layer2]
              Smith, M., Dutt, D., Farinacci, D., and F. Maino, "Layer 2
              (L2) LISP Encapsulation Format", draft-smith-lisp-
              layer2-03 (work in progress), September 2013.

   [JSON-BINARY]
              "Universal Binary JSON Specification",
              URL http://ubjson.org.

   [WGS-84]   Geodesy and Geophysics Department, DoD., "World Geodetic
              System 1984", NIMA TR8350.2, January 2000, <http://earth-
              info.nga.mil/GandG/publications/tr8350.2/wgs84fin.pdf>.

Appendix A.  Acknowledgments

   The authors would like to thank Vince Fuller, Gregg Schudel, Jesper
   Skriver, Luigi Iannone, Isidor Kouvelas, and Sander Steffann for
   their technical and editorial commentary.

   The authors would like to thank Victor Moreno for discussions that
   lead to the definition of the Multicast Info LCAF type.

   The authors would like to thank Parantap Lahiri and Michael Kowal for
   discussions that lead to the definition of the Explicit Locator Path
   (ELP) LCAF type.

   The authors would like to thank Fabio Maino and Vina Ermagan for
   discussions that lead to the definition of the Security Key LCAF
   type.

   The authors would like to thank Albert Cabellos-Aparicio and Florin
   Coras for discussions that lead to the definition of the Replication
   List Entry LCAF type.





Farinacci, et al.        Expires April 17, 2017                [Page 39]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Thanks goes to Michiel Blokzijl and Alberto Rodriguez-Natal for
   suggesting new LCAF types.

   Thanks also goes to Terry Manderson for assistance obtaining a LISP
   AFI value from IANA.

Appendix B.  Document Change Log

   [RFC Editor: Please delete this section on publication as RFC.]

B.1.  Changes to draft-ietf-lisp-lcaf-18.txt

   o  Submitted October 2016 after October 13th telechat.

   o  Addressed comments from Ben Campbell, Jari Arrko, Stephen Farrel,
      Peter Yee, Dale Worley, Mirja Kuehlewind, and Suresh Krishnan.

B.2.  Changes to draft-ietf-lisp-lcaf-17.txt

   o  Submitted October 2016.

   o  Addressed comments from Gen-ART reviewer Peter Yee.

   o  Addressed IESG last-call comments from Suresh Krishnan.

B.3.  Changes to draft-ietf-lisp-lcaf-16.txt

   o  Submitted October 2016.

   o  Addressed comments from Security Directorate reviewer David
      Mandelberg.

B.4.  Changes to draft-ietf-lisp-lcaf-15.txt

   o  Submitted September 2016.

   o  Addressed comments from Routing Directorate reviewer Stig Venass.

B.5.  Changes to draft-ietf-lisp-lcaf-14.txt

   o  Submitted July 2016.

   o  Fix IDnits errors and comments from Luigi Iannone, document
      shepherd.







Farinacci, et al.        Expires April 17, 2017                [Page 40]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


B.6.  Changes to draft-ietf-lisp-lcaf-13.txt

   o  Submitted May 2016.

   o  Explain the Instance-ID LCAF Type is 32-bits in length and the
      Instance-ID field in the LISP encapsulation header is 24-bits.

B.7.  Changes to draft-ietf-lisp-lcaf-12.txt

   o  Submitted March 2016.

   o  Updated references and document timer.

   o  Removed the R, J, and L bits from the Multicast Info Type LCAF
      since working group decided to not go forward with draft-
      farinacci-lisp-mr-signaling-03.txt in favor of draft- ietf-lisp-
      signal-free-00.txt.

B.8.  Changes to draft-ietf-lisp-lcaf-11.txt

   o  Submitted September 2015.

   o  Reflecting comments from Prague LISP working group.

   o  Readying document for a LISP LCAF registry, RFC publication, and
      for new use cases that will be defined in the new charter.

B.9.  Changes to draft-ietf-lisp-lcaf-10.txt

   o  Submitted June 2015.

   o  Fix coauthor Job's contact information.

B.10.  Changes to draft-ietf-lisp-lcaf-09.txt

   o  Submitted June 2015.

   o  Fix IANA Considerations section to request a registry to allocate
      and track LCAF Type values.

B.11.  Changes to draft-ietf-lisp-lcaf-08.txt

   o  Submitted April 2015.

   o  Comment from Florin.  The Application Data Type length field has a
      typo.  The field should be labeled "12 + n" and not "8 + n".





Farinacci, et al.        Expires April 17, 2017                [Page 41]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   o  Fix length fields in the sections titled "Using Recursive LISP
      Canonical Address Encodings", "Generic Database Mapping Lookups",
      and "Data Model Encoding".

B.12.  Changes to draft-ietf-lisp-lcaf-07.txt

   o  Submitted December 2014.

   o  Add a new LCAF Type called "Encapsulation Format" so decapsulating
      xTRs can inform encapsulating xTRs what data-plane encapsulations
      they support.

B.13.  Changes to draft-ietf-lisp-lcaf-06.txt

   o  Submitted October 2014.

   o  Make it clear how sorted RLOC records are done when LCAFs are used
      as the RLOC record.

B.14.  Changes to draft-ietf-lisp-lcaf-05.txt

   o  Submitted May 2014.

   o  Add a length field of the JSON payload that can be used for either
      binary or text encoding of JSON data.

B.15.  Changes to draft-ietf-lisp-lcaf-04.txt

   o  Submitted January 2014.

   o  Agreement among ELP implementors to have the AFI 16-bit field
      adjacent to the address.  This will make the encoding consistent
      with all other LCAF type address encodings.

B.16.  Changes to draft-ietf-lisp-lcaf-03.txt

   o  Submitted September 2013.

   o  Updated references and author's affilations.

   o  Added Instance-ID to the Multicast Info Type so there is relative
      ease in parsing (S,G) entries within a VPN.

   o  Add port range encodings to the Application Data LCAF Type.

   o  Add a new JSON LCAF Type.





Farinacci, et al.        Expires April 17, 2017                [Page 42]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   o  Add Address Key/Value LCAF Type to allow attributes to be attached
      to an address.

B.17.  Changes to draft-ietf-lisp-lcaf-02.txt

   o  Submitted March 2013.

   o  Added new LCAF Type "Replication List Entry" to support LISP
      replication engineering use cases.

   o  Changed references to new LISP RFCs.

B.18.  Changes to draft-ietf-lisp-lcaf-01.txt

   o  Submitted January 2013.

   o  Change longitude range from 0-90 to 0-180 in section 4.4.

   o  Added reference to WGS-84 in section 4.4.

B.19.  Changes to draft-ietf-lisp-lcaf-00.txt

   o  Posted first working group draft August 2012.

   o  This draft was renamed from draft-farinacci-lisp-lcaf-10.txt.

Authors' Addresses

   Dino Farinacci
   lispers.net
   San Jose, CA
   USA

   Email: farinacci@gmail.com


   Dave Meyer
   Brocade
   San Jose, CA
   USA

   Email: dmm@1-4-5.net









Farinacci, et al.        Expires April 17, 2017                [Page 43]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Job Snijders
   NTT Communications
   Theodorus Majofskistraat 100
   Amsterdam  1065 SZ
   NL

   Email: job@ntt.net












































Farinacci, et al.        Expires April 17, 2017                [Page 44]

--Apple-Mail=_FA021435-AEE2-4DC5-8667-760FC260A266
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii







--Apple-Mail=_FA021435-AEE2-4DC5-8667-760FC260A266--


From nobody Fri Oct 14 06:15:53 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B99912948B; Fri, 14 Oct 2016 06:15:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DbRlafwdJ0sk; Fri, 14 Oct 2016 06:15:42 -0700 (PDT)
Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5422E127058; Fri, 14 Oct 2016 06:15:42 -0700 (PDT)
Received: by mail-qt0-x22c.google.com with SMTP id f6so77640267qtd.2; Fri, 14 Oct 2016 06:15:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=T19y+aoUmDnHJZhvpL1DoCJC4RN+1HaEUurKullADHw=; b=NrS4UdMOKFYvlCVvmMOEP1tihNag0k4KGZKmFMfehluqq4fMQF1jpEFRKZcBKrOlfz hutfvKX+rONv1NMvEyjss1ljxR9FkMa1CoW34bM4XYHc7j5VI19SGeO0jTSGUUZyFDJz GESuSQw271n+lTC4hAyxX6ebRWjdYz7Bn9SNeVfIIruDNTxSE3MpJBPIGUMcqOoqQxwS 0oN0pAZYkGy0P7DpqD+WhN+wuIuUAowWM0Nqq3F3qy9G5mZgIdqIW0hd3VPACIAnbyg2 2X44N58FByOfu5rVLuuIIPVRRrAGPDiXoZPEGYPeCLLXdbfcb8qUnCX8nRkhrGqoxcKc MykA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=T19y+aoUmDnHJZhvpL1DoCJC4RN+1HaEUurKullADHw=; b=kvvgxSaJBqzMzRuaqpkbDKvb7+slNnPs5VRBAmaGg6Kaul/zjhhe9jaHqI8VlMIJFZ QK/qryLCWTSWRVxSEsNgvVBCQY/Gh4MjoVq2JYQ7OKUJGGr4B0CSImYk/i+8Ml6iLy4T WJCsjOGY/o1E+dNw1PM7gvGuQuDi1n9uDL1INZGqpliCFHFHQttHb6NjeiXf+47e7QMX NvPzGn0rc9p/0ZI8oNTF6EtPqoapbL/EoHFevzNXYAldKcZGzyX3asWhFivceBLGfIBr MOPwZbA+VxEZizsu8nZvxQuynZXxum3IToJGLD/jBb5stwpoKPm8QSvKDwp7wlGk70ry c3SQ==
X-Gm-Message-State: AA6/9RnncP62cCnMMGg3V+KLza/IZbSZPmCpJIb4mXceiaFTQyP0LX0yg4WFZMp8xVm/eg==
X-Received: by 10.28.51.134 with SMTP id z128mr1600550wmz.96.1476450941338; Fri, 14 Oct 2016 06:15:41 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id h3sm31843322wjp.45.2016.10.14.06.15.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:15:40 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147630489842.6289.6818242861462956200.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 06:15:40 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <563D794D-8A8D-488E-9DB8-29B855E7C870@gmail.com>
References: <147630489842.6289.6818242861462956200.idtracker@ietfa.amsl.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/KnE9TlnxvUstAn14o8Kt9yd-TtE>
Cc: lisp-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-crypto@ietf.org, lisp@ietf.org
Subject: Re: [lisp] Kathleen Moriarty's No Objection on draft-ietf-lisp-crypto-09: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:15:45 -0000

> Thanks for your work on this draft.  I think the draft would read =
better
> if the content of the Abstract is repeated in the introduction.  If =
you
> read just the introduction, it is not clear what this draft is about, =
the
> abstract text is needed to have an understanding.

Thanks Kathleen for your review. We=E2=80=99ll repeat the Abstract as =
the first paragraph of the Introducation section.

> In the introduction, I'm not sure what this means:
>   Packets that arrive at
>   the ITR or PITR are typically not modified, which means no =
protection
>   or privacy of the data is added.
>=20
> Do you mean modified as in 'not encrypted' or something else?  It =
would
> be easier to read if what you meant was clearly stated.

I meant =E2=80=9Cnot encrypted=E2=80=9D. Will clarify.

> It's followed by this sentence:
>   If the source host encrypts the
>   data stream then the encapsulated packets can be encrypted but would
>   be redundant.
>=20
> But the introduction doesn't clearly say what this would be redundant =
to.
> Can you clarify this text too?

All the statement means is the packet would be encrypted twice. I=E2=80=99=
ll make the point ore clear.

> Thanks for addressing the SecDir review.
> https://www.ietf.org/mail-archive/web/secdir/current/msg06835.html

No prob.

Thanks,
Dino


From nobody Fri Oct 14 06:16:09 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E7BB127058; Fri, 14 Oct 2016 06:15:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l9HZlBwP-IjD; Fri, 14 Oct 2016 06:15:49 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26FB212963F; Fri, 14 Oct 2016 06:15:49 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id l131so153266182lfl.2; Fri, 14 Oct 2016 06:15:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fYUyTYmb7Ge1YYnpKe6WNBE5eHMFpF4LRO6o3pZtLK8=; b=x2jllyGujq3hmapT3Ij2QGJvgdpcDb1B4FhCQXRGzi0F41z6iywBTT4z2ftgEQt7aa NKy3qSYlQhEDsFXjEHsb4z2H65F/YArrz/3GlyfRkU41ytkaWX4GqEqHmM3y5W2q1oyk j+jhBMoyG5ThRPRmurEWuMqcNWUyEBtgCg6qUYCnSd5WEExHeM5HUT7tPgayA8J69nI+ mVoSWuLpvjBTM6UHe87gldLcmAHIDJ09akv5Aq1dsynblsZoNQVF24rRoLhUpFFjMmGB TVlhnCDQ+XZrPXfVgaRDkpw8Do08ELWC8IR97wRhMnLWbvUA7Myu0jqMdgiss4g6XuTX BTkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=fYUyTYmb7Ge1YYnpKe6WNBE5eHMFpF4LRO6o3pZtLK8=; b=GPsWaoKnqC6fwD3KHgmTm9aPNyixxN/JIah6s0kSKiWD9LRZSqACYuE7FrjzAlhVlR 4v5bKUrlAxNDCUvHvhsPKP6RpAlUsGWbaoWpdsedcKFOVT3KpwUtbuLZ5TyfblJrXREs VJKk6JrnTkROYnF3KtDTuYvKXipHTwFBgAgbJ+YjQfJ477U+V4ldAEEusPIHBvwfEWdh F/N7cxjcLjpJqLh69f+3ePOdzZfGppCWxidjUiCxPeiRdmcE+H41bjGpT0rNYht2UgK/ cBBNymKyfIg9TX9rdtumDe79JelSQymcj9d+71hWQuN8yl6fQlBnXoMzZIPANymCENfh CvDQ==
X-Gm-Message-State: AA6/9RnoF1Q5B8sBB4YCW7TTomV08l3/Nopr8hdkM+mVjsfMdqbxUmN7B6rjGppJj7ZeXA==
X-Received: by 10.28.10.146 with SMTP id 140mr5647117wmk.129.1476450945902; Fri, 14 Oct 2016 06:15:45 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id h3sm31843322wjp.45.2016.10.14.06.15.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:15:44 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com>
Date: Fri, 14 Oct 2016 06:15:44 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <90602BB0-5B19-4047-BD27-6D07134C43AB@gmail.com>
References: <C05B7CF3-3D83-4E69-B67C-976C08BB3611@qti.qualcomm.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/77Vf_Tvgen6UddLR6OVLpZaNoLo>
Cc: General Area Review Team <gen-art@ietf.org>, draft-ietf-lisp-crypto.all@ietf.org, IETF discussion list <ietf@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Gen-ART Review for draft-ietf-lisp-crypto-09
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:15:51 -0000

> Summary: This draft is ready for publication as an Experimental RFC

Thanks for your review Pete. Brian and I appreciate it.

> Though this is not an area of expertise for me, the document is =
clearly written, I reviewed the data structures and they appear correct, =
and the document seems ready to go forward. (I do find it dicey that =
this is an Experimental document. I understand there is history here, =
but this is

The reason the document is Experimental is to be consistent with the =
rest of the LISP RFC set. We do have in the LISP WG charter to standards =
track the RFC-set and anticipate that this RFC will follow the same =
path. But of course, it is for the working group to decide.

> a full-fledged protocol document and the fact that it is only required =
to be subjected to a cursory review for Experimental status and can pass =
IESG review with one "YES" and everyone else "ABSTAIN"ing seems kinda =
ridiculous. But that's not a reason to stop this document.)

I=E2=80=99ll yield to others to comment on this.

> Nits/editorial comments:
>=20
> Section 9, second to last paragraph: "Otherwise, the packet has been =
tampered with and is discarded." The "tampered with" is probably =
overstating the case. I would simply say "invalid=E2=80=9D.

Fixed.

Thanks again,
Dino




From nobody Fri Oct 14 06:16:38 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A127B127058; Fri, 14 Oct 2016 06:16:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ujI17gWTMVqW; Fri, 14 Oct 2016 06:16:16 -0700 (PDT)
Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 125E0129705; Fri, 14 Oct 2016 06:15:56 -0700 (PDT)
Received: by mail-lf0-x236.google.com with SMTP id x79so200813552lff.0; Fri, 14 Oct 2016 06:15:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3taYX4q8hRcS5WELc7/4ic5YFBeAUJInNh3ZTwoYyvw=; b=pflhBDAjU6W7IE1G956wYVxZ9fIKuqtSBVb4YrNVTW/3QJZi3DFRiMcDyeTavh/22l NVebP3LOpM5udPjs0rt6/zHQCdsebQc6aNyMXXQ8TyHzQK5QVfIJZ/THE73tK5z8LC6a UBzqjoIAxV2TwG4nhrt8NGwX0EIh+1K0B69MhKiqXvBMifF2GfbLh3zjZfDGvOdlm0qg MIsv8k4dCmHi6Cx9m/ODSyeMK2ANA74fPGZXBURdM0M/P5ol7xGVzrlH3MyVKEPZkuMy 2ilYKbzngrJmHeUR+fqLMbrLhaV+dedaUORAKGE1KlXPqknrwWtWtvJswdGUNpW21rHq KiOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3taYX4q8hRcS5WELc7/4ic5YFBeAUJInNh3ZTwoYyvw=; b=h2sssSpD8dr57YLSF5993nWWxBme02nB0apqrQFENh1whZQdjVunD683iJ7q0yFMOl yO4EAN5wNPeVAVvHN0oybZ2D6A4khLX3GDXtAE6OLmGgtLcfg6yuvbM9VBPGRZFa6VEp ugf5MvDNydAPAJd+M2xSGdP9Pw3FlLPcpxCks76v62+0QcYFb7MueLwMUzJR2bboxiYl 95rPzCeU2E404kDmN71oKreGcHijmhsfJ9BFxUVxhswz6pnYXDgfdOg/mo7AF+kgulud 9DyZWmJNNvTTtOTcyvvLEsN5EDuzeDD3Zh1NPH9BsB0agEEcTNLqYp9LFp1xAdoAFJXl BQRA==
X-Gm-Message-State: AA6/9Rk4oXyctmtcqnwvvpACvrGyxCliwOnXNi/QEwTSfno5U5+3W6KM0QLNG5EbAH825g==
X-Received: by 10.28.150.20 with SMTP id y20mr5618824wmd.67.1476450954221; Fri, 14 Oct 2016 06:15:54 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id h3sm31843322wjp.45.2016.10.14.06.15.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:15:52 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147636040882.2853.15585935442738597963.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 06:15:52 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <3B1F9F7F-60C3-417A-AE86-7EF48ADC69F5@gmail.com>
References: <147636040882.2853.15585935442738597963.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/KHiuJgBgXysJvktp9ZMwt_UWotM>
Cc: lisp-chairs@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-crypto@ietf.org, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Stephen Farrell's Yes on draft-ietf-lisp-crypto-09: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:16:31 -0000

> Thanks for doing this. Great to see folks incorporating such
> things where we can and I'll be interested to see how the
> experiments with this pan out.

Thanks yet again for another review Stephen. We incorporated such things =
due to you allowing me to present to the SAAG a couple of years ago and =
how helpful people were in general. It was a good idea by Joel to get =
you guys to be involved in the design early in the process.

> - intro: (nit) "PKI infrastructure" - the I in PKI
> already means infrastructure:-)
>=20
> - intro: (another nit) I don't get why " o  Packet
> transport is optimized due to less packet headers.
> Packet loss is reduced by a more efficient key exchange."
> is true.

Less bandwidth utilization both inside of a router and on its external =
links.

> - 3: (more nittyness:) AEAD is defined in RFC5116.

Put the reference in on the first occurence of AEAD.

> - section 6 non-nit: I don't see why you want cipher
> suites 1, 2 and 4. The set of 3,5 and 6 seems to me like
> it'd be plenty. If it's not too late, I'd encourage you
> to either drop 1,2 and 4 or say those are OPTIONAL and
> 3,5 and 6 are RECOMMENDED.

We had a lot of discussion about this. And consulted a few crypto folks. =
We wanted smaller key sizes for devices that were CPU challenged. And we =
wanted DH and ECDH for simpler implementation choices. Cipher Suite 4 =
with key size 3072 with GCM was a strong comment we received.

We are experimenting to see which ones, in time, will be the most =
popular. So I would like to leave as is.

> - section 7: I think you should embed the KDF into the
> cipher suite. It's ok to only have one KDF now, but later
> you may want others and it's fairly easy to include the
> KDF as part of the definition of the ciphersuite.

I will add the KDF to section 6 to each of the Cipher Suites and make it =
the same for now. Thanks, a good suggestion.

> - section 7: Why didn't you choose RFC 5869 for the KDF?
> That's a more accessible reference I think and just as
> good.

Brian?

Dino


From nobody Fri Oct 14 06:17:01 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1958C12951A; Fri, 14 Oct 2016 06:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Level: 
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_HTML_ATTACH=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gMr7OSQ5sWHx; Fri, 14 Oct 2016 06:16:23 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27667129684; Fri, 14 Oct 2016 06:16:05 -0700 (PDT)
Received: by mail-qk0-x230.google.com with SMTP id n189so148393981qke.0; Fri, 14 Oct 2016 06:16:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:mime-version:subject:message-id:date:to; bh=f5Q7ahBrkYiqoLnSpsec8EBAU9ReSPGJ1RBk+ODczkM=; b=Rn4QqopXcjKppdg4p7bvGlc7TfCWPC0OrsGAJfJ95K5FtzPmFUCcemPMAp6RIdh50F SjmXUm47Bh3iMoD0sPlYx7BXHqLi+72t7SrqIAvyjJJ8kYVl48jVxG7Yb8bCa8fh48/r 1aTq9H0xmVUbDewAzKePeXbTAYBPjgYxAN6yjyFVrjpJWbR0JYYKvMR1oph2C8vD6uNV pl8VyiTtOxpmbAilJwV8VvaeJv65WZkvHQd2U9woJrygSvI0u4GArxnJ/OBhd+LQcBp3 /R+R1ppNnSG0gbRKDFVJxiKfQjcoABr8X7QOzvDw1t8D/xqIYMsxzZPPCpm09PuhBptX 3NLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:mime-version:subject:message-id:date:to; bh=f5Q7ahBrkYiqoLnSpsec8EBAU9ReSPGJ1RBk+ODczkM=; b=FHfEp9XVmr26HXQhZw8vrjD3a8Ej/L3Qrwe00MXpyrJ3ta7uj5JNBqlebCzVtBerBf mKR+S6JvLmQLKBTy6OJjAMhGETstLhajgSIbTuWYfQzGUjrqA1Df/x5zGFgN4/HhTglj De7nFJG68YAUe6T8crAA+KDsSm9G9KVwmX3J/jLN4XuFxuoaXaVN6fMAbSpEjAXHdWAd hriqOGWin6fwhHTNlHWDCpY88kRkdj3FQAcmtGL8Z28KNenSkXrLMH2zIJM++chHW185 LN3vcz3HFvEYHe4fZ0X7zfB8ZtfZWqKwfkeiACegR9WGEdrD8WP1tGpUguCGB46DyC4W Di0Q==
X-Gm-Message-State: AA6/9Rk9U7Lnc0onLQLpHJ81XcOSbkNUfMdZaqSOKk3bVjrw6k/HOhaPICXVvUISlPuuFg==
X-Received: by 10.194.161.193 with SMTP id xu1mr1994954wjb.67.1476450963301; Fri, 14 Oct 2016 06:16:03 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id h3sm31843322wjp.45.2016.10.14.06.16.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:16:02 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Content-Type: multipart/mixed; boundary="Apple-Mail=_F40A80DD-6BA9-4592-9DF9-746E4C4E4E50"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Message-Id: <CE9A8E66-8872-47B7-AFA8-1A226F1010A7@gmail.com>
Date: Fri, 14 Oct 2016 06:16:01 -0700
To: The IESG <iesg@ietf.org>, draft-ietf-lisp-crypto@ietf.org, lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/-h9nrj_YKcA1CtIhQ2O83XwCgYc>
Subject: [lisp] Proposed draft-ietf-lisp-crypto-10.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:16:33 -0000

--Apple-Mail=_F40A80DD-6BA9-4592-9DF9-746E4C4E4E50
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Folks, I have updated the lisp-crypto draft reflecting comments from 3 =
people post telechat. Enclosed is a diff and txt file. I=E2=80=99ll wait =
to submit until the end of the weekend to make sure I satisfied =
everyone=E2=80=99s concerns and comments.

Thanks,
Dino/Brian


--Apple-Mail=_F40A80DD-6BA9-4592-9DF9-746E4C4E4E50
Content-Disposition: attachment;
	filename=rfcdiff-crypto.html
Content-Type: text/html;
	x-unix-mode=0644;
	name="rfcdiff-crypto.html"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" =
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=3D(0030)https://tools.ietf.org/rfcdiff -->
<html xmlns=3D"http://www.w3.org/1999/xhtml"><head><meta =
http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8">=20
  =20
  <meta http-equiv=3D"Content-Style-Type" content=3D"text/css">=20
  <title>Diff: draft-ietf-lisp-crypto-09.txt - =
draft-ietf-lisp-crypto-10.txt</title>=20
  <style type=3D"text/css">=20
    body    { margin: 0.4ex; margin-right: auto; }=20
    tr      { }=20
    td      { white-space: pre; font-family: monospace; vertical-align: =
top; font-size: 0.86em;}=20
    th      { font-size: 0.86em; }=20
    .small  { font-size: 0.6em; font-style: italic; font-family: =
Verdana, Helvetica, sans-serif; }=20
    .left   { background-color: #EEE; }=20
    .right  { background-color: #FFF; }=20
    .diff   { background-color: #CCF; }=20
    .lblock { background-color: #BFB; }=20
    .rblock { background-color: #FF8; }=20
    .insert { background-color: #8FF; }=20
    .delete { background-color: #ACF; }=20
    .void   { background-color: #FFB; }=20
    .cont   { background-color: #EEE; }=20
    .linebr { background-color: #AAA; }=20
    .lineno { color: red; background-color: #FFF; font-size: 0.7em; =
text-align: right; padding: 0 2px; }=20
    .elipsis{ background-color: #AAA; }=20
    .left .cont { background-color: #DDD; }=20
    .right .cont { background-color: #EEE; }=20
    .lblock .cont { background-color: #9D9; }=20
    .rblock .cont { background-color: #DD6; }=20
    .insert .cont { background-color: #0DD; }=20
    .delete .cont { background-color: #8AD; }=20
    .stats, .stats td, .stats th { background-color: #EEE; padding: 2px =
0; }=20
    span.hide { display: none; color: #aaa;}    a:hover span { display: =
inline; }    tr.change { background-color: gray; }=20
    tr.change a { text-decoration: none; color: black }=20
  </style>=20
     <script>
var chunk_index =3D 0;
var old_chunk =3D null;

function format_chunk(index) {
    var prefix =3D "diff";
    var str =3D index.toString();
    for (x=3D0; x<(4-str.length); ++x) {
        prefix+=3D'0';
    }
    return prefix + str;
}

function find_chunk(n){
    return document.querySelector('tr[id$=3D"' + n + '"]');
}

function change_chunk(offset) {
    var index =3D chunk_index + offset;
    var new_str;
    var new_chunk;

    new_str =3D format_chunk(index);
    new_chunk =3D find_chunk(new_str);
    if (!new_chunk) {
        return;
    }
    if (old_chunk) {
        old_chunk.style.outline =3D "";
    }
    old_chunk =3D new_chunk;
    old_chunk.style.outline =3D "1px solid red";
    window.location.hash =3D "#" + new_str;
    window.scrollBy(0,-100);
    chunk_index =3D index;
}

document.onkeydown =3D function(e) {
    switch (e.keyCode) {
    case 78:
        change_chunk(1);
        break;
    case 80:
        change_chunk(-1);
        break;
    }
};
   </script>=20
</head>=20
<body>=20
  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0">=20
  <tbody><tr id=3D"part-1" bgcolor=3D"orange"><th></th><th><a =
href=3D"https://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-lisp-crypto-09.tx=
t" style=3D"color:#008; text-decoration:none;">&lt;</a>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-ietf-lisp-crypto-09.txt" =
style=3D"color:#008">draft-ietf-lisp-crypto-09.txt</a>&nbsp;</th><th> =
</th><th>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-ietf-lisp-crypto-10.txt" =
style=3D"color:#008">draft-ietf-lisp-crypto-10.txt</a>&nbsp;<a =
href=3D"https://tools.ietf.org/rfcdiff?url1=3Ddraft-ietf-lisp-crypto-10.tx=
t" style=3D"color:#008; =
text-decoration:none;">&gt;</a></th><th></th></tr>=20
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Internet =
Engineering Task Force                             D. Farinacci</td><td> =
</td><td class=3D"right">Internet Engineering Task Force                 =
            D. Farinacci</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Internet-Draft    =
                                           lispers.net</td><td> </td><td =
class=3D"right">Internet-Draft                                           =
    lispers.net</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Intended status: =
Experimental                                    B. Weis</td><td> =
</td><td class=3D"right">Intended status: Experimental                   =
                 B. Weis</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0001"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">Expires: April =
<span class=3D"delete">9,</span> 2017                                    =
 cisco Systems</td><td> </td><td class=3D"rblock">Expires: April <span =
class=3D"insert">17,</span> 2017                                    =
cisco Systems</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                         October <span =
class=3D"delete">6,</span> 2016</td><td> </td><td class=3D"rblock">      =
                                                  October <span =
class=3D"insert">14,</span> 2016</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
  LISP Data-Plane Confidentiality</td><td> </td><td class=3D"right">     =
               LISP Data-Plane Confidentiality</td><td =
class=3D"lineno"></td></tr>
      <tr id=3D"diff0002"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
       draft-ietf-lisp-crypto-<span class=3D"delete">09</span></td><td> =
</td><td class=3D"rblock">                       =
draft-ietf-lisp-crypto-<span class=3D"insert">10</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Abstract</td><td> =
</td><td class=3D"right">Abstract</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
describes a mechanism for encrypting LISP encapsulated</td><td> </td><td =
class=3D"right">   This document describes a mechanism for encrypting =
LISP encapsulated</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   traffic.  The =
design describes how key exchange is achieved using</td><td> </td><td =
class=3D"right">   traffic.  The design describes how key exchange is =
achieved using</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   existing LISP =
control-plane mechanisms as well as how to secure the</td><td> </td><td =
class=3D"right">   existing LISP control-plane mechanisms as well as how =
to secure the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LISP =
data-plane from third-party surveillance attacks.</td><td> </td><td =
class=3D"right">   LISP data-plane from third-party surveillance =
attacks.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Status of This =
Memo</td><td> </td><td class=3D"right">Status of This Memo</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-2" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> =
page 1, line 34<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> page 1, line 34<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are working documents of the Internet =
Engineering</td><td> </td><td class=3D"right">   Internet-Drafts are =
working documents of the Internet Engineering</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Task Force =
(IETF).  Note that other groups may also distribute</td><td> </td><td =
class=3D"right">   Task Force (IETF).  Note that other groups may also =
distribute</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   working =
documents as Internet-Drafts.  The list of current Internet-</td><td> =
</td><td class=3D"right">   working documents as Internet-Drafts.  The =
list of current Internet-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td> </td><td =
class=3D"right">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are draft documents valid for a maximum of six =
months</td><td> </td><td class=3D"right">   Internet-Drafts are draft =
documents valid for a maximum of six months</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   and may be =
updated, replaced, or obsoleted by other documents at any</td><td> =
</td><td class=3D"right">   and may be updated, replaced, or obsoleted =
by other documents at any</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   time.  It is =
inappropriate to use Internet-Drafts as reference</td><td> </td><td =
class=3D"right">   time.  It is inappropriate to use Internet-Drafts as =
reference</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   material or to =
cite them other than as "work in progress."</td><td> </td><td =
class=3D"right">   material or to cite them other than as "work in =
progress."</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0003"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   This =
Internet-Draft will expire on April <span class=3D"delete">9</span>, =
2017.</td><td> </td><td class=3D"rblock">   This Internet-Draft will =
expire on April <span class=3D"insert">17</span>, 2017.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Copyright =
Notice</td><td> </td><td class=3D"right">Copyright Notice</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Copyright (c) =
2016 IETF Trust and the persons identified as the</td><td> </td><td =
class=3D"right">   Copyright (c) 2016 IETF Trust and the persons =
identified as the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   document =
authors.  All rights reserved.</td><td> </td><td class=3D"right">   =
document authors.  All rights reserved.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td =
class=3D"right">   This document is subject to BCP 78 and the IETF =
Trust's Legal</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Provisions =
Relating to IETF Documents</td><td> </td><td class=3D"right">   =
Provisions Relating to IETF Documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
(http://trustee.ietf.org/license-info) in effect on the date of</td><td> =
</td><td class=3D"right">   (http://trustee.ietf.org/license-info) in =
effect on the date of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   publication of =
this document.  Please review these documents</td><td> </td><td =
class=3D"right">   publication of this document.  Please review these =
documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   carefully, as =
they describe your rights and restrictions with respect</td><td> =
</td><td class=3D"right">   carefully, as they describe your rights and =
restrictions with respect</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   to this =
document.  Code Components extracted from this document must</td><td> =
</td><td class=3D"right">   to this document.  Code Components extracted =
from this document must</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   include =
Simplified BSD License text as described in Section 4.e of</td><td> =
</td><td class=3D"right">   include Simplified BSD License text as =
described in Section 4.e of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   the Trust =
Legal Provisions and are provided without warranty as</td><td> </td><td =
class=3D"right">   the Trust Legal Provisions and are provided without =
warranty as</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   described in =
the Simplified BSD License.</td><td> </td><td class=3D"right">   =
described in the Simplified BSD License.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Table of =
Contents</td><td> </td><td class=3D"right">Table of Contents</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   1.  =
Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   =
2</td><td> </td><td class=3D"right">   1.  Introduction  . . . . . . . . =
. . . . . . . . . . . . . . . .   2</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0004"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   2.  =
Requirements Notation . . . . . . . . . . . . . . . . . . . .   <span =
class=3D"delete">3</span></td><td> </td><td class=3D"rblock">   2.  =
Requirements Notation . . . . . . . . . . . . . . . . . . . .   <span =
class=3D"insert">4</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   3.  Definition =
of Terms . . . . . . . . . . . . . . . . . . . . .   4</td><td> </td><td =
class=3D"right">   3.  Definition of Terms . . . . . . . . . . . . . . . =
. . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   4.  Overview  =
. . . . . . . . . . . . . . . . . . . . . . . . . .   4</td><td> =
</td><td class=3D"right">   4.  Overview  . . . . . . . . . . . . . . . =
. . . . . . . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   5.  =
Diffie-Hellman Key Exchange . . . . . . . . . . . . . . . . .   =
4</td><td> </td><td class=3D"right">   5.  Diffie-Hellman Key Exchange . =
. . . . . . . . . . . . . . . .   4</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   6.  Encoding =
and Transmitting Key Material  . . . . . . . . . . .   5</td><td> =
</td><td class=3D"right">   6.  Encoding and Transmitting Key Material  =
. . . . . . . . . . .   5</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   7.  Shared =
Keys used for the Data-Plane . . . . . . . . . . . . .   8</td><td> =
</td><td class=3D"right">   7.  Shared Keys used for the Data-Plane . . =
. . . . . . . . . . .   8</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   8.  Data-Plane =
Operation  . . . . . . . . . . . . . . . . . . . .  10</td><td> </td><td =
class=3D"right">   8.  Data-Plane Operation  . . . . . . . . . . . . . . =
. . . . . .  10</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   9.  Procedures =
for Encryption and Decryption  . . . . . . . . . .  11</td><td> </td><td =
class=3D"right">   9.  Procedures for Encryption and Decryption  . . . . =
. . . . . .  11</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   10. Dynamic =
Rekeying  . . . . . . . . . . . . . . . . . . . . . .  12</td><td> =
</td><td class=3D"right">   10. Dynamic Rekeying  . . . . . . . . . . . =
. . . . . . . . . . .  12</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   11. Future =
Work . . . . . . . . . . . . . . . . . . . . . . . . .  13</td><td> =
</td><td class=3D"right">   11. Future Work . . . . . . . . . . . . . . =
. . . . . . . . . . .  13</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   12. Security =
Considerations . . . . . . . . . . . . . . . . . . .  13</td><td> =
</td><td class=3D"right">   12. Security Considerations . . . . . . . . =
. . . . . . . . . . .  13</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     12.1.  SAAG =
Support . . . . . . . . . . . . . . . . . . . . . .  13</td><td> =
</td><td class=3D"right">     12.1.  SAAG Support . . . . . . . . . . . =
. . . . . . . . . . .  13</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     12.2.  =
LISP-Crypto Security Threats . . . . . . . . . . . . . .  14</td><td> =
</td><td class=3D"right">     12.2.  LISP-Crypto Security Threats . . . =
. . . . . . . . . . .  14</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   13. IANA =
Considerations . . . . . . . . . . . . . . . . . . . . .  14</td><td> =
</td><td class=3D"right">   13. IANA Considerations . . . . . . . . . . =
. . . . . . . . . . .  14</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   14. References =
 . . . . . . . . . . . . . . . . . . . . . . . . .  15</td><td> </td><td =
class=3D"right">   14. References  . . . . . . . . . . . . . . . . . . . =
. . . . . .  15</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     14.1.  =
Normative References . . . . . . . . . . . . . . . . . .  15</td><td> =
</td><td class=3D"right">     14.1.  Normative References . . . . . . . =
. . . . . . . . . . .  15</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     14.2.  =
Informative References . . . . . . . . . . . . . . . . .  16</td><td> =
</td><td class=3D"right">     14.2.  Informative References . . . . . . =
. . . . . . . . . . .  16</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix A.  =
Acknowledgments  . . . . . . . . . . . . . . . . . .  17</td><td> =
</td><td class=3D"right">   Appendix A.  Acknowledgments  . . . . . . . =
. . . . . . . . . . .  17</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix B.  =
Document Change Log  . . . . . . . . . . . . . . . .  17</td><td> =
</td><td class=3D"right">   Appendix B.  Document Change Log  . . . . . =
. . . . . . . . . . .  17</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0005"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.1.  =
Changes to <span class=3D"delete">draft-ietf-lisp-crypto-09.txt</span>  =
. . . . . . . .  17</td><td> </td><td class=3D"rblock">     B.1.  =
Changes to <span class=3D"insert">draft-ietf-lisp-crypto-10.txt</span>  =
. . . . . . . .  17</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.2.  =
Changes to <span class=3D"delete">draft-ietf-lisp-crypto-08.txt</span>  =
. . . . . . . .  18</td><td> </td><td class=3D"rblock">     B.2.  =
Changes to <span class=3D"insert">draft-ietf-lisp-crypto-09.txt</span>  =
. . . . . . . .  18</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.3.  =
Changes to <span class=3D"delete">draft-ietf-lisp-crypto-07.txt</span>  =
. . . . . . . .  18</td><td> </td><td class=3D"rblock">     B.3.  =
Changes to <span class=3D"insert">draft-ietf-lisp-crypto-08.txt</span>  =
. . . . . . . .  18</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.4.  =
Changes to <span class=3D"delete">draft-ietf-lisp-crypto-06.txt</span>  =
. . . . . . . .  18</td><td> </td><td class=3D"rblock">     B.4.  =
Changes to <span class=3D"insert">draft-ietf-lisp-crypto-07.txt</span>  =
. . . . . . . .  18</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.5.  =
Changes to <span class=3D"delete">draft-ietf-lisp-crypto-05.txt</span>  =
. . . . . . . .  18</td><td> </td><td class=3D"rblock">     B.5.  =
Changes to <span class=3D"insert">draft-ietf-lisp-crypto-06.txt</span>  =
. . . . . . . .  18</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.6.  =
Changes to <span class=3D"delete">draft-ietf-lisp-crypto-04.txt</span>  =
. . . . . . . .  18</td><td> </td><td class=3D"rblock">     B.6.  =
Changes to <span class=3D"insert">draft-ietf-lisp-crypto-05.txt</span>  =
. . . . . . . .  18</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.7.  =
Changes to <span class=3D"delete">draft-ietf-lisp-crypto-03.txt</span>  =
. . . . . . . .  18</td><td> </td><td class=3D"rblock">     B.7.  =
Changes to <span class=3D"insert">draft-ietf-lisp-crypto-04.txt</span>  =
. . . . . . . .  18</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.8.  =
Changes to draft-ietf-lisp-crypto-02.txt  . . . . . . . .  19</td><td> =
</td><td class=3D"rblock">     B.8.  Changes to <span =
class=3D"insert">draft-ietf-lisp-crypto-03.txt  . . . . . . . .  =
18</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     <span =
class=3D"delete">B.9.</span>  Changes to draft-ietf-lisp-crypto-01.txt  =
. . . . . . . .  19</td><td> </td><td class=3D"rblock"><span =
class=3D"insert">     B.9.  Changes to</span> =
draft-ietf-lisp-crypto-02.txt  . . . . . . . .  19</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     <span =
class=3D"delete">B.10.</span> Changes to draft-ietf-lisp-crypto-00.txt  =
. . . . . . . .  19</td><td> </td><td class=3D"rblock">     <span =
class=3D"insert">B.10.</span> Changes to draft-ietf-lisp-crypto-01.txt  =
. . . . . . . .  19</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     <span =
class=3D"delete">B.11.</span> Changes to =
draft-farinacci-lisp-crypto-01.txt . . . . . .  20</td><td> </td><td =
class=3D"rblock">     <span class=3D"insert">B.11.</span> Changes to =
draft-ietf-lisp-crypto-00.txt  . . . . . . . .  19</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     <span =
class=3D"delete">B.12.</span> Changes to =
draft-farinacci-lisp-crypto-00.txt . . . . . .  20</td><td> </td><td =
class=3D"rblock">     <span class=3D"insert">B.12.</span> Changes to =
draft-farinacci-lisp-crypto-01.txt . . . . . .  20</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">     <span class=3D"insert">B.13.</span> =
Changes to draft-farinacci-lisp-crypto-00.txt . . . . . .  20</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Authors' =
Addresses  . . . . . . . . . . . . . . . . . . . . . . .  20</td><td> =
</td><td class=3D"right">   Authors' Addresses  . . . . . . . . . . . . =
. . . . . . . . . . .  20</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">1.  =
Introduction</td><td> </td><td class=3D"right">1.  Introduction</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0006"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">This document =
describes a mechanism for encrypting LISP encapsulated</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   traffic.  The design =
describes how key exchange is achieved using</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   existing LISP =
control-plane mechanisms as well as how to secure the</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   LISP data-plane from =
third-party surveillance attacks.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The Locator/ID =
Separation Protocol [RFC6830] defines a set of</td><td> </td><td =
class=3D"right">   The Locator/ID Separation Protocol [RFC6830] defines =
a set of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   functions for =
routers to exchange information used to map from non-</td><td> </td><td =
class=3D"right">   functions for routers to exchange information used to =
map from non-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   routable =
Endpoint Identifiers (EIDs) to routable Routing Locators</td><td> =
</td><td class=3D"right">   routable Endpoint Identifiers (EIDs) to =
routable Routing Locators</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   (RLOCs).  LISP =
Ingress Tunnel Routers (ITRs) and Proxy Ingress Tunnel</td><td> </td><td =
class=3D"right">   (RLOCs).  LISP Ingress Tunnel Routers (ITRs) and =
Proxy Ingress Tunnel</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Routers =
(PITRs) encapsulate packets to Egress Tunnel Routers (ETRs)</td><td> =
</td><td class=3D"right">   Routers (PITRs) encapsulate packets to =
Egress Tunnel Routers (ETRs)</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   and =
Reencapsulating Tunnel Routers (RTRs).  Packets that arrive at</td><td> =
</td><td class=3D"right">   and Reencapsulating Tunnel Routers (RTRs).  =
Packets that arrive at</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0007"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   the ITR or =
PITR <span class=3D"delete">are typically</span> not <span =
class=3D"delete">modified,</span> which means no protection</td><td> =
</td><td class=3D"rblock">   the ITR or PITR <span =
class=3D"insert">may</span> not <span class=3D"insert">be =
encrypted,</span> which means no protection or</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   or privacy =
of the data is added.  <span class=3D"delete">If</span> the source host =
encrypts the</td><td> </td><td class=3D"rblock">   privacy of the data =
is added.  <span class=3D"insert">When</span> the source host encrypts =
the data</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   data <span =
class=3D"delete">stream then the</span> encapsulated packets <span =
class=3D"delete">can</span> be encrypted <span class=3D"delete">but =
would</span></td><td> </td><td class=3D"rblock">   <span =
class=3D"insert">stream,</span> encapsulated packets <span =
class=3D"insert">do not need to</span> be encrypted <span =
class=3D"insert">by LISP.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">   be redundant.</span>  However, when plaintext =
packets are sent by hosts,</td><td> </td><td class=3D"rblock">   =
However, when plaintext packets are sent by hosts, this design =
can</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   this design =
can encrypt the user payload to maintain privacy on the</td><td> =
</td><td class=3D"rblock">   encrypt the user payload to maintain =
privacy on the path between the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   path between =
the encapsulator (the ITR or PITR) to a decapsulator</td><td> </td><td =
class=3D"rblock">   encapsulator (the ITR or PITR) to a decapsulator =
(ETR or RTR).  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   (ETR or =
RTR).  The encrypted payload is unidirectional.  However,</td><td> =
</td><td class=3D"rblock">   encrypted payload is unidirectional.  =
However, return traffic uses</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   return =
traffic uses the same procedures but with different key values</td><td> =
</td><td class=3D"rblock">   the same procedures but with different key =
values by the same xTRs or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   by the same =
xTRs or potentially different xTRs when the paths between</td><td> =
</td><td class=3D"rblock">   potentially different xTRs when the paths =
between LISP sites are</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   LISP sites =
are asymmetric.</td><td> </td><td class=3D"rblock">   =
asymmetric.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
has the following requirements (as well as the general</td><td> </td><td =
class=3D"right">   This document has the following requirements (as well =
as the general</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   requirements =
from [RFC6973]) for the solution space:</td><td> </td><td class=3D"right">=
   requirements from [RFC6973]) for the solution space:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Do not =
require a separate Public Key Infrastructure (PKI) that is</td><td> =
</td><td class=3D"right">   o  Do not require a separate Public Key =
Infrastructure (PKI) that is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      out of =
scope of the LISP control-plane architecture.</td><td> </td><td =
class=3D"right">      out of scope of the LISP control-plane =
architecture.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  The budget =
for key exchange MUST be one round-trip time.  That is,</td><td> =
</td><td class=3D"right">   o  The budget for key exchange MUST be one =
round-trip time.  That is,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      only a two =
packet exchange can occur.</td><td> </td><td class=3D"right">      only =
a two packet exchange can occur.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-3" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> =
page 3, line 34<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> page 3, line 40<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Provide for =
rekeying when secret keys are compromised.</td><td> </td><td =
class=3D"right">   o  Provide for rekeying when secret keys are =
compromised.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Support =
Authenticated Encryption with packet integrity checks.</td><td> </td><td =
class=3D"right">   o  Support Authenticated Encryption with packet =
integrity checks.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Support =
multiple cipher suites so new crypto algorithms can be</td><td> </td><td =
class=3D"right">   o  Support multiple cipher suites so new crypto =
algorithms can be</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      easily =
introduced.</td><td> </td><td class=3D"right">      easily =
introduced.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Satisfying the =
above requirements provides the following benefits:</td><td> </td><td =
class=3D"right">   Satisfying the above requirements provides the =
following benefits:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0008"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   o  Avoiding =
a PKI <span class=3D"delete">infrastructure</span> reduces the =
operational cost of</td><td> </td><td class=3D"rblock">   o  Avoiding a =
PKI reduces the operational cost of managing a secure</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      managing =
a secure network.  Key management is distributed and</td><td> </td><td =
class=3D"rblock">      network.  Key management is distributed and =
independent from any</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      =
independent from any other infrastructure.</td><td> </td><td =
class=3D"rblock">      other infrastructure.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Packet =
transport is optimized due to less packet headers.  Packet</td><td> =
</td><td class=3D"right">   o  Packet transport is optimized due to less =
packet headers.  Packet</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0009"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      loss is =
reduced by a more efficient key exc<span =
class=3D"delete">ah</span>nge.</td><td> </td><td class=3D"rblock">      =
loss is reduced by a more efficient key exc<span =
class=3D"insert">ha</span>nge.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  =
Authentication and privacy are provided with a single mechanism</td><td> =
</td><td class=3D"right">   o  Authentication and privacy are provided =
with a single mechanism</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      thereby =
providing less per packet overhead and therefore more</td><td> </td><td =
class=3D"right">      thereby providing less per packet overhead and =
therefore more</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      resource =
efficiency.</td><td> </td><td class=3D"right">      resource =
efficiency.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">2.  Requirements =
Notation</td><td> </td><td class=3D"right">2.  Requirements =
Notation</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The key words =
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td> </td><td =
class=3D"right">   The key words "MUST", "MUST NOT", "REQUIRED", =
"SHALL", "SHALL NOT",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   "SHOULD", =
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this</td><td> =
</td><td class=3D"right">   "SHOULD", "SHOULD NOT", "RECOMMENDED", =
"MAY", and "OPTIONAL" in this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   document are =
to be interpreted as described in [RFC2119].</td><td> </td><td =
class=3D"right">   document are to be interpreted as described in =
[RFC2119].</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">3.  Definition of =
Terms</td><td> </td><td class=3D"right">3.  Definition of Terms</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0010"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   AEAD: =
Authenticated Encryption with Additional Data.</td><td> </td><td =
class=3D"rblock">   AEAD: Authenticated Encryption with Additional =
Data<span class=3D"insert"> [RFC5116]</span>.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   ICV: Integrity =
Check Value.</td><td> </td><td class=3D"right">   ICV: Integrity Check =
Value.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LCAF: LISP =
Canonical Address Format ([LCAF]).</td><td> </td><td class=3D"right">   =
LCAF: LISP Canonical Address Format ([LCAF]).</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   xTR: A general =
reference to ITRs, ETRs, RTRs, and PxTRs.</td><td> </td><td =
class=3D"right">   xTR: A general reference to ITRs, ETRs, RTRs, and =
PxTRs.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.  =
Overview</td><td> </td><td class=3D"right">4.  Overview</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The approach =
proposed in this document is to NOT rely on the LISP</td><td> </td><td =
class=3D"right">   The approach proposed in this document is to NOT rely =
on the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-4" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-4"><em> =
page 7, line 13<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-4"><em> page 7, line 13<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   be transmitted =
as 0 and MUST be ignored on receipt.</td><td> </td><td class=3D"right">  =
 be transmitted as 0 and MUST be ignored on receipt.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"> Cipher Suite =
0:</td><td> </td><td class=3D"right"> Cipher Suite 0:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
Reserved</td><td> </td><td class=3D"right">    Reserved</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"> Cipher Suite =
1:</td><td> </td><td class=3D"right"> Cipher Suite 1:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
Diffie-Hellman Group: 2048-bit MODP [RFC3526]</td><td> </td><td =
class=3D"right">    Diffie-Hellman Group: 2048-bit MODP =
[RFC3526]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Encryption:  =
AES with 128-bit keys in CBC mode [AES-CBC]</td><td> </td><td =
class=3D"right">    Encryption:  AES with 128-bit keys in CBC mode =
[AES-CBC]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Integrity:   =
Integrated with [AES-CBC] AEAD_AES_128_CBC_HMAC_SHA_256</td><td> =
</td><td class=3D"right">    Integrity:   Integrated with [AES-CBC] =
AEAD_AES_128_CBC_HMAC_SHA_256</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    IV length:   =
16 bytes</td><td> </td><td class=3D"right">    IV length:   16 =
bytes</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0011"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">    KDF:         =
HMAC-SHA-256</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"> Cipher Suite =
2:</td><td> </td><td class=3D"right"> Cipher Suite 2:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
Diffie-Hellman Group: 256-bit Elliptic-Curve 25519 [CURVE25519]</td><td> =
</td><td class=3D"right">    Diffie-Hellman Group: 256-bit =
Elliptic-Curve 25519 [CURVE25519]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Encryption:  =
AES with 128-bit keys in CBC mode [AES-CBC]</td><td> </td><td =
class=3D"right">    Encryption:  AES with 128-bit keys in CBC mode =
[AES-CBC]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Integrity:   =
Integrated with [AES-CBC] AEAD_AES_128_CBC_HMAC_SHA_256</td><td> =
</td><td class=3D"right">    Integrity:   Integrated with [AES-CBC] =
AEAD_AES_128_CBC_HMAC_SHA_256</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    IV length:   =
16 bytes</td><td> </td><td class=3D"right">    IV length:   16 =
bytes</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0012"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">    KDF:         =
HMAC-SHA-256</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"> Cipher Suite =
3:</td><td> </td><td class=3D"right"> Cipher Suite 3:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
Diffie-Hellman Group: 2048-bit MODP [RFC3526]</td><td> </td><td =
class=3D"right">    Diffie-Hellman Group: 2048-bit MODP =
[RFC3526]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Encryption:  =
AES with 128-bit keys in GCM mode [RFC5116]</td><td> </td><td =
class=3D"right">    Encryption:  AES with 128-bit keys in GCM mode =
[RFC5116]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Integrity:   =
Integrated with [RFC5116] AEAD_AES_128_GCM</td><td> </td><td =
class=3D"right">    Integrity:   Integrated with [RFC5116] =
AEAD_AES_128_GCM</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    IV length:   =
12 bytes</td><td> </td><td class=3D"right">    IV length:   12 =
bytes</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0013"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">    KDF:         =
HMAC-SHA-256</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"> Cipher Suite =
4:</td><td> </td><td class=3D"right"> Cipher Suite 4:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
Diffie-Hellman Group: 3072-bit MODP [RFC3526]</td><td> </td><td =
class=3D"right">    Diffie-Hellman Group: 3072-bit MODP =
[RFC3526]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Encryption:  =
AES with 128-bit keys in GCM mode [RFC5116]</td><td> </td><td =
class=3D"right">    Encryption:  AES with 128-bit keys in GCM mode =
[RFC5116]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Integrity:   =
Integrated with [RFC5116] AEAD_AES_128_GCM</td><td> </td><td =
class=3D"right">    Integrity:   Integrated with [RFC5116] =
AEAD_AES_128_GCM</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    IV length:   =
12 bytes</td><td> </td><td class=3D"right">    IV length:   12 =
bytes</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0014"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">    KDF:         =
HMAC-SHA-256</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"> Cipher Suite =
5:</td><td> </td><td class=3D"right"> Cipher Suite 5:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    =
Diffie-Hellman Group: 256-bit Elliptic-Curve 25519 [CURVE25519]</td><td> =
</td><td class=3D"right">    Diffie-Hellman Group: 256-bit =
Elliptic-Curve 25519 [CURVE25519]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Encryption:  =
AES with 128-bit keys in GCM mode [RFC5116]</td><td> </td><td =
class=3D"right">    Encryption:  AES with 128-bit keys in GCM mode =
[RFC5116]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    Integrity:   =
Integrated with [RFC5116] AEAD_AES_128_GCM</td><td> </td><td =
class=3D"right">    Integrity:   Integrated with [RFC5116] =
AEAD_AES_128_GCM</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    IV length:   =
12 bytes</td><td> </td><td class=3D"right">    IV length:   12 =
bytes</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0015"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">    KDF:         =
HMAC-SHA-256</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"> Cipher Suite =
6:</td><td> </td><td class=3D"right"> Cipher Suite 6:</td><td =
class=3D"lineno"></td></tr>
      <tr id=3D"diff0016"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     =
Diffie-Hellman Group: 256-bit Elliptic-Curve 25519 [CURVE25519]</td><td> =
</td><td class=3D"rblock">    Diffie-Hellman Group: 256-bit =
Elliptic-Curve 25519 [CURVE25519]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     =
Encryption: Chacha20-Poly1305 [CHACHA-POLY] [RFC7539]</td><td> </td><td =
class=3D"rblock">    Encryption: Chacha20-Poly1305 [CHACHA-POLY] =
[RFC7539]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     Integrity: =
 Integrated with [CHACHA-POLY] AEAD_CHACHA20_POLY1305</td><td> </td><td =
class=3D"rblock">    Integrity:  Integrated with [CHACHA-POLY] =
AEAD_CHACHA20_POLY1305</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     IV length: =
 8 bytes</td><td> </td><td class=3D"rblock">    IV length:  8 =
bytes</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">    <span class=3D"insert">KDF:        =
HMAC-SHA-256</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The "Public =
Key Material" field contains the public key generated by</td><td> =
</td><td class=3D"right">   The "Public Key Material" field contains the =
public key generated by</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   one of the =
Cipher Suites defined above.  The length of the key in</td><td> </td><td =
class=3D"right">   one of the Cipher Suites defined above.  The length =
of the key in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   octets is =
encoded in the "Key Length" field.</td><td> </td><td class=3D"right">   =
octets is encoded in the "Key Length" field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When an ITR, =
PITR, or RTR sends a Map-Request, they will encode their</td><td> =
</td><td class=3D"right">   When an ITR, PITR, or RTR sends a =
Map-Request, they will encode their</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   own RLOC in =
the Security Type LCAF format within the ITR-RLOCs field.</td><td> =
</td><td class=3D"right">   own RLOC in the Security Type LCAF format =
within the ITR-RLOCs field.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When a ETR or =
RTR sends a Map-Reply, they will encode their RLOCs in</td><td> </td><td =
class=3D"right">   When a ETR or RTR sends a Map-Reply, they will encode =
their RLOCs in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Security Type =
LCAF format within the RLOC-record field of each EID-</td><td> </td><td =
class=3D"right">   Security Type LCAF format within the RLOC-record =
field of each EID-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   record =
supplied.</td><td> </td><td class=3D"right">   record supplied.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-5" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-5"><em> =
page 8, line 39<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-5"><em> page 8, line 47<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Request and =
copied into the Map-Reply.</td><td> </td><td class=3D"right">   Request =
and copied into the Map-Reply.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The resulting =
shared secret is used to compute an AEAD-key for the</td><td> </td><td =
class=3D"right">   The resulting shared secret is used to compute an =
AEAD-key for the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   algorithms =
specified in the cipher suite.  A Key Derivation Function</td><td> =
</td><td class=3D"right">   algorithms specified in the cipher suite.  A =
Key Derivation Function</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   (KDF) in =
counter mode as specified by [NIST-SP800-108] is used to</td><td> =
</td><td class=3D"right">   (KDF) in counter mode as specified by =
[NIST-SP800-108] is used to</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   generate the =
data-plane keys.  The amount of keying material that is</td><td> =
</td><td class=3D"right">   generate the data-plane keys.  The amount of =
keying material that is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   derived =
depends on the algorithms in the cipher suite.</td><td> </td><td =
class=3D"right">   derived depends on the algorithms in the cipher =
suite.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The inputs to =
the KDF are as follows:</td><td> </td><td class=3D"right">   The inputs =
to the KDF are as follows:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0017"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   o  KDF =
function.  This is <span class=3D"delete">HMAC-SHA-256.</span></td><td> =
</td><td class=3D"rblock">   o  KDF function.  This is <span =
class=3D"insert">HMAC-SHA-256 in this document but =
generally</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      specified in each =
Cipher Suite definition.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  A key for =
the KDF function.  This is the computed Diffie-Hellman</td><td> </td><td =
class=3D"right">   o  A key for the KDF function.  This is the computed =
Diffie-Hellman</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      shared =
secret.</td><td> </td><td class=3D"right">      shared secret.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Context =
that binds the use of the data-plane keys to this session.</td><td> =
</td><td class=3D"right">   o  Context that binds the use of the =
data-plane keys to this session.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      The context =
is made up of the following fields, which are</td><td> </td><td =
class=3D"right">      The context is made up of the following fields, =
which are</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
concatenated and provided as the data to be acted upon by the =
KDF</td><td> </td><td class=3D"right">      concatenated and provided as =
the data to be acted upon by the KDF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
function.</td><td> </td><td class=3D"right">      function.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Context:</td><td> </td><td class=3D"right">   Context:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-6" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-6"><em> =
page 12, line 14<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-6"><em> page 12, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   1.  The outer =
IP header, UDP header, LISP header, and IV field are</td><td> </td><td =
class=3D"right">   1.  The outer IP header, UDP header, LISP header, and =
IV field are</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       stripped =
from the start of the packet.  The LISP header and IV</td><td> </td><td =
class=3D"right">       stripped from the start of the packet.  The LISP =
header and IV</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       are =
retained and given to the AEAD decryption operation as the</td><td> =
</td><td class=3D"right">       are retained and given to the AEAD =
decryption operation as the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       =
"associated data" argument.</td><td> </td><td class=3D"right">       =
"associated data" argument.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   2.  The packet =
is decrypted using the AEAD-key and the IV from the</td><td> </td><td =
class=3D"right">   2.  The packet is decrypted using the AEAD-key and =
the IV from the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       packet.  =
The AEAD-key is obtained from a local-cache associated</td><td> </td><td =
class=3D"right">       packet.  The AEAD-key is obtained from a =
local-cache associated</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       with the =
key-id value from the LISP header.  The result of the</td><td> </td><td =
class=3D"right">       with the key-id value from the LISP header.  The =
result of the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       decryption =
function is a plaintext packet payload if the cipher</td><td> </td><td =
class=3D"right">       decryption function is a plaintext packet payload =
if the cipher</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0018"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">       returned =
a verified ICV.  Otherwise, the packet <span class=3D"delete">has been =
tampered</span></td><td> </td><td class=3D"rblock">       returned a =
verified ICV.  Otherwise, the packet <span class=3D"insert">is =
invalid</span> and is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">       with</span> and is discarded.  If the AEAD =
specification included an</td><td> </td><td class=3D"rblock">       =
discarded.  If the AEAD specification included an ICV, the AEAD</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">       ICV, the =
AEAD decryption function will locate the ICV in the</td><td> </td><td =
class=3D"rblock">       decryption function will locate the ICV in the =
ciphertext and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">       =
ciphertext and compare it to a version of the ICV that the AEAD</td><td> =
</td><td class=3D"rblock">       compare it to a version of the ICV that =
the AEAD decryption</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">       =
decryption function computes.  If the computed ICV is different</td><td> =
</td><td class=3D"rblock">       function computes.  If the computed ICV =
is different than the ICV</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">       than the =
ICV located in the ciphertext, then it will be</td><td> </td><td =
class=3D"rblock">       located in the ciphertext, then it will be =
considered tampered.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">       =
considered tampered.</td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   3.  If the =
packet was not tampered with, the decrypted packet is</td><td> </td><td =
class=3D"right">   3.  If the packet was not tampered with, the =
decrypted packet is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       forwarded =
to the destination EID.</td><td> </td><td class=3D"right">       =
forwarded to the destination EID.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">10.  Dynamic =
Rekeying</td><td> </td><td class=3D"right">10.  Dynamic Rekeying</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Since multiple =
keys can be encoded in both control and data messages,</td><td> </td><td =
class=3D"right">   Since multiple keys can be encoded in both control =
and data messages,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   an ITR can =
encapsulate and encrypt with a specific key while it is</td><td> =
</td><td class=3D"right">   an ITR can encapsulate and encrypt with a =
specific key while it is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   negotiating =
other keys with the same ETR.  As soon as an ETR or RTR</td><td> =
</td><td class=3D"right">   negotiating other keys with the same ETR.  =
As soon as an ETR or RTR</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   returns a =
Map-Reply, it should be prepared to decapsulate and decrypt</td><td> =
</td><td class=3D"right">   returns a Map-Reply, it should be prepared =
to decapsulate and decrypt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-7" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-7"><em> =
page 17, line 45<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-7"><em> page 17, line =
45<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   security =
expertise to make lisp-crypto as secure as the state of the</td><td> =
</td><td class=3D"right">   security expertise to make lisp-crypto as =
secure as the state of the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   art in =
cryptography.</td><td> </td><td class=3D"right">   art in =
cryptography.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   In addition, =
the support and suggestions from the SAAG working group</td><td> =
</td><td class=3D"right">   In addition, the support and suggestions =
from the SAAG working group</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   were helpful =
and appreciative.</td><td> </td><td class=3D"right">   were helpful and =
appreciative.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Appendix B.  =
Document Change Log</td><td> </td><td class=3D"right">Appendix B.  =
Document Change Log</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC Editor: =
Please delete this section on publication as RFC.]</td><td> </td><td =
class=3D"right">   [RFC Editor: Please delete this section on =
publication as RFC.]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0019"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1.  Changes =
to draft-ietf-lisp-crypto-09.txt</td><td> </td><td class=3D"rblock">B.1. =
 Changes to <span =
class=3D"insert">draft-ietf-lisp-crypto-10.txt</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Posted October =
2016 after October 13th telechat.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Addressed =
comments from Kathleen Moriarty, Stephen Farrel, and</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      Pete =
Resnick.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">B.2.  Changes to</span> =
draft-ietf-lisp-crypto-09.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
October 2016.</td><td> </td><td class=3D"right">   o  Posted October =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from OPs Directorate reviewer Susan Hares.</td><td> </td><td =
class=3D"right">   o  Addressed comments from OPs Directorate reviewer =
Susan Hares.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0020"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">2</span>.  Changes to =
draft-ietf-lisp-crypto-08.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">3</span>.  Changes to =
draft-ietf-lisp-crypto-08.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
September 2016.</td><td> </td><td class=3D"right">   o  Posted September =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Security Directorate reviewer Chris</td><td> </td><td =
class=3D"right">   o  Addressed comments from Security Directorate =
reviewer Chris</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
Lonvick.</td><td> </td><td class=3D"right">      Lonvick.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0021"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">3</span>.  Changes to =
draft-ietf-lisp-crypto-07.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">4</span>.  Changes to =
draft-ietf-lisp-crypto-07.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
September 2016.</td><td> </td><td class=3D"right">   o  Posted September =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Routing Directorate reviewer Danny</td><td> </td><td =
class=3D"right">   o  Addressed comments from Routing Directorate =
reviewer Danny</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
McPherson.</td><td> </td><td class=3D"right">      McPherson.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0022"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">4</span>.  Changes to =
draft-ietf-lisp-crypto-06.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">5</span>.  Changes to =
draft-ietf-lisp-crypto-06.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted June =
2016.</td><td> </td><td class=3D"right">   o  Posted June 2016.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fixed =
IDnits errors.</td><td> </td><td class=3D"right">   o  Fixed IDnits =
errors.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0023"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">5</span>.  Changes to =
draft-ietf-lisp-crypto-05.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">6</span>.  Changes to =
draft-ietf-lisp-crypto-05.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted June =
2016.</td><td> </td><td class=3D"right">   o  Posted June 2016.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Update =
document which reflects comments Luigi provided as document</td><td> =
</td><td class=3D"right">   o  Update document which reflects comments =
Luigi provided as document</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
shepherd.</td><td> </td><td class=3D"right">      shepherd.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0024"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">6</span>.  Changes to =
draft-ietf-lisp-crypto-04.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">7</span>.  Changes to =
draft-ietf-lisp-crypto-04.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted May =
2016.</td><td> </td><td class=3D"right">   o  Posted May 2016.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Update =
document timer from expiration.</td><td> </td><td class=3D"right">   o  =
Update document timer from expiration.</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0025"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">7</span>.  Changes to =
draft-ietf-lisp-crypto-03.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">8</span>.  Changes to =
draft-ietf-lisp-crypto-03.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
December 2015.</td><td> </td><td class=3D"right">   o  Posted December =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Changed =
cipher suite allocations.  We now have 2 AES-CBC cipher</td><td> =
</td><td class=3D"right">   o  Changed cipher suite allocations.  We now =
have 2 AES-CBC cipher</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      suites for =
compatibility, 3 AES-GCM cipher suites that are faster</td><td> </td><td =
class=3D"right">      suites for compatibility, 3 AES-GCM cipher suites =
that are faster</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      ciphers =
that include AE and a Chacha20-Poly1305 cipher suite which</td><td> =
</td><td class=3D"right">      ciphers that include AE and a =
Chacha20-Poly1305 cipher suite which</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      is the =
fastest but not totally proven/accepted..</td><td> </td><td =
class=3D"right">      is the fastest but not totally =
proven/accepted..</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Remove =
1024-bit DH keys for key exchange.</td><td> </td><td class=3D"right">   =
o  Remove 1024-bit DH keys for key exchange.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-8" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-8"><em> =
page 19, line 25<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-8"><em> page 19, line =
30<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
endian).</td><td> </td><td class=3D"right">      endian).</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Remove =
A-bit from Security Type LCAF.  No need to do</td><td> </td><td =
class=3D"right">   o  Remove A-bit from Security Type LCAF.  No need to =
do</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
authentication only with the introduction of AEAD ciphers.  =
These</td><td> </td><td class=3D"right">      authentication only with =
the introduction of AEAD ciphers.  These</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      ciphers can =
do authentication.  So you get ciphertext for free.</td><td> </td><td =
class=3D"right">      ciphers can do authentication.  So you get =
ciphertext for free.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Remove =
language that refers to "encryption-key" and "integrity-</td><td> =
</td><td class=3D"right">   o  Remove language that refers to =
"encryption-key" and "integrity-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      key".  Used =
term "AEAD-key" that is used by the AEAD cipher suites</td><td> </td><td =
class=3D"right">      key".  Used term "AEAD-key" that is used by the =
AEAD cipher suites</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      that do =
encryption and authenticaiton internal to the cipher.</td><td> </td><td =
class=3D"right">      that do encryption and authenticaiton internal to =
the cipher.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0026"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">8</span>.  Changes to =
draft-ietf-lisp-crypto-02.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">9</span>.  Changes to =
draft-ietf-lisp-crypto-02.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
September 2015.</td><td> </td><td class=3D"right">   o  Posted September =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add cipher =
suite for Elliptic Curve 25519 DH exchange.</td><td> </td><td =
class=3D"right">   o  Add cipher suite for Elliptic Curve 25519 DH =
exchange.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add cipher =
suite for Chacha20/Poly1305 ciphers.</td><td> </td><td class=3D"right">  =
 o  Add cipher suite for Chacha20/Poly1305 ciphers.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0027"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">9</span>.  Changes to =
draft-ietf-lisp-crypto-01.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">10</span>.  Changes to =
draft-ietf-lisp-crypto-01.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted May =
2015.</td><td> </td><td class=3D"right">   o  Posted May 2015.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Create =
cipher suites and encode them in the Security LCAF.</td><td> </td><td =
class=3D"right">   o  Create cipher suites and encode them in the =
Security LCAF.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add IV to =
beginning of packet header and ICV to end of packet.</td><td> </td><td =
class=3D"right">   o  Add IV to beginning of packet header and ICV to =
end of packet.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  AEAD =
procedures are now part of encrpytion process.</td><td> </td><td =
class=3D"right">   o  AEAD procedures are now part of encrpytion =
process.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0028"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">0</span>.  Changes to =
draft-ietf-lisp-crypto-00.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">1</span>.  Changes to =
draft-ietf-lisp-crypto-00.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
January 2015.</td><td> </td><td class=3D"right">   o  Posted January =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Changing =
draft-farinacci-lisp-crypto-01 to draft-ietf-lisp-crypto-</td><td> =
</td><td class=3D"right">   o  Changing draft-farinacci-lisp-crypto-01 =
to draft-ietf-lisp-crypto-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      00.  This =
draft has become a working group document</td><td> </td><td =
class=3D"right">      00.  This draft has become a working group =
document</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add text to =
indicate the working group may work on a new data</td><td> </td><td =
class=3D"right">   o  Add text to indicate the working group may work on =
a new data</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
encapsulation header format for data-plane encryption.</td><td> </td><td =
class=3D"right">      encapsulation header format for data-plane =
encryption.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0029"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">1</span>.  Changes to =
draft-farinacci-lisp-crypto-01.txt</td><td> </td><td =
class=3D"rblock">B.1<span class=3D"insert">2</span>.  Changes to =
draft-farinacci-lisp-crypto-01.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted July =
2014.</td><td> </td><td class=3D"right">   o  Posted July 2014.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add =
Group-ID to the encoding format of Key Material in a Security</td><td> =
</td><td class=3D"right">   o  Add Group-ID to the encoding format of =
Key Material in a Security</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Type LCAF =
and modify the IANA Considerations so this draft can use</td><td> =
</td><td class=3D"right">      Type LCAF and modify the IANA =
Considerations so this draft can use</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      key =
exchange parameters from the IANA registry.</td><td> </td><td =
class=3D"right">      key exchange parameters from the IANA =
registry.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Indicate =
that the R-bit in the Security Type LCAF is not used by</td><td> =
</td><td class=3D"right">   o  Indicate that the R-bit in the Security =
Type LCAF is not used by</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
lisp-crypto.</td><td> </td><td class=3D"right">      =
lisp-crypto.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-9" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-9"><em> =
page 20, line 31<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-9"><em> page 20, line =
37<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
process.</td><td> </td><td class=3D"right">      process.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add text =
indicating that when RLOC-probing is used for RLOC</td><td> </td><td =
class=3D"right">   o  Add text indicating that when RLOC-probing is used =
for RLOC</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
reachability purposes and rekeying is not desired, that the =
same</td><td> </td><td class=3D"right">      reachability purposes and =
rekeying is not desired, that the same</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left">      key =
exchange parameters should be used so a reallocation of a</td><td> =
</td><td class=3D"right">      key exchange parameters should be used so =
a reallocation of a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      pubic key =
does not happen at the ETR.</td><td> </td><td class=3D"right">      =
pubic key does not happen at the ETR.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add text to =
indicate that ECDH can be used to reduce CPU</td><td> </td><td =
class=3D"right">   o  Add text to indicate that ECDH can be used to =
reduce CPU</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
requirements for computing shared secret-keys.</td><td> </td><td =
class=3D"right">      requirements for computing shared =
secret-keys.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0030"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">2</span>.  Changes to =
draft-farinacci-lisp-crypto-00.txt</td><td> </td><td =
class=3D"rblock">B.1<span class=3D"insert">3</span>.  Changes to =
draft-farinacci-lisp-crypto-00.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Initial =
draft posted February 2014.</td><td> </td><td class=3D"right">   o  =
Initial draft posted February 2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Authors' =
Addresses</td><td> </td><td class=3D"right">Authors' Addresses</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Dino =
Farinacci</td><td> </td><td class=3D"right">   Dino Farinacci</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
lispers.net</td><td> </td><td class=3D"right">   lispers.net</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   San Jose, =
California  95120</td><td> </td><td class=3D"right">   San Jose, =
California  95120</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   USA</td><td> =
</td><td class=3D"right">   USA</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>

     <tr><td></td><td class=3D"left"></td><td> </td><td =
class=3D"right"></td><td></td></tr>
     <tr id=3D"end" bgcolor=3D"gray"><th colspan=3D"5" =
align=3D"center">&nbsp;End of changes. 30 change blocks.&nbsp;</th></tr>
     <tr class=3D"stats"><td></td><th><i>56 lines changed or =
deleted</i></th><th><i> </i></th><th><i>75 lines changed or =
added</i></th><td></td></tr>
     <tr><td colspan=3D"5" align=3D"center" class=3D"small"><br>This =
html diff was produced by rfcdiff 1.45. The latest version is available =
from <a =
href=3D"http://www.tools.ietf.org/tools/rfcdiff/">http://tools.ietf.org/to=
ols/rfcdiff/</a> </td></tr>
   </tbody></table>
  =20
  =20
</body></html>=

--Apple-Mail=_F40A80DD-6BA9-4592-9DF9-746E4C4E4E50
Content-Disposition: attachment;
	filename=draft-ietf-lisp-crypto-10.txt
Content-Type: text/plain;
	x-unix-mode=0644;
	name="draft-ietf-lisp-crypto-10.txt"
Content-Transfer-Encoding: quoted-printable





Internet Engineering Task Force                             D. Farinacci
Internet-Draft                                               lispers.net
Intended status: Experimental                                    B. Weis
Expires: April 17, 2017                                    cisco Systems
                                                        October 14, 2016


                    LISP Data-Plane Confidentiality
                       draft-ietf-lisp-crypto-10

Abstract

   This document describes a mechanism for encrypting LISP encapsulated
   traffic.  The design describes how key exchange is achieved using
   existing LISP control-plane mechanisms as well as how to secure the
   LISP data-plane from third-party surveillance attacks.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 17, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Farinacci & Weis         Expires April 17, 2017                 [Page 1]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Notation . . . . . . . . . . . . . . . . . . . .   4
   3.  Definition of Terms . . . . . . . . . . . . . . . . . . . . .   4
   4.  Overview  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Diffie-Hellman Key Exchange . . . . . . . . . . . . . . . . .   4
   6.  Encoding and Transmitting Key Material  . . . . . . . . . . .   5
   7.  Shared Keys used for the Data-Plane . . . . . . . . . . . . .   8
   8.  Data-Plane Operation  . . . . . . . . . . . . . . . . . . . .  10
   9.  Procedures for Encryption and Decryption  . . . . . . . . . .  11
   10. Dynamic Rekeying  . . . . . . . . . . . . . . . . . . . . . .  12
   11. Future Work . . . . . . . . . . . . . . . . . . . . . . . . .  13
   12. Security Considerations . . . . . . . . . . . . . . . . . . .  13
     12.1.  SAAG Support . . . . . . . . . . . . . . . . . . . . . .  13
     12.2.  LISP-Crypto Security Threats . . . . . . . . . . . . . .  14
   13. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
   14. References  . . . . . . . . . . . . . . . . . . . . . . . . .  15
     14.1.  Normative References . . . . . . . . . . . . . . . . . .  15
     14.2.  Informative References . . . . . . . . . . . . . . . . .  16
   Appendix A.  Acknowledgments  . . . . . . . . . . . . . . . . . .  17
   Appendix B.  Document Change Log  . . . . . . . . . . . . . . . .  17
     B.1.  Changes to draft-ietf-lisp-crypto-10.txt  . . . . . . . .  17
     B.2.  Changes to draft-ietf-lisp-crypto-09.txt  . . . . . . . .  18
     B.3.  Changes to draft-ietf-lisp-crypto-08.txt  . . . . . . . .  18
     B.4.  Changes to draft-ietf-lisp-crypto-07.txt  . . . . . . . .  18
     B.5.  Changes to draft-ietf-lisp-crypto-06.txt  . . . . . . . .  18
     B.6.  Changes to draft-ietf-lisp-crypto-05.txt  . . . . . . . .  18
     B.7.  Changes to draft-ietf-lisp-crypto-04.txt  . . . . . . . .  18
     B.8.  Changes to draft-ietf-lisp-crypto-03.txt  . . . . . . . .  18
     B.9.  Changes to draft-ietf-lisp-crypto-02.txt  . . . . . . . .  19
     B.10. Changes to draft-ietf-lisp-crypto-01.txt  . . . . . . . .  19
     B.11. Changes to draft-ietf-lisp-crypto-00.txt  . . . . . . . .  19
     B.12. Changes to draft-farinacci-lisp-crypto-01.txt . . . . . .  20
     B.13. Changes to draft-farinacci-lisp-crypto-00.txt . . . . . .  20
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  20

1.  Introduction

   This document describes a mechanism for encrypting LISP encapsulated
   traffic.  The design describes how key exchange is achieved using
   existing LISP control-plane mechanisms as well as how to secure the
   LISP data-plane from third-party surveillance attacks.

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  LISP Ingress Tunnel Routers (ITRs) and Proxy Ingress Tunnel



Farinacci & Weis         Expires April 17, 2017                 [Page 2]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   Routers (PITRs) encapsulate packets to Egress Tunnel Routers (ETRs)
   and Reencapsulating Tunnel Routers (RTRs).  Packets that arrive at
   the ITR or PITR may not be encrypted, which means no protection or
   privacy of the data is added.  When the source host encrypts the data
   stream, encapsulated packets do not need to be encrypted by LISP.
   However, when plaintext packets are sent by hosts, this design can
   encrypt the user payload to maintain privacy on the path between the
   encapsulator (the ITR or PITR) to a decapsulator (ETR or RTR).  The
   encrypted payload is unidirectional.  However, return traffic uses
   the same procedures but with different key values by the same xTRs or
   potentially different xTRs when the paths between LISP sites are
   asymmetric.

   This document has the following requirements (as well as the general
   requirements from [RFC6973]) for the solution space:

   o  Do not require a separate Public Key Infrastructure (PKI) that is
      out of scope of the LISP control-plane architecture.

   o  The budget for key exchange MUST be one round-trip time.  That is,
      only a two packet exchange can occur.

   o  Use symmetric keying so faster cryptography can be performed in
      the LISP data plane.

   o  Avoid a third-party trust anchor if possible.

   o  Provide for rekeying when secret keys are compromised.

   o  Support Authenticated Encryption with packet integrity checks.

   o  Support multiple cipher suites so new crypto algorithms can be
      easily introduced.

   Satisfying the above requirements provides the following benefits:

   o  Avoiding a PKI reduces the operational cost of managing a secure
      network.  Key management is distributed and independent from any
      other infrastructure.

   o  Packet transport is optimized due to less packet headers.  Packet
      loss is reduced by a more efficient key exchange.

   o  Authentication and privacy are provided with a single mechanism
      thereby providing less per packet overhead and therefore more
      resource efficiency.





Farinacci & Weis         Expires April 17, 2017                 [Page 3]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


2.  Requirements Notation

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Definition of Terms

   AEAD: Authenticated Encryption with Additional Data [RFC5116].

   ICV: Integrity Check Value.

   LCAF: LISP Canonical Address Format ([LCAF]).

   xTR: A general reference to ITRs, ETRs, RTRs, and PxTRs.

4.  Overview

   The approach proposed in this document is to NOT rely on the LISP
   mapping system (or any other key infrastructure system) to store
   security keys.  This will provide for a simpler and more secure
   mechanism.  Secret shared keys will be negotiated between the ITR and
   the ETR in Map-Request and Map-Reply messages.  Therefore, when an
   ITR needs to obtain the RLOC of an ETR, it will get security material
   to compute a shared secret with the ETR.

   The ITR can compute 3 shared-secrets per ETR the ITR is encapsulating
   to.  When the ITR encrypts a packet before encapsulation, it will
   identify the key it used for the crypto calculation so the ETR knows
   which key to use for decrypting the packet after decapsulation.  By
   using key-ids in the LISP header, we can also get fast rekeying
   functionality.

   The key management described in this documemnt is unidirectional from
   the ITR (the encapsulator) to the ETR (the decapsultor).

5.  Diffie-Hellman Key Exchange

   LISP will use a Diffie-Hellman [RFC2631] key exchange sequence and
   computation for computing a shared secret.  The Diffie-Hellman
   parameters will be passed via Cipher Suite code-points in Map-Request
   and Map-Reply messages.

   Here is a brief description how Diff-Hellman works:







Farinacci & Weis         Expires April 17, 2017                 [Page 4]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   +----------------------------+---------+----------------------------+
   |              ITR           |         |           ETR              |
   +------+--------+------------+---------+------------+---------------+
   |Secret| Public | Calculates |  Sends  | Calculates | Public |Secret|
   +------|--------|------------|---------|------------|--------|------+
   |  i   |  p,g   |            | p,g --> |            |        |  e   |
   +------|--------|------------|---------|------------|--------|------+
   |  i   | p,g,I  |g^i mod p=3DI |  I -->  |            | p,g,I  |  e   =
|
   +------|--------|------------|---------|------------|--------|------+
   |  i   | p,g,I  |            |  <-- E  |g^e mod p=3DE |  p,g   |  e   =
|
   +------|--------|------------|---------|------------|--------|------+
   | i,s  |p,g,I,E |E^i mod p=3Ds |         |I^e mod p=3Ds |p,g,I,E | =
e,s  |
   +------|--------|------------|---------|------------|--------|------+

        Public-key exchange for computing a shared private key [DH]

   Diffie-Hellman parameters 'p' and 'g' must be the same values used by
   the ITR and ETR.  The ITR computes public-key 'I' and transmits 'I'
   in a Map-Request packet.  When the ETR receives the Map-Request, it
   uses parameters 'p' and 'g' to compute the ETR's public key 'E'.  The
   ETR transmits 'E' in a Map-Reply message.  At this point, the ETR has
   enough information to compute 's', the shared secret, by using 'I' as
   the base and the ETR's private key 'e' as the exponent.  When the ITR
   receives the Map-Reply, it uses the ETR's public-key 'E' with the
   ITR's private key 'i' to compute the same 's' shared secret the ETR
   computed.  The value 'p' is used as a modulus to create the width of
   the shared secret 's' (see Section 6).

6.  Encoding and Transmitting Key Material

   The Diffie-Hellman key material is transmitted in Map-Request and
   Map-Reply messages.  Diffie-Hellman parameters are encoded in the
   LISP Security Type LCAF [LCAF].


















Farinacci & Weis         Expires April 17, 2017                 [Page 5]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           AFI =3D 16387         |     Rsvd1     |     Flags     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type =3D 11   |      Rsvd2    |             6 + n             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Key Count   |      Rsvd3    | Cipher Suite  |   Rsvd4     |R|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |           Key Length          |     Public Key Material ...   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                    ... Public Key Material                    |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |              AFI =3D x          |       Locator Address ...     |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Cipher Suite field contains DH Key Exchange and Cipher/Hash Functions

   The 'Key Count' field encodes the number of {'Key-Length', 'Key-
   Material'} fields included in the encoded LCAF.  The maximum number
   of keys that can be encoded are 3, each identified by key-id 1,
   followed by key-id 2, and finally key-id 3.

   The 'R' bit is not used for this use-case of the Security Type LCAF
   but is reserved for [LISP-DDT] security.  Therefore, the R bit SHOULD
   be transmitted as 0 and MUST be ignored on receipt.

























Farinacci & Weis         Expires April 17, 2017                 [Page 6]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


 Cipher Suite 0:
    Reserved

 Cipher Suite 1:
    Diffie-Hellman Group: 2048-bit MODP [RFC3526]
    Encryption:  AES with 128-bit keys in CBC mode [AES-CBC]
    Integrity:   Integrated with [AES-CBC] AEAD_AES_128_CBC_HMAC_SHA_256
    IV length:   16 bytes
    KDF:         HMAC-SHA-256

 Cipher Suite 2:
    Diffie-Hellman Group: 256-bit Elliptic-Curve 25519 [CURVE25519]
    Encryption:  AES with 128-bit keys in CBC mode [AES-CBC]
    Integrity:   Integrated with [AES-CBC] AEAD_AES_128_CBC_HMAC_SHA_256
    IV length:   16 bytes
    KDF:         HMAC-SHA-256

 Cipher Suite 3:
    Diffie-Hellman Group: 2048-bit MODP [RFC3526]
    Encryption:  AES with 128-bit keys in GCM mode [RFC5116]
    Integrity:   Integrated with [RFC5116] AEAD_AES_128_GCM
    IV length:   12 bytes
    KDF:         HMAC-SHA-256

 Cipher Suite 4:
    Diffie-Hellman Group: 3072-bit MODP [RFC3526]
    Encryption:  AES with 128-bit keys in GCM mode [RFC5116]
    Integrity:   Integrated with [RFC5116] AEAD_AES_128_GCM
    IV length:   12 bytes
    KDF:         HMAC-SHA-256

 Cipher Suite 5:
    Diffie-Hellman Group: 256-bit Elliptic-Curve 25519 [CURVE25519]
    Encryption:  AES with 128-bit keys in GCM mode [RFC5116]
    Integrity:   Integrated with [RFC5116] AEAD_AES_128_GCM
    IV length:   12 bytes
    KDF:         HMAC-SHA-256

 Cipher Suite 6:
    Diffie-Hellman Group: 256-bit Elliptic-Curve 25519 [CURVE25519]
    Encryption: Chacha20-Poly1305 [CHACHA-POLY] [RFC7539]
    Integrity:  Integrated with [CHACHA-POLY] AEAD_CHACHA20_POLY1305
    IV length:  8 bytes
    KDF:        HMAC-SHA-256







Farinacci & Weis         Expires April 17, 2017                 [Page 7]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   The "Public Key Material" field contains the public key generated by
   one of the Cipher Suites defined above.  The length of the key in
   octets is encoded in the "Key Length" field.

   When an ITR, PITR, or RTR sends a Map-Request, they will encode their
   own RLOC in the Security Type LCAF format within the ITR-RLOCs field.
   When a ETR or RTR sends a Map-Reply, they will encode their RLOCs in
   Security Type LCAF format within the RLOC-record field of each EID-
   record supplied.

   If an ITR, PITR, or RTR sends a Map-Request with the Security Type
   LCAF included and the ETR or RTR does not want to have encapsulated
   traffic encrypted, they will return a Map-Reply with no RLOC records
   encoded with the Security Type LCAF.  This signals to the ITR, PITR
   or RTR not to encrypt traffic (it cannot encrypt traffic anyways
   since no ETR public-key was returned).

   Likewise, if an ITR or PITR wish to include multiple key-ids in the
   Map-Request but the ETR or RTR wish to use some but not all of the
   key-ids, they return a Map-Reply only for those key-ids they wish to
   use.

7.  Shared Keys used for the Data-Plane

   When an ITR or PITR receives a Map-Reply accepting the Cipher Suite
   sent in the Map-Request, it is ready to create data plane keys.  The
   same process is followed by the ETR or RTR returning the Map-Reply.

   The first step is to create a shared secret, using the peer's shared
   Diffie-Hellman Public Key Material combined with device's own private
   keying material as described in Section 5.  The Diffie-Hellman
   parameters used is defined in the cipher suite sent in the Map-
   Request and copied into the Map-Reply.

   The resulting shared secret is used to compute an AEAD-key for the
   algorithms specified in the cipher suite.  A Key Derivation Function
   (KDF) in counter mode as specified by [NIST-SP800-108] is used to
   generate the data-plane keys.  The amount of keying material that is
   derived depends on the algorithms in the cipher suite.

   The inputs to the KDF are as follows:

   o  KDF function.  This is HMAC-SHA-256 in this document but generally
      specified in each Cipher Suite definition.

   o  A key for the KDF function.  This is the computed Diffie-Hellman
      shared secret.




Farinacci & Weis         Expires April 17, 2017                 [Page 8]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   o  Context that binds the use of the data-plane keys to this session.
      The context is made up of the following fields, which are
      concatenated and provided as the data to be acted upon by the KDF
      function.

   Context:

   o  A counter, represented as a two-octet value in network byte order.

   o  The null-terminated string "lisp-crypto".

   o  The ITR's nonce from the Map-Request the cipher suite was included
      in.

   o  The number of bits of keying material required (L), represented as
      a two-octet value in network byte order.

   The counter value in the context is first set to 1.  When the amount
   of keying material exceeds the number of bits returned by the KDF
   function, then the KDF function is called again with the same inputs
   except that the counter increments for each call.  When enough keying
   material is returned, it is concatenated and used to create keys.

   For example, AES with 128-bit keys requires 16 octets (128 bits) of
   keying material, and HMAC-SHA1-96 requires another 16 octets (128
   bits) of keying material in order to maintain a consistent 128-bits
   of security.  Since 32 octets (256 bits) of keying material are
   required, and the KDF function HMAC-SHA-256 outputs 256 bits, only
   one call is required.  The inputs are as follows:

   key-material =3D HMAC-SHA-256(dh-shared-secret, context)

       where: context =3D 0x0001 || "lisp-crypto" || <itr-nonce> || =
0x0100

   In contrast, a cipher suite specifying AES with 256-bit keys requires
   32 octets (256 bits) of keying material, and HMAC-SHA256-128 requires
   another 32 octets (256 bits) of keying material in order to maintain
   a consistent 256-bits of security.  Since 64 octets (512 bits) of
   keying material are required, and the KDF function HMAC-SHA-256
   outputs 256 bits, two calls are required.











Farinacci & Weis         Expires April 17, 2017                 [Page 9]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   key-material-1 =3D HMAC-SHA-256(dh-shared-secret, context)

       where: context =3D 0x0001 || "lisp-crypto" || <itr-nonce> || =
0x0200

   key-material-2 =3D HMAC-SHA-256(dh-shared-secret, context)

       where: context =3D 0x0002 || "lisp-crypto" || <itr-nonce> || =
0x0200

   key-material =3D key-material-1 || key-material-2

   If the key-material is longer than the required number of bits (L),
   then only the most significant L bits are used.

   =46rom the derived key-material, the most significant 256 bits are =
used
   for the AEAD-key by AEAD ciphers.  The 256-bit AEAD-key is divided
   into a 128-bit encryption key and a 128-bit integrity check key
   internal to the cipher used by the ITR.

8.  Data-Plane Operation

   The LISP encapsulation header [RFC6830] requires changes to encode
   the key-id for the key being used for encryption.

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  / |       Source Port =3D xxxx      |       Dest Port =3D 4341        =
|
UDP +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  \ |           UDP Length          |        UDP Checksum           |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
L / |N|L|E|V|I|R|K|K|            Nonce/Map-Version                  |\ \
I   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |A
S \ |                 Instance ID/Locator-Status-Bits               | |D
P   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |/
    |                   Initialization Vector (IV)                  | I
E   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ C
n / |                                                               | V
c   |                                                               | |
r   |                Packet Payload with EID Header ...             | |
y   |                                                               | |
p \ |                                                               |/
t   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

        K-bits indicate when packet is encrypted and which key used

   When the KK bits are 00, the encapsulated packet is not encrypted.
   When the value of the KK bits are 1, 2, or 3, it encodes the key-id
   of the secret keys computed during the Diffie-Hellman Map-Request/



Farinacci & Weis         Expires April 17, 2017                [Page 10]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   Map-Reply exchange.  When the KK bits are not 0, the payload is
   prepended with an Initialization Vector (IV).  The length of the IV
   field is based on the cipher suite used.  Since all cipher suites
   defined in this document do Authenticated Encryption (AEAD), an ICV
   field does not need to be present in the packet since it is included
   in the ciphertext.  The Additional Data (AD) used for the ICV is
   shown above and includes the LISP header, the IV field and the packet
   payload.

   When an ITR or PITR receives a packet to be encapsulated, the device
   will first decide what key to use, encode the key-id into the LISP
   header, and use that key to encrypt all packet data that follows the
   LISP header.  Therefore, the outer header, UDP header, and LISP
   header travel as plaintext.

   There is an open working group item to discuss if the data
   encapsulation header needs change for encryption or any new
   applications.  This document proposes changes to the existing header
   so experimentation can continue without making large changes to the
   data-plane at this time.  This document allocates 2 bits of the
   previously unused 3 flag bits (note the R-bit above is still a
   reserved flag bit as documented in [RFC6830]) for the KK bits.

9.  Procedures for Encryption and Decryption

   When an ITR, PITR, or RTR encapsulate a packet and have already
   computed an AEAD-key (detailed in section Section 7) that is
   associated with a destination RLOC, the following encryption and
   encapsulation procedures are performed:

   1.  The encapsulator creates an IV and prepends the IV value to the
       packet being encapsulated.  For GCM and Chacha cipher suites, the
       IV is incremented for every packet (beginning with a value of 1
       in the first packet) and sent to the destination RLOC.  For CBC
       cipher suites, the IV is a new random number for every packet
       sent to the destination RLOC.  For the Chacha cipher suite, the
       IV is an 8-byte random value that is appended to a 4-byte counter
       that is incremented for every packet (beginning with a value of 1
       in the first packet).

   2.  Next encrypt with cipher function AES or Chacha20 using the AEAD-
       key over the packet payload following the AEAD specification
       referenced in the cipher suite definition.  This does not include
       the IV.  The IV must be transmitted as plaintext so the decrypter
       can use it as input to the decryption cipher.  The payload should
       be padded to an integral number of bytes a block cipher may
       require.  The result of the AEAD operation may contain an ICV,
       the size of which is defined by the referenced AEAD



Farinacci & Weis         Expires April 17, 2017                [Page 11]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


       specification.  Note that the AD (i.e. the LISP header exactly as
       will be prepended in the next step and the IV) must be given to
       the AEAD encryption function as the "associated data" argument.

   3.  Prepend the LISP header.  The key-id field of the LISP header is
       set to the key-id value that corresponds to key-pair used for the
       encryption cipher.

   4.  Lastly, prepend the UDP header and outer IP header onto the
       encrypted packet and send packet to destination RLOC.

   When an ETR, PETR, or RTR receive an encapsulated packet, the
   following decapsulation and decryption procedures are performed:

   1.  The outer IP header, UDP header, LISP header, and IV field are
       stripped from the start of the packet.  The LISP header and IV
       are retained and given to the AEAD decryption operation as the
       "associated data" argument.

   2.  The packet is decrypted using the AEAD-key and the IV from the
       packet.  The AEAD-key is obtained from a local-cache associated
       with the key-id value from the LISP header.  The result of the
       decryption function is a plaintext packet payload if the cipher
       returned a verified ICV.  Otherwise, the packet is invalid and is
       discarded.  If the AEAD specification included an ICV, the AEAD
       decryption function will locate the ICV in the ciphertext and
       compare it to a version of the ICV that the AEAD decryption
       function computes.  If the computed ICV is different than the ICV
       located in the ciphertext, then it will be considered tampered.

   3.  If the packet was not tampered with, the decrypted packet is
       forwarded to the destination EID.

10.  Dynamic Rekeying

   Since multiple keys can be encoded in both control and data messages,
   an ITR can encapsulate and encrypt with a specific key while it is
   negotiating other keys with the same ETR.  As soon as an ETR or RTR
   returns a Map-Reply, it should be prepared to decapsulate and decrypt
   using the new keys computed with the new Diffie-Hellman parameters
   received in the Map-Request and returned in the Map-Reply.

   RLOC-probing can be used to change keys or cipher suites by the ITR
   at any time.  And when an initial Map-Request is sent to populate the
   ITR's map-cache, the Map-Request flows across the mapping system
   where a single ETR from the Map-Reply RLOC-set will respond.  If the
   ITR decides to use the other RLOCs in the RLOC-set, it MUST send a
   Map-Request directly to negotiate security parameters with the ETR.



Farinacci & Weis         Expires April 17, 2017                [Page 12]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   This process may be used to test reachability from an ITR to an ETR
   initially when a map-cache entry is added for the first time, so an
   ITR can get both reachability status and keys negotiated with one
   Map-Request/Map-Reply exchange.

   A rekeying event is defined to be when an ITR or PITR changes the
   cipher suite or public-key in the Map-Request.  The ETR or RTR
   compares the cipher suite and public-key it last received from the
   ITR for the key-id, and if any value has changed, it computes a new
   public-key and cipher suite requested by the ITR from the Map-Request
   and returns it in the Map-Reply.  Now a new shared secret is computed
   and can be used for the key-id for encryption by the ITR and
   decryption by the ETR.  When the ITR or PITR starts this process of
   negotiating a new key, it must not use the corresponding key-id in
   encapsulated packets until it receives a Map-Reply from the ETR with
   the same cipher suite value it expects (the values it sent in a Map-
   Request).

   Note when RLOC-probing continues to maintain RLOC reachability and
   rekeying is not desirable, the ITR or RTR can either not include the
   Security Type LCAF in the Map-Request or supply the same key material
   as it received from the last Map-Reply from the ETR or RTR.  This
   approach signals to the ETR or RTR that no rekeying event is
   requested.

11.  Future Work

   For performance considerations, newer Elliptic-Curve Diffie-Hellman
   (ECDH) groups can be used as specified in [RFC4492] and [RFC6090] to
   reduce CPU cycles required to compute shared secret keys.

   For better security considerations as well as to be able to build
   faster software implementations, newer approaches to ciphers and
   authentication methods will be researched and tested.  Some examples
   are Chacha20 and Poly1305 [CHACHA-POLY] [RFC7539].

12.  Security Considerations

12.1.  SAAG Support

   The LISP working group received security advice and guidance from the
   Security Area Advisory Group (SAAG).  The SAAG has been involved
   early in the design process and their input and reviews have been
   included in this document.

   Comments from the SAAG included:

   1.  Do not use asymmetric ciphers in the data-plane.



Farinacci & Weis         Expires April 17, 2017                [Page 13]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   2.  Consider adding ECDH early in the design.

   3.  Add cipher suites because ciphers are created more frequently
       than protocols that use them.

   4.  Consider the newer AEAD technology so authentication comes with
       doing encryption.

12.2.  LISP-Crypto Security Threats

   Since ITRs and ETRs participate in key exchange over a public non-
   secure network, a man-in-the-middle (MITM) could circumvent the key
   exchange and compromise data-plane confidentiality.  This can happen
   when the MITM is acting as a Map-Replier, provides its own public key
   so the ITR and the MITM generate a shared secret key among each
   other.  If the MITM is in the data path between the ITR and ETR, it
   can use the shared secret key to decrypt traffic from the ITR.

   Since LISP can secure Map-Replies by the authentication process
   specified in [LISP-SEC], the ITR can detect when a MITM has signed a
   Map-Reply for an EID-prefix it is not authoritative for.  When an ITR
   determines the signature verification fails, it discards and does not
   reuse the key exchange parameters, avoids using the ETR for
   encapsulation, and issues a severe log message to the network
   administrator.  Optionally, the ITR can send RLOC-probes to the
   compromised RLOC to determine if can reach the authoritative ETR.
   And when the ITR validates the signature of a Map-Reply, it can begin
   encrypting and encapsulating packets to the RLOC of ETR.

13.  IANA Considerations

   This document describes a mechanism for encrypting LISP encapsulated
   packets based on Diffie-Hellman key exchange procedures.  During the
   exchange the devices have to agree on a Cipher Suite used (i.e. the
   cipher and hash functions used to encrypt/decrypt and to sign/verify
   packets).  The 8-bit Cipher Suite field is reserved for such purpose
   in the security material section of the Map-Request and Map-Reply
   messages.

   This document requests IANA to create and maintain a new registry (as
   outlined in [RFC5226]) entitled "LISP Crypto Cipher Suite".  Initial
   values for the registry are provided below.  Future assignments are
   to be made on a First Come First Served Basis.








Farinacci & Weis         Expires April 17, 2017                [Page 14]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   +-----+--------------------------------------------+------------+
   |Value| Suite                                      | Definition |
   +-----+--------------------------------------------+------------+
   |  0  | Reserved                                   | Section 6  |
   +-----+--------------------------------------------+------------+
   |  1  | LISP_2048MODP_AES128_CBC_SHA256            | Section 6  |
   +-----+--------------------------------------------+------------+
   |  2  | LISP_EC25519_AES128_CBC_SHA256             | Section 6  |
   +-----+--------------------------------------------+------------+
   |  3  | LISP_2048MODP_AES128_GCM                   | Section 6  |
   +-----+--------------------------------------------+------------+
   |  4  | LISP_3072MODP_AES128_GCM M-3072            | Section 6  |
   +-----+--------------------------------------------+------------+
   |  5  | LISP_256_EC25519_AES128_GCM                | Section 6  |
   +-----+--------------------------------------------+------------+
   |  6  | LISP_256_EC25519_CHACHA20_POLY1305         | Section 6  |
   +-----+--------------------------------------------+------------+

                         LISP Crypto Cipher Suites

14.  References

14.1.  Normative References

   [LCAF]     Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical
              Address Format", draft-ietf-lisp-lcaf-13.txt (work in
              progress).

   [NIST-SP800-108]
              "National Institute of Standards and Technology,
              "Recommendation for Key Derivation Using Pseudorandom
              Functions NIST SP800-108"", NIST SP 800-108, October 2009.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2631]  Rescorla, E., "Diffie-Hellman Key Agreement Method",
              RFC 2631, DOI 10.17487/RFC2631, June 1999,
              <http://www.rfc-editor.org/info/rfc2631>.

   [RFC3526]  Kivinen, T. and M. Kojo, "More Modular Exponential (MODP)
              Diffie-Hellman groups for Internet Key Exchange (IKE)",
              RFC 3526, DOI 10.17487/RFC3526, May 2003,
              <http://www.rfc-editor.org/info/rfc3526>.





Farinacci & Weis         Expires April 17, 2017                [Page 15]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   [RFC4492]  Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B.
              Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites
              for Transport Layer Security (TLS)", RFC 4492,
              DOI 10.17487/RFC4492, May 2006,
              <http://www.rfc-editor.org/info/rfc4492>.

   [RFC5116]  McGrew, D., "An Interface and Algorithms for Authenticated
              Encryption", RFC 5116, DOI 10.17487/RFC5116, January 2008,
              <http://www.rfc-editor.org/info/rfc5116>.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              <http://www.rfc-editor.org/info/rfc5226>.

   [RFC6090]  McGrew, D., Igoe, K., and M. Salter, "Fundamental Elliptic
              Curve Cryptography Algorithms", RFC 6090,
              DOI 10.17487/RFC6090, February 2011,
              <http://www.rfc-editor.org/info/rfc6090>.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              <http://www.rfc-editor.org/info/rfc6830>.

   [RFC6973]  Cooper, A., Tschofenig, H., Aboba, B., Peterson, J.,
              Morris, J., Hansen, M., and R. Smith, "Privacy
              Considerations for Internet Protocols", RFC 6973,
              DOI 10.17487/RFC6973, July 2013,
              <http://www.rfc-editor.org/info/rfc6973>.

   [RFC7539]  Nir, Y. and A. Langley, "ChaCha20 and Poly1305 for IETF
              Protocols", RFC 7539, DOI 10.17487/RFC7539, May 2015,
              <http://www.rfc-editor.org/info/rfc7539>.

14.2.  Informative References

   [AES-CBC]  McGrew, D., Foley, J., and K. Paterson, "Authenticated
              Encryption with AES-CBC and HMAC-SHA", draft-mcgrew-aead-
              aes-cbc-hmac-sha2-05.txt (work in progress).

   [CHACHA-POLY]
              Langley, A., "ChaCha20 and Poly1305 based Cipher Suites
              for TLS", draft-agl-tls-chacha20poly1305-04 (work in
              progress).






Farinacci & Weis         Expires April 17, 2017                [Page 16]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   [CURVE25519]
              Bernstein, D., "Curve25519: new Diffie-Hellman speed
              records", Publication
              http://www.iacr.org/cryptodb/archive/2006/
              PKC/3351/3351.pdf.

   [DH]       "Diffie-Hellman key exchange", Wikipedia
              http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange.

   [LISP-DDT]
              Fuller, V., Lewis, D., Ermaagan, V., and A. Jain, "LISP
              Delegated Database Tree", draft-fuller-lisp-ddt-04 (work
              in progress).

   [LISP-SEC]
              Maino, F., Ermagan, V., Cabellos, A., and D. Saucez,
              "LISP-Secuirty (LISP-SEC)", draft-ietf-lisp-sec-10 (work
              in progress).

Appendix A.  Acknowledgments

   The authors would like to thank Dan Harkins, Joel Halpern, Fabio
   Maino, Ed Lopez, Roger Jorgensen, and Watson Ladd for their interest,
   suggestions, and discussions about LISP data-plane security.  An
   individual thank you to LISP WG chair Luigi Iannone for shepherding
   this document as well as contributing to the IANA Considerations
   section.

   The authors would like to give a special thank you to Ilari Liusvaara
   for his extensive commentary and discussion.  He has contributed his
   security expertise to make lisp-crypto as secure as the state of the
   art in cryptography.

   In addition, the support and suggestions from the SAAG working group
   were helpful and appreciative.

Appendix B.  Document Change Log

   [RFC Editor: Please delete this section on publication as RFC.]

B.1.  Changes to draft-ietf-lisp-crypto-10.txt

   o  Posted October 2016 after October 13th telechat.

   o  Addressed comments from Kathleen Moriarty, Stephen Farrel, and
      Pete Resnick.





Farinacci & Weis         Expires April 17, 2017                [Page 17]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


B.2.  Changes to draft-ietf-lisp-crypto-09.txt

   o  Posted October 2016.

   o  Addressed comments from OPs Directorate reviewer Susan Hares.

B.3.  Changes to draft-ietf-lisp-crypto-08.txt

   o  Posted September 2016.

   o  Addressed comments from Security Directorate reviewer Chris
      Lonvick.

B.4.  Changes to draft-ietf-lisp-crypto-07.txt

   o  Posted September 2016.

   o  Addressed comments from Routing Directorate reviewer Danny
      McPherson.

B.5.  Changes to draft-ietf-lisp-crypto-06.txt

   o  Posted June 2016.

   o  Fixed IDnits errors.

B.6.  Changes to draft-ietf-lisp-crypto-05.txt

   o  Posted June 2016.

   o  Update document which reflects comments Luigi provided as document
      shepherd.

B.7.  Changes to draft-ietf-lisp-crypto-04.txt

   o  Posted May 2016.

   o  Update document timer from expiration.

B.8.  Changes to draft-ietf-lisp-crypto-03.txt

   o  Posted December 2015.

   o  Changed cipher suite allocations.  We now have 2 AES-CBC cipher
      suites for compatibility, 3 AES-GCM cipher suites that are faster
      ciphers that include AE and a Chacha20-Poly1305 cipher suite which
      is the fastest but not totally proven/accepted..




Farinacci & Weis         Expires April 17, 2017                [Page 18]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   o  Remove 1024-bit DH keys for key exchange.

   o  Make clear that AES and chacha20 ciphers use AEAD so part of
      encrytion/decryption does authentication.

   o  Make it more clear that separate key pairs are used in each
      direction between xTRs.

   o  Indicate that the IV length is different per cipher suite.

   o  Use a counter based IV for every packet for AEAD ciphers.
      Previously text said to use a random number.  But CBC ciphers, use
      a random number.

   o  Indicate that key material is sent in network byte order (big
      endian).

   o  Remove A-bit from Security Type LCAF.  No need to do
      authentication only with the introduction of AEAD ciphers.  These
      ciphers can do authentication.  So you get ciphertext for free.

   o  Remove language that refers to "encryption-key" and "integrity-
      key".  Used term "AEAD-key" that is used by the AEAD cipher suites
      that do encryption and authenticaiton internal to the cipher.

B.9.  Changes to draft-ietf-lisp-crypto-02.txt

   o  Posted September 2015.

   o  Add cipher suite for Elliptic Curve 25519 DH exchange.

   o  Add cipher suite for Chacha20/Poly1305 ciphers.

B.10.  Changes to draft-ietf-lisp-crypto-01.txt

   o  Posted May 2015.

   o  Create cipher suites and encode them in the Security LCAF.

   o  Add IV to beginning of packet header and ICV to end of packet.

   o  AEAD procedures are now part of encrpytion process.

B.11.  Changes to draft-ietf-lisp-crypto-00.txt

   o  Posted January 2015.





Farinacci & Weis         Expires April 17, 2017                [Page 19]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   o  Changing draft-farinacci-lisp-crypto-01 to draft-ietf-lisp-crypto-
      00.  This draft has become a working group document

   o  Add text to indicate the working group may work on a new data
      encapsulation header format for data-plane encryption.

B.12.  Changes to draft-farinacci-lisp-crypto-01.txt

   o  Posted July 2014.

   o  Add Group-ID to the encoding format of Key Material in a Security
      Type LCAF and modify the IANA Considerations so this draft can use
      key exchange parameters from the IANA registry.

   o  Indicate that the R-bit in the Security Type LCAF is not used by
      lisp-crypto.

   o  Add text to indicate that ETRs/RTRs can negotiate less number of
      keys from which the ITR/PITR sent in a Map-Request.

   o  Add text explaining how LISP-SEC solves the problem when a man-in-
      the-middle becomes part of the Map-Request/Map-Reply key exchange
      process.

   o  Add text indicating that when RLOC-probing is used for RLOC
      reachability purposes and rekeying is not desired, that the same
      key exchange parameters should be used so a reallocation of a
      pubic key does not happen at the ETR.

   o  Add text to indicate that ECDH can be used to reduce CPU
      requirements for computing shared secret-keys.

B.13.  Changes to draft-farinacci-lisp-crypto-00.txt

   o  Initial draft posted February 2014.

Authors' Addresses

   Dino Farinacci
   lispers.net
   San Jose, California  95120
   USA

   Phone: 408-718-2001
   Email: farinacci@gmail.com






Farinacci & Weis         Expires April 17, 2017                [Page 20]
=0C
Internet-Draft       LISP Data-Plane Confidentiality        October 2016


   Brian Weis
   cisco Systems
   170 West Tasman Drive
   San Jose, California  95124-1706
   USA

   Phone: 408-526-4796
   Email: bew@cisco.com











































Farinacci & Weis         Expires April 17, 2017                [Page 21]

--Apple-Mail=_F40A80DD-6BA9-4592-9DF9-746E4C4E4E50--


From nobody Fri Oct 14 06:21:18 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9A8B129740; Fri, 14 Oct 2016 06:21:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4HNyucD7UK1B; Fri, 14 Oct 2016 06:21:15 -0700 (PDT)
Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16D64129737; Fri, 14 Oct 2016 06:21:15 -0700 (PDT)
Received: by mail-qt0-x231.google.com with SMTP id m5so73543395qtb.3; Fri, 14 Oct 2016 06:21:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XIHFjCeLaAsgfzcT97JGOW8TN8mj8niBpQAfcda0jfg=; b=IktHVCQ54JHIYRS8guuoIhL9u2L00vXbs0yfAMWh/pLnJwlWVPai6K/om5oDiJFNsJ HXsNoC5jEFvSgPBOE1/DDYA3zfDFx8QEpGtfqiI68fnZRdh5vXnKxlqUDLMdCMelyUcl A2wQZMYyHgGJB4RPQELdKIUaQ8KrWFi1FzduHcr0jq2mClVT1r+lw/r4YF8jtXLDtnyT HBGRqRTMiKmcHjn+Jqo0fKs0Jud6//x/5rJCSBMHxFOiphcfXC6wrOcKrAxFU8m6wGyC 248AEg8sExWeJGE6fgK4p63wpxGU/32qbEXWGV0eOOu31Fm35tCFixlwZ1bveyAGbS4B Kjvw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XIHFjCeLaAsgfzcT97JGOW8TN8mj8niBpQAfcda0jfg=; b=ZITPup2dgJ9j8sN3upL+UjGewzVMWNAPL6U80dJEZ8qW1uhgiZC5F9Jjr4jYScIsQ8 Gzr7pHlD8Pn61NqVTH/7YV5XIaxmJwmy/539gc1k2DzpTqbhWmtsSK5Qm3qQYzxiz/Ek Piz1VFcvLHCdUnP9AqQD0zNjLve73pqdDecs4Zqi7r3qO7QDnKWEmOsUXlxilHTORkLc e3G3yVQhXzqRXGwVCrFPvXRUjVPahcwsvKyXnN9cc5z9o6JBiP65J0Hu9LjuTHi0cJUi qy3oC4bXIZXatCIyRHFzuHcr4JWy1fZPj1H0Rri6xRmUW1qSIyHPAPZFc+Eb6eBGuWGM tBTw==
X-Gm-Message-State: AA6/9RnV5TCE8Li5SENR132zPQTh5kYnVtNjp4gn3lyPRSOOg2K9rAFVTyFXzLZW8LFT8A==
X-Received: by 10.28.87.85 with SMTP id l82mr1577191wmb.99.1476451272106; Fri, 14 Oct 2016 06:21:12 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id pe5sm31919035wjb.15.2016.10.14.06.21.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:21:11 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147634852994.2910.361748252588624377.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 06:21:11 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <BD45F786-7B14-4379-B1E8-41E3E675AD34@gmail.com>
References: <147634852994.2910.361748252588624377.idtracker@ietfa.amsl.com>
To: Jari Arkko <jari.arkko@piuha.net>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/HXwHwZBv4u2HAunei6J11z2RVFM>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, peter@akayla.com, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Jari Arkko's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:21:17 -0000

> Thanks for writing this doc. I plan to recommend its approval, but =
there
> were a couple of things that I think should be fixed for clarity =
before
> issuing the RFC. First, I agree with Peter Yee who did a Gen-ART =
review
> on this document:

Thanks for your comments Jari. See responses inline.

> Page 6, Rsvd2 definition: the definition both says "reserved for =
future
> use"
>> and then says some types actually use it.  That sounds like present
> use.
>> And to generically say that it should be sent as zero and ignored, =
but
> then
>> to give uses (such as Type 2)  for it  is confusing.  I suggest
> rethinking
>> the wording here.
>=20
> The type that seems to differ from the "ignore" advice in Section 3 is
> Type 14. Perhaps you can reword somehow, or name the Rsvd2 field to
> Flags, and let the Subsections define that as "set to 0 and ignore on
> receipt". Or something along those lines?

I have suggested (and rewritten) that Rsvd2 be sent as 0 and ignored on =
receipt throughout.

> I also agree with this comment and believe the text should be =
corrected:
>=20
>> Page 6, Length definition: there's mention of a "Reserved" field
> that's
>> included in the minimum length of 8 bytes that are not part of the
> length
>> value.  Since there are actually Rsvd1 and Rsvd2 fields in the =
generic
>> version of the LCAF and sometimes even Rsvd3 and Rsvd4 fields when
> using
>> specific Types, it might be better to spell out which reserved fields
> (Rsvd1
>> and Rsvd2) are meant here rather than giving the field a summary name
> that
>> doesn't actually appear in the format.  This is also important =
because
> any
>> Rsvd3 and Rsvd4 fields are included in the Length field, so using a
> generic
>> "Reserved" description is ambiguous at best.

When the Length field is 0, it means that no more data follows (for the =
LCAF encoding), however the first 8 bytes of the LCAF are still included =
in the message. So I am trying to discuss the minimum length of the =
message (which is 8 bytes).

I have fixed the text to refer to Rsvd1 and Rsvd2 instead of =
=E2=80=9CReserved=E2=80=9D since there is nothing labled =E2=80=9CReserved=
=E2=80=9D.

>=20
> And this seems like a bug as well:
>=20
>> Page 13, RTR RLOC Address definition, 4th sentence: The ability to
> determine
>> the number of RTRs encoded by looking at the value of the LCAF length
>> doesn't seem feasible.  3 IPv4 RTR RLOCs will produce the same LCAF
> Length
>> as 1 IPv6 RTR RLOC.

It is not a bug. The number of addresses encoded can only be determined =
by parsing each one. And there is no value to include a count since you =
can compute while parsing (since you have to parse the message to =
retrieve and store variable length addresses).

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>=20
> Subsections under Section 4 treat some of the fields in different =
ways.
> For instance, in most cases the subsections do not indicate anything
> about the base fields, but for instance Subsection 4.9 does say =
something
> about Rsvd1 and Rsvd2:
>=20
>  Rsvd{1,2,3,4}:  must be set to zero and ignore on receipt.

I will make consistent that Rsvd1 and Rsvd2 fields are described up =
front and Rsvd3/Rsvd4 in the specific type definitions, since they do =
not appear in all definitions.

> This text was raised as an issue by Peter as well:
>=20
>     When there are no RTRs
>     supplied, the RTR fields can be omitted and reflected by the LCAF
>     length field or an AFI of 0 can be used to indicate zero RTRs
>     encoded.
>=20
> Why are we giving two options? Or is this a
> be-conservative-what-you-send-but-liberal-in-what-you-accept =
situation?

Because the message can be truncated (to reduce size of message), or the =
RTR field can be encoded with an AFI=3D0 (which means no RTR address =
follows).

Dino



From nobody Fri Oct 14 06:21:48 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60C82129749; Fri, 14 Oct 2016 06:21:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KT514E9xaQcu; Fri, 14 Oct 2016 06:21:23 -0700 (PDT)
Received: from mail-qt0-x22b.google.com (mail-qt0-x22b.google.com [IPv6:2607:f8b0:400d:c0d::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8761D129747; Fri, 14 Oct 2016 06:21:23 -0700 (PDT)
Received: by mail-qt0-x22b.google.com with SMTP id f6so77890844qtd.2; Fri, 14 Oct 2016 06:21:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=j20t7zjXH4La8yaGjQEJg/lHB0TGrLS6AjQCv4n1QfQ=; b=PyfmLe/YVCK3ouk3FptbY7YNBj9L6DDlVYxpZwGhFVigJjGCGGMzmg0MQuJUbtuQg3 FDVz4YQdmMIN565Zqu9J8FAHzNma4g8TyG+9k+7N/Abl2ruHqta6X0oCS0X7TdBXVNNQ H6Fu0a8mKszof8RxdoCIBOWne2Cq2TYcvbwjj8/arWMkOuByk+PXtaWnwilh3h9kQ3Ph nf1na6iIqdOjYUJvaIqkXc+bmj4hn+AewLSZ/BzVFV04AAI20+U0RBlM0pqe/5yCWCqC LCmlGo0KFZMrHGlpZoxCoBZmU1GVek9q/fECheFha28xjO2862AH3y9E0d+yse2e8iAr 5Klg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=j20t7zjXH4La8yaGjQEJg/lHB0TGrLS6AjQCv4n1QfQ=; b=GZagrYloKP4VAejFRv9NiBq4WiY9i3Vv0T9ukttn1i02WhrhLQ4swnbmHUDJTaZxTn EdXIv2ECqJ7rh9QCfSnuBUWWZt1ZEjDXiZ2VaU1xZWgpYayuxnm2fU97qYwz307IS29p yKlAAx0pNvmFNi7djM/d5LHYt+lsT51/JfTeXhsrThL87gsZNpBLBp5DfVEPBXRj5mMI EhA1Ei9larDXvm+/fAbcc8wYnPqC1FK+Mq9ZNMjqF1GqFuMqxCgnjiM23KMzle3Ly/l/ /DVrbY9QTsLjJCYkp3Oyj8yKDLPuJ1z/LRXo92vZKCkUtXGf4OCyEaAIKypqkKAqLqlU rNIQ==
X-Gm-Message-State: AA6/9RkH2o6kPph4KVa+lUblsBoc2HwAhQswjoqfpz47h8lvym+5x4ywcRt8nntkYQYlYQ==
X-Received: by 10.194.83.166 with SMTP id r6mr1995641wjy.186.1476451282348; Fri, 14 Oct 2016 06:21:22 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id pe5sm31919035wjb.15.2016.10.14.06.21.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:21:21 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147636391150.3004.8744692629400023314.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 06:21:21 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <1D8DFCE9-C1D1-47D3-9724-3DB735F4A8FF@gmail.com>
References: <147636391150.3004.8744692629400023314.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/tFvFJ9lGfmbdHpFY0auOkfflkXU>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:21:46 -0000

> I basically support Alexey's discuss position and Ben's
> comment but with a bit more detail below.

Thanks for your comments Stephen.

> - section 3: I don't see how you can produce a canonical
> order of the LCAF encodings if two can contain e.g. the
> same values other than different URLs, since there is no
> canonical way to order URLs (or JSON structures etc.)
> without a lot more specification.

We want to define an order so if an implementation parses, say Type 4, =
it can optimize to know that Types 1-3 will not come after Type 4. We =
can achieve that with this text:

  [RFC6830] states RLOC records are sorted when encoded in control
  messages so the locator-set has consistent order across all xTRs for
  a given EID.  The sort order is based on sort-key {afi, RLOC-
  address}. When an RLOC is LCAF encoded, the sort-key is {afi, LCAF-
  Type}. Therefore, when a locator-set has a mix of AFI records and
  LCAF records, they are ordered from smallest to largest AFI value.

> - 4.3: I agree with Ben's comment. You ought include some

> text here to the effect that this information can be
> privacy senseitive and to recommend not sending or
> storing it in such cases.

I did that for the next revision.

> - 4.4: there are also potential privacy issues here if
> this could be used to identify traffic that is from one
> specific host behind a NAT. A similar privacy warning
> should be included.

It does not identify any host.

> - 4.7: Sorry, when is key material sent in a message? How
> is that protected? (Key ids are fine, but not key values)

That is documented in the two use-case references.

> - 4.10.2: The same privacy issues apply here as for 4.3
> and 4.4, if the MAC address maps to e.g.  a portable
> device carried by a person.

In this case, the MAC address can be a host/person. I put a refernece to =
the Security Considersations section that references RFC6280/BCP160.

> - 4.10.3 and all of section 5: What are these for?  I
> don't see the sense in defining these if there is no well
> defined way to use them. Any of these might have
> undesirable security and/or privacy characteristics.

We have use-cases for them. And they are being documented in both other =
working group and individual contributed drafts.

> - Section 6: There are security considerations.  See
> above.

I added text per Ben=E2=80=99s comments.

Thanks,
Dino


From nobody Fri Oct 14 06:23:08 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 296F5129743; Fri, 14 Oct 2016 06:23:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.22
X-Spam-Level: 
X-Spam-Status: No, score=-2.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ce3yWtLuy6eG; Fri, 14 Oct 2016 06:22:54 -0700 (PDT)
Received: from mail-qt0-f170.google.com (mail-qt0-f170.google.com [209.85.216.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C9C7129733; Fri, 14 Oct 2016 06:22:50 -0700 (PDT)
Received: by mail-qt0-f170.google.com with SMTP id q7so75615392qtq.1; Fri, 14 Oct 2016 06:22:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=j20t7zjXH4La8yaGjQEJg/lHB0TGrLS6AjQCv4n1QfQ=; b=oFE3EncvISqhTXoM3hEAuU66Cs7tLzEsvngYrU6qg7udZd3LSjeVNe/flEyHCLGBTy 5QqJo0isgQAU1z0PB51P4Xcj+xLeWmCUurOpTk7R+ShwS3CeAWAe1tvDD5Y9RHLmTcza h+8SBwGh+lc03MejSizBrj6wU2JQ2al8hedwxkw1fZMk2Z7OwL/Lq9QH0B/3NnggAOTl xcCovUbXBpcP6V3uWekbJCI3Xp7gAZt+fJ3l1WuwN7bWIcARjmMZm4CbSPyUj/Z1VCgO uWokEkHGCvR4+1DQkC8OSPhCCO4EPu/5ghlRw2NNBQe7AXdOIYXFOGfrfrOIGIll4W7F NlKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=j20t7zjXH4La8yaGjQEJg/lHB0TGrLS6AjQCv4n1QfQ=; b=U+gH0iL4g/Xfln4rKjifvh/UhRq1YMzgHbGSFsr6zwKAbZC2wt2S6MTh6yDcnGqqsQ j+7zj69kpVR458lzFHxmbwjTfCMXW0R9BlEtt7T4BltvMfikd/9vh74AiPw94lAW4wZv JQTl1Zfyk2A/ne2iK5ma0nD/8AETw5vn+oM9GHjX3IjdI9+jLtmyjaayGcRP4W9fdd2w vwrgGq5IMX6LFsyEGBFCz1//3rkV0qeHHw6lO5d0m6OvBekGeWhYiXzD+IA6Y9EBsrsF qgaYV+6R2Gz5/zWrCQfCSt2JzJmrjOY7DRA52qeN5otXVJdb8t7XrHhQCLIsulbsRRbS +UTg==
X-Gm-Message-State: AA6/9RmuovmhV8IGRA0gp4O1lLElWBRsSKQhJhAmHoX5kXRJXtkk9a2YQTu8a+QYMMW/GA==
X-Received: by 10.194.83.166 with SMTP id r6mr1996919wjy.186.1476451309576; Fri, 14 Oct 2016 06:21:49 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id pe5sm31919035wjb.15.2016.10.14.06.21.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:21:48 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147636391150.3004.8744692629400023314.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 06:21:48 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <C8878EFC-988C-4E98-ADF1-1AC0F70A03E2@gmail.com>
References: <147636391150.3004.8744692629400023314.idtracker@ietfa.amsl.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/i8JMomWCGVoY3fga8NmmpfqTunQ>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:23:00 -0000

> I basically support Alexey's discuss position and Ben's
> comment but with a bit more detail below.

Thanks for your comments Stephen.

> - section 3: I don't see how you can produce a canonical
> order of the LCAF encodings if two can contain e.g. the
> same values other than different URLs, since there is no
> canonical way to order URLs (or JSON structures etc.)
> without a lot more specification.

We want to define an order so if an implementation parses, say Type 4, =
it can optimize to know that Types 1-3 will not come after Type 4. We =
can achieve that with this text:

  [RFC6830] states RLOC records are sorted when encoded in control
  messages so the locator-set has consistent order across all xTRs for
  a given EID.  The sort order is based on sort-key {afi, RLOC-
  address}. When an RLOC is LCAF encoded, the sort-key is {afi, LCAF-
  Type}. Therefore, when a locator-set has a mix of AFI records and
  LCAF records, they are ordered from smallest to largest AFI value.

> - 4.3: I agree with Ben's comment. You ought include some

> text here to the effect that this information can be
> privacy senseitive and to recommend not sending or
> storing it in such cases.

I did that for the next revision.

> - 4.4: there are also potential privacy issues here if
> this could be used to identify traffic that is from one
> specific host behind a NAT. A similar privacy warning
> should be included.

It does not identify any host.

> - 4.7: Sorry, when is key material sent in a message? How
> is that protected? (Key ids are fine, but not key values)

That is documented in the two use-case references.

> - 4.10.2: The same privacy issues apply here as for 4.3
> and 4.4, if the MAC address maps to e.g.  a portable
> device carried by a person.

In this case, the MAC address can be a host/person. I put a refernece to =
the Security Considersations section that references RFC6280/BCP160.

> - 4.10.3 and all of section 5: What are these for?  I
> don't see the sense in defining these if there is no well
> defined way to use them. Any of these might have
> undesirable security and/or privacy characteristics.

We have use-cases for them. And they are being documented in both other =
working group and individual contributed drafts.

> - Section 6: There are security considerations.  See
> above.

I added text per Ben=E2=80=99s comments.

Thanks,
Dino


From nobody Fri Oct 14 06:30:21 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EED371294F2; Fri, 14 Oct 2016 06:30:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIT1P04iZMd5; Fri, 14 Oct 2016 06:30:08 -0700 (PDT)
Received: from mail-lf0-x22b.google.com (mail-lf0-x22b.google.com [IPv6:2a00:1450:4010:c07::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79A121294E7; Fri, 14 Oct 2016 06:20:32 -0700 (PDT)
Received: by mail-lf0-x22b.google.com with SMTP id x79so201017501lff.0; Fri, 14 Oct 2016 06:20:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XIHFjCeLaAsgfzcT97JGOW8TN8mj8niBpQAfcda0jfg=; b=d/f7WWnUWG8qmHVpXwhcjk4g3+PEuCEmGu5lu4DUuMoGhgWJiHGzUhPBKpQfvza7D4 51XHIfSPNOOSIBRFgNAOpSS/AZfuwyzSIN53Est8EfCE6VfIC6h1M6WQGuctfYEaxmJr NFDm4KQ83tPGdTSMDNWri1R+JDAumBFXrSMxHS3E65VDlzOHw0pmcp9wO1tOZgG6Xdys fmuJgmyB3prW/GW/tZvhly343ZNZpu+qilTbxeMCN19/MgkxrM3+YjMQC/y0jcQGlDmu 6E0rJzGt9H+cToGY2PRjrSccT4zgRuR/R72Tj6s5j4NYsSElcopsG5+16gJYlxihRSCB gYLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=XIHFjCeLaAsgfzcT97JGOW8TN8mj8niBpQAfcda0jfg=; b=NTxwYdOEISumHTPuZEUTBW368toIxr4uMW2TJMEnCJO6AOQuvUtMaMZVoP3+JEqvVO cETrY1j3H9m5wW9qpeyMGljgK8zFsERJ+JFK7KVkL0WlTwuLDdEcTgKIVB1l4Vb05ukN zNfBmhTBmEa8L7jrs3AiW4fdtOZ9v7N6nqnKKDVB5MXG7wFfGbBrDOqaDJj0RGjQicJ9 7GeWJqj54V9FlERe7FEHF4zDphXQaUcz/z9nLbcye40wapd72XkbAj2t5CxhMrWzlkhB EcXoNV9fCoVrq75ksoh4cyHBzqNr8erF8dVwziWlevShFlSTQQgaNaFXHNslxn79LPd0 AVoA==
X-Gm-Message-State: AA6/9Rnxaln9ejPGsiEFEcEXyJ2L1xdjeA5qTkSl5lSUxHWwIR89PrI7Bh/enc1nqDiIOg==
X-Received: by 10.28.66.26 with SMTP id p26mr5631404wma.120.1476451230676; Fri, 14 Oct 2016 06:20:30 -0700 (PDT)
Received: from [10.12.7.153] ([37.205.61.206]) by smtp.gmail.com with ESMTPSA id pe5sm31919035wjb.15.2016.10.14.06.20.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Oct 2016 06:20:30 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <147634852994.2910.361748252588624377.idtracker@ietfa.amsl.com>
Date: Fri, 14 Oct 2016 06:20:29 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <0961C855-7F15-49E0-89B8-C1BB2CF8E834@gmail.com>
References: <147634852994.2910.361748252588624377.idtracker@ietfa.amsl.com>
To: Jari Arkko <jari.arkko@piuha.net>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/VpeOM3dBref2jQ5OP_3CeZ911pg>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, peter@akayla.com, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Jari Arkko's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:30:15 -0000

> Thanks for writing this doc. I plan to recommend its approval, but =
there
> were a couple of things that I think should be fixed for clarity =
before
> issuing the RFC. First, I agree with Peter Yee who did a Gen-ART =
review
> on this document:

Thanks for your comments Jari. See responses inline.

> Page 6, Rsvd2 definition: the definition both says "reserved for =
future
> use"
>> and then says some types actually use it.  That sounds like present
> use.
>> And to generically say that it should be sent as zero and ignored, =
but
> then
>> to give uses (such as Type 2)  for it  is confusing.  I suggest
> rethinking
>> the wording here.
>=20
> The type that seems to differ from the "ignore" advice in Section 3 is
> Type 14. Perhaps you can reword somehow, or name the Rsvd2 field to
> Flags, and let the Subsections define that as "set to 0 and ignore on
> receipt". Or something along those lines?

I have suggested (and rewritten) that Rsvd2 be sent as 0 and ignored on =
receipt throughout.

> I also agree with this comment and believe the text should be =
corrected:
>=20
>> Page 6, Length definition: there's mention of a "Reserved" field
> that's
>> included in the minimum length of 8 bytes that are not part of the
> length
>> value.  Since there are actually Rsvd1 and Rsvd2 fields in the =
generic
>> version of the LCAF and sometimes even Rsvd3 and Rsvd4 fields when
> using
>> specific Types, it might be better to spell out which reserved fields
> (Rsvd1
>> and Rsvd2) are meant here rather than giving the field a summary name
> that
>> doesn't actually appear in the format.  This is also important =
because
> any
>> Rsvd3 and Rsvd4 fields are included in the Length field, so using a
> generic
>> "Reserved" description is ambiguous at best.

When the Length field is 0, it means that no more data follows (for the =
LCAF encoding), however the first 8 bytes of the LCAF are still included =
in the message. So I am trying to discuss the minimum length of the =
message (which is 8 bytes).

I have fixed the text to refer to Rsvd1 and Rsvd2 instead of =
=E2=80=9CReserved=E2=80=9D since there is nothing labled =E2=80=9CReserved=
=E2=80=9D.

>=20
> And this seems like a bug as well:
>=20
>> Page 13, RTR RLOC Address definition, 4th sentence: The ability to
> determine
>> the number of RTRs encoded by looking at the value of the LCAF length
>> doesn't seem feasible.  3 IPv4 RTR RLOCs will produce the same LCAF
> Length
>> as 1 IPv6 RTR RLOC.

It is not a bug. The number of addresses encoded can only be determined =
by parsing each one. And there is no value to include a count since you =
can compute while parsing (since you have to parse the message to =
retrieve and store variable length addresses).

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>=20
> Subsections under Section 4 treat some of the fields in different =
ways.
> For instance, in most cases the subsections do not indicate anything
> about the base fields, but for instance Subsection 4.9 does say =
something
> about Rsvd1 and Rsvd2:
>=20
>  Rsvd{1,2,3,4}:  must be set to zero and ignore on receipt.

I will make consistent that Rsvd1 and Rsvd2 fields are described up =
front and Rsvd3/Rsvd4 in the specific type definitions, since they do =
not appear in all definitions.

> This text was raised as an issue by Peter as well:
>=20
>     When there are no RTRs
>     supplied, the RTR fields can be omitted and reflected by the LCAF
>     length field or an AFI of 0 can be used to indicate zero RTRs
>     encoded.
>=20
> Why are we giving two options? Or is this a
> be-conservative-what-you-send-but-liberal-in-what-you-accept =
situation?

Because the message can be truncated (to reduce size of message), or the =
RTR field can be encoded with an AFI=3D0 (which means no RTR address =
follows).

Dino



From nobody Fri Oct 14 12:07:47 2016
Return-Path: <jari.arkko@piuha.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A795712988E; Fri, 14 Oct 2016 12:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.896
X-Spam-Level: 
X-Spam-Status: No, score=-4.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P-PBvepIhBja; Fri, 14 Oct 2016 12:07:41 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2a00:1d50:2::130]) by ietfa.amsl.com (Postfix) with ESMTP id 15B151293F2; Fri, 14 Oct 2016 12:07:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id E54B72CCE7; Fri, 14 Oct 2016 22:07:39 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id waq5moISbfIM; Fri, 14 Oct 2016 22:07:39 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id 62E202CC95; Fri, 14 Oct 2016 22:07:39 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_FB7EBE15-AED4-4952-9D1D-2526B2B10CF6"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <BD45F786-7B14-4379-B1E8-41E3E675AD34@gmail.com>
Date: Fri, 14 Oct 2016 22:07:37 +0300
Message-Id: <65A6214C-5A19-4CE1-91D2-3B422F51F911@piuha.net>
References: <147634852994.2910.361748252588624377.idtracker@ietfa.amsl.com> <BD45F786-7B14-4379-B1E8-41E3E675AD34@gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/ONE0Xe8AM3NuqHwbU2lHTfMXgBY>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, peter@akayla.com, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Jari Arkko's Discuss on draft-ietf-lisp-lcaf-17: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 19:07:47 -0000

--Apple-Mail=_FB7EBE15-AED4-4952-9D1D-2526B2B10CF6
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Thanks. All seems reasonable. I cleared, and will let you update the doc =
as instructed by your AD.

Jari


--Apple-Mail=_FB7EBE15-AED4-4952-9D1D-2526B2B10CF6
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYASz6AAoJEM80gCTQU46qK+EP/3Y5BtFW74naCbgyef0BmeF8
k4I+h4TlpKyL7S0Nmu/5acOk2oK8fccNXCDzdGk/ttZhT2qmaxkeJHtWDs3YKf2M
IMwrKtoP5uK+0AOgdfDoR/TPwUks3Y9RKc5gfv72pI9L1rB/1k28O4mqc1Hqwa9t
Jmymh7b3Yl3shOMcSe456O+V+PFZF2CZYvi6eSTRTfg5kz1tZueNUwAz7YSthqb1
8+xP0Jpv8Gq0n6U1JBLT+RMLpAuYffQrVQR9rg+eDAN66JT+NRhA1aJr/YdjSnyC
tmLDnfp/HxKP/UCulki0EAb3BW0VWWjNsOtOEOIfCEdVte3janxdmMgZ0AZv+HRK
GURmHmdEBn0822anSUpVTYRLspjZNqjxiF6BRx7YrGZy7IN7xx3EgV62SXJpykEb
MCjMl+h1NXRQAcH8Lbxm5e3dbhVGp/Dt7cFql7mLflP+9dBS6RMte+XIF1ccfVeL
DuQTIJr3T+86zmaz0uM4FC5+ENkBr6S7MSBip+2ANca51VLgL2PvJICfn9+Lg8PH
iLJa35Xs/MRiKO7sGn1q621gfx1MTpxd8HbtCXkWjjViimwmBidVHHQYlBC90kTW
bpZDRESPEwtcQI9Iua/5AyEyqj9O7CfW+2RBL2g52bzNTnYkvmR4HFywnumgWdBd
RC5aBMC9hOthbxBxx8JO
=+igv
-----END PGP SIGNATURE-----

--Apple-Mail=_FB7EBE15-AED4-4952-9D1D-2526B2B10CF6--


From nobody Fri Oct 14 18:29:44 2016
Return-Path: <worley@alum.mit.edu>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAB13129609 for <lisp@ietfa.amsl.com>; Fri, 14 Oct 2016 18:29:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level: 
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lL-24uanZvRZ for <lisp@ietfa.amsl.com>; Fri, 14 Oct 2016 18:29:17 -0700 (PDT)
Received: from resqmta-po-06v.sys.comcast.net (resqmta-po-06v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:165]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A00F129458 for <lisp@ietf.org>; Fri, 14 Oct 2016 18:29:06 -0700 (PDT)
Received: from resomta-po-16v.sys.comcast.net ([96.114.154.240]) by resqmta-po-06v.sys.comcast.net with SMTP id vDmOb7ZSMjWBpvDmbb6HPu; Sat, 15 Oct 2016 01:29:05 +0000
Received: from hobgoblin.ariadne.com ([73.16.37.18]) by resomta-po-16v.sys.comcast.net with SMTP id vDmZb2GrVwz9xvDmab4Cop; Sat, 15 Oct 2016 01:29:04 +0000
Received: from hobgoblin.ariadne.com (hobgoblin.ariadne.com [127.0.0.1]) by hobgoblin.ariadne.com (8.14.7/8.14.7) with ESMTP id u9F1T234010850 for <lisp@ietf.org>; Fri, 14 Oct 2016 21:29:02 -0400
Received: (from worley@localhost) by hobgoblin.ariadne.com (8.14.7/8.14.7/Submit) id u9F1T2eF010847; Fri, 14 Oct 2016 21:29:02 -0400
X-Authentication-Warning: hobgoblin.ariadne.com: worley set sender to worley@alum.mit.edu using -f
From: worley@ariadne.com (Dale R. Worley)
To: lisp@ietf.org
Sender: worley@ariadne.com (Dale R. Worley)
Date: Fri, 14 Oct 2016 21:29:02 -0400
Message-ID: <87bmym4cyp.fsf@hobgoblin.ariadne.com>
X-CMAE-Envelope: MS4wfDOyTJ1ATFnjYlnyuI9SLzkz+y4gMS3t47JJkoewFxERw5x6olsUxInnxsPnbDRoDKrY2qjKGpGsYREm+MA6MicavCS2vk95Bn0IkN6lstvoSbWHbK5g ea+urPl8+zd4qL5Yw5FNnyhIpVYeQhAy4Gv2lVvtPVsHT3pdz0QJ2r04
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/nnWuDsuzte-NhogrIOa9yaYf5R4>
Subject: [lisp] Gen-ART IETF Last Call review of draft-ietf-lisp-ddt-08
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2016 01:29:20 -0000

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at
<http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Document: draft-ietf-lisp-ddt-08
Reviewer: Dale R. Worley
Review Date: 2016-10-09
IETF LC End Date: 2016-10-17
IESG Telechat date: 2016-10-27

Summary: This draft is on the right track but has open issues,
described in the review.

I believe that the technical specifics in this draft have been
settled, but in many places the wording is unclear and contradictory
in minor ways to the point that I was uncertain whether I understood
what is intended.  The result is that this review is excessively long,
as I can only point to the items that appear problematic, rather than
pointing out the adjustments that would cure the problems.

I suspect that as the design has evolved, the text has been revised
many times, leading to incompletenesses and inconsistencies.  The
danger, in my opinion, is that no part of the document can be reliably
understood without correlating it with many other parts of the
document, that many implementers will make mistakes of interpretation,
and that there may be points on which people believe consensus was
reached, but that their understandings of the point were contradictory.

I think that the document needs a careful final editing to bring the
terminology and all parts of the document into sync.  That will also
reveal whether there are points on which people mistakenly believed
there was consensus.

I begin with a list of more global issues, then continue with comments
on specific parts.

* In regard to XEIDs:  The concept of XEID unifies the treatment of
DBID, IID, AFI, and EID.  Essentially all of the processing in the
draft is simplified by expressing processing in terms of XEIDs.  For
instance, delegation based on DBID, IID, or AF becomes just a special
case of delegation based on XEID-prefix.  However, it's not clear to
me whether this concept is followed in the text.  For example:

In section 3, definition "XEID-prefix" seems to assume that an
XEID-prefix will always contain a complete DBID, IID, and AFI.

In section 4.2.1:

   The root DDT node is the logical "top" of the database hierarchy:
   DBID=0, IID=0, AFI=0, EID-prefix=0/0.

But really, the condition of a root node is that it's authoritative
for the *empty* XEID-prefix.

There is also the suggestion here that an AFI of 0 is somehow a
wildcard match for any AFI value.  That is a special case that can be
eliminated by considering the entire XEID to be prefixable.

On the other hand, this text in 7.3.1 suggests that there is a "null
prefix" which is (or is equivalent) to the XEID-prefix of 0 bits:

   the "referral XEID-prefix" is also initialized to the null value
   since no referral has yet been received.

* In regard to the special fields in XEID, viz., DBID, IID, and AFI,
those need to be described in a way that doesn't leave loose ends, by
either describing how they are expected to be used or referring to a
document that does so.  In this document, a lot of that information is
bundled into the definitions of "Extended EID (XEID)" and
"XEID-prefix" in section 3.  It would be best if this information
appeared in its own paragraphs.

It appears to me that it is expected that DBID will always be zero
(see definition "XEID-prefix"), but the machinery is defined so that
other values can be used.

IID is presumably expected to be zero except when VPNs are used.  (see
definition "Extended EID (XEID)")  

Note that definition "Extended EID (XEID)" says "optionally extended
with a non-zero Instance ID".  Read literally, that means that zero
IIDs aren't included in the XEID, which would be insanity.  The text
needs to clarify that IID is always present in the XEID, but is
normally zero.

AFI is taken from http://www.iana.org/numbers.html, but you have to go
through the link to draft-ietf-lisp-lcaf to discover that; it should
be stated in this draft.

* For any given delegated prefix, there can be more than one "peer"
DDT nodes that contain duplicated information about the prefix.  But
the term "peer" isn't defined in the lexicon, and there is no explicit
statement that the peers (for a prefix) must contain the same
information.

* It appears that "Map Server" has been defined elsewhere (RFC 6833),
and that Map Servers can automatically be DDT nodes.  Or is it that
some Map Servers are also equipped with DDT node functionality?  If
this draft places further requirements on Map Server DDT nodes, then
this draft should be noted as updating RFC 6833.

* There seems to be two meanings of "DDT node".  One is a broad sense,
and is any server that responds to Map-Request.  The other is a narrow
sense, and means any DDT node in the broad sense that is not a Map
Server, and thus is allowed to contain prefix delegations.  These
terms need to be separated, and the uses of "DDT node" in the draft
need to be revised to the correct term.

However, the preceding paragraph assumes that a DDT node is not
allowed to contain both prefix delegations and ETR registrations.
That seems to be the case because in many places, those classes of
nodes are required to behave differently (e.g., return different error
codes for nonexistent prefixes) and be treated differently by other
DDT nodes (e.g., referrals to them are given with different action
codes).  But there are a few places where the text suggests that a DDT
node could contain both prefix delegations and ETR registrations.

* Is it really true that two Map Servers that are authoritative for
the same XEID prefix can contain different sets of ETR registrations?
That is, the DDT client (the Map Resolver) may be required to query
the entire set of peer Map Servers to find the right ETR registration?
Perhaps the answer is defined in the RFC describing Map Servers, but
it affects one's understanding of this draft enough that it should be
stated in the overview.

* The role of hints is not clear.  Clearly, a DDT node can be
configured with hints regarding some XEID-prefix, but what are the
limitations on what RLOCs must be provided in a hint?  This seems
especially important because it seems in practice that the
authoritative nodes for a prefix might be reconfigured without anyone
realizing that the hints in nodes farther down the tree need to be
updated.  In particular, when should the DDT client follow a hint?
Hints seem to provide the possibility of circular references.  Given
that this is an Experimental draft, perhaps the best use of hints is
an "open issue and consideration", and by listing it in section 11,
these questions need not be answered now.

1.  Introduction

   LISP offers a general-purpose mechanism for mapping between EIDs and
   RLOCs.  In organizing a database of EID to RLOC mappings, this
   specification extends the definition of the EID numbering space by
   logically prepending and appending several fields for purposes of
   defining the database index key: Database-ID (DBID, 16 bits),
   Instance identifier (IID, 32-bits), Address Family Identifier (16
   bits), and EID-prefix (variable, according to AFI value).  The
   resulting concatenation of these fields is termed an "Extended EID
   prefix" or XEID-prefix.

This paragraph is undecided whether it is defining XEID or
XEID-prefix.  Better, I think is to define XEID first and then define
XEID-prefix based on that:

   this
   specification extends the definition of the EID numbering space by
   logically concatenating several fields for purposes of
   defining the database index key: Database-ID (DBID, 16 bits),
   Instance identifier (IID, 32-bits), Address Family Identifier (16
   bits), and EID (variable length, according to AFI value).  The
   resulting concatenation of these fields is termed an "Extended EID"
   or XEID.  Prefixes within the XEID space are thus "Extended EID
   prefixes" or XEID-prefixes.

--

   It
   also provides delegation information to Map Resolvers, which use the
   information to locate EID-to-RLOC mappings.

There needs to be clarification regarding the relationship between
"Map Resolver" and "DDT client".  As far as I can tell, in all places
in this document, "DDT client" is the correct term, though it is
expected that most (but not all) DDT clients will be Map Resolvers.
So this text should be something like

   It
   also provides delegation information to DDT clients (which are
   usually Map Resolvers, but may be ITRs), which use the
   information to locate EID-to-RLOC mappings.

and approximately all uses of "Map Resolver" should be changed to "DDT
client".

   LISP-DDT defines a new device type, the DDT node, that is configured
   as authoritative for one or more XEID-prefixes.

Here would be a good place to lay out clearly the relationship between
DDT node and Map Server:  whether nodes that do delegation are
disjoint from Map Server nodes, etc.

3.  Definition of Terms

   Extended EID (XEID):  a LISP EID, optionally extended with a non-
      zero Instance ID (IID) if the EID is intended for use in a context
      where it may not be a unique value, such as on a Virtual Private
      Network where [RFC1918] address space is used.  See "Using
      Virtualization and Segmentation with LISP" in [RFC6830] for more
      discussion of Instance IDs.

   XEID-prefix:  a LISP EID-prefix with 16-bit LISP-DDT DBID (provided
      to allow the definition of multiple databases; currently always
      zero in this version of DDT, with other values reserved for future
      use), 32-bit IID and 16-bit AFI prepended.  Encoding of the
      prefix, its AFI and the instance ID (IID) are specified by
      [I-D.ietf-lisp-lcaf].  An XEID-prefix is used as a key index into
      the database.

These can be simplified by moving the details of the XEID format and
the values of the fields into separate paragraphs (as discussed
above).

   DDT node:  a network infrastructure component responsible for
      specific XEID-prefix and for delegation of more-specific sub-
      prefixes to other DDT nodes.

A DDT node can be authoritative for more than one prefix (see section
4.2 and section 10, paragraph 2), so "specific XEID-prefix" should be
"specific XEID-prefix(es)".

   DDT Map Resolver:  a network infrastructure element that accepts a
      Map-Request, adds the XEID to its pending request list, then
      queries one or more DDT nodes for the requested EID, following
      returned referrals until it receives one with action code MS-ACK
      (or an error indication).  MS-ACK indicates that the Map-Request
      has been sent to a Map Server that will forward it to an ETR that,
      in turn, will provide a Map-Reply to the original sender.  A DDT
      Map Resolver maintains both a cache of Map-Referral message
      results containing RLOCs for DDT nodes responsible for XEID-
      prefixes of interest (termed the "referral cache") and a pending
      request list of XEIDs that are being resolved through iterative
      querying of DDT nodes.

This isn't really a definition of what how Map Resolver fits into the
overall scheme, but an outline of Map Resolver processing.  The
description of processing should be moved somewhere else.  Also, any
DDT client that is not a Map Resolver must do the same processing, so
"DDT client" and "DDT Map Resolver" should be merged.

   DDT Map-Request:  an Encapsulated Map-Request sent by a DDT client to
      a DDT node.  The "DDT-originated" flag is set in the encapsulation
      header ...

Given the importance of Map-Request messages, it might be worth
mentioning that they are defined in RFC 6830.

What is the need for the DDT-originated flag?  It seems from the
definition "Encapsulated Map-Request" that EMRs from ITRs to Map
Resolvers never have the flag set, EMRs from Map Resolvers to DDT
nodes (including Map Servers) always have the flag set, and EMRs from
Map Servers to ETRs never have the flag set.  But if that is so, no
type of device can receive EMRs that both have the flag set and not.

Hmmm, the exception is if an ITR acts as a DDT client sends a
Map-Request directly to DDT nodes.  But in that case, the DDT nodes
would process the Map-Request in exactly the same way as a Map
Resolver, so there is no need for a "D" flag.

Also, the definition of the flag in section 5 is awkward:

   D: The "DDT-originated" flag.  It is set by a DDT client to indicate
      that the receiver SHOULD return Map-Referral messages as
      appropriate.  Use of the flag is further described in
      Section 7.3.1.  This bit is allocated from LISP message header
      bits marked as Reserved in [RFC6830].

If the flag *means* "DDT-originated", then the message must have come
from a DDT client, and the receiver MUST return Map-Referral messages
-- that's what this draft is specifying!

I get the feeling that the D flat is (or was) intended to work like
the DNS "recursion" flag, it tells whether the client is willing to
accept and follow Map-Referral messages, or whether the client wants
to put that work of following referrals on the server.  But as the
lexicon makes clear, *any* DDT client must be willing to follow
Map-Referral messages, and DDT nodes are *never* required to follow
referrals on behalf of the DDT client.

   Map-Referral:  a LISP message sent by a DDT node in response to a DDT
      Map-Request for an XEID that matches a configured XEID-prefix
      delegation.  A non-negative Map-Referral includes a "referral", a
      set of RLOCs for DDT nodes that have more information about the
      sub-prefix; 

The phrase "more information" is used in various places, but it is not
really informative.  As far as I can tell, all uses of "DDT nodes that
have more information" mean "DDT nodes to which that XEID has been
delegated".  Unless perhaps hints are also considered to point to "DDT
nodes that have more information", in which case the term "more
information" needs to be defined specifically, as it doesn't always
mean a delegation relationship.

   Negative Map-Referral:  a Map-Referral sent in response to a DDT Map-
      Request that matches an authoritative XEID-prefix but for which
      there is no delegation configured (or no ETR registration if sent
      by a DDT Map-Server).

I'd describe a negative Map-Referral as an answer from an
authoritative DDT node that there is no mapping for the requested
XEID.  That happens because the request is sent to an authoritative
DDT node "but for which there is no delegation configured (or no ETR
registration if sent by a DDT Map-Server)", but the core semantics is
an authoritative denial of a mapping.

   Pending Request List:  the set of outstanding requests for which a
      DDT Map Resolver has received encapsulated Map-Requests from a DDT
      client for an XEID.

Is it correct that a DDT Map Resolver can receive Map-Requests from
DDT clients?  I thought a Map Resolver could only receive them from
ITRs, and a DDT client could only send them to DDT nodes.  If a Map
Resolver can receive requests from other Map Resolvers, there are
complexities of behavior that don't seem to be described in this
draft.

In any case, does this need an entry in the lexicon?  It seems that a
pending request list is an implementation detail and should be
described in the algorithm description sections.

   It is important to note that LISP-DDT does not store actual EID-to-
   RLOC mappings; it is, rather, a distributed index that can be used to
   find the devices (Map Servers and their registered EIDs) that can be
   queried with LISP to obtain those mappings.

This text defines that Map Servers are not part of DDT, but the
lexicon refers to DDT Map Servers.  And actually, its the ETRs that
store the EID-to-RLOC mappings, not the Map Servers (except when the
Map Server is proxying for the ETR).

6.1.  Action codes

   MS-ACK (2):  indicates that a replying DDT Map Server received a DDT

s/a replying/the replying/

   NOT-AUTHORITATIVE (5):  indicates that the replying DDT node received
      a Map-Request for an XEID-request for which it is not
      authoritative.  This can occur if a cached referral has become
      invalid due to a change in the database hierarchy.

There's a treacherous case of how hints are returned by a DDT node.
Reading the above definition, it's clear that a hint should be
returned with a NON-AUTHORITATIVE action code, because the node isn't
authoritative for the XEID.  Then again, section 6.1 suggests that
hints are returned as NODE-REFERRAL or MS-REFERRAL.  If so, things get
messy -- How is the DDT client to know that the referral set is a hint
rather than an authoritative delegation?  And that distinction is
necessary because the client can't fully trust hints.

6.3.  Incomplete flag

   o  If it is setting action code MS-ACK or MS-NOT-REGISTERED but does
      not have configuration for other "peer" DDT nodes that are also
      authoritative for the matched XEID-prefix.

Is this situation equivalent to the referral set being a hint rather
than a delegation?  Or rather, a hint which the DDT node doesn't
believe is the complete peer set for the prefix?  (Is there any way
for a DDT node to know that it has the complete peer set?)  In any
case, it seems to me that this might be usefully changed to "hint
flag".

6.4.  Map-Referral Message Format

Is it intended that the "record" and "ref" sections can be repeated?
That is a different usage of bracketing than in the figure in section
5, and if so, should be described in the text.

I note that this section lists all the action codes, as does section
6.1.  It seems like these should be consolidated into section 6.1.

The handling of the "Incomplete" column of the table cannot be
correct.  There is no way for a node to send hints and mark them
Incomplete, and the description at the top of page 12 is incompatible
with the contents of the table.

   Loc/LCAF-AFI: If this is a Loc AFI, keys SHOULD NOT be included in
   the record.  If this is a LCAF AFI, the contents of the LCAF depend
   on the Type field of the LCAF.  Security material are stored in LCAF
   Type 11.  DDT nodes and Map Servers can use this LCAF Type to include
   public keys associated with their Child DDT nodes for a XEID-prefix
   referral record.  LCAF types and formats are defined in
   [I-D.ietf-lisp-lcaf].

This paragraph doesn't make sense in this context.  The terms "Loc",
"keys", "LCAF", "Security material" are all undefined in this context.

   Note, though,
   that the set of RLOCs correspond to the DDT node to be queried as a
   result of the referral not the RLOCs for an actual EID-to-RLOC
   mapping.

I take it that the "Ref" sections is counted by the "Referral Count"
field, and that the "Loc/LCAF-AFI" and "Locator" fields contain the
RLOCs of the set of DDT nodes that are the referral set.  It might
help the reader to rephrase this sentence in those terms.

6.4.1.  SIG section

   Sig Length: The length of the Signature field.

Is this measured in bytes?

   Signature: Contains the cryptographic signature that covers the
   entire record.  The Record TTL and the sig fields are set to zero for
   the purpose of computing the Signature.

It's not clear to me why the Record TTL should be set to zero for
computing the signature, given that you'd want to protect the TTL from
modification.  Also, what is the relationship between Record TTL and
Original Record TTL?  As far as I can tell, no DDT element can receive
a Map-Referral Record from another element and pass it on to a third
element, so there need never be TTL skew between when a record was
signed and when it was sent.

It seems awkward to compute the signature by first laying out the Sig
section and filling it with zeros when the same benefit could be
obtained by omitting the Sig section from the part of the record whose
signature is calculated.

Is it a problem that Original Record TTL, Signature Expiration, and
Signature Inception aren't protected by the signature?

7.1.1.  Match of a delegated prefix (or sub-prefix)

   If the delegation is known to be a DDT Map Server,

This seems to assume that either all delegatees are Map Servers or
none are.  All of the processing algorithms seem to presuppose that a
set of peers either are all Map Servers or all are not, but there
doesn't seem to be an explicit requirement of that.

7.1.2.  Missing delegation from an authoritative prefix

   If the requested XEID did not match a configured delegation but does
   match an authoritative XEID-prefix, then the DDT node MUST return a
   negative Map-Referral that uses the least-specific XEID-prefix that
   does not match any XEID-prefix delegated by the DDT node.

It would be a bit clearer if "the least-specific XEID-prefix" was
changed to "the least-specific prefix of the XEID".

   If the requested XEID did not match either a configured delegation or
   an authoritative XEID-prefix, then negative Map-Referral with action
   code NOT-AUTHORITATIVE MUST be returned.

I understand what you mean, but this isn't phrased quite right in
regard to hints, because the DDT node may have a hint for an
XEID-prefix that is neither a configured delegation nor within one of
its authoritative XEID-prefixes, but hints are returned with
NODE-REFERRAL.

7.3.  DDT Map Resolver
7.3.1.  Queuing and sending DDT Map-Requests

I think there is an issue around the cache.  Usually (IMHO) when
discussing "resolvers", the "cache" is entirely transient information
that the resolver has acquired from other devices, it doesn't contain
configured information.  But in some places, the draft reads as if the
configured information is permanently present in the cache.  If that
is so, it would help the reader (i.e., this reader!) if when the cache
is introduced that it was stated that the configured delegations (and
hints) are permanently resident in the cache.

That is, this should be promoted from section 7.3.1 to 7.3 where the
structure (rather than the detailed behavior) of a Map Resolver is
discussed:

   The referral cache is initially populated with one or more
   statically-configured entries;

Similarly this is a structural statement about the cache:

   A DDT Map Resolver is not absolutely required to cache referrals,
   but it doing so decreases latency and reduces lookup delays.

--

   Note that in normal use on the public Internet, the statically-
   configured initial referral cache for a DDT Map Resolver should
   include a "default" entry with RLOCs for one or more DDT nodes that
   can reach the DDT root node.

This suggests that it will be common that a Map Resolver won't be
configured with the RLOCs of the root nodes (which is different from
the common DNS usage), but rather configured with the RLOCs of nodes
that contain a hint for the null prefix and the root nodes.  (Also,
"can reach" should be changed to "containing hints for".)  If this is
so, then the operation of hints is a central part of the DDT protocol
and (IMO) it would greatly help if the role and processing of hints
was outlined in some location.  In particular, it suggests that all
nodes that are expected to be the initial node for an extensible
population of Map Resolvers SHOULD be configured with a hint for the
root nodes.

There is also a possible conflict with section 10 -- the Map Resolver
isn't expected to be configured with the RLOCs of the root servers,
but it is expected to be configured with the public keys of the root
servers.  Indeed, given the language in section 10, the keys can
differ between the various root DDT nodes, which means that in order
to configure the Map Resolver with the public keys of the root
servers, it must be configured with their RLOCs.

7.3.2.  Receiving and following referrals

   If the maximum number of retransmissions has occurred and all RLOCs
   have been tried, then the pending request list entry is dequeued.

This isn't phrased quite right, because it requires a further
retransmission if "the maximum number of retransmissions has occurred"
but not "all RLOCs have been tried" -- and that would mean sending
more retransmissions than the "maximum number".

I believe that the intention is that the Map Resolver must attempt to
contact all relevant RLOCs, but that it must also send at least
"number of retransmissions", meaning that if there are fewer RLOCs
than that number, some RLOCs will be attempted more than once.  If
that is so, then "maximum number" should be "minimum number".

OTOH, if "maximum number" is intended, then the text should be "If the
maximum number of retransmissions has occurred or all RLOCs have been
tried".

Also, this paragraph should specify what response the Map Resolver
should send if processing is terminated due to response time-out.  As
written, the text doesn't require the Map Resolver to send *any*
response, which seems like a bad design.

   MS-REFERRAL:  The DDT Map Resolver follows an MS-REFERRAL in the same
      manner 

It might be better to say "processes" than "follows".

   MS-ACK:  This is returned by a DDT Map Server to indicate that it has
      one or more registered ETRs that can answer a Map-Request for the
      XEID and the request has been forwarded to one of them

It's not clear to me how the Map Server or ETR knows the address of
the DDT client to which to send the Map-Reply.  It seems that the
address must be in the Map-Request message, but reading that section
of RFC 6830 doesn't make it clear to me how that is done.

The processing regarding MS-ACK is not clear to me.  It would help if
there was an overview discussion of the four-way dance between the DDT
client, the Map Resolver, the Map Server, and the ETR.  (Some times
the Map Server also does the ETR's job.)  Since one step of it is for
the ETR to send Map-Replay to the DDT client, this processing doesn't
break down into separate client/Map Resolver, Map Resolver/Map Server,
and Map Server/ETR components, there's a specific overall structure.

In particular, what happens when a Map Resolver sends a Map-Request to
a Map Server without LISP-SEC information?  It appears that processing
goes through two cycles, with a second cycle when the Map Resolver
re-sends the Map-Request to the Map Server with LISP-SEC information.
The Map Server seems to return MS-ACK messages to the Map Resolver in
both cycles, and there is no special marking in the first MS-ACK
message to indicate that resending must be done (the Map Resolver can
determine that itself).  But presumably, the Map Server forwards the
Map-Request to the ETR in both cycles, and the ETR sends Map-Replys to
the client in both cycles.  Presumably the first Map-Reply is useless
to the client (otherwise there wouldn't need to be two cycles), but
it's not clear how the client deals with two replies.

   MS-NOT-REGISTERED:  ...
      The DDT Map Resolver MUST return a negative
      Map-Reply to the original Map-Request sender; this Map-Reply
      contains the non-registered XEID-prefix whose TTL value SHOULD be
      set to one minute.

I think "non-registered XEID-prefix" is meant to mean "least-specific
prefix of the XEID for which no registrations exist".

   NOT-AUTHORITATIVE:  ...
      The pending request is silently discarded, i.e. all state
      for the request that caused this answer is removed and no answer
      is returned to the original requester.

It seems like a poor design to return no response.  Is there not some
sort of "server failure" response that can be returned to the DDT
client?

8.  Pseudo Code and Decision Tree diagrams

Care needs to be taken here as to whether the pseudo-code and decision
trees are normative or not.  Generally, algorithms enunciated in RFCs
are marked as non-normative, as the implementation is usually allowed
to deviate from the stated algorithm as long as it satisfies the
constraints written in the text.

9.  Example topology and request/referral following

   The same principle
   of hierarchical delegation and pinpointing referrals is equally
   applicable to any AF whose address hierarchy can be expressed as a
   bitstring with associated length.

This sentence seems to be redundant because we've been assuming all
along that in any address family used by DDT the address hierarchy is
expressed as bistrings with lengths.

Are lines in the diagram intended to cross?  If so, they could be
clarified as:

      +---------------------+  +---------------------+
      |  root1: 192.0.2.1   |  |  root2: 192.0.2.2   |
      | authoritative: ::/0 |  | authoritative: ::/0 |
      +---------------------+  +---------------------+
                 |         \   /        |
                 |          \ /         |
                 |           X          |
                 |          / \         |
                 |         /   \        |
                 |        |     |       |
                 V        V     V       V
  +-------------------------+  +--------------------------+
  |  DDT node1: 192.0.2.11  |  |  DDT node2: 192.0.2.12   |
  |     authoritative:      |  |      authoritative:      |
  |      2001:db8::/32      |  |       2001:db8::/32      |
  +-------------------------+  +--------------------------+
                 |         \   /        |
                 |          \ /         |
                 |           X          |
                 |          / \         |
                 |         /   \        |
                 |        |     |       |
                 V        V     V       V
 +--------------------------+  +---------------------------+
 | Map-Server1: 192.0.2.101 |  |  DDT node3: 192.0.2.201   |
 |      authoritative:      |  |      authoritative:       |
 |    2001:db8:0100::/40    |  |    2001:db8:0500::/40     |
 | site1: 2001:db8:0103::/48|  +---------------------------+
 | site2: 2001:db8:0104::/48|     |                    |
 +--------------------------+     |                    |
                                  |                    |
                                  |                    |
                                  V                    V
           +---------------------------+   +---------------------------+
           | Map-Server2: 192.0.2.211  |   | Map-Server3: 192.0.2.221  |
           |      authoritative:       |   |      authoritative:       |
           |    2001:db8:0500::/48     |   |    2001:db8:0501::/48     |
           |site3: 2001:db8:0500:1::/64|   |site5: 2001:db8:0501:8::/64|
           |site4: 2001:db8:0500:2::/64|   |site6: 2001:db8:0501:9::/64|
           +---------------------------+   +---------------------------+


10.  Securing the database and message exchanges

   Each DDT node is configured with one or more public/private key
   pair(s) that are used to digitally sign referral records for XEID-
   prefix(es) that the DDT node is authoritative for.  In other words,
   each public/private key pair is associated with the combination of a
   DDT node and the XEID-prefix that it is authoritative for.

s/the XEID-prefix/an XEID-prefix/

But the first sentence doesn't say the same thing as the second
sentence.  Better would be

   Each DDT node is configured with one or more public/private key
   pairs for each XEID-prefix that it is authoritative for, and those
   keys are used to sign referral records for XEID-prefixes within the
   authoritative XEID-prefix.

Also, there should be some text as to whether a node is required to
sign a referral record with *all* of its keys.  And in general, there
should be some discussion of the significance and use of multiple keys
for a single DDT node/authoritative prefix.

   Every DDT
   node is also configured with the public keys of its children DDT
   nodes.  By including public keys of target child DDT nodes in the
   Map-Referral records, and signing each record with the DDT node's
   private key, a DDT node can securely delegate sub-prefixes of its
   authoritative XEID-prefixes to its children DDT nodes.

Does a DDT node have the public keys of the DDT nodes that its hints
point to?  If not, hints can't be trusted and followed in the same way as
"downward" Map-Referrals, which breaks the trust sequence if the DDT
client is not configured with the keys of the RLOCs in the hint.

Also, how does the DDT node return public keys to the Map Resolver?  I
don't see any field for it in the Map-Referral message.

11.  Open Issues and Considerations

   o  Management of the DDT Map Resolver referral cache, in particular,
      detecting and removing outdated entries.

I assume that this means "the definition and use of TTL values",
because the use of TTL values does not seem to be completely described
in this document.  Perhaps this item could be rephrased to mention TTL
explicitly.

13.  Security Considerations

   For this reason, when
   LISP-SEC is deployed in conjunction with a LISP-DDT mapping database
   and the path between Map-Resolver and Map-Server needs to be
   protected, DDT security should be enabled as well.

This sentence is obscure, because "DDT security" is not defined
anywhere, and there seems to be no optional security mechanism
described in the draft.

14.2.  Informative References

   [I-D.ietf-lisp-lcaf]
              Farinacci, D., Meyer, D., and J. Snijders, "LISP Canonical
              Address Format (LCAF)", draft-ietf-lisp-lcaf-13 (work in
              progress), May 2016.

The reference to ietf-lisp-lcaf in the definition "XEID-prefix" in
section 3 seems to be normative (unless the text in this draft is
adjusted to consider XEIDs as undifferentiated bit strings).

   [LISP-TREE]
              Jakab, L., Cabellos-Aparicio, A., Coras, F., Saucez, D.,
              and O. Bonaventure, "LISP-TREE: a DNS hierarchy to support
              the lisp mapping system", Selected Areas in
              Communications, IEEE Journal , 2010,
              <http://ieeexplore.ieee.org/xpls/
              abs_all.jsp?arnumber=5586446>.

This reference is not referenced.

   [RFC3447]  Jonsson, J. and B. Kaliski, "Public-Key Cryptography
              Standards (PKCS) #1: RSA Cryptography Specifications
              Version 2.1", RFC 3447, DOI 10.17487/RFC3447, February
              2003, <http://www.rfc-editor.org/info/rfc3447>.

The reference to RFC 3447 in section 6.4.1 seems to be normative, as
the specifics of RSA-SHA1 signatures come from this RFC.

Dale


From nobody Sun Oct 16 11:53:19 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 79ACC126579; Sun, 16 Oct 2016 11:53:14 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147664399449.25804.11024272299640958498.idtracker@ietfa.amsl.com>
Date: Sun, 16 Oct 2016 11:53:14 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/boKbKmw-MiAEGt2I0l7MTQXddug>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-lcaf-18.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Oct 2016 18:53:15 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Canonical Address Format (LCAF)
        Authors         : Dino Farinacci
                          Dave Meyer
                          Job Snijders
	Filename        : draft-ietf-lisp-lcaf-18.txt
	Pages           : 44
	Date            : 2016-10-16

Abstract:
   This draft defines a canonical address format encoding used in LISP
   control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-lcaf-18

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-lcaf-18


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Sun Oct 16 11:54:14 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id A73B01294E4; Sun, 16 Oct 2016 11:54:13 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147664405368.25824.16714986137455029336.idtracker@ietfa.amsl.com>
Date: Sun, 16 Oct 2016 11:54:13 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/4lEKwO1fJnKv3VOgv2Ty1g28r3E>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-crypto-10.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Oct 2016 18:54:13 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Data-Plane Confidentiality
        Authors         : Dino Farinacci
                          Brian Weis
	Filename        : draft-ietf-lisp-crypto-10.txt
	Pages           : 21
	Date            : 2016-10-16

Abstract:
   This document describes a mechanism for encrypting LISP encapsulated
   traffic.  The design describes how key exchange is achieved using
   existing LISP control-plane mechanisms as well as how to secure the
   LISP data-plane from third-party surveillance attacks.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-crypto-10

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-crypto-10


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Sun Oct 16 13:44:09 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0214B129500 for <lisp@ietfa.amsl.com>; Sun, 16 Oct 2016 13:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CpsDb8Ntjr3L for <lisp@ietfa.amsl.com>; Sun, 16 Oct 2016 13:44:05 -0700 (PDT)
Received: from mail-pa0-x235.google.com (mail-pa0-x235.google.com [IPv6:2607:f8b0:400e:c03::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1A9B12947C for <lisp@ietf.org>; Sun, 16 Oct 2016 13:44:04 -0700 (PDT)
Received: by mail-pa0-x235.google.com with SMTP id rz1so58485279pab.1 for <lisp@ietf.org>; Sun, 16 Oct 2016 13:44:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+Hj+yvaSiCW/+aMkKEu/dwID5EbybdLXsE+Kr0YDX3Q=; b=argLZyc/z3/LE4sUa/oXLq01uNDAcLI6v0Gwyj9SsUTkXwwD/HxcaKxUtTiaatyABW O1rvuKtaojA3RjA1Lci+nofsKQ4U60qsFQ/QbmFUL8iRQDHJXjghK/v4eoG4PmnZ8BGA oYdLewXrkDQh5BbyoJfdS3VTPELnuHf/We3Tt0zyOXrlAeEl6sOUyYduGR4gx4dVrZLR MZuJOsYFRB97wr8hjJDvnzwqQjWH5ylMLDNtoK6PbO1hBJ7zffNgO/BOJ5gdzCGoNVLA j5gcZkNgx5vHk3Oancn3DDU/W4n0lYg5BpWTTZ7QjUZfzZjjD+th6pybGw8qYRnHlQjq okGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+Hj+yvaSiCW/+aMkKEu/dwID5EbybdLXsE+Kr0YDX3Q=; b=L2Ca/YVaXnS5iW7dhaf1BBUD/9kx7D9Qnvhn4EERt3ENTdjdM7z8mXJ7ZM3KS7wlQe hJ9ZkKOazEzcOefCvcJJLVXf8HnDU6Dc2vJ743NIUJBZ2klkxibyx1LCSwKhOi0I1vAL p55EALjfLWVq3jqDcii8QORR6zzqRCFNs3kXgKFBgluRp2rMcWykJo/pFBhABwF0uQCK 5s5kstq8RGeuJU0CC8ld6SuI6WNHqry65DxU/SDO9klrTjkZVrWeY5YSz3VYToqIYCOC sHuGWVecOyYZBzW7GHUH4uk5tbrXUcUOzAWz6jQQaSlUL1seOFmg6YHjHOReWEYE8mnN MWcA==
X-Gm-Message-State: AA6/9RnN1qJaU9CnaT5TDBoXUCIwPJiqhGeKU35m41IYoazneY+W6EjHOqmty7VlHFPofg==
X-Received: by 10.66.25.50 with SMTP id z18mr27465202paf.151.1476650644342; Sun, 16 Oct 2016 13:44:04 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id p88sm42436624pfi.51.2016.10.16.13.44.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 16 Oct 2016 13:44:03 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <87bmym4cyp.fsf@hobgoblin.ariadne.com>
Date: Sun, 16 Oct 2016 13:43:58 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <50795FAC-6560-4F02-937B-F6343F1E6CF7@gmail.com>
References: <87bmym4cyp.fsf@hobgoblin.ariadne.com>
To: "Dale R. Worley" <worley@ariadne.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/Dzww9B_Ai8JodIg-A4mFsZkqyt0>
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Gen-ART IETF Last Call review of draft-ietf-lisp-ddt-08
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Oct 2016 20:44:08 -0000

> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
>=20
> For more information, please see the FAQ at
> <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
>=20
> Document: draft-ietf-lisp-ddt-08
> Reviewer: Dale R. Worley
> Review Date: 2016-10-09
> IETF LC End Date: 2016-10-17
> IESG Telechat date: 2016-10-27
>=20
> Summary: This draft is on the right track but has open issues,
> described in the review.

Thanks for the review Dale. Your comments are outstanding! And your =
suggestions even better.  ;-)

I am not an author but was involved in the LISP-DDT design early on so I =
would like to respond to some of your comments. Where I think text =
should change, I will suggest that to help the authors. To clarify =
understanding, I will comment inline.

One of the authors will make the changes.

> * In regard to XEIDs:  The concept of XEID unifies the treatment of
> DBID, IID, AFI, and EID.  Essentially all of the processing in the
> draft is simplified by expressing processing in terms of XEIDs.  For
> instance, delegation based on DBID, IID, or AF becomes just a special
> case of delegation based on XEID-prefix.  However, it's not clear to
> me whether this concept is followed in the text.  For example:

Yes, you interpreted the defintion of an extended-EID correctly. It is a =
multi-tuple entity that has hierarchy so we can delegate any tuple, as =
well as the tuple itself, downward on the tree.

> In section 3, definition "XEID-prefix" seems to assume that an
> XEID-prefix will always contain a complete DBID, IID, and AFI.

For a lookup yes. For a delegation, it can be any part of it as I =
explained above.

> In section 4.2.1:
>=20
>   The root DDT node is the logical "top" of the database hierarchy:
>   DBID=3D0, IID=3D0, AFI=3D0, EID-prefix=3D0/0.
>=20
> But really, the condition of a root node is that it's authoritative
> for the *empty* XEID-prefix.

Well it is authoriative for everything, by default, but a Map-Referral =
return code will tell you exactly what it is authoritative for if =
configured for specficy XEIDs.

> There is also the suggestion here that an AFI of 0 is somehow a
> wildcard match for any AFI value.  That is a special case that can be
> eliminated by considering the entire XEID to be prefixable.

Right, if a delegation is configured with solely the 2-tuple (DBID=3D0, =
IID=3D0), it would be the delegation represents all prefixes in all =
address families.

We should clarify that in the text.

> On the other hand, this text in 7.3.1 suggests that there is a "null
> prefix" which is (or is equivalent) to the XEID-prefix of 0 bits:
>=20
>   the "referral XEID-prefix" is also initialized to the null value
>   since no referral has yet been received.

I think we don=E2=80=99t need to say how its initialized IMO. We should =
change text here.

> * In regard to the special fields in XEID, viz., DBID, IID, and AFI,
> those need to be described in a way that doesn't leave loose ends, by
> either describing how they are expected to be used or referring to a
> document that does so.  In this document, a lot of that information is
> bundled into the definitions of "Extended EID (XEID)" and
> "XEID-prefix" in section 3.  It would be best if this information
> appeared in its own paragraphs.

Agree. We should make this change.

> It appears to me that it is expected that DBID will always be zero
> (see definition "XEID-prefix"), but the machinery is defined so that
> other values can be used.

Experience has showed us that running parallel mapping databases will be =
useful. They really don=E2=80=99t need to be numbered or identified =
because there will be distinct roots and xTRs can connect to one or =
multiple of them.

And right now, we do not have an encoding for a DBID that can be sent in =
a Map-Register or Map-Request. So I am agreeing with you.

> IID is presumably expected to be zero except when VPNs are used.  (see
> definition "Extended EID (XEID)") =20
>=20
> Note that definition "Extended EID (XEID)" says "optionally extended
> with a non-zero Instance ID".  Read literally, that means that zero
> IIDs aren't included in the XEID, which would be insanity.  The text
> needs to clarify that IID is always present in the XEID, but is
> normally zero.

Well no, not insane, if we required IID for every register and request, =
then the XEID would have the same set of tuples for all lookups. =
Supplying an IID=3D0 is not wrong or bad semantically and just cost =
32-bits in message space.

> AFI is taken from http://www.iana.org/numbers.html, but you have to go
> through the link to draft-ietf-lisp-lcaf to discover that; it should
> be stated in this draft.

True. Authors use the reference I put in the latest LCAF draft. That was =
an IESG comment. So we should get it right.

> * For any given delegated prefix, there can be more than one "peer"
> DDT nodes that contain duplicated information about the prefix.  But
> the term "peer" isn't defined in the lexicon, and there is no explicit
> statement that the peers (for a prefix) must contain the same
> information.

Should be fixed in the text. Thanks.

> * It appears that "Map Server" has been defined elsewhere (RFC 6833),
> and that Map Servers can automatically be DDT nodes.  Or is it that
> some Map Servers are also equipped with DDT node functionality?  If
> this draft places further requirements on Map Server DDT nodes, then
> this draft should be noted as updating RFC 6833.

Well RFC6833 defines the "bottom-half=E2=80=9D of the map-server. That =
is the interface for Map-Registration. A Map-Server is also a DDT-node =
when there are map-server-peer configuration so a set of map-servers =
that are authoritative and have registeration state for the same prefix =
can include themselves as referrals in Map-Referral messages.

> * There seems to be two meanings of "DDT node".  One is a broad sense,
> and is any server that responds to Map-Request.  The other is a narrow
> sense, and means any DDT node in the broad sense that is not a Map
> Server, and thus is allowed to contain prefix delegations.  These
> terms need to be separated, and the uses of "DDT node" in the draft
> need to be revised to the correct term.

The name =E2=80=9CMap-Server=E2=80=9D in context to LISP-DDT means that =
it is a DDT-node at the bottom of the tree with no DDT-node children. It =
is a DDT-node but one with more functionality, Map-Server functionality =
according to RFC6833.

> However, the preceding paragraph assumes that a DDT node is not
> allowed to contain both prefix delegations and ETR registrations.

Correct.

> That seems to be the case because in many places, those classes of
> nodes are required to behave differently (e.g., return different error
> codes for nonexistent prefixes) and be treated differently by other
> DDT nodes (e.g., referrals to them are given with different action
> codes).  But there are a few places where the text suggests that a DDT
> node could contain both prefix delegations and ETR registrations.

All correct. You interpreted the idea exactly.

> * Is it really true that two Map Servers that are authoritative for
> the same XEID prefix can contain different sets of ETR registrations?

Typically no. The set of ETRs at a LISP site will register all the ETRs =
RLOCs for the same EID-prefix. Therefore, each map-server, that all ETRs =
for that site register to, will have the same EID-prefix-to-RLOC-set =
mapping.

> That is, the DDT client (the Map Resolver) may be required to query
> the entire set of peer Map Servers to find the right ETR registration?

No, it doens=E2=80=99t have to do that. And it SHOULDN=E2=80=99T that. I =
can query each referral from a Map-Referral serially or in parallel, =
only for reachability and robustness reasons.

> Perhaps the answer is defined in the RFC describing Map Servers, but
> it affects one's understanding of this draft enough that it should be
> stated in the overview.

It is a bit. But leaves out specifics to LISP-DDT because Map-Servers =
can use any =E2=80=9Cmapping database transport=E2=80=9D system.

> * The role of hints is not clear.  Clearly, a DDT node can be
> configured with hints regarding some XEID-prefix, but what are the
> limitations on what RLOCs must be provided in a hint?  This seems

We should have new text to make this more clear.

> especially important because it seems in practice that the
> authoritative nodes for a prefix might be reconfigured without anyone
> realizing that the hints in nodes farther down the tree need to be
> updated.  In particular, when should the DDT client follow a hint?
> Hints seem to provide the possibility of circular references.  Given
> that this is an Experimental draft, perhaps the best use of hints is
> an "open issue and consideration", and by listing it in section 11,
> these questions need not be answered now.

All good points. Agree.

> 1.  Introduction
>=20
>   LISP offers a general-purpose mechanism for mapping between EIDs and
>   RLOCs.  In organizing a database of EID to RLOC mappings, this
>   specification extends the definition of the EID numbering space by
>   logically prepending and appending several fields for purposes of
>   defining the database index key: Database-ID (DBID, 16 bits),
>   Instance identifier (IID, 32-bits), Address Family Identifier (16
>   bits), and EID-prefix (variable, according to AFI value).  The
>   resulting concatenation of these fields is termed an "Extended EID
>   prefix" or XEID-prefix.
>=20
> This paragraph is undecided whether it is defining XEID or
> XEID-prefix.  Better, I think is to define XEID first and then define
> XEID-prefix based on that:
>=20
>   this
>   specification extends the definition of the EID numbering space by
>   logically concatenating several fields for purposes of
>   defining the database index key: Database-ID (DBID, 16 bits),
>   Instance identifier (IID, 32-bits), Address Family Identifier (16
>   bits), and EID (variable length, according to AFI value).  The
>   resulting concatenation of these fields is termed an "Extended EID"
>   or XEID.  Prefixes within the XEID space are thus "Extended EID
>   prefixes" or XEID-prefixes.
>=20
> =E2=80=94

Agree.

>   It
>   also provides delegation information to Map Resolvers, which use the
>   information to locate EID-to-RLOC mappings.
>=20
> There needs to be clarification regarding the relationship between
> "Map Resolver" and "DDT client".  As far as I can tell, in all places
> in this document, "DDT client" is the correct term, though it is
> expected that most (but not all) DDT clients will be Map Resolvers.
> So this text should be something like
>=20
>   It
>   also provides delegation information to DDT clients (which are
>   usually Map Resolvers, but may be ITRs), which use the
>   information to locate EID-to-RLOC mappings.
>=20
> and approximately all uses of "Map Resolver" should be changed to "DDT
> client".
>=20
>   LISP-DDT defines a new device type, the DDT node, that is configured
>   as authoritative for one or more XEID-prefixes.
>=20
> Here would be a good place to lay out clearly the relationship between
> DDT node and Map Server:  whether nodes that do delegation are
> disjoint from Map Server nodes, etc.

Agree.

> 3.  Definition of Terms
>=20
>   Extended EID (XEID):  a LISP EID, optionally extended with a non-
>      zero Instance ID (IID) if the EID is intended for use in a =
context
>      where it may not be a unique value, such as on a Virtual Private
>      Network where [RFC1918] address space is used.  See "Using
>      Virtualization and Segmentation with LISP" in [RFC6830] for more
>      discussion of Instance IDs.
>=20
>   XEID-prefix:  a LISP EID-prefix with 16-bit LISP-DDT DBID (provided
>      to allow the definition of multiple databases; currently always
>      zero in this version of DDT, with other values reserved for =
future
>      use), 32-bit IID and 16-bit AFI prepended.  Encoding of the
>      prefix, its AFI and the instance ID (IID) are specified by
>      [I-D.ietf-lisp-lcaf].  An XEID-prefix is used as a key index into
>      the database.
>=20
> These can be simplified by moving the details of the XEID format and
> the values of the fields into separate paragraphs (as discussed
> above).
>=20
>   DDT node:  a network infrastructure component responsible for
>      specific XEID-prefix and for delegation of more-specific sub-
>      prefixes to other DDT nodes.
>=20
> A DDT node can be authoritative for more than one prefix (see section
> 4.2 and section 10, paragraph 2), so "specific XEID-prefix" should be
> "specific XEID-prefix(es)".
>=20
>   DDT Map Resolver:  a network infrastructure element that accepts a
>      Map-Request, adds the XEID to its pending request list, then
>      queries one or more DDT nodes for the requested EID, following
>      returned referrals until it receives one with action code MS-ACK
>      (or an error indication).  MS-ACK indicates that the Map-Request
>      has been sent to a Map Server that will forward it to an ETR =
that,
>      in turn, will provide a Map-Reply to the original sender.  A DDT
>      Map Resolver maintains both a cache of Map-Referral message
>      results containing RLOCs for DDT nodes responsible for XEID-
>      prefixes of interest (termed the "referral cache") and a pending
>      request list of XEIDs that are being resolved through iterative
>      querying of DDT nodes.
>=20
> This isn't really a definition of what how Map Resolver fits into the
> overall scheme, but an outline of Map Resolver processing.  The
> description of processing should be moved somewhere else.  Also, any
> DDT client that is not a Map Resolver must do the same processing, so
> "DDT client" and "DDT Map Resolver" should be merged.

I think we should have both.

>   DDT Map-Request:  an Encapsulated Map-Request sent by a DDT client =
to
>      a DDT node.  The "DDT-originated" flag is set in the =
encapsulation
>      header ...
>=20
> Given the importance of Map-Request messages, it might be worth
> mentioning that they are defined in RFC 6830.

Agree.

> What is the need for the DDT-originated flag?  It seems from the
> definition "Encapsulated Map-Request" that EMRs from ITRs to Map
> Resolvers never have the flag set, EMRs from Map Resolvers to DDT
> nodes (including Map Servers) always have the flag set, and EMRs from
> Map Servers to ETRs never have the flag set.  But if that is so, no
> type of device can receive EMRs that both have the flag set and not.

The flag is to tell the difference between a Map-Request that is =
originated by a LISP-site (ITR or PITR) and one that is sent by a =
Map-Resolver. One generates a Map-Reply and the other generates a =
Map-Referral.

> Hmmm, the exception is if an ITR acts as a DDT client sends a
> Map-Request directly to DDT nodes.  But in that case, the DDT nodes
> would process the Map-Request in exactly the same way as a Map
> Resolver, so there is no need for a "D" flag.

That is that the typical case though. Look at it as a Map-Request, with =
DDT-flag set, as a solitication for a Map-Referral.

> Also, the definition of the flag in section 5 is awkward:
>=20
>   D: The "DDT-originated" flag.  It is set by a DDT client to indicate
>      that the receiver SHOULD return Map-Referral messages as
>      appropriate.  Use of the flag is further described in
>      Section 7.3.1.  This bit is allocated from LISP message header
>      bits marked as Reserved in [RFC6830].
>=20
> If the flag *means* "DDT-originated", then the message must have come
> from a DDT client, and the receiver MUST return Map-Referral messages
> -- that's what this draft is specifying!

Correct.

> I get the feeling that the D flat is (or was) intended to work like
> the DNS "recursion" flag, it tells whether the client is willing to
> accept and follow Map-Referral messages, or whether the client wants
> to put that work of following referrals on the server.  But as the

It can work that way. Do you think calling the bit =
=E2=80=9CRequest-for-Map-Referral=E2=80=9D would be better?

> lexicon makes clear, *any* DDT client must be willing to follow
> Map-Referral messages, and DDT nodes are *never* required to follow
> referrals on behalf of the DDT client.

Or we could call the bit =E2=80=9CDDT-client-flag=E2=80=9D. And still =
keep the reference to the bit called =E2=80=9CD=E2=80=9D.

>   Map-Referral:  a LISP message sent by a DDT node in response to a =
DDT
>      Map-Request for an XEID that matches a configured XEID-prefix
>      delegation.  A non-negative Map-Referral includes a "referral", a
>      set of RLOCs for DDT nodes that have more information about the
>      sub-prefix;=20
>=20
> The phrase "more information" is used in various places, but it is not
> really informative.  As far as I can tell, all uses of "DDT nodes that

We should say =E2=80=9Cmore specific information=E2=80=9D. Where =
=E2=80=9Cmore-specific=E2=80=9D is relative to the xEID-prefix.

> have more information" mean "DDT nodes to which that XEID has been
> delegated".  Unless perhaps hints are also considered to point to "DDT
> nodes that have more information", in which case the term "more
> information" needs to be defined specifically, as it doesn't always
> mean a delegation relationship.
>=20
>   Negative Map-Referral:  a Map-Referral sent in response to a DDT =
Map-
>      Request that matches an authoritative XEID-prefix but for which
>      there is no delegation configured (or no ETR registration if sent
>      by a DDT Map-Server).
>=20
> I'd describe a negative Map-Referral as an answer from an
> authoritative DDT node that there is no mapping for the requested
> XEID.  That happens because the request is sent to an authoritative
> DDT node "but for which there is no delegation configured (or no ETR
> registration if sent by a DDT Map-Server)", but the core semantics is
> an authoritative denial of a mapping.

True. We should have new text to make this more clear.

>   Pending Request List:  the set of outstanding requests for which a
>      DDT Map Resolver has received encapsulated Map-Requests from a =
DDT
>      client for an XEID.
>=20
> Is it correct that a DDT Map Resolver can receive Map-Requests from
> DDT clients?  I thought a Map Resolver could only receive them from

No, not architecturally. It receives only Map-Requests with the DDT-bit =
set to 0. I say no architecturelly because if the map-resolver is also a =
map-server, then it could receive DDT Map-Requests. But it is acting as =
a map-server.

DDT-nodes could also be map-resolvers. Which mean they are part of the =
delegarion hierarchy but also are configured with DDT-roots to send =
requests. It all comes down to how a network adminstrator would want to =
co-locate such functions.=20

With the popularity of VMs and containers, the same piece of bare-metal =
could be both a map-resolver and DDT-node, but from a LISP architecture =
point of view, they are separate nodes (with separate IP addresses).

> ITRs, and a DDT client could only send them to DDT nodes.  If a Map
> Resolver can receive requests from other Map Resolvers, there are
> complexities of behavior that don't seem to be described in this
> draft.

DDT-Map-Requests to not get sent to Map-Resolvers and we should make =
that crystal clear.

> In any case, does this need an entry in the lexicon?  It seems that a
> pending request list is an implementation detail and should be
> described in the algorithm description sections.
>=20
>   It is important to note that LISP-DDT does not store actual EID-to-
>   RLOC mappings; it is, rather, a distributed index that can be used =
to
>   find the devices (Map Servers and their registered EIDs) that can be
>   queried with LISP to obtain those mappings.
>=20
> This text defines that Map Servers are not part of DDT, but the
> lexicon refers to DDT Map Servers.  And actually, its the ETRs that
> store the EID-to-RLOC mappings, not the Map Servers (except when the
> Map Server is proxying for the ETR).

Map-Servers configured as a DDT-node is definitely part of DDT because =
they must send MS-ACK based Map-Referrals. Because if this does not =
happen, then Map-Resolvers will retransmit and think they have not got =
to the bottom of the referral tree.

> 6.1.  Action codes
>=20
>   MS-ACK (2):  indicates that a replying DDT Map Server received a DDT
>=20
> s/a replying/the replying/

Agree.

>   NOT-AUTHORITATIVE (5):  indicates that the replying DDT node =
received
>      a Map-Request for an XEID-request for which it is not
>      authoritative.  This can occur if a cached referral has become
>      invalid due to a change in the database hierarchy.
>=20
> There's a treacherous case of how hints are returned by a DDT node.
> Reading the above definition, it's clear that a hint should be
> returned with a NON-AUTHORITATIVE action code, because the node isn't
> authoritative for the XEID.  Then again, section 6.1 suggests that
> hints are returned as NODE-REFERRAL or MS-REFERRAL.  If so, things get
> messy -- How is the DDT client to know that the referral set is a hint
> rather than an authoritative delegation?  And that distinction is
> necessary because the client can't fully trust hints.

To be honest, I am questioning the value of =E2=80=9Chint=E2=80=9D as a =
reference. Hmm. Let=E2=80=99s see what the authors think about this.

> 6.3.  Incomplete flag
>=20
>   o  If it is setting action code MS-ACK or MS-NOT-REGISTERED but does
>      not have configuration for other "peer" DDT nodes that are also
>      authoritative for the matched XEID-prefix.
>=20
> Is this situation equivalent to the referral set being a hint rather
> than a delegation?  Or rather, a hint which the DDT node doesn't
> believe is the complete peer set for the prefix?  (Is there any way
> for a DDT node to know that it has the complete peer set?)  In any
> case, it seems to me that this might be usefully changed to "hint
> flag".
>=20
> 6.4.  Map-Referral Message Format
>=20
> Is it intended that the "record" and "ref" sections can be repeated?
> That is a different usage of bracketing than in the figure in section
> 5, and if so, should be described in the text.

Agree.

> I note that this section lists all the action codes, as does section
> 6.1.  It seems like these should be consolidated into section 6.1.
>=20
> The handling of the "Incomplete" column of the table cannot be
> correct.  There is no way for a node to send hints and mark them
> Incomplete, and the description at the top of page 12 is incompatible
> with the contents of the table.

We don=E2=80=99t want to add an additional set of comabinations for =
hints and non-hints. Authors, we should discuss this.

>   Loc/LCAF-AFI: If this is a Loc AFI, keys SHOULD NOT be included in
>   the record.  If this is a LCAF AFI, the contents of the LCAF depend
>   on the Type field of the LCAF.  Security material are stored in LCAF
>   Type 11.  DDT nodes and Map Servers can use this LCAF Type to =
include
>   public keys associated with their Child DDT nodes for a XEID-prefix
>   referral record.  LCAF types and formats are defined in
>   [I-D.ietf-lisp-lcaf].
>=20
> This paragraph doesn't make sense in this context.  The terms "Loc",
> "keys", "LCAF", "Security material" are all undefined in this context.
>=20
>   Note, though,
>   that the set of RLOCs correspond to the DDT node to be queried as a
>   result of the referral not the RLOCs for an actual EID-to-RLOC
>   mapping.
>=20
> I take it that the "Ref" sections is counted by the "Referral Count"
> field, and that the "Loc/LCAF-AFI" and "Locator" fields contain the
> RLOCs of the set of DDT nodes that are the referral set.  It might
> help the reader to rephrase this sentence in those terms.

All this is trying to say (and with too many words), is that the =
referral-set is stored in a Map-Referral as RLOC-records. That is all.

> 6.4.1.  SIG section
>=20
>   Sig Length: The length of the Signature field.
>=20
> Is this measured in bytes?
>=20
>   Signature: Contains the cryptographic signature that covers the
>   entire record.  The Record TTL and the sig fields are set to zero =
for
>   the purpose of computing the Signature.

Needs to be fixed in the text.

> It's not clear to me why the Record TTL should be set to zero for
> computing the signature, given that you'd want to protect the TTL from
> modification.  Also, what is the relationship between Record TTL and
> Original Record TTL?  As far as I can tell, no DDT element can receive
> a Map-Referral Record from another element and pass it on to a third
> element, so there need never be TTL skew between when a record was
> signed and when it was sent.

The signature covers the complete Map-Referral message. If that is not =
clear, we will make it clear.

> It seems awkward to compute the signature by first laying out the Sig
> section and filling it with zeros when the same benefit could be
> obtained by omitting the Sig section from the part of the record whose
> signature is calculated.

It allows the implementation to be more efficient. You build the message =
once with the correct length include the signature records, run the hash =
over it. And then fill in the zero bit fields. That way you can then =
include the referral addresses that are part of the LCAF.

> Is it a problem that Original Record TTL, Signature Expiration, and
> Signature Inception aren't protected by the signature?

The entire Map-Referral should be covered by the signature.

> 7.1.1.  Match of a delegated prefix (or sub-prefix)
>=20
>   If the delegation is known to be a DDT Map Server,
>=20
> This seems to assume that either all delegatees are Map Servers or
> none are.  All of the processing algorithms seem to presuppose that a
> set of peers either are all Map Servers or all are not, but there
> doesn't seem to be an explicit requirement of that.

See my explanations above.

> 7.1.2.  Missing delegation from an authoritative prefix
>=20
>   If the requested XEID did not match a configured delegation but does
>   match an authoritative XEID-prefix, then the DDT node MUST return a
>   negative Map-Referral that uses the least-specific XEID-prefix that
>   does not match any XEID-prefix delegated by the DDT node.
>=20
> It would be a bit clearer if "the least-specific XEID-prefix" was
> changed to "the least-specific prefix of the XEID".
>=20
>   If the requested XEID did not match either a configured delegation =
or
>   an authoritative XEID-prefix, then negative Map-Referral with action
>   code NOT-AUTHORITATIVE MUST be returned.
>=20
> I understand what you mean, but this isn't phrased quite right in
> regard to hints, because the DDT node may have a hint for an
> XEID-prefix that is neither a configured delegation nor within one of
> its authoritative XEID-prefixes, but hints are returned with
> NODE-REFERRAL.

Agree.

> 7.3.  DDT Map Resolver
> 7.3.1.  Queuing and sending DDT Map-Requests
>=20
> I think there is an issue around the cache.  Usually (IMHO) when
> discussing "resolvers", the "cache" is entirely transient information
> that the resolver has acquired from other devices, it doesn't contain
> configured information.  But in some places, the draft reads as if the

True, in the DDT case as well.

> configured information is permanently present in the cache.  If that
> is so, it would help the reader (i.e., this reader!) if when the cache
> is introduced that it was stated that the configured delegations (and
> hints) are permanently resident in the cache.

But that isn=E2=80=99t precisely true. Delegations ARE configuration =
items, in DDT-nodes, all of roots, ddt-nodes, and map-servers. And the =
cache is dynamically created entries from Map-Referrals from those =
node=E2=80=99s configuration information.

> That is, this should be promoted from section 7.3.1 to 7.3 where the
> structure (rather than the detailed behavior) of a Map Resolver is
> discussed:
>=20
>   The referral cache is initially populated with one or more
>   statically-configured entries;
>=20
> Similarly this is a structural statement about the cache:
>=20
>   A DDT Map Resolver is not absolutely required to cache referrals,
>   but it doing so decreases latency and reduces lookup delays.
>=20
> --
>=20
>   Note that in normal use on the public Internet, the statically-
>   configured initial referral cache for a DDT Map Resolver should
>   include a "default" entry with RLOCs for one or more DDT nodes that
>   can reach the DDT root node.
>=20
> This suggests that it will be common that a Map Resolver won't be
> configured with the RLOCs of the root nodes (which is different from

No, they would be.

> the common DNS usage), but rather configured with the RLOCs of nodes
> that contain a hint for the null prefix and the root nodes.  (Also,
> "can reach" should be changed to "containing hints for".)  If this is
> so, then the operation of hints is a central part of the DDT protocol
> and (IMO) it would greatly help if the role and processing of hints
> was outlined in some location.  In particular, it suggests that all
> nodes that are expected to be the initial node for an extensible
> population of Map Resolvers SHOULD be configured with a hint for the
> root nodes.

We have to simplify this wording. It is more complex than it needs to =
be.

> There is also a possible conflict with section 10 -- the Map Resolver
> isn't expected to be configured with the RLOCs of the root servers,
> but it is expected to be configured with the public keys of the root
> servers.  Indeed, given the language in section 10, the keys can

No, both. Because map-resolvers need to know where to send =
DDT-Map-Requests and when they get signed Map-Referrals, then need a =
public key to verify the signature. And the reason is beacuse there is =
no parent of the root that can give the map-resolver the public-key like =
the rest of the hierarchy can do.

> differ between the various root DDT nodes, which means that in order
> to configure the Map Resolver with the public keys of the root
> servers, it must be configured with their RLOCs.

Yes, yes, yes.

>=20
> 7.3.2.  Receiving and following referrals
>=20
>   If the maximum number of retransmissions has occurred and all RLOCs
>   have been tried, then the pending request list entry is dequeued.
>=20
> This isn't phrased quite right, because it requires a further
> retransmission if "the maximum number of retransmissions has occurred"
> but not "all RLOCs have been tried" -- and that would mean sending
> more retransmissions than the "maximum number".
>=20
> I believe that the intention is that the Map Resolver must attempt to
> contact all relevant RLOCs, but that it must also send at least
> "number of retransmissions", meaning that if there are fewer RLOCs
> than that number, some RLOCs will be attempted more than once.  If
> that is so, then "maximum number" should be "minimum number=E2=80=9D.

Really good point.

> OTOH, if "maximum number" is intended, then the text should be "If the
> maximum number of retransmissions has occurred or all RLOCs have been
> tried=E2=80=9D.

Right.

> Also, this paragraph should specify what response the Map Resolver
> should send if processing is terminated due to response time-out.  As
> written, the text doesn't require the Map Resolver to send *any*
> response, which seems like a bad design.

Agree. The Map-Resolver does send a response. If its not documented, we =
missed it and will add.

>   MS-REFERRAL:  The DDT Map Resolver follows an MS-REFERRAL in the =
same
>      manner=20
>=20
> It might be better to say "processes" than "follows=E2=80=9D.

Agree.

>   MS-ACK:  This is returned by a DDT Map Server to indicate that it =
has
>      one or more registered ETRs that can answer a Map-Request for the
>      XEID and the request has been forwarded to one of them
>=20
> It's not clear to me how the Map Server or ETR knows the address of
> the DDT client to which to send the Map-Reply.  It seems that the
> address must be in the Map-Request message, but reading that section
> of RFC 6830 doesn't make it clear to me how that is done.
>=20
> The processing regarding MS-ACK is not clear to me.  It would help if
> there was an overview discussion of the four-way dance between the DDT
> client, the Map Resolver, the Map Server, and the ETR.  (Some times
> the Map Server also does the ETR's job.)  Since one step of it is for
> the ETR to send Map-Replay to the DDT client, this processing doesn't
> break down into separate client/Map Resolver, Map Resolver/Map Server,
> and Map Server/ETR components, there's a specific overall structure.

You are absolutely right. There needs to be a complete example of the =
=E2=80=9Cday in the life of a Map-Request=E2=80=9D when the Map-Resolver =
has nothing cached and the ITR and ETR are not DDT-clients. That is the =
typical use-case that has been and will continue to be deployed.

> In particular, what happens when a Map Resolver sends a Map-Request to
> a Map Server without LISP-SEC information?  It appears that processing
> goes through two cycles, with a second cycle when the Map Resolver
> re-sends the Map-Request to the Map Server with LISP-SEC information.
> The Map Server seems to return MS-ACK messages to the Map Resolver in
> both cycles, and there is no special marking in the first MS-ACK
> message to indicate that resending must be done (the Map Resolver can
> determine that itself).  But presumably, the Map Server forwards the
> Map-Request to the ETR in both cycles, and the ETR sends Map-Replys to
> the client in both cycles.  Presumably the first Map-Reply is useless
> to the client (otherwise there wouldn't need to be two cycles), but
> it's not clear how the client deals with two replies.

LISP-SEC information is in the Map-Request from the ITR, transported in =
the DDT-Map-Request so an ETR can get the LISP-SEC information in the =
Map-Request to then return LISP-SEC in the *Map-Reply*.

The Map-Server only sends Map-Replies when it is configured to =
proxy-reply and the ETR is not in the loop here. And it would fill in =
the same LISP-SEC information the ETR would because the registration =
information is the same as the database entry info the ETR has stored.

>   MS-NOT-REGISTERED:  ...
>      The DDT Map Resolver MUST return a negative
>      Map-Reply to the original Map-Request sender; this Map-Reply
>      contains the non-registered XEID-prefix whose TTL value SHOULD be
>      set to one minute.
>=20
> I think "non-registered XEID-prefix" is meant to mean "least-specific
> prefix of the XEID for which no registrations exist=E2=80=9D.

It means the DDT-Map-Request went all the way to the map-server, it has =
a a configure LISP site entry and the ETRs have not registered (yet).

>   NOT-AUTHORITATIVE:  ...
>      The pending request is silently discarded, i.e. all state
>      for the request that caused this answer is removed and no answer
>      is returned to the original requester.
>=20
> It seems like a poor design to return no response.  Is there not some

A response is ALWAYs returned in LISP-DDT. The only time it can=E2=80=99t =
is when a Map-Request cannot get to where its going or the Map-Referral =
cannot get back to the DDT-client source. And that is the only case we =
call a =E2=80=9Ctimeout=E2=80=9D.

> sort of "server failure" response that can be returned to the DDT
> client?
>=20
> 8.  Pseudo Code and Decision Tree diagrams
>=20
> Care needs to be taken here as to whether the pseudo-code and decision
> trees are normative or not.  Generally, algorithms enunciated in RFCs
> are marked as non-normative, as the implementation is usually allowed
> to deviate from the stated algorithm as long as it satisfies the
> constraints written in the text.

Agree. We should have new text to make this more clear.

> 9.  Example topology and request/referral following
>=20
>   The same principle
>   of hierarchical delegation and pinpointing referrals is equally
>   applicable to any AF whose address hierarchy can be expressed as a
>   bitstring with associated length.
>=20
> This sentence seems to be redundant because we've been assuming all
> along that in any address family used by DDT the address hierarchy is
> expressed as bistrings with lengths.
>=20
> Are lines in the diagram intended to cross?  If so, they could be
> clarified as:

Yes, because each parent points to 2 children.

>      +---------------------+  +---------------------+
>      |  root1: 192.0.2.1   |  |  root2: 192.0.2.2   |
>      | authoritative: ::/0 |  | authoritative: ::/0 |
>      +---------------------+  +---------------------+
>                 |         \   /        |
>                 |          \ /         |
>                 |           X          |
>                 |          / \         |
>                 |         /   \        |
>                 |        |     |       |
>                 V        V     V       V
>  +-------------------------+  +--------------------------+
>  |  DDT node1: 192.0.2.11  |  |  DDT node2: 192.0.2.12   |
>  |     authoritative:      |  |      authoritative:      |
>  |      2001:db8::/32      |  |       2001:db8::/32      |
>  +-------------------------+  +--------------------------+
>                 |         \   /        |
>                 |          \ /         |
>                 |           X          |
>                 |          / \         |
>                 |         /   \        |
>                 |        |     |       |
>                 V        V     V       V
> +--------------------------+  +---------------------------+
> | Map-Server1: 192.0.2.101 |  |  DDT node3: 192.0.2.201   |
> |      authoritative:      |  |      authoritative:       |
> |    2001:db8:0100::/40    |  |    2001:db8:0500::/40     |
> | site1: 2001:db8:0103::/48|  +---------------------------+
> | site2: 2001:db8:0104::/48|     |                    |
> +--------------------------+     |                    |
>                                  |                    |
>                                  |                    |
>                                  V                    V
>           +---------------------------+   =
+---------------------------+
>           | Map-Server2: 192.0.2.211  |   | Map-Server3: 192.0.2.221  =
|
>           |      authoritative:       |   |      authoritative:       =
|
>           |    2001:db8:0500::/48     |   |    2001:db8:0501::/48     =
|
>           |site3: 2001:db8:0500:1::/64|   |site5: =
2001:db8:0501:8::/64|
>           |site4: 2001:db8:0500:2::/64|   |site6: =
2001:db8:0501:9::/64|
>           +---------------------------+   =
+---------------------------+
>=20
>=20
> 10.  Securing the database and message exchanges
>=20
>   Each DDT node is configured with one or more public/private key
>   pair(s) that are used to digitally sign referral records for XEID-
>   prefix(es) that the DDT node is authoritative for.  In other words,
>   each public/private key pair is associated with the combination of a
>   DDT node and the XEID-prefix that it is authoritative for.
>=20
> s/the XEID-prefix/an XEID-prefix/

Agree.

> But the first sentence doesn't say the same thing as the second
> sentence.  Better would be
>=20
>   Each DDT node is configured with one or more public/private key
>   pairs for each XEID-prefix that it is authoritative for, and those
>   keys are used to sign referral records for XEID-prefixes within the
>   authoritative XEID-prefix.

Agree.

> Also, there should be some text as to whether a node is required to
> sign a referral record with *all* of its keys.  And in general, there
> should be some discussion of the significance and use of multiple keys
> for a single DDT node/authoritative prefix.

Really good point. I definitely agree.

>   Every DDT
>   node is also configured with the public keys of its children DDT
>   nodes.  By including public keys of target child DDT nodes in the
>   Map-Referral records, and signing each record with the DDT node's
>   private key, a DDT node can securely delegate sub-prefixes of its
>   authoritative XEID-prefixes to its children DDT nodes.
>=20
> Does a DDT node have the public keys of the DDT nodes that its hints
> point to?  If not, hints can't be trusted and followed in the same way =
as
> "downward" Map-Referrals, which breaks the trust sequence if the DDT
> client is not configured with the keys of the RLOCs in the hint.

It should yes.

> Also, how does the DDT node return public keys to the Map Resolver?  I
> don't see any field for it in the Map-Referral message.

An RLOC record contains LCAF type 11 with the RLOC/address of the =
referral and key material.

> 11.  Open Issues and Considerations
>=20
>   o  Management of the DDT Map Resolver referral cache, in particular,
>      detecting and removing outdated entries.
>=20
> I assume that this means "the definition and use of TTL values",
> because the use of TTL values does not seem to be completely described
> in this document.  Perhaps this item could be rephrased to mention TTL
> explicitly.

Agree.

> 13.  Security Considerations
>=20
>   For this reason, when
>   LISP-SEC is deployed in conjunction with a LISP-DDT mapping database
>   and the path between Map-Resolver and Map-Server needs to be
>   protected, DDT security should be enabled as well.
>=20
> This sentence is obscure, because "DDT security" is not defined
> anywhere, and there seems to be no optional security mechanism
> described in the draft.

We have referred to LISP-DDT-SEC to mean the public/private key signing =
of Map-Referral messages. That is what the reference to DDT security =
could mean. But this section could be confidentiality support as well.

> 14.2.  Informative References
>=20
>   [I-D.ietf-lisp-lcaf]
>              Farinacci, D., Meyer, D., and J. Snijders, "LISP =
Canonical
>              Address Format (LCAF)", draft-ietf-lisp-lcaf-13 (work in
>              progress), May 2016.
>=20
> The reference to ietf-lisp-lcaf in the definition "XEID-prefix" in
> section 3 seems to be normative (unless the text in this draft is
> adjusted to consider XEIDs as undifferentiated bit strings).

Should be normative since we are about to publish the LCAF RFC.

>   [LISP-TREE]
>              Jakab, L., Cabellos-Aparicio, A., Coras, F., Saucez, D.,
>              and O. Bonaventure, "LISP-TREE: a DNS hierarchy to =
support
>              the lisp mapping system", Selected Areas in
>              Communications, IEEE Journal , 2010,
>              <http://ieeexplore.ieee.org/xpls/
>              abs_all.jsp?arnumber=3D5586446>.
>=20
> This reference is not referenced.
>=20
>   [RFC3447]  Jonsson, J. and B. Kaliski, "Public-Key Cryptography
>              Standards (PKCS) #1: RSA Cryptography Specifications
>              Version 2.1", RFC 3447, DOI 10.17487/RFC3447, February
>              2003, <http://www.rfc-editor.org/info/rfc3447>.
>=20
> The reference to RFC 3447 in section 6.4.1 seems to be normative, as
> the specifics of RSA-SHA1 signatures come from this RFC.

Agree.

> Dale

Thanks again for the really detailed comments.

Dino





From nobody Mon Oct 17 02:32:59 2016
Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D6671295DA; Mon, 17 Oct 2016 02:32:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level: 
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPxSA44ytOYC; Mon, 17 Oct 2016 02:32:56 -0700 (PDT)
Received: from usplmg21.ericsson.net (usplmg21.ericsson.net [198.24.6.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDA49129594; Mon, 17 Oct 2016 02:32:55 -0700 (PDT)
X-AuditID: c6180641-e73ff70000000a0b-61-5804465fded2
Received: from EUSAAHC001.ericsson.se (Unknown_Domain [147.117.188.75]) by  (Symantec Mail Security) with SMTP id CB.9B.02571.F5644085; Mon, 17 Oct 2016 05:32:49 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC001.ericsson.se ([147.117.188.75]) with mapi id 14.03.0319.002; Mon, 17 Oct 2016 05:32:52 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: Dino Farinacci <farinacci@gmail.com>
Thread-Topic: Suresh Krishnan's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
Thread-Index: AQHSJVrt6lBk82Us70aD8fEjsojw0g==
Date: Mon, 17 Oct 2016 09:32:51 +0000
Message-ID: <E87B771635882B4BA20096B589152EF643F631F1@eusaamb107.ericsson.se>
References: <147636755332.2834.138192802547552407.idtracker@ietfa.amsl.com> <4A6E95E3-2363-4C82-B8FB-F1BE847B828C@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [147.117.188.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNLMWRmVeSWpSXmKPExsUyuXSPt26iG0uEwdTHShaHz0VYtO++xmix qnUei8WMPxOZLV60bWezmHJW3YHN4/msNaweO2fdZfdYsuQnUwBzFJdNSmpOZllqkb5dAlfG q+/b2Qp2MVdcfN/O0sD4mKmLkZNDQsBEYu33t4xdjFwcQgIbGCWWt16BcpYzSmz6u5cZpIoN qGrDzs9gHSICGhJ33+9mB7GZBS4xSux4VAFiCwtESHya/I8NoiZSYsrqM1D1ehI3ulYzgtgs AqoS9+bcZQGxeQV8JVY0rwebIyRQJ3Gp7SGYzSggJvH91BomiPniEreezIe6VEBiyZ7zzBC2 qMTLx/9YIWwliY+/50PdoyOxYPcnNghbW2LZwtfMELsEJU7OfMIygVFkFpKxs5C0zELSMgtJ ywJGllWMHKXFBTm56UaGmxiBUXJMgs1xB+PeXs9DjAIcjEo8vAvymCKEWBPLiitzDzFKcDAr ifDWTWGJEOJNSaysSi3Kjy8qzUktPsQozcGiJM57PeR+uJBAemJJanZqakFqEUyWiYNTqoFR +6bA4T85SaV8ez295geuU/77ZfHhHQd9Gu+eKOhZMkXye0RadsPLnw6mj9wuxCp3JO074KKd 9SPGYb3K3IMsa1lYlN58+ji/cIqIyNQJnKz2h84bd7KcTjTrZVIQUWHoDH6tUpldYfGM9bvq h/3a707XyPuyMFtPdnG8urR55ZpT/2UXdsgrsRRnJBpqMRcVJwIAIpUcb44CAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/TEernHkTRzjNPd0eNjt9Cx0Vsco>
Cc: "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, "draft-ietf-lisp-lcaf@ietf.org" <draft-ietf-lisp-lcaf@ietf.org>, The IESG <iesg@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Suresh Krishnan's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 09:32:58 -0000

Hi Dino,=0A=
=0A=
On 10/14/2016 08:04 AM, Dino Farinacci wrote:=0A=
>> Thanks for taking care of my DISCUSS points. I will clear but I note tha=
t=0A=
>> the COMMENT points below still seem pertinent.=0A=
>=0A=
> Thanks again for your comments Suresh.=0A=
=0A=
No problem. I had already cleared as my DICSUSS points were addressed. Than=
ks =0A=
for taking care of these comments as well.=0A=
=0A=
Regards=0A=
Suresh=0A=
=0A=


From nobody Mon Oct 17 10:36:39 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EF0B129976; Mon, 17 Oct 2016 10:36:35 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.34.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147672579518.4564.14267240698129534295.idtracker@ietfa.amsl.com>
Date: Mon, 17 Oct 2016 10:36:35 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/XDRt9cgxxVTi2q4W8a9h6an4ddM>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-signal-free-multicast-02.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 17:36:35 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : Signal-Free LISP Multicast
        Authors         : Victor Moreno
                          Dino Farinacci
	Filename        : draft-ietf-lisp-signal-free-multicast-02.txt
	Pages           : 19
	Date            : 2016-10-17

Abstract:
   When multicast sources and receivers are active at LISP sites, the
   core network is required to use native multicast so packets can be
   delivered from sources to group members.  When multicast is not
   available to connect the multicast sites together, a signal-free
   mechanism can be used to allow traffic to flow between sites.  The
   mechanism within here uses unicast replication and encapsulation over
   the core network for the data-plane and uses the LISP mapping
   database system so encapsulators at the source LISP multicast site
   can find de-capsulators at the receiver LISP multicast sites.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-signal-free-multicast/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-signal-free-multicast-02

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-signal-free-multicast-02


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Mon Oct 17 13:12:31 2016
Return-Path: <ben@nostrum.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C4B11298A4; Mon, 17 Oct 2016 13:12:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.331
X-Spam-Level: 
X-Spam-Status: No, score=-2.331 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lomiGBctikhj; Mon, 17 Oct 2016 13:12:30 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A9AE1295A5; Mon, 17 Oct 2016 13:12:30 -0700 (PDT)
Received: from [10.0.1.21] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u9HKCRN6077086 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 17 Oct 2016 15:12:27 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.21]
From: "Ben Campbell" <ben@nostrum.com>
To: "Dino Farinacci" <farinacci@gmail.com>
Date: Mon, 17 Oct 2016 15:12:27 -0500
Message-ID: <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com>
In-Reply-To: <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; markup=markdown
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/EYzHQCiaBg04clsjM0b58kg0Zb0>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 20:12:31 -0000

On 14 Oct 2016, at 3:46, Dino Farinacci wrote:

>> Section 4.3 talks about geo coordinates. I think I understand that 
>> these
>> coordinates may give the location of a device. Is there any 
>> expectation
>> that said device can be associated with a person? The security
>> considerations mention this briefly. Have the working group 
>> considered
>> whether the guidance in RFC 6280/BCP 160 is applicable here?
>
> A mapping database entry could identify an individual. We think that 
> confidentiality of the control-plane could be used for protecting data 
> in transit from LISP site to the mapping system. For retrieving 
> information from the mapping system, the transport can provide 
> confidentiality protection but also who can access the information.
>
> How about I put a reference to RFC6280/BCP160 in the Security 
> Considerstaions section?

That's not really what I had in mind. RFC6280 has considerations that 
apply do the design of protocols that can transfer location objects, not 
just their use or implementation. My question was whether the working 
group had considered whether they apply to this document. I'm not saying 
that they do; I am not an expert on lisp, and maybe the this data 
doesn't get sent or used in a way that matters from the perspective of 
RFC 6280. But I would hope that the working group has or will make an 
informed decision about that.

Thanks!

Ben.


From nobody Mon Oct 17 13:21:42 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5663C1294C3; Mon, 17 Oct 2016 13:21:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcrJk8JDWt2s; Mon, 17 Oct 2016 13:21:39 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEB3412948D; Mon, 17 Oct 2016 13:21:38 -0700 (PDT)
Received: by mail-pa0-x22e.google.com with SMTP id vu5so64928992pab.0; Mon, 17 Oct 2016 13:21:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3Q2WnE9yEortnla6yjoLphx+AfGfw5ssK5FAnWgwy4s=; b=JgaYNwaesnpeHAqkVH7qH1fIxTVshyb5Gt/r74P9hkGqfU3uc7R98P23IaQGkWnKxz 8V4HkAlszVzNs8fT6vQfn5eySb3M7AqI2dudNSeS8b2b7M/yfvHtn9FPe1ZFcqweTKR7 VsJkIYC8+BY7BnKm5IyCuUZkMuYIu7O4/kFrMMdXgBoNqz7xJoQTQqb0bNM43VZRNMl1 wpYUQfPNam2kjuEoiG3UoCJtCBb//fBj93jvvS22Yhch9btguypHhfH3IZa0Vt+3r7IF c38YNfEtpjahzbNIJwkQur7R4Vtp4PXo7joE6GhyUFZPOCR8CL8pskx8ZHdJUO0K23Cz bLRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=3Q2WnE9yEortnla6yjoLphx+AfGfw5ssK5FAnWgwy4s=; b=QlotVNlvQ+UVIzoYRfQFhNswfG6DjVQDsd9WLVbCaMzqAcZynLfxUOxFZ2Ou6P3ooS 8j+gCGLRafeLrxf1JiQZvztbQSZEgV+MdKdx8BijpvFKpkiupj9wFAuxrCK+UB48r5SM pUVfYl8ye0ePIznQED2g9eaeWjwpBVr0iNJAsCeC/aiinkruU0TktYWAP7+/QC88ddYA qGQWxygYf6huwjdsNLwxyDmtUtlNZIcZHOuUy2zX7d5uW0oHJ+Yl32wSvmnJlsXPvx1r 4sX2pQ/b6Z/w9DdgZM1TLNFMsJdrgIWm4k70f9FZ3IiJ7BWKU6yLMwfVDIgfaj6FjzYQ b8Dw==
X-Gm-Message-State: AA6/9RmJyLHqFhlxxHuGBSqIxyxNwy0kDEo0yHw3tdAbEduTJIzjvo1tBMJ/bzpPoYwlLw==
X-Received: by 10.66.162.138 with SMTP id ya10mr33278469pab.154.1476735698473;  Mon, 17 Oct 2016 13:21:38 -0700 (PDT)
Received: from [172.31.99.195] (96-86-164-193-static.hfc.comcastbusiness.net. [96.86.164.193]) by smtp.gmail.com with ESMTPSA id e90sm50090561pfd.5.2016.10.17.13.21.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2016 13:21:38 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com>
Date: Mon, 17 Oct 2016 13:21:37 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/nNsllkCSis9ZIC_YzPxcDAUkBAI>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Oct 2016 20:21:40 -0000

> That's not really what I had in mind. RFC6280 has considerations that =
apply do the design of protocols that can transfer location objects, not =
just their use or implementation. My question was whether the working =
group had considered whether they apply to this document. I'm not saying =
that they do; I am not an expert on lisp, and maybe the this data =
doesn't get sent or used in a way that matters from the perspective of =
RFC 6280. But I would hope that the working group has or will make an =
informed decision about that.

We, the LISP WG, had not look at RFC6280 considerations. But the =
draft-farinacci-lisp-geo-01.txt draft is the use-case document for the =
LCAF type. Since this draft has not been made into a working group draft =
we have more time to look into this, if it becomes a working group =
draft.

Any comments chairs?

Dino


From nobody Mon Oct 17 19:16:36 2016
Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2103A129522; Mon, 17 Oct 2016 19:16:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.722
X-Spam-Level: 
X-Spam-Status: No, score=-2.722 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADVj0Yjsu0_T; Mon, 17 Oct 2016 19:16:29 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 190541294F3; Mon, 17 Oct 2016 19:16:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 03707543D02; Mon, 17 Oct 2016 19:16:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1476756989; bh=NpfQk1Mj/f76E6ogwJe/GC5iDwYeetmWPr/RhFMAQAI=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=WXNEbIKtzLzNlAuw0+5FxcP1wDrhpnMwJ2CGZszvXM0/Ncn535Z4chNgZwo+u7gXY bvX6H2TRkQ4UexR0KPQAW4PSwLN6Vu2LQIxsgnRouNeI965Q9rKz/1l3vzebSMSQhA SlxaAQPB7JTkpCwomML/x9Os9e5UyMDcDDpeSx1w=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id 250181C014A; Mon, 17 Oct 2016 19:16:28 -0700 (PDT)
To: Dino Farinacci <farinacci@gmail.com>, Ben Campbell <ben@nostrum.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com>
Date: Mon, 17 Oct 2016 22:17:10 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/Tfs6iMoE5XTWggqBmSgdt-tjbew>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-lcaf@ietf.org, The IESG <iesg@ietf.org>, lisp@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 02:16:30 -0000

Ben, given that this geo LCAF is experimental, would it suffice to put 
in the LCAF document a note that any specification for using this form 
of LCAF needs to discuss RFC 6280 considerations?

Yours,
Joel

On 10/17/16 4:21 PM, Dino Farinacci wrote:
>> That's not really what I had in mind. RFC6280 has considerations that apply do the design of protocols that can transfer location objects, not just their use or implementation. My question was whether the working group had considered whether they apply to this document. I'm not saying that they do; I am not an expert on lisp, and maybe the this data doesn't get sent or used in a way that matters from the perspective of RFC 6280. But I would hope that the working group has or will make an informed decision about that.
>
> We, the LISP WG, had not look at RFC6280 considerations. But the draft-farinacci-lisp-geo-01.txt draft is the use-case document for the LCAF type. Since this draft has not been made into a working group draft we have more time to look into this, if it becomes a working group draft.
>
> Any comments chairs?
>
> Dino
>
>


From nobody Mon Oct 17 19:26:46 2016
Return-Path: <ben@nostrum.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6A8C129461; Mon, 17 Oct 2016 19:26:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.331
X-Spam-Level: 
X-Spam-Status: No, score=-2.331 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHlhSLf3v1cI; Mon, 17 Oct 2016 19:26:44 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59AE01294D7; Mon, 17 Oct 2016 19:26:43 -0700 (PDT)
Received: from [10.0.1.21] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u9I2Qd9j007089 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 17 Oct 2016 21:26:40 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.21]
From: "Ben Campbell" <ben@nostrum.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Date: Mon, 17 Oct 2016 21:26:39 -0500
Message-ID: <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com>
In-Reply-To: <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com> <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; markup=markdown
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/Ukb7KJwkzLeO03kH473dtuvi4vw>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 02:26:45 -0000

Hi Joel,

That seems reasonable for an experimental RFC.  If someday this gets 
promoted to standards track, we would probably want to readdress it.

(The fact that this is experimental is the reason my comment was a 
comment, rather than a discuss. I probably should have mentioned that.)

Thanks!

Ben.

On 17 Oct 2016, at 21:17, Joel M. Halpern wrote:

> Ben, given that this geo LCAF is experimental, would it suffice to put 
> in the LCAF document a note that any specification for using this form 
> of LCAF needs to discuss RFC 6280 considerations?
>
> Yours,
> Joel
>
> On 10/17/16 4:21 PM, Dino Farinacci wrote:
>>> That's not really what I had in mind. RFC6280 has considerations 
>>> that apply do the design of protocols that can transfer location 
>>> objects, not just their use or implementation. My question was 
>>> whether the working group had considered whether they apply to this 
>>> document. I'm not saying that they do; I am not an expert on lisp, 
>>> and maybe the this data doesn't get sent or used in a way that 
>>> matters from the perspective of RFC 6280. But I would hope that the 
>>> working group has or will make an informed decision about that.
>>
>> We, the LISP WG, had not look at RFC6280 considerations. But the 
>> draft-farinacci-lisp-geo-01.txt draft is the use-case document for 
>> the LCAF type. Since this draft has not been made into a working 
>> group draft we have more time to look into this, if it becomes a 
>> working group draft.
>>
>> Any comments chairs?
>>
>> Dino
>>
>>


From nobody Mon Oct 17 19:50:52 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB60C129459; Mon, 17 Oct 2016 19:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zWx4FBmww8hT; Mon, 17 Oct 2016 19:50:49 -0700 (PDT)
Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 936591293FE; Mon, 17 Oct 2016 19:50:49 -0700 (PDT)
Received: by mail-pa0-x230.google.com with SMTP id qn10so66711728pac.2; Mon, 17 Oct 2016 19:50:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4mEsjargvDP7IPMdI2m9WbYjdr3cO2msUvLTTq5IOFk=; b=ilLexqlfGcymIbazzov02aSFSXsepwYP49Vq7Pg4ML7ay2A0u9qcUZTu7CJfX13Okh 8QuCcS7LZJ3Wim3weXqWjzMvzO7s3WHF75YBwJixgsdZuHW1QOviaLMERcGwYbHGJhkb EYaXdT67vTf+peOEpiCPnyTQUIPsDRisXs0aLMd8iuPCsegAVscXvN92/GfTl9vF5nGI x6EklR2/SbduqaNeJxhp82nrUx5i+2wQFrQqoE0nwvfAcf6iLK0IoujSrMXpm7AVDVuY 2GYzvcXtyKXOeg5vuPg2pwletcYP3yTeMVPlKLNZx69a6Ba5dQYGRM05Nrz+0Y8p0hxW 3++w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4mEsjargvDP7IPMdI2m9WbYjdr3cO2msUvLTTq5IOFk=; b=JgnEk2d3hzjmQuprc6cFVJLdgMvI4YL9v0AGLcmuWbZReUYkOx4nnYHIZyv/Ueixc0 xap10PCLmT2hVo7GF/RAPlk9b0Vv8CCveSe470if1nazcsPoKgQzw2ZfZcBDLz1BNLVY 84stBajXmTN1zxAqr7iW//7YST18JoNq6P9WaH4yJNhpIGpMHwzvaKBI+ZUiLAuoj4oX sZAOcqmDBeXBJGAxf7cGhJTbC27or1H75lZvD+n5VOkP130M1zo0aSCOHlS7C/LZNBnl kmdNtBWMaQjFtyjy7NEtal6xIsGLPRLVOilC1iuPjezkDyeMMNn1ereDBBIeyKteDkag JvuA==
X-Gm-Message-State: AA6/9Rm84X76JeRxOhj80fbr49b5KUpQNTFxxNrsKdVwBdDcja7ebxmC47BeSCZjwIzzsw==
X-Received: by 10.66.20.101 with SMTP id m5mr784043pae.142.1476759049168; Mon, 17 Oct 2016 19:50:49 -0700 (PDT)
Received: from ?IPv6:2603:3024:151c:55f0:15d3:7f80:11d8:48b4? ([2603:3024:151c:55f0:15d3:7f80:11d8:48b4]) by smtp.gmail.com with ESMTPSA id g67sm8592717pfd.82.2016.10.17.19.50.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2016 19:50:48 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com>
Date: Mon, 17 Oct 2016 19:50:47 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA3F0359-466E-4FF8-B9C9-10842D7B5B60@gmail.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com> <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com> <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/PlQ3wfomLuKCZvsk0eqeaBedYV4>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 02:50:51 -0000

> That seems reasonable for an experimental RFC.  If someday this gets =
promoted to standards track, we would probably want to readdress it.

Okay, I=E2=80=99ll move the reference to RFC 6280 out from the Security =
Considerations section and into the Geo LCAF section with text suggested =
by Joel.

Dino


From nobody Mon Oct 17 20:22:48 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 375D012711D; Mon, 17 Oct 2016 20:22:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.294
X-Spam-Level: 
X-Spam-Status: No, score=-1.294 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_28=1.404, HTML_IMAGE_RATIO_08=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wwrME7jKu4Xg; Mon, 17 Oct 2016 20:22:37 -0700 (PDT)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16AE31293F4; Mon, 17 Oct 2016 20:22:37 -0700 (PDT)
Received: by mail-pf0-x22a.google.com with SMTP id 128so87282515pfz.0; Mon, 17 Oct 2016 20:22:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=srdCInU7n5s+AOkYqEUvp2HN/HDdjNgMUPc29bThNOg=; b=SG1IbcPnQ1uX0y6rbZ4kpob8CBc4cvv/0PvkmuUTtqLLYOw4h9UvxRhNnM4MmQYPOP U82tAwxFsMf79gt1/Kz6Luc8u0J3zaDf6odkLfRvxsV6XJKvlSoQDLgEDqjNQv6OxSUp 1nlnH4WvWZsJrQI/Dk4rbCPriyl970e1Z9wcStRTLADXD8MRmQqtI12HhwZojHHB8P/D 53QkEDRIeLQi16OOS2X9WH60MgvxVlRmSvw0ryONrQPyscrvd4Xgzz6aqwBjrJd75X8L TeOpdoWRFqLuQdn8sZQiP/wePhMZZW8duvdHDlJbntjrrKuQg76oZXUBzEvmWnnY1l4H wI1A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=srdCInU7n5s+AOkYqEUvp2HN/HDdjNgMUPc29bThNOg=; b=fj2QTk9X0p50a4t8jiEPG0SdYPpt2dVZ85Np+ALnfx9ggWfameFipqxiaIb5J+wbyu N8XOcBS9lFIMn2384x5kIHCkH6VF9PNjtGYkAdpwHfOPkXd5FDJukTx+2DrDVPHyrt2D Um16lpL6dmZnCHDffO6qoNqXq3uobdq5d1yW3pXD5r1lkUvx70S2JMYHYK0CFLL7wL/0 qwgsazubUZj86aOmXtgBG50MXUcNHSO5/FeEv3GjqSVZ+PU104MIg9kosKHgxpxg1nJe Pl5C+Qi76eO5pl85LtkGPWxzIjy0qema8LDB7swJHw5CXGMInyTkAW9BjnKsCwjxM2Kx ky7Q==
X-Gm-Message-State: AA6/9RmZErTHZtshgtMKi9hUdrPtHXiK4+IgASHuKK9+S2Sx4XIolv6uBRUm3y5bsmBEGg==
X-Received: by 10.99.53.135 with SMTP id c129mr925654pga.180.1476760956628; Mon, 17 Oct 2016 20:22:36 -0700 (PDT)
Received: from ?IPv6:2603:3024:151c:55f0:15d3:7f80:11d8:48b4? ([2603:3024:151c:55f0:15d3:7f80:11d8:48b4]) by smtp.gmail.com with ESMTPSA id h87sm51146056pfj.78.2016.10.17.20.22.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 17 Oct 2016 20:22:35 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Message-Id: <A7D2111B-594C-4EBF-A07E-26077A845677@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_435AF4F8-0612-4631-BFB5-BD8C1BADD77E"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Date: Mon, 17 Oct 2016 20:22:33 -0700
In-Reply-To: <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com> <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com> <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/ATE5cHY6guSPb8oWu1MJeeL1QIw>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 03:22:39 -0000

--Apple-Mail=_435AF4F8-0612-4631-BFB5-BD8C1BADD77E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Ben, how is this?

Dino




> On Oct 17, 2016, at 7:26 PM, Ben Campbell <ben@nostrum.com> wrote:
>=20
> Hi Joel,
>=20
> That seems reasonable for an experimental RFC.  If someday this gets =
promoted to standards track, we would probably want to readdress it.
>=20
> (The fact that this is experimental is the reason my comment was a =
comment, rather than a discuss. I probably should have mentioned that.)
>=20
> Thanks!
>=20
> Ben.
>=20
> On 17 Oct 2016, at 21:17, Joel M. Halpern wrote:
>=20
>> Ben, given that this geo LCAF is experimental, would it suffice to =
put in the LCAF document a note that any specification for using this =
form of LCAF needs to discuss RFC 6280 considerations?
>>=20
>> Yours,
>> Joel
>>=20
>> On 10/17/16 4:21 PM, Dino Farinacci wrote:
>>>> That's not really what I had in mind. RFC6280 has considerations =
that apply do the design of protocols that can transfer location =
objects, not just their use or implementation. My question was whether =
the working group had considered whether they apply to this document. =
I'm not saying that they do; I am not an expert on lisp, and maybe the =
this data doesn't get sent or used in a way that matters from the =
perspective of RFC 6280. But I would hope that the working group has or =
will make an informed decision about that.
>>>=20
>>> We, the LISP WG, had not look at RFC6280 considerations. But the =
draft-farinacci-lisp-geo-01.txt draft is the use-case document for the =
LCAF type. Since this draft has not been made into a working group draft =
we have more time to look into this, if it becomes a working group =
draft.
>>>=20
>>> Any comments chairs?
>>>=20
>>> Dino
>>>=20
>>>=20


--Apple-Mail=_435AF4F8-0612-4631-BFB5-BD8C1BADD77E
Content-Type: multipart/related;
	type="text/html";
	boundary="Apple-Mail=_E308C386-1613-453B-B261-E8AA7EAA7E10"


--Apple-Mail=_E308C386-1613-453B-B261-E8AA7EAA7E10
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=us-ascii

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space;">Ben, how is this?<div =
class=3D""><br class=3D""></div><div class=3D"">Dino</div><div =
class=3D""><br class=3D""></div><div class=3D""><img apple-inline=3D"yes" =
id=3D"800A3B8D-A90E-4019-A761-8D4FEAAA3249" height=3D"258" width=3D"749" =
apple-width=3D"yes" apple-height=3D"yes" =
src=3D"cid:573E45EC-AF86-4B4F-A1AA-3A7D48021A58@wp.comcast.net" =
class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""><blockquote type=3D"cite" class=3D"">On Oct 17, 2016, at 7:26 =
PM, Ben Campbell &lt;<a href=3D"mailto:ben@nostrum.com" =
class=3D"">ben@nostrum.com</a>&gt; wrote:<br class=3D""><br class=3D"">Hi =
Joel,<br class=3D""><br class=3D"">That seems reasonable for an =
experimental RFC. &nbsp;If someday this gets promoted to standards =
track, we&nbsp;would probably want to readdress it.<br class=3D""><br =
class=3D"">(The fact that this is experimental is the reason my comment =
was a comment, rather than a discuss. I&nbsp;probably should have =
mentioned that.)<br class=3D""><br class=3D"">Thanks!<br class=3D""><br =
class=3D"">Ben.<br class=3D""><br class=3D"">On 17 Oct 2016, at 21:17, =
Joel M. Halpern wrote:<br class=3D""><br class=3D""><blockquote =
type=3D"cite" class=3D"">Ben, given that this geo LCAF is experimental, =
would it suffice to put in the LCAF document a note&nbsp;that any =
specification for using this form of LCAF needs to discuss RFC 6280 =
considerations?<br class=3D""><br class=3D"">Yours,<br class=3D"">Joel<br =
class=3D""><br class=3D"">On 10/17/16 4:21 PM, Dino Farinacci wrote:<br =
class=3D""><blockquote type=3D"cite" class=3D""><blockquote type=3D"cite" =
class=3D"">That's not really what I had in mind. RFC6280 has =
considerations that apply do the design of&nbsp;protocols that can =
transfer location objects, not just their use or implementation. My =
question&nbsp;was whether the working group had considered whether they =
apply to this document. I'm not saying&nbsp;that they do; I am not an =
expert on lisp, and maybe the this data doesn't get sent or used in =
a&nbsp;way that matters from the perspective of RFC 6280. But I would =
hope that the working group has or&nbsp;will make an informed decision =
about that.<br class=3D""></blockquote><br class=3D"">We, the LISP WG, =
had not look at RFC6280 considerations. But the =
draft-farinacci-lisp-geo-01.txt&nbsp;draft is the use-case document for =
the LCAF type. Since this draft has not been made into a =
working&nbsp;group draft we have more time to look into this, if it =
becomes a working group draft.<br class=3D""><br class=3D"">Any comments =
chairs?<br class=3D""><br class=3D"">Dino<br class=3D""><br class=3D""><br=
 class=3D""></blockquote></blockquote></blockquote><br =
class=3D""></div></body></html>=

--Apple-Mail=_E308C386-1613-453B-B261-E8AA7EAA7E10
Content-Transfer-Encoding: base64
Content-Disposition: inline;
	filename=PastedGraphic-2.png
Content-Type: image/png;
	x-unix-mode=0666;
	name="PastedGraphic-2.png"
Content-Id: <573E45EC-AF86-4B4F-A1AA-3A7D48021A58@wp.comcast.net>

iVBORw0KGgoAAAANSUhEUgAAB84AAAKwCAYAAAD5k1XfAAAMFmlDQ1BJQ0MgUHJvZmlsZQAASImV
VwdYU8kWnltSCAktEAEpoffeQXqXKh1shCRAKAESgoq9LCq4drGAqOiKiIprAWSxYcHCImCvD0RU
VtbFgg2VNymg62vfO983d/6cOefMf+aeO5kBQNGWlZ+fgyoBkMsvFMQE+zGTklOYpB5AAfIAADsg
z2IL832jo8PhLzDW/13e3QKIuL9uJY71r+P/VZQ5XCEbACQa4jSOkJ0L8TEAcHV2vqAQAEI71BvM
KswX4yGIVQWQIABEXIwzpFhdjNOk2FJiExfjD7EPAGQqiyXIAEBBzJtZxM6AcRTEHG35HB4f4kqI
vdiZLA7EDyC2zM3Ng1iRDLFp2ndxMv4WM208JouVMY6luUiEHMAT5uew5vyfy/G/JTdHNDaHPmzU
TEFIjDhnuG77svPCxJgKcQs/LTIKYhWIL/E4EnsxvpcpComX2Q+yhf5wzQADABRwWAFhEGtBzBBl
x/vKsD1LIPGF9mgkrzA0TobTBHkxsvhoET8nMlwWZ0UmN3QMV3GFgbFjNum8oFCIYaWhx4oz4xKl
PNHzRbyESIgVIO4UZseGyXwfFWf6R47ZCEQxYs6GEL9NFwTFSG0w9VzhWF6YNZslmQvWAuZTmBkX
IvXFkrjCpPAxDhxuQKCUA8bh8uNl3DBYXX4xMt+S/JxomT1Wxc0JjpGuM3ZYWBQ75ttdCAtMug7Y
4yzW5GjZXO/yC6PjpNxwFIQDfxAAmEAEWxrIA1mA1zHYOAh/SUeCAAsIQAbgAiuZZswjUTLCh89Y
UAz+hIgLhON+fpJRLiiC+i/jWunTCqRLRoskHtngKcS5uCbuhXvg4fDpA5s97oq7jfkxFcdmJQYS
A4ghxCCi2TgPNmSdA5sA8P6NLgz2XJidmAt/LIdv8QhPCV2Ex4SbhB7CXZAAnkiiyKxm8pYIfmDO
BBGgB0YLkmWXBmMOjNngxpC1E+6He0L+kDvOwDWBFe4IM/HFvWFuTlD7PUPROLdva/njfGLW3+cj
0yuYKzjJWKSNvxn/casfo/h/t0Yc2If9aImtwI5ibdhZ7DLWgjUCJnYaa8LasZNiPF4JTySVMDZb
jIRbNozDG7OxrbMdsP38w9ws2fzi9RIWcmcXij8G/7z8OQJeRmYh0xfuxlxmKJ9tbcm0t7VzBkC8
t0u3jjcMyZ6NMK580xWcAcCtFCozvulYBgCceAoA/d03ncFrWO5rATjZyRYJiqQ68XYMCPBfQxF+
FRpABxgAU5iPPXAGHsAHBILJIArEgWQwA654JsiFnGeBeWAxKAFlYC3YBLaBHWA32AcOgiOgEbSA
s+AiuAo6wU1wH9ZFP3gBhsA7MIIgCAmhIXREA9FFjBALxB5xRbyQQCQciUGSkVQkA+EjImQeshQp
Q9Yj25BdSC3yK3ICOYtcRrqQu0gvMoC8Rj6hGEpFVVFt1Bi1QV1RXzQMjUOnoxloAVqMLkNXo1vQ
avQA2oCeRa+iN9Ee9AU6jAFMHmNgepgV5or5Y1FYCpaOCbAFWClWjlVjh7Bm+J6vYz3YIPYRJ+J0
nIlbwdoMweNxNl6AL8BX4dvwfXgDfh6/jvfiQ/hXAo2gRbAguBNCCUmEDMIsQgmhnLCXcJxwAX43
/YR3RCKRQTQhusDvMpmYRZxLXEXcTqwnniF2EfuIwyQSSYNkQfIkRZFYpEJSCWkr6QDpNKmb1E/6
QJYn65LtyUHkFDKfvIRcTt5PPkXuJj8jj8gpyRnJuctFyXHk5sitkdsj1yx3Ta5fboSiTDGheFLi
KFmUxZQtlEOUC5QHlDfy8vL68m7yU+R58ovkt8gflr8k3yv/kapCNaf6U6dRRdTV1BrqGepd6hsa
jWZM86Gl0Appq2m1tHO0R7QPCnQFa4VQBY7CQoUKhQaFboWXinKKRoq+ijMUixXLFY8qXlMcVJJT
MlbyV2IpLVCqUDqhdFtpWJmubKccpZyrvEp5v/Jl5ecqJBVjlUAVjsoyld0q51T66BjdgO5PZ9OX
0vfQL9D7VYmqJqqhqlmqZaoHVTtUh9RU1BzVEtRmq1WonVTrYWAMY0YoI4exhnGEcYvxaYL2BN8J
3AkrJxya0D3hvfpEdR91rnqper36TfVPGkyNQI1sjXUajRoPNXFNc80pmrM0qzQvaA5OVJ3oMZE9
sXTikYn3tFAtc60Yrblau7XatYa1dbSDtfO1t2qf0x7UYej46GTpbNQ5pTOgS9f10uXpbtQ9rfsH
U43py8xhbmGeZw7paemF6In0dul16I3om+jH6y/Rr9d/aEAxcDVIN9ho0GowZKhrGGE4z7DO8J6R
nJGrUabRZqM2o/fGJsaJxsuNG42fm6ibhJoUm9SZPDClmXqbFphWm94wI5q5mmWbbTfrNEfNncwz
zSvMr1mgFs4WPIvtFl2WBEs3S75lteVtK6qVr1WRVZ1VrzXDOtx6iXWj9UsbQ5sUm3U2bTZfbZ1s
c2z32N63U7GbbLfErtnutb25Pdu+wv6GA80hyGGhQ5PDK0cLR65jleMdJ7pThNNyp1anL84uzgLn
Q84DLoYuqS6VLrddVV2jXVe5XnIjuPm5LXRrcfvo7uxe6H7E/S8PK49sj/0ezyeZTOJO2jOpz1Pf
k+W5y7PHi+mV6rXTq8dbz5vlXe392MfAh+Oz1+eZr5lvlu8B35d+tn4Cv+N+7/3d/ef7nwnAAoID
SgM6AlUC4wO3BT4K0g/KCKoLGgp2Cp4bfCaEEBIWsi7kdqh2KDu0NnRossvk+ZPPh1HDYsO2hT0O
Nw8XhDdHoBGTIzZEPIg0iuRHNkaBqNCoDVEPo02iC6J/m0KcEj2lYsrTGLuYeTFtsfTYmbH7Y9/F
+cWtibsfbxovim9NUEyYllCb8D4xIHF9Yk+STdL8pKvJmsm85KYUUkpCyt6U4amBUzdN7Z/mNK1k
2q3pJtNnT788Q3NGzoyTMxVnsmYeTSWkJqbuT/3MimJVs4bTQtMq04bY/uzN7BccH85GzgDXk7ue
+yzdM319+vMMz4wNGQOZ3pnlmYM8f9423quskKwdWe+zo7JrskdzEnPqc8m5qbkn+Cr8bP75PJ28
2Xld+Rb5Jfk9Be4FmwqGBGGCvUJEOF3YVKgKjzntIlPRT6LeIq+iiqIPsxJmHZ2tPJs/u32O+ZyV
c54VBxX/Mhefy57bOk9v3uJ5vfN95+9agCxIW9C60GDhsoX9i4IX7VtMWZy9+PcltkvWL3m7NHFp
8zLtZYuW9f0U/FNdiUKJoOT2co/lO1bgK3grOlY6rNy68mspp/RKmW1ZednnVexVV362+3nLz6Or
01d3rHFeU7WWuJa/9tY673X71iuvL17ftyFiQ8NG5sbSjW83zdx0udyxfMdmymbR5p4t4Vuathpu
Xbv187bMbTcr/CrqK7UqV1a+387Z3l3lU3Voh/aOsh2fdvJ23tkVvKuh2ri6fDdxd9Hup3sS9rT9
4vpL7V7NvWV7v9Twa3r2xew7X+tSW7tfa/+aOrROVDdwYNqBzoMBB5sOWR3aVc+oLzsMDosO//Fr
6q+3joQdaT3qevTQMaNjlcfpx0sbkIY5DUONmY09TclNXScmn2ht9mg+/pv1bzUtei0VJ9VOrjlF
ObXs1Ojp4tPDZ/LPDJ7NONvXOrP1/rmkczfOTznfcSHswqWLQRfPtfm2nb7keanlsvvlE1dcrzRe
db7a0O7Ufvx3p9+Pdzh3NFxzudbU6dbZ3DWp61S3d/fZ6wHXL94IvXH1ZuTNrlvxt+7cnna75w7n
zvO7OXdf3Su6N3J/0QPCg9KHSg/LH2k9qv6H2T/qe5x7TvYG9LY/jn18v4/d9+KJ8Mnn/mVPaU/L
n+k+q31u/7xlIGig84+pf/S/yH8xMljyp/KflS9NXx77y+ev9qGkof5Xglejr1e90XhT89bxbetw
9PCjd7nvRt6XftD4sO+j68e2T4mfno3M+kz6vOWL2Zfmr2FfH4zmjo7mswQsyVEAgw1NTwfgdQ0A
tGR4dugEgKIgvXtJBJHeFyUI/CcsvZ9JBJ5canwAiF8EQDg8o1TBZgQxFfbio3ecD0AdHMabTITp
DvbSWFR4gyF8GB19ow0AqRmAL4LR0ZHto6Nf9kCydwE4UyC984mFCM/3O23EqLP/JfhR/gno8Gz+
GcRuRwAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAZ5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4
OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4w
Ij4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJk
Zi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAg
ICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAg
ICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MTk5ODwvZXhpZjpQaXhlbFhEaW1lbnNpb24+CiAgICAg
ICAgIDxleGlmOlBpeGVsWURpbWVuc2lvbj42ODg8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAg
ICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KhcfBxwAAABxp
RE9UAAAAAgAAAAAAAAFYAAAAKAAAAVgAAAFYAAJZIM68f6cAAEAASURBVHgB7J0JvL3F/McniYRK
adGuaCNUUpaQtGizVBRJ1miTXfztu7QIUZaQFJUlSUURRaGkpEW0F0mkVNb7P+/J95g7v3POPdu9
95x73/N63fuc8yyzvGee5zzf+cx8Z6GJRkhdhD//+c9dnOUpEpCABCQgAQlIQAISkIAEJCCBuU3g
QQ960NwuoKWTgAQkIAEJSEACEpCABCQgAQnMQwILKZzPw1q3yBKQgAQkIAEJSEACEpCABCTQNwGF
877ReaEEJCABCUhAAhKQgAQkIAEJSGBkCSicj2zVmDEJSEACEpCABCQgAQlIQAISGEUCCuejWCvm
SQISkIAEJCABCUhAAhKQgAQkMBgBhfPB+Hm1BCQgAQlIQAISkIAEJCABCcwzAgrn86zCLa4EJCAB
CUhAAhKQgAQkIAEJzAsCCufzopotpAQkIAEJSEACEpCABCQgAQkMi4DC+bBIGo8EJCABCUhAAhKQ
gAQkIAEJSGB0CCicj05dmBMJSEACEpCABCQgAQlIQAISGAMCCudjUElmUQISkIAEJCABCUhAAhKQ
gAQk0CMBhfMegXm6BCQgAQlIQAISkIAEJCABCcxvAgrn87v+Lb0EJCABCUhAAhKQgAQkIAEJzE0C
Cudzs14tlQQkIAEJSEACEpCABCQgAQlMEwGF82kCa7QSkIAEJCABCUhAAhKQgAQkIIFZJKBwPovw
TVoCEpCABCQgAQlIQAISkIAExo+Awvn41Zk5loAEJCABCUhAAhKQgAQkIAEJTEVA4XwqQh6XgAQk
IAEJSEACEpCABCQgAQkUBBTOCxh+lIAEJCABCUhAAhKQgAQkIAEJzBECCudzpCIthgQkIAEJSEAC
EpCABCQgAQnMDAGF85nhbCoSkIAEJCABCUhAAhKQgAQkIIGZJKBwPpO0TUsCEpCABCQgAQlIQAIS
kIAExp6AwvnYV6EFkIAEJCABCUhAAhKQgAQkIAEJLEBA4XwBJO6QgAQkIAEJSEACEpCABCQgAQm0
J6Bw3p6NRyQgAQlIQAISkIAEJCABCUhAAuNKQOF8XGvOfEtAAhKQgAQkIAEJSEACEpDArBBQOJ8V
7CYqAQlIQAISkIAEJCABCUhAAhKYVgIK59OK18glIAEJSEACEpCABCQgAQlIYK4RUDifazVqeSQg
AQlIQAISkIAEJCABCUhAAikpnNsKJCABCUhAAhKQgAQkIAEJSEACPRBQOO8BlqdKQAISkIAEJCAB
CUhAAhKQgATGhIDC+ZhUlNmUgAQkIAEJSEACEpCABCQggdEgoHA+GvVgLiQgAQlIQAISkIAEJCAB
CUhAAsMkoHA+TJrGJQEJSEACEpCABCQgAQlIQAJznoDC+ZyvYgsoAQlIQAISkIAEJCABCUhAAvOQ
gML5PKx0iywBCUhAAhKQgAQkIAEJSEAC/RNQOO+fnVdKQAISkIAEJCABCUhAAhKQgARGlYDC+ajW
jPmSgAQkIAEJSEACEpCABCQggZEkoHA+ktVipiQgAQlIQAISkIAEJCABCUhAAgMRaArn73rXuwaK
yIslIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACgxB4xzveMcjlfV+rcN43
Oi+UgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIIFhElA4HyZN45KABCQgAQlI
QAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQggbEjoHA+dlVmhiUgAQlIQAISkIAEJCABCUhA
AhKQgAQkIAEJSEACEpCABCQgAQlIYJgEFM6HSdO4JCABCUhAAhKQwIAE7rrrrnT77beniYmJdN/7
3jctscQSaaGFFuo71n/84x+Jvwc84AF9x8GF//nPf9K///3vHNff/va39Kc//Sldf/31aeONN06L
L754M+6bb745n7vMMsukhRdeuLl/FD9QjjvuuCNnbZFFFsnluPe97z2KWTVPEpCABCQgAQlIQAIS
kIAEJNAlAe3qLkEN4TTt6iFANAoJSGCkCCicj1R1mBkJSEACEpCABOYrgb///e/pzDPPTOedd94k
BIjSu+22W1p22WUn7e/05c9//nP67W9/my666KJ07bXXpvvf//5pv/32y0J8p+s6HTv++OPTJZdc
ssAp++67b1p66aXz/u9973vp7LPPzp/XXHPNtMsuu6R73eteC1wz2zvasSZf2267bdpwww1HMt+z
zc30JSABCUhAAhKQgAQkIAEJjDKBdraedvXwa60da1LSrh4+b2OUgARmjoDC+cyxNiUJSEACEpCA
BCTQkgAjtD/zmc8kBO9WgZnne++996SZ3a3Ou+aaa9LJJ5+c/vjHP+bDXLf11luntdZaKy222GKt
Lul631//+td0yy23pC9+8YvNaxDMyRfiOLPaP/3pTzfTRqzfZ5990v3ud7/m+aPwgZkHRx55ZGYN
n1133TWtsMIK6dxzz80DF8jj4x73uPSMZzxjoJn+o1BW8yABCUhAAhKQgAQkIAEJSGC+ENCunrma
1q6eOdamJAEJzDwBhfOZZ26KEpDAPCCAS2P+InTr+hdh6rbbbktLLbVUniEa18/UdrbTn6ly9ppO
XZ+IhKM4i7bXcnn+aBD417/+lcVoXJ/vvPPOafnll0833XRTOuGEExKGf4RtttkmC7rxvdwy0vu0
005LF1xwQXM34u/mm28+0CzzZmT//YBb84985CPN3cS/6aab5u/cJ5///OfzDHd2DGOWezOhIX3A
/T2z4s8555wc47Of/ez06Ec/On/m2FFHHdXMPzP0eRYbJCABCUhAAhKQgARmh0Bth2lXz049DCvV
uj61q4dF1nggoF09c+1Au3rmWJuSBCQwOwQUzmeHu6lKQAJzmADi88EHHzyphK94xSvyjMZJO6sv
rAt8+OGH573Mgtxrr73y2sbVadP2dbbTn7aCDRhxq/rsJGAOmJyXz0MCuD8/5ZRT0qte9apJ65Bf
eOGF6Rvf+EaTSLt295e//CV94QtfmDRbHbdoG220UfPaYX34zW9+k4455phmdC9+8YvTqquu2vzO
THfczbMW+hOe8IS02mqrNY+Nwod6VvwrX/nKPFAh8vad73yn6Sq/m+d2XOdWAhKQgAQkIAEJSGC4
BFrZYd28n822XTvb6Q+3FoYXW6v6bGffDC9VY5pPBLSrZ662tatnjrUpSUACs0NA4Xx2uJuqBCQw
xwmwtvDRRx/dLGU3Bv7FF1+cTjzxxOY1L3vZy9JKK63U/D7dH2Y7/XblYyQrouAWW2yRVlxxxXan
Tev+q666KuchEtHADxKdt8yWZjDIKLrr7pzzmT3KzAsMz0UXXXRSwueff3761re+1dzXqt3h2h0X
7+XM9B122CFtsMEGzeuG+aFcw5wZ5bhpH9QF/DDzN1VcdNgdccQRTV4lK541DGD42c9+lqPp5rk9
VXoel4AEJCABCUhAAhLon4B2df/s6iu1q2si4/Ndu7q7utKu7o7TMM7Srh4GReOQgARGmYDC+SjX
jnmTgATGlsCtt96aDjvssGb+uxFgfve7301aO7ieCdmMbJo+zHb67YrFusOnnnpq6oZhuzgG3Y/L
L9Zu/sMf/pCjaiVgDprGXLuejpmvfOUr6brrrhtIOIc9fyEq02nAbGbE2k6uGjGa41wE3kUWWWRK
xOU1uA28z33u00x3qovraxdffPGpLpny+E9+8pPsfj1OrJ8JlK9eF/2JT3xiHmQS1wxzW98Hj3jE
I9JOO+20wDrg1A/n4jmjXcC1PHwXWmihfArfY1/UdbtrB2HNOmyf+9znmuuwU088Wx7wgAekco02
9uMBYNTWZ2/HxP0SkIAEJCABCUhgLhLQrh5erWpXD4/lTMakXa1drV09k3ecaUlAAhK4h4DCuS1B
AhKQwDQQYK3ij33sY82YuxF9MYguu+yydOONN6ZVVlklPfzhD29ePxMfZjv9VmWEx3HHHZcPdcOw
VRzD2FcLhgrnnanSlr7//e+nH/7wh3md615mnDO7H3ffzKRGdL/++uvz/bD11lunb37zm83BC+Tg
RS96UXroQx+6QGaYmfK1r32tOasY4ZwZ2FdeeWVeO3zppZdOiNClmH7ppZemk08+uXlNRIo4vMkm
m2SRF8F2ySWXnCSmUtZf/epXk7xFcC3eIp7//Of3PRv7iiuuSF/+8pcjG6luc6R7/PHHp1//+tfN
czCouU8oL59DlG6eMOCHW265JX384x9vxsJs7cc85jH5ucXa57fffnuuH/L+oAc9KC83AWOuu+GG
G9Kdd96ZeDbCGtEfrxorrLBCdu1+9tlnN+N93vOel9ZZZ53m9/gwDNbcy8w4p41F4HlLXdFmzzvv
vLy75h3nupWABCQgAQlIQAISmDkC2tXDYa1dPRyOMx2LdrV2tXb1TN91picBCUjgHgIK57YECUhA
An0SwDURfwsvvHBei5wtwtGDH/zgLA61Es5xx1wHZs1iEDFLs5xBy4xXQn0N+zkPMeruu+/O6ZNm
iICIe4hDZYg0EItiJijXhLBG2q3Sr+MinzFLlE4M0ifuZZddthlXmS4zSBFAuY7zEPS6detcGvfE
yVrKuGonnjKQb/ICJ8qzxBJLTFonujy302fyifhHHMwyXWqppZplqoXzcO/MNYiBMCl5lunA4Lbb
bst82f/ABz5wgfy1q2PaE3kikJ9WI40pP/kgHdiQd9KIus0XF/+Ik3ZLO2qVl+LUlh8pC2Um0Obg
HW2PfdT1D37wg3TWWWfxNdc5Yi71Xp6XD7b496Mf/SidccYZLY4suIv2VK8LXl7P8a222iqdc845
WdBdZpllsmD6yEc+Mu24446ZEW2cdcQvuuiinADXvPSlL833VylcR+rlEgowP+GEExLrfhOe/exn
5/J+6Utfyt+33HLLvM53/tLlP+7Rn//8500Bl8t222239LCHPWxSDFdffXX6/Oc/P2lf+YVyPOc5
z0lrrLFGuXugzzBiQEIE3LRjyONZIBjEscc97nHpGc94RmZcr4vOOczo3n333dNJJ52Urr322rgs
b9daa62EeB7PQHYOk/V3v/vd3CYmJfrfL3Dbeeed02ojtjZ7q7y6TwISkIAEJCABCcwFAtrV2tXa
1drV2tXa1XPh98wySEACc4eAwvncqUtLIgEJzBABhMGYTVsnueqqq+ZZsBh+tXC+3HLL5dmaHCvD
y1/+8iz8loIUx/fbb78sLn3iE5/Iwmh5zZprrpmY1RkBQRURCmG5nhXKOYhBiLtl2syI3WWXXbKI
WwtiXEP6iIrlDFP245oZUZtZthFKd8fsQ2j+6U9/mk4//fQ4pbmFAyIzM+vJM8JbHVqVIc4J0Zrv
CG6IdsxeLcNTnvKUtOmmmy4gspfnxGeE6e985zvpkksuiV15S5n22GOPLFjXwvlGG22Uz4m1kPlC
OajLGBjANQjI5UzafFHjH/VEOWDBeYcccsikMpB/RGbWky5DKdqyv56VHOfSHhBaYbzddttl8ZR0
ELMRlsuAwInAWw9IKM/hMzO/TzzxxEltKM55+tOfngVihM5WbSnOq12Nx/56G/VPORBMCeuvv356
/OMfn5mUbb9kUro251rSo16Ylf3Vr361mQxtGPGcUArtfI9Z7AxIOPLII5sz3BGgGSCy4YYb5vbL
YIcvfOELeSY111Fnm222Wfr973+fPvWpT7ErtXNlng9W/+qBIuVhBo3wbInAM4i0r26I5xG4x5/5
zGfmgQEIwxGiPPG93y1pljPc4brXXns1B0OQl1LIr2eN0/7Kmd541PjnP/+ZcL+5xRZbTJqxXwvn
w2ZNXo466qhm3QUTGO6///7NMsV+txKQgAQkIAEJSEACwyegXa1drV09+b7Srtau1q6efE/4TQIS
kMBsEVA4ny3ypisBCYwtgRAGEVmYmcpM4Msvvzwde+yxTaEMMagWznFJjBiHqMasUmbC4j4agY9Q
in58D9fkiEsIlghrEUgb4RVxGrfUEV796ldnoZBZwYhYpVCOiPeoRz0qz/AMoRmX1czYRTRtl/5N
N92UBa9Igy3p4yK7FM8333zzLFZzHMGYPwKCJ3mFUbhdZz9xIJwjHtcBsRShFtfZUQbiYMYwwjT5
LmexhkDJNZ/97GdzdLX4VqfBd2Y3IObBI4RAZq+H8EkcDC6g3mKNc/Id/Oo4SwaI1Ayw4PyYFR1t
h+sQ5pmxS/0TH/VVuo/mHETa888/n485xMAMBOpyTXryjkhMPIcddlicnrfMOl5vvfXyAAPaEOkh
NpM+az2zbns5O3jSxf/9wiz1gw46KH/DmH/Sk56UvSswszrWfWe29aMf/ejMFGGbuiNQ/mc961lZ
jER4joEF+WCbfyUnTqF+mSFOueNei0vjPsHFO2JyhFIcZwBCDGCg/Ai+zJSH1+GHH96sz5LvX/7y
l3TooYdGdLkNc78S6OTDbfyFF16Yv1NG4mTL7PYQrmmzcU0+scM/1temTV9wwQXp6kIQ5xLyHIMA
+I7bc9pjGaK8dd6iXXcz27+Mr/5crv/NsXot9fL5UeeX82nbDAIiwAn2bLk3qNcPf/jD+Rj/YhAC
n+vyDIM1SwDQPqPtkk6EXuosrnErAQlIQAISkIAEJNA7gXjn5/1Ou/p/g9JLm1K7OuXB39rV2tXa
1fc8Y7Wre/+t8QoJSEAC/RBQOO+HmtdIQALzlgAizre+9a0sboUAiZhLQJi7+OKL05577pnF3lbC
OWs+n3nmmXnWdsx4DZiIOJ/85Cfja1M4ZwczomPtXToWED4RxGpxLwQnZlSG0Mv1zFBnBiju5EvB
mWPhBrpd+nVczBTFlTFCHLO9Q9APoRrRm5m6IXhH/LXwtu+++2YBnDy0CvWM33K2ch1XzDqmfso8
Pfe5z03rrrtuq+gXEORY4xhO5Tp6USZm3pc8EXKZ3duOAflAlEbgJCD6Il7X9RWiL+fUdcxsd9rW
ueeem0499VROyUIj64Uvuuiik2b/Rr2TbjkrOMTUUmSPQQa4ci/T7FQfZZsJkZ72X14frBBBy3LS
XvFewPndBMpQitJcU+aN+6yciQ9DPBhQPzHwoBSL6zZRiuMxsz3yxWAWZrUTanG6XPMaYZuBDhEY
SMCAAgbMxMAFyh0DJuK8brcMSMFVXRnKGdz1DHrSKteRL+ulPlbG2ctnxOYYlMJ1cV/zGcblDHgG
tjAohLYQgUEGuMRnoEwI1i95yUvy+vXRaRrnlmUdJmvEejx7xGAj6gzBn/0RaKcxsCL2uZWABCQg
AQlIQAISGC4B3h+1q7Wrtatfme3k0n7TrtauxgYmaFdnDP6TgAQkMCsEFM5nBbuJSkAC40zg29/+
dipddCOoMdMWkQjX4auvvnoW0ErhHNGXGbGnnXbapJmrJYdSsGV/O1G1FD5r98cYWfUMaeIqZ1GW
4h7HQhBsl34tnJdxlQZe5It4SvfuIXjX8YSoSx5ahfr8kkcpHNYCZZmn0uis0yjFXY5FPktRPkb7
13mZigHxlQJ2CIE1+7JMZb7LNbjrsiKQMgCiFIrb5YdR2dtvv32zU4p8hXCMcF4K1KUQynllKAdV
IEpHHso8R/0Tb9mWehVuGXjBjP8YeFHGW4vgiJzU2zXXXJNF2cjzrrvumqh7QlmffI/2zudaOI/B
E6TDYIUYrMK54fKcQRRf/OIXUxiz5IEZMtz/uP8OETbO59p+Qr0Od5nv+hgeAzhOIO9lvZI/BvPg
GWOQUM6kJ07awAMf+MAcZemRgB1x30R65Km8H9iPNwWWESCUojvfw3PGMFmzJAMDk6J+XvjCF+Yl
DFp51CjvJ/JjkIAEJCABCUhAAhIYPgHt6v95p2plV2lX75QbXWlHaFfvk+53v/t1dTNqV9+Dqbad
tavv8WjXbx+GdnVXt58nSUACc4CAwvkcqESLIAEJzCyB0iVxmTJiC27Ja+GwPIfP7dxil2Ij57UT
VUMcJ51aJIuZthwrZ0iXxkFtQEV+2rmXr0XjMq7SwI984Vq+FHVjNjjpfuYzn2nOCg6RkrK2CnW6
JQ9m9uO+nlALs2We6mNlOrVgVsaPYEf6rAtPqPMyFQP433nnndndPLPSl1xyycSMXVzMhSBMvGWa
Zb6DJfG0Es6ZcR4zNIgnZkrX7SFmQtedUlxTh1rsrI/jBp8y0cZYc5pZwqWwXOa5bMud6qBOg+/l
GuF8L70G4Fr/4IMPZncOuJtnXXmE7JhtXqdXz5RmFngsD0A5EFOjTmLwADOSjz766Ehmkqv4smxx
AssWMDCGgIcD1oynzgcJZb0TT9nm6vos10Cv7294hBv5fvPD/cAMewYGEWLwRcwoLz0acLzMD99p
N7hpD9E6BjzQluoBLKusskrC2wJxD4s198Upp5zSHPAUHhrIG+EXv/hFHmxwz7eUyoErsc+tBCQg
AQlIQAISkMBwCWhXb5P7BqDayhbUrt4l961oV38s33i1nTvV3ahdfQ8h7Wrt6qnuFY9LQAISaEVA
4bwVFfdJQAIS6EAAYQqhLtxwl6e2E6HLc/gc60GX+2uRqBtRletLIzuMKcTadsJ5LQIjeDJyG/Gw
nCUf6dfnlwJemXYpnJZrscVsWGYFMyM3Qswqje/1tk438sN5pXAYZY6R12We6mNlGqX4zv6YcV6e
E5/rvHTDgGsRc1mHHg8FiIWs7x0iLcfLMpX5LlmWhl5ZnlKsRIDENTZCcClQMvN6jTXWmNQWcEeP
i2rExBh8QV4Q41n3u12AwaWXXppnYiOArrPOOvl7nF/muWzLZZ7j3E7bUsSsZzbXLr2pB8pXttto
zwivlLGczRwDS7g/IjAggAEd7QJreT/1qU/Nbvk5p3bhzj6WL4Ar3iZwpzaMcHXlDj5EfeIu20rN
tx4QUh/vJ2/1gIUYqBFxlWvIk14t1Ndlieck7e+SSy7Js9EjrvLZOCzW3BcxmKcU7SNN2vYRRxzR
HHxRtqE4x60EJCABCUhAAhKQwHAJaFd3Fs55V9auXig3Ou3qBScMTHU3alffQ6i2RbWr7+HSTx+G
dvVUd53HJSCBuURA4Xwu1aZlkYAEZowAQssvf/nLPOu3TjTW9i3FPISmCy64oCnMcA3nxfrofC/F
Rr53I6pyXikih+DDDNF2wnn5ssv1IQK3S78f0Zj0MfJZ051Qi6wveMELstiYD7b5V6db8ijFtloY
7CQqlknVBlQp2JXn8bnOSzDjWJleKR4jllM3BGZGk3+4lDOmyzK1i6edcE68CNms6U54yEMeku6+
++6mMI84juhLh0sZN8Iuwibu3rsNuONifesQ/bfddtu00UYb5bXGWXOcUJa9bEt1/XRKE6G7dMUX
7RkRvK6DEGiZsUxbj1CKunUdw2OLLbbI9RCzpW+88cZ05JFHZn7MNIYhabFuOkI4YnsZ6gEXZVvg
POqYWe4rrbRST4zLNPhc1jtib7nudnnP17O/65k79fFIhxkslJW4w7NCHKu3l19+eTr22GObu2m3
yy67bH6e8QxjQEwMJIp2cPPNN+d2z4CWssOPSMILBfVdu5XHBTxtlvplrffwLMF1/bIu2w73Il4H
YqAN8RLKe6SekX7PGf6XgAQkIAEJSEACEhg2Ad7TtKsnv4vG+zTvxNrVC+VB6NrVvQnn2tX/e1Jp
V2tX/681+EkCEpBA9wQUzrtn5ZkSkIAEMgGEPUTD1VZbLSE+IeJ+4xvfaNJBVEKMKoVzxCAEawS6
CPXs137Wvy4FIeINF8P//ve/Jwnn5Zq9dTpxrN4fom6dRilelWJTaeDDBdH8Rz/6UV7vGNfYCJWs
iYxwe+973zswtN3W6YbYRtl+85vfpOOOOy5fi8CGEPaABzwgf2+Xpzqhury4iGZd6laCcp2XqRgg
MB922GHNJEOUr91SB2NObJfv0tCrRWiExRNOOCEvEbD22mtnwZFZ7Yi+zCCPcNJJJ+WBG/G9TJd9
zCjGuG4347zMW9luy/1l/bcTzuHYqe5Zj/zjH/9406V3ybkWb4NpLWTHunely3K4MUuectMB9aUv
fSntt99+2fX4Mccck7GwljpxdsofJ5aDNvge9w+fCSFcd/JgwHm0P8Ro2LPW93rrrcfuHKiL0rV4
ORiAExiswCxvQrkGPB1rpUt1jpcj6vlOqGfZ14N47jnrf//LGeXUP2U788wz0xVXXJFYcgEvBxFg
yL300Y9+NLvZp1187nOfawrrZfupXbhvsMEGCdH6kEMOyS74uV943kbol3U5WIi2QN3zjI7AM6XM
47Oe9az0mMc8Jg67lYAEJCABCUhAAhKYBgLa1VPPONeu1q6OfqWyL0C7+n8PJO3qRRZYGk27+n/t
w08SkIAE+iWgcN4vOa+TgATmLQFGOyO0bL/99lmEA8SFF17YFM+ZGcoMzkMPPbTJKES0UvDiYMyA
5XPtljiu4VgpUDJjkmMIpMzqPPzwwzklh9133z3Pkq2FXsS1HXfcMYvXpbtrxCNEfQTtdukTV+nG
uBSvynyFaE9GYtYw8SN4h/tqBEGEy5jte0+uW/+vy4B4+KhHPSodeOCBWQD9+te/3pzBH2sqEz8z
sC+77LIcaSvRMFLj3NKNN/txyY1wRx4Rv3HhjZi+1FJL9cQA4y0MXOIN4bNkz/5SwC5nEQdL8lEK
xtQ9IidcS9druGTH1VYEBNRSAGagQQjEnMNsaK7B+P7DH/6Qlx548pOfnDbeeOOIYtK2zBvXMFCB
OoQf1xPKNlYK5xyjfsgPdRP5Z38d6jYY9YrAyqzymPFeuvq+unJpjuC56aabZmEXkZtAnhHOH/vY
xybWL4fvZpttlk4++eRJAwo4d/31108MQlhxxRWbgzHYH4Hysi56BIRg8kkaPAdYe577mhn/1F+7
wKCSM844o3mYdsZa6YRyXXaEZwYDlPdMebxsKzW/VtfSNvAewLkRygEKsS+29X34sIc9LD9jTj/9
9Nx+b7/99kmz0Ynr/PPPTyussEIeVFAPIimfebfcckseKBFpwXDllVfOgzgoMy4Zh8Gaez2eSaQV
7SrSLQfRlPdYHHcrAQlIQAISkIAEJDB8AtrVOyQELoJ2dWsG2tV/mtSvoF294HNIuzol7eoF24V7
JCABCQxKQOF8UIJeLwEJzDsCYdQisCLgIWIyu5q/cIuM2BkutAHEuQiTCIDMbAwBkGMIRIieP/7x
j7PYxz7CTjvtlMVIxLdI854j97j+ftrTnpbOOuusZlylcFmLXVyHoIiYxUzWCCGYcX679BFdv/zl
L8clWVxFFGQW59e+9rUsRHIQARHxD0E/1hNuXlR9oLybb755Wn755asj//tK/IhmJSuORjmvvfba
PLuWfSEQIqKy/jwBAZTBDaXgmA8U/xDmytmyHMLlOTO2mclM/W699dbpyiuv7IoBotsee+yRhb9S
OC+SXOAjdYBgykxhxF0CwjbtAnfS0bbYT1vDzT3iIgIt7v/bBWb5Iw4jAtcDCuprmCHMoItSbC/P
qWesl8fKzwifDMSgHMwcr0M56KI+xvdzzz03r6Eex6g/1jBH9Ayht65XhNuDDjooLmluYUX5MaSD
KwdZi3yXXXbJ7aIcfNC8sPhAW8O1+5JLLtnci/BMG6OttQqwfOELX9hcE73VOez7+c9/noX7OA47
6pxZ9+EWHZGZ+6Ruw9RnuDjnupe85CV5sA75ok0TaEMMHCk9D7C/nH3Nd0I8B+75Nvl/q2cJZ8SM
/3JgR1wZs9Kpg9ojQDlAoDbwuZ7yhAeJYbEm3tLbA2kwU57nIYOP8F4Rz5lyMAvXGSQgAQlIQAIS
kIAEpodA2Lja1drVdd+CdrV2tXb1PX1sTJrRrp6e3yBjlYAEJNCJgMJ5Jzoek4AEJNCCACIegg/r
PpeCHDMxcfGLi+hWoulzn/vcdNttt6XTTjttUqyIOAjRCGF1CBfK0anAcV6aEfRK0RSBd8stt2wK
n7XYRRqsRVyKfaWIWboDL/OASFvOVI5juJbGxTSibhkYOIBYx0ztmIlcHq8/77vvvs3Z6PUxvtcz
tCk3YmqIgaSBq/IQCyMOxG5mT3ea8RvnMoqdQQ51flnHmxnK9Sj3uK4TA0Toc845Z9JACGYwky+E
XFxcE+gQgBdtqi4DZeXvq1/9aiSZt9Ql4jTeC0hjqoAYyxrziJAI08wULgOcaH+LLLJIuXvSZ2aQ
M+CjbO/wwVNBuMznAmbWb7LJJlmoZ4AG4nAE0kAIblcnrTwAxLWxjTqp4wiX9XEejOCKpwBc5ke+
Ec0ZkBJretcuy+P6cktcIeTGfsRtZsiQbhnwWPCkJz2peR+Wx+rP7eLgPOqLgTYM4mgXcNuIu3Rc
w9eBeqBea8Gd8+DM0hKsJRkB7wMMPmkXfvazn+XyxvGdd945t02+8xxkgEswZlAMojoDaAjl+uaw
xCMHWwLPSp4V0fa5R4i7HKjQjlMvrHNijX8MsmCWP54B6sCADAYj0aYNEpCABCQgAQlIQALTT0C7
OuUlm7Sr2/ctaFffs4SXdnX751E7e5ErtKv/NwGgHSft6vZtyyMSkMD8JqBwPr/r39JLQAJ9EGBm
YqwFjViEgIVAVYo9fUTb8ZJSOA/XzAhWCE+IgAiwZaiF81izl1mXHEO4YjbzdIWpZvJGut3M7uQF
nz9mQ9fljHioE9znE1jrPIT1ON7NlkENUZfEEeJqN9e2O4f2Qd7JT6zBjoCNGE/8iHS1CNwurnp/
7TK8Ph7f69nEtJkQORE3u2UFXxgRSj6IkXBrFRfpkB5phJAa+aq39XrXT3jCExJ/tPO4vzrVCWnB
lj/SioEA8Cd/zGJgyQB4852OuhjAwCASRFu8K8Ta4WX+GPSy7rrrlrvyZzq5CLBhQMtUZcwnV/+i
3dG+YUWb6CUe+HNfI4jDqV7fvkoufyW/uNnHawNMELMXXnjhVqc295EO1/HsCLZxkP0cpwzRzuPY
VFvqC47kvdP9MAzWkRfaCvklr2x5nvfCPOJxKwEJSEACEpCABCTQPwHt6qnZaVffw4j3d+1q7epO
d4x2tXZ1p/bhMQlIQAK9ElA475WY50tAAhKYBQKlcM4sZGbNdhJca+G8nF0+3dkvXSIz23m11VbL
Yib55Q/RmFnidJSw/jkupQ29ESjrF9eGMbseERIBko4FZvoyI7oWzntLaebOxhsC7uojMGMcLw7T
EcoOKO4lBqNEgCEzknFPHyHWqI/v477lHmU5BdpJeLUY9zKZfwlIQAISkIAEJCABCUxFQLt6KkLz
67h29WD1rV2tXT1YC/JqCUhAAqNLQOF8dOvGnElAAhJoEigNfNYPxlV3pxmizAA98sgjm+7HceWO
gDoTgZmhRxxxRJ7ZznpM5LcMzKrF7TfiHTNdY/Z+eY6fOxOA8cEHH5xPauVmm9nHzJzGlTvu7VZf
ffXOEY7AUVzPx2xvZm9PV9uATbk+fCvhmPvnU5/6VNOF+Fwa4HHjjTfm2fYMXGFtdNaOM0hAAhKQ
gAQkIAEJSGA+ENCung+13H0Ztau7Z1WfqV2tXV23Cb9LQAISmEsEFM7nUm1aFglIYM4RwBi57LLL
0sknn9x0r00hn9pYS5k1eVuJzgjTrIH13e9+dxKP5zznOXkdY0TJ6Qy4UEO0R5gjMBt65ZVXzq6y
b7755rzONvt32WWXtPbaa/PR0CMB2sU3v/nN5lrNuBFn/W5mm7Me+VlnnZVjZF1x3J2zf5RDOdKf
fCLm7rHHHtOW74svvjideOKJGQmz2lk7PQZ44Mb9oosuyuI6J2ywwQZp++237+jhIUc04v+YXU67
+OlPf5rXJ2cgTaw1PuJZN3sSkIAEJCABCUhAAhIYiIB29UD45uzF2tWDVa129SPyBBXt6sHakVdL
QAISGEUCCuejWCvmSQISkMB/CeA2+txzz81rMpdQ7r777rTqqqu2FJ5ZK5qZxvV60KwVzczzZZZZ
poxqWj4zY5eZrb///e/z+sWIkRilSy21VFp++eXz33QL+NNSsBGL9I9//GPmjFjOGt5wZh34FVZY
IT3kIQ/peb3p2Sge7uTPOOOM5kCLyANLEmy44YbTMlue+4oZ7meeeWYkl9cop33edNNNeR/tE0F9
vfXWG3vRnALhfp7y7rjjjvnZ0Sy4HyQgAQlIQAISkIAEJDDHCWhXz/EKHrB42tX9AdSuXrU/cF4l
AQlIQAIjT0DhfOSryAxKQAISkIAE5i6Bq666Kov/iyyyyKRCMjhkpZVWmhbhPBLCO8Ktt96alw1g
1jt/iy22WB7gwQCTUZ+pH+VwKwEJSEACEpCABCQgAQlIQALzl4B29fyte0suAQlIQALDJzDrwvlU
RQpXv1Od53EJSEACEpCABCQgAQlIQAISkMBcJhBLi8zlMlo2CUhAAhKQgAQkIAEJSEACEpDAfCOw
UMNl70Q3hVY474aS50hAAhKQgAQkIAEJSEACEpDAXCegcD7Xa9jySUACEpCABCQgAQlIQAISkMB8
JKBwPh9r3TJLQAISkIAEJCABCUhAAhKQQN8EFM77RueFEpCABCQgAQlIQAISkIAEJCCBkSWgcD6y
VWPGJCABCUhAAhKQgAQkIAEJSGAUCSicj2KtmCcJSEACEpCABCQgAQlIQAISkMBgBBTOB+Pn1RKQ
gAQkIAEJSEACEpCABCQwzwgonM+zCre4EpCABCQgAQlIQAISkIAEJDAvCCicz4tqtpASkIAEJCAB
CUhAAhKQgAQkMCwCCufDImk8EpCABCQgAQlIQAISkIAEJCCB0SGgcD46dWFOJCABCUhAAhKQgAQk
IAEJSGAMCCicj0ElmUUJSEACEpCABCQgAQlIQAISkECPBBTOewTm6RKQgAQkIAEJSEACEpCABCQw
vwkonM/v+rf0EpCABCQgAQlIQAISkIAEJDA3CSicz816tVQSkIAEJCABCUhAAhKQgAQkME0EFM6n
CazRSkACEpCABCQgAQlIQAISkIAEZpGAwvkswjdpCUhAAhKQgAQkIAEJSEACEhg/Agrn41dn5lgC
EpCABCQgAQlIQAISkIAEJDAVAYXzqQh5XAISkIAEJCABCUhAAhKQgAQkUBBQOC9g+FECEpCABCQg
AQlIQAISkIAEJDBHCCicz5GKtBgSkIAEJCABCUhAAhKQgAQkMDMEFM5nhrOpSEACEpCABCQgAQlI
QAISkIAEZpKAwvlM0jYtCUhAAhKQgAQkIAEJSEACEhh7AgrnY1+FFkACEpCABCQgAQlIQAISkIAE
JLAAAYXzBZC4QwISkIAEJCABCUhAAhKQgAQk0J6Awnl7Nh6RgAQkIAEJSEACEpCABCQgAQmMKwGF
83GtOfMtAQlIQAISkIAEJCABCUhAArNCQOF8VrCbqAQkIAEJSEACEpCABCQgAQlIYFoJKJxPK14j
l4AEJCABCUhAAhKQgAQkIIG5RkDhfK7VqOWRgAQkIAEJSEACEpCABCQgAQmkpHBuK5CABCQgAQlI
QAISkIAEJCABCfRAQOG8B1ieKgEJSEACEpCABCQgAQlIQAISGBMCCudjUlFmUwISkIAEJCABCUhA
AhKQgARGg4DC+WjUg7mQgAQkIAEJSEACEpCABCQgAQkMk4DC+TBpGpcEJCABCUhAAhKQgAQkIAEJ
zHkCCudzvootoAQkIAEJSEACEpCABCQgAQnMQwIK5/Ow0i2yBCQgAQlIQAISkIAEJCABCfRPQOG8
f3ZeKQEJSEACEpCABCQgAQlIQAISGFUCCuejWjPmSwISkIAEJCABCUhAAhKQgARGkoDC+UhWi5mS
gAQkIAEJSEACEpCABCQgAQkMREDhfCB8XiwBCUhAAhKQgAQkIAEJSEAC842Awvl8q3HLKwEJSEAC
EpCABCQgAQlIQALzgYDC+XyoZcsoAQlIQAISkIAEJCABCUhAAkMjoHA+NJRGJAEJSEACEpCABCQg
AQlIQAISGBkCCucjUxVmRAISkIAEJCABCUhAAhKQgATGgYDC+TjUknmUgAQkIAEJSEACEpCABCQg
AQn0RkDhvDdeni0BCUhAAhKQgAQkIAEJSEAC85yAwvk8bwAWXwISkIAEJCABCUhAAhKQgATmJAGF
8zlZrRZKAhKQgAQkIAEJSEACEpCABKaLgML5dJE1XglIQAISkIAEJCABCUhAAhKQwOwRUDifPfam
LAEJSEACEpCABCQgAQlIQAJjSEDhfAwrzSxLQAISkIAEJCABCUhAAhKQgASmIKBwPgUgD0tAAhKQ
gAQkIAEJSEACEpCABEoCCuclDT9LQAISkIAEJCABCUhAAhKQgATmBgGF87lRj5ZCAhKQgAQkIAEJ
SEACEpCABGaIgML5DIE2GQlIQAISkIAEJCABCUhAAhKQwAwSUDifQdgmJQEJSEACEpCABCQgAQlI
QALjT0DhfPzr0BJIQAISkIAEJCABCUhAAhKQgARqAgrnNRG/TyJw3nnnpSuuuCJtsskm6eEPf/ik
Y34ZLQLXXHNNOuuss3I9Pf7xjx+tzI1BbiYmJtK3v/3tdMcdd6Stttoq2Rk6BpVmFiUgAQlIQAIS
kMAsEfBdcZbAj2my55xzTrr00kvTpptumtZaa60xLcX8yPZVV12Vvve976W1114719f8KPXwSold
/Y1vfCPdfvvtabvttktLLbXU8CI3JglIQAISkIAEJCABCcwAgYGF8wsvvDD9+Mc/zmLTQgstlNZc
c830zGc+cwaybhLTTeDuu+9Om222Wbr88svTe97znrT33ntPd5LGPwCBN7/5zenII49MiOYnnXRS
WnjhhbuO7fe//3165StfmcXiu+66K6277rrpbW97W+Keni/hd7/7XXrsYx+bi3vaaaeljTbaaL4U
3XJKQAISkIAEJCABCfRIYNjC+fnnn59++MMfZrGJd/B11lkn7bTTTj3mytNHkQB29YYbbph+/etf
p4985CPpda973Shm0zz9l8B+++2XPvaxj2XR/Pvf/35PdvVNN92Udtttt7T00kunO++8M6233nrp
/e9//7yyq6+88srmpIuf/OQneRKGjUsCEpCABCQgAQlIQALjRKBv4fyWW25Je+21Vx6JWxYY0e5b
3/pWute97lXuHovPCMTHHntsHgiw+OKLp4c97GHpMY95TJ7Fi4j2kpe8ZCzKMaxM/utf/0rPec5z
0tlnn50+/OEPp5e97GUdo2Zm+nvf+9708pe/fGRHZt9www3p+OOPTz/96U/Tfe9737T88svnvP75
z39OiMevetWr0mKLLdaxnKN68NBDD03vfve709Zbb52OPvrongz88CoQZesnjrh2NreDtME//OEP
uYOS/J9xxhlp/fXXn82imLYEJCABCUhAAhKQwAgTGJZw/sc//jG96EUvSt/5zncmlZaZyT/4wQ/G
0q5mZvXnP//5PBBgiSWWyIPrGaDKLF76C7C55lPArt5iiy1yfX784x+fckD6ZZddlt7ylrekfffd
Nw9kH0VW1113XTrmmGNy38miiy6aHvKQh6SnPe1p6dZbb0033nhjes1rXjO2dvUHP/jBdMABB6Tt
t98+ff3rX+/JrqbuGPQSoZ844trZ3A7SBulXoT0QfvaznzUHp89meUxbAhKQgAQkIAEJSEACvRDo
SzjHJfSWW26ZMPIJBx54YH4Zvt/97pdH1jK6dpwCrqQOPvjg9L73va9ttsdVSGxboC4OwOUTn/hE
7vBgNjKGcKdwwgknpFe84hVdieyd4pmuY4jJr371qztGP86CKW7Gv/CFL+TOFeqr19niDB5gkAQd
d8961rPSZz7zmbHrqBukDf71r39N//d//5cYFPSBD3wgrbrqqh3bigclIAEJSEACEpCABOYvgWEI
57iEZkmsm2++OYPE9uI7A3kf/OAH579xIoz9yOxa3qnbhXEVEtuVp5v9cDnooIPSmWeemfbff//c
l9Lpui9/+cvpBS94QepGZO8Uz3Qdw05ksHynMM6CKW7G8eRGnxf9B73a1QweYNDLjjvumJ773Ofm
yRnjNrFkkDaIXc3ACfoLP/rRj6aHPvShnZqKxyQgAQlIQAISkIAEJDByBHoWzv/5z3+mZzzjGemC
Cy5IK6ywQsKl8YorrjhyBeslQz//+c+bxiszppllzSAA3NAjBPPCP65CYi8cBj33m9/8Znrxi188
ksL54Ycf3uzAwchnlgOzH5gNsc8++6Srr746F3+chfNB64/rr7322uxlgYEiX/rSl8ZOOB/lNjiM
+jEOCUhAAhKQgAQkIIHRIDCocI5d/cQnPjHPyFxppZUSLo3ZjnM477zzmm6ZGZi+yy67ZLsaN/TP
f/7z8wCBcRUSZ7JeGAy88847j6Rwfsghh6TXvva1GQd2NALpkksumX71q1/lvgCWvyKMs3CeCzDg
P/oXEIwZKIIQP27C+Si3wQGrxsslIAEJSEACEpCABCQwJYGehXNGziIsL7PMMnnE9LiL5hB617ve
lUfCvv3tb88jwEtqDBB4+tOfnstLRwBGYRmYfX/cccelU089tbmbWQLM2l177bWb+8oPf//73xOz
g7/61a8m3EOzFvXGG2+cttlmm2xg3n777ekNb3hDwuUZLrJwaYehhVvxZz/72XnEM9edeOKJaZFF
Fkl0ulAP5dry5Is04jjXUm+4zSK/p5xySr4OV/RvfOMbm660yCdrrzEaHlfmhDvuuCOvr7fyyivn
7+3+4Y4PI5rBB7jxxyUd4T//+U+6z33u07zsL3/5Sx51TbkZvU3+l1pqqZzGve9975w2eYj02T7v
ec9rfm9G1OWH3/72t831qlu5nGemB2vOEVjD7NGPfvSkmOnEgvUll1ySHvjAB+a6QFjGCC69KzCT
AFdurGtGwL3i3/72t/TJT34y4cqOc3H3Tz23Cn/605/yMge0pWgXxEHdMuKdddZoJ2Xgmq985Su5
ntlP23rc4x6X/8rzWn2mXL/4xS9y/bA0AdfR5jbYYIPs7r2VcN5Lex+kDd52223p9NNPT+eee266
+OKLcxuhvTDzgk63aBt1ubptg+V1pPOb3/ym2UZpj9QTLDoF1m6jXTDYgucC7RyG3Gcs81AGysEA
HQLPBWazM1ODJQMoFx2IPDNalaufdlGm7WcJSEACEpCABCQggeETGFQ4x8bDffeyyy6b3xOnsrWG
X4Lhx/jmN785fehDH8rem/hcBoRU3pUpLzZuzQ+bDO9ZLPsW4UlPelIeyP6IRzwidk3aYvtgf2G3
YIPxXs012MXYOsx8xcbnvR5bDnf42NVMAMC+xBbFPmZ2LfbqP/7xj7TKKqtMWluefJFGHOdaBgSQ
Hvll4C7X4Yr+He94R447Mokdw0SDsCuw87FlpvJsdcQRRyQ8iDFLHfu6nV2NxzDyEHY1+cBTAWlg
V2PnXHTRRc30sTV23333ljZH5LnTFptpzTXXzKe0mg2P3R12EIMlsCvL8KMf/Sj3A5An7E/qApua
mdnkOwJ2NTYuy6wR8HxHnwSiPTYmfVEMhC/7P+JatngQw06jLUW7IA7uscMOOyx97nOfy4NW6mu+
+MUvNm1C1qV/whOekP/K81p9ply0b+xBBuczIIY6X2ONNdoK572090HaIH0v9AvhWY6JIbQR2gv2
LpMeWtmflLHbNljyIB3u7YgTu5p6ivZfnlt+Zrk17kHuFZ4LcIQ991m0tzifcmBbE3gurL766nmA
yY9//ONcrhe+8IX5mRF5iOvY9tMuyuv9LAEJSEACEpCABCQwfwj0JJxjwPByfdJJJ2UDFLdVGCIY
nAizvbqwGhXMiNSf/exns8CJAV0Gysxo+Qc84AHZHVk5UphruLZdQEDGUCi5MKOX2etX/3eGc6tr
MQRDpMeAYCQ3odzPOt177rln83LWiqNeMIII5XV8J83ddtttUicA+wkhdN/zLSU6ORBqy0DHTm34
chxjFiM03PaX15SfEROJE34YUxhCZUCQxpBDgGR0PcJ9GTDC686V8ninzzEwAtEZ45lOhDJEu0Y0
x+CKwSB0tOBxgA6HdoFBCLhwIyCSd9PhRWdS7doOjuutt167ZPL+VtcxAIJ6LUOrwQHlcTqHYEzn
UbvQysNCr+293zZIJwWdiO3yRz3S1hkUQuinDUa5Meaf/OQnp8svvzx2TbrPmjuLD/FM6LS0Ax10
++23X27vnN+qTRdR5o8MxqCzpmyf/baLOm6/S0ACEpCABCQgAQkMl0C/tgm5iPdDxD2WCHrTm96U
14XGbmRt4NJ+HG6upze2vffeO+Hpi3daBKwyUGbcuGP3Yd+WdjXXcG27gIDMzOaSC/b05ptvnmKG
c6trS5GeAbb0ZRDK/azTXdpTDFzGLgy7uryOaxnw+tKXvjRttdVWfJ0U6DcgnxGwBxj8XAYGzm60
0Ublrvz5+uuvz4O5w23/Aif8dwdiInmGH/bSIx/5yEmnwhc2tE88BSJGloFBuQxa7yfEwAiEYSZU
lHYL8UW7xn4mb2EbY1cj5iOstgsnn3xy2nbbbfNh7Gr6X6YKsI2+kjgXjpFu7Ku3ra5jAAQ2cBla
DQ4oj9MXhg3HQIB2oZWHhV7be79tELsa27ld/qhH2nrY1f20wSg3djWTMpgAEaG8z2JfuY1nQqel
HXg+MtGD9s75rdp0GSefGYzxta99bVL77Ldd1HH7XQISkIAEJCABCUhgfhDoSTjHgGH2dYhMCLkh
mPIZd05TiX+jiBVBkj/KELN6MdTCWG6VZ4y+6AzA0N53332zgQYP1qYL4RkjZ4cddshR1PwwAHip
Z0Qtxm9cUwrkjIrF0Hn961+fhdkQ1O+88848W5hR9hzDSCnXpGY0O27IGZFdCuxkhAEPiN2UgTQZ
pU4+ImBMY/AwMphOCgzfdi7M+xEtGeWMSE4+aEuUF0E7RhMj7L7lLW/JLs04xohwhPayoyTyOtUW
Y3G77bbLSwtgoNLR0CogzMOZzhdGv2OUUb8I0wRmDzCogvUGyTOdIHEflGyYhYyYTqcJgcEGdBDR
cUEbw4BjlgIzIOjUiEAZqUdGzXM+A1GoQ84PV3itBHHqn5nMdFrQNt75znd2dJVft0EGfjDzg7KU
BmstnPfT3vttgyGcM8iEdkBnBAMq4Pyyl70sI6MDKDqc+mmDwZ0tdX/jjTfm2QXMwCDEfZa/VP+i
rthNfZFHOjjpOIk65lhZX7RpZiLEvUjd0x55XuJ5gjon/PCHP5zU+RVp9doucmT+k4AEJCABCUhA
AhKYNgKDCOe8k/MOHiITAlMIpnzmXRf7btwCtgiDlikD77EIc7z3drKrcWONVzUCs2CxkZmRjQcu
bNEQnulrYGYyoebHoFWOYVeTblxTCnfY6XjbYmA7s5dj1jt2NbOFsas4xszxY489tinsY9Mwc5xZ
v6XATj4Y8ICAzox00mQgBAPGI2DLcy3LwDFYHZuqnQvzfkRL7GpsQQZl05Yo71lnndX0fId9wprq
2BscY8ug4X7taq4l//QfhN0UZY0ts9Lx2ofAGXY19YswTfjgBz+Yr73//e+fxXXsu7gPSjbMQiad
sJOw/Q499NDsxY12hs3N0gZcW9rVeHvD+x0DlzkfOw3hnvOZxU9oJYhT/8xkxq4+55xzct22Oi9H
0PhXt8G3ve1tub2Tn7DfObcWzvtp7/22wRDOabu0P/p8eG7h4W7XXXfNRaFfAo+JhH7aYL7wv/+o
e+LAO0PcB3GflefF56grvlNf73nPe/IkBuz7qGOOlfVAm2aSRdyL1D0DdXhe4nmCeiDQ31R6Eoy0
em0XOTL/SUACEpCABCQgAQnMOwI9CechaJUzQXGPVH5nxm47F+WjSjfWda7zh7iMsMVLfzkgoOSA
scxfHWKW82qrrZYNL4zlcgYugmwYKHFtzOgthXOOMXqXvNCZUgt6cezhD3/4JOE84izLhlGBMU9n
QAQMxFZurOI47uxwj12Kw3Estv/+979zxwJxM0M7BMN2LuXiuliPmvJinIZ7NkRrBiLAK+KKa3rd
lkJxLUp2iov8xGDCr5zQAABAAElEQVQCOk7qGQXEi5hJp0A9UziYwRnhO0bL4yaNEd902pT3yVTl
ZTQ/bfDTn/50s7OoVd6jrjsx+9SnPpWFXtoCs7ZLY5JBFnRqMEOBMoWr9n7be+Qx8sX3XtsgnUGk
T6DjJQa51GXstw3miIt/3Le0u/o+i1PowFtnnXXyVwZPMKCi7HiiLjHy6Tir23VwgAHGPq77COUg
DQa/RCfDsNpFTsR/EpCABCQgAQlIQAJDJTCIcM77bT0T9FGPetSkmaGsGd3ORflQCzLEyLAjWNe5
DthSCFsMYi4HBJQceIfm3boOMcsZl8wwwa4uZ+AyOBX37GWIGb2lcM5xbGdsNAa11oJeHKMvoxTO
I96ybLzPf/e73520jNZUdjW2F/ZjKQ5H3LENm4b0scFDMJzKro71qCkvjLBDCNgTDEaAV8QVafW6
LYXiWpTsFBdC/lOf+tR8CoPlGdReBuLdbLPNMhfs73KmcDCj3wTeYVfjop56on+Evqh11103RzlV
eWN5BOy9EI7LvMTnqOtOzD760Y/mQQm0Bez10jsfQjUTTvCGQJlijfN+23udL7732gaxq++6664c
Fe7ksXu55+oy9tsGI4+x5b496qijFrjP4jj3IIMaCAyWYUBFbVfTz3bggQfmQR9lu476gQFLAtAX
RqD+Y5AG91BMmhhWu8iJ+E8CEpCABCQgAQlIYF4Q6Ek4Z2ZmzPLkJRWjhrWhGRG600475VmrzFRF
4Os0qnwUyVIGxK6Y9V3nkZGr4Xat5IDLMUZTYyhHwNUVwitxhQiOccIMa8RItq06BRghj4s6RDsM
TBgTMLBwXd1KOI9j7YTzyCtxIeiGURl5nWob4nYn4TziiHNrUTOO19vIO8Yus51jZDbGD+UNdvW6
8nU8nb6XafQinMcgB1zgU67aDR1pIppjENf5DA4Y0+GVgPMx2KIN1DwjPc7DQwH3FW2GtsTgi+WW
Wy6v38XxdiHquh1/0p9qQEKI9KVwHvGSbrftvayzuL6XNsjId9yysYZZq9CujMG+3fFWcZX7MPCZ
MdJOOMeLAzNnqPNysEcZBwMkGOiCQV/OjA8O9Wx+rqWzqxx0EvENo11EXG4lIAEJSEACEpCABIZH
YBDhvFwrmndkBD1moDNbE5GZWavMVOVdcNzsasrAu3jM+q6JM4P4gAMOyLtLDnvssUcWlrHfIjBz
FfuEuEIEx85ghjWDzhHWENzqgF1NfLyvI/KWdjUDFloJ56TLsXbCeeSVuIi3HFhfp9/qe4jbnYTz
uC7OrUXNOF5vI+94UGM5KTxiEXALT5mC3SBttkyjF+Ec0R4X+bjAZ/BwK7saJrT/Op/Bgf6l8DxG
ubBrow3UPCM9zsMLAeWnzdCWGHyBWBvrsHNOqxB13Y7/VEIscYZIXwrnES/Hu23vZZ3F9b20QQaW
4JGB+6hVaFfGYN/ueKu4yn0MMmed+nqASpyDEM49VA/2iONsGSDBQBcGIJQz44NDPZufa3hmloNO
2EcYRru4Jyb/S0ACEpCABCQgAQnMBwI9CecYmE95ylPyjNl6Xexhip2zCZ6RuLfeemvCrRozcCln
uOSOWcIhgHWTz1JURZRDTO/kMrxVnBipgwrnMWO5HMXbKq16XwiRtdBbn8f3OLcX0TJmZ8MJYRvD
KVyk18JzqzSn2lfOOMeIQhCeKpQCc6c80KHF7AaE7XKgQycO0QZqnriPwxU8gm27MFX+o12241+y
wE0ggwLqELOi2wnn9fn197K9x7HIV7dtEKM2BlEQB0IzHQa4OcQVIaFdGTuxzxdO8W8q4ZwOBATu
VuJ3RA1nOoYQzumoiJlCwaFkG9e0y/cw2kWk4VYCEpCABCQgAQlIYHgESkGr11hxN8zMawZG1+ti
D1Ps7DVfwzwfu5olwCgjM3Df+ta3Nl1yxyzhEMC6SbcUVWPt8E4uw1vFGeLvIMI5s1ixy3q1q0OI
rIXeVvmMc3sRLWN2Npx++ctf5oHXMfu2Fp5bpTnVPmycWF6AtMI7W6frSoG5Ux6w8/C4gLBdDnTo
xCHaQM0T+2mbbbbJgxva5W2q/Ee7bMe/ZEEfBrZfHbAF8b7QTjivz6+/l+09jkW+um2DRxxxRNM9
PXEgNLO+PYxxS09oV8ZO7POFU/ybSjgPgbuV+B1Rw5l2gXBOm+YzITiUbOOadvkeRruINNxKQAIS
kIAEJCABCcx9Aj0J5yHgYujiZouZlxEY3YwLrlbCWZzDFtdPiHME1i67173ulT/P1j9csiHUIn4y
Orse0c9MckQyBM3jjz8+r4HNelvhZp31lFizmlHtrQKjgVm7G8Oa9aQZGd9O9Gt1PfuCe6sZ5wj8
1AN/5RrnEVcnsS7O6bQNQa8WeltdE+d2Epvr6yhbrEEOF8RcDE+YMlAB99yDBIx1RrhjHHcSO+s0
Ym1pRrLXbsPi3GgHdZsPDq3quZ1wzn2BMYeBzejr2267LSdDpxrrcRHqdPLO4l/Udat0Oa1kjbs4
1qirQ5SpFHdjH+f20t4j7shXGWccq7fkEVd9DFbBywMzC2KGCOeyLh9r07UrY7DvpQ2WeZhKOA8v
AzwvmGmCq8g6lGUo75tOHCLfdbmG0S7q/PldAhKQgAQkIAEJSGBwAoMI57wvMhMWG5qZoAxOj8A6
3Lh9biWcxTlseU/EdiAg0I2CXY1Qi/h5yCGHtLSrN9988/wOzeBpbANmo8YySHizY83qdnY1diGz
wbGr8dLGYPR2ol+G0uJfcG8lnLOc1iMf+cjcp9HKVXsnsa5FUgvsCkGvFnoXOLGxI87tJDbX11G2
WIMcLtjULMsFU/pvhmFXsz40y7N1EjvrfMXa0vvss0867LDDcv3V50Q7qNt8cGhVz+2Ec+4LbGnE
VgRivIERbrzxxtwu+Vynw74yRF23SpfzStbYe3gbq0OUqRR3Yx/n9tLeI+7IVxlnHKu35BEvdgz2
x8sD/Eu7Gk+I9IO1K2Ow76UNlnmYSjjnPmAgRrkEQ3k9n8sylPdNJw6R77pcw2gXdf78LgEJSEAC
EpCABCQwdwn0JJwjMuOWHPGItZIxmCIwShiDv5O4x4jRWBea63CR9f3vfz/d//73j2hmfEuecLeN
UBczyutMhNgZM35Z5xijFOO6nQBJHIyy5y/W4irXPS9nKEd6iLwYUBh5uNRedNFF8yEMhnYzzhHv
MJzaicIh1rU7Hmm324agVwqAU51bul0vz73zzjvTYostVu7Kn1mvjNnWZehX+CzjiM/UEWu7ETCk
Whm2eBmgjAj3dC5EuTEuGUXOII86lPVZiqhxbS2Ccn20pZon++mgYYDG8ssvPympmAXe6d7igqjr
VulGhBiwGMl01DH4pXSVV860L9tLv+090ox8lXHGsXob57L/yiuvzCPi4xzyF94I2pUx2PfaBiON
qYRz7k3cxRHieRDXxja8KPCdGUPhCjDK1opD5Lsu1zDaReTLrQQkIAEJSEACEpDA8AgMIpxjVzPw
GTHo6KOPTrvttlszY4h966+/fkdxDxs21oXmQgZqY6PPtl0dM5JjRnmzUP/9EGJnzPhFwEbcZYB4
OwGSS2u7mnfkD33oQwvMUI70sBuOO+64bE8weL20q7GDWgnnsRZ3O1E4xLp2xyPtdtsQ9EoBcKpz
S7fr5bnt7OpTTjklbbvttuWpeXD9S1/60kn7+v3CRILoA2JJqi233HKBqPAycOqpp2bhfpVVVmkO
AsCuZtYwgzzqUNYng8hjcHIwq0VQro+2VPNkPx7M6N+JNbQjPQaakP6gwjnxMcCbSRHcxwx+qe3q
WFu+bC/9tvfIfy9tMM7lWiZbLL300hHNpLXAW7HlxGDfaxuMRKiHTq7asfVjbfJ4HsS1sWU//YcE
6pPnHCHKVrLNBxr/It91uYbRLiINtxKQgAQkIAEJSEACc59AT8I5OHgRxVUxIh4vsmuttVbCcGON
JtZx6rQmdAhHJdZaQCyPzcTnEKUx7hHEMLBxXxUBIwgX04RSBMO4w+06BiCGGbPtw10bBhnxIIKV
YmcIoMRFWrjOCsMRw4G1yGBInHSYRGdMKe4jCDJamDW6mI2Amy4EfEbsM+M8hGlG1NIhw4AG1smL
43QiEJhZHx0Iecd//3EdTAj3ve99s5DPDF9cezNimTgJrTplQgCnzKeffnoWm5lFTT4ZqYwh30ps
LAdkEDezzVnDCg7DCGUdEx8j3VnvDIOcEei0QWaWE3Ah+LrXvS7vj3WqKQ/rXsf68LR3jORYp74W
+WO2Om7+X/WqVzXbxb/+9a+8Dt9RRx2VeZau0sMbAe2CuFdeeeWcH/7h7huDsWxLcZC2QaA+ub+Y
WUC63KN4SyBQj2HIRx2xnzgpAwMFaENwoU0SaC/kk2sJ/bT3ftpgeFAgP3DEGwH3FcYxxi/th1Cz
zTsb/6J83bZBOuGiTcOIe/Dkk0/O6+9x/8X9Eu2d73vttVfuBCBNOjpxBRj3Pp1ErANP4LnBMyJm
/8RyFjVbzqVTgbZSl6vfdkGcBglIQAISkIAEJCCB6SMQtlq/KfBey1q8iHjYnMy8xs7YaaedEgMx
ea9vtyZ0CEdl2rWAWB6bic/YXDGLHu9svFOXYl2s+UxeShEsBFBsP2YzM6g93q0ZtIo79ne/+92T
xE7s7bCjSYuBwWussUYuJt6y9t9//8yQODk37HtspxD3EQRf//rXZ7ua5aAQnBHwGZSOLV/b1djn
2G9xPOyEbu1q4mQQMIOy4RQ2SNgZZR2FAE7bwKU2ZcWupo5Z751Bt63ERuKMARnEh53HjONh2tVR
x8SP3brrrrtmu5r1qEtbCLsG27pcp5ry0A5ifXja+yc+8Yn0xje+kehyn0G5lnnMVmc5A+o02gV2
NRMNmMxRu0oPbwS0C5iXA+CZtIGN30o4L+1q2hADOkiXdFrZ1VFH5JuZ+HipY6AAbYhBHdjWBNoL
Aw7Cru6nvYdd3UsbxJ7GgwL5wdbENoUf996BBx6Y+7DI30EHHZRe85rXNNmyjxDl67YN1nY19cWk
EO4tngNxv0R75/uLXvSibE+THv0t9E9EHTPIf4cdduBQ7vM65phjmnZ1LGdRs+Vc7PPdd999gXL1
2y6I0yABCUhAAhKQgAQkMP8I9CycYxCHa+1WuNqtncy5rYRzDB1e6GcrlKJ05AHREZdR5A2DgYDY
xUt4uHJH4GOENYY4AWM0XM9hpETAsMRgiFHT5eznuO7222+P0/MWF9WvfvWrm4YBO+ksOPTQQyed
1+oLIjA8wzNAq3NiXyv2IZDGOe22zIogPyEKch7GPAMIggmDKjDMytBuhn45QKHXNeDL+Nt9Zr16
6qusm/rcUmzlGEZeOYqetaoRVxkpH4HZw4ij7G91b4RLb9JlHcMylMJqCKRxHIMeYx1+0QZrt/Ex
SzmuabctByJgoGL8hwDd7prYH22k1/YOj37aIPkL1/qRh07beuBNL22Q+gq38J3S4FjZJlux4HmB
+79oXzAnb8stt1yOOrwTlOng4YIOPuqagTsRyvrqp11EPG4lIAEJSEACEpCABKaPwKDCOe+i4Vq7
VS55D0c8bxVaCeeIatgPsxVKUTrygN3BrFLei7FdCIhdiGRhV/P+jMiJSE7ArsaOwD5E9IuAIMwg
2bCrWcKp9FrGdbVdjYvqN73pTZNs1gMOOCCLnBFvuy0iNTxLIbrdua3Yh0Da7prYz8xkBpnXdjVe
B4IJA7gRwMsAU+yIOpQDFHpdA76Oq9V31qunvsq6qc8rxVaO4VWNayKwVjX2Il4SIjB7GHE07Or6
3giX3nhDi0ETcS2TCUJYDYE0jjGJgKUP4BdtsHYbH7OU45p223IgAnZrzCpvd365P9pIr+0dHv20
QfIXrvXLfLT7XA+8wa7utg3yLAu38O3ij/1lm2zFgufF9ddf32xfMCdv4ZUvvBNEfGyxpbmOSQgs
fxGhrK9+2kXE41YCEpCABCQgAQlIYP4R6Fk4BxEv0a997WuzIFwiY0RvKTSWx/jMSF0MV9ZJJiBQ
MxIZY2C2Ai/5uEEvhas6LxjcjIYNIz2OY5gzyvkDH/hA7GpuEUURlzH4SiOYE0gLg/3ss89uns8H
RthiYGOg1IHR2IyKj/WuOY6hzOhgjIfIP7OTEaxJm1nfrToQIu5WrukZKc1M+akC+WS2cowIjvMR
ehldjHEcgTzQXhCZyxHfcZxtuJxHaG7lxr48t9/P1Bfr7bUagNCujm+44YZ8PqPpy4DIzkjyclQ0
7ZsylmXHeGO2BQZ+3ZHFvcAfIYRVxPmoyzI9WHO/lG0wZleX57X6DFM63mLJAIxoBoFQT2XYc889
cycVZSBQb7jgYy1BQi/tnVkA/bZBvADgWaEU98kL7Z9OD9ZODIG6VRvutg1y73caBJQL/d9/GPh0
8kWovQ7EfrbUFYMcYpYK+5itwLMuAu2HARHMSqgHGJSDbfppF5GGWwlIQAISkIAEJCCB6SMwqHBO
zrCreQfHji4D9kPtcrs8jt2BKI3gSuAz75uzbVeXs5HL/MZn7LDapuEYdgbH3v72t8epzS2iKK7G
sX1ruxqRjAHniOxlQDBkFjO2WB14j8fWwC6MgLiKfY6NG8Ibg6URrLGNmBzQya7GvTh2XBmwCRj8
PlUgn9jgtV196aWXZpsCOzkCeWAWNyJzLR7HOeFyHqEZsZZrhh2oL+xn8l2HdnWMGEq/CQOSy4DI
jmcxPC0EA9p3TEqIcxHeKdtNN92UsG/L8M53vrPpDS6EVcT5qMvyXPJMPZd2dcyuLs9r9RmmtIvS
rsbrH226DMRPPwFlIFAHeA4ID3a9tHfs6n7bILP96YfBQ2IE8kIdbbTRRtm7QwyAaNWGu22DUw0C
irTZ4lWCvrIItdeB2M+WuuLZVtrVtDvugQi0H/rVaBP1AINysE0/7SLScCsBCUhAAhKQgAQkMP8I
9CWcByZm8TKynNHiCECl8RHntNrSQYDRGwZHq3Nmch9CGwYDL9bkDQPjrrvuyuVaccUVp8wnL/uI
fZQHo2HxxRdv6Qa9LhMzV+GA6y3YdcOD/JEGbtZJZ1QD+aRctI2p8okxiCiJ4MzAgHLmwHSUj7yx
9hoCMhwxtqbqZMK4ve2223J9cS7CZxj2w8gjrs1oQ+QFbtxX1DNscG0Wrt2GkVbEQbulTDDopp7K
6/pp73F9t1vuDzpNFllkkexecao6quPtpQ3W13b7nfzRliLgBrLVEghxvNftbLSLXvPo+RKQgAQk
IAEJSGA+EhiGcB7cmMV7xx13ZJsEAWhc7WqENtZxfspTnpLtjFtvvTW7n+c9nqWoprJ3sU+wxcOu
XmKJJbp6t2ZQbdjViGxTpQN3bAVsft7dSWdUA/nEJsRemyqfnIcHOMR2JivgGn46A3mDPXY1bRZv
W1PZbNjV1DHl4Vzs32Hb1cRPXrCrua/Crn7wgx88bXY19nHY1VPVU9RJv+09ru92Sx2FXU3fwlR1
VMfbSxusr+32O/nD/o9APodtV890u4iyuJWABCQgAQlIQAISGD8CAwnn41dcczyKBJghwKhjOokQ
zxFKDRKQgAQkIAEJSEACEpCABEaVwDCF81Eto/kaLwLhpp2Z0Zdddpl29XhVn7mVgAQkIAEJSEAC
EpCABEaEgML5iFTEfMoGI+Fxjcea0MwIYE2xcL2N63LWHLv//e8/n5BYVglIQAISkIAEJCABCUhg
jAgonI9RZc3RrGJX4/4cN+jY1Sx1Fa63cV/++te/Xrt6jta9xZKABCQgAQlIQAISkIAEpo+Awvn0
sTXmNgRwQ85a1SGWl6ex5hZrsdkRVVLxswQkIAEJSEACEpCABCQwSgS0V0apNuZnXrCrmV0eYnlJ
Abv66quvzktelfv9LAEJSEACEpCABCQgAQlIQAKdCSicd+bj0WkicMMNN+R15VjbrAyst/XQhz50
qOuclfH7WQISkIAEJCABCUhAAhKQwKAEFM4HJej1wyBw3XXX5fXk63Wr+b7GGmtoVw8DsnFIQAIS
kIAEJCABCUhAAvOKgML5vKpuCysBCUhAAhKQgAQkIAEJSEACgxJQOB+UoNdLQAISkIAEJCABCUhA
AhKQgARGj4DC+ejViTmSgAQkIAEJSEACEpCABCQggREmoHA+wpVj1iQgAQlIQAISkIAEJCABCUhA
An0SUDjvE5yXSUACEpCABCQgAQlIQAISkMD8JKBwPj/r3VJLQAISkIAEJCABCUhAAhKQwNwmoHA+
t+vX0klAAhKQgAQkIAEJSEACEpDAkAkonA8ZqNFJQAISkIAEJCABCUhAAhKQgARGgIDC+QhUglmQ
gAQkIAEJSEACEpCABCQggfEhoHA+PnVlTiUgAQlIQAISkIAEJCABCUhAAt0SUDjvlpTnSUACEpCA
BCQgAQlIQAISkIAEGgQUzm0GEpCABCQgAQlIQAISkIAEJCCBuUdA4Xzu1aklkoAEJCABCUhAAhKQ
gAQkIIFpJKBwPo1wjVoCEpCABCQgAQlIQAISkIAEJDBLBBTOZwm8yUpAAhKQgAQkIAEJSEACEpDA
eBJQOB/PejPXEpCABCQgAQlIQAISkIAEJCCBTgQUzjvR8ZgEJCABCUhAAhKQgAQkIAEJSKAioHBe
AfGrBCQgAQlIQAISkIAEJCABCUhgDhBQOJ8DlWgRJCABCUhAAhKQgAQkIAEJSGDmCCiczxxrU5KA
BCQgAQlIQAISkIAEJCABCcwUAYXzmSJtOhKQgAQkIAEJSEACEpCABCQwJwgonM+JarQQEpCABCQg
AQlIQAISkIAEJCCBSQQUzifh8IsEJCABCUhAAhKQgAQkIAEJSKAzAYXzznw8KgEJSEACEpCABCQg
AQlIQAISGEcCCufjWGvmWQISkIAEJCABCUhAAhKQgARmjYDC+ayhN2EJSEACEpCABCQgAQlIQAIS
kMC0EVA4nza0RiwBCUhAAhKQgAQkIAEJSEACc5GAwvlcrFXLJAEJSEACEpCABCQgAQlIQALznYDC
+XxvAZZfAhKQgAQkIAEJSEACEpCABHoioHDeEy5PloAEJCABCUhAAhKQgAQkIAEJjAUBhfOxqCYz
KQEJSEACEpCABCQgAQlIQAKjQkDhfFRqwnxIQAISkIAEJCABCUhAAhKQgASGR0DhfHgsjUkCEpCA
BCQgAQlIQAISkIAE5gEBhfN5UMkWUQISkIAEJCABCUhAAhKQgATmHQGF83lX5RZYAhKQgAQkIAEJ
SEACEpCABAYhoHA+CD2vlYAEJCABCUhAAhKQgAQkIAEJjCYBhfPRrBdzJQEJSEACEpCABCQgAQlI
QAIjSkDhfEQrxmxJQAISkIAEJCABCUhAAhKQgAQGIKBwPgA8L5WABCQgAQlIQAISkIAEJCCB+UdA
4Xz+1bklloAEJCABCUhAAhKQgAQkIIG5T0DhfO7XsSWUgAQkIAEJSEACEpCABCQggSESUDgfIkyj
koAEJCABCUhAAhKQgAQkIAEJjAgBhfMRqQizIQEJSEACEpCABCQgAQlIQALjQUDhfDzqyVxKQAIS
kIAEJCABCUhAAhKQgAR6IaBw3gstz5WABCQgAQlIQAISkIAEJCCBeU9A4XzeNwEBSEACEpCABCQg
AQlIQAISkMAcJKBwPgcr1SJJQAISkIAEJCABCUhAAhKQwPQRUDifPrbGLAEJSEACEpCABCQgAQlI
QAISmC0CCuezRd50JSABCUhAAhKQgAQkIAEJSGAsCSicj2W1mWkJSEACEpCABCQgAQlIQAISkEBH
AgrnHfF4UAISkIAEJCABCUhAAhKQgAQkMJmAwvlkHn6TgAQkIAEJSEACEpCABCQgAQnMBQIK53Oh
Fi2DBCQgAQlIQAISkIAEJCABCcwYAYXzGUNtQhKQgAQkIAEJSEACEpCABCQggRkjoHA+Y6hNSAIS
kIAEJCABCUhAAhKQgATmAgGF87lQi5ZBAhKQgAQkIAEJSEACEpCABCQwmYDC+WQefpOABCQgAQlI
QAISkIAEJCABCXQkoHDeEY8HJSABCUhAAhKQgAQkIAEJSEACY0lA4Xwsq81MS0ACEpCABCQgAQlI
QAISkMBsEVA4ny3ypisBCUhAAhKQgAQkIAEJSEACEpg+Agrn08fWmCUgAQlIQAISkIAEJCABCUhg
DhJQOJ+DlWqRJCABCUhAAhKQgAQkIAEJSGDeE1A4n/dNQAASGG0C5513XrriiivSJptskh7+8IeP
dmbnee6uueaadNZZZ+V6evzjHz/PafRe/ImJifTtb3873XHHHWmrrbZKdsj3ztAr/kfg9ttvT9/8
5jfTEksskbbZZpu08MIL/++gn6aNwExyn6vPXH/3p615GvGQCfg7PWSgRicBCUwrgXPOOSddeuml
adNNN01rrbXWtKZl5IMRuOqqq9L3vve9tPbaa+f6Giy2+Xc1dvU3vvGNxHv5dtttl5Zaaqn5B8ES
D40A7ej4449PSy65ZHrmM5+pXT00sp0jmknuc/WZ6+9+5zbmUQlMRWDeC+dnn312euc735mWXXbZ
tNxyy6UPfvCD6b73ve9U3DwuAQnMAIG77747bbbZZunyyy9P73nPe9Lee+89A6maRL8E3vzmN6cj
jzwyIZqfdNJJPRkUv//979MrX/nKLBbfddddad11101ve9vb0kILLdRvdsbuut/97nfpsY99bM73
aaedljbaaKOxK8MwM0yb+M53vpO++93vpn/961856hVWWCG99rWvTausssowkxqpuIb1XoJo/uIX
vzgts8wyCSESQ98w/QT65X7ZZZflgQ7nn39+zuS97nWvtOGGG+bfvcUWW6xlxgd55raMcAR2+rs/
M5Xwuc99Lp1yyimJdva0pz0t//7OTMpzKxWF88n1+YMf/CC98Y1vTMsvv3x6yEMekg477DDt6smI
/CaBWSPA7yvvFb/+9a/TRz7ykfS6171u1vJiwlMT2G+//dLHPvaxLJp///vf78muvummm9Juu+2W
ll566XTnnXem9dZbL73//e+fV3b1lVde2Zx08ZOf/CRPwpia+tw9gzaBjcK7X9jVK620UnrLW96S
VltttTlb8GG9l5xwwglp5513zroBNpvvfzPTZPrlzu/cV7/61fTTn/40ZxR7Z+ONN86/e+3s6kGe
uTNDo/dU/N3vnVk/V3zyk5/Mz1faGROgXv3qV/cTjdeMKIE5JZz/8Ic/zC+GUwktvCg84QlPyD92
jBrbc889c/XYuTyirdRszVsC3KvPec5zEkLShz/84fSyl72sIwtmpr/3ve9NL3/5yx2Z3ZHU9Bw8
9NBD07vf/e609dZbp6OPPronAz+8CkTO+okjrp3N7SBt8A9/+ENaZ511cvbPOOOMtP76689mUWY1
bcTDLbbYomUe3vrWt45dZ18v7WJY7yWMLt5+++0Vzlu2ounb2Q93RMzXv/71LTN16qmnpsc97nEt
jw3yzG0Z4ZB29tLe6yR7/d2vr5+P3/uxf17ykpfkmVjwGtff21Go67nccXrmmWemv/3tb1MKLdyz
T37yk/NsvmOOOSaLNdQNg9LtXB6FVmoeJHAPAe5V3q0Rkj7+8Y9POSCd+xdRbd99980D2eU4swSY
0HPAAQfkd/mvf/3rPdnV1F3YlOQae6DXOGa2tK1TG6QNMgCbAVyEn/3sZ83B6a1Tmtt7EQ8RDVsF
+s6wrccp9NIuhvVeglfFpz71qb7bzHBD6Yc7IuZee+3VMqfY6WhBrcIgz9xW8Q1rXy/tvU6z19/9
+vr5+L0f++d5z3teHqgBr3H9vZ2Pdd1tmeeMcI5hj8upq6++uquyhwj3j3/8IzHLj4enwnlX6DxJ
AjNGABdbn/jEJxKdwsxGZlZUp8CIxFe84hVdieyd4vFYfwRwM/6FL3whd65QX1MNYqpT+fOf/5wH
SbzoRS9Kz3rWs9JnPvOZPBuuPm+Uvw/SBv/617+m//u//0u33HJL+sAHPpBWXXXVUS7qtOWN+54Z
a5/97GfTBhtskN73vvflDvkbbrghMbiADvroCJm2TAw54l7axbDeS/DUEexoT/e73/2GXCqja0Wg
V+68vz796U/PnlWYHcRvGG71eTelLTBqud3I+EGfua3yP4x9vbT3Or1ef/fr6+fb937tH2ag/ehH
P0q77rrr2P7ejkJdz1XhnHb1qEc9Kj+HuuEcIhzPLGb5PeIRj7BzuRtwniOBGSTA7+tBBx2U6BTe
f//905Zbbtkx9S9/+cvpBS94QVcie8eIPNgXAdyM48mNemL2Wq929a233poHSey4447puc99bjr2
2GPHzq4epA1iV7/mNa9Jf/zjH9NHP/rR9NCHPrSvehj3i7jv99lnn3T44Ydnb3aHHHJIevCDH5yu
u+66xCz0zTffPOHRbZxCL+1iWO8lLHHBAAPY0Z60q2emxfTKnfdXBpwz45xBwswix67m3fTvf/97
FjXb2dWDPnOni0gv7b3OQ6+/+/X18+17v/YPdjXvVojm4/p7O9/qupfyzhnhHBcUjKC9973vnWeb
4iKBTnY6jR/96Ec39zFzlQdPCOfAimtvvvnmPBpx8cUX74Wh50pAAiNCIFzklvf3iGTNbHRJ4Npr
r02Pecxj8gy4L33pS2Nn4NsGu6zoDqf985//zOL4jTfemBhlPBfcx/XaLnwv6dBA5tihWKKBdn7u
ueem+9znPmNfwl7b+9gXeBYLEM+Kfuyfcf+9nUXszaTnqnBOu2J2Gu2K2abY1XSyM7iPAW2xD/fB
n//85ycJa3Ets/1+85vfJO3qZnPxgwTGigCD4HBNHANjxirzZjYTYFIRgjGd+YhCPMvHKdgGB68t
7Gr6VvgNv/DCC9Pqq68+eKSzHEOv7cL3klmusBlMPpZooJ0jus8Fu7rX9j6DuOdcUvGs6Mf+Gfff
2zlXmUMs0JwTztdaa6306U9/Oo/IjA4hXD3HPtZLZeRsKaxxcyC6M9vxK1/5Sl73hTVVecl4asMd
C+sqM7KsVbjmmmvScccdl3ClGWGTTTZJzJhce+21Y1feMgoF98WMFuUPtxm4lGYUHC+yrAnMbDpm
0uGyk46JMvSSVnldr59vu+22dPrpp+cO3IsvvjhzYJQW3J7//OcvsFYd+WLW0yKLLJLPZV07mNNh
AhvW0YkXNmYRljMFYUCdwJ2BDgTWYtpll13SDjvsMJQfOjqif/7zn+e4qRNmcTKTFZdFlIsRQdRX
u7XtWRPpxBNPTJdcckl64AMfmA0O3FpigJDXYYU//elP6Vvf+lZuS7QD8oYXhRVXXDGPNmaNq1Yu
lvppF4y2o85Y9yXSIu5tttkmDx65/fbb0xve8Ia06KKLZjeL3/ve93K5qdtnP/vZuf1yHVyi3snn
M5/5zCaOQdoFIwQZsRV1cscdd6Sddtoprbzyys34W32g8471j3E5hXse2hfhP//5z6S29Je//CWP
uoYx9yLtc6mllspp8CNJ2uQh0meL+5X43irtbvb1wr2Mr9s2yIhC3LAxephA+2HUHO6KMJZor4y8
pJ5bhX7aINdw/9IOCJSRUZ7tXAuX6VKuX/ziF7l+6FjlGtoczz7usVbCeS/tfZA22OtzMMrVbRuM
89nyvKVzOV7saY/UEyw6BQwD7kHcurN+Ne0chjx/H/awh026dJDnYD/tYlLiXX7hvuR3mzXuX/Wq
VyVePnlGLbfccvl3kmc3v9esx1aHXlgM+ltcp93N917bRb/vJTzzcEnHfRjPtvK53S6vv/3tbxNG
GW2J9sezgpn9fOb5T/6ph2GEXtLCZT/PCTr6qPftttsuf//lL3+Z2wn5fNKTnrRAe498ch/zTGTA
JGUhrLHGGumFL3xhespTnhKnLbAlzS9+8Yv594+DrA35jGc8I78nkidm/qyyyirN6/rhzjsP9xbt
fI899shej3DTH4Hf1H//+9951mbsY9vvM7ef35+ZfA72+7vfy70/yHOwrINR+hzPin7sH+7FjTba
KL/b88ylzce7Me/83Ce8E7UKvfwWt7p+ruyb68L5uuuum5+f/J7wrEKAwUbjmco+bFfe/UthjTaJ
TcFsR2wNBtJgC2LvYm+zrjJe3lqFq666Knsuwh6KwDMeTxzMYi8Dv+XYc+SDP57DzKojHd4d+E3j
fZhn6dve9rbc1svre0mrvK7Xz7zbwIHB+4gW5A/7g/e8F7/4xQvYFuSL3y3eCTmXmYAwpyx4dYIn
+x/72Memd7zjHZNmCsKAOuFe5r2fAOvdd9892zjxntlrGcrzKQfPUgJ1Quc09f/jH/84l4vnBvXV
zmbC0wUzXy+66KI8qILfd2xqZsW2628p0+/2M96beEemLcEO5nguw5Y87LDDEkukPPGJT1wgun7a
Bb+v1Bl2S6RFu+Xe4H2Cma9vf/vb83s9/Qn0fVBu6hb7kvZLvwn3VdQ77xjYvhEGaRf055x22mlN
uwI7nz6dqTxbHXHEEdnjG7PUsa9pX4TarqYPjbYZdjXtk7okDX5DsHOo77BraBu0yXZtJMo81bYX
7mVc3bZB7Oqyj4r2Q58EM3b5DeTe4rez7P8o0+mnDXIN92/cqzxP8YzZzrVwmR7lwiU59bPEEkvk
9g1z3nvbCee9tPdB2mCvz8EoV7dtMM5ny/MW18bRvnj/p56i/ZXnlp9ZZoh7kHuF33Y4wp3n75pr
rlmemp/n/T4H+2kXkxLv8gv3Jb/b/FZyvzFQl99i+mK5R/k9x+Yu7ZmIuhcWg/4WR5q9bHttF/2+
l/DM47ci7Or4TY7ndrs806+DPU5b4hqeFTw/aIs8/3k/wT4fRuglLd7x8eTJ7w/Pf/p1eW5g29IW
eG5vttlmC7T3yCf3Mc9E+gUoF4F7g+U08VzQLpAGegy/fwSWI6Svn/fE8847L73pTW9KqzUGkEfo
h/v111+fvUvQzvntZLmgUqPhtx+7uu7P6PeZ28/vz0w+B/v93e/l3h/0fTDqe5S28azox/7hXuR+
oF8Hbye0+Xg35p2f+6SdXd3Lb/Eo8Zo3eWm8EHYVGg+1iVH+axiHE41Oo4mGe9+JxsMv57Xx4jjR
qMiJhgDT3Nd40Od9DeG8WZ7GrLaJhuGX93N+/dcwaiYaD+Dm+cHhwAMPXODc8tqGeDfR6OBsXtcw
nCad3/gBnWgYcznf5XV8fvzjHz/RcCvUvLbXtCKPvW6nYtHoCJloCKbNfBF/w1ieVC7qoPEyMGlf
lA8mkafGw7xl2eNc+DREteb5cV0vW/g3XlJa5iXSYUsbaXgcmJRW40VzouEaq+O1jYEBk67pJW/l
ubAo89Pq84c+9KEF0uqnXTQ6bSYaLyYd04N9tPmyfsv9jRfWSXHUbba8jvJ02y7g0uhwmRQ31zfE
mwXKz7mwI1+tmJX7GmJi8znQ+AFb4PzGoIiJRidyvmdbtRmOlXXW6+deuRN/r22Q52BZ5nafW7Wl
fttgo5NogTTL52srTg2BpOMzl3yXz/KIo9f23m8b7PU52E8bjDLxPOW3q6yr8j6L88otz7WGq7BJ
15TX87nRQdds74M8B/ttF2V+u/1c11ddJr7Dqvxt7JUFeRnkt7jbsnDeIO1iqjbY7r2E50zNrX42
12X42te+tsA1dRwNw3+g51+k2WtaPAfqvLT63hiUN6ldkF6jY6LjtY2OzgmemZE3tg2je6IxmK7j
daTfGGAw6bpeudNup3q/IB3u8zJ/fO7nmdvP789UbbB+HxykvVOuXn73Ob/Xe3+Q52BdB6P0fRD7
J+ykVvcU+7j/yudtlLvX3+K4bi5uuzKix/Ckhjg00eg0ys/DRkdjLkGjMy0/GxsCzETsawgUeR+/
3xEana8TDTfvbZ+jjUFQ+bkW58e2sTRT22tojw3xbqIhZMTpE7xLlm230Uk60Vi7Oee73M/nxkDS
iUZHbPPaXtNqXtjjh6lYNITbiUbn86RYjzrqqEnl4jeJ3+C6THw/+OCDm9fyLKDOWp3HPvhg2w0S
4N9YPqRtGpE2baQhEExKqjEQa2LbbbfteO3JJ5886Zp+v3RjDzUGpC8QfT/totHZOdEYPNCxXLDn
+Uco67fcX/+21222vA7O3bYL0mx4iFggfw0BhUMLBNiRr6jLdtuGmNh8DvzqV79a4Hzsan5327UZ
jg0SeuVOWr22QZ6D7cpf7m/Vlvptg43JNAukWT5fWzHjfa3TM5e80l7iuR1x9Nre+22DvT4H+2mD
USaep/VzsLzP4rxySxulj7Ks0/pzY8mrJr92bbq+ptVzsN92Uea32891fdX54zusyt/GXlmQl0F+
i7stC+cN0i6maoPt3kt4ztTc6mdzXYbGBLwFrqnjoC9iGKHXtLqxcckr/UhluyCvDZG0Y7ka3kkm
eGaWoTGBZ6KxDFnH60gPe6QMvXKn3U71fkE63Od16OeZS/56+d0nzanaYP0+OEh7J71efvc5v9d7
f5DnIOmNahjE/gk7qb7f4zv3X31fwaHX3+JRZTeX85W6Ldyod3ZE5w8CaHTylPtqMb0x0rnZGVl3
DtIhRCdjY4RI8yHfWBOmeT4sGjPHm8f4MWiMlJognsYsqEmdf43RWM3rEGYR/xCVa+GyMYtqgg7l
97///TleHnQYFP2m1W99BQuMHV4QEa75YWiM6G+Wt+5Ab4y4nWiM5pqohVQeEI1ZWRONkfFNJo3R
yLlMkQ7nkFZjJF9OB6GwMdKzmRacGrOymgz7KRcvc2XeSI/6o47f8pa3NNNqjL5rpgP7xqzc5rHG
iP78Ukj+KH8pdNUd6P3k8SMf+UhOi478xki8XPekRYdIPGhrMbKfNsgPcJl3xIbGCMCJhjvkZh2R
Xinc8QMQbbbcj8DAwI84Vgud/bSLYNcYrZXbDaxDXGjHuZ/O+sao/txmgwXlaowabtY/bSYEG45R
zrgfI4+9bPvh3m8bpCOkMSug2W4as7dzWXlGMXiA+kV0o37KMvTTBrm+MbMi80Gkeuc735njr9tq
mU7NouHZYKIxy3IBg7VuT/20937bYDyfun0O9tMGSyb8VvGchCHtrbzPyvPic9QVdckzg7ptzNTO
26hjjpX10M9zkPQirV6eTZHPXrd0eDdGY040Rmg2fyNh0fDAkvc1ZgvkgVrlvRj564VFv7/FvZZn
kHYRbZBy8dfNe0nkj2dlY0ZBU2Ct76U4j235nMFI5p7hHYrfocbshOZzpN3zt4xrqs/9pEUnP8+I
4MCWNkEn5ac+9alJv2e0k8hDw8tM85p4BnKPNGYnTzBwKOJreP1pPtvJX2ncN0bC5997fhs++MEP
Nq/h2lY8euFOPnnv2XPPPSdo15EfBm1Fe+de4LcnyhTbQZ+53fzuk1a0wZl6Dvbyu0/++rn3+30O
BvtR3Ja2Tq/2T1wb9xWDQXk3Lt8hGGhYlruf3+Ly+rn2uVs7etzOi84fOv6jk6fcFwJM7ONZFaHu
HKRDCFuytO+wB8vQmK3bfA7y7GvMFsydjNhCZecfNkcEhFneebEV6g7MxiyqCTqUDz300BwvvyN0
8hH6SSvS7HUbLHiONtZEzcJ1YxbgBP0Q8dyvO9Abs5MnzjnnnOZveJzHtjEra6LhFavJpDGjOmcp
0uEc0mrMuJ8gncbsponGDPRmWnBqzA7stRiTzue3oRR5SQ+m1PF73vOeZlo8SyLAnvfIKAu/qcSD
kMkzphS6eC4NGui3IS068ulHIH1Y8N4QeajFyH7aRXSwRpy8R9EXRP9J2W5L4Y530Giz5X4EBt6D
41gtdPbTLoIjvw20G9paiAvtOPfTWd+YeZfbbNQj5Wq4yI3kc12HYMMxyhn3Y/OkHj70w73fNnj5
5ZdP6i9qeGnJZeUZxeAB6h7RjfopQz9tkOsbs90yH0SqeF+t22qZTs2i4V0j2/1lHxJ5rNtTP+29
3zYYz6dun4P9tMGSCb9LtHcY0t7K+6w8Lz5HXcGJZwZ12/DKkLdRxxwr66Gf5yDpRVq9PJsin71u
L7jggmxjHHDAAc3fSFg0llyZYN/+++8/gbhe3ouRv15Y9Ptb3Gt5BmkX0QYpF3/dvJdE/nhW0l8a
Amt9L8V5bMvnDH3p3DO8Q/E7hM0Z6bd7/pZxTfW5n7R4B+cZEflgS5vAJuX9Pp7h7KedRMBGi2vi
Gcg9gsby/+ydB5h1NbX3Q68CAhZEryIgoDRFUFARVESxV0RERUFELICogAVEsXEBG/qBIvbeC2LF
3nvvWEDFhoq9zZdf7v2fu04me5+dnDPzzsy78jwz2WfvlJV/VspaKwWZXN/iqT8jfoK+hz70oaNv
8VSZNN4zNsRTX0bviVvCowZ36GSDZLzPPOmMRA8L/cTvyNuMPbmbts8dMu6Tp3hwsfrBmnEf+lra
fms/SH5L1UmuaZF/FBf+o12xGPSSODe2NicWGlrXMhbb+P68OAisGMM5QggMiYFUShk6W5jW7jin
02dXi1VG0uC14xyBXPHxZQiyO6VteARYG17PGIzJu2T4ZYeh8iMMA4fi4WPU0+9p81I6LT50oLDg
j/iUFXqtMcami4DMd/4YEOKxXKNyEA5lr8LHo2tSOBTgGBf0Xr5Nyy4+0PdaX+lBF3yh+FaRz+IA
vYc/VBa7yELfmbihjCdMabe6wg3xoSEeZZbSKmGrHXos5FB6rXzBhF/lwrCi9ORrF1FuuBPP5u+J
p29dxhlhP4QvRIf1xSslQ4XCMTEAx/POO28MR/oF/mybUhx8hAXoolwMdPo2qU4Ubqjfgvs0PCjM
4jGOyaAqOjFCUVbKbJXhk8pb4kGlaX3VdYmPFU6Lg2iL8W7MEeZ8R9GkRUW2327ld+Upulp4cGg/
2MqDolE+Y0epnek7wgbl4A/hgLrTN3x+S1mX87VwGNoPzoovLH1Dn7X71PJpHncaLEhLfZfw7BuL
87yH/m7lC8vzQ+YlJXpUvq6+mTiMZVpAVOpjJVz31UMp79K71rzEt9QThm07l4BH7ekLKInIW/zD
witwyOlRH0mamhMgTIsXSn2Y3cFewkp5DMFdYfEVngVNLEiz3yY9C5sSvYrbMv4orvzF7gdVP104
T9P2hdnQflAYLFV/GvlHchJjhT3hCUVYPGY4tQeMOCq77Zda5B+ls5L8xRHXFz8XFOEYQTGQykkh
hDJJhnPGOOYcVhkp5SD9KfxjnQxBdqe0DY/cXXKSQUuGX3YY2t2W559//lgSGPXkps1L6bT40IHx
lj+cdAzWGGPTRdmmMYn+ikVc1qHslWPxJWFR1LFILHc2Lbv4IA839LfSgy74Qs4q8pGf5ez4ahdZ
6DvGP5TxlKG0S1PhhvjQEI/JTGmVsNUOPRZyyLXyheRI6MawkjvtIqJe6PfkxLP5e77rW5dxRtiT
5yS+UH7WF6/Q/3c5DD3gqLFYONIv8GfblE2DhdDiQ8YmuUl1onBD/Rbcp+FBYRavY0wGVdFJnVKH
lJkFp3KTylviQcW1vupa+NtvetbiIHghHres18lH7teiIttvt/K7EhddLTw4tB9s5UHRKJ+xo9TO
9B2ZgnLwx8JS6s46fmsBL+lYvhYOQ/vBWfGFpW/os3QDudHGxp8GC9JR3yU8+8Zim2/NcytfWJ4f
Mi8p0aTydfXNxLELWUp9rPRgtr8o5TXkXWte4lvqiYWKdi4Bj9rTFzhxEyf+YeEVOOROfSRpak6A
TC5eKPVhdgd7CSvlMQR3hcVXeBY0sSCtxgmbEr1Kp2X8UVz5i90Pqn66cJ6m7Quzof2gMFiq/jTy
j+QkxgrGXzlkpv322y+1B7tY1vZLLfKP0nd/4RFYMXecx055ntPdfdEAU7wrVxHiYJHuXIsToXQv
EHftynEPCPH5i6uw0t1NSpcw0eCZ7r2MnZ+ipLt+40rxdC91VEalezu4f1ZO+cUBM8QJRbpbRN9y
f9q88vSG/I6NOcQVcununlL4qKBN9zPk30Rr7DTT3S1xxVoeZPT7xBNPTPjwAlwtftzzFTusdB9d
VMiM3Uc/SqDyQbRFA0K6D497XeSiAiHdxWbLxf1G3JMXj7hNd8mV7qKIk4Fwu9vdLt1Zw90sto6V
9lBf+RGe+1722GOPdDcV90ZHQ2K6iyUKPqPkVB5eDOVB7rriXtaoBEv+KaecMkpPD3GyFI455pjE
s3EXerrTnW/iWdpIXlZ923777edhS1zROoQvCJ+7ONCnOwCjAj3dh5N/t78V1tal/Z4/i3baYlyN
mO5vIwz3/HAPY6n95mlM+h278SbcxRMtPCgc4u6WdEepaLS05HgqP8IO4UGlaX3VdRf+5B8n3un+
sK4wUbGR7ui2/bbSJa+h/G7bo+LX8GBrPyjsu8pn8So90zfGlYfz2pnCRoNRurMO3mScKd0HGZWy
6R6tuOgp3a3FHbY44TC0HyTOLPiCdGqdxoicT20602BBOrb9TxqLbb4tz7V8IdqGzktKNCmNrr6Z
OLZN8jsapsPOO++c7gHceOON07133AmW3wdG2FrXmpf4tovnmS9w/zhjclwtHeBv+m/69WiMDnFn
crrfT/QyrkYjfurzeSce01xgu+22S22LcLmLwnK6nzcuJAg77rhj/jn9HoK7jRiF+jTHLI2vNlzp
Wdh09Te2z2f8rxn3yW9V9YNqL6qbvOzTtH1hVtMP5vkv9d8qox1HSzQrXDypJM3J7dz4xS9+cYiL
Usbm4ApPWi1jcYmG5f5upd5xXqqXuPg83d0XDTAh7rxKd2SWwtEHcsd5XHATiGPlavpO7pUmDeY6
3ImsdEmLewHjzuQ0Pitt7vplbhh3NaU7K7m71uKu/LhDOZ6akO6MVtzcnzavPL0hv7nbM+5ISmUo
hY8K2iR75d9EK3NX5nu77LJLHmT0Oy6kTPjwAlzBRE5yNXfLM8505afwQ3zRFg0I6b5y23cwbzz0
0EPH8omL4JMsF4+4DXEnaPGOx6jQDXvttVexjofQZMMoP95xdzr8iFwALyFPc8cvY72cysPvoTxI
enEHYdLlRONciLvoldzIR64mPeovLtoak6vVRrr4mTlGXHwwr52J1iF8MSLEPDDXibtdk84rLrA2
X+Y/KuxQnrFt8fTTTw9xU0tKFH0a5Y3K5HT3tG2/83Ptf8O8pgV38UQLDwoH7ivljlI5Swv8a/FU
foQdwoNK0/qq6y78yT8avgJ5dYWJp12mObHtt5UueQ3ld1tnil/Dg639oLDvKp/Fq/RM38idzHk7
U9hoSE59K7zJM7JG7rgrnLqNhpA0L44LKFIQ4TC0HyTSLPgip2/Ib40ROZ/auNNgQTq2/U8ai22+
Lc+1fCHahs5LSjQpja6+mTi2TfKb9rn77rsnuZr2wr3y3C0+i/vNW/MS33bxPHI18zR4JZ4OFOBv
+m/mWNEYnWRtZFc5xtV4Yt1Ijyoe01yAO5/hrZJcHU+BCXEnePoeNxYqyTF/CO42ArTts88+aQ7a
1e5tePssbLr6G9vn14775LOq+kG1F9WNLTPP07R9YVbTD+b5L/XfKqMdR0s0K1w8qSTEhYdj87e4
yC3de255S+FJq2UsLtHg7xYIgdj4B7nluDsgdgxpVUdUHI3uei2VQzso4kRpdK+zwum4z6hgG6Wh
dGOVjFZRdT2X0lR+peOSla/8afNSOkP9/Fgnyn344YfPsXNVZYwK2tHuE5uuaOWo4HwXpA3Hsz22
Rel2+ex4yOPX/hZtJV7QqjGVy+6y5Fi9rry0So4dsvmx111xut6zqz9OSEYYl7CIk48RLSpPKVz+
zvKgduFxFEsXLaX34lmblsLpm20j+oYvWofwhY2nZ9VPVKBPpFlhVZdKo8/XanrKxi426l/H9PfV
f1+a+bda3KflwT4cREuOZy0P5mXkt+q6C3+745R7MUtpaDegbatKN+ft0u8Sjyr+UB6cph/sw75U
3vwd9VMqg8LpVIWu9kY4cKZfAh92wCiucLDY6lsX3bPgC+VR43fxqU1jGixIR33XkLHY5tvy3IVv
V1qircQLpXlJKR2l0ccrxGMXG/mU2hPv+Mbq2FIete9a8hLf9rVf8Qt9D+XWLvquGinuAgAAQABJ
REFUMtn32lGrOmJXu673qS0f4YfirrQVvlTXCtPlC5uuPpd4wqZ23F+V/aDqIh+nhMM0bV+Y1fSD
yne5+H1ltGXoC6c6sLyl8Lb9dD238LOlbbk8DxKiV0gg7aSIiqPRjvNS0bSDgh0X1KN1UUmUxpqo
YBuloXS7eMm+L6Wp/ErHJdu8eZ42rzy9Sb/t0eCUg3I//OEPn2PnqsoVlWjFZEQrRwWzC6zPPeIR
jxilp3S7fK65mNaJthIvaNexygXtUSGY6OP0tC4XlfIpDDtk82Ovu+J0vecIeO4L7cKA9xxhL6fy
9IXXN8uD2oWXXz2gdLt88axNS2H1zbYRfcMXrUP4wsbTs+qH/nySU1jV5aTwfI8L3xLulI1dbNS/
junvq/8haStMLe7T8mAfDqIlx7OWB1U266uuu/C3O065crDktBvQtlWlK57u80s8qvhDeXCafrAP
+1J583fUT6kMCic9UFd7Ixw4a+c+VzHICQeLrb510T0LvlAeNX4Xn9o0psGCdNR3DRmLbb4tz134
dqUl2kq8UJqXlNJRGn28Qjz0ieTT1a74xtVRs3AteYlv+9qv+IW+h3LbI9y7yqX36AxwqiN2teuU
opYyD8VdaSt8qa4VpssXNl19LvGETe24vyr7QdVFPk4Jh2navjCr6QeV73Lx+8poy9AXTnVgeUvh
1Xb6/BZ+trT583QI+I7zyJ2sYmJ3Umm3j3ZXRAXbaNd6ZPCglYavfOUr046mOCGPKc13rCxjlRWr
veX68lMY+dPmpXSG+NC1//77h3iXU9rtzYpa6JeL96WFKOyP7T7RN/wSVva7fY5HHqUV2vEY1bTr
i7xLDty23XbbqXZzk24fbdrZFJWDo1XE8Z6XEO8ZTSuaWUFu6090qm6icrBzd6jCTvLjZCJEJUGI
Rqq04itOqlOUKHAGdv3gbD7Km/c1PCjcbVlJY5Lr49loYEirElmZGI+7H1tZRbp92E/Kl++qn66d
ZzYNhc13Wtsw+TNlu/Od75x2K4ILO7xZjc5ORXbG2J0yedyhv1twn4YHhUOpnrt28tbyYKnsqutS
voS3WLNbad99952XjHh7ln2u6LJpzsv4f19A4zT9oLCv4UFLy6Qd5zrpIhrG0w6WDTbYwEZPz7YM
tt304SC687qbBV/MI3DAiy4+tVGnwYJ0wKlr7Lf5zOJZ+A7liz7a+urR0qo0+nacE54TXxh/ohCf
dv4RD8fqY8Z93JC2kwJO+NeSl8rLavd4xOu8nWpxGjx2ksUhhxySToNhLsNJIpwME49tK1LGKvmd
dtoprYJXHU1b1qG4iyCFL81BFabLFzZ5u7XhW8YfaFqV/aDqwvZftkzTtH1hVqpn5duHJ3Qw76HN
sONw8803t6Qtiee+MloC+8KVsND4TBo1c0+b50p7trvwVlrZ8vJoZ0RUjg3ecZ7v9imlQRj6YVy8
GijtaOqSq5mTs9vLymX0V4wP7CTL88vLMG1eeXp9v6GLE8QYW+PxrOkkMytXcwLYYYcd1rlTtIRV
V36cFsaJK/EY1cBOX/IuOXBjTjAt3/bRpp1NUTk42kmPLBuN+wmDeC3OWP2JTtVNVA5OrEfF6fKZ
uyJLs0OUnd6cxISLC9XC2WefnZ5tPsqbDzU8KNxtWVPiE/718Syn7XHyTzzWs3fH+aR22EWC6icq
0Md2SJfCK2y+07oUVu8oG/Id6YMLMvVuu+2W2jUnAc1Crm7BfRoeFA6leu7ayVvLg8LP+mpnpXwJ
Z7FmvnSb29zGRk/P4m3LL3pHgBp+V+Kiy6apb7kPjdP0g8K+hgctDZN2nMOnnHTBSRTIPV1ytcpg
200fDqI7r7tZ8IUt39DnLj618afBgnT6+jWbzyyehe9Qvuijra8eLa1Ko2/HOeGRdRl/4nWkaSyL
htyUTFx0kewJ/BjSdlKkCf9a8lJ50d1+JJ7mk5+silxtT7JgJyxthLkM8wtOeeuTqxm/2F2uOpq2
rENxF1QKP2ROqDjyhU3ebvUdv2X8gSb1IS3zQWE5lN8tvTwrvu2/bJhp2r4wK9Wz8u3DEzqY99Bm
mJtuscUWlrQl8dxXRktgX7gSFtOOxTZvf15gBIba3ZfLyn9LZ+wA0kqvSbut+nb7lNJgZRc7KWLV
zEXjT+curNhZj90vLNr68lMY+dPmpXSG+Cor5frBD34wVi67CzcqFMe+KW3Fn4Q34XWvG/ePRmVx
MT3Csdux77vynuT30VbaVaN3UcExdu+jzafvHnsbbsgzO8LIi9WHeXjtwLW7d1r5wtJc2iVPPccB
ee6kk05Ku+ZESx/P6i7urnrvw17p9/mqiygQzsMmj6ew0VhSDNt1f2w8wmveqtBZ7TaHxhbcVZYW
HlTcUlvV7sMcz1oezLHnt+q6lK/Cs5uTPoYTFvK2bXfaW35q5XflKbpsmvqW+wrb2g8K+1oeFB3U
g23rei9fu42hz55Coe/4WjVKmHg84qgtqGwlHER3Xnez4AtL29DnLj618afBgnT6+jWbzyyehe9Q
vuijra8eLa1Ko1TfCkcYdmfHI0vntUfCiJeikXGOu2wVr8VvzUvlhZ9Z3Z3nHY+hHPXf8YjatFtc
9zPH43HnhbfxmWPotx0H7EkN+o7PSRns7IvKtVE8+53nIbjbOArf1+5tePssbPJ2a8O0jD9Kd1X1
g2ov+Tilck3T9lW2UrtQvn14cuczuOivxJOic1X5fWW0NPWFK2Ex7Vhs814pz0Pl6JUQLi6cSHw/
abdV326fUhrsSmUnBW2KNt/looJ47H5hhevLT2HkT5uX0hniq6yUi1NMrLO7cKNC0X4aPSv+JLyJ
oLvjuX+U+xm7XFRM9n7vipe/76OttKtG75Bp7L2PNt2+e+xtuCHP7AgjL8bX3GkHrt2908oXlubS
Lnnqmbn6aaedlnbtiZY+no2GjN521oe90u/zVRf0/5OcwkZjSTFo1/2xzJU0RsqPi+uLabS8bMFd
ZWnhQcUttVXtPszxrOXBEg6q61K+Cq9THDlhIW/78J9Oe7D9SCu/K0/RZdPUt9xX2NZ+UNjX8qDo
oB5sW9d7+dHQMeJVewqFvuPHhYSjMHFR7uiTylbCQXTndTcLvhgRUPHQxac2iWmwIJ2+fs3mM4tn
4TuUL/po66tHS6vSKNW3whGG3dlx49y89kgY8VI0Ms5xX/s0rjUvlZc2+Za3vGUeCeiO1G8jY8fF
HqP7meN1rvPC2xdxkdropx0H7EkNowDxgZMyjj/++Dl0tF1uCO42rsL3tXsb3j4Lm7zd2jAt44/S
XVX9oNpLPk6pXNO0fZWt1C6Ubx+e2NPEb108KTpXld9XRktTX7gSFtOOxTZvf15YBLiHY5BbTgoO
Ol4Epfe///2pEaLw5R3H15bKEXdcJMUxSsu4MmwszMUXXzxKA8ZWfCn1mXwz4GDw0be4E2bu8Y9/
fIqXK0KhgQkXnYLyE21d9LXmJXqG+jR0aIK2uNs1KdFRlMddt3PxLsP0nm9Pf/rTx8pLGPDmuFO+
W7wpE99yGqSsIzyGNPJWGOLEXW6jo1b7FJiKM8n/wAc+MKLN1iPx4grk9M2WC6E+7uhM78GEY9mV
B/X11Kc+NX2D/lkYWCX0cCQ+Ewvlha8JVs5LLXwhIzx0k1e8y3uUF5OkuDMvlQu+pl2IDupER99i
+GFRCN9QcIlnVO+K08IXxCUe+fGHYVXH2jD5Il99Uz7Wl+EDmr785S8nGjGMYEzR8eslY+Pll18+
d5Ob3GRUp7M+urkF92l4kGMYqWPL0+AEnly9wDfwtNi18CDxVR+0c4xNype89M0ayFVHhOPoPvpL
vsddCHNHHXXUqA7gJ9tWW/i9hQdb+0FhqfIN5UHL05SX+iEuY1FpbGCsOfjgg0c4vepVrxrrj+Fv
sOWPo63tkdO1/SBlauUL4VHr017hJcun4CJesmPtNFiQXu1YXFsWG76WL1rmJeRneUZpqG8WhnZM
5ll9O23MGpJJjz4EXiIN2pMtU+1za152vgAtZ5xxRjoGj/pDESt+Z8zWgjAZ/RT+sssuG9FOG487
zkbxUApQFuiL96ul97TB9773vaO2RV4I9srroosuGqVH3FrciaOxjrSpg752b7G29Tikz20Zfxa7
HxQWlI3xYNK4P03bb+kHLf4ai8QLtA3bz9qwi/0MH8LHQ+WfLhkHuu3c2JZD5a+Vf2waK+l5kBC9
zANhHEMRyVUb8D0KX95xfG3J0T5RHKO0pE1bh9yhNOIOnNEnKfXhK/gXg48cYxmLoIiXK0KhgTm8
vv30pz8d0dZFX2teomeoT18GvdDGHACjFopy5rsyZvHtzDPPHCsvYcCb4075bvGmTHzLHX02Yflj
3kbecsS58MILR0et9ikwFWeS/9nPfnZEm61H4sXTKNI3Wy7avI46BhOOZZeDl5D1RT8LuKd1Orqe
I/GZ11gX71hPeeW81MIXMsJDO3mx8UCOsT3uzEt5wde0CznqREffYvhhUQiO+Y54RvWuOC18QVzi
kR9/8CByA/RisCBffVM+1pfhA5q04IHFF8ybdPx6ydgYdyPO7bnnnqM6nfXRzS24T8ODXHUDZlxh
Y/sm8OTqBeFpsWvhQeKrPmjn6ISUL3npG89yqiPCxbvrk/6G78x74y7jUR3AT7attvB7Cw+29oN5
+YbyoOVpykv9ELdrbKA+48kfI5zQGdk6hr/Blj+OtsaIKFfbDxKvlS+UZ61Pe4WXLJ+Ci3jJlnUa
LEivdiyuLYsNL74fyhct8xLy01yH8ikN9c3C0I7JPKtvp42Bv3WMi/ASadCepnGtedn5ArScc845
SedG/b3uda8b8bu9NkVGP4X/y1/+MiKdNn7uueeO4qFTxkHfrrvumt5TT+jTxW/kdfLJJ4/ifPKT
nxylx0Mt7sTRWEfamoN2tXvCy9l6HNLntow/i90PCgvKxngwadyfpu239IPCHl9jEbyltmH7WRt2
sZ/hQ/h4qPzTJeNAt50b23Ko/LXyj03DnxcegRVnOM8VrGqA8jHSMuhJaaPdVPqOL8OalEP2m3bv
MeDIsMp3GJ3dKyg+bXh2VUphq9VJ9nv+XDLCtuSl8tX44HLXu951jP6cPvsboykDkzU42u/2GeEs
p0XGPYWLx0uNDLd6h88Anset+a3dVjZNFgNAu5Tk+mYNplI86hth41FjY/hQ5wyENfSUwso4pbzA
4rjjjhsZe3l/5JFHjvFuK1+wKEL54MO79jfPT37yk+cpgo899th54fJ4/J6WL0rtrpRP6R5alCO2
XcogZON3nRIRjyobla/2LthSnebvWnCv5UEU5nl7BA/6IGs8ER7WsNrCgxdccMEIM6VZ8m27op+x
C3FK4e079R21/N7aN7X0g7aua3jQGhJtmUvPlidLWNA32fEHzNkdKNpa+8EWvlCetf4QfopXaIzK
RPotWLSOxbXlseFr+KJ1XjJp/mP5SjuqMWrk/STjGuOP7UsxUNvytDy35jW0XBgBRReGTLvAhLKj
5GXBmMWB8Y/FO4qH4G6/82zbFb85KYeyKM5Q+ogr3Imr0zfy/OxvFBXKB39IGyG+7XOJVzv+LGY/
CH0t435L22/tB20d5H3iUjGcT+LDXP7JsaAtsOCwNDfWPAIcSrhPkn8sfivteeFF9VWbA/Vt+6T8
mfYgRSiUarGvDSfDmpRD9hvGRRyylAyrfIcf2b2CstWGZ1elFLannHLK2DcbTs8lI2xLXonIyn/g
cq973WsijaKVNpwbHPUt95nT507GPYU98MADR4ZbvcPnpLBpXGkOxWIAaJeSXPlZg6kUj/pG2Fxm
oc6tUbCVThmnlBdYcJqajL28f+QjHznGu618oYWRyqskV8ejWccMbpQrXkk0iDem5YtSuxOt1i/d
Q4vRx7ZLGYRsvK5TIrRIjbC1d8EOqfcW3Gt5EIW5XQBAWcCDPsgaT4SHNay28KA1TinNkm/bFf2M
XYhTCm/fqe+o5ffWvqmlH7T1X8OD1pBoy1x6tjxZwoK+yY4/YM5CbrnWfrCFL5RnrT+En9gQY10L
Fq1jsc239rmGL1rnJZPmP5avtKMaQ2XeTzKuMf7YvhT99rSuNa+h5cIIKIch0y4woews1GHBmMWB
8Y/FjnJsBLHfebbtit+clENZ5IbSR1zhTtxcPsvz5TeL4q0b0kaIZ/tc4teOP4vZD0Jfy7jf0vZb
+0FolMv7RBaVLAXD+SQ+zOWfHAvaAgsOS3NjzSPAoIT7JPlH2Lm/eAisOMN5yThkO00Y2ipt8k6P
sDKs5UollKfaxUoa7GxiELTp6xmDFIY4uwtFO7cUpuR3Kadr87JlrHmmcedGLRp9vI8srRKzCmSM
zzR0lMiUpSQoqoyELdHBCvhcaU8c8kHIzE8AKKUx6R0TQtGhtBFCS4Y1u9CBdMm/NAhDH4polMuT
8h/yXbyWG/JFNxNSLcCw6bXyBcp7HWWrPPBRKCAA2zz0zE6mo48+egxLDPwoYCzdpD0NX+i0BktX
6ZlV1CX82aFBPdo48CYY2varcsnXkfMoiLVrUd9m5bfgXsODCHR52TEUsatZKygtLrY/bOHBUv9p
09czmLLiUzhSb8997nPH6oiw7Di3x/VQb7bvqOH3aXiwth9UueQP5cHSQgdhlvv5ccC0R3vyhQ0P
r/Nd9OC39oMtfGHzrXkewk+Mo3matVhMMxbnedf8HsoXJRyGzEsmzX/EI7QrxkBop89Q/50vDCP8
LMe61rygFVow/PFsd9BQFoz8CDd5XdDPMKdSua0f7+9O15KwoCGPR1olQy74sKjBzuuI24I78YaM
dfnJICXesOXSc97nkl/t+LNY/eBQLChbPu7Xtv3WfhAa9YfSRTjDfyxw07dV6U/iQzveQ2fOf7R1
5huluTHzfMYrla9mLFacleovnsi+anIqGYfE//hcvWWddoHZMDKs5UollKf0M3Icdc2R1jaunjFI
YYizyjTt3FKYkt+lnK7NSzTW+vB9btSi3zj//PPTrmurQOYKEIzGKJEpC+FKZeIdYUuOfj5X2hOe
fJh3Mxef1rFD2tJF2oybJcOaXehAviw6y5Wkoo/T5lAuz8KJ13JDvuh+1rOeNVqAYfNr5QtkrHgn
+Rgu5IVhgXlLybGTifmLaMLHwM9R7ZZu0p6GL3Rag82n9MyYUMKfa+SoRxsH3gRD237zMurIeRTE
pWPs8/Atv1twr+FBdubmZcdQxK5m5o8WE55tf9jCg6X+M8+D32B65ZVXjiCj3s4777x59DBnov9V
GtQbi1zkavh9Gh6s7QdFn/yhPFha6KCy535+RDXt0Z58YcPD63y3rrUfbOELm2/N8xB+4hSF3NVi
Mc1YnOdd83soX5RwGDIvmTT/EY/QrhgDcfQZ6r/zhWGEZ7yc1VjXmhe0QguLpXi28gBlwb6BHi13
9DN2R7rKj3/AAQekzYf5DnvSIK2SIRd8WNRg53WEb8GdeEPGOjbkWFfiDVsuPed9LmnUjj+L1Q9C
2xAsKFs+7te2/dZ+EBrlOIlAOMN/LHBbCm4SH9rxHnpzzGnrzDdKc2Pm+YxXcjVjseK4v7gIrEF2
kVEnuiuuuGJimNU1QFx1GuJ9HmHjjTcOcQALm2yySVh//fUXBI7FyisqhkMUCsI666wTNt9887D2
2msvSHmUaDymM6y55pohDshhvfXWSxjq21Lwo3AS4kQg0QgWUcEY1lhjjZmRFjvUxEOxgw1x8hDi
oJV4KR6zErbYYouESV9mrXxBPYM7eW6wwQaJh/vy4Vvs2BNt8Di8vlQddFKutdZaayKd4BxXt4V4
1EyIx5OGuFNxQYvVgvtS58EWwOBb2hW8NKSelEcrvyv+UH/afrCGB4fSlIejn44GwtFr+utZjj/T
9k0jwhbhYaGxmFURFoMvamgVPVe96lUD9U37ipP51CZnPda15BVXroe44yfEnb0h3i+dxizKR789
ZG7COBCF9rDhhhumskWhrGqsYx6EA5+V4GrHH+8H59e65mnw1BAenJ/CynizWGPxUkZrpfQLSwlj
+Aq9g+TqTTfddKbzGlvWxcoLOVdyNXLdQvcbjHlWrgbDpeSQaahj5v5ggfw7a7ma9K9xjWskWTDu
ZhvJ1VtuueUgubqFB6XPYIxgfICHJznmRcy5mLsvtXqytEMn8y7qbBKdhIsLCUI8xSfE40lD3Klo
k5r5cwvuS50HW0DSmCy5elI9KY/l0g/W8KDKVuvTTzPvlaO/nrVcPU3fJLoWw19oLGZVhsXgixpa
RQ86GeRq9LqSq2c91rXkFe+zDvEO9qT7jAvzm+TquMh2JFejD64Z6yRXg89KcLXjz7TzQdX5kLG4
Fd/FbvvMmZinbbTRRgs+P27FZDHiLdZYvBhlWWl5uOF8pdWol8cRcASqEYir4kM8JSLEXXrJeK4J
XXVCHsERcAQcAUdgpgjEHXJh9913T310PHZ3psr1mRLqiTkCjsBqh4Abzle7KvcCOwKOwAQE4h3o
Ie5ADHGXXvjOd76TNmJMiOKfHQFHwBFwBBYBgXhaRthmm21CPMknxCtqXa5eBMw9C0fAEVjeCLjh
fHnXn1PvCDgCDQiwEv7ss88O8ejRtFryzW9+c2D1Hy4eoRXivXdpxVtD0h7FEXAEHAFHYEYIxGNn
w7nnnhvitS4pxSOPPDKtROZ0n8c+9rEh3uU9o5w8GUfAEXAE6hFww3k9Zh7DEXAEVhYCyNXPfOYz
Q7w+JcnVGGM49QB36qmnhhNOOMHl6pVV5V4aR8ARWIYIXHzxxeF5z3teiEekJ+rReXLqC3J1vM4q
bL311suwVE6yI+AIOAILi4AbzhcWX0/dEXAEliACHJkU79UZGcstiRzjG+8KXTHH8tqy+bMj4Ag4
AssJgXg/YzqevUTzRRddFPbaa6/SJ3/nCDgCjsCiIOCG80WB2TNxBByBJYwAcjW7y2Ust6QiV7PD
caUcy2vL5s+OgCPgCCwnBI444ohw/vnnF0nmao199tmn+M1fOgKOgCOwOiPghvPVufa97I7AaozA
ZZddlu5r534Y61h1yfFFs7xrz6bvz46AI+AIOALDEOAOyp/97GfF+65Q0i70PbHDqPRQjoAjsLoi
4Ibz1bXmvdyOgCNgEWCu9oc//GHevIx52rbbbutytQXLnx0BR8ARWAUIIFezkKl0LeV22203r/9e
BSR6lo6AI+AILDkE3HC+5KrECXIEHAFHwBFwBBwBR8ARcAQcAUfAEVjKCLjhfCnXjtPmCDgCjoAj
4Ag4Ao6AI+AIOAKOgCPgCLQh4IbzNtw8liPgCDgCjoAj4Ag4Ao6AI+AIOAKOwGqKgBvOV9OK92I7
Ao6AI+AIOAKOgCPgCDgCjoAj4AisaATccL6iq9cL5wg4Ao6AI+AIOAKOgCPgCDgCjoAjMGsE3HA+
a0Q9PUfAEXAEHAFHwBFwBBwBR8ARcAQcAUdg1SPghvNVXwdOgSPgCDgCjoAj4Ag4Ao6AI+AIOAKO
wDJCwA3ny6iynFRHwBFwBBwBR8ARcAQcAUfAEXAEHAFHYCACbjgfCJQHcwQcAUfAEXAEHAFHwBFw
BBwBR8ARcARAwA3nzgeOgCPgCDgCjoAj4Ag4Ao6AI+AIOAKOwMpDwA3nK69OiyW68sorwzve8Y6w
6aabhoMOOiistdZaxXD+cmkg8NnPfjZ873vfCze/+c3D9ttvvzSIWkZUOL8vo8pyUh0BR8ARcAQc
AUfAEViGCLjhfBlW2gxIRs5405veFDbbbLNwt7vdzeXqGWC6kEl88pOfDN/+9rfDrW51q7DDDjss
ZFYrMm3n9xVZrV4oR8ARcAQcAUfAEXAEHIEJCLjhfAJAK+UzRvPDDz88XO1qVwsYZRH03S1NBP72
t7+F/fffP3z3u98NT3va08IxxxxTRejLXvaycOGFF4ZNNtkkXHrppeEFL3jBaqckcH6vYpllHdj5
fVlX30Ti//Wvf4UnPOEJ4bLLLgsbbrhhoH8877zzwsYbbzwxbk2A73znO2lx2Re/+MUUbc011wx7
7LFH6n/Jd6U6tR/Ke5vb3CY8/OEPX6lF9XJVIkDbO+GEE8Ivf/nL1PaIfvnll4ezzjpr2c4pnN8r
mcCDT0TADecTIVqRAd785jeH+9znPuHqV796YP7gfLB0q5l5I/O5b33rW+G///u/w2Mf+9gqYl/8
4hePNh/89Kc/DYwjO+20U1Uayz2w8/tyr8Hh9Du/D8dqOYZkbv+oRz0q/OxnPwsbbbRR+Otf/xpe
+9rXzlyupr994xvfGD73uc8lmJAzb3azm6X+dyXL1Wo/lPfAAw8Mj3nMY5YjmzjNC4AAbe8Rj3hE
+PnPf57aHln84he/COeee+6ynVM4vy8Ao3iSSxIBN5wvyWqZPVGstL7LXe4yyHA+NzcXzjnnnNSR
P/nJTw7rr7/+7AnyFDsRYFC95z3vGT7xiU+E5zznOeGII47oDFv68JCHPCS8/e1vH3360Ic+FG58
4xuPfi+Hh2l5sIbflwMeTmM3AiuB37tLtzS+TNsepynFn//857RD6Mc//nFKZiEWf6EExUBYchdd
dFHYa6+9Sp+W7DtOK3n6058ejjzyyIRdH6G2/dzhDncIr3rVq3znXB9gPd9qcO9JZsl8ytueCFtq
c4r3v//9STn3lKc8JfzXf/2XyCz6q4LfVxpfFIFdjV+6wXT1rPyPfvSjYb/99htkOGcOdeaZZ6YF
gM985jNdrl5klkGuPuCAA8JHPvKR8MIXvrB6QfrBBx+cxhiR/fnPfz7c9KY31c9l4U/LgzX8viwA
cSI7EVgJ/N5ZuCXyYdr2OE0xmNvvuuuu4Uc/+lFKZiEWf2FMw0BYcujo9tlnn9KnJfuOxXEnn3xy
WnDA5qY+Z9sPuve3ve1tLlf3AdbzrQb3nmSWzKe87YmwpTaneM973hNe/epXB+ar17ve9URm0V8V
/L7S+KIIrL9ccgi44XzJVcnCEMTu5dNPPz1svvnmqRPcYIMNOjOiU7/d7W4Xfve73/nu9E6UFu6D
jFQf+9jH0u4/dgHWOOrv97//fbjf/e4XvvnNb4alpuQeUpZpebCG34fQ42GWLgIrgd+XLrr/Q9m0
7XHa8tGfsesVQXvWhnOVjT7jAQ94QHjYwx6WBFwUCv/4xz/SavHltjKenUGUY8jCq7/85S/h4x//
eDjkkEPC3e9+9/DSl740sEreXT0CNbjXp75qYvzmN79Ju1G43ueBD3xg+NKXvrSk5hTMl9jNgYA/
ZK6zKvh9JfLFquHGpZmrG86XZr0sNFUc+/3EJz4xbLnlluF5z3temCRXswCP/tR3py90zcxPX0aq
D3/4w+HYY48Nt7/97ecH6nnDPPGKK64Id7rTncLXvva1sNSU3D2kjz5Rhml4sIbfR5n6w7JEYCXw
+1IHftr2OG356M/Y9brzzjsPWvxVk5/Kxo5zFqs++tGPTnL1D37wg/D3v/89beRabnI1O/IPPfTQ
QQuvkDMYazCa3/e+9w2ve93rXK6uYSATtgZ3E21JP/76178O8Mjaa68d7nGPe6T5xFKaUzBfYuPF
+eefP2iusyr4fSXyxZJmWicuIeCGc2eEeQhwpBkrs3/1q1+54XweOsvnxYknnpiONB6iTF5qpXIe
XGo1svTpWc78vtTRXQrt8Z///Gc6SnzW4xIGcnYOsaL2M5/5TFh33XWXenVMpE9XVQwxnJMYR4/u
vvvugR3nGCDdcD4R4mKAWtyLiSzhl0u1j62la7H5faXzxRJm2UUhzQ3niwLzss6EORRH1LIA0A3n
y7cqMQBx/dlSUnIPRdN5cChSHk4ILGd+VxmWqr8U2iNyNfLvrMclDOTbb799uP71rx9YcLMS5Gpd
VTH0xBJOydtmm22S8ZxTQF2ubmuJtbi35bLqYi3VPraWrsXm95XOF6uOIz3nPgRWpOEcgeYNb3hD
0F2lDFy3utWt0t1WTBK434pVPrn7whe+EF7/+teP4rHD5q53vWvaicUut5JjlxoryTjCCkde7NZm
Bfr73ve+dOT2LW5xi8AxYYTjHhlW4nGsxbWuda0U593vfnf4yU9+kiYW0Mfqo6222ip94x/KfGhb
b7310ko9Vgzzx25i6OVIb2hlZRv3kxIOR56vec1rUpw11lgjkPY1r3nNlD6/S+7f//53oo87Wdhx
TrkoO6uP5Cx2HEHJMZnKk5WEO+64Y8KA/LnbhlWNTJrIH3zueMc7KqlmfyjuNgNo49hdjh/BWMIk
5trXvnbaZYfBwE7sqI93vetdqVxXucpVEv/QSROXcrDzkVXrXXzRwoOszGSForD805/+FO5973uH
61znOrYY856Z8GIcB2fqlYnqrW9963DGGWekXRAlwzl18973vje1E+4Oxm2xxRZplzo8b7HgWysP
EvfLX/5ywv3rX/96Ov6fd7vsskvaEclK19zV8qDit/A7cWv4glV1HGWMg07aHHc3velNb0p3v267
7bZp9xvlK7kf/vCHAT6iTuAjMN93333T8wc/+MHw8pe/PFzjGtcoRa1+V4M77ZujpLhnh7qH99RH
QSs0o+xbZ5110tFb7Ey1jvZCX0T7krv5zW8eHvSgB6X+QO9m4bfw+29/+9t0PyEYs4uYHcwIi1yJ
QF/a5T796U+HV77ylanshKFe6b9oa4wv7HTkaGDSo3+nb4QPDz/88HQUJ7wFLvi0Tf4OO+yw1MZt
v/+HP/whCa4cGQ623OlN30uaX/3qV9MpIaz+zAWvGtzVhikHffR1r3vdtLsY/mX8YFU09aX+h3C4
1vZIXMoFX7EyFH7H0UbAgD6qy8FrHOXGeAk/gjt9BWMjd7J99rOfDZtttllX9EHv6ffgCyb7D37w
g1NfTjuW23rrrVPZOcIudygF3vKWt6R2DB3/+c9/Eh/BT9ttt91YcOqIcYO2AwaMwYSDj+GNCy+8
ML3HcP34xz9+bOwfS6jiB/3I8ccfn45r56g8eBIHnXnfznv6pT333DPc//73D0cffXTiefEFK+yp
LzvuE0euhgcVp8anndEONV7f+c53Tr9pF/AHfegtb3nLmeNOntQx8yzmAOTPPIE+nzxLrhZ30qgZ
f2yeCz0HsnnpucZA3TIHUj5Dffom6oV2w8p42tnee+894nfSKfFtK7/TjuiXPxKP+6UPUp/GqUBc
qWPn7bYMLXxh4096bhl/bJqt85KFbvuWxqX8vDoYzpk/MBeC73GMcxxXyryedvCiF72o2NYI/4pX
vGIUj7kGcg1jbmlsJW0U7bQZ5ms48mLehbzFvInTtJg/0B4JxzjAnJUTMRi3ccw7kPOYzzDnI45k
br4jN1MmriLDgIFMxx+7iSnnxRdfnOZF97rXvZKsp3kReTJP05yOtEmX+XKfXA19pM+O86985Sup
7F1yNfMfyqlr0qDvRje6UcKA/FncxtxFZQMf5LZp3VDcbT7ggKwM3t///vcTZsyJmU8yVtr5xiWX
XJLGVMq1ySabJP5hbohRARyRhU466aROvmjhQfgTXYywvPLKK9M8h/lvn0MWQp4BZ+oVIxC6ndNO
Oy08+9nPLhrOqZt3vvOdiX+Yp+LgWfgSnrdY8K2VB4mLToi84CXJ8FzJxr3Fu+22G0HGHGNlDQ8q
cgu/E7eGL5CrOekIR360uU996lNJf0U93OAGN0gyEXPkkoPv0HVRz/ARmDMm0y+h50B+Zd49C1eD
O+0bXST1Q1uF99RHQSs0M7+EL5iv3+c+9xkjkfZC30n7kmOuy2lS9AezdC38Tl+GzATG4I7OELmf
vpa+rstxwtVLXvKSVHbCwLf0XzrlEvn3enEhM3I25ZdcjX6Tdgxv8V59MO2T+RcY236feRE7qjky
nP7o1FNPTWMKYwYnJ3FKyCMf+ch5cnUN7mrDlIM6Qf+GYRX+ZaxDdqK+NH4QDtfaHolLueArygHu
ONoIGNz2trdNv0v/0DEyd6W9QQ/tiT/iMJebxYKuSy+9NLCblrGXPo8x3uqF0GdS9pKeC30y4wFt
gzkV8ip8BD9RPuuoI+qatgMGjMGEg4/hDRar8h49zymnnDI29tt0ap65gxoe5MoV2it9Fa5LrqZf
gm7mOscdd1ziefEFu/Cpr5J8Qpo1PEj4Wod8z6mmyE+MhehWaJfI28ynsGEwv5s17uSBXot5FnMA
8meeQJ9PniVXiztp1Iw/Ns+FngPZvPRcY6BumQMpn6G+5Gr6Rub18Ak2NPE76ZT4tpXfSZe5Pn/o
/dSnYYeCBjtvt2Vo4Qsbf9Jzy/hj02ydlyx027c0+nMDAnFiN8jFCc3ccviLd3Jj4e38ixPquTig
j5UlDrRzcTLbGYf04sR7LA5YxN1cvXGIRxjCRiFqjrxFW5ywpfdxUjf2nu9x0jDKKwptc1EAGMXj
e7y7dC4O3GPvlK6NGwWqeWGiUnEuTmpG6ds6jfdDzguvdK0fO9FR/Ljyel6cHXbYIeWRl5k09M3m
W/tcg7vSjoPNXJyIz6NV5aJuCKPwpXIprHzixIneKI7itvAgcePkeh59cSCZl77ywY8Cwbw4ok9+
NHyOpREVCake9D33KVc0uo7iTMODUTDspS8qTEb5UJ4WHhQetfxOvFq+iJPe3vIIS9sORd9b3/rW
iXFL8RS/xq/FvdRWowAzF5WB82iGP2wfGhdozAsjHPDpr+ChGvq7wrbwezRO9tJ3t7vdbe7HP/7x
GH1R+JuLgnZvPMqmtpXzhd7DXxYLYUe/39cf2Th6jkLyGI01uJfasNK1fjQMzsUd3aN8pmmPUZky
VnabD8/gDt/ZumYsjobb3njC0MarfQaPeFRnbz7QGI9hHaOPeLzLy2J/g1lUKI3iRSXKWPi4MCLN
J2wcPdNWasui8PTrYKO0uvxotB+jj/jRyNkbD5pL84YaHhSdtT55d5XFvo/G0zEaW3GnL5jEG/Qp
Ksc0uNeOP8pzMeZAysv6mqOof7Pf7HPrHMimMek5Gg0G8YXm2ja9Vn4/6qijOvOMiyvm4AXlMw1f
KI2hfu34Y9NtnZcsRtu3dC7l50FC9DIO9IxnPKOT7+mDo3I88b0tYjT2zsXFfr3xmO/mLu+3bR+v
Z8LgoiEw5a330RiT3kfF79h7vseFUOkb/6Kiey4q5cZoQ6buml/auFGpNRaPtKNScS4q/0bp24d4
P+S88KLX+sgvctEwPy/ODW94w5RHXmbS0DfFb/FrcFf6Uck8Fw1F82hVueALwsiVyqWw8onDHDR3
LTxIGtGQPI++aDTIkx/7HRdOzIsj+uQzhljHXJZ60Pfcp1zITXLT8GA0CnXmQ76Mz9a18KDi1/I7
8Wr54hvf+EZveYQl41zuPvCBD0yMa9tvHr/mdy3upbbKvCUaU+fRnPeh55xzzrwwwgGf/goemoVr
4fe4sKeXvrgIYC4aeMfIi5uG5uJ1WL3xKJvaVs4Xeg9/WSyEHf1+X39k4+gZ3a51NbiX2rDStX40
DM7FRRyjbKZpj9FQP1Z2mw/P4A7fWcdYHA23vfGEoY1X+wwe8SqL3nygETnXOuLxLi+L/Q1m0aA3
inbBBReMhUdfw3zCxtHzWWedNYpX+0C/DjZKq8uPRvsx+sgH/XBXeN5Dc2neUMODteVR+CH6LWhE
n2FpbMU9bqKYyBv0KXLT4F47/ijPxZgDKS/ra46i/s1+s8+tcyCbxqTnuGC0l2fFz3Gh27ykWvk9
LhzozBO5Op4QN8prGr4YJTLwoXb8scm2zksWo+1bOv25HgF2Eg9yS1lpIdoQSqQ4jiua5i6//PIk
gDHZjisBU8MsKd3VadEhMHjHVXlJoY/woXh8o1NTXuedd96ooZNm3FmdvsfdqCMaiCPDOfGgI+7Y
SfHy93HX2ehbrpSMK1LnMEIorjou/Lh7Pinh4yrUOToYSyN5khZpxxXqKV+U0Fapr/LgtxhJwByD
jmgiffBTunH12shAFFdrz8XdB6NvClPjt+Bu+QI6Ed55F3fZjNFueQPlOQpFa9yCNzAo2/LmSlmb
Vw0PgkFcnTSHYMbkT4r7nBcsVlYJEVdkpXLBf/CC6gPfpoHBTjwNv5DGJVERRHkxlCoe5Y6rpEd1
1cqDcVVsShMjWVw1nXBHaQEvkBeGOmuQaeFBi0kNv9u6gpYhfIFChzxEP/EQBGnb1Jv4BeOUNRbz
fNBBB6UyU8a4ujeVG1ztoh1bV7Zctc+1uJM+ygX6Cls2yke7gK/Ah2fLG7wnjHCgfcNjcTfo2EKQ
3OhbWx7Ct/C7nbzQRuLK54Q9uMfV5yPaLR9SV1a4jyvhU91i5HrWs541ikOZVV+0FRa5CDu9h274
QrjaPoa+JK5aHqVH+7MLHggL/XGHSwpjDZ4tuNMvxxWao/xo/6SDwvbkk08evbcLo1rbY9yVMUrv
Jje5ScKdyW/cqT0Xd+uMvqFYVzvBf+hDHzr6xljCuPr//t//GxtTLYYtfKQ48BOGMGuoZ5HaCSec
kJQMcUV46rMUHp/xVvxOnwa/Uy586kff7PhOW4fvLPYKF08sSH2+DJJxpfyoz7X5DnmexlDHvEE0
gS+GYfjC8id9nKWjhQdt/KHP9NOPe9zjRvRBJzSyuA3eYDGeaKfulG4L7rafJs24UyHNZxgfacc2
L7XxVtxbxh/KtlhzIOFoffGpym6/6dmWq3YOpDSG+EMMvtRhPkcj7RZ+Jx7tlTQR9GkPzJ3gC/iR
98wRRXsrXyh+jd8y/pC+5feaeclitf0aDFZl2EFC9DINBK5SHDOHj7tBkhGAOdSuu+6a+L6kdLd9
NkYe5oUo9Gl7ikebQdkmZ+c/pMm8ie9xZ9mIBuLIcE48lFtPfepTEx32PfTF3U2jb+RrHW0GI4Ti
kq7+4i6b1K7322+/JFdbGkmDtEibhb/EQQltlfo2nxYjCZhj0BE9pA9+csyjZCCKO/Hn4k5BfWry
W3C3fAGdzNV4R59iabe8gfKcOa1oJx5GDcYMG0cLIFQYm1cNDxIf+TKe5JbkGxl1cl5QPviUQ7jH
E+nSb/gPXtB7fJsGBjvxNPNq0oi7lZLh0C7wotxxt+cou1YejCerJFowksUdpAn3eALNHLwAbRjq
rLGjhQdHRMaHGn63dQUtQ/gCoyJ5iH7iMf+mDTPOil8wTmFkk+OZeTjhKeMf//jHVG5wtYt2bF0p
botfizt5IHfRV9iyQS/tAr4CH54tb/CeMMKB9g2PMQ+1+src6NtSphZ+R94RfbSRuEswYQ/uVr6z
fEhdWfku7jBNdYuR6/nPf/4oPdJVfdFW0BcJO72nnOgrhKvtY+hLrDxL+7MLHggL/Vr4Zw2eLbjT
L0u/Cu20f9K5JM4Nn/a0p43KZRdGtbZHdITCPZ4QlnCPpxgkna7d7BN3aY7aCbjHU8dG8RhLGFeZ
w4GF0rMYtvCR4qB7Yn5sDfUsUnvSk540F08TSfI2fZZ1jLeigz4Nfqdc+NSPvtnxnbYO31nsFS6e
WJD6fLWVeHKYza7qeRpDnTUkgi+GYfjC8ifzF+taeNDGH/pMP50vcIZG9CLwhl0ERt3JteBu+2nq
CD0a7Yb5AP27zUttvBX3lvGHsi3WHEg4Wl98qrLbb3q25aqdAymNIb7Vmao9lfx8jkbaLfxOPNor
ebD5gfbA3Am+UP9kF7608gX51LqW8Yc8LL/XzEsWq+3X4uDhxxFYUYZz7e5DicUEk45GfxjRMUZi
9EHRrfdMZtQpMAnVe/nEQ/FPGCn5SVsGMpT7doce8ZgI6rtVoPNNnXP+3n7rUkoqLrSQPh2M6MTP
6bDfKAcG0z7DOeERMikfCmJwpCy8I2392XT1LIVqvmNRaUFzV7mUxiS/FXcZyJjQMjDl+Vgjj1V8
CjNozw0amvhiYENRoDRbeFBxra+67sKMAUrKWoSRvO4pB3TnuCtd4qLYtXnybNtDydip+KQ7lAe1
UINdvCxWYFcpRkPSgA4EHUtHKw/aNFR3ffzeyhfkI35HQLD1j/FU2Nh+hsFeRpdSnWoCy2TBlmOa
51rclZfKRjngLepL36gbPTPx1SIMJj56b30ZGuAVhGr7rea5hd8pvxaRxOO6xvp95W2FLpQivEeo
o+z8lfppu5M6r0thl78nXb7l/K72hNGCMPAShnryjkfgpXdqkzLuT4O70sr7QvLVwg5Wkgof/Jb2
KBwYc2mLNj2eVW7KqT7ZTtjZ+WXj0HdoMVGOoQ3X8qy+goUV5NOVBmOh+CJv98QBQwlA0AjP2rSE
PWmAf7ziZOy7bWc2Xs0zdQUdMq6KfzV2x+Phx/JU2tQBdEG3PW3EtiEMhAo/DQ8qjRrfYseYa7Gi
vPYUgHgE44hO8rBxJ+GOQKo6xuib00g/rvmgneu04N4y/iz2HCgvv9p1qX9T2FnNgZRenw9fU/9S
yIpHZ83vOQ3qE1GCkb8WqqmPVvgWvlDcFr+vfkrjT8u8ZLHbfgsOix1nXKxeWb807qHEQtFpHUZ0
jJEYfVB0y9Eu1I/SJnNHPBT/hJGSn7RlIEO5b3foEZ8+X9+tAp1vMozk7+23LqWk4kIL6TMHsC6n
w36jHBhM+wznhMeIye5LFMTgSFl4R9r6s+nqWfOJfMciWEnZ3FUupTHJb8VdBjLGVOY6ubNGHhZO
yAkz8M4NGixy4j39OcpHuRYeVFzrq667MGPckLIWY1Ne95QD+vizaShd4iL35c62h5KxU/FJdygP
aqEGu3gZg9hViixNGtBBH2hdKw/aNFR3ffzeyhfkI35HgW7rH+OpsLH9DAtx+tqBduhhgJ+Vq8Vd
+apslAPeor7k7CIHuwiDOWLJydAAr9iFGKWwfe9a+J3yaxFJPJZ9rN9XXlpQRFlZiI1jXs5v/kr9
tN1JbdsWcYVd/l7fcn5Xe0JPh4OXMNSTN/I7Tm1Sxv1pcFdaeV9oDSjIE9a1tEfhwJhLW8ydyk05
1SfbRQ6cLGAdfYcWE+UY2nAtz+orWFhBPl2OsVB8kbd74oChFuFBIzxrnbAnDfBH/rDOtjP7vuaZ
uoIO6S3Evxq747HgxeSoA+iCbvpmOduG7GkY0/Cg0q7xLXYsVLJYUV6rR0Z3a52NOwl3q1NDxs4d
/bjmg3au04J7y/iz2HOgvPxq16X+TWFnNQdSen0+fE39a8GNeHTW/J7TQH1TFxjOyV8L1dRHK3wL
Xyhui99XP3zL+86Weclit/0WHDzO/yCwogznKIFksKYjZycZiuPnPve5aTctR1DkxpsLzHEvTLJY
bYXhQH8YTGV8kVJMikHyiPd0zFOuIrDIuMKOKKvEUX5SaJe+dSklFRcjEIOWjTvpWcquPkOi0lDY
GgMFO8s1+bHHb0twGZKv8u/yW3BHoIz3tibaZJwqpa+dhKpjwlgcUFjbeKLFhud7Cw/adPWsuu7i
BQYy8KaOUFAonnyMQTe72c1SGJuGFKvEZVWh+Bw/3hE6truzj0eH8iC0nRJ37Yk3cr+Lxyz2TDhV
rqG+4nfx3TR8AQ3C0e7O5b0U0Xm5bH5ggPGHVZf0TWCPEY2J0dDyTQrXirstG8ZBGd9L+THJU33S
xnJ+ou8UTjkepfT63rXwuzUysdK3lD71IoOxFs3I6BjvjSwafUlHCrR8oYPKa9uc8uVbjoPaud0V
qTQYr4grnOlrqA/9Bvta3BW31C5U7lK7V3vK6VfZrK+w0Icxmp30tp+BL6xAJqyUP7RhcLJp8sxC
MdIcQkMet+83bZYFIJPSZXW78s+N4kqfvkpzEBnx9E3YM29ASaT3C+GLr0p1WcpPtNlTDRTu9NNP
T+W2aSl8Cw8q3Rpf+VFHJewZ72TQZveCTVtxh+COQoQycaUNChqbjp61OKrEL0Nxt+NBzbxE846a
uWdrXiqv9dU3qc3ab3qe1RxI6Q3xh9Bl0xFPDOV3xUWBLyM9fJL/lfpV4g7lC+XT6vfhwLecZy1v
UJYh8xJhR/ja8ae1XEs93kpWKKAEksGafufYY49Nhg/Ga3bzIfvlxhsW/altMLdhYQmGA/1hMJXx
RUoxKQbJg9NCSk7GFeaa1ik/KbRL3+DbklNcjEAo7GqclF19hkSlp7C5kk3fSz47y4Ujfa4ccgPv
h+SrOF1+C+4oNeO9rYkGGadK6WsnoeqYMBYHlKTWiRYbnu8tPGjT1bPquosX2B0MrtQRc9DcYQy6
xS1ukcLYNKRYJS67hsTn+JzeA7+SJt/7eHQoD0JbfvoVaeuvi8cs9vSptU7xu/huGr6AFuHIYkfr
pIjOy2Xzo+wYf9i9TN8E9syXMMzNyrXiTv4qG8ZBGd9LdMnYRnloYzk/0XcqrRyPUnp971r43RqZ
PvrRjxaTp150EoB2C8roGO9MLhp9SUhXZeS7cFVe2+aUMd9yHNTO7a5IpcF4hRPO9DXUh3634K64
pXahcpfavdpTTr/KZn2FhT6M0Yy9tp+BL8Ca7/wJK+UPbRiccsdCMcIPoSGP2/ebNsuisknpsoFH
+edGcaVPX6U5iIx4+ibsJRPp/UL44qtSXZbyE232VAOFO/vss1O5bVoKDx4L3fahQ/lRRyXsGe9k
0EZvY53iDsFd8g9X2uSL0ZSmFkeV+GUo7nY8qJmXaN5RM/dszUvltb76JrVZ+03Ps5oDKb0h/hC6
bDriiaH8rricliMjPbyf/5X6VeIO5Qvl0+r34cC3nGctb1CWIfMSYbdYbb8VC483N7eiDOcMrnYH
Yd74+J3vPFSHXgqbv9P94HRufMMogIBfo9RRflYJrfj61qWU1HdrZFHcSb6MGV2KPRtfYXMlmw1T
etbuUimdMSKQBljJCFSKN/RdC+4yZE6igckLYVAcyljYh4NokTHLlqGWB21cPauuu3hBx1azi7lk
ZCKdkhK1T+lL+e0fx0yJHvmiawgPWiMS6cILHI1873vfe5RPF4/1YS9a+nzF7+L3afiCfEvY8l75
lsqFEK/2YHHWM98QCvrKNeTbNLjbsuWLAvK81QZEf59fwiNPr+93C7/LyNSXN4YD7fCWwU08bvuC
Ptrsty6+IEzJcKG87HiQpyGc1dfodx/e+paXXXGVlqW9RIu+9/G1wsgnrE5XEB19vgzM6ps4fUFp
Wb+GBhtv0vPQdK1hX2NEnrY1GnKMoP0u7DHWwXf226yf++qylJdoG8oXCt9Xr/qW82Ap/0nvlF8f
dmo3ti2R7pC4hLNGxL7xTcYbFkjk87+huLeOPypLzdyzNa9SnQjjrnmJ4sxiDqS0hvhD6VJawnEo
vxPP7pqAt/fdd9+0OFcnYfCulB5xh/KF6Gv1+3DgW6kt1s5LhJ3ad59fyq+1bEs53kpXJtgdhKX6
znceSqFVCpu/0/3gUhxhFOA40Bqn/KwSWvH1Db4tOX23RpZSuNI7GTO6FHs2jsLmSjYbpvSs3aVS
OtMOSAMcZQQqxRv6rgV3GTIn0aB+D8WhjIV9OIgWGbNsGWp50MbVs+q6ixd0bDW7mEtGJtIpKVH7
lL45v7NIP3eiawgPUv8yIpE2vMAiZ20Q0DvC5a4P+zxs6bfid/H7NHxBfiVsea98S20Ho4faQ461
sMBAPK2bBnfyVtnyRQE5XWoDpbLk70p45On1/W7hdxmZ+vLGcKAd3jK4icdtX9BHm/0m7Ertlm85
LcrLjgd5GsJZfY1+5xiXfuf5Ka7SsrSXaNH3Pr5WGPmE1ekKJZrydzIwq29iE1PJ1dBQit/1bmi6
1rCvMSJP0xoNuQbQOmGPsQ6+W0jXV5elfEXbUL5Q+LwuS79zHizlP+md8uvDTu3GtiXSHRKXcNaI
2De+sQmRcjK25fO/obi3jj8qS83cszUvMMmdMC71bzbsLOZANr1Jz0PpUjrCcSi/E8+eREL9c10i
i3N1EgbvSukRdyhfEHYa14cD30ptsXZeIuxKbT1/V8pvmvJ53DoE1iB4rJSJLq7EnhhmKQSIxzgF
/uJxoyEqNUPstEMcwEO84yrEI2sSiVGxGo444oj0HDuiECdyISp4QlwVHNZcc83OYmy11VZh6623
DvHIkhBXYaU4pLnZZpt1xsk/xKN0wuGHHx4sDU9lKc0AAEAASURBVAoTDTch3iUSolIy3PjGN9br
kd8XdxSo4yEewRIOOOCAsP3224e4+6+3nAobV6AlzIaWLx5RFnbfffdEQdyVFeL9NCEewxeisjtE
o0Nvnh1kj71uwR32Bu+4OjPEHdXhHve4x1ia+iE+iIrPxAdrrbVW6MNBtBA+KonHylbLg6LB+qrr
Ll6IJxqEQw89NMRd5SEefRPWXnttG50FMSF26CHu9hzjp3jkUcIhKnsTr1HGkltjjTXCtttuO4+3
RVeJf/N0FJa2FQe4EFefjoLEiVGI9x6FKIwWeawP+1EiPQ+K38Xv0/AF2Z544omJp/P6Ub6lthOP
cwqUOwrxIe4IT/xFWnF1dYgCLI+hxE/pQ8W/aXAnm66y5STEgT5EhWl6HY8AC9GYk/rbPBy/40rO
EFeaB/iqxbXwezwaM8RJWIg7z0NczRriDvJi1moT4mnh11IXXdgxDsW77EOcGI/xu/JS3hCYp5H3
NXEXUjPueVp2vCvRIsD6+Fph5Mdj2UK86z3EVaSpj+E5rlzW5zF/3XXXDTvttFNYZ511QrxrNESD
ZYg7MhIGYwHjD6Xb1Wfk4Yf+Hlq2OMFP5YoG0xB3n4cNNthgXhaktf/++6ey531DH/bzEpryheoS
PA877LCJqfXRprQsjy5m24d40TdkvLN02rhD2nNcoBPiPekhXssT4o6uYn+lsjOu5fM/YTUJ99bx
h76sdu7ZmhdzoNzlfVP+Xb9nMQdSWkN80RUXaIbddtttYhTxU4knVIc5H2mciDupQlRCBuQBuSgk
h7gTsXP8VpqT+ELptfrCIe97usYf8qmdl4j/ibvQ4z55LAd31atedTmQ2Uwj7Zm5K/OXuDBzJFfH
RW9pLCThqFgNxxxzTMqD+X40roWo4Alxx2Qo9SUihnnjda5znTQnZo5IHGTHGkzj8dch3o06RoPS
jzu7wvHHH59ojwvn9Xrk98UdBep4YLxnTNpxxx1D3P03JgfmURQ2XpdSVT76/G222SYlxzw2Hjud
ZNqo7A7R6NCbZ05D6TeySC3ujCngHXc5hrijOhx88MGlpJPcBx9ExeeID/pwEC2ERya389NaHiwR
pLqGj0u8gJ6A/p2+PC6UKsrV6IviNWZj/ATfo7+Jyt4QT+gZyXY5Dcg/yKQ5b4su24byuPqtsLST
iy66aExXRBuNGxdCXNhZ5LE+7JV+n6/4Xfw+DV+Qb1wAEOJdzWPY8l75ltoO41fcBR3iztVUZvR9
uGhgS7oZnkv8xPsaNw3u5NNVtpwG+j5kItxb3/rWEI05nXL1JptskvqeVrm6hd/RBdN2GAeQ8eg7
Sk5tQjwt/Frqogs75jXoF6OReIzflZfyhr48jbyvYV7Tinuelu23SrQIrz6+Vhj5yL977bVX0h/R
x8R733vl6p133jnJ1cwJ4/HVIZ5slWRspSdf6Xb1GQpX6w8tG30x5YoG06QL65Kr99hjj1T2vO/u
w76W5knhVZfRADyyIfTF6aNNaVkeXcy2D92ib8h4Z+m0cYe053iSRIgLOJI9IJ4IUpSrVfbS/E9Y
TcK9dfyhL1vMOVDOM3nflH/X71nMgZTWEF90xQWaIZ7oNzGK+KnEE6rDnI80TjCfjCcpJT2yMkI3
vssuu3SO30pzEl8ovVZfOOR9T9f4Qz618xLxP3EXetwnD3dTIBA7mkGO1ZZL/U93WXIfSolW7YiO
CrHRd91pyc4IVoiU4vGO42zYmcaz8omwz2mXYh6Pe7NZicKR7fabVmBbGvjODjYdCR+VXmNxFL8r
rr73+dpV17UD18bVDqUuTNjhzLEuNo6ehTHY6G/SzlXFneS34q5dOBy9XLrjFWx0zKvusYcWYQYO
cWAdK2/sQFP5cjxFYw0Plsqtuu7iBeUPxqxCy9PQscJ8t2noXlV2SXXVIWlFZU3xu+jK+TfPn9/a
QRoHnXn06T7jErbEnYYHia+6y+vH0tnKF6ShuBZbm29eLuhhFy48WMJdq26jIr/zBAFLe9/zNLj3
lS3Pk/6ScnbxoMLT5ux973pf47fwuzCHvhIPkr/aK2GiMizxqe6r5V2+a1g0c/cOK7k5Uk7v8MUX
+f3VcUKZsMr5otSelIZ4S2UXL0+De56Wpb1Ei77XtEc7lvUdQ03a9DPKQ/mDEce36b18rj2hTnIM
9b3VV18xKV3GdPLnj+PnS/mpHROGo8dsmD7sbbhZPAvLuBBvjAalnd/l3keb0rJ9/jQ8KBpqfNEH
ruxgyePq+HS+c7Sl/a64aj/2W/6ssnJkm73r3YbTHCcuoOi8+mcI7mrnNfMS21/VzD1b8rJl1rPS
Ud+k99YXjdPOgWyak5415pXmQsTluFabRh9PiAcsv6v/g7+iUDuWFunqqp8uHlOaQ/jC0ln7rPoZ
Ov5ojKyZlyx226/FYFWEHyREL9NAl8RrweB7ToIpOe2Ijgqx0WedzhCVoL1HJUelfdpNSkTloz5+
lJh5YB5Fv8KpH9Z17TxhB5uOhKfNl1xX3FLY/J121XXtwLXhtUOpCxN2OHcdYyqMwUZ/9LOzcK24
axdOVDjPRSXhPFLARse86h57AgkzcKCtWheNV6l8OZ6isYYHbbp6Vl138YLyB2PGuNzpWGG+2zR0
ryq7pLrqkLQ45rr0XXTZNpTnrd/aQcqR37nTfcYlbAk7DQ8SX3WX1w/f5Fr5gviKa7HlvfLNy8V7
duHCgyVc44K1xE9Rkd95ggDpD3HT4E76XWXL82auQjm7eFDhaXPRkKKfTX4Lvwtz6CvxIISovRIm
GjcSbbqvlnf5rmERj64wLnJK+la9wxd2nI5jHbpIsMr5otSelIZ4S2UXL0+De56WpbFEi77XtEc7
lvUdQ03acdOAshjtygQj9DC54xoJ6iTHMA9X+7urzebpMKaTP38cP19yaseE4Vhn6/qwt+Fm8ay6
5PqykmM+Y10fbUrL9vnT8KDNd+iz6ANXjvrPnY5P5zsytnWKq/Zjv+XPKityNbr0ktMchx3nXVf/
DMFd7bxmXmL7K52QkdNYmnu25JWny2+lo76pFEY0TjsHKqXd9U5jXmkuRJy4OGYsah9PiAcsv6v/
g7+wCeQOHQffunhMaQ7hizztmt+qn6Hjj8bImnnJYrf9mvJ72HEEVtRR7XQ6NDL+aHDWQIWiWEcq
dinEUITSMKR4weBDh4EyjDR1VDvfpTzlPXcqoYDiPYYAHenKt/zYWR05jJJe95wSh8ki4fljgika
8KGDsui+cO6H5TfKPP5KxmDiUWaFiTtskuEOw5x9L7ptfva+UPLCEMIElSM1dF81irZSXCtYUhaO
ViW+TX+a5xbcpcSBHu5dYuIlGjjCCxqFvTXyMwjAEyVDDkfPEwc86fCUXgsPEhd8VVfUrYxE8AL1
q2/Khzxl7IcO+Ir64D3KY5UH3/KTpY+jqCmj0iQPju7SMcu2nbTwoO4xjjtORwZGJk0c1yP6SthC
TwsPWr4ewu+tfEH96Hhviy10gyf45eWiboQrym1rMCSesJqF4Vxp1eIOftDJEbTiG8t7peOlpahn
QszE24ahv0CwJi3wyBefiO+G+K38Tt8sXsOIe9lll434HaM47ZvvHH0s+sCAO69FN4ufVC76DttX
xx0fo/Qohww4jDXqZ+gTqQulZ43Ctk9XHsJUvKU2a/sahanFXQtWbFrCX/fLwT+iRd9q26MMRZT5
jDPOGMOdNqL7vfiOQEY+MrgJJ2ilrdFWdKenvlkMRWOtrz6XerJt1vYjNk0wiTurRvyEwsHihDEd
+viz4x75wFMcSc83sLd58M3mM4tnLf6g3ckADI4YlQ866KBEhzX+d41n0GL5wtLWyoM2jaHPagPC
F57CgEfdxRN0RrjTnnV8egvu9AHqE8BOczTopM7iqQijvOLu4Xn1VoN76/izmHMgyq25B3wq3uma
lxDe1tXQefhQPugKJ0yY30Ev4eAN5uLUZ74Qopbf7WIgxjSN33H35xzjivhSbTuns4Yv8rg1v2vH
H+q0ZV6ymG2/pvyrKuy4WL2yfjFei79RKloDFYpiHanYpRBDEUpfLYfBhz4CZRjp6qh2vkt5yvt4
QtjIqI7B0S5Ky4+d1ZHDKP858hNHnJNPPnlEO7KdddBBWTS34H5YfqPM469kDCY+ZVYYxn8Mdxjm
7HsUZ7mz94WSF4YQjOXIKrqvGkVbKS59muoAv3SHZJ5fze8W3O0Rm3G3UJLZlCf9CjSKZmvkZ04H
T1BXlMs6jp4nDnhapWwLD5Iu+KquqFsZieAF6lffRAN5ytgPHfAV9cF7dEEqD77lJ0sffTBllCOP
Cy+8cHTMsm0nLTyoe4zjjtM0JyEf+j07/yxhS7gWHrR8PYTfW/mC+tHx3hZb6AZP2lleLimoqQ+U
27R5684888wRP3UdvW/D9z234g5+0MkRtOIby3tx19q8bKWoZ97CIjgbhv5Ccw7woO5bXSu/0zer
LWDEtYYujOK0b75z9LHoAwPuvOY9dDO3VrmQL21fzcYP62TAYawhLA4jMG1A6dm+xPbpykOYirfU
Zm1fozC1uGvBik1L9MdTeRKN8KJo0bfa9ihDEWU+55xzxnCnjZx77rkpL75j9MTJ4CacoJW2Rlux
uuq8bYnGWl99LvWkNktd2X7Epgkm8VS0Ed3IqBYnjOnQzp8d98gHnuJIer4NGYNtvi3PyD3CEVkR
B47oMJA9+GaN/13jGfEsX/BbrpUHFb/GVxuAbv7gKXRt1F08QSe94z3tOZ5mkpJuwZ0+QH0CfKY5
GgnCF+iaRQP64dzV4N46/izmHIjyae4BD4t3uuYlhLd1NXQeTrxpnDBhfge9OHiDuTj1ST+pdsC3
Wn63i4EY0zR+o6dlXBFPqG2Th3U1fGHj1T7Xjj/UKX0f9NOeVS7l2zUvWcy2L1rcr0dgxRrOYVga
NQqeo48+etQAeZ/vBJMxQY0UowkKMP2Wj8KMAYA/FGcyruh7PCJyLA6KVxQEioOfG5YVN/fJH2Xd
kPDW6KO8rPIyTzv/XdpViXCXh7O/dY+58rN+PBpoFLeUtg1b+9yKuzoqlYG6yuuLXUOiR4pOhcdn
QOe7lLT2m8qZ4z6UB6WItGmWnu29y1bxXgrLOylFrSFHu6MUB4FOhj29w2fiRHlbeXAIfcpP/C78
8Wt4MMdd6ZZ81RV51PKFNe4pbeqEtKxiT9+0KxChTnWhbyzIOe6440aGGt5jBLIYtDy34M4uOtHV
5VseEl1M5mRoIh78Trno+2w68TjLMeOp4tf4Q8oljEUrwqQ1dkJTqe3rnm3RY09sUDnyMmEcp14V
B18KXMXp8hEU8jZP+vRvRx111Ag7BBnb/gjDRLUF91K/9alPfSpNhPOxjDFFBkiVr6Y9MnbluCMc
xCP+RmUDG/gFQUd5yEjbhRvvVQ8lw6XSGeLTbvvy4RuKCptWCXf4STQRB+wwFBAPIcMucOrKD4HJ
5jPtM3xk26Xahc1fu3NzvqBOMLZDe84XpKnFJyUsFqrtD+3fMYhOizuKSosTGORzBcpJ35LXUw3u
xK0df4izWHMg8rrgggvGsLC42GfbFvO6GjoHyrGs+Y0S1tJj2yPv+c0iSdJs5Xcpzm0+Xc920SF5
1vJFTdlt2Jrxh3it85LFbPu2fEv1uV70Xj4xqGvL57RnFDzMXe17FqpYJ2OCwmA0QQGm3/JRmMmh
YJJxRd/z8RPFKzRZBx8rfJ9P/ijrhoS3Rh/llWPRl1dpV+Wk/lT3mCs/69tFW6W0bdja51bc8/ka
dZXXFzKQnBSdFjcMvjgpae03lTPHfSgPShFp0yw923uXreK9FJZ3UopaQw7ltOHjVWQjw559zymH
uFYeHEKf8hO/pwz/918ND+a4K92Sr7oim1q+sMY9pc0CBJzdbapv2hWIMl91oW8syDnppJNGhhre
o8uY1rXgnusWRaP1LQ+JRuaWMjQRFn6nXPR9Nm48YnnMeKr4Nf6Qcglj0Yrh1Ro7oanU9nXPtuix
sqzKkZcJ47iMNIrHwhOF7/ORUfM2T/r0b5w6p7icLocxV78Jw9yiBfdSv8WCSozi+VhWukO5pj0y
duW4Y9SKV+aNykKZ4BcWWMjJSKvylnzVQ8lwqXSG+Fq8WcpD79iMYF0Jd/hJNBEP7DDq4uyCA6VZ
8u2CLZtf6zN8ZNul2oXNW7tzc76gTtDdlPiCNLX4pITFQrX9of07BlHcNLizKdHiRNvI5wqUk74l
dzW4E7d2/CHOYs2ByMsugLGY5M+2LeZ1NXQORH6tTvfOiy7bHnnHbxZJ4lr5XZsElUefT/9uXS1f
2Lg1zzXjD+m2zksWs+3XlN/DjiOwogzn1qiVKzppjBgItbstV8CgKD7kkEPGOnY14GOPPTatLs7j
MIhrpbjC4tOhYZxEWZbH4TeThlyxh+LRKuZkILXHIpaU3+SHMjs3clgsLG35M7Si6MzpZGXxaaed
Ng8PdtqinEOpnsfRb62GpQx2R56+T+u34h7vuR8dh29xKPFFyZAoQ7J20SoN6hLhg3JZ3Gt4ME9T
aec+k3+LKccH64h/hYUeBuZ4d8io/jiC3u78ZyAo8RNx2c2BgKN6auVB4sf770Y0iD4MaEyibJnF
78oTv4YHLe7Kp+SX+L2GL8Alb7s6Bry02EI8A8/KCFXiC9Lk1ABbtxaL2uda3HVlBZiV6ON9zkOi
ib4HRUUJbwzYtCXLe4rX4rfyO4qWvN6gN947PoeQW6KFiWpu3BY+LJLoKhPGbosF+cIH5KX3TBZz
Aw79OLta7cIjVvaTjwQM29fX4s4xwcofH7ro+0vG3dJCh5r2CJ6Et7uBbd7xHvC0EKk0RmLQzeuK
PppxUziQ1rSLTGz/Y2mzzyh6c97Idx7b8KecckqqQ8VhIqyTbuh7bFj7zAIGxZmVj9KKerT5QAM0
ahc6eeU4gD39XIkvKAuCkmis5UHFq/VljGWc4NkqwSgTRhzaq9KdFnfKX1IAgc2kfnoo7qK1ZvxR
nMWYA5FXaUyz/KRn+jPRZsfi0lhSmm8p7jQ+Y17eb5A/wjYKK6Xdyu9d/R/9OPM/u/jQ4qF8a/lC
8Wr9oeMP6U4zL1mstl9b/lURflysXlm/rFHLjr9q+xgItbstLznt7kEPetDYGKR4zHPoK3LHLkh7
UpDC089jnERZVnIsnskVeygerWKOPh3jA3yvsCXlN3mizNYuK+VnsRBdJR9aGY9yx046TkvJ47DT
FpkMxXSX0w4cymB35HWFr33fijtzch2Hb8tV4ouSIVGGZOkNlAb1I+OPxb2GB/M0lXbuMyZYTDmW
NS8T9HDC1GMf+9hR/XEEPfwkx6LsEj8Rl12w9qjkVh4kr3e/+90jGlQWDGjI6rbM4nfRh1/DgxZ3
5VPyS/xewxcsIlB7VPrUCa602EI8A8/KOFniC9JEX2XrNiXa+K8Wd7vYu0QfZc15SKTR95R0cMTB
gE1bsryneC1+K79zylxeb9CHroAFtiXH3Dw3bhMHfFgk0VUmjN2E0x/5wgfkpXecKJEbcOjH2dVq
Fx4xVyQfnS5h+/pa3DkmWPnjQxd9f8nIWFroUNMewZPw6BNsnno+4IAD0skTpTESg25eV/TRjJvC
gXRIexpn+x/Rlfva9W/zyXce2zjo2fkuh3FVJ93Q99iw9pmr9GbtWIBLPdp8oAEame/I5TiAPf1c
iS8oC7tU5Wp5UPFqffiUcrBwjGcrG1Em9Hq0V7lpcaf82r1r8QObSf30UNxFa834oziLMQcir9KY
ZvHQM/2ZnB2LS2NJab6luNP4jHl5v0H+LPhB1pJr5feu/o9+nPmfThUBE4uH8q3lC8Wr9YeOP6Q7
zbxksdp+bfk9/P8hsAaPkSEnuiuuuGJimKUQIBoZwkYbbRQ22GCDEFdwhTjYhtjZp99XvepVJ5IY
74YJcQAL66+/PosKwiabbBLWXnvt3njx2KUQlWph4403DjxvueWWYY011uiNEydtIXY6KQx5rLfe
er3hV9XHOMgnHMECTMGlz8WjnUMUHFOQaAwIO+64Y1/wqb614E6G8HJcEZTqaMMNNwybb775VHTk
kaflwTy9Ib/Bnfqhvobwn9KMx9mGNddcM8TBK/EgvDhrB01ggqON1OZRy4Ot9C80X8QBMdDu6YdU
JvqatdZaK0SF/8Q+o7Zc0+Jemx/9Lf0ndRwnDqmeJ/UXtXkofAu/gz38jg+/b7rppoN4kXqjPOus
s07Kfsg4Ahb0McTZbLPNZl63wgF/MXEnP/Hu0DEBvKPwFehroTUKZIlHSKvLEScablO4eDTYzPvo
rnxr3mv8URzGkYXid+XR4qvfoZ+p7XuH5rfQPBgFqBCVOyGeTBJe/epXpzEL2uCNSfOzoWUohYt3
SIaohEr5kU9NP12Le8v4Ix6smXtSzpa8Svh0vVsVcyDRwhhE30TfCy6zdtQrf8ybWtp8LV+00F8z
/oie1nnJQrf9lvIvdpwhc4LFpmmW+TFvoi1JrmZuI7l6iPxEf2PlauZek/pt+jb6EfVtQ/pe5g3I
4jjyWMpyNboJ+inmRZPmDdHIGuJJNqlccaHnSMZOL2b8rwV3SECfwXiJ7gMdzBZbbDFTyqblwRZi
wF1y9RD+Ux7Md61cDS/O2jEPBxMcbaQ2D+LX8GAr/QvNF4xfkhFUJsnVUeE/c9lrWtxrcWR8pf+k
jpFDqedJ/UVtHgrfwu+S7/D5Q94dwovUG/UkuXrIOAIW9DHEYcydpGdVuVr8xcQd+sS7Q8cEsEZG
llyNbAeP9DnioDshHG1m1n10X95Dv2n8UXhoXCh+Vx4tvvod5Ooh/N6Sx0LzYFwwE+L1MCGeTBLi
hoVFlavp08COeWBNP12Le8v4Ix6knfA8dOxvyauGL1bFHEj0UV/0Teuuu+7EfkZxanzqFdkdnmhp
87V8UUObwtaMP6KHcU19e828ZKHbvsrkfj0CK85wXg+Bx5glAs9+9rMDf3FHWDj11FNnmbSn5Qg4
Ao6AI+AIOAKrGQJxp1bYfffdQzzBIsRdhAuqMFvNoPXiOgKOwJQIrHTD+ZTwePQpEUCWjjsmQ9wR
luTrKZPz6I6AI+AIOAKOgCOwGiMQT/wL22yzTYgnWIR4ZYrL1asxL3jRHQFHYBgCbjgfhpOH6kCA
1f3xiJq0aozVsPFI5BSSXYXxaLkQj7/3wbgDO3/tCDgCjoAj4Ag4At0IxONPw7nnnhviUbYpUDya
cTTfiMemjnbidafgXxwBR8ARWDgE3HC+cNiujimz0z5eqTIa584777wEA3J1PMY+xOPvXa5eHRnD
y+wIOAKOgCPgCEyJwMUXXxziFbEhXo+QUopXRozmG/Fav7D11ltPmYNHdwQcAUdg5SHghvOVV6eL
WqLvfve7Ye+99y7mGe/QDvH+nHT0RjGAv3QEHAFHwBFwBBwBR6ADAU6v4Xj2kot3joa99tqr9Mnf
OQKOgCOwKAi44XxRYF5tMol3VXcex85VaF/72tdcrl5tuMEL6gg4Ao6AI+AIzA6BI444Ipx//vnF
BD/5yU+GffbZp/jNXzoCjoAjsDoj4Ibz1bn2Z1B27sy55JJL0t1G9r4h7hBmdbyvWpsByJ6EI+AI
OAKOgCOwGiLAnYY/+9nP0mr4vPjXv/71i+/zcP7bEXAEHIGFQsAN5wuF7OqZLnL1D3/4w3lyNe+5
T/Xa17726gmMl9oRcAQcAUfAEXAEpkIAuZqj2tdZZ5156Wy33XYuV89DxV84Ao6AIxCCG86dCxwB
R8ARcAQcAUfAEXAEHAFHwBFwBByBCgTccF4Blgd1BBwBR8ARcAQcAUfAEXAEHAFHwBFwBJYJAm44
XyYV5WQ6Ao6AI+AIOAKOgCPgCDgCjoAj4AgsDQTccL406sGpcAQcAUfAEXAEHAFHwBFwBBwBR8AR
cARmiYAbzmeJpqflCDgCjoAj4Ag4Ao6AI+AIOAKOgCOw4hFww/mKr2IvoCPgCDgCjoAj4Ag4Ao6A
I+AIOAKOwGqIgBvOV8NK9yI7Ao6AI+AIOAKOgCPgCDgCjoAj4Ai0I+CG83bsPKYj4Ag4Ao6AI+AI
OAKOgCPgCDgCjoAjsFQRcMP5Uq0Zp8sRcAQcAUfAEXAEHAFHwBFwBBwBR2BJIuCG8yVZLU6UI+AI
OAKOgCPgCDgCjoAj4Ag4Ao6AIzAVAm44nwo+j7wcEZibmwvvec97wp/+9Kdw4IEHBld6LcdaXN40
Ow8u7/pz6h0BR8ARcAQcAUfAEXAZwnlgdUcAmebtb397uPLKK8Od73znsPnmm6/ukHj5FxkB58FF
BtyzcwQcAUfAEXAEHAFHYDVBwA3nq0lFezH/D4Ef/ehH4aY3vWl68b73vS/sueee//dxFT3961//
CieccEL45S9/GTbccMNExeWXXx7OOuussMMOO6wiqiZn+7KXvSxceOGFYZNNNgmXXnppeMELXjCR
3s9+9rPh1FNPDVtttVWK8+hHPzopWibntnJCLEUeXDnoekkcAUfAEXAEHAFHwBFYeATccL7wGHsO
SxuBH/zgB2H77bdPRH76058ON7/5zVc5wcjVj3jEI8LPf/7zsNFGGyV6fvGLX4Rzzz037LTTTquc
vi4CXvziF4d3vOMdYdNNNw0//elPA3L2JHo/+clPhic84Qlh6623TnEe//jHh3vc4x5dWazI90uR
B1ck0F4oR8ARcAQcAUfAEXAEVjMEVozh/LLLLgtf+cpXwtprrz2vChGebnGLW4TNNtts3jde9MVV
BIyZpLHmmmvqVfJ/85vfhDe/+c3hwx/+cPjd734Xrn/964f99tsvfO973wv//Oc/w5Of/OSw/vrr
p7Cf//znw29/+9uwxhprjKXBjw022CAJPMQvfZ8XoeLFV7/61UTjd7/73WTgvO51rxtudatbhW99
61tpt/X97ne/medZQd6iB8UgLSH0Qx/6ULjxjW+86DTkGf75z39OdfLjH/947NNC0Icg/vWvf31e
W9l7770Tf4wRMOHHQx7ykLTLQMGG0PumN70pHHXUUYoSnvOc54Qjjjhi9Ht1eFiKPLg64O5ldAQc
AUfAEXAEHAFHYFYIrFTDOYthv/CFL8yTFcANufrWt75154ldfXGFO8ZM0sjl6l//+tfhta99bWBh
MzI2BtkDDjggfPvb3w7/+Mc/wjOf+cyRXP2Zz3wmEL4kNyO3X+c61wnbbbdd8bvoaPG/9KUvJRqR
ozFwbrPNNuE2t7lNkq3Ybf3ABz5w5nm20LlYcVj0zWJoHLoOLU5frPxL+SBX77rrroGFytYtBH3I
7iUd1L777lstVx988MHhjW9844jkIfS+5jWvCQ94wANGcV74wheGY445ZvR7dXhYijy4OuDuZXQE
HAFHwBFwBBwBR2ClI7BiDOcIDY961KM66+uiiy4Ke+21V/H7pLiK9MMf/nBMSfD+978/YHTucle7
2tUCu2sx2CPA3eQmN0kCfld43hMHwyLC3rTu73//e1qB/MpXvrIzKUtjZ6AV9uGPf/xjeNKTnpQU
MihgWEiwFBwKor/+9a9hrbXWSkoXFDNDDNG1tMOz8G7uwOT444/PX/f+hq9///vfp3bwzW9+cxC9
KL44Jh+D+XnnnbdaGs6XKg/2VrZ/dAQcAUfAEXAEHAFHwBEYIbBSDecXXHBBYHFsl2OX6z777FP8
PCmuIrGY3B7rzTVaHPXd5a5+9auH73znO0kWR/5gsfmvfvWrruDpPXHQAcxikTRyNbqGl7zkJZ15
Who7A62wD8g0xx13XNJxPO95z0sLCZZCEVlU8Ze//CUt/mAHNkboIYboWtrhWXg3d6effno4+eST
89e9v+HrK664ItzpTncKX/va1wbRi1zNMflPfepT08lvq6PhfKnyYG9l+0dHwBFwBBwBR8ARcAQc
gSWPwIoxnP/kJz8JH/vYx5Jw9LrXvS584hOfCI973OOS8MbOb4SaLuUGBvFPfepTgfuR1llnnaD4
rJhmJ+zf/va3gCB8+9vffrQyHmPhzW52syQkssoXQfpa17pW+NnPfhae+MQnhosvvjgZwWU4hxPY
lc5OU6XPqmJW2+NY1c9xXLirXOUqiR6O3Gp17Aa45z3vmXAgjTPOOCNhwMp+cDryyCNT0quj4bwV
08WMd+KJJyaj8kIYzjkNAb5EyOREBDn4lyP24L9a10Lve9/73nDooYeulobzWnw9vCPgCDgCjoAj
4Ag4Ao7A0kKgS7ZcWlTWU3PJJZekxbDIxS9/+cvDRz7ykSQzsIMbQx0ypjV62xy+//3vh49+9KNJ
rl533XVH8TnCm52wLBK+5jWvmYyD2nGOsXDHHXdMhnAM9hw3fe1rXzuwmxej7Ac+8IEki8twTn4s
Aub4bdF32GGHhdvd7naJFHajc+w1DrmGxb3sQG91yNXsfAcH3DnnnJMwgH5ktfvf//7p/epoOE8F
X+L/uBaM68QWwnAOT6J3+sMf/pCuXRMU8C+nErTI1S30vvOd7wx3u9vdwupoOBfm7jsCjoAj4Ag4
Ao6AI+AIOAKzRGDFGM4tKDLiYSDeeeed7adBz4qPMR0hvuRk9MN4/q53vWvsKDtrVC8ZPrvSx4B/
0EEHJWP8tMdXcz/W4YcfnkjnDur8vjFWRqNgwFiKsGePsUfwQxmB0oEjvVl4wC5ojJwoBtZbb70R
JCw2eNvb3pYUF7zkCHhWS6OsYBHBFltskXYsUK6SY/U+OwGgh+PUUEAgaN797ncPd7jDHQIKFzlW
jb/qVa9KP//973+Hu9zlLuFzn/tc2qHPgoRtt902POYxjwm77LKLooz5lAlljtKkXChndJT+WGDz
A2Myu/YRjHGkf8c73jGtCP/iF7+Y8vyv//ovEyOEL3/5y6lc4IdSR/Ee9rCHDeJJ8UiJf8YymuIH
/M2CEo6S4/h2lFOcdnDb2962M1WOQoMmFFwcjchuDxZ/sDCDXQYleqk3FE06Lm/LLbdMeXCsHYtH
LK9bfqKe2JlOGPiUtLkWgXpAkcfddfCJdfAu/Mgxj9QvDr6A17VIxYbnmXZHuqRPHHgWTHj+4Ac/
mBRy17jGNcaiwbfwE20fnqJ90NfsvvvuKQ5HNpZ26tTwIIuBSJ/2htKFtgWdtBVoY6fPsccemxbo
jBH3vz9Q8lHH3/jGN8J//vOfhCHl4h44FurQ1jheEl525wg4Ao6AI+AIOAKOgCNQh8BKNZxbFGTE
Y96+22672U+DnhUf4/UNb3jDYhwZ/bgWDZnBXr1mjeolw6fSZ757oxvdaJQ+8/Nb3vKWyRg/rTGR
+fd97nOflPbHP/7xlO4oo/jw9re/Pd0rjQzLTmHLF+gFmLsjb4MhCw+QG5ATkNVzufoNb3hDukaO
9JEnkIXOPvvsgFzAgvejjz46GUht/npGPkF2QBaSfIKMet/73jfJzZKBCY989tKXvjRFRWa4173u
leQGTuJDdr3BDW6QTq5Dtik5yoRMJvqRTaBtklwNfuzahx9wnAZw17veNV15x8Ju7uu+3vWul77p
H3ILPAJ+XLGHIx4bF4bwpHikxD/KY1ofvROyJnWGTI3ci74IfUaXA2f0ILrKj6sJWPxx2mmnhWc/
+9lFQz/1xkIS6hfHYg3yACN2qlteR64WP1FP7EznKgE2Z3AdAnVNPcAXnDonHhe98C7xWZwC3+Lg
CzaWdOkLoIt0SZ848CyYwB/gQVti4Yx18C389Ja3vCXxFO0Dvttjjz1SnAMPPDDxlo3Dcw0PshiI
9OHPTTbZJOy///5JX0DbhU5k5JNOOinhmefDb9oIdQwPIlfT1sGAqxDRmSFXs7AIXnbnCDgCjoAj
4Ag4Ao6AI7AyEFjRhvOSEW9ItQ0xWjLJRuBlt/nzn//8eckykWeHOcdmbbzxxmPf+9J/0YtelI4R
t8bEscgDfiCYYAzjqG9W7JNf7thtvOeeeybDJ8K1hFx217OiXsJsHo+FAgiuGC5xGMmHrOBH+NMu
d6XJzmeODUe4LDkELYR/BDQcwnnXsYA2PoIaZbMOTBCIEG7kJu22RzBFiLR3jSmu9XM+06IKG8Y+
wzvQ0uf6eKQv3tBvCNIoa6hLFFTUBUZ9BG8WJyCw5g7BGYVIn8uxQIjnpIY+Z3kdfsqvNMAIzkIQ
8rcurz+ULX1GYK3C515FOcrOrpk+l/MTvIRQTH5droRjLQ8OuUICDDguk8UI1rHAAeVHVztW2B12
2CEp8kr1rTDuOwKOgCPgCDgCjoAj4AjMR8AaSOd/XRlvpjU6DonPwl2Muw996ENHxlyLHrIT83EW
6uZydV/6GJyR5awx0aY75Jn5OwZ9jK5PecpTkmyfx0OuxujJH4turVyN7IwxveRIl1PqrFydl68U
j93Tj3zkI8c+ISdjONVC5bGP8QcGVk4C0KYAZIQhGwxYhLv33nuPJQcmGDbZUS03abc9cvVRRx0V
Xv3qVytK0c+N21pUUQwcXyJ7Ypjtc3080hdv6DfkauQuDLPoX7797W+nDQcs8kfPUpKzkLcxYve5
HAtkz3wzRB7f8jpydX6lAXjS3rQZQfHz+kO+ZOFJl6O8XMtg5Wp4Hz1Sn2NDgi0DvIQRm/y6XAnH
Wh4ccoUEGLAAB/naOhY4INt3tWOFZWEQYUr1rTDuOwKOgCPgCDgCjoAj4AgsHwTccF6oqyFGSwQD
BHwcQjw7XzfddNOxFfKFpNOrvvRPOeWUdJSYNSZ2pdP1nt3DWh3et2ue1bHs0EXAYZUsToZz0uBe
LoQEdqMjlLK6GJcbEtnB+vrXvz6cddZZ6TuGz2c84xlptT0G87e+9a1pt6s9BtzuyicSx9Tvt99+
6Vg/VqI/+MEPTmlZ4ygrfdnBzb3k4I9j4QI7j1lBjTCOER5DKCvZ2RFtHTuLf/7zn6dV1RJUEUDt
bnuFRwBm97qEewylHC9IHWNstYsRcmMxq8DZJY2hFszY/cD95eAJ3SWjqvKV38cjCjONz2p9ds6z
oh8+YDfHTjvtlJJESGeXtnVaKMI7dn8//elPT0qec889NxleFdZigTFegjE7pk899dTArgfw4W5z
uZzXWdwAPfCT6pmw8ALvEJTZjYCgjpC9wQYbJCURVyvgxH8Ir6wgR4lBeByLN571rGcl3qCO2YnO
iQwowlDWbbjhhmlnCnzLKQM4WyZ+oxBhNwA4sKiCfFgpDy33vve9CdJZxzU8iBKOvFD4wdc4cEcp
9tWvfnXURtjpTznkaMOcJEBcHMfxb7XVVkmJg6JNDtxZaDDNlRBKy31HwBFwBBwBR8ARcARWNwTc
cD65xocYLVl0rNPJOAYdGRv5zO4878qpL30WkCOnW2NiVzpd75mDc0ITLt/VbuOwoxz5lnJYuRrD
ObtdmcNjAIRn2GV8yCGHpOi5IRH56RWveEWSpQnAYvDnPve56UQsZClk7vwYcLsrnzjIJ8gqyDoY
5iWfWOMocjW7Z5GBwB/HpoDHPvaxST+AjI0RnkXuLGLO5Wp2Fl966aVJrtYiZIz3pTYBHchg559/
fsqH3e3kQ1jkQupQLjcWI6ch+2CoRRbfdddd0+l8nLoF3SWjqtKS38cjCjONDw5sJMBIjdH8d7/7
XZK9SJP6ZEGFdVoowjvqEvmWxRPIdOgZ5CwWYCtZHbkaOQ6+ZLOGle9yXocedrSjm1E9kz68gByP
XM0iDBZswN/I1eh2RLP4D9yRd7lykJ3+OOKxgQTeoI65S57F7uhqqCvkak4FhG/RzeBsmfR7r732
SjhQ1+gnyIdFHuw0x3XVcQ0PIldzUiH6Ii0uAXd0eMjMaiPQKZ0XeSNXs+EBunHgiOwMVvQtcuCO
vmjIhhLFcd8RcAQcAUfAEXAEHAFHYGkj4IbzQv0MMVrmxiklg5GUY6UwXLH6WYKzvuMrfXuUPAY+
DNIPetCDUtBJR2bb9PJnjHMIORj2MJxzHFWLgybKiSMNjIn85YZOviOIcZQ7xksM5Votbw3k1oiP
kIUQheDHzvzcUItAI0MoigaM43LCDyGYhQYS5GXQxBgMtqJB8azPSQAoAboM56wWxpCPK5WXeNrd
nBtWicMRXtQ9q+sR/hAc2QXMsXJ2MQBhS05lLKVdCl/7jgUB4GexVZ4oUFBGyGH0Z0fEr3/962Rc
Rhi2iiydkkB40Uv5WZyAAEx9oCBCQJdDiYPSBFfCl/eih2eM2tCq4wA5qt+u5lZYdrezgl47N4iL
E3/yjOALv7EKH6UShnrRzXc5dqk87WlPS21IuzP4xhFz2p0PjraNsyCBdo+gj/JDvKk0rT+JBwmL
MoP02BWCEg3FgRzKDo6UQ7Fl89KiHviMXQXsKpdjkYQUk7b/0Xf3HQFHwBFwBBwBR8ARcASGIVAy
Eg6LuXxCTWt0HBI/N04JHYx1GJ4xyDG3tnNuhVH6GIF1bDcy7Lvf/e6RrIEcwMLlFodxjtPPMHAy
H59GruZ+dxwLsZEDkIVzQyfftcuaBcgYliXTWgM5tOjoe2QpFgkjV3ONmIyepIWzhtAzzzwzLcr9
ny8hyYMYXllkoMXFfENewqCJMZgFu6JB8ayPHMaO3i7DOVeYsbAZVyqv3d2cG1aJY+VqeIXF0yyG
hza7GICwJSceKaVdCl/7jg0AyKoYYo877rgUXXkiN4OPHPI0O/1/9atfJf0GMpyVq0mDRQU40Uv5
WZyAUZoyo1Ox14jBIzrhrYQvaYkentGrkE+XXK2wLFhgx3wuV4s/SUsLA5Cr4RdOIRDdfJcDBzYR
WL7lG/oYdEjIuCzUt22cBQno1fhW2hShtPEn8SBhkKvRL/1/9s4DTJqiatutiIAJPkQFUcGAYsaE
ioiv6VNQMWclKAqKWUyAgn7mgIoBM2bMOYERc845Y8asYA771136zH+2trpnpmdm39mZp65rt3q6
K5x66lQ451RAz8PCei344Bu6KTZNUI8xL/oOZGf4jEUNWrxAHBbLcJUaLvY/+YX/GQEjYASMgBEw
AkbACGx4BJbOcI7BjeOWWMXeJgDKCFczpsUaxyiK4SwKQ/E7Agx3Qum4Nn1T+tGwHnfWlsehK96o
/qSGc1a+I9wgDNRczdCpO9UR/uLuV1Yfa+e28OQdK5URlEojbcwPIfSII45Ys3tX+JWGPxlCWeXd
ZhBX+qSBINgWTsZR7qpCmC8FRtJBQYBgGxcE8J5V3fAFCpGa29yGc4RGHeXPUfgY8zHwsoCBumPB
RTwdAMMyR/RBN2XlDvDoSE9Hl6uOVRfE5V5vLYKI8boWYhBO9YzwDp9EQTqmgwJF1wtA+1Of+tS8
YEFhqLsf//jH+QoE3onGyIe8xwCNIoP2St/A7nhWjUfFBOFYuc9CAhwKOhRx3NUGfbvssks+Nh1D
exu9OWL6N4wHCaeyoVxBCRGVddrRX55gwK4U7saLiyKUJz5tmxXywiF+87MRMAJGwAgYASNgBIzA
aAgsu+EcuZpFo9tvv32rXC0jXM2YFlFGrmZHMuFrDiMe8lkpVyv9aFjH2CVXHoeu96P6kxrOOUkN
OSbuJI551wydlJMd1uXuV2QX7dwWnrxjpzg6h9JIG/M54YQTssG03L0r/ErDnwyhLKBuM4grfdLg
Sq22cDKOsgCBnbo1ufp5z3tevhKs3NVP/vAFclPNbW7DOXIwPEZ9UMdsXkCuZkMECz7K0wGQI1nw
AN0YkcvrtkhPR5erjlUXGKVZBI2uqHRdCzEIq3pmgQR80ianInuSPsZlaGeBPPnLcR/6aaedNlh8
IRojHxIWnuQERNorCzrYHY+cXN5vTn2zyxzH4gp0CpyUBn0sEkD/wMaUNnpzxPRvGA8STmVjMwPt
OsrV2tFftg8Wk7BQPS6KUJ74tG0W2guH+M3PRsAIGAEjYASMgBEwAhsbgaUznMvYxASXI6RqTga7
UQ1LKA04/okVxKx+RthFQMQh8GpnrfJS+votHyMcO31Z1VoTKBVumK8yIqRgXEZIGdUhdHM0tBzH
V6EU4oh07qvGdRnOa99UXuEZjarsPNbuAOUpHww5AgyDJsZACUxlegofjYxtBnGFJY0uw7kWApR5
K36bzw57FkToaG2EPVYzY0yHL3Cb23Aed9O3lSOeeKBj2rvuwy7rJPIgOx9KpQD5ahd4jWf4rjTL
BRJ8i456R8GAkX4UF68agE4EZNpuzVFX5a5tFAM6eaEWh3fs+njIQx4y4NlauGE8SJwuntYCGQzn
2vkObVqoEssZ8xfuao/xm5+NgBEwAkbACBgBI2AERkNg2Q3nMjaxaFW7ZEvkZLAb1bCEXM1VYiwa
Zcfpq171qmwUJl1kQx1xrnyUvn7LxwiHwYursyaRq1VG5Gp2XuvYduXT5XM61GGHHTYIwhH0LDLA
SI0BFNdlOK99U3mFZzSqInNpZ/cg0/8+IOMffPDB2aCJfkJydZme4kUjY5tBXGFJo8twroUAGFNj
3orf5rPDnsXXOlobYzNHx2NMl65lcxvO4276tnIge+nEAx3TjvEcmTyeoKb4ZZ1EHkT+Qz4tnXaB
13iGsEqzXCBRpkO9s8s73l9fhom/41UD0Hmd61wnt90YRs/UFYsL4q5tZFdOXmDRd5vjhMGuRfTE
G8aDhOniaS2QQS+gne/QpoUqsZykJSfc1R713r4RMAJGwAgYASNgBIzAxkdg6QznMja1GeuoUhns
ugxLrL590YtelHfp1u7I1m5aVvWSXnRKH8GJ451YWYzj2LFpuGi8LXeAd6WPMCEDJPcic78TSgI5
7ktD+K9hJ0Nz7ZvKKzwRQhDcETRYQc5q7JqTwbbcUVump7jQz85jFC3TMpxHo6Ty6fKFAwIt9csR
g3IsrmA3xKg74rkHXJgpjWn4rEiHL1iwUCp/UFCxQCJiLkMrq8/ZoR6Pk4Me6lMnCIjeH/3oR3mV
OfzDfWLlrm3ioUThyPMaz/C9rZ75Fl1ciHH00Ufn49c5orHmWCWPsC4FGsfoUy8oBxCY4SEcq9/h
d1yNB4gDn3E9AD6OdxynLiO8sMgfK/8oX9fiDaJ08bT6spI+HZ1f63tqdVUhLb9iBxE4wsttp3O0
xfV7I2AEjIARMAJGwAgsOgLLbjiXsanNWEf9y2DXZVhiNyd3myOD1DDVblqMZ+WJXkofeYXFy9OW
q6PxttwB3sXfzOFlgOReZBaDR7maRa+c9FXDTobm2jeVV3gyt2d3OkdPc//57W9/+ypZMtiWO2rL
9BQZ+pH92J07LcN5NEoqny5fOGBw5dovTkmTQ+7iRLRRd8RzHL0wUxrT8JHn0PuwYIGT6qJDHmaB
RMRchlZ2qWNErsnVOkFA9LIgH5kd/mHRd7lrmzxZSMCR5zWe4XtbPfMturgQ43GPe1w+pa5Lrua0
tihXs+iFDRfwjK4mYMEJ/I6r8QBxuAsdnQH8huMduhDJ2cIif6z8o3xdizeI0sXT6stK+ri6jU0l
tb6HtlfWVYW0/IrT78ARnYjl6jaU/N4IGAEjYASMgBEwAvOFgA3nlfoYxWDHblKMvhx7VhNQZUBl
Es8q2uiUftdu6xh+3Gcm8RjNoA+jF0dl13adc98Zhj/uY+cObhniyI9vrIiXI02Ee+6srhk6Vd7a
N5U3GhL1DgGTI+ExaEaHYANd0MdK33jnmuLG9IhLnGkZzrkrTPXKEXscEVY6Vh6/853vzMfecUQ4
TnxRq3d2AUAfdTKKYX8WhnMtqkAoZid3adDmxAQEYBzCK/UT+YLFDPvss0/+rn/x6HLVCXWhRRgI
mvHOdOKh7GARAbvEazxDmLZ65lt03PvGyQjwUS2vGJZ8dSybaGRnC0fQl4oLLRiIiwhIS+9rWES+
FRYx//hM+aZhOKfsLOLRzhGUMLqzDQWa7rwjb35zrx2ujT7aOu2N49xxKGk4xp974e2MgBEwAkbA
CBgBI2AE/oNAzci7aNh0GdxkbGoz1oFFV3xhxSlwLPx8+ctfvurKL32XARX5FiNldEq/a7d1DD/u
M/NijN7QhwEXQ2i58Jg0MWgiOzEHR64WNnzDuBuvuiJNFo4jP9ewU3lr31TeaEjUO45Cx2hZk6uR
34hDWbjPmePEcYob0+M9Ms20DOfoDzhqH4cRNS4szy/TP+RtZCuMlDvvvHN+Lb6o1TtYQ9/m3HGu
RRVnnnlmLldp0GYRMsed45B5qZ/IF8hiLPaILh5drjqhLrQIo3YcvxYRsBC8xjOk31bPMW+ekauv
f/3rZ6N+La8YHuP2tttum1+Jxn/+85/5CPpSrtaCgbiIgIh6X8OCNMW3wiLmH58p3zQM55wKcdJJ
Jw3kaq5TRH+De8c73jHgY37TXx144IE8ti7KoK2zY57TLnHI1fRVu+22W/7tf0bACBgBI2AEjIAR
MALzi8BCGc65G43jro488sh8/zRGTYQMrTznGwLFDW5wgzXGOuIysSUMR4BhVFR83jP5j0dpyaiH
EZQJP8dYy7EqGKEZP+6ohg6MdGX6vJ/WbnPRwJFmulcaGqGDlc0IQ6zkZdW5jsRiBfeee+6ZhXrC
sGOW+8UxXCNUI+AhhOlINO5Ovte97jUQuMlT95GX3xCeOLaa+8DBk5XhuHhcOEfoYTyFThz0sXP4
TW96U/4dj+omPXbCg3lMj4AoJRDG2NGNoU9CN99Y4Ss+oC7hEYQfwqH0oo5xqgcENYQk7h6DLgQj
MAIP8OHoPXZH4IQfz9rtC49xvDwGdYzVCIMsAMCRXkkf7zFm4+AzyoiSQTwo2kVfDtjjH+mxAIJ6
gAdQ7ERHuREYMUJTbygqwA5lB4sYcNQ1xmSwYAEAhlu5WCcI2zK+coIBpwywwppFGWABtriSZ2iL
GIFr7YTw0CxlD79xWrjBM3ne6U53arbZZht+Zr6Argc+8IH5NwIwuwIoq4z77HyHJ2RUJ6DqsjSc
Ky8EXzCEL+RQkMCDtP3SMD0uD5ImPI3hG94oeQbFE/RDH+1rq622ymTQRqCBusERhmPzUALE4+xL
+nLg9C/yvt61LW7Qd/tGwAgYASNgBIyAEVg2BBbZcC65msWv3D+NPIahUjIJ8gpGWubBpbEuytXI
EMxhFb8mV8uoVzvKGZkWmQw/7qiGDuTqMn3eTyovlXyM7CJDFzRioGNujVzNomOOk+dYeNzHPvax
Zq+99sryIouR2TFLeHQDyC/MxZFVODod97SnPS3LKFG20X3kyJrgr2/M8TnlS/XByXW4eFw4u8+p
D+jE/fznP8/GaLDDxaO6SQ95i93q1I/SIxzy7qZNm7IsgqFPBmC+lTINNCK3c2IACwRqcjW8g/wP
XYQFI8oFPpyExq58nPDjWbt9991333zEO7I9xmpkb2Q9HOmV9PE+ytWUEflNPCgenpRPMPSzAALc
oKkmV0M7i5rZSMECb7AjPIZgHCecIbeBBWXHaC0X64S4Mr6CFacAagc61xeALa7kJ8nVtXZC+Jpc
rYUbfOckCGR4ydXwBQu/Dz30UD7nxSLc6478KOM+PIp8H+VqeJnrHCgr8aVXU16UBQzhCzl2acOD
tP3ScD4uD5ImtF/jGtdoWOhQ8gx6DuiHPuT7KFdDA3WDoy9Cz8Mpc/E4+5K+HDj9Axfxvt6V/aXe
2zcCRsAIGAEjYASMgBGYLwQWxnCuXaCjwhsNQTImtsVltzFCXdwlrJ3FirP//vtnYyRGZgyLOAyk
isOR0NH4qHjyIz16N6nPjvbyfvUyTYxyGNURHBFydYR6Ga72G8Mbx15rZ7jC7Lrrrlm4QDjZY489
9Dr7KA3YSY1hFGNfvA9Pd51jEJTjzjyOwMLp+G99w+cOclbN1+ofwyeCcjSQxri1Z8XhW9xJrbDU
KeWSi/jxLi4IUJg2H4On7qaWMbYtrN6Pc/S+4uCjIEBwl/Fb3+Ju/hoN1CVCOwIrQmOXY/EIyiDV
MavfyTMaa9viq62gzCF+l1P62mFNWBRX7EpAMSXHggwM2Shx5BDKTz311IZyoVBB8I30sQiAXSQI
9Bi/cezmjjSVONE/IESjyEGIxpE+AraUDH14MJ56kBNN/zgikjat4/b1Hj+ejMAOANqWFp/EcHru
MpxrQYHC9uXXLcbnAABAAElEQVQ7xbdvBIyAETACRsAIGIFFQ2BRDefaBTpqfUVDkIyJbXHZbVwe
/62dxYrDXJedphz3jBEZh4FUR4YjV0fjo+LJj/To3aQ+8/J4ilMtPWR9ZBHJ1TpCvRa2fIfhDUO7
dtjq+8UudrF8hRRHWZc73ZFzMdojE2FMZ2G7nO46j7Ifcq7CIOeU6d397nfPck+t/pFxDjjggFUG
UuXV5isO3+NOaoWnTnUUN+8ifvyOCwL43eUweMJ7YCFjbFd4vo1z9H5MC7mazQYyfutb3M1fo4G6
RM+Bvkj1o7ilzx3oGGZVx8h2e++99ypjbRlHv9VWMA4jo3Y5pV/K1QcddFDzile8YhAVXsaQzYkL
csjVyO6UC7maRTTRmMxifE4so02gS8CxkJs85Uqc6B/222+/vBECnRFObSDK1TLSK502XzwYTz1Q
WDaFsOiADTHlSRbxZAQ2QdButPhE8aPfZTgvae3LdzE/PxsBI2AEjIARMAJGwAjMHoGFMZzXjExd
8CFcMpnHjRKX3dsYzDRhZ1U5u47bHAZdwuy00045CCu6EUCYtNdcaZyrhenzDiGFFc7sro4OQyWr
uDFsahU73xEM2O2t3eW8QyjijisEPFZVy3DM8dYI3BgbtbuV8GBFfgj4MobzHscuZv7kELZYQc0O
5+g4towdwFGoxAjKe+VPeHYoUL5aHSKYcRw4RsvSuB/zis8IVwjecuz4xXgvwU3vKRe7sUk/Cpp8
52j8KBDyDiMu/IAhk0USOHiEXenEr9GfAxX/It8Wnzp/1gzLRGAnuHZiiwYZwPke+R5eYkdBrCv4
CCUMK+lZkY7DGM9uc8p1xhln5B0EZVvBEMvOfxRlOAzNGLRZeCD8wTguosgB07+Yvt7hs/ADgze7
9UuHIZidCSgPtPodpRuGc3a+1/KibAjR1F1sI8KJdrH11luv4kfyRakEj6vt864PD4JpNNiTjnia
o9TFR7yH1pNPPjnjyG85FIynnXZas91222V82BEAP1OuNsM5cVGU3P/+98/J0AbpD1DC2BkBI2AE
jIARMAJGwAj8B4FFNZzXjExddc68EbkGN0pcdn2yC11yNXNOFkK3ORZRs9tWV2MhV9/mNrfJsnkt
Tmmcq4Xp846d58h/yBvRMUdGVmQhfZQZWFTL0ePaXU4c5AfkP+bkyCEyHGNY5oosdhxrdyvhwQoZ
iZ3jyEvRIQNzDLQchtIjjjgiy2V6h4+8Cn7kKfeTn/wk77BV/rzXkei1Onz729+e5WlkmtK4rzRL
n53sUZZBhocO7huPDlmDciCvl3I1Gxx4Hx1GXE7Oo551gh5Gfy3Or9Ef4+s58q3ejeIjV5eGZeKx
E1wnD4gGGcD5HvleJ7Ah78nBR5xyh6zJznEcxnjkZsnV6GnKtoIeCbkamnAYmtGxsGhi038XvoNx
XESRA6Z/MX29w0euxuCNYbl0yNNstmChQ5SrMZwjy9fyomwsaKHdxjYinGgX9AeRH8kXuR8+V9vn
XR8ejEeukwZOPA3viY94D61cyQeO0bEoAH2ITivkBD/4mQXtbYZz4rNJRfoJ2iD5ltflxXz8bASM
gBEwAkbACBgBIzAfCCyM4Xy94cSgyipojl5CUPnNb36TjYQIAkyE4/3g601bLT/oZQcw9LEKHoGg
yxEew+KWW26Zy0IZZ+lQLHBsFvRxZNi84Qd2CGnggRumKOP4MDDEcTy5hMr8YoP/Y5cIgi1l3GGH
HVYJv21FY0EGSgaOVJTBuS3spO/JA6EbPuJ4OvKjDmqOeiU89Ul5CP+Xv/wlHx+HMToK9jE+yivu
seO7eAMlHvXclleMv7meUYJwVD9Kii7DOfSBAzsqFol3NxfuztcIGAEjYASMgBFYPASGyQOLV+LZ
lAiDKoYndtQic/JbcisLUeP94LOhYLxUoY8dwMgBzPuHGcEIL7massxarubaMhYvQx9y/7zhR90i
Z0iuHib3I6OBIQ68da/2eLU2n6GRKSVXd8mekXr0JpKrkdNYyD0rh5zMZgjJ1V2yLvWKPEx9Umfs
Qpdcje6pTa7mugPaueRq4pAO9TzvcjWbSthc02U4p24oE5gsEu/OiuecrhEwAkbACBgBI2AE5gUB
G87npSZMhxEwAkZgygggoLNDAQUdCgju0WNnAe7Tn/503tky5SydnBEwAkbACBgBI2AElgIBG86X
oppdSCNgBIxANnxHuZor99h5j+Pqt0te8pJGyQgYASNgBIyAETACRmCBELDhfIEq00UxAkbACAgB
jsrT8Xx6J792T7y+2TcCRsAIGAEjYASMgBEYjoAN58MxcggjYASMwEZHgJMmOYK+5mr3xNfC+Z0R
MAJGwAgYASNgBIzAxkLAhvONVV+m1ggYASMwEgLsKL/xjW+8Jiz3r3NX/VZbbbXmm18YASNgBIyA
ETACRsAIjIaADeej4eRQRsAIGIGNjMDHP/7x5lrXutaaInA/OvfaW65eA41fGAEjYASMgBEwAkZg
wyNgw/mGr0IXwAgYASNQR+DXv/51wz143G3O/XfcLzfLe/DqVPitETACRsAIGAEjYAQWDwEbzhev
Tl0iI2AEjEANgV/96lfNb3/724FcveOOO1qurgHld0bACBgBI2AEjIARWBAEbDhfkIp0MYyAETAC
RsAIGAEjYASMgBEwAkZgfRCw4Xx9cHYuRsAIGAEjYASMgBEwAkbACBgBI2AE1hMBG87XE23nZQSM
gBEwAkbACBgBI2AEjIARMAIbHgEbzjd8FboARsAIGAEjYASMgBEwAkbACBgBI2AE1iBgw/kaSPzC
CBgBI2AEjIARMAJGwAgYASNgBIxAOwI2nLdj4y9GwAgYASNgBIyAETACRsAIGAEjYAQ2KgI2nG/U
mjPdRsAIGAEjYASMgBEwAkbACBgBI7BZELDhfLPA7kyNgBEwAkbACBgBI2AEjIARMAJGwAjMFAEb
zmcKrxM3AkbACBgBI2AEjIARMAJGwAgYgUVDwIbzRatRl8cIGAEjYASMgBEwAkbACBgBI2AEjEDT
2HBuLjACRsAIGAEjYASMgBEwAkbACBgBIzAGAjacjwGWgxoBI2AEjIARMAJGwAgYASNgBIyAEdgg
CNhwvkEqymQaASNgBIyAETACRsAIGAEjYASMwHwgYMP5fNSDqTACRsAIGAEjYASMgBEwAkbACBgB
IzBNBGw4nyaaTssIGAEjYASMgBEwAkbACBgBI2AEFh4BG84XvopdQCNgBIyAETACRsAIGAEjYASM
gBFYQgRsOF/CSneRjYARMAJGwAgYASNgBIyAETACRqA/Ajac98fOMY2AETACRsAIGAEjYASMgBEw
AkbACMwrAjacz2vNmC4jYASMgBEwAkbACBgBI2AEjIARmEsEbDify2oxUUbACBgBI2AEjIARMAJG
wAgYASNgBCZCwIbzieBzZCNgBIyAETACRsAIGAEjYASMgBFYNgRsOF+2Gnd5jYARMAJGwAgYASNg
BIyAETACRmAZELDhfBlq2WU0AkbACBgBI2AEjIARMAJGwAgYgakhYMP51KB0QkbACBgBI2AEjIAR
MAJGwAgYASNgBOYGARvO56YqTIgRMAJGwAgYASNgBIyAETACRsAIbAQEbDjfCLVkGo2AETACRsAI
GAEjYASMgBEwAkbACIyHgA3n4+Hl0EbACBgBI2AEjIARMAJGwAgYASOw5AjYcL7kDODiGwEjYASM
gBEwAkbACBgBI2AEjMBCImDD+UJWqwtlBIyAETACRsAIGAEjYASMgBEwArNCwIbzWSHrdI2AETAC
RsAIGAEjYASMgBEwAkbACGw+BGw433zYO2cjYASMgBEwAkbACBgBI2AEjIAR2IAI2HC+ASvNJBsB
I2AEjIARMAJGwAgYASNgBIyAERiCgA3nQwDyZyNgBIyAETACRsAIGAEjYASMgBEwAhEBG84jGn42
AkbACBgBI2AEjIARMAJGwAgYASOwGAjYcL4Y9ehSGAEjYASMgBEwAkbACBgBI2AEjMA6IWDD+ToB
7WyMgBEwAkbACBgBI2AEjIARMAJGwAisIwI2nK8j2M7KCBgBI2AEjIARMAJGwAgYASNgBDY+Ajac
b/w6dAmMgBEwAkbACBgBI2AEjIARMAJGwAiUCNhwXiLi30bACBgBI2AEjIARMAJGwAgYASNgBDoQ
sOG8Axx/MgJGwAgYASNgBIyAETACRsAIGAEjsEERsOF8g1acyTYCRsAIGAEjYASMgBEwAkbACBiB
zYOADeebB3fnagSMgBEwAkbACBgBI2AEjIARMAJGYJYI2HA+S3SdthEwAkbACBgBI2AEjIARMAJG
wAgsHAI2nC9clbpARsAIGAEjYASMgBEwAkbACBgBI2AEGhvOzQRGwAgYASNgBIyAETACRsAIGAEj
YATGQMCG8zHAclAjYASMgBEwAkbACBgBI2AEjIARMAIbBAEbzjdIRZlMI2AEjIARMAJGwAgYASNg
BIyAEZgPBGw4n496MBVGwAgYASNgBIyAETACRsAIGAEjYASmiYAN59NE02kZASNgBIyAETACRsAI
GAEjYASMwMIjYMP5wlexC2gEjIARMAJGwAgYASNgBIyAETACS4iADedLWOkushEwAkbACBgBI2AE
jIARMAJGwAj0R8CG8/7YOaYRMAJGwAgYASNgBIyAETACRsAIGIF5RcCG83mtGdNlBIyAETACRsAI
GAEjYASMgBEwAnOJgA3nc1ktJsoIGAEjYASMgBEwAkbACBgBI2AEjMBECNhwPhF8jmwEjIARMAJG
wAgYASNgBIyAETACy4aADefLVuMurxEwAkbACBgBI2AEjIARMAJGwAgsAwI2nC9DLbuMRsAIGAEj
YASMgBEwAkbACBgBIzA1BGw4nxqUTsgIGAEjYASMgBEwAkbACBgBI2AEjMDcIGDD+dxUhQkxAkbA
CBgBI2AEjIARMAJGwAgYgY2AgA3nG6GWTKMRMAJGwAgYASNgBIyAETACRsAIGIHxELDhfDy8HNoI
GAEjYASMgBEwAkbACBgBI2AElhwBG86XnAFcfCNgBIyAETACRsAIGAEjYASMgBFYSARsOF/IanWh
jIARMAL/QeCMM85o3vrWtzbbbrtts99++zVbbLGFoTECRsAIbFgETjvttObUU09tdtttt+aa17zm
hi3HMhDu8Wfz1LJxXz/cbThfP6ydkxEwAkZgcyPA+Pr617++2W677Zqb3/zmlqs3d4U4fyNgBCZC
4Ac/+EHzvve9r9l9992ba1/72hOl5cizRcDjz2zxbUvduLchszzvl95w/tGPfrQ59thjm/Of//zN
BS5wgeaJT3xis9VWWy0PB2zwkv75z39u3vve9zbvec97mt/85je5NAgyhxxySLPnnnuua+n++c9/
NkcccUTzhz/8ofnFL37RHHXUUc3ee++9rjQ4s8VHAD572MMe1vz0pz9tznGOczR//etfmxe84AXN
uc51rmrhMZoffPDBzfnOd77mU5/6VBb0qwH90ggYASOwARB4+MMfnvs8jOZve9vblkZpybzinve8
Z3Pe8543zzFe9KIXNTvvvPNc19g8jj+Mnfe6170yjmc5y1nyGAqIXePoXINcIW4eca+QuRCvbDhf
XY0f+tCHmoc+9KHNjjvu2Oy0007N8ccfb7l6NURz/Qu5+l3velceW3/9619nWuHxww8/vNlrr73W
lXbknXvf+97N73//++ZnP/tZ89jHPrbZtGnTutLgzBYfAfjsvve9b/PjH/+4Oec5z9n85S9/aV79
6le3ytVveMMbmtve9rZZd/jNb36z8Riw+DziEhqBRUbgfve7X/OsZz0rG80/+MEPLo1c/fOf/7y5
053ulHWkzDFe85rXNBe60IXmuqrncfz5yU9+0tz1rnfNOCJXM4biusbRuQa5Qtw84l4h069miMBC
Gc4//OEPNwh8NNguxwQZ4Y+JLitGDz300BzchqUu1ObvG4byG97whs0Pf/jDNcRd6lKXalgUMenu
2pWVleY5z3lOw8D6yEc+stl6663X5KUXf/rTn/KEQ/Q8+clPzgZ8fZ83/2tf+1rm/69//evNWc96
1uaiF71o3r33xz/+MQuPD3zgAzvLO2/lET1f+tKXGga3b33rW815znOeZpdddsn1Qjlp83e4wx2G
9hFKax79ks+G9Vsf+9jHmpvd7GZzZziHzx73uMc1tFUM+8P67XmsC9GEIeaLX/xic7aznU2vBj7j
zbWuda2hCxZIg/Ho05/+dFYyo3Rm1e/vfve7bCTD0MNCCRxpUq9MTCNuxLniFa84yDs+0C7ox2L4
+F3PpH3Zy1622XXXXfVqbL/PWDx2Jo6wtAg84xnPaB7zmMc0N77xjZtXvOIVE4/zGwXIb3/72801
rnGNAbmnnHJKc9WrXnXwex4f5nH8KXEEt2Hj6Dxi20XTPOLeRe9G/rbIRpMPfOADDXPOUeYN++yz
T7P99ts3r3rVq5q73OUuuUpZlG7D0sbhbgzlV7/61Zvvf//7a4i+zGUu03z5y1+eeLxFrn7a056W
F/8+4QlP6JQz4b0rXOEKA3qe/exnZwP+GuLm5AX4wP9f+cpXslx98YtfvKFdsKAe3cCRRx7ZWd45
KcYaMj7/+c9nBThyNKeXoS+43vWul8tJmz/ggAOG9hFrEp2jFyWfDeu3OPGIBRzDwq13EZGr2bRB
Wz3ssMM2dJ1giPnsZz/bKldf5zrXGbpggYUQtMePf/zjud2xkAu+/e1vf5sX4qDninI19VrqkS94
wQs2V77ylatVSbtAdh9lfKQfu9jFLlZNZ5SXfcbiUdJ1GCMAAmwcfMQjHpH1hW9+85snHuc3CqrM
Ty996UsPyP3kJz+Z50CDF3P4MI/jT4kjsM3b+DhpVc4j7pOWyfHHQ2BhDOelMWkYDDJq/v3vf88C
GYb0RVOcDcNgo3/HOMruq3Of+9zNM5/5zCxc/+pXv2o4xvWSl7xks8cee0xcRPjqBje4QZ5kj7Jb
F6Hl6U9/eqZHPDYxEVNOAKXFU5/61AaFRZvbiG3hb3/7W96J/fKXv7ytWAvTxtl9we7DUfotFhBg
oEa5QZ1vs802rfis5wcZLxbB+IVgzm6FNseJGF0nYGD8u//9798WPb9///vf31zpSlfKz9Rp7Yhq
+kIUDbTf6DiV4LrXvW5eTBLftz3/3//9X2/lZN+xuI0WvzcCJQLvfOc7m5e97GWZpze6crAs27Df
v/zlL/PqeBR2sU8YFm9zfZ/H8edf//pXA47MhZizjTKObi78+uY7j7j3Lcu8x1tUw3lpTBpWDzJq
Ild/97vfzQvwFk1xNgyDjf6d3UF3vvOds1zNiSYYjE4//fSGY1xRLl/lKleZuIjwFfNhjPSjLKrA
6Izs8qQnPakRj01MxJQTYCxhN/yjHvWo1pQ3YltArka2eeELX7hQ5aoVhkXK7Di83OUuN1Th/41v
fCMbqHfYYYes75kXuVrGCxbLb3Tj14knntjc7W53q1VVfsfiQOZubY7+6x73uEfb5/z+M5/5zGDx
KXXKgoPSIVczntF+o0Oupj9kMckoDr3bgx/84FGCrgnTdyxek5BfGIEWBN7ylrfkU7f+93//N+uj
hi0GaUlmQ75mjkOfSX8Q+4R5Lcw8jj/I1eDIXAgd9Sjj6Lzi20bXPOLeRqvfzwaBhTGcM4Fh9zE7
/pgosYOWVYAYjNiBp3fsQkYwjEZNxUWRRofJLlW7+UdAx7ViKL3pTW86E4Ijb4xiOIeId7/73Vnx
EHlsJsT1SJQBjSMUX/ziF+fYHPnNSnFW3GJw40g8Fh9sNMM5u2Rvdatb5VMGKNhTnvKUzBP0A+x+
lfC00crVVcX/+Mc/8spp+q1RebMrvfX+9r3vfa+52tWu1tziFrdoEHCpq43qWKwDnzH+nHTSSZkP
H/KQh+RdGdQT/VObcv25z31uc/TRR+eiw6fsLGdHBxO0+9znPnmXCh+jkQx+54hqFNSMZ4xrcqTH
qQql+8hHPpKVlAjvtHHRRxq4LbfcMiuNGDMn6bvUZ/YZi0ua/dsIGIG1CGjuE/uEtaH8ZhQE1F9t
1HF0lDI6zGwRaBvbZ5vr7FOnbbD7mLEc4xlzNHbwMV/BoKp3HOv50pe+dJVRU3FZ4Pmd73zHcvXs
q2sqOei41je96U3NLW95y6mkWSYSeWMUwznxme9yl/Q8Gs6Rq5mrM/fGHXPMMXlRP3I1u9cOPPDA
vFBroxnOkTPQq3H1Ao7T95Cz6QeYe3C8LW6jlSsT3fIPeY1TfOi3RuXNlqQ2y2v6WjaO3O52t8uy
6EaWq1msA58hmzK+wIec/HiJS1wiy77wIhsCao4NLA960IPyJ9omO8u5xvGrX/1qPuFOJ2pEIxn8
zoYcZGKM9uJ7EmGhLrqy0jH2cXoji82ZQ4o+Fpzgzn72szfsnGfMnKTvUp/ZZywuafZvI2AE1iKg
uU/sE9aG8ptREFB/tVHH0VHK6DDLicDCGc459peVsayU+tGPfpR3HTO50ruaUZMGjnDAatPXvva1
+W4v7s1mAr1p06a8845VpTWHwYT7MNhRKMdRmghKu+++u1719pm4v+9978uCCsfwIshSNlb1vPGN
b8wTSujknkuEytIxAFCmz33uc/kTx2tx/C8rJImHEYWJWOkwolIuxePI8/3337+54x3vuGY3Yxl3
nN9MLsGOHWRMZJnkc7cIxjR2ojLpjI4JLTtVCXfcccc1CPcc2cqucI5X4p56hFiOVppUYGD1FKs8
b3SjG+Ud5xzRgeGV9OVq2OluSYxPrF593vOel5VN3EvK7jhobXOzxp1joMEVhyDACrvoMNZxrHSb
gbkPv3OkPpjAx9QfK9EQTGmXXbtwI13DnoU54bibLx5nyzv4i7tX4AuMjAhQcuPyoOKxApk2iGBH
ev/+979zeSgXgl108Ca7imm7/CGgYSQFD1Z5ohSiTXOM2BFHHLHmWDD6AR3NTZu4/OUvn1fz0R+g
yCwN56TPLmjKRn609dh/RNp4pl7f/va35yPCWV1NH4EACW7EZVX3Ax7wgGrbJy/axoeSUAsdhMdx
HNohhxySy5RfFP840pD+lZ3TtON4rQI0x98xah8e7NsPxnxHfZZRC0M6Ky67nBYPEKZmrEZxoB0+
COjlMezwHH0lPE3/TzuA9+AVlA2lo26oF8Y6+gIdUadwGjNrtCjMMF/j6Thj8d3vfvc83nB8nvp8
aGUBAIoRdk8yJm+11VY5e77d5ja3ybz/iU98YjBusECB3xxLzzH29Ll77733mvaoMsC7zAkYI1lo
hyMO+TLeiRaFH8en7bGoAVrJhz8wp3+iLaF0ZMEIu0Jwz3/+83N7iHmw04rjuFG+cvQnadEu2BFG
fOFBHMZFwuod+TMHYbwh79e97nW53ikT6TAX2HfffWN2Yz1DE+MV+ZEXfTl/KJGYO8CT0MoYw7gn
usiENgzu7JpG0YdjzKFPhF7af+kYR6gn8XXMswwbf/dt+7MciyNvMMegPmnL9Bko35hjsLuPsbi2
k0l9DGMHi2DgHeqUY2HZ0RKPnWO8ZTEPdaGxgDZF+2H+wvGPzAdVP/i3v/3tB7/BnbGBeRpjFOkw
PjDn5E5w7sTDuBYd/DbO+BPj0n5ZDMmYh2Osg0/ps5iPcjLHRS5ykUEU8uoz/igB9VfTNpyjMGBc
g1/BHaUrcwbaDfMB5qcsHGMuFPmduqdP4FoN2uqZZ56Z64O5C3MNxmWwIV0WOtL/y42DO/0d44Xa
E/xz4QtfOLdX+h3aMHSJNr4z32COguuLO7zPvIL+SPwE/+y333554fIZZ5yRF3XBh9Aw7phQ7goT
NrP0F91wjhzDWAYv/DAdN83YwRipdzWjphRn1B/1Da8x9jHnRd6mn6LPrznmPcgn9DtyjOOcMMY1
MpM6xijGH9og7Yr+jrLRZikT7Q466WfoJ0tHG6aPYr6LY87FiT4aozGg1mRDwlMuxaMvJf2DDjpo
zW7GMs9xftPGwI5+hPGVfCgLxjTG43JeQ1mR/cDj8Y9/fG53LD6m36WvQnagX0I2n4ZcTZ+GTMGO
c644os0Ok6vp97hTGuMTYwLXtTCPgIcYE7rmMrPGnWOgGatxyITIgNFhrIPmNgNzH34HO652go+p
P9oZci/tsmsXbqRr2LMwJxwLb2mD0TH/YEyAL5DnYj84Lg8qXeaxtMGTTz45p8e8iPJQLgzC0cGb
zKE1TjEmYSQFD8YX6GccZa6CQZPxNjrmPR9KcivpMN5wSiF/17/+9TNvMc7GMpH+S17ykoFcTT6x
/4hp80y9wg9c8ceGHPoIygZuxOUIf45Gro1Z5IXOhD/kOcLj0EdRRvKtuS984QtZf8AcDZmJti8H
TvG33uP34cG+/WDMd9RnGbXoL0o5uExDiwd4XzNWI3dLR8OcsjyGHZ6DB+AN+hzaGbxHO9Z8KebJ
3Ih5HG0QWbWUqzVm1miJ6XQ9azwdZyxmfsg4RV+h+T18hH4aOZc+n7FZV1DyDVmEfhVZhL6eqw5p
47R/sEKuRh8OL5ftUfTDu8wJyBv9FI5+mjkw4105/ijeKD79CosawJw/8qL/ZX6BXMS1f+CMrIhD
Dil1rshElBsZFX6i3LQLTjcgvrAiPn3AO97xjgFG1ANzEMYb8n7lK1/ZICMRh3TgK3QHfR000a6o
E/Ki7+OP/hU8dff4rW9966xHiLTShsEdPYPkJ3Ti9BfQS/svHbxBuqqTmGcZNv7u2/ZnORZH3mCO
QX3SlpGbmNsxx0AntynpHWtytfoYwiObHH/88blO4XOuv4j6PORR5nLwDbhS97QL9DLM/dDFUGdq
W9QT/K/6AnfGBuZpjFGkg24OGYx8GWc0pxDu8Ns444/i4dN+sYMx98VxeiV8Sp9FnbCJbtdwPSN5
9Rl/cuLpn/qraRvOwQp9BvwK7uiM6HNpN+hS6LNoL8iUkd+pe+n5qAPkTOqDuQFzDfoJsCFdFlzR
78uNgzuLpJh7qD3BF+DKnJB+h7YGXaKN78xtNJ73xR3eZ75PfyR+Yr6GXhidCifrcRoSZYeGcccE
+hG7/yKQmGkklxrXyjz/pcF5JSnqV5ISaSUxRKY1KUyxcK4kQ+HgXWo4+V0yDAzKk45mWkkDYX5P
+PIvMfRKMuoOwguHJFiuCRvjpmO7VtKAuiae4o/ipwnAII808RjQkRSlg/fkmYxPK0mBuiqvJCis
ChNp4zmmJ1pSg1tJnUlnvCSMrMpHccf108C7kjqU1rygjzAx3dQBtIZX+ZLhbyVNjFfFi2mM8pw6
mKH5kF+aXK7JJ03qOuOmY+XXxFkP3OHFpJzMtKVOfNAmSjzSTtRcL2nyvIrOPvyeFJ+dWKROfeWH
P/zhqnxKeob9ThOclST45HzSbvpqWuQBP6XBdIX2rjT78CA4pklUZ7ngH/VD5FXyLbSkCVPus8S3
8mNbhi/SDuTOvGrtOAkDa+LEdFV++cn4sSa86JFPPkmpMcBOcQ899NDWuLTFpEwcxEnGiZV0DFRr
eOU1zT63Tz+osvXxk3I3ly9NvgflbksnKfxyWPgSbMpw8Fqa3K6UOCpcMhjl+Ixx8DhjIBi25a2x
jrpUu0vC8wp4J2FrJQnGOX5aPb+GFuU5zO8zFhNHdR/9ZKzLdNT4k2+M9zF82zP9Qjk+wpfCqxYP
jJISqjcOmn/U0m57Rx0IX9VVW1h4hr5P4WsYUT7KDb6UJ6alb4o/jg9fJiFvVXrMd9K9paveKb8k
mAzorPVNCoefdmYMwkaakkCwJu04j4th9dyn7a/HWMy4E8vc9kydJYFwDR7qY9riJWP4IE5SKq3J
S3OkWj2SpuZPtJG2PPQ+HZ87yEu41+q4a/whXhI4V5JhZ2h+Zd82zvgj+qKvdgbWtXl+DDvOczlH
F16ln5R6A7xJv9ZWk7J9JRn31mBT0jwO7lG2EE3qE8r5ir6rP4bOPrhDX9ecn3xUpr5jwjh1NK2w
IwnRGzBQUj6uJEV9bpdpIXEuAXNA6ikZYFf0Limh8zt4Si4p2FfSna5reFa8lIxtud9QePlpV2tr
HOIyxiRlqIL38qOMloxWAzrKMSYZn1aSImtVHsmw3ElfTE8RkxJxJSn4OuMxRk7DMZ9L9+i25gV9
hIkuGRBbw6u+GDMYLyZx6bj1ofmQH/1E6ZLxqjNuUgqXUVbWA3d4ETkWupMCdNAmSmKYi1AvSYG5
6lMffk+GnE4sktJ3JSlpV+Uz7o+k0F1JhuacD/JszaUFVivwU1Lwr9De5frwIDgyhxS/1Xz4R30O
eZV8Cy3J2Jn7rDJ+bMvwRdqB3JlXrR0nw9SaODFdlV9+MnKsCV/SRT7IfqVLRpzWuLTFtMh5ECUZ
EFducpObtIZXntPsc/v0gwOCezyk001y+ZCrhrlkBMph4UuwKR28lgyPWa6OOCocch+YMcbRjhgD
+d2Wt8Y66pI2gUOOAO9k1FlJCyZz/LRRSVmM7fcZi4mjuo9+WoiR86/xJ99GmYeTHv1COT4ybxNe
MU89gxHz7L5O8w+lN4pPHciprtriwTP0fXI1jCgf5QZfyhPT0jfFH8eHL9PCmFXpMd854YQTVr1T
fszT5Wp9k8Lhp5MEFXSVnxbxrEk7zuNWBf7vjz5tfz3GYsadWOa2Z+osGbXXFE19TFu8tJh+ECct
olmTl+ZItXokTc2f2mSbmC/6nNLV6rhr/CF+Miav3OUud1lDa8yL57JvG2f8Kenkt9oZWCNnTcuV
c/SyHPqdFooM8CbvWltNi0xW0oa6NdiUNI+De5QtRIv6hHK+ou/qj6GzD+7Q1zXnJx+Vqe+YAG12
/0GAFTgjuWkpGGaVjpTUGBCkII/vZMTSu7RiZaDsk+JMTIyBEMENQUzv0gryQXjKkHaPDr7RKaUV
O9kgl3a6rUSlZjpeaFW8ccvPJAFDNcomKZRIAyUjhjd9iwsG+M7EhPDQT1lRsDM5R4mqRQIxPdEV
Bw6EGBo6nTzKSsUjTXBUnD5+pI/0mJzwDoUtmAn3kkbwAF+EHhmBCctEmXcYGdOO3VXG0T70Tctw
nlahZuzAHQUptGKkKo3S64E7fC5DEYqucXDpw+9ptfOgHikzSlfKnVZ1rRx77LGDb7HNjkOTwkZl
MTjrfemn3S65Lagv6MuDCD/iTxQmtH2EL3wWJOhbNOrQ9tLqvUF7VRj8tEt2Je1MW9FkFF5ggsVf
2ok7SI82nlayraQTDAZtm/hlG1G5abOUWRONso9QOHyMqNAQldq0fwTI2B5riz5k/GXAB38GcZSA
6n9IR3mBAwa/WP7ac81w3ocHYx2P0w+K3j6++v/SwFOmRXvUgo9yfIlh6WvT1QoDQ3f8JgUB33mv
fgslbQynZ4111A0GubQqeUWCE/Qi7MNjaSdwNb7S6fI1xsZ2Hd+p/emdxuKy/TC2KSz8GQ09CJJp
x2QeM1joE3mIsiF00E7U3/GdcUF0CwfeI+ww/sC35IORSunRHshH8cb1WVgV+336xEc/+tGD9FlE
QptRvxHbl2iEPhSGtEVoTDtsBvGjQRpej22V9s74LZpZFKH2DU3grW99fPrxtNtpJa3yH9Aj3Ogj
qb+04jXjS10rD/XX1BO4I+yi2EirfHM6vE87RgbhFQ/eZM5Dnho/Yh+rcPL7tv31GIuhEd4QXvJp
t2kV+woLPfSO+i8XcKiPIQzPLLhAma76hZ8YP8gnrfjOY6/aAvjGBYnwCLxCWnwDY8XVWMc4R33z
njaSTvsZ0NdWB+OMP6QbhXsWC8Hb0PnEJz5xkBc0lv3qOOOPeCP6ameUHZ6J3yZ5BvfYl6g+6aOp
42gIT7tUVi2CQSHG2K2+Q3GhkXGQdsNzrX8aFXf6tUgfvKdFbozTCPO0X/JmnGLOGPvCcXFHjhAP
kiY8nnZBrLD4K/JzrIc+Y8IkddY37khC9AYMJCU1BgQpyOM7GbH0jr5DTooz8S4GQsavyHO0g+jS
jolBW0+7hfL8hHToc2K/zNgyiYO/6V9QNkmhRHooGTG86RsGBJWR7/AH4SkTZUXBjmGGvlGLBGJ6
xMHFOQqKcPocFFiMi4pHmuA4iYv0kR5zOd7Rv4KZ6qKkETzAN+1+HRiBCXvMMcfkd+mEnLygjbqY
xE3LcJ52VmfsUF6jIIVWjFSlUXo9cAcTGYoY08dxffidPlH1SJnppyk3fTOL2PQtttlxaFJY2qrS
Auc2Rx9OW1A76cuDyEDKD8M/sknaFZZ9FiToWzTq0PaY+6i9Kgx+2iW7wnw7nUyQ48ILGDT4Sztx
B+nRxhlrGVfVtolfthGVnzZLmSU3lX2EwuFjRIWGqNRm7sQ8I7bH2qIPyXaMk+CfdjhmWUE0ko4c
OGDwi+WvPdcM5314MNbxOP2g6O3jq/8H/y5He9SCj3J8ifHoa9nYIUN3/Ea/B358x6nfSjt3Y7DB
M3nSj1M3GOSY+zEPIw3oxWgIj6Hf7Os0xsZ2Hd+p/emdxmLaUWw/tBWFpezR0JN2Iq6k0xfymFEu
OqZszDtpJ+rvKB8LneWEA++RWxh/4FsWH2Ck4j1/tAfy6euQIWO/T5+IHKL0WURCm1G5Y/sSjdCH
vE1bhEb0EIofDdLwemyrtHfGbzkWRah9QxN4T+Lox9HNRD2B6KKPpP7SjumML3Utp/6aegJ35GX0
/kceeWQuF++xjZQO3mTOQ54aP2IfW4bv2/bXYyyGVukXhBk+7Tbt7h7ox3hH/VP30amP4TvP6CWQ
T1S/8BPjBy7t8M1jr9oC+MYFifAIvEJafANjxdVYxzhHffOeNoLOivD8tdXBOOMP6UYdMouF0DdB
Z9rVPsiL/Mp+dZzxJ2KoZ7Uzyg7PTMuBe+xLhBd9NHUcDeHppIBVi2DQdTB2q+9QXGhkHKTd8Fzr
n0bFnX4t0gfvaXEW4zQyNu2XvBmnmDPGvnBc3JEjxIOkiX4BOyQ6o8jPsR76jAnTqr9FSGdhDOcI
fgwQ7PKgkfIHo8NIKPClgEchi5KGSYXCSXFGWAZIvceXgjYaf2J4mDyG17OUSjXFlsKM6jP4YbSO
CiXF1bfSKKYdTcRB6aDw+MRBYQ9tNGh9iwNOiYPiydCDkk3KVcUfxxeuDF7UUxmXlV3UB38R+xgu
Ha2Rv0djQ/w+6TOTDLBD2QeODDa8g9f0V8tDE9FyRyC8Rzr8MeFR3PXCnUmCFOul8lm01Pw+/E57
k9KVxQORz5SHDLrU8biGfKWBr3aOsbXk9RiufO7Dg/CA+BJDcdkG+K3Bqqxn8ld7VRpMXiJdCFz6
HRceYCjUe3wWzmjnNvlQt/F7fFaeZR8Rw/CscNCGwBm/S3DEuFGWWeHUXpjAE0ane0QDqsLia1cb
39We5JNWDNuHB4nfpx+M+fZ5lhFgWBuLhgQmT+PmBa/TniOfqd/kHbxaphlxFA/KH0ZvmVbbb+qw
71gs+qGp7BM00Y/jOTTE/hP+RGAUbfBhPB1CCwI0doCTjEWKU6Y56eI38QOGTdJWvTH2KW/R02aE
pF8gnvo3Ta5r4ZWf2pXKRVwZrqZV16Qt2qkz+BGFhfLEhx/i7/hMP0bfxfgAb2pRzTD6VOe18iv9
Pm1f6VKWWc+BoFPzRPJDsSba8ekf4U++Uafxm+q4nH+yOI3wtT5X85LYX5AmbSQdL5fjRTzb3osO
FlqRF0opvav5Gle6xh+UCqTFX6RB6bFYQt/beGPc8Udpq08El65xVOHH8Sm75szMT8q2EZV1KC3L
tFXPlB0FSOzbyjGyjDsK7sRRHmX9UP9S/HT1gaPiHhc+lbwOHTrRqKyHPmNCicWsfy+CMqBWBhQ9
nD7DXF1OinkU+FLAwwPMe2nHclKcwbsoe6OTgjYaf2J45uY1p3Gvptiqhe96h9Fbxg74Izp9K41i
mv+jhCoNLsRBYQ9tGPzkmA+r7ypxIAzxZOhBySblquKP4wtX5hZRqa40kEFFCwb8mktH3uYw0dhQ
C9f3HQswtIsTHOnTeAev6a+WtnaclzsC4T3S4Y+5htx64Q7vSLGOLDqq68PvtDcpXVk8EPlM+cqg
Sz2Pa8hXGvhq5xhbS16P4crnPjwID4gvMRSXbYDfMryU9Uz+aq9Kg4XE0aFsl4sLDxhzo2PhjHZu
k0/ZL8SwyrPsI2IYnhUO2lDsR4fuiveM7WWZFY62Af4Y9wiDXEScaEBVWHyMA/qu9iRfi58Uvg8P
ErdPP6g8+/rSqwxrY9GQwHx+XAfWtOfIZ+o3eQevli7iCPbxbxi9ZVptv6nDvmOx6Ieusk+grYhf
NJ5DQ+w/WcSGgVUOPkQvq3JqQYDGDnCSsUhx8GOayFeTOPEDhk2c6o2xT3mLnjYjJP0CYxF/OOkE
a+GVH+2OupAjXxmuplXXpC3awRh+RFaOLtIQ3/NMP0bfxfgAb2pRzTD6VD+18iuPPm1f6VKWWc+B
oFPzRPLDUBod/SP8yTfqNDrVcTn/ZHEa4Wt9ruYlsb8gTdrIQQcdlONFPNveiw7pfVlg2uU0rnSN
P+i7oJu/SIPSZbGEvrfxxrjjj9JWnwguXeOowo/jU3bNmZmflG0D+57KhZ6idKpnwrCILvZt5RhZ
xh0Fd+Ioj7J+qH9tEujqA0fFXXodylLyOnToRKOyHvqMCaRnt7KyMHecJ6ZZ49Jgnu80SkrEfO5/
291cqdHkO9eS0JXv2OMuIrm0mjXfCU0aaaVdvodC6RImKRzz3SFpAFaUfAdO6mjz/Y9JCZTvj4h3
Kg8CjvgQ6UuT/lX3M+vbbrvtlu96UhnTwJnvoUzK8iZNJJrUUPO9dNy7kBpQvqeQezviPR9poM73
u0BWMpTl+8JTIx9Qyd0+SZjOd0lEPAYBRnxIDa9JnUq+6ymtjsn3tNSiptWN+b7ntrxEb1K05ruU
a2lM+k74whsl9m1pi64kFOV7tRUOLLlTIykN850r3DGCU3ieZ4l75NukfM53nJAn9ZGU9E2aNPNz
4FLHne9MS4rlwd1go/I7fJgE/Ab+434g7hwpHfly7zh4pEl4vq+TPJMhJt8/UoaPv6mXNIlpkiGo
UbmSYjrfdRTbb4wTn/vyYFImDO6Ap41zp03p0iQ831VD2dMkcYAd4cRPaYdKkwSWfHdUGV+/06Ca
73RMCu3c7sq7yagX7twZ1scoz7KPUD7yFa7WD1Ju7s+rtUXubeWOXcpTc9DPPXTqmxRG9db2XeHw
FZbnUXmQPrdPP0gekzjdPxzbmNKjjSXBO/fh3IPEXZ/wQhJmV92fpPBdPvcPpUlZviM+GWAGQZPi
J6eZVrXmu3MGH9KD6jgJlvk+MO46ThP1fBcvdx1zv98snOoP/klK+DW8EPMUfsmImu9/AifaFL+T
knRV30k8pU07qLXJJGDmMZr7tIWJ8iA+43ocv7l7iDhpxX3Ob9LxRXmJH1QHcUzRGFDmRb/MmJAE
HEhd48rwBEhCanOVq1wlh01K1HyPIj/SauYmLWjIdyLX2mOO0OOfaOeOP+4C3HbbbTtTAWvGhHR0
XB4faoGFVe0b71TntfIrTp+2r7KQxizHYtEo3tD4p/fyaZvcv5sWJOR7vJnL4RSv7DeSsXMw1pbz
FfEd/U3aJZLv8SIt7i2kH6qNI0l4z/fjEY770OAr6pe5IDRx71VS6vC51SnfrvFHYx33A9KGa/dI
JgEx34ucVsw3u++++yC/vuOPEhB9sT3q26S+0gbzpPDOfXWZJnyWjMZ5js69vXGcVD2nRXr5frL4
rUyn/K28u3AnjsZ2niO29Jdpx/sa3iMcbhzcmW+lRSK578c/5phj/pNI+M/8+PDDD8/z7KQMzXKL
PguHUccExVsvP96Du155bq58ksIl323K/JvxpY0n4T/qKy36yvdsx3k5fJaUuXkOn3Z6ZLla6VKu
pHDMd/ORhhyy64fSnbPpNJnWu6IVdhQ/0pd2YKy6y1jf6GeYW6mMjCnJ2N6kBTaZP5PBK99pCm3c
A859iZe+9KVXydX0bbovEZmQcFGuJi5lomxgKjxGKUMMQxvjTs+0yCWPXbSZmkuLcLOs1ZaX6E2K
1twea2lM+k74whsl9m1piy50EIcccsggGFimE1ayHJ2Uv/muYT4qPM+zxD3ybcyf+kiKzKpczd2T
Sdk7uCN4VH5HBkRvAP/RR3JHdunIlzuJmcukhSlNOokv38WLPoV7Lrsc9cLdufCwypUU01meiO23
LY2+PJiMMYM74NPisjwXKfNIhuNct5SdeTHyqJz4iTtl0y7hPGfSt9JnTsM9zshOPJdyddoBmO9s
R0/WxZvKs+wjyvwUrtYPkj5Y19oi4zJ8i8xSc9Af+yaFUb21fVc4fIXleVQeZKzr0w+SxySOORD9
ZGxjSg+5mnpDnkVeZNyBF5LhfOh96EpDflqk2aTTLLP+FDkFnsbR1kgzbSrIejyFx1cdI3s95jGP
yfeHo9eCF9PCv4E8FuNM41n1N2wsJi/hx7jLWANOtCn4VzofZDg5pU07qLVJZGTSoj6EifIgDcYx
cJGTXP3gBz845zfp+KK8xA+qgzimaAwo86JfRvcMDjVXhicMMifyCQ75lPuocbTRdCJL7k9q7TEH
6vFPtNPPwZPDbAjI1clImGU7+siaE1a1b7xTndfKrzh92r7KQhqzHItFo3hD45/ey6dtoidDdqWP
kFyteGW/kTaC5XvtiV+OCeI7+gZ0GuhYcNiO6Idq4whztIMPPjiHY7wlHPXLXBCadtpppwGv5UCV
f8q3a/zRWIethzZck6vRC6WTevP3tEFzkFPf8UcJiL7YHvVtUl9pgzk6kHRc/Zokad9poVHDHP0F
L3jBYA5PQNVzWqSX58qa369JpPJCeXfhTjSN7Twj/6fFNTzm/nLPPfdcw3v5Y/o3Du6MTWkTa9a9
p8UiTTqdT8kMfObHjO3oVSKvE0A4jDomDBJd9ocE/EiOFSMb7S8NEnnVSVLWD3ac18rQteNEux3i
bgylm3hnsKql7TkpIyfexdJFn75F+lTGuKO3Rl+5EziuXKmFj++G3VcpGmp+3Gn5wQ9+sJWv0uCd
8WV1jk4MiOmJ3qQ8b00jhu/zLHzHqccuurS7J028BjQrfMS37XkS3FUW0o75Ux9t+bGDrQ+/x91+
aRI3KGusA3Y0cSQreXN0Dd+gJSnkW+mJdOoeZuXFStPySNuYX3zuy4NpAM601dqb0o9lYAWY3uOr
Dth9Vh7XH8PxzCp0ysuRWeW3mNYw3lSeXTQPS088UPalSfBYVVdJuMzXJWg3PPSXcVSWtjT1PfoK
G+u/7bnEY9x+MObb57nWxpWOeBXejTyYJrjVOla80o9tpw2H8vhf0hAvwH+s0uRdmkzlOmQlcJnP
tH6r/tp4IeYjeigXu2f4pmsMajystOPx1DE9nlUnGivUttqwi+/Vz5RpjvpbeavPVR1EPtUYIPpI
m914kQ7KnoStFcZtvY/hIz3aycx4kZQieQ5CfsTrGnNjGqM+i/YkEA/ln5Jv6bMZ39OCssHuamgU
Vm00qM7byq9447Z9lUX4dvmTjMWiT7zBLhC9i77aQuQVviteiVONt2J6Oh2A9Ng5QH3oypta/aXF
X4NTANqwGNZ3iaZa2xVtwr1trqdwpT/J+KO0RF+Jsb5P4ivtrvFedULfyO7JmJ/quY0/YtjyWXl3
4U6c2CbZ7ad3aYFa7i9qbawP7iqL5nolvV2/1Q7gwVHGhK60ZvFtJCF6QQIlxU7mi6SsH+w4rxWt
a8dJUtDmNJJxZ5CG0m3rZ+L7pIzMfFrLd9R3XfTpW6RP6cJ/kZbyudwJrB1JZbja72H3VYqGmh93
WnItS5tTX8suwrjDUOFFL/L3rJzwHaceu+jS7h7mBXIKX8O5fDcJ7ioLacb8qY8yH/1OSszBjm69
6/KFU9ztRz9Wc0lRmu9vJj0dVQ0t7FrsykPfdA+z8mKOhgw/iuvLgxoDa+1N+cYycBRpdKoDdp+V
x/XHcDzrmHZkippTWsK8FoZ3CtdFcwxXS099XtmXxp2C1Esy0q1wXYJ2w/OujCM629LU9+grrOq+
yy/pH7cfjPn2ea61caUjXoV3Iw9yZO44LradNizK439JX7wA/yXDYs4yGdFze+PkqFk51V8bL8R8
RQ/lQm7A6RqDGg8r7Xg8dUyPZ9WJxgq1rTbs4nv1M2Wao/5W3upzVQeRTzUGiD7SjsdhQw9lP+yw
w1YYt0VfDB/p0U5mxgt2fNMHkx/xusbcmMaoz6J9lJNfSr6lz0bHwcmwog8ahVUbDarztvIr3rht
X2URvl3+JGOx6BNvIDfUnNpC5BXCKV6JU423YrppkVrmAdLjRArqg+vNKGet/jilIBkrB/xWw2NY
3yWaam1XtAn3trmewpX+JOOP0hJ9Jcb6PomvtLvGe9UJfWO5i1z13MYfXbQp7y7ciR/bJMen610y
Yud6r7WxPrirLJrr5YxG/Kd2AP+NMiaMmOzCB2M13UhuFsqGWadJ5wdDDFPWS8FUU5zV0pDxg7Q5
6om7i0855ZTqH5MmFFOTlLWLPgY66K4pxzDMcTQkd9JwrE5aCZnvK0urmwYddlSKcX8NZSI9DKZt
ZeK9jpjtU66oqOOYoLY0RE9NoUgcKQBiGdrS6vu+C/u2NLvokvIwKrxVzlnjTll0VG9aaTTAnfpg
gE2rJbN/3eteN/MBhqi0Wmxw3PU4/I6gLQM4d5C1YSUDluqQSYeONiW/rj/oJd2YV035X8u7Lw/S
1qGJsnE3TS3tiHOsZ8KOw08yfkmZXeYlw2ut34phlWetj6iFq6VX6weJq/rTHbgxPZRDYNXW/yrN
YXSR5iR97rj9YCxDn+daG1c6KjP8HnlwFAyUBn40JIA98eOf2g19dYwnXijrOK3czEf1x7DTfFa5
23ihzEu8T3jGOPUlNQOS0mZcw0hcpgXOpRFIfMsCD9JsG+s4Nov+pUxznN8lP9TqoBwzCKO+moUz
5SIbCf/qN0t6In/QZzFJhyfo02uL0Mr44/wuae+Kq7qCFuYlsb5iPZX9Zpmm0mkrv8KP2/bXaywW
feINxl+9i776vbK9Kl6JU423Ynp81/gKdizsoi4w7GIkj2F5xpCbdlpkoYqxlTkkf2mFeo5H3JK2
Mg3R1NXHiYdG7R+Uh9pxn/FHaYi+YeVQ+HF8pY0iq23OrMV4lL3NcF7W8yg0KO8u3JWOjvgXH0iA
BxP6X4WT3wd3xRnWZpVH6Y8zJpRxZ/17JCF6QQJJuTpMWS8FU01xVktDxg/6FI5XRG6g/6v9cdwm
iqlJXBd9jEvQXVOOYZhj0SF3InLcOVcM0CdGRWhUinFvImUiPebEtfLonY6Y7VOuqKjT3by1dERP
TaFIeClbYxlq6Uzyrgv7tnS76JLykHmBnMo5a9wpi47qRVaToz7oVzk2FD+d6pL5AENU2h04OO56
HH6nH5MBnPtX25wMWKrDtEtqcLQp+XX96W7kmFdN+V/Luy8P0tahibLF+z5jHhHnWM+EGYefZPyS
MjvmwbMMr7V+K4ZVnrU+ohaull6tHySu6k934Mb0mEeAVVv/qzSH0UWak/S54/aDsQx9nmttXOmo
zPB75MFRMFAa+NGQAPbEj39qN/TX0YkXyjpG/uBo31k5lbuNF8p8xfuEZ4xTX1IzICltxjWMxKUD
59IIJL5lgQdpalwrfa5LoH+ZxJX8UKuDcswgjPpqFs6Ui2yQSalj9ZslfZE/6LMkt9Cn1xahlfHH
+V3S3hVXdQXtzEtifcV6KvvNMk2l01Z+hR+37a/XWCz6xBtc8VVz6vfK9qp4JU413orp8l1Hh4Md
C7uoCwy7GMlLhyEXfQf5MLYyh+QvnQ6T4xG3pK1MQzR19XHioVH7B+Whdtxn/FEaom9YORR+HF9p
I1e3zZm1GI+ytxnOy3oehQbl3YW70pEOXHyALkV1S/9buj64K86wNlvmpd/jjAmKs+z+UhjOhymO
pGCqKc5oWDB6TINOl7C81+6HmmIGoyONuvZtnHdd9Okuh0gfaUtxzr1Qtbyk5RqYJQAAQABJREFU
hIpKLKVF2ShjLR7vUBpAU9v3Ud5L8cuuSHAq45C+FLxt96lr0hLLUKYz6e9onKxhgqIzKv/Jr4su
lTsqQtcT92PT3YHwLX/lbmhhdeihh+bv6TjFXC99+J36k+EnGumVB754FFrS0TVreCCG7XpmAiKl
LLzbtuuciS4GJ+20VV2Mw4M6gQKa23baacAmDHlG2rvacgzHs/iIMtWU7jKe8b3LuKc8yz6izE/h
aunV+kG1DcqJorNMjxXFfGvLV2lqV2wZP/YLfXiQ9MRj4/SDJR3j/hZfxTauNFRm9Vky1IFTOs5q
DYbES0firqSj8Fcwbisd7UZORy4P3ukbviZD9J3xfVcdx3DTfla523ihzE/1Bi76azP6Km3Cseqy
TEuLXfiOUMl39YMYzsv+O8bHmNj1PYZtey75oVYHauvii1gm6j+mTX+nXcIKH7/rWWO88MOvLTxQ
+L5+SXtXOgpLn1saCdmFqAUStbYT0xU+XeUXD43T9tdzLKY84o3aQizqOR3Tnvm/XBSieCVONd6K
uPH82te+dtCmxBttC87IB+EUQ1WZjvCtjRcxrGjqavuRprZ5CXd7IiSyGJT0Jx1/RKPoG1YOhR/H
V9rgnI4hX7OINi76qy2Qa6vnUWhQ3l24Kx36OC2oRcnFQltortHUF3f1R/B6uRAIOuB3lEiPeMQj
qvKF+E08i982Jqhc6+UvkyJBytVhiiMpmGqKs1oaLJolLPVKv9bmMDrW7nZuC9/2vos+nahQllGK
cxaz1ZzmXVGJpbQoG2Vsc+xUhKZJnBS/7IoEp9KRvhS8bfepS9kay1CmM+nvaJysYYKiMyr/ya+L
LpWbeYHceuKue73h3XI3tOhBDuZ7OrYzv+rD79SfDD/RSK888MWj5IVM0ddhcJFSFt5lrKo5DPgY
nLTTVnUxDg/qBApobttppx1khCkXDXS15ZJm8RFlqindZTzjO+NHm1OeZR9Rhle4Wnq1flBtg3Ky
cLd0nNjCt7Z8laZ2xZbxY7/QhwdJTzw2Tj9Y0jHub/FVbONKQ2VWnyVDHTjV7lQmHguIOZGKuYic
dCrpyGW9WuWnK2Yy9vSd0XXVcQw37WeVu40XyvxUb+Civzajr9Im3Bvf+MYyqazbUhrI2Dj1gxjO
y/47JoAxset7DNv2XPJDrQ7U1sUXsUzUf3T0d9olrPDxu541xqvs+MxNp+1K2rvSV1j63NJIiJyt
BRK1thPTFT5d5RcPjdP213MspjzijdpCLOo5XRGa+b9cFKJ4JU413oq48Yx8GnmC53QlXhks/yYf
5GpktNIJ39p4EcOKpq62H2lqm5egE3rQgx6U9eKkP+n4IxpF37ByKPw4vtIG43T1w5pFtIzb4vna
Arm2eh6FBuXdhbvSoY/Tgtp0PcDgFMkaTX1xV39EecuFQNABv2OrYHEvtJdO/BZ5t21MKOMu6++F
NJzLsMsuMpiBnRy8Q+FTU6SwCgQjH4qz0kDFsaZKg0mm4kuhRefHpAKlj76xWwOhhnjTUMZFRRWG
EhmUUC6QvuiTQRA66Ph5zx8T7aj8J5yOUo6K55gPyi1WCapM5El+KOFIc9JjSjWQkhaTFQQh5YWS
FoWY6C+V/dBPedJdbTkMSr7TTz891y9liPWkNPv6pCsDPvkw2WIiQh1rEo0RgAFQeUS69A4fmjlq
l3IxoOnbeuKOgCqegQ54V3TgYygSb0SlfB9+P/744wd1yEARd2ijHJeRhF1OXYbfSF/bczRoUz6E
b9okdUWbJn/xE6v/SacPD0ZjBukhZMe2zwClfEqlLvUMn/MdGqFL/RLfyrJFRTHhEaLhIepIR2zF
tGL8mK76t9gPkl/kWeIyaaZORFtMr9YP0hbSXX25PPR32rGIYijirXxjejzH8mkBEm2X9q6FEExw
FK8PD/bpB5XfuD6YQ39s4/SbYC28ZcRVvyvjhniGNqN2QpvAkKBvRx11VMYCnNNdRPk9/UhpgIRH
WGkr3gADykK4Nv4bt6yjhgcTyjjqWBzT1YRQ5S/HAYWNdUxYVu6y0IKyIrgofjTYxDgcDw3vKz3q
CsWLFv6orvR9HJ+6UBtRn686p51pMZYMyowxpA89fId2FleQDvXHYibtnucb4WP/E2mjf1HZ8cv+
KIbt8wxvQ5eO0YcWfovfNU+JaUe+pC3wjTaT7hIc4A2twirGVbrgp53SZZ7krzixjudxDgSd6tMo
M/MMxiT6a3ZkSInDN/oBlYsyxj5G7/Hhm7a5rMLFOQ1pdx0jrn6Y6wEQvJUGvhTZ8Gk5fo87/qhN
QA/pwSfia9oxgj3f+NP4Pcn4Q1sSP5E+efI3bEyO5R/lOZYL2lnIxMI+6hiFruZAfNNCRdJVv8nV
J3yjPcSxRNiUNIyLe4wfF/yRJ3/Mc2MYnvviHsd7+ImjLZU2CwzTfeo5T2Qq8NG36I86JsQ46/G8
DAoEGXaRC+ENdnLwDoVPzcGjGPlQnNHWoqPulQa7YeWk0IIHmDOg9JGDJzSvnIYyLiqqMJTIoMS4
QfqiTwZB6KB/5T1/LNKLyn/C6SjlqHiO+aDcYsyXI0/yQwlHmpMeU6qTIkiL3UL09XL0RSjERH+p
7Id+ysMpeoRhcSa7JaGfv1hPSrOvT7oy4JMPu/VQ+FPH6Z7GnD9GgKjoE13s8o8OmjlqF5qZI8qt
J+6MJ+IZ6IB3o8NQJN6gvuX68Dun9KkOn/CEJ6zaoc0YLYUxu5zo+yZx0aBN+ZADaZPUFUZn8hct
7K7C9eHBaMwgPRa4xraPPK98SqUu9Qyf8x0aoUv9Et9KFxXFhGeuBQ9RRzr9RWmV/VZMV/1b7AfJ
L/IseTNfo07Iq0yv1g/SFjZt2pTLQ3+nHYvIhRFv5dtVPi1Aou3S3rUQgsWkcn14sE8/qPzG9cEc
+mMbp98Ea+HN/IE6U78r44Z4hjajkwxoE1FPgwyB+/3vf79yhStcIadDP1IaIOGRj370owM+AwMc
4dr4LweYwT8woYyjjsWRhGP+a/wXNuU4oLCxjgn7nOc8J8tqlJXTHhU/GmxiHGQHeF+OusJ4pIU/
qit9H8enLtRG1OerzmlnyJQ4GZQ1ZkAP36GdxbqkQ/2hs9Lueb4RPvY/kTbasMqOX/ZHMWyfZ3gb
uqTjY3zkt/hd85SYduRL2gKONnPqqacO8IZWYRXjKl3wY/wgXJkn+cvFOp7HORB0qk+jLMwzGJPo
r9O903lexHv+6AfkKGPsY/QeH75pm8sqXJzTkHbXMeLqh7keAH1edB/4wAcybfBpOX6PO/6oTUAP
6cEn4mvacbqPfcDLGr8nGX9oS+In0idP/oaNybH8ozzHclE2FjKhg6COkaM1B+IbC+3l1G9y9Qnf
aA9xLBE2Ci9/XNwVD196EvLTH/Pc0vXFPc5n4Cc22sih29h3331zvshU4FNzx4w4JtTiLuO7hTOc
R2WpmDT6KMlhHilTasoiOlO+R6Wm0tAOUgaPqPSCKTEqo3xTWHx2ccgQojz7+NxvFNNte5axs8QB
+ihPPGKTNFQe0YRxLqaNgQbDV3zHc20nitIY1WdyEtO94hWvuMJffMeu1ZheWa4YVs8Ysum0Y7xJ
npngKe2arx2zpZKUsKIlKg2VRtxJv564I/yKBnwwhy9kMNe3eOdxH35nsqEdc0qzVscxn0nqiUUA
yqfNp4xMfJVPHx6sYUG5YtvHGCGjGHmVCt8afbVdf1qEUQuvd8pX8UdpI4qr3X1xx5++yVijnWJ6
j694TLDj+67n0gBJP6yFOMSjjyrjxx3VNdyH9bklFqP2g+KPUf3aOFKWJf6OWGBIUR3GMPGZ74Rj
Z398r2fKCa30QTL46hs+O9a1ozC+17PGjVHLO0q4EnvlJb8ci8s0WUAVw2KwKcPwe1g+SoN+L8bX
iQj6zmRaxhu9w9eVEDHuKM+18YCd4uV7FHeRfxhvUcTuv//+g/JHemrPbfX38Ic/fJCG2uwotA8L
UxrlazTVFkQh3AzjdaVFOBlkTzzxxEE59L3mRyNwyRejtv31HItrc8yyXCig4AfqpDaPQEnAt8hD
SqPtJJfYj3TdOS3DudKjjXCcnE484H2cx0BHibvi1vzIkzrWLIYreaUcv/uOP6PgDh1lnzGsXZTf
y7YeyxafGecVN9ZNDBOfa4tg+uKufJkXxbGjq3/ui3s8YYXy1MZ8drK09fWjjgkq03r5i648YO4V
+a98pp+ISqeaskg7SaNSU+mg4MEhM0SlF/yBURnlm8Lis4tDhpBJsI/jY0y/fKZt4UocoI/yxCM2
iavyiDbG+JgmBhoMX/EdzxjKJnWlzMCCLC3+Vn70+dGV5VK46GPInuaxw8PGdO2YLZWk0CRaotJQ
tMad9OuJu4ygogPMy3up+RbvPO7D7yj4tWMu5lXWccwn1vW4z1r0qrxqPosCUJjL9eHBGhaUKbZ9
jBEyipFXqfCt0YYcWzotwqiF1zvlq/ijtBHF1e4+FrzpnXwZa2o6AcXTzmfF6fJLAyT9sBbiEK82
xsYd1TXch/W5JRaj9oNlPQz7XRtHRsUC2UF12BaH74Qr5/wKTzlx9EEy+OobPjvWtaMwvtezxo1h
5Rzne4m98pJfjsVl2sxJFbbr7uNh+SgN+r3oGFv0Df9GN7rRwHgT33O6Vx9XGw9YZFy+x0ga+Yfx
FsPerW9961X0RZrK57b6e/SjHz1IQ222T1nKOKVRvqSH37UFUcxzh/G60iIc4XFaWKBvbX40Apd8
MWrbX8+xuDbHLMuG8Rp+wNXmEVpcFHlIabSd5BL7ka47p2U4V3q0EU7aiovl4zwGGkvcFbfmR56s
6WpKXinH777jzyi4Q2/ZZ1C+cVzZ1msY8I5xXi7WTVv42iKYvrgrX+ZFcezo6p/74l7q72tjPhtc
MM7X3KhjQi3uMr5bOMN5TbEYGwmT1ahMKRmOsNr9WBqMZLxQfI74obOL6esZxRYKsDYFkNIY1Wcn
SWn0RonJ5EO7D8lbisiIQ2mMJhxxteOrpAEDzR3veMdquRAEWaVTxun7m9VV2pEn7Lroi+WK4eMz
xjSEgb40lfEw8HHMRcyDZwwb7EyUkZ7OpxReUfRCS43ukhfXE3cGg5KfVD46XY4yhuciFn35nQlE
qQAnrwMOOCCv9Ix5TPrMzvOb3vSma+qK/BFy4qIZ5TUuDxIPbOLkWdjhI8yX2LGqOYapPbM7VjRF
n/6oxI/2y668yG+KX+O1Wn7UM4IBedWU9TIY6vQMpQEt2onW1jboOwkTDZFMCmK5eEZojTtolQfX
BdSMgePyYMRi3H6wpLXrd20cUVlqfokF5WpbHMWER4uvtGM9pkl90HdAX60PIizKGu1SjXH1rHGj
q4zjfovYK5/ol/1fmT4LTxQ+7sYsw8HDhMPQw7OOxOQdPI5Sm/6ujMdvVsBHY5HyA1NwR+ioxRvl
Xa0u6PPYOapFDNDH4rUo3FAO5g21tkF4TiVg5XDsE9rw0Q69LiPYKGUpw1A3yr+GHzjGHf4xPgrd
Mg5pYViBT1UHMf6o7Ys4rG4mv8h/47b99RqLZcBlxz3jJIvwVH76TuYXEbtYJoWjjglTM5y3Xf+g
I+kjxjEfPWsOHOeYyhefsU59k+LUaIxx9BzHH8WlnQoThcOn/ihfOZ/uO/6UY1rMKz63tSvRO8yn
DwA7FnTA9+ymVLshH9olCwZiOqoblTvSo2cWK5RYTIK78o+LRLvm+X1xJx/GmtqcH6VRbcwXbfij
jgkxzno8L7ryoKZYFC/iIy9EVzMYUbe40mAk44Xic9xgTd4iHxRbKMDaFEBKY1SfnSSl0RslJid/
aPch+UoRGXGIc29hQVzt+CppYDw/8MADB/274uBjwKf9TsshB2lHXsynjb5Yrhg+PmNMizvPJqUV
Ax+nA8U8eMawwbxMRnqUpNqdrrAoeqGlRnfJi+uJO7J+2zye8Y6jjOG56PryOwvFSwU4+DA2MCZP
07Hz/Ja3vOWauiJ/5NO4aEb5jsuDxAMbFhWrnqPP2FliVy58j+H1jBxbc/RHJX60D+bWkd8Uv8Zr
yiP61DPzGFxNWS+Doebmigst2onW1jboOwmjXWTE5dS70jHmxR20ygPZqGYMHJcHIxbj9oMlrV2/
a+OIylLzSywoV9viKHb0avEVfXaZHvVB34Gr9UGER2bRLtUyPr81bnSVcdxvEftanmX/V6bPwhPF
i7sxy3DwMOEwrvMc58zwOLpv+ruaY44XjUXKD0zBHRmtr6vVBX0eO0e1iAH6WLwWDdFaJFBrG4Tn
VAKuw4t9Qhs+OvmhywjWp3zUjfKv4QeOcYd/zINFpWUc0mLxbzyxI8YftX0RR9fjRP4bt+2v11gs
Ay477hknWYQnHqTvZH4RXSyTwlHHuJrhvO36B51iGjGO+ehZc+A4x1S++Ix16psUp0ZjjKPnOP4o
Lu1UmCgcPvVH+cr5dN/xpxzTYl7xua1did5hvgznLOiA79GJqd2QD+0SnVp0qhuVO9KjZxYrlFhM
grvyj4tEu+b5fXEnH8aa2pyfk6dqY75owx91TIhxlvn5LBQ+Mc1Q97vf/W5omGUNkDq4Jh3z05zr
XOdq0vEozXnOc55m6623ngkcaSKY8yB98ulySbHWnPOc52y22WabBhqT0NEkYTP//p//+Z+uqPkb
ZUodVC4LbEJ+Zzvb2YbG6xMA/korc5qznOUszTnOcY5m++2375PMTOMkQT7jCBZgOqs6Xk/c4adk
+G+SMrdJR4JlHj7vec/biWMffk+DUZN2zTX4aXBott1226H820nEkI/wPmWDn2gDaVAdEqNp+vBg
mqw3SYk8SBu+nQVfgBv1RB+TVknOXfsAa/7OetazZtrGxQCeAkviU1/D+plxeHDSfnBQuevwAIbw
E30MGMK3w7BYB7I2SxZJgdYkAaJJxqUmnaaQ23KNkKRIapKiq0k7tZu0OCbzEOFoJ6NiR98E79E3
bbXVVjPtm2pl6HoH/9I2ttxyy9y2Ri1TMtA3SZDOSScDYLP77rt3ZbPu39JkfcDnsxrvJ237sx6L
06r2JilsmqTEba50pSvlOqCvp/2PWs/jVhztIu2+aNIOgCbtDGvSqTCtSTDnAQP6IehiDskclzSY
J9BWZuHoB8kHnscNm69OOv7MogykCV70S0lx0SThddCvgB9zky222GJWWfdKlzpORpLm7Gc/e5OU
P0PTmAR32iZ9Lnkyn2ZuM8yNOiYMS2fa34fx57TzW4b0mOMxJ5dcjcww7rxyVJzgY8m65NPlmCtA
k+Rq5FbJ1aOMY5RJedHPk9+s+vpkJGiSwnsgBw2T7brKPatvjDH0k2CB7D+rOl5P3OEn5jeMm4yf
SZnd7LDDDp0Q9uF3+k7GFnz+tttuu8xPnRlN8BHeR0/A2EUbuMAFLjA0tT48yHyX8UEOvp0FX4AZ
82TKojmN8pwHHz6Cf5gn9MEAnmIexThLGYf1M+Pw4KT94HriC47QSx9Dvw3fDsNiPelbz7zSorQm
LXhtknGpSacptMrVzAPTyR5ZVkiLY3rJ1fRNUa4eNrauJw7wg+Rq2tao/EC/nhbCZlLTEe8DGXs9
ae/KKy3WHcjVsxrvJ237sx6LDz/88CadfJBlrnQtVIaLvn7WcvWmTZuatBC6STudm3QqTGs1MecB
A/oh6GIOKbmaecIs5WrmnpKrh81XJx1/WgGY8APzxb322iuP3fRTsoXNs1ydTsDI9ZpOIR5a+klw
p21KrmY+zbg/zI06JgxLZ1m+23C+LDXtchoBI2AEjIAR2AAIyOiLwjGtGm523XXXVqrT6vVmjz32
aNIpL52KgNYEFvRD2t3U8Jd2mTRpF8KClnJjFyvthmnSvZpN2t3bXO5yl1uXwqSV17mt0KYwnkuI
XpfMlywTDGrpdJhs3EinGGTD0JJBMLXijjMmTC3TEROy4XxEoBzMCBgBI2AEjIARWHcEZPRFrk47
HzsXR6a7l5uLXvSiTTrlpUkngbUa2Ne9EJs5Q2TpdNpkk3bgZ/l6M5Pj7CsIoPN41rOelXk8nVZW
CTH9V+k0yOaGN7xhblMYSS1XTx9jpYhczYIIZMK0I9xytYDp4Y8zJvRIfiGj2HC+kNXqQhkBI2AE
jIAR2DgIsKodox4nDqRj/rNRD+rTUf4NO3N32WWXNYVJR8I16f72Jh29lb+lI9vyynFW7z74wQ8e
rAxfE3EBX3BSATv0WTlP+dPR37mUKEnSsWNNun7Fyo85qXd2AT796U9v0vHjeSfMPvvs06QjvfPO
O05PuPOd7zw1SlmFTV7sRGAFcjq+PedJBunIuCYdT5bb3NQydEIZgXQsYd71kO71zr/TFULNTjvt
lOuYtpiuazBSQxDoMyYMSXImn204nwmsTtQIGAEjYASMgBHoiUC67qnBqIdczalH7IjFpaP8m3S0
cjaOl0mn473zKW/pGOf8CRlBcuXRRx/d7LzzzmWUhf3NyRfs0Ff5WeiMQ65OR0Q36foVy9VzUvvI
1emKvQaZi9MOWLScjkPPMle6Bq1J1xVOjVLkavQq6VrOLFezuIQ8cSyuOOKIIyxXTw3t/5/Qd7/7
3ea4447Lp+XxNl0hlPV87EKnLabrGv5/YD9VEegzJlQTWtKXNpwvacW72EbACBgBI2AE5gEBjtDC
mHTKKadUyXnPe97T7Lnnnmu+sbKY49lrri1OLewivEt3ujUIhzWX7hRv0t2Nc3c0dI3WZXin6wVq
ZZ12XSFQprvMBsbymKd2ntjwF1GZznO6W69hIU/NHXXUUXlhT+2b3/0Hgb5jwubAz+1nc6DuPI2A
ETACRsAIGIEaAsyhuJYp3WVd+5yN6Bx5XLpDDjkkXyFVvuc3hvdanFrYRXj3jW98o/U4dq5CS/ei
W66ek4rW9QI1cqZdV8jVXGclY3nME7maExuGHYUe4/h5NAROOumkvJmmFvqxj31sg2xt145A3zGh
PcXl+2LD+fLVuUtsBIyAETACRmCuEGBlN/fzlPf+cu84x0rX7jhkhfGPf/zjvBq8LAxCzaj3lpVx
N+Jv7sri2Cp87qCUAz8EuWXaJaCyz7OP8Vx3colO6goj3Ch3hyrOKP5Pf/rThnuzyrZF++A4xsgv
o6TnMMMRoG5ZHc99Y9HRPi90oQvlNhnf+3ktAn3GhLWpzP6NDeezx9g5GAEjYASMgBEwAqMjgEx9
+umnr5GFmYde/OIXb5WrMfzVjpvmjt5lk6uR1Uq5mt/c2c5c3m5+EMB4XsrV1BX3ve+4445TJRTd
0x/+8Ic17YH2QduyXD1VuHNi1O23v/3tNXI17zmVEl2XXTcCfcaE7hSX66sN58tV3y6tETACRsAI
GAEjYASMgBEwAkbACEyIgA3nEwLo6EbACBgBI2AEjIARMAJGwAgYASNgBOYQARvO57BSTJIRMAJG
wAgYASNgBIyAETACRsAIzC8CNpzPb92YMiNgBIyAETACRsAIGAEjYASMgBEwAn0RsOG8L3KOZwSM
gBEwAkbACBgBI2AEjIARMAJLiYAN50tZ7S60ETACRsAIGAEjYASMgBEwAkbACCw4AjacL3gFu3hG
wAgYASNgBIyAETACRsAIGAEjMF0EbDifLp5OzQgYASNgBIyAETACRsAIGAEjYASMwDwgYMP5PNSC
aTACRsAIGAEjYASMgBEwAkbACBiBDYOADecbpqpMqBEwAkbACBgBI2AEjIARMAJGwAgYgZERWGjD
+RlnnNG89a1vbbbddttmv/32a7bYYouRgXFAI2AEjIARMAJGYPERWFlZad75znc2Z555ZnOjG92o
WRRDiOdAi8+7815C8+C815DpmxSBRRkvRsGB9vz617++2W677Zqb3/zmlqtHAc1hjIARMAJGwAgs
EQLI1W95y1sa5gw3velNm+23334hSu850EJU44YuhHlwQ1efid/ACCy04Ryj+cEHH9yc73znaz71
qU9lQX8D15VJNwITI/CSl7ykede73tWc9axnba53ves1hx122MRpTjuBf/7zn80RRxzR/OIXv2jO
cY5z5ORPP/305rjjjmsudalLjZUd7f7YY49tdtppp+YnP/lJc7/73S9P4MdKJATGuHbiiSc2Zzvb
2ZrLXOYyzdFHH52xDEGW5pE6OfTQQ7OR8ac//Wlz73vfu7nFLW6xNOWPBRXP/uEPf8h8e9RRRzV7
7713DOLndULgz3/+c/Pe9763ec973tP85je/ybmi5D/kkEOaPffcs0rF97///eaqV71q/nbyySc3
V7va1arhNtrLZZ0DuT3OD6cuKw/OTw2YklkjsEyG8ze84Q3NbW972+b85z9/881vfnNhFpnNmkec
/uIicMIJJ+RNGsjVLLy8//3vP3eFZU6EjPazn/2sOec5z5np+/nPf948//nPby596UuPRe/HPvax
5mEPe1iz8847Nz/60Y+ahz70oc0tb3nLsdKIgTGuPe95z8ty9eUvf/nmcY973NLK1eg97nznOzfn
Pe95mx//+MfNAx/4wOZ2t7tdhGtpnsWzv//97zPfPvaxj202bdq0NOWfp4IiV6M7fNvb3tb8+te/
zqQx7zn88MObvfbaq0rqd7/73Wa33XbL3z7xiU8017jGNarhNtrLZZ0DuT3OD6cuKw/OTw2YkmVF
YKEN50zub3azm9lwvoDczQD+oQ99qHn3u9+dhYsdd9wxT9AwZn7mM59prn3tazfXuta1FrDkkxXp
bne7W14BSio3vvGNm1e84hVzt2PkT3/6U66/H/7wh6sK+/73v7+50pWutOrdsB/sjMG4K/fkJz85
G9D0e1z/0Y9+dPPMZz4zR5tX/FSmb3/72w2C5j3ucY+Mp95Pyyf9KAhNiu206Noc6ZQ8u8xYbA78
lSeG8hve8IZN2XfwnUU3H/3oR6v9HYtApDzs088o/3nzF20OdMoppzSve93rmkc96lHNRS5ykVa4
3R5boVn3D4vGg+sO4JgZznrcH5OcqQRn59JznvOcBkPPIx/5yGbrrbeeSrrTSmSZDOennnpqNl7Y
cD4t7pmfdJCrWXSIceS0005rLnjBC+Z50xWucIXm4x//eF5sfZ3rXGd+CJ4TSm5/+9vneQnkoHN6
85vfXJ1nbk5ymRNRjywSjQ59iRaNxvddz6961auau9zlLoMgz372s7MBbfBizIeHP/zhzZOe9KQc
a17xU5FYLHTkkUc2973vfZvrXve6ej01n/Qli5DopNhOjbDNkFDJs8uMxWaAf5AlhvKrX/3qa/oO
AqBz/fKXv1zt71gEwqYVXJ9+Jkecw3+LNgdiQ9ArX/nK5glPeEKz6667tiLu9tgKzbp/WDQeXHcA
x8xw1uP+mORMJThy9dOe9rSGjW+0/XmTq6dSyBkkstCG829961t55SrHw8AU22yzzQwgdJLrjQCN
/A53uEPzta99rTXreTdqthI+4w+sGv3IRz7S3PGOd8y7g1/0ohfN5cpuJup/+ctf8mT8gAMOaD7/
+c83fQxaf//73/PxyxgyX/CCFzSTGjT/9a9/5cUa0MTu6nnFDzZiReI973nPicvcxZK/+tWvmm98
4xsZi0mx7cpnI3z74x//2Dz96U/PCyuWHYvNVV/i+XOf+9y5HlAUwqMogS95yUs2e+yxR5U06o7T
I+h3mCvssssu1XAb7eUizYGY5LOTCwF/lLHA7XE+uHWReHA+EO2mQn3gIo1BKOxucIMbNL/97W/n
8vSwZTKcM9/jRJ0ddtghj7GWq7vb40b5yolcN7nJTbIRpI3meTdqttE96/fI1R/4wAey0ZzdwSed
dNJcytXMhaGVE9PYIY4xq49BC7mao2JZSP6sZz1rYuMucjWLNW51q1vl3dXzih989OpXvzrvCJ+l
EfeXv/xl89WvfrW5/vWvPzG2s+b9WafPKW7IZCysmCXmsy7HRk5fPI9cjc7ryle+csNi8x/84Ad5
kcdVrnKVavGQwTgxgX6HDScXvehFq+E22stFmgMhV7O55sUvfvFIY4Hb43xw6yLx4Hwg2k2F+sBF
GoOQqzmFE72nTw/rrv/4daEN57Ggfl4MBJis7bPPPnkixiTuhS98YW74CHEIW0984hNzQefdqLk5
a4Oj1TAgsbgAIwTHy82zYzU6Ru9RjCVt5eBkAo4/m4YyeaPgpyNyp1HmNlx5r2OuZ51PFw3z8m2a
fDYvZdpIdKivePnLXz7RlQwbqczLRKvqd9SxwO1xmbjDZQWB9Rr31xPtv/71r/kkEQwK83jt1jIZ
ztez3p3X+iDAzsArXvGKDe0LuRpZmuN3MXy87GUva4455phMyDwbhdcHqfZcOOUIwxCLCzh6fN7l
aq4tw+jdx3AuFDB23/zmN5+KQXOj4KcjcmetQNcx17POR3U5z/40+WyeyzmvtKmveNOb3jTRlQzz
Wr5lp0v1O+pY4Pa47ByzfOVfr3F/PZFFruYkEeb/NpyPjvzCGc45aoxjpP72t781ZznLWZp//OMf
Dcd4s7qW322OI17f/va353tRMc5uscUW+Xhj7nDCaIeAAYNFRx4cHUq873znOznO5S53uWyUfN/7
3pePNeNobBx0IYyyi5ZVHhztxTFouHe84x15R9zZz372TC+06nibHOC//9g195rXvCbTqPcclXzg
gQc2u+++u16t8hkIX/va1zaf+9zn8nsEO44x//rXv57zeupTn5pXH6+KNMc/pDgHO7AXhiIZAZ+6
qhnOwQ9FOruXqS/c+c53vrzajt0skT9YhcdxaxwNSb2ceeaZgzpDaU8nSkez5ZZbVu92ZlUe8Vml
BA/iLn7xizd3vetdm2kedTcOD2Yi0r/vfe97+Q7fO93pTs297nWvBiPTpz/96cy/GJehkRXpNYcw
98Y3vjEbsbk3+N///ndeuMBK8Utc4hKDKNxJBb+TDrx/8MEH52NAoBceVvsEc/LbaqutBnHLB9X5
KMYSVtNzhL+Oo2NXDKu2v/jFL+b6m4ZxV/hxVB07jMGO0w8YhLbddtvcvtqOOwILeJA2yckJOO4y
4wSF/fffP/NaWf6+v1/60pc2D3rQg/Jx7dxtR9446gyerjn4lnb1yU9+svnKV76SeZe+EL6AX2r1
JDyELXVA+eB79cEXvvCFs0Ip5jkOFqTJtQI4diegnAJ3juKnv6ZtsRuV+/EmcRxTyVG3wgf6URae
5zznGSTLzhL6T2FBGHiBY26i0YIjzLi3j3vqqOPDDjss75obJBQe5hGLQF5+5I4y+gr6PRxY77vv
vs3vfve7PL6Af3l8NuMqmDAeskuFfoFjIekvyvvG6Z8ZS8EV5S3jFP0sx4jBSyhyH/CAB+Q+OxPw
33+kS52hqDzuuOMahPvHPOYxGWv45gIXuEBDf85YUSoz4XXGAtU3+TBmDzuyCIUyfMAuLeqfY+CZ
H8A/jBnkRz8P3/fpBycZf+ClceZAtPXPfvazGU3mEey2Z1eBxgT4nzmG+D1iz/OoWEzSNmnz1B13
abIyHp645jWvOejToKM2ZvVtj6QHJoxVmjvRD9JHc1oL84ZJXJzz0eciuLzkJS/J8xbuDuUYNvjm
S1/6Ut5tw46AyLvUMWEY6zAkao5xvetdL19FEuePjLWahzD3pC9nDPjwhz+cDSXwGkeDcrVN3D0q
GvnOYkX6WPJEwc1Yt2s60o/3jLGlG5cH+7Z95bsePEhe48y36JPoX9RuiEv7Yq4JPlw5QN9J30P9
MTenP5XrI5MQt8+4Dz2jzEsYa5n/Me8Fc9olfTunCjzlKU/JfMTOMO7ChBeZE1zsYhdTkXr55AHf
cncwO87hQdoffClXa/t8G2f8UVp9/EU3nMMf9E+atzPmMp4ixzL+tTl2MsAvjOuMi/Sh8AXj4vHH
H5/TLK/UIg/6d+Ix1yAOC33Z1QaPwgfILTjogt+Rq5HROAkKmR2H/IUcQPuDXubYpbxIOHbNYRyG
Rrm99947n9Z02cteVq9W+YyZzIXoe3HIPhzbrDnzc5/73Op4tCqROfohxfmFLnShPPcXhiKRcZf2
XTOcgx+KdOYLmhsy57rPfe6T+7PIH7RZyT7UCwveVWcnn3xynrcgS9EnIrvc9ra3FQnZZ/5IfOqc
OsVxktAhhxyS5bz8Ygr/xuFBZcc8EloOOuigvMuSRf0cbw//MqeExrZ+irGCMRoM6EsYn5nvwrOk
Kcd4Aa9KrkamYK4KvbxX+wRz8tPYo/jRV52PYixhHs3cVnoTrmlg4T1zJE4pmIZxV/jd/e53z/eu
gx1HQNO20TXQb7SNJfQD8CBtEnkLxxgBb93mNrcZzO9j+fs+cyc8uHPEKTxK3rguuRq+pU/jqih0
EfCu+ALdSK2ehIewpQ4oH3MF6pc0dk1zMGSp6MbBgjSZ6+OId+tb3zrzLPID/TW8x3y07aSumG/X
M/MBdkiqnNCPzIy+RI65EvUt2Ysw8AK/o9ECOeIZz3hG1plSx8idcd6k9PDnEYtIH8+cAElfoRM0
uY4QOUOn64A/9Rwd4yq6D8ZD+ICw6ILpL8r7xumfGUvBET0G4xR9DYt7iMsc/hGPeERDm46Ob9QZ
csfjH//4LAsxBoA1fINenf6cMSPKJqQBrzMWqL7hWcZs1W3MJz4zp6QPRB6g/tGhMBaTHvoy8mP+
jIzapx+cZPyBl8aZA9HWmSfgmEfQd9GWNSag9+RESGEUceB5VCwmaZuSqxmrmbMgE6J3oaxytTGr
b3skTeZM1J3mTvSD9NGMmyUPioZR/Tjno8/92c9+1pxwwgl53nLsscdmWYW5AzYATkCg3JF3KTfy
DH9cMUYbwDHnJGycPzLWnnjiibk/Zu7JGM8YgJ4aeR5ewx60adOmVXK1aOQ7umn6WPJDj4pcDZ/w
vqZjGJcH+7Z94b0ePEhe48y36FfQTagvATPaF/0S+LAZELmPdkX9MTenP5XrI5MQt8+4Dz2jzEvg
F/pk5r3og2iX9O2MCbRL+Aj+RZ8FL9KPRHuLyjaOTx7wLeMFmDAvof3Bl3K1ts+3ccYfpbVQfgJp
JJcG5pWN8Jcqn1pf9ZcUrCvpqJhW+pOwuyp8GZ/fSRm0Kn5SIK0kRXlnvCRYDPJNk/mV1BEOwqdO
O6eXOvZV78krTRxW5QXuacIyiFujL91lvJI6i1Xx0l2AnXGgJykWVsWZ5zqO9ZQmjVW6kyI5lzkJ
+qu+1/gi4piO6V0VvqwvwqaObSUpitZgWuKYOrw1YWJeaYX2CulPivW4PKj8kqDcSV9adDDgW8WB
t9LxjJ3x0r2zK6lDzeVKk8NVYdNkIr9PE8lV70vslF/00+Qyx1Ea8Vt8ToLXqrQj5npOityJcR+G
H3nBf2WfA/8mA1srjWDxhS98YSL6yIN0VN42Pwnbg7oShvRFaQLSGpf+Dp5T+P/H3pmA2XNUdbuS
sINJSFASWQKiIQgkomyiREAgEoMCBgExATQaMC4Q9vAh++YGEqKiATcUBUQExIAYQAVRQRQXEKIB
RBCVRYOgqMxXb+t7PVNT3be77yx35l/1PDPVt7uWU786darqnFr0xUNsa22Nckc8pmJR8lNfuWqy
UzqX+fB4Vs5sKX8e1C7KXAuTjbwbedDbhckD6S3xI63K/UjLOmIR6cvG4Y2sMB0sF2Us22c2Og7G
QQ5mI9wC27zgaTA8ecDbWcm4iAOd2aC/NF6sI8sGL5ftcYw8GiNnoBV5WfKtGC2Tg6v0P7X21zcG
qvFz5FefGcvk3WibcAfHKViI+1Q/TzyW1i901trWnPaYFYYbWeE6mGdWHGzBYmy5kLNZETaYvrjr
58n+pvzOPffc3vjwOjJFekpeM83Sh/ezsqeLN4XGrMxd5GWeU3iQOHPbPnF3gwfJZ+p4q1Ym+8Fa
+/YbeVF/Zf2Uv+OchPBz+/0p/U9W8C6lK9IJn2eF5xb+oIxj/hhTxvT6nrPCb0t6U/ufMfT0hRk1
id7HgbICbks9ZAXrRlYM9ZYKHu+rL9/TRqLLiq6NbEgfjJcXTS7yzYqfjazsWYSHP3HZ2LbpPfkx
TijdRRddtIgrTdHPxrGNrAzdFC0bEQbjQA98sl9crCfmrjWXFc1dmWmP0dX4IuL3jGc8IwbfKOuL
sPTv2YiwBdMSR/qmmHb5nI3sXfqbMpzxYyoPmgXj0pKm+JsxdNle4C10NzFc+ZyPqd7ISs4um3x8
96awzL1w2cC16X2JXReo+Jfv6O7imEbxefFzzPghK3IX4ec+LMMPXOC/EkP4NxvYNpU/YggW6LlW
ceRBOjHd2nM2XC7qyvyQRfnKqN64yDt4rnTiIba1tka5Ix5TsSj5qVYm3jGPmevg8azs31L+vNBm
kWQtDONY5ic49H19tPFeub9IMD+sIxaRvrwYcCMvHhgsF2Ur22c2Gg3GQQ5mo+Eiq2zsHQxPHvA2
87vo8uaApfFiHRkXXi7b4xh5NEbOQCvysuRbMVomB1fpf2rtr28MVONnaC//GMvkRQVCt/CnYLGI
NPHhTW960xZ6Svr4nRfWbEl5TnvMBs6NvAB8ME/0d3MdcjYbnQfTL8vHPD66vJisNz68nk8bXQQv
ea1M29/wfl4Q1MWbQmPeALLIy4cpPEicuW2fuLvBg+QzdbxVK5P9YK19+4286BOslz4/zklW6fen
9D/Ylvroqb2Hz/PiJYo0yzGmrKVbvkOPU7qp/U8Z/yD8ZnXBKNenMFjH9yin8wrHjbzypGMODIEa
9Gr05l3XXTgU+XmFRzdYQ6Gfd68tmEujkPExpsBkeQXSQtmIwhVBLPNFwznxGHzm3bPd95ge76HX
byrXzSvvtFykyUArr9TaQLGZdyNtaFQkz6hcZaKgIi3vXOqUfgyMyEvj2BgjgTSsg59Xmnc4oIzL
KxK3KMqgkYF2Xi27ZfGBilzKjOCl08u7ZDbyiuEuTd7nFb6b0kTRQr3kFY4L/MGZsNQJ6fAclYN5
BfYibL4HaOOSSy7pOtu8U7tbfCFvMICA1lVwncOD5McgUzqgHwUj+IgF3+CTSJtthG+0E3iQQQQ+
RljTk69RlkKf2EWeZnAkruS/bPGGPB7TiLTxHDt5BjgovBjcGbekr4w/5XfEj3QpA7xAO8ureRdY
POpRj1pgGI3S0Ed4BkHImdhpRl6aQpNhV1GgSyP00bFixIdGBs7iVzNMiweLe6Ajr25ehM8r/TYY
AEKXNJoPaY7FAtlF/ctPxEUWwqfQBG68gxdXaVeURfmYV7tvsBDHvkPDIWWJZUQWmGc01OWd1R3N
0Cjd9BdRdq0zFtQX5YqTe+oTvGlv+VqMRT2DfWyfeXfK4htlRg5SbvrXvHJy8S32kbQFeMW6JE0m
yfAhfRu/+SsNpCiYaOf5LrWN008/fREur9Tv3uWV7hu0RbCWB/Wp77yKcwOFMe14mTyyH4EOeBe5
mFeEbpxxxhmLfHnP2AO5toocnNP/WC7qYuwYCAVJXk27iX54mrJecMEFi/elcWoqFtI21YcnrPsh
v+QL8pnaHomjQpm84D/wYRIEpsoGvsE7U8tieHg69rf0AYxbLB98SBvKJyd078qFTnmXTfeeiT7y
BTlNuySedJsXPnVn2vqMQfLK/26Rl+/gXRdvIecYw/gNn4VFKCnp5+P72kLGKTw4t+3vFg+C4dTx
Fu0/yi3mIfCS9ZJPMljIOvoHxlJ+c7w1dk4yt9+f2v/klfGbxivQB//FMSCLUOFd5XgpNyzjGH+u
4XxO/zOGnr4woybR+zwQ8i7vjtvIO9W6to8hUINerWj0i8gIFPn0gyiTUejnU3gWskOjkPExphAn
72JbKBtRuCLblDfRcE48lOj5ruXue0yPsQb0+g36o8s7fxZp5t1CG3knS2dwRxbFPiAqV6l/DWh5
h3qn9EPxTV4ax8YYCSIde/2cd/N1OKCMyzuMquRQd4yTysUH9DvUC2XOJ2hsoANhgZHjBt6zYDY6
ZCD1kncILfA3DeqEdIgXlYPMza3/29zmNht5N9hG3q3ejc3jAqW8K2zLQoeY95jnOTxIuho6LQsK
RvARC97Dq9HZRvhGO4EHKRc+RljLLF+jLIU+sYs8Td2I6xgelMdjGpE2nqNxgLFB3r3XjeWNW9JX
xp/yO+JHuvIU7exud7vbAgv6F100SkMfvJN35XdyJi64jLxk3Cn+Kgp0aYQ+xqiMC6ARfYH4le0K
2sSDxT24uEAw7wzv+thoyDEf0hyLBbKL+pefiIssRJ7Rr4Mb7+BFZMBcR1mUj/n0uw0W4th3aDgE
41hGZIF5RkNd3lnd0Uxbkm76iyi71hkLMKRc6Besf+oTvGlv+SSWxXu+x/bJGNE4lBk5SLnpX1lI
6bfYR+YdjB2vWJeEQbcNH0Z9dbn4AH0H7TzvRu90fqadT/Xs3uXT3zZoi2BdOuo7n8jW6cZpx8vk
EXLS9OFd5CJzk3z66qb3jD3og1eRg3P6H8tHXYwdAzG21gZB2SgXPE1Zn/a0py3KxRwmuqlYxLhT
nuMYWexrfskX5DG1PRLn0Y9+9KLM6GfBB0MnmCobyB/emevg6djf0gcwbrFc8CFtyI2I5UIndEaE
ZeMT8gU5TbskHu9pN9HF+ad5MAZBPxjnLtQ9tOGQ2YxhDI/PwiJ0APTz8X1tIeMUHpzb9neLB8Fj
6niL9h/lFvMQeEmHrUVZR//AWErneGvsnGRuvz+1/8k77rsFpNY99MF/cQzIIlR417KVcsMyjvHn
Gs7n9D9j6NlvYQ6k4VzlBhM4FJ1DhnMMA/kI4k5YafQzPr5KWzqP+D4f397FQfGvYcXvKrEwOGhQ
8ZvK0VpefosGiKjYQqibTvRVokajm4ZEFKkoAmJ4cLn73e/eKbYQ4vHbOj+rBB+qzzH0s4OSToyy
g68nB0TcYzrR+MpgF+WA3+MuWt4ZFnzB2XD61jECkg7Q93P8uTxIvuQPb6gkJ3/4OB+L1H1DUSVN
cfKMor7kaX47kSZNBj7GFY8atnwjPHVh+Jo/lAbhoVuDGW2AjjKmE42ctXYXw455Fj8whB80qBo3
7iBggsh7653yIh8Mqx8HYHEBjN+n+PAkdSJ/WGbo5A/l97L0CIPcUHY4oDStGF88mLhFIztKlpJX
iLcKFvJCyYcaNaj/VWWaC6YYqEAvZfCkCSZNvEORR13m43I21b8yqtydb/iyfaw7Fp7gAa/X6j6e
rmEbj3KExQO1+ogTShS38pN9NvkxcfY9voO9Wr9qOPGsGVEN0+fTjy6TR/a1lIvJRUzLyRgLBehj
4jf5VozKb0P5Gld5M9T/xHR5Fs9lfabyhwle7JfgfWUrbTumPxeLmMbYZ+QWtKhssn9aJtOmtkdx
AGsmZyV94KkxedXFb/IqE2zyoXwsTCFvDdHSExeYRJqQ9choeJH4Li6shbe+SJ9FFTEdFLfwIN/g
N79JI+9dGOU38nVBUBx7+l1/LA8ajrzGtn3LNLU9StsU3/506pjf9ks8+NU8wc8TL6JcoB7nzEnm
9PvWL3U/dlxiGyCOY718fHrHO/R7ltFyx7JZ9im+PA5W5Ml4lHe2ffMzzVX6H9OY6u+3if8q9LJD
BEXnkOEcw0A+erPjCY1+MU+VtigLo5MfUfxrWPG7Siz6AA0qflM5WsvLb/RruqjYYiFfzTnmRVHl
7g7nQihSUUpGBy752OpOsYXxc784leBD9TmmLOygpN1QdvD15ICIe0zHOSPyHmMaCyR0cRct7wwL
vuBcOuuYtFZRvJPuXB4kX/KHN1SSkx58nI9r7b5FAynjOMLzh6K+5Gl+a2wgTeScTjxq2PKN8NTF
kBtKg3jQzcIo6KMNMCeMLho5a+0uhh3zLH7kBz9oUDUuxhbx4oQvnPVOeZlnlI5xkXHiApgy3Jjf
8CR1In9YZujkD+X3MkcYFg+5I9hFxKYV44sHC0OikZ0TfkpeId4qWMgLJR9q1KD+V5VpLpjK19t1
xaQMnjTBJiAc/Tp1mY8v3lT/yqhyd77hy/ax7lh4gge8Wav7eLqGbTzKERYP1OrDRW2ky4JFnX02
79GHRcdcmfe1ftVw4lkzohqmz6cfXSaP7GspF8bK6DwVhoUC9DHRybdiVH4byte4lH1Z/xPT5Vk8
l/WZyh/m1bFfgveVrbTt6OZiEdMY+4zcghbKDw72T8tk2tT2KA7kwdy9dOCpMXnVxW/yKvoiHOVj
YQp5a4iWnrjAJNKErGd8By8S38WFtfDWF+mjH4yORRrwIN/gN5008t6FUX4jXxcExbGn3/XH8qDh
yGts27dMU9ujtE3x7U+njvltv8SDX3Xg54kXUS5Qj3PmJHP6feuXuh87LrENEMexHvYZ6o1+zzJa
7lg2yz7Fp1yMQ8CKPBmP8s62b36muUr/YxoHxT/QhnONzsuUxgxcYE7+UFyyQj3fodMJNAQmu4hL
RQor/YxzyimnbCBoGBAyCGHwwsAHBU4Z72f/9yjfmhHCb1HRROMwH5Rp7ARDge0fCkYVVCiVNEKi
ZECZSVw6bXbdkSflQlnBMS2sUizpW+ff4rOsPmtlQCgw6BMTMY1+xD2mIb4Y62p1alj5jTQxnoCz
9YRPXUWjal9+prfMn8uD8lS5i438MBZCf+RP84mK0pI2+E5sNWoQRuxqZeVb5NkyTX8PpUEYeF0F
NJN540XfgUAsV/w+5Vn8+min03MxBivcSNsygG3ZhvOdvd0uHNIrsZ9CVxnW9jKlzMg7F09AS/lX
S0s8YliMDCU9/l4FC+OWu9jkgb46Me8xvouONIqrLKV8XungYE+jl+mKeWm4RW5ogIxtwfKQ9lS+
MO5OYqGxCCwwmFjO6KvQYmUu7zEIKQvYdRPD+oxxSDyQib5XhlKPpON7fOulZhQ0nPjX+NQwfT54
DvEP7dq2EWWc6UWDkv2w36yrWPfx21C+xl3W/5he9MVzWZ9pG66FkwcipqtgEemb+iwWNRxrackP
Y9uj4WmPTLw5GaTsw+WBIT6s0VK+M69Im+VjfEZ466U01qLQdBFBlLs+1+rRtGN7izRpdKfteiqG
NPaVVcM++dr+Y5o8j+VBw41t+7vNg46DKOuUMT87y60Xd8yAi0c+1+pqzpxE3K2z2F79VvryBPSN
7X9iPSnn5NNYFtMe21ZL2uLvWp7xe3xepf+J6Ux5PigKgTHl0Oi8TGksH8JbKC7hR/oSFoYyZmEx
YelYvGFbYYEShiVOQ2HuBh9x5CUKnNKpyK0ZIfwGj+o0SpEXyjR2gqHA9g8FowoqlErwAo4dUigz
ice8ml135Em52N1EW9fIbl7r7ovPsvqslQNjN/NcMbHuoh9xj2mIL8a6Wp0aVn4jTYwn4Gw94VNX
LnYlTF9+prfMn8uD8lS5i4380A1BW+RP84mK0pI2+E5sNWoQRuxqZeVb5NkyTX8PpUEYeF0FNGPv
mhsy/NbCD70Tvz7aUeS6GANdCs4ygG3ZhjlJjz6N9Ersh+hY9s32EutyWRzknYsnoKX8q6UlHjEs
884+twoWxmU8F5080FcnMeyyZ+fRGsXjwhGvdNDgoNHLNMW8NNwiNzRAxrZgecBuKl8YdyexUH8A
FhhMao6NB9DvKRUYhJQFLFSsOYxD4hF3xypDqUfSic56qRkFDSf+NT41TJ8PnkP8Q7u2bUQZZ3rR
oGQ/7DfrKtZ9/DaUr3GX9T+mF33xXNZn2oZr4eSBiOkqWET6pj6LRQ3HWlryw9j2aHj4mfkuc82y
D5cHhviwRkv5zrwibZaP8RnOeimNtZxC6yKCKHd9rtWjacf2FmnS6E7b9VQMaewrq4b92P5jmjyP
5UHDjW37u82DjoMo65QxPzvLrRfmBjpsXLyv1dWcOYnpWmexvfqt9OUJ6Bjb/8R6Us7Jp7Espj22
rZa0xd+1POP3+LxK/xPTOQjPzXCeJyYoWjR02RBLn8khzOwfin863DJc/I2xrjS02nBrSi2/RUUT
jSOmOfRcKt/jrr5avL7dgJZx3XwV+Bhxphj9qSt3coEDCg92LXKPKZiJTcQ9ll0FYGmgimF4Rrmn
Adc0h/ya8aVMc+j3XB6Up0plPHnJg5E/xeQGAG0AAEAASURBVD0qRUu64kINd+USRuxq2PKt5Nky
3WVp8F2Dmqs6a2k4SI3lqoUb8078ho4Ft9zmN2TkKHmEY5zG0LEsTK0uh+JE5RM0Ud8PechDNpAT
0mh5YjriYRjjYtiI4XxeBQtxLflpimJdOvp8DaCUgyPrGPhYNrCgXN4xXNIxhHmN9nXHwvIgL8u+
rA8/2+NQ244y2cUlpDdUj/JZTW5Ji/TW+NQwff4yeTRmcQY7YGvlrtW9dCzL17jL+h/Ti754Dslu
wg9hW8N0FSwifVOfxaJsd33p1Gg3bC0tw9veh/y+e+NNf5lvXpFXS5pq9RJPgYC+U089tVsYySk3
0ltrI6bdx0cawSP/SmM07sdyyV/k21cnhlnGg4aL+ZtXDYfd5sG54y3K4M54eIb+A4Mz5QQ3F0lY
Vvw5cxLjW2eRr/xW+nP6n1o91epHfuvji5KWod+1PPvCr9L/9KW57P1BUAaMLYPKlqjMqcVF0aKh
S7lU+hhBo0PxH4+4LMPz+0n5qNjS0Dqk1PIbPKpTIVVLv3xXKt/jrr4yLL/7dgOa97r5zo0w4kwx
+lNX7uSi3My/kCecxAJmYhNxj2VXAVgaqGIYnuE3DbimOeTXjC9lmkO/5/KgPFUq48lLHoxKV3Ef
akdxoYa7cklP7GrY8q3kWeKUbigNwmpQo17ps2pOQ2csVy3cmHfiN3QsuDSb35CRo+QRrj/ZDler
y6F03WktPdT3Qx/60E5O+M7yxHTEwzD4xMWwUXOrYCGuJT8p68fwU42m+E4DKOVAf+cpcfxGZlIu
Fgfzu6RjCPMa7euOheXhWPyyL4uYxWfb41BdRJns4hLSGKpH+awmt8xfemt8apg+n/oZonnM4gx0
6bU0anUvHcvyNe6y/sf0oi+eQ7Kb8EPY1jBdBYtI39RnsSjbXV86NdoNW0vL8LTtZX9998ab/jLf
vCKvljTV6iWeAgGNXEvGwkhOuZHmWhsx7T4+0gge+Vcao3E/lkv+It++OjHMMh40XMzfvGo47DYP
zh1vUQY3xMEz9B/M0ygnuLlIwrLiz5mTGN86i3zlt9Kf0//U6qlWP/JbH1+UtAz9ruXZF36V/qcv
zf36vhnOc0PjuB+OfkLBg4KQeyX5Y5e2ArOmzEO5xc4fBsbG4S5VFWLELZVGQ0otdyPHOCqBSIsj
mhhssqu29seEEeWeSh52DbFakVW3pA2N3FcTFwksU66xGggBVDtu13x2y48K45qysY8OBIz1CBbR
oAdeHosZcY9pjVUAqsglL3amQm+tnnjHt74dnDHvZc9zeFA8asr1Gn86wWEnWt+CBRSbLhqIOPZh
5w7cWrsqy9yXhuFU+DPBR7j7Pvoa/5fxe4zT9yx+8VjSGBaewtAIH5ifCmqMGxgu+viCIyzdxRXT
nPNsXfYZPWKasf6e+MQnLnYcGsbJv+XxPb54cGwvO4zdbQwGyNYYludVsOjjhSmK9ZKe2m93UrA7
yuMSqU94jLpjZWR5XznpiHkNpxrt646F5anJihpuvIN/5QH6x75wlj1iNVSP8tkQLdIb0+zLv3xP
/QzJI2SWxkkG0WV8ZLHHCZdtuFb3xB8jB/vilvnXfovnMqPlELY1TFfBokbn2HdiMbb/r9FuXqYV
+yt2mNPO4YNLLrmkV04jAxgbmdYcv0ZbSVOtXmw37CxhYU/M213RtTZi2jXeJQ3HmrENSCOLRGM+
PscxD5j4PvpjedBwMX/TqeGwFzw4Z7xFGRyjwFuMp5h881w79Yfwc+ckxLXOxvT78tKUcUmtnmr1
I7/F9mV9TvVrefalsUr/05fmsvf7VQEwh26VLcsUdhz7x1gY3kBByFUP/D3iEY9YzMdqyjyOD2Tn
D3M14zCfUiFGuyHN6IaUWi4IjXFUApEW17ExTkH+1f44bhPlno5dQ1zFwoJKTtuBRubWcZHAMuUa
82l2zNSO2zWf3fKjwrimbOyjQ6UeGIJFNOiBl8diRtxjWmMVgCpyyYedqdBbqyfe8a1vB2fMe9nz
HB4Uj5pyvcaf8BxlYida34IF2pqLBiKOfdi5A7fWrsoy96VhOBX+zHnYHVxzGv+X8XstbvlO/OKx
pDEMPGV/ZX4qqDFu0Mf28QV3cyLDt8NZl31Gj5hHrD9OmHHHoWGQcfCA5fE9vnhwbC87jN1tjLEV
2Vq6VbDo4wVl/Rh+Kump/fYebo7NR89A2fmDx6g7jmsu7ysnHTGv4VSjfd2xsDw1WVHDjXfwrzxA
/9jnLHvEaqge5bMhWqQ3ptmXf/me+hniH2SWxkmP0o5pYOzyOOGyDdfqnrhj5GBf3Jh337N4LhsD
DWFbw3QVLPpoHfNeLMb2/zXazce0Yn/1spe9rGvn8AFz1D45zfva0damPcav0VbSVKsX2433X8e8
3BVdayOmXeNd0nCsGduANLJItObimAdMam4sDxou5m96NRz2ggfnjLcog2MU+hDGU859a6f+EH7u
nIS41tmYfl9emjIuqdVTrX7kt9i+oG+Oq+XZl84q/U9fmvv1fTOc58EICh4GbkyQYY74p8KrVOY5
YYhHLxoPJY/3YJZKIxt2qdhHCegRoDEOQpe8EQy1vMyT+6eicVu6MfoYJvrugCnpMAwKj9JgREP1
+174UUmL0RKca3RwfyfHwFAGvos5O9VLQx7HBWrkibjHdMcqAGMdlkc4x/R4RgFbvpv6ey4PUo/w
U82YIlaRL7iqgPD8lScvSLO0ECYay8SuVKrHO59LI5Np6ptGX/3ABxrta7hr0IK2WC7Tn+qLXx8e
Gi/47lHVGmJRUMeFG2Xe0Dr0vQw/9Nu69HjxMmy8hzmWCYVeDEs78ljtGn7GVVHPAh7Kzl95Fznp
roJFHy9MUazHsvU9x0U6lINdNChYLZfvyvhiXsOpRvu6Y+HxzZQ3niQRy81RVAwUWaTF+9geqf8Y
1mf7J9JlcYLvh+pRPqvJLeMP4W+YPp/6Kfv5MqwrXAkHn/sdxaIL7WppWPdz5KBx++SfNNR88RzC
jHhD2PZhOheLGp1j36k47RsLUQ8xrT7aCVPD9TWveU3XxqnDvkVYxEV2gm3Ma+pzjbaSprJe4hgI
eVTmya4q2lStvk27tgAOGX+/+92vixsXhEkj42NoKfN7/vOf38Xhe99CgrE8aLha+ylxkI7d5EHH
ODXeg/a+Mb+0Ouamfvzr2/1PXU2dk5iPdTam35/T/9TqqVY/8tscuWVZ9OX7vnbJuN5xE/Q5Hpza
/5jfVH+/KgDm0K2yZZnSGAUPPEx9lE6FV6nMcwcrPFM68vUeTPgtOpVapWIfJaBHgMY49BPkTTus
5WXa3EkcjdvSjdGn5pRHJR2GxfhXGoxQju2li0pajJbgXHOM/+gfXUQg5uxULw15tEeNPBH3mO5Y
BWCsw/II55gezyhgV3VzeVAlZ61diFXkC+bA9gPlyQuWQVoIF41lYlcq1cEdvi7blelF3zT66gc+
0Ghfw12DFrTFcsU8pjyLH+nV8NB4wXePqtYQi4I6Ltwo84XWoe9l+KHf1qXHi5dh4z3MsUzoh6Kj
HXmsdg0/46qoRz9J2fljIaPt0DRXwaKPF5T1Y/hJOob8uEiHcnCfMZsFLJfvyjTEvIZTjfZ1x8Lj
mylvPEkilpux4fnnn9/NNXgf2yP1X3P2T6TL4gTdUD3KZzW5Zfwh/A3T51M/y/iHU2SgmXDwuY6r
QFxoV0vDup8jB43bJ/+koeaL5xBmxBvCtg/TuVjU6Bz7TkNf31iIeoiuj3bC1HBVn0Yd9i3CIi6y
E2xXcTXaSprKeoljIORR6TgVEf6s1bdp1xbAIaPPOuusLm5cECaNjI+hpXRc30l+fO9bSDCWBw1X
az8lDtKxmzzoGKfGe9DeN+aXVsfc4OUf+sWao66mzklMxzob0+/P6X9q9VSrH/ltjtyyLPryfV+7
ZFzvuAn6HA9O7X/M76D4B85wjkITJQt/7CJHgcLum/ieiXxUjKiM5RheBjHxm426VOapnKIRsjMp
xmGA32eMjTuauAedeBjLGCDZ6BlUxfRUQJEX93lpECYMA1GYmLiRRhqV6SH0VSoRByzcOVcz8BBG
5Zhp4PeFjbTu9LMrdKGH+mKFHHmycIA7Nt09DlbUP99YCUZ48GG3D+/ovDFqqmDje4m7ynGOQvU7
+chfsR4st3xBeHYixB3aCEHvOuO7tBh3qm9eU3mQ3XrkT7soDQ3eqxTvQY1KdeJRB7HsGNN5z1+5
g8q2Bb8x8aeMtA92JxOeOqkp3MUYPtRoS/1E/CNecZEHiimM8fA8PHHzm998QR/lirTHNMY+i59l
xnjA6Q7QbOfKt2igiO2RndjwgvkRjxWZ8uJ2tTONnmD8rne9q8sPWcPuEDF1IQT0EA66kVFghxIm
tim+lfgRDmMg3yLdnlLAe+qDdqAMmosF8b1yoWyr0A9+ffwk1mN96sT6oAwMZMFOjHhHXZfp1doP
YaCdY++JF2lfdyxiP0DZkaW2H9pz7LdiP6hBjfKymCXKQRSw9o/s2o8LZ6hHvtXq0XZXk1vIajCO
+HOih3KklHPUSZQlfKd+zDeOF2IdR+UVZaMtX3DBBZv4gjRimYg/Rw7O6X/IK9I+dgyk8qqGbcTU
uiefuVhEPKc+a3xE4UjdEh8+5EQR+Ia+UFnHt0h7zKuvPcZ2T3ooZIwHvzC5wyhN3a96VLt3XEeZ
6lhPGaF8sF7i4jzGfcgk6GPnOe0MuvgjPHwg7fimzXeMvCgz4A92Y6nA5RuKWuM5xuA92NKnsLCK
RTLwPe/5ox1E3pjDg3Pa/m7yoFhMHW+JZVT8g1k5VjIcvvJiypzE+FP6ffnLOqQOTIe2UBuXINvK
vtZ05NNYBnnZdOf48foU2gvtgPEJ8x+VPCyMdW43t/+ZQxtxDrpDoYmShT/aOQoUdt/E9yhWolMZ
yzG8yKnoLr300k5ulMo8x8+0MRagRocCsc8YG3c0cQ86DmNZlFEYIqJTAUVejGGjIQq5qDyNNNI+
lHkchatSiXTBwp1zNQMPYVSOmQZ+X1jC75aL1xFRX8h4HAsHkPXuHgcr6h+H/gL6wYfF0jgU7Bg1
VbDxvcRd5ThHofqdfOSvWA9dovmffEH4iy66aNMObfryF77whYt6kRbjTvXNayoPoouAPtpFaWjg
tEC+cUKBLirV+UYdxLJjPOY9f+UOKtsW/IZsxNE+2J1MeOoE+V06MYYP7fOpn4h/jBMXeTBeQdbB
84w3Tj755AV9lCvSHtMY+yx+lpk5Fzu0oVkdDt+igSK2R/pMeEFHPDZRyIvb1c7oz8SYvhCHrGHO
K6Ya/qGHuiA8/TLYoYwGP9sU30r8CMfYk2+Rbnibd/xRH5xUoAyaiwXxvXKhbKvQD359/CTWY33q
xPqgDNxDz2IXMeJdbedmrf2QJ7Rz7D3xIu3rjkXsByg7stT2Q3uO/VbsBzWoUV4Ws8STKtBd2z+y
az+OS6hHvtXq0XZXk1vIajAWf05v4UQP5Ugp56iTKEv4Tv2QL/IpjhcIq2PcRpn841QFriyMfMFz
LBNx58jBOf0PeUXax46BmFtRphq2Ylq2/blYQONcp/GR3dbULQ4+ZLEwfENfqKzjW6Sd37q+9hjb
PemxKF0HvzB/wCgNVqse1e4d1/CqbcqxnjJC+WC9xMV5jPuQ5zj0VrQz+ZLw8EF0pk0YjLzMSeCP
9773vRvgaVx0rTrHGHwDW/oU5jTMm+F749CnWQbizuHBOW1/N3lQLKaOt8SScY544ZdjJcPhKy+m
zEmMP6Xfl7+gZ+y4BNlW9rWmI5/GMsjL0jfHj9en0F5oB4xPmP88+9nP7nBlYaxzu7n9zxza1jnO
gTKcq7yJjajvOe6eU0llWCZ0rHLTuMR7dhwiDGFu/lSiGQfjHPdhPOhBD1o0YhSv0WBAvFJ5ZvzS
RwGFICUOjYe0DIOAQXmLgt53+OwUMr8SC+KgOHVXnPHi7mDLho/gjIYjwrujNIbbi2d20kh/n0/n
Z33R4ZdY9cXT6FHuLq2Fryk+qTN3bhmHyRQKUH/jUx90sKvgN4cHNTxIC3RgaGCQFA3MfI/8W+PB
U045ZROuGMHKXXoqtMyvz49G17JcfXEiP6rM7Qsb31vHc7BHaUta4BbTLJ/57sIY83E3oGGRMy4g
8B0+pyUYZxUfZWWUG2V7Ji93z9FWNEpHWvqeMSDFXcOEi3VYk3NRpk3FosyL/DDWgI87ASOt8d7s
uRjGtsICAjCyT4CHIq8jL8v2gyKfdlWjPfYn645FPEFBjEt5ysIYBrBizWC9lIPIC/5MA//1r3/9
Io4Gn/hdI16sC7/bh5d9nd+jb11IX61/i+Hjc8lL7DSP7SqG5bkmX6bKwbn9zxgspFf8atjC77U+
obyeYA4W1sEcX2W9ZSj5kN8YU1dpjy4iMA/aNbLL3/oYrueUgTjRiE160I28Pvfccxf5YCCIclS+
8uhh6Rjyo0wu86zFYyyMQdJyjemLaQvxlJI5PDi37UPnbvFgicXYMb9Y4j/ucY9b1K/tL373ec6c
xLhT+n3iTOl/anXLOCzyKTICBVDkt8iH0jnVx4BQ41nfeX886c7pf6bSE8Ov8yR/VdpU3ojzkB93
z6mkMvxpp53WXRWmcYn37DiMikGVaMbBOEebibyE4jUaDChfqTwzfumjgEI5hFOhaBjG7Chvo7Ke
b+wUMr8SC+KgOHVXnGnF3cFdZv/7DwVUNBwR3h2lMdxePLOTRvr7fJTI1hf8X2LVF0+jR9m31sLX
FJ/UmTu3jINSGgWov/GpD5R+q7g5PKjhQVqggzkpisloYOZ75N8aD7KoLeKKEYyFndFhEDavIT8a
Xcty9cWL/Egdl/zaF886jnSOfXZMA2596fOe7y6MMW13AxoPOeMCAt/hc1rCdjiMKtShadfwcfcc
bUWjtOGHfPrXuGuYsLEOa3IuyrSpWJR5kR9jD5ybhiK98d7suVjGtsICAjCyT4CHIq9HA7N0oMin
XdVoj/3JumMRx0yWLbZ73rEwRkMmeGOYLOUg8sLTjkyHMbFOg4/f8DXixbrwu3142df5PfrWhXnV
+rcYPj6XvMS8LbarGJbnmnyZKgfn9j9jsJBe8athC7/X+oTyeoI5WFgHc3xkqvSLdfmbOfUq7dFF
BKZLv4js8rc+uvu5LhqxSQ+eQV5z8pTpc8Ihizj8LV95HaXvh/wok8s8a/EYC8dTecb0xbQF7Am6
OTw4t+2T527xYInF2DG/uOA/5SlPWdSn7S9+93nOnMS4U/p94kzpf2p1yzgs8ikygoUTkd8iH0rn
VL/Ua5T86/3xpDun/5lKz34If6AM5zUDRckE/GbwzQBVxYeK49LwYdwn5WNkNEgbR0UfaZXKW+Kd
ffbZW+6fNC4rKss4KJ+cPBAfo5CGc+Kxo5X7yaUp+hhwUbTH8BGL0lhBXIx2y3Y8Q5P5MDBjBZVl
2GufQX3NeEG5mLSU9DGQLA2H1AErg+OOadIEa49spfw1/HiP8Stibp4Y2C6++OIFdmKIf+c737lT
lKDcNPxcfw4PejqBNIEBA3iMJOXgG2MYgyXpQxkaOyjTwKeN8N2w0ccAEMOSJ8Zh2ojvGbQYx3L5
rc+PcYhLvUXDg/Hg40iDdWx+U/y4swEFsTsdzQsfJZ+768u0GeiXfEgcMGEFOXVRxlnlN3zPgppI
HzKL+oo7M8kDRY8nNhiesOzewmAFjb7HsIbhOL5joCCtUf4Ypzy2fQoW4BLzIk2PYa3xy3YsPmAH
NfnAL8p/Biq8i4sAKDPtpNZ+UIzVsGBSJVb4644FA7uovLZOkY0sXKjJQcrF5LisN+LW+seasdh6
rMktFx7V8JU+fRaaURdiXqsvw5Y+ZTCePmlh9GfhCXRjBDNNyktbMqx+lEHkQbg+OTi3/xmDBXnH
MVC5EA26GB/V+oS4OM9yzcHCuHN8dqmUPAUf0jbF3bqIdUl/NrY9Ihsf8IAHLORdTIcFkqz2nUO7
cRxzmi4yhv4zGlZZ3Uu7Uq7YbzG+4E5d4+qTJm0iLsaKfaTtl5N24GkMjcYlDos7pE/fSRV9KONF
dwUQjzrgBB124hsefw4Pzm375rsbPGg/M2fML53uYi136PtdX/6YMicxLv6Ufp/wY/ufWt3CpyhZ
5CX4FJ6Ii4Xi2CDSOeW5j+9Z8EdeyKsyvSn9Txl3yu/9MNmfS2PNQGFdR592wThBp+K4NBwahx0N
GqSNo6KPtEojAvGYczEWqznGqGUclE9RIYpRSMM5abCjtSZLyQsDLor2GD5ioVy2PPgY7ZbteI5z
Q3Yo0VbWxXESQM14QbkYE5SOdl8aDqmDN+VTzeKOadIEa49sBasafrzH+BUxN08MbIyXIt4+3+1u
d+vm8e4UM84cfw4PKtelBwwwcsYdPX7DGIYBQocylIVFfo8+baTc4WY8DAAxLHkybqSN+J7T4XSW
y299foxDXOotGh6MBx9HGqxj85viv+QlL1nQjILYnY7mhY/CGBlfc4y/Sz4kDpiwAxEF9HY6+J4F
NZE+ZBb1xRg0OvqRuLucOISl38RgBY2mw+kOGI7jO/owXZQ/xmFu5GIWwk3BAh6NeZEm6eFq/LId
iw9ciA2/KP8dZ8ZFANBAO/GoXstL+0GBX8OCq2eiW3csGLdGQ4hlRDai46zJQcrHyaNlvRG31j/W
jMXWY01uufCohq/06TMfoC50tfoybOlThtKRFroldLjQjRHMNCkvbal0UQaRB+H65ODc/mcMFuQd
x0DlQjToYnxU6xPi4jzLNwcL487xmReWPAUf0jbF3bqIdTmlPSIb4+bCmA5zX+YXqzjHnKaLjKH/
jHpr9Ae0K+WK/RYylFNijatPmrSJuBgr9pG2X07agacxNBqXOMytSqexmPEp40Xmg8ahDtAzsxM/
ujk8OLftm+9u8KD9zJwxv3R6KgDj+9gX+l1f/pgyJzEu/pR+n/Bj+59a3cKn6LHkC/gUnoCffBfH
BuQ3x/XxPQv+yAt5Vbop/U8Z9yD8PoxC5EpY6j75yU8uDbNfA2TGSPm4oJQFVsoCNWVBm/IRMymv
EErHHntsuupVr1otWh7gpuOOOy4ddthhKU8uFnGOPPLIdK1rXasax5fkkzuj7ifh+/IwvH4eaHa0
kj40EvdqV7uanzf5WemarnnNa6arX/3qiXiUKwvC7ve1r33tTWH7fuSOsotDPuvoqANovNKVrpSO
Ouqo7m+ITsLD8mB2zDHHDAVd+Rt1nAfG6RrXuEaHf+4YlvLF1ExX4cGpeRk+C++UlZj+7HDs40ED
wX955Wy68pWvnI4++uiuzfhtu33acu4MurYM5sto2478yRO+onzL2j755V196fDDD+/opO3vdPtC
PsGPRxxxxNK8kBvUMWWhjdC2dtLtNhZTypIXCyV46HrXu14Xjb4iL4pIN7jBDTo+npLWmLDrjAX0
28/BG7gx/Qh8R7nwaZfI6Z3m9464Xf6HDMiG5S7XvLq6yh+7KQd3ufibshuDxaYIM35MlbkzsujG
Wowv6EOQ7/DtTsvDsXTSFvmjH0FOL+vn8nUmKStrU1ZKpVvd6lZdNrRJytVXpqy8S/kKg5QV++mc
c85ZkMbYuC/OItAeP+wED64y3soGspSV+x0qWTmYTjrppF6E5s5JygSn9PvEXff+BxrBBjkK3zK3
Wcb3u9H/jOkHof1QctQTeoPrXve6Xd/P+N959XWuc53eOW9WFqXjjz9+Ma9G/iJvGDcsG1tT185N
CD9lXg2tzquJ28dXtBHCOa+mXM6rx84pKRP4kM86OuqANoaMZ77G35AjPO0RzNCZ7KSjjrMBdTGv
pk9exhdT6VmFB6fmZXjmXMy9dODYx4OGoY6uuOKKbq6GDEIXtVOO9uG8GsyX0bYddJAnfHWVq1xl
VB2jb4nz6p1uX/SvyCbm1cvyQm44r6Zud3r8tNtYTKnvvPO2G0szj8YhC7NRIp1wwgmj5pRT8iLs
OmMBffARfYLz6jH9CHKQcuHzh4xexoPktd8cMsCxMvqY2lhrN+XgXuI3BotV6Zsqc+fkRx5xXg3f
7rQ8HEsnbZG5IzJ9TB983nnnpbwwOOWFhSmfLNtlQ3scmle/4hWvSPnEnJQX+yfi6/bDvHoneHCV
8RZz8ryJrYOQfsU5tphGf+6cJKbB85R+n/Dr3v9AI9hgI4RvsVktG98dKv0P2JSuGc5LRNrvhkBD
oCHQEGgINAQaAgMIoARTMc9A+jnPeU7Kd2qnvOMy5V0VnWJ9IPqB+tSwWP/qzCv6Uz4hJeXd8ukW
t7jFKILz6UjpgQ98YMo7zlM+InJUnL0KtO48iHzgL+/eS09+8pP3CqaW7w4gUFPm7kA2LcmGQEOg
IdAQaAg0BBoCBxKBchyfT0dM+dSIlHdcpnwiwyE9rz6UsVhXZmc+d+GFF6a8Wz7lk+9GkZlP40n5
eoqUd5xvWpA+KvIuB1r39shcOp8okPJJKd38epfhadkdggg0w/khWOmtyA2BhkBDoCHQEGgIzEMg
Hy3ZGcBqsfeDkbFG99x3DYu5yO1OPHak5SPVUz7+tNtRfOqpp6Z8BHi3ujgfV9cZxktKWHVMveYj
6dI73vGOlI9lT2eeeWa3Y5SdLUxSXTRSxt2L3+vIg+x8zUe3djsp2Gmbj1XroOEEk3y0XMpXAezo
DsG9qIdDNc9mOD9Ua76VuyHQEGgINAQaAg2BVRF48YtfnPJxy9Vk9oORsUr4zJcNi5nA7VI05tX5
es1EPbGjOF8Tm/IR4N28Ol+D1p3UVpLCvJpT3/h7+9vf3p1ynK/H7ObVzCFYGLFO8+p15EFO5QEn
TihgXs1mABzz6nytaMpXAbR5dcl47fe2ItAM59sKZ0usIdAQaAg0BBoCDYGDjEC+NzVdcMEFm4rI
wB2jeb5PfdP7g/6jYbHeNZzvZ0sYyGvupje9acp3A3fH0sXvTEjvcIc7pA984APxdfcMn7O6fp2M
hevIg1zpgQKl5vpwr4Vt79YfgXVqC+uPVqOwIdAQaAg0BBoCDYGGwP8hwPz54Q9/+P+9yE/MNy6+
+OKU71Pf9P6g/2hYrHcNv//9708nnnhilUiOC3/3u99dnVezaD3f9b4lHnzOfHvMNQ1bIu/Qi3Xk
wfe85z29x7H34b5D8LRkD1EEmuH8EK34VuyGQEOgIdAQaAg0BOYhwN1KrDrGccem97LOS21/x2pY
rHf9YTzn/rR4Byr3lWLw4w7imuNObu4z46636LiH8cY3vnF8tRbP68aD3AF2+eWXd/dPlrijJLne
9a63Frg1IlZHoBnOV8ewpdAQaAg0BBoCDYGGwKGLAPcdc/UZjnEy9xfH8fOhhEzDYr1rG+N5Oa9m
3sfd6Mcdd1yVeOapnEZW3unOvPomN7lJNc5evlw3HgRf9Bn4US7w+6ijjkrXv/719xKulvchgEAz
nB8CldyK2BBoCDQEGgINgYZAQ6Ah0BBoCDQEGgLbh0AznG8fli2lhkBDoCHQEGgINAQaAg2BhkBD
oCHQEGgIrAsCzXC+LjXR6GgINAQaAg2BhkBDoCHQEGgINAQaAg2BfYFAM5zvi2pqRDYEGgINgYZA
Q6Ah0BBoCDQEGgINgYZAQ2ASAs1wPgmuFrgh0BBoCDQEGgINgYZAQ6Ah0BBoCDQEDnUEmuH8UOeA
Vv6GQEOgIdAQaAg0BBoCDYGGQEOgIdAQOIgINMP5QazVVqaGQEOgIdAQaAg0BBoCDYGGQEOgIdAQ
2DEEmuF8x6BtCTcEGgINgYZAQ6Ah0BBoCDQEGgINgYZAQ2DPEGiG8z2DvmXcEGgINAQaAg2BhkBD
oCHQEGgINAQaAvsRgWY434+11mhuCDQEGgINgYZAQ6Ah0BBoCDQEGgINgYbAMALNcD6MT/u6Swhs
bGyk3/zN30yf/vSn02mnnZZ2UhG1m3ntEny7ns0HP/jB9Ja3vCV92Zd9Wfrqr/7qXc+/ZdgQaAg0
BBoCwwhcccUV6Td+4zfSUUcdlU4//fR0xBFHDEfYJ19b/7NPKiqT2Xhw/9RVo3QeAjs5X5lHUYvV
EEiJue6rXvWqTgafccYZ6ZhjjtkxWHYzrx0rxB4nfPnll6c3vvGN6aSTTkp3vOMd95ialn1DoCHQ
EGgIlAgwp3n5y1+ejj766PTN3/zNB2Ze3fqfsqbX93fjwfWtm0bZwUagGc4Pdv3um9L97d/+bbr1
rW/d0fv6178+3eY2txlF+2c+85n027/92+mSSy5JH//4x7s4DGbOOeecdNvb3raaxty8qontw5d/
//d/nx72sIelY489Nh122GHp3//937tS/PRP/3S61rWuNapEj3vc4xLhMZq/+tWvPjADx1GFb4Ea
Ag2BtULgJ37iJ9Kll16ajjzyyI6uD3/4w+n7v//7E8riQ9lhNH/IQx6SvvALvzD94R/+YTfRPwh4
7Gb/8w//8A/pt37rt7pxxn/913918H3xF39xOv/889MNb3jDgwDnjpah8eCOwtsSXwMEmuF8DSqh
kbAFgcsuu6xb3MyHP/iDP0i3v/3tt4SpvWBe/brXva6b2/3zP/9zFwQeP++889Id7nCHWpQ0N69q
YvvwJWPOs846qxtrMa/+7Gc/25Xil3/5l0fPqxmzXnjhhZ3R/E1velObV+9DPmgkNwQOCgLPfe5z
E/pYFl7jPvShD6XHPOYx6d73vvdBKeKscrziFa9I973vfdMXfdEXpfe+9707utFrFoEzI+1m//PR
j360W9TPOMN59fWvf/10wQUXpBvd6EYzS3DoRGs8eOjUdSvpeiHQDOfrVR+HLDUf+9jH0s1udrOu
/L/zO7+TbnWrWy3FAkP53e52t/SBD3xgS9ib3vSm6fd///erE885eW3JYB+/eN/73rdFgTLVsPK8
5z0vPfWpT03f8A3fkH7xF3+xivM+hqiRPhGBN7zhDellL3tZ+sEf/MFmTJqIXQu+OgLf8R3f0e2s
iin90A/9ULeAKr7bb8/s4rrooosSk8wnPvGJ6WpXu9qkIrz1rW9N97znPQ+c4Xy3+p93vvOd3Rij
BvoTnvCE9MhHPrL26UC9azxYr87d4sF67uvxtvX7/1MPzXC+HvzYqNiMAIu+jj/++O7lH//xHy8W
p28OtfkXhvLb3e52iQXmpfvyL//y9O53v7s635uTV5n+fv6NAUUdhuWYalh59rOfnR7/+Md3Y7Zf
//Vfr+Js2s0/+AhwCuNLXvKS9KxnPasZkw5+da9dCe93v/t1ep1I2Ate8IJuAVV8t9+emdP86I/+
aGITEW1r6rya0zbvdKc7HTjD+W71P3/0R3/UjTFqfPP0pz89Mbc+6K7xYL2Gd4sH67mvx9vW769H
PfRR0Qznfci097uKwL/+67+m//f//l9i0s5A5oQTTliaPyuuvvu7vzt9wRd8QfrxH//xdPLJJ6d/
+qd/ShzjeuKJJ6av+IqvqKYxJ69qQvv05X//93+nf/zHf+yO8QMLdhBMNZwj2H/+538+3fnOd04P
fehDu53r+xSORvaKCDAA/IEf+IFugj920cuKWbboDYFNCCDH+Lvyla+cXvziF6cf/uEfTgfBcP5v
//Zv6a53vWv6xCc+MWvH+F//9V+nZzzjGd0RrfSrV7/61Tfhtl9/7Eb/g1xjd8WLXvSi9JVf+ZUL
HFG2sPju1FNPXRgl9iuOY+huPFhHaTd4sJ7zerxt/f7/1UMznP8fFu1pfRBgTPSIRzyimxczR77x
jW+8lDh2SD/wgQ/s5tUXX3xx1/fR33GMK4bhr/qqr6qmMSevakL79CXzanBCLn7qU59Kt7jFLSYb
VjhWn5Pc7n73u3dzKnauN3doIgAffdd3fVc3/hy76OXQRKqVeqcQQKYjy65ylaskTnV72tOelg6C
4Zw5DSeSom+es2P8Pe95T2fcvc51rtPpng/KvHo3+h/k2vd+7/d2/MTJspxqAI5/93d/120Q+Pqv
//rEiW4H3TUerNfwbvBgPef1eNv6/fWohyEqmuF8CJ32ba0R8LjWX/iFXzjkj+SdW1Ec086ufQzp
B+ko37l4tHjzELAtNsP5PPxarO1DgGO1UfweBMN5k8/bxxdTU/rP//zPzjj+kY98JLHD4EaH6PFx
jQencs6hE771+/9T181wfujw/EEvqce1vvKVrzzkj+SdW9f0mezaZxf+HMPM3HxbvIOFgG2xGc4P
Vr3ux9JwJSP3eR8Ew3mTz3vHgcyr2dSGofxP//RP05d8yZfsHTF7mHPjwT0Ef82zbv3+elfQgTGc
syrupS99abrSla7U3ZfBvZ4cv/If//Ef6Vd+5Vc6n9W7/HEP1VWvetVNNcOx3695zWu6u7JZNXzE
EUd090xd73rX61YAc+8UE6HSsbuZ9LljW8c9Yg960IPSSSed5KuVfcrBsYjQ+P73v7+jjxXNdEBv
fOMb013ucpfEcbU4JmtMetl9R3nPPvvs7v6xt7/97Ym7yw4//PDuDnHuFO9b0fyOd7yjKxdHleLA
45u+6ZvSAx7wgG53cvey+MfqvZe//OWJI8boHLlD+453vGOXF8YM8Pi2b/u2TXlSJsrDikYc8ShH
39E5n/vc5xJHjVOGH/uxH+vKyZHh7MqjbNe97nW7Fd+sWCNMdFPzMi53w2GcZwKMu+Utb5nucY97
pE9+8pMJfNhtu8pdp6997Wu7XfKsNGIX201ucpNOUc8R9HSuN8oKe96zKq/muFvu137t1xJGS+53
//znP9+tprzPfe6TvvRLv7QWZfGO9Mcazmkjv/qrv9rxFQnAk6za7LtL3kzG8gXhaUvsroz8cP/7
37/bMcnuSe6zt+3CK2eeeWa3qt+8xvrQzs4K0mDlH4Y2cPvd3/3dxW58dld8zdd8TXWXJnfyYEx5
85vf3C04IB0c7fCcc87ZshMR3uRIe2UQ8VlNDj+zwo5JCXKHYxUf9ahHdbs8LMu//Mu/dG2f9vvn
f/7nHc20R2imPYlHLBPp88eRSNwh9PCHP7wLyw4S2ifuhS98YbpTPm6qdFPaPrssaGfuzGQXHvfe
k7cOmVxzhEEuwFPs4sQhM6hvZI08YFzKD22UN/LeX/7lX3Z849UMHE3NKQjiQnwUD+SjPGPnDbLp
r/7qrzo8f+RHfqTrO8xrFX9OXpSHPgT8OCITTLnv6V73uld3HUKJxSr0ERfM4HXqj3vBOXWCeoJX
6DfAjmPaIoZT+EL6kBnccUwfBa/TT9PvIJuWyQ3TmOp7p/IYw/lc3JFFjDeQATj4iT4IGc2dcJQP
2RHdu971rq6OacMcvY6jL+HUFPry0lE3yKbTTjutk4nkxckg9BO6WtuiXf3SL/3SYsyDbDruuOM6
JXhff096U7BQnhEPOmlzyBr6f+QYfRj9IuXbLjel/wEj5Jw409bB8id/8ie7CTtyhnHG6aefvoU8
eJS7/Lij9GEPe1iiH+YaCsYW8DCn4dBv0j5LN4XfxXBsn8BYlH6e9slOEHCnXcGLnLBAf/Wc5zyn
a8P0Q/B/qZRgvIrM/ZM/+ZNu3AX98BR9Efxb8sdu8yD0MN6inMgoThNCFnIlDDxGvenEj9/ryIPS
iT+nT4jxlz2vwu+kPaXtEx685/b7xD9o7qAazpnjcLKU82rGVc6reQ/fKL8Y98bxAnXM2J+2zLwV
Wcy4Fdl0gxvcID3/+c/vTocp+0nisbuZ9Imn+9qv/dqur7z5zW/uq5V96GfMBY3M76CPOTW7qpGT
9L30ATjop89nLEaZkZnIXsad9C20B8ZR6AlKOSqhLE6mXPg48mMO8+AHP7h3HsMpavTnjF/pf5DX
nPTFOJt5A3gQP+ZJmSiP9cEYgHIMzavZRUcZnvnMZ3bjafoU5rnIWcYPyBj6PMJENzUv4/7e7/1e
+pmf+ZlOzvOO69kY93u6zmMf+9hu7mv4qT79P2Np6GYXG6fQ0V/+zd/8Tdd/0zfyHjxrDj0Dc0TG
c7Rv5ofUL/MT0hpyU5TitBH0C47xiUs+/A25sXxBGqRPPvIDfISOiv6UeqcO5Q2+MbdkvDPV0Z5+
9md/tptTffrTn+7GWOCGbgK9FHXBWPdOed5Z26XJ2JU64o9rhqAFRztkl2K5ExHeZE6rDCI+4YjH
mI1TCWm3jJ246ogdjjrGeZSb9osBhzi0R8aF6A/FKpaJdkQeb3vb27p5DQvHCIsxkfaJo60ylird
lLZv/+rOTOZqjGHJW1cb+/ONMMgF6hzjFA4eRw+IrJHPug/5H+Vnbk39R97jSgbSeNOb3tTh8i3f
8i2dHkFciE88wijP0Dchm9RTsEu5j07zH+vPyYu6ow9BFqg3RVf3rd/6rd14ssRiLC194cDs0ksv
7eqAe8G/7uu+ris/Oh7yAjvqIWI4hS/MV50afRR8i8xE74xsWiY3TGOq753KYwznc3FHFv3cz/1c
1/6hD36iD4J/0ZNSPjCNDr0E/E4bVo9EX/J93/d96ZRTTolBu2faFrIJnMCReFypgWzS1XiWdsVp
dpQNeQPuyCP0JLHvNQ39KVgoz4hLfrQ5ZA0yBTlGv0O/2HeaqnlO8af0P2AU9XWM5cCSXePMLakn
xhkssCgdY0nm0pSRNkDfjL4JnSdYokNhzl3TpU/hdzEc2ycwFqWfp32ia4U/aFfMP5Ff9FdPfvKT
O3lPPwT/l3p1xqvwIDoQ7QT0n8hv+Lfkj93mQeqC8RbjV2QUOj/Gccyp4bFoWxA/4qwjD0KXbk6f
YNwx/ir8TvpT2j7hV+n3id/cLiGQGWOUyx3zxjr/5c6FXm/xlwfqHb25YS3e8T0L9o0ssDeVJQ/y
NoWJ6ficFZKb4oBFnlgOxst3dWxkReqWeFNxzIrojTwZH8wrKxY38kSqyysbxAbDWqY8uN/Ik8hN
9OXOeSN3aoPx8wBqUxzKk40Vg3HIM9JIHMqV7yLfFK9WPxGvrFTdFN6yRD8rW7eUa05eH/7whzfy
AHtpfvJapHPsc97NtpEN40vzoHx5grIJd3gr3wUzGDffOb2RBx2b4kXayD8rXqrtIobjOd+1tSWv
rJzvTZs4U/giT/K2pE+5s0GxyyMvXtny3W8lrct+l3Ih8k98hh/zxHJLGc8999wttBgP/kOmRBpK
viXdPKHbwv+kkRVii7Zs/Zh26SMX4G3yysr5XprKeP7OA70FnVPbfh4ojsovHxG5yENMwKds+9KE
Dz7Z0LiIB6/nQfqm/JCv+Z6qTe9MIyu7FnGzwqQaxrDLZI40j/Hn5AUvDskA6CPMmPyXhaGO88Rm
EA9xsW+YyhfSkBfBDOaTJ1cbeSK1LeUyT/ysuOvyXSab5uJOumLU55d554nvYJysWNmEA3K7L+34
PivUNsWj/FkRsCVulCkRK5+nYlGOtyJN8Tm2Q/Oa60/pf/r6kkgbz7VxXZ4Yb8GvjIfscrxleaby
+9Q+Yey4TlqRKVmRtOCPGl8YFj9flbMIS5l2mweRBfmI2kHswVi8150HpXNOn2Dcsf4q/D617a/S
748tz34LN2oSvQ8D/cVf/MWm9sgYE5cV3JveZ8Vz1y5jEcfwJGP60l100UWb0o4yimfGfNkYV0ab
/Dsrazey0X4wr6xY3MjKwy7tWv9T0sbvrCjt5v2RoGyQ2siG9sG86CtLl40wg3HIL9JIfMqV7yLf
FK9WPzGvvIB0U/hauZjXMA6Pbk5eeZHBxrd/+7cvzU9ei/mNfc4K+I1sGF+aB+XMmww2JQtvMbeo
YeC7fO3NRlZybooXf5B/vjpuYxnuxGHsZ7r6jEGG3BS+yIaNLemTTzZMd1lkY9CW734boqH2rZQL
lqf0wSUr8LckkXdabaHFuPBfXtC4KU7Jt6SbF7Nv4X/SyIbnRVu2fky79JEL8DYuL6DopamM5++8
oGZB59S2nw3Vo/LLCwYWefiAzC3bvjThgw/6Tx28no1Bm/JDvuYFppvemQZjVl1eYFMNY9gxvG9a
y/w5ecGLQzIA+gizHY46zpsTBvEQF2XoVL6QzmxAHsznvve970ZeFGLwbfPzougu32WyaS7uY+Zd
Zd7L9IvoZqNDblsPQz5zpdJl4+iWuFGmlOH5PRWLcrzVRyNzn+1yU/qfvr6kpLM2rlMvU4aNv5Fd
jrcs31R+n9onjB3XSScyJRuXJW+jxheGxc9X5S3C8rDbPJgXA2x84zd+4xbejTSCsW7deVA65/QJ
xh3rr8LvU9v+Kv3+2PK0cNuDAKusRrl1V2SgIMyrVDcwBiMQojGTCWle2dR9qxlJ8m7DLg6K/LzK
qJscosTLO5oXwqZUhOfdo4tvTALzqsENjFx/9md/tpF3kC2+5dVzC0XfXAwpF2XKq9sWRjyMGRiw
FX7RKJ1X9m7kFVSLb4ZBEZpXu2/kFXKLb3nl1MLwBn15ld7iG5NHOiEG4+CJgdW0mNRanlIBTKfJ
dwyDeZfAIg40lkZcwjH4ySu8OmNZrX7MB59JDPjme9s28m6xRdp5FV73DqNQ3rHb1UWMx/OUvBjc
xsl9Xgm/AR+hZHz2s5+9yBc8Iq+VeY75jREx36G6KU2MhHk1/kZppGHwapryLTTAu/AgE0v8vONx
kV7Ju8bH1zC7DHfCwnPUKXWVV+B16Q+lPYcvStrhcXmGNhkH10zuomEglmvMM0Yn+Vkf5RZtJO+g
Xnxjwh6NuKSdd1N235noM4hl8AR/gCNp0XYiDfko/E4+UZ7SSHrGGWd0yhsHArRB+I/41g80MOCC
DvJi0izN5GtelEkZiLzIO/Q3nvKUpyzCYpiAXvkjGrWntn0UTtIw5Mc8YpmIQ7lQ3FAm6jfKrdLw
g2yG9/Iq/y350hbAFnlDmsonlATWSV5t2ck66gIMlGdjeF98h/w5ecU44AEWvMNoTd8hrttFo3xL
uvm0go28onaLkpA2AD6WdSpfEA++k3b4kAUueUVy178qO/ge+y3zW9V3gjYkm+binu+fXJSLOsm7
WjpeYzwgn1GuMu+8SruLh5xGhpI/i1ZsqyUOqxgtwY8+iTGPk8J8csFCjpb4zsGCNkQe0k+Z6S/h
G+SRMg45oywr8536e2r/A77nn3/+or7oY+HD2MfAm/BlpAXFa9511I0nLAd1y7iCcQdjDPqhWK45
/D61T6D8UT7CS1GWUwcYv6FFuuPCCg3nlAU5w8QOBa8Y8T7vyllgsZs8CJZxPPekJz2pG3vSJ8BP
cZGV4639wIOxbe10/zOH3yN98M+Y/mduvx/b2EF7HjWJ3oeBUBDCVxiD4Q/GVTrG93kXS/etZiRh
bEEcFPmM0zHSoND/qZ/6qYVMLhXheWfg4hsyOO/e2cDIhRyI4xDGeqs6ygV9eRf1woiHMQN5w3v+
olE67x7ZqC0aYVyed6xv5JPsFvHyzrCF4Q06H/3oRy++YZhiXI9SDjwxsJof81tdqQCmbfKd/inv
2F3EgcbSiEs4jKss+qVuavVjPvjIUvB9/OMf380lpQc5zDuMQvQt1EXppuQFD3znd37ngva826nr
w+iL8gkEi/fkH3mtzHPMb+bCeYfxpjQxEtKHxnkkeTGv0Mm3vId34cErrrii8/OOx0V6Je8aH1/D
7DLcCQvPUafUFQv5yHco7Tl8QRki7fC4PINi3TEzebNAPxoGoHGKc5xBWv7lnXddG4ljCuZp9D/R
occhDvNvFPh5l2LHH+DIe3Ry0eUd4J18ojylkfTe9753NxZ63vOe18WlDcJ/OOsHGpifQgd50UdL
czQSUyZlIPKCMSRjfMNimIBeMUZ3o5va9uNY0vRrfswjlomwlIu5CWVC5ka5VRp+kM3wXtQTmB9t
AWyRN6SpfKL/tk6Yz7DIgLpgjq48G8P7YjTkz8krxqEsYME7xpn0HZZvu2iUb0k3n/7R6ZDKRf20
AfDRTeUL4sF30g4fssAlnz7V9a/KDr7Hfsv8VvXHGM7n4h4XllMnzF3hNcYD8hnlKuViPjGiwwM5
jQwlf+Y0ttUSh1WMluBHn8SYR2MzG6uUoyW+c7CgDZGH9FNmxkHwDXM9ZRxyRllW5jv199T+B3wv
uOCCBR/Sx8KHsY+BN+HL6PIpZ93cmfGE5aBuGVc4xqAfiuWaw+9T+wTKH+UjvBRlOXWA8RtapDsu
rEB3SRjKgpxhns5mJjHiPYvsdbvJg2CJngD6+MN2wdiTPh9+iousHG/tBx6MbWun+585/B7pA/cx
/c/cfl++av7uIXBgDOcwKn8arVWu+d5vKAcZJPuegRQGBJi7VHYTRiURg1TjaMwiDgMm30dfA0Vp
/Ilhxj6rrK8ZnjG6UiaU1lGRi+DWGItymI4g5hcnCO5kjhMeBpcxPM8xTYwr5Bfxq+XDhFyFaGkc
KNMHs7J+yjDxt4Ot0jAXw/Q9L8uLQRj128cXTLT9XuO1vnz73lsW0uQkgxgOpZEGCvkJRYP5Y7yN
dU9cfqtoAlMGoTFNn+XlKbgTV16ptRnzt11N5Yt89NKibAyMpRVf5UqtLcRwY59tp2DJYD3GY+IM
LnxDrsRvPjMgon4YPIG5BrI+XqcNabAlXcpjWvgseom/4zPfyIs/3jtZK+tAGcgqQsIRHr5h4utO
ePnNuNYnNI1t+6RN+6bcKsOYZPueb7XymDfYSg9x/Iu01BYeGR9aKVcp28jXtFjoQjjyEje/URcs
JCANlGy+n+vPyUsjMnXDwLXMO7aFcjFGGXbZb7AGC/5YHBLD8w0c+BblaayLsXzBQhcXTOVj2avY
atAlv7KNR7rmPKsElLdraczB3XYEzRiiI5+RBzJZDGt5uwCIk0xYGMEEi4UwpFeTv8oWjIZ8J33e
ka9/tbLFd8qbIcP5HCzMQ1lT9kEu9tuutmV++vJlDWfD4CsrSj5kDAimYM8EMsaJz5ZvKMyq/G4d
QQt/Q30CYRnXQbt9ej7Cv4vH6SPypHT3jU3gQTBA7jEG8ESjMvxu8SCTX8vP2DTWAc8s3nQ8S99q
OflmWdeRB+f0CWXZp/yeyu9z2z74T+33p5Rjv4XdvSn73uTkXELlWqSCbygHqTMdCjsMCLTpUtlN
GJVEGDF1GrOIA1/WnGPe0vhTC7vsnW2lZnhG3lAmxrVRkYuBSGMsymHkaHRRjrmTmbmBso3xceli
mhhXyC/iV8sH5aYK0dI4UKYPZmX9lGHib3fxlYa5GKbveVleKM/FosYXGPD8XuO1vnz73lsW0uQk
g+hQHmugkJ8Yk5k/xttY98TltwYvMEUO1py8PAV30pFXatjwfRW+YFGcZWNBXXQvetGLum+1thDD
jX22nZIfhqboMPyDC9+QHTXHrkPqB8MvZdZA1sfrtCENtqRLeaJj0Uuf4xvGZXfp2ieWdaAMZLyF
gz74hrkb4yic/GZc6xOaxrZ90qF9U+7v+Z7v6XDSiM97/mrlMW+wlR7S0kVamMuVzvjQSrlK2Ua+
OvVP5AUO0VEXLCQgDRacrOrm5KURORr7Ix2xLWDgXsXRV4AZfyygio5v4MC3KE9jXYzlCwy0LpjK
x7JXsdWgS35lG490zXkeYzifg7vtCJoxREc+g05kshjariL9Gq45yYQxKYZQ5jakV5O/yBbaOkZD
vpM+72xbZf4xL5+VN0OG8zlYmL6ypuyDXOy3XW3L/PTlyxrOhsFXVpR8yBgQTME+LhKJcXm2fOju
+tyq/G4dQQt/Q30CYRnXQbt9uroZTh+RJ6S7b2wCD4IBco8xgCcaleF3iwejHYOxaelYvOl4lr7V
chLOsq4jD87pE8qyT/k9ld/ntn3wn9rvTylHC7s9CBzyhnOEHJ2EwpWdxay8ZJUqEy0G7BgvCOcf
QtDwGAfZbcYOUP8wSqjMqynETWesz2ou88t3tnQGs3ynSGfgYKDEZFOlvGlqECVen2HCCSBGd+L/
7P8ecUscVkWxwt0y4VMuDSIaBhkYuhuopvCEHhS8hDEfaSx9MJuCl/QuU56X+fB7WV4uVih35Me0
XFE6pFSP4YeeLYu4lmE1FFA35CdPRAV6GYfBo4YcDZplGPlkCu6kYRvow35VvrD9RGMA5YFOMCgV
/GW5xv7aGaFgAABAAElEQVQ2nz6jpIZwcIw7ExnAaiyGnvKvz1Al3oRnIDeGTtqv7a7Mh99lHVgm
MTLPWMfym3H9TXpj236kvcwzfiufDUtepewEE3YkWc/SF9OQVoxhDPTjt/IZPrQNMIlmtyhpIt9R
2nI8ziqnFsT8pubFJM/FJezEiGnFZ0+W6JMNMezQs0rdvnTk9Yi5WE/hi2hgdvFGSRdld0GVbY8J
C/3aU5/61ME/VvKiSCrT9Lc0x3L4DX8u7hrB4COOmYxp+uyCKnjYd/goap6Ud2+BY+0vts0Yr9Z2
4/dlz8bvk0dzsTBf23Lc2cw35X9fuYw/11/W/5iuvBAXg/CNcjMeoS6Uk8aJvuUbCjOX383HOoKW
ZX2CYSOuYhHruEY3CiKUd8rDGh/WylnLU9rH+MaP9JXxHINzpQByoPzObxdjxLLz3rKuIw9O7RNq
5Z7ybgq/r9r2I/Y1vplC934Puz3T8fVNRSUasqZ0fKspqOVF5Aw7i+mPmVexGJK2Sp8YHfNEZRJG
d3abMaf0D6OEdNTyi2mNeY4LCVmUg8GM6zCQkfAzfbxKedPTIAqdfYYJr2ZgfkB8DQ7EoR9inGWZ
8CmXBhENgyg03Q1UU3hCD3KSMOYjjaXfVz9lOH9L7zLlueGjvywvFyuUO/JjGh4TPaRUj+GHni2L
uJZhNRRQN+QnT0QFehkHWaUhR4NmGUY+mcqntoE+7FflC9tPNAZQHugEg1r7Lss25rf5lDvEjash
HBzjzkR2d2kshp7yr89QJd6E5zqXMY72a7sr8+F3WQeWSYzMM9ax/GZcf5Pe2LYfaS/zjN/KZ8OS
Vyk7wYS5tvUsfTENacUYxoKFIQcf2gaYD3EiBWki39m9+c53vnOlUwti3lPziotL0GX0OU+W6JMN
ffHK9xqn+tKR1yPmYj2FL6KB2cUbJS2U3QVVtj2MMfRrbMgZ+nva057WnfJUpulvaY7l8Bv+XNw1
gsFH6NhqzgVV8HB0LOwtTwAFU/9i24zxam03fl/2bPw+eTQXC/O1LaP3jU7531euGHbO87L+xzTl
hbgYhG+UW72octI40bd8Q2Hm8rv5WEfwwrI+wbARV7GIdVyjm4Ua6BKVh/Je9GvlrOUp7WN840f6
yniOwblSIBrFYzgXY8Sy892yriMPTu0TYnnnPE/h91XbfsS+xjdz6G9xtheBZjjPkwYUn+64icIu
PiMYVe7AzPHb0HOp5DONKT4KLlb9DOXDCt9oPFdZWTuK1LydxGpIUcgO5eM370w1H96zsti05/go
QKfgJb19BpIhGpblZdrLjP1DeUz5Zn6lgt80Is4odTTsDymjo9K2r25Mdwru0GQb6MPedOfyRVwo
wOIQ8vQo86Eyi9dYv0/pbnzpiPg4UbItnHrqqZ1BNt7PSpuK7dH0xGWoXRoWP14XQX6U/SEPecgG
RmPzL+vAMqnMNs9YBvnNuP42zSHfth/pLPOM38pnB9ZDefiNyVwZX1r72koZPu5uNt3ol7tRy/hT
fk/JS+MitGDA78uHiSphVpVFygwN1WV+8ro8wXexjnj1PcsXGpgjv5V50aexSI20UGDwPcqrvjx8
X+ML85DmWA6/mY+Lvabgrswb23bNMy5ggn5wOffcczfOPPPMRRvuw6rWdk13jG/8Ppm5Kg/2tXvz
7SvXGNqHwlgXfXVs3CFe6KPduPhjwszld/MRqzF8ZdiIq1jEPqekO7Y3eBAlFfLk7LPPXixS4r19
hrTh1/KM35c9G7+PB6MBd0imqzwrF7GVZZUe841Y+W07fHFfxoNT+oRV6ZrC76u2fWjtw37Vcuy3
+Ns7LV+/1FSiwfOl41updCMMik933Nhvlz5GFp2KyjJM7XctP9MZ66PgikdH1/JhsVs0nqusrB1F
ar7uTtGQotKtln75zjtTzYfvXP+2iuurn740pbfPQNIXj/fL8jJtjp+NuA6luco38ysV/KYZcYa3
1YkMKaOj0ravbkx3Kp/aBvqwN925fBEXCtDX4zzKfKjM4jXWV16USnfjS0fEJ55GQPm4rg6DbLyf
lTZV4xtxGWqX5o0fr4sgL8r+0Ic+dAOjMb/5K+vAMikDzTOWQX4zrr9Nc8i37Uc6yzzjt/J5aMFB
mS+LsUsnrX1tpQwfdzeX6fO73I1axp/ye0peGhehAQN+n3OstKosUmZoqC7zk9flCb6LdQ238p18
oYE58luZF30ai9RIg41OuCivyrTL3zW+MA9pjuXwm/m42GsK7sq8sW3XPBkjRmMluHDqlJsRKFsf
VrW2a7pjfOP3ycxVebCv3ZtvX7nG0D4Uxrroq2PjDvFCH+3GxR8TZi6/m49YjeErw0ZcxSL2OSXd
sb3Bb8yr0W9yIi9p2b7sM6QNv5Zn/L7s2fh9PBgNuEMynQWi0FkuYivLKj3mG7Hy23b44r6MB6f0
CavSNYXfV2370NqH/arlaPG3B4FDxnCOEYsdbjUlGqvWODqViQSKO3e8sTtRwRfjqSjlG8ecsxPm
DW94Q/WPFckoBldVBGHcZ2UQA37p485N6JLGqPRUaYggZxV1LX8NKRrO2WFOWqTJXaB9ZeK9aUbl
W8y/lt+ydyjhIs7LwjvwXaa4rKWzLC/TjsroWjrb9c78WCBRSzPiDP7uvkKJ3LdjFh7QQNRXN/LJ
FNyhj4EAvNKHfaS3L+9aOeM7j1GnDuhM3SlX7iyLcaY+q/ilY6zFta1HfDT8srKX44hiPE8C6OOb
KXjH+mMXS9zxTp5O/ss6sEziXstTfjPunLYfy22eQ4ZIw4sfCw2oyz45w3GeGB2Np1/S7vs+H9zY
TcJqZYzGyE/uVIqLpcShL42x76fkFY1ZQztNrRvl9FhaynDuhuYUjdquzho/mfeUPiEaiumzSjr8
LR+IPTtiPY7ZPq3PZ6eW6ZT+Mv6Yi7syL8qCMu/ab+khHotuYhj6dWR0X5q1thvjL3s2/pDR0gUM
c3jQdq+skR7z7SuX4eb61oW805eO2NfC9dEe0xoTZi6/m88UrGphxSL2OSXdhqE9IQdj+4+G67Ie
obGWp7SP8Y3fx4Ok4akaXgFUS7fWFxOuLKtxzXeveXBKnyDtc/0p/D5XDkbaxH5Mvx/jHbTn7ZmO
r28qfYocjFiMg2tKNI6jhMeQPSju3O32iEc8YjFnjfFUlCKjOOacsQNtvvbHcc8oBld1HNnKLldk
ovRx52af0lOlIfPq2nHI0KMhRcM59xtSJtJkflArj+9MMyrfwG8VR91FnJelNaQkXBZ3WV6mHZXR
y9Jc5bv5sUCi5iLO1IG7r1Ai993zDQ9oIOqrG/lkCu7Qt0xpHOnty7tWzvjOY9SpA8YBGp/6jNwx
7thn5UW8Oz7Gta1HfDT8cscsOo3oPAmgj2+m4B3rj8X4ccc7eSILaK+l4t4yiXstT/nNuHPafiy3
eQ4ZIg0vfiw0oC6VKaXPXb30v6UraS+/l7/BjePc2d3O6YvIT+bWcbGUOJRxp/6eklc0Zg3tNLVu
lNNTaTK8Czo5RaO2q7PGT+Y9pU+gzmyr9Fl9Tj4Qe3bEehwzfD3013e6CXkt44+5uCvzoizoK1t8
Lz3EY9FNdCzaQ0b3pVlruzH+smfjDxktXcAwhwdt98oa6THfvnIZbq5vXcg7femIfS1cH+0xrTFh
5vK7+UzBqhZWLGKfU9JtGNoUcjC2/2i4LusRGmt5SvsY3/h9PEganqrhFUC1dGt9MeHKshrXfPea
B6f0CdI+15/C73PlYKRN7Mf0+zFee94dBA6s4RxjTFTOcCwcCrSaEg3lDxNhJuMxDs/uwovxEDT8
Rli6G7aMx2/u92UiXPs25Z0T8VpeKAc1NkSlp0pDaDzvvPO2GO+jsldjrUf5UjbK2Ecjg2XS57t3
bpJP345IFIes3KeT7UuT99RDxHkoLN+GlITL4i7Ly2OLKVffbm2OYGKQilFuWX7LvlsW+JBOtgzv
3d4uhIh3H8fTEGI8+YYy9Bmw5JMpuJMHNJJuzSDB9+3gC9se+fh3n/vcp7qTO5Z7yrOK39oCBJR+
97vf/bq8PTI+LghAuVfmpQGgz0gwBW8xpuyXXXbZprygzaOuyzqwTMqDWp7ym3HntP1Ydo2gNRlF
OIyihvcOOQzn0YDjd32MirXvJe2Gr/nyENdS1L67OEMcamHGvpuTl3WFMbt2Hzx1p3wfMiqNoRE5
ZTtCkciCMePRX/otYjGHL6DZBTusADeP6IsVedbusY9hpz6P4Y85uEea3SVf0oZcZtCLwtBvto0a
Ft712id/lTd9fTJ1WGsj5m3b75NHhJuDhekbV1nje/PtK5fh5vrKxsirtbSGeKGP9pjOmDCr8vsU
rGphxSLWcUm3OCBnYrunrIyNXZRW1iPfd4MHpY/xDXfLxTrwWVld9tVlWQ1fw8pv2+GL+xAPKjN2
o/+hTOJYo6mGk+/m9j/KtjH9/nZgvq5p7M50fe9yUZGDESY6ZAkKtJoSjTi0Z9ph6dyFF+MxRuQ3
YwLkUJ/jft/tuDvXneG1vFAOamygnetUGkLjIx/5yC3Ge/hT44bGWk+oomyUsc9xPybp47xzk3z6
dkSiOOSYWtr8kKMeIs5DYfk2pCRcFndZXh5bTLn6dmuzmPb888/fcsfysrxr3y0LfIiSu3QsFoQW
vqOroS/kN3/xNIQYT74hTJ8BSz6Zgjt5qIivGST4vh18YduznPj3v//9qzu5yXOOU17UFiCgWD7r
rLM6jD0yPi4IYExcOg0AfUaCKXiLMeVmQ0100OZR12UdWCblQS1P+c24c9p+pEcjaE1GEQ6jqM57
VTGcRwOO3/UxKta+l7QbvubLQyzorzkXZ4hDLczYd3Pysq4wZtfug6fulO9DRqUxNKIPtS1xNDwL
xnT0l36LWMzhC2h2wQ4625oTK/Ks3WNfizP23Rj+mIN7pNld8iVNyGXG0CxS0Nk2aliwOAQM+uSv
8qavT6YOa23EvG37ffKIcHOwMH3jKmt8b7595TLcXF/ZGHm1ltYQL/TRHtMZE2ZVfp+CVS2sWMQ6
LukWB+RMbPeUlbGxY8GyHvm+GzwofYxvsPnUnLK67KvLshq3hpXftsMX9yEeVGbsRv9DmcSxRlMN
J9/N7X+UbWP6/e3AvKUxDYEDZzhXkYNRhkkNE1lWq971rnftOlIUue6WVgljHI7sZTLne3wnSaUC
WIUTAok7yjBkGY/Vb3TmdNxlPMNM8ZkYkxZ5sRM8xqUsNaWnSkPi8YfRBYUkO+u579o4fPOObhWk
vOM7gz7zwqhDI0Y5y3eP5eV7NNAiMBDQvEdJwEQZDIiDMSUqbUmTPPkjLEdQWz8MRv0mDfp8w1jg
XWjsIsVQa3jSMqz+1LwiftCEIcQ6hq+Y2FMm/so6Mc8pvnVMetQzhnuMpRi7uNPXvFicAB38adTl
G6tapY98MaYbpzQ2UwdiRVko3xjcjQM2LCYgfbCnLvwWjThz+SLiZqduWbZztzn52I5JHwMlExra
CANvJ9B8Y8cM4Zloe984bRzjLu/ZeR6PfWT3H3waywJG4E16Y/BmAEE4wrPzF2ypO9prPI6KOrDu
CSN9tD3yl5dJywUx8htxCQNtGjuntH3Lp1EDzEiL95SVUy1ID57WIMIgkjLxBz9TTtMhLquxpSUa
AGjDlM8j+0ve47vp6Me8UL5E/qR+PF4/5mPcqf6cvJxAgwXYgZn5spCLtitW28H73r9JmvADPMvE
wDzwIxZz+cKFPqRHHvFUDGSH/Q/HU9tfWO45vv0F9evilZI/Yt3PxV0+p1yUkbYFvcgBT3DhGzhb
DujgHWMQF1lRZmQK7/lTHhhHPy5AIh3kDzKAMQaL0YiL0Us6iCcW1B2yjLakPOIdfzH8XCzA093q
yhrppk2Tb1+5DDfFj7SP6X9IO/KCMpL30M54A/xK2vlOfYJRDMO4QhpiWoSfy++kN6VPgG9KXJU7
1LFjH8e0ls3TJqgPTquBZsK+9rWvXcjaPix2gwcplzIBGlGQQSN/8PNTnvKURVuJx7mvOw9aN2C7
0/0PWE3l97lt37pRHo7p941zEP1p0+79F1pFDkYZ5AEOQ+M97nGPrl2iyEWWRWccjuxFnkZ36aWX
LuLBDzoVTowXWcyHIUtHX+YYezsUxyrDyIud4NFRtprSU6Uh7Zk/jC7ILvoDxuXG4Rt9PU4FKe/4
zhhch1EHGeEYzGN5+a7ugXguvOE9xjLGgmDAN4wpUWlLmuTJH2E5gpqwlAnjvN9IKzq+YSzgFD3S
5ehhDLWGj0Y6403NK+IHTch56xi+inPdsk7Mc4pvHVMe6pn+kDEUfQrX/fCeP/pL6OBPoy7v2UUm
feSLMd04pbGZOhArykL5xuBuHLBB/0T6YE9d+C0acebyRcTNsaNlYYHXdjrbMeljoGS8Sht573vf
u8GOcvNFT4Hj5ArvG6eNY9zFMW/AGGl4dv/Bp9GBEXgTZgzejBkIR3j0LGBL3TGHf/CDH7zIi13U
1j1hpI+2h5OXSYuxFE5+Iy4O2jR2Tmn7XeT8T/0HmJEWjrKiWyE9eBr5g9PgQLngZ8qpI+7rXve6
BS3RAEAbpnwe2V/yHt9LF/PC2Bn5k/rxeP2YT5nG2N9z8oLf5BmwAzMd43rart+3g/fVSZAm/ADP
otswD/yIxVy+cKEP6ZFHPBUD2WH/w/HUsV+17FN9+wvq18UrJX/Eup+Lu3xOuSgjbQuHHIh6RHDW
QQfhGYMgz3GUOeo+qYtyXEK4uACJdJA/yADGGN6ZjtFLOogjFtQdsox2rTziHX8x/FwswNPd6soa
8sfRpsm3r1z/E2ra/0j7mP6H1CMvKCN5D+2MN6iXkna+U59gFMMwrpCGmBbh5/I76U3pE+CbElfl
DnXs2McxrWXztAnqg81pOMK+5S1vWcjaPix2gwcplzIBGjmWXQc/o+uDPv7ice7rzoPWDXTvdP8D
XlP5fW7bt26Uh2P6feM0f/cQOHCGc4/AURj0+dE4oJLRsNytxHFy7ujkfbnbj4aroo/vDGAxKqP0
Mx18dqpGowGCbOqfRi7TvfnNb97d/fSgBz1okRe0xHwYHBLOOH0+xudIjzvgDE8aKGT9rY/R0HgM
IuxQ/F7LmyNrjAN9GseM0+cjtIwXFZF94TEk0GkaZ25eHrsd8ynrF8MbAzPzmuuXdRzz9Jk6jjuP
azx4yimnbOJBDFMaS6UtGotNu+bH4zfH0Eca8Z7WOXwhjfoYD6Wt70QDw87xx2CBfIgLPhywS9eQ
r5yxIxwKGw0ClAX8NEwNxfMbxpGy3SHDSlnAooA4GaF9o0ya0/bF3AGktJTthN/xRA8V/IZH5rq4
yXf4HsntUX3xW/lcM8KW8gI5TZ3HazhIp+9EBss3xp+bF0qWWBbaMH/xHXiNoWFZGHjqCU94wqa0
Yz48y7OmNYcvmODFhT2kWysXi7jMZ65f4l6Wx9/yufnMwR0DQNnGyrqC16HJfKJxSlr6/JJG0kDh
0hee9yxiA2/CjsWCePEklalYuJM20oV8hoYoW/we+3BxmeJP7X+QeZ7UIA2OkWq0x8VlY/LimpxI
/xx+n9on1OqWPiPKRmQgSqTYr9GeUa6WMllcSp9whI/l2w0ejKdeQBPtrGxbjLHl9Vo9rhMPgl9Z
ZzvV/6zC71PbfuSLqf1+jHuQnndvyr43OWF0KeVE7Xc0DpRzwtNOO627IicuSC13+9G2VfSRPu0F
ozJKv5gfO1Wj0WAOKhq5TPfkk0/eeNzjHrdJdkJLzAelL+GM0+djfI7OHXCGJw0Usv7Wx2ioQ4kc
F2gTppY3i5900KehzjT7/Li7Lyoi+8JjSEDZq5ubV+yvzKusXwxvKL9XdWUdm1/0qWPmP7oaDzKW
iDRimNJYarxoLI7pl8/x+M0x9BE/3tM6hy+kUZ/+Qrr6TjQw7Bx/DBbIh7jgw6uipGvIV8486X8X
jw6FjQYBygJ+GqaG4vmNPq5sd8iwUhawKCAuaqB9Y5Cb0/bF3PtnpSXyIO/4TV3qVPAbHpnr4ibf
4XskN7qr+L72XDPClvICOU2dx2s4SItFoau6uXm5scYy0YbLOQF4bYeDp1wgbX6lL8+a3xy+wKAV
F/aQR61cXBG6qitxL8vjb/nc/ObgjkG1bGNlXcHr0KSLxilp6fNLGklj2TyPRWzgjRuLBfljfNZN
xeLyyy/f0h7RP+KibLGcsQ83zyn+1P4HmedJDdLgGKlGe1xcNiYvrsmJbg6/T+0TanVLn8FCQ8uI
DMTQHPs12jNzmFImG6f0CUf46HaDB+OpF9BEOyvbFmNseb1Wj+vEg+BX1tlO9T+r8PvUth/5Ymq/
H+O2551H4MAZzhFMF1100ULgIShQBGKAOfvssxfvGaSruHHXRKkQV/AhiKNR2ngcQc5duYaLPopY
jnJmQmb4ub7HhiMcaspPylXetcxgmvKgSGUQxSq6GBcFI4bhGk3sDH3AAx5QLdfDH/7wbiVZLR4Y
xzzEA3wRBDFOTdFn+NJncGDcmrK0DB+Vq8SbmxdxEdBRCW1eKHQxEGxH/ZKPHSiKcHaEuQOB/MD0
uc99bvUo53I3lvThw7d8Fzt9T0OIYWvPnkRAPHmwFi6+wzjBgMO88KfwRYzHM0Z/04/0lOHm/rZu
UT7BZxihzA9DLgtxyrQxPnKXl+H04XMG89EArJxZNqkijYsvvnhLXhgw4u5ywiEH2OHIhD62NxY6
lAMiZAM7sb3Pm7gYiaPyKi5ImNv2wYiFMZEeaKWdMMAsDTGERxlbWzxDGqwshkaxhw9MuxaHvOA9
ZLJx8KO8KI0wxMFg7w7MGG/O8yp5sQPLkwKgy7/tpC+WCWw5pQLDNSemYBB20VlpOCfeXL6gTVlv
lgm/1mdF+qY8R9xjHuUzi99KeT0HdxSmrkqPedC2WOAAliX9tI0YlmeUb0xqojyObdE0+uQNi2qo
s7hIbCwW0BqN++Q1BQv4p6xXj6Kv9RUugLFMU/1amiWe/Lb/oY6UeYbjRCFkoavqfY+PEVuaxuSF
PDd89Kfw+9Q+oVa3rMiPi8soP2W0LVM2Fy0wDixlJ3XILrq4S6MmR3eLB+GrciErZYBOTl2BDvFe
dx6EzlhnO9n/rMLv0Dml7Yu//tR+33gHyd/5qfre58CVKlFmogjEAEO/6nvGFDoXBpUKccPSh0aj
tPE4grw2viYeilgW8mGQWtWx+5g06Qtryk/Kxbw/Oo1lKFKRu4zDY1xkF3Kp5hgDx8Xu4oCPwR5Z
UXNgHPMwHvgy3o2upugzfOkz7tPVlKVl+KhcJd7cvIiLcToqoc2L+QsGgu2oX/JRWY8inHkP4yvz
AtMXvvCF1aOcy91YxsGHb/leOk9DiGFrz55EQHx5sBYuvsM4UV5PMIUvSlrpL0w/0lOGm/vbumXn
HXyGEcr8MOQy9ysdxkfuyTacPnzOTtBoAFbOlIu+jBN9xp6lo++Ju8sJjxxgPIWuKrY3FjqUxiJk
Azuxvc+buBiJoyE6LkiY2/ahG91EpAdaaSfojChH6VgQW1s8QxrsKkc/o4MPTLsWh7zgPWRydFFe
lDoH4mCwdwdmjDfneZW8uDrLkwKgy7/tpC+WifrnlArG2iwExSDsorPScE68uXxBm7LeLBN+rc+K
9E15jrjHPMpnFr+V8noO7uzUjSd3mQ9tizkMWJaOtmE4fXZpoi+K8ph+uaSxT96wqIY6i4vExmIB
reiMo5uCBfxT1iv6AVytr3ABTMxvynMtTXGMvv0PdaTM8zsnCiEL0Xv4Tp9rGXVj8mJTUs1N4fep
fUKtbpnTYDewHJSfMtqWec9cH8c4sJSd1CH62HhCTU2O7hYPwlflQlbKAJ3oCqBDt+48CJ2xznay
/1mF36FzStsnfHRT+/0Ytz3vLAKHkXxuQEvdJz/5yaVh1ilAnpCnvGI5XfnKV05HH310Ouyww3rJ
yx1k+tSnPpWyEEm5c015UpRyg0l5NWw69thj01WvetXeuHwgL+Jf61rX6uIdeeSR6WpXu9pgnKkf
8wA3HXfccV058iB2QR95kW/pKEPevZbyBDVlBXkiHI4ygcURRxxRRtnymzLlyXFXFtiENK50pStt
CRdfgB95XuMa1+hwOeaYY5biF+Ov67OYw0+4a1/72ttKalYWpHwsbMpGq3TOOecs0qa+lmFO4Nyp
p6xUXsQD9+3mwUXiMx7m8gV4ZEVFygqPlBcVDLbjGWSlfARiypPllK8hSLe61a26JKAVfl+GOzzB
3+GHH552Gu9s8OvqGP4jr2W0zcEixpnT9o1PXPCD1ppsMpx+3s3fYZgHb52sUFb5fVUf7K55zWum
q1/96p1MQjbm1ZXd7+1ux6vmRT9Lv4WMRoZS17vlshIx5YVgW2RQzH8OX9CeqGN86vioo45a9Ecx
7b18noO7Mhce5/k617nOoHxinAF/4Igzlc+Jz1iDtgUv75R8n4PFXtbduuW97vzOWBIegn+mypfd
4sFsJEhZUdb1C/R12XA+2LbWjQciPav2CTGtnX5epe1P7fd3uiy7mf52jyN2k/YpedH/0DYZ21Hm
ZfNq+Om6171u1/czrnFeTV85Zl5NfPpK4jFu2O4+LytH0/HHH9+Vg7E8813mXORVG7sydrzDHe6Q
8uKklO9dXfThU+bVlCnOq8lr2XiePiUvkFvMq8foJabU616FFXPn1VP7o2V053t+UzakpGy0Sued
d94i+JR5tWM2IoP7dvPggqgZD3P5Ii9MSXlhfcoGpZQXFQy24xlkdVhnY1ene8oLFrskoHXsvJq+
BB3VTuPNvISxO/xHXsva4RwsYpw5bd/4xAW/q1zlKlXZZDh99HDoJpxXI2e204EdMtJ5NfLdefV2
t+NV88oLDLp+i/4KXQB1vVsuG4NT3lSxRQbF/OfwBe2JOsbnDz33dtdxpHHO8xzcaY/IXHiL52Vj
f+Yk8AeOOFMxID79Om0LnctOyfc5WMzB/KDGWXd+ZyzpvHqqfNktHmTsjqyhb6Wvw+Y1NIZfZ15a
tU/YzbKt0van9vu7Wa5DNa8Dazg/VCvUcjOAzbsVu4FV3i3YDQj81vz1QyAfs50e+MAHdsbhfBTT
+hG4BxShnMor+VJexZnyyvV0oxvdaNupyDs9Ur6bOOU7a9ItbnGLbU+/JdgQWEcEmIREJVZeIZ/y
8Zgdqfnkg5RPTFlHshtNDYGGQEOgIdAQWCsEDhXD+VqBvgfEMK/GEMjcJO96afPqPaiDKVnmHV8p
n+zTGYfjgvQpaRy0sCycyycRdvPqfMpByjvhtr2I+fShdOGFFybSzyetbHv6LcGGwDoiUM6r8+7/
dOqpp3ak5pMPUj4xZR3JbjQ1BBoCDYGGQEOgITACgWY4HwHSfguSj/9JrPbNR1t2pOejy7tV9ayq
y0ewp3yE6X4r0oGlF+PVS17ykpSPHkv5WI9udeWZZ57Z7bBgBWk+pmfpzoyDBM6rXvWqlO8E7lYF
52PPU74HqitePq682x1+wgknbEtxWXmXj79P+bj9brUqk5t8tUG38jQfy9YtYtiWjFoiDYE1Q4Dd
HPnYw5SPFtxCGQq1fAVAt3p9y8f2oiHQEGgINAQaAg2BTQg0w/kmOA7kj8suuyzlo0RTvruwK18+
urwzQDKvzkewp3yE6YEs934sFPNqThLjL1+H0+2sYg7JyQW0VXZbLzvxYD+Wu4/mfBxryldSdfNq
TiDM1/R1QfNx5SkfaZxufOMb90Wd9J55db5mq9M9sRuWzRv5qoZuXp2vQetO1ZuUYAvcENgnCLAz
MF+3lvLRzVsozld7pHwFwLafVLklo/aiIdAQaAg0BBoCDYEdQ6AZzncM2r1LON8HkvJdN1UCnvCE
J6RHPvKR1W/t5e4jwESeo//y/TBbMmenNSu2DxWlHMoOFnbku6G2YMGLSy65JN32tretfpv6Mt+Z
ljCQ11y+B7YzHo65zqAWv71rCKwzAhyDhpLX482klQVWz3jGM7pFVr5rfkOgIdAQaAg0BBoC/Qgc
KmP0fgQO/hd2DGJ8rbmnP/3pibl1c+uBAPNqFkKziaB0zKuZb2/3cdJlPuvym3n1Pe95z5TvmK2S
hBEdHcR2OK4vOPHEE6tJcXocxsM2r67C017ucwSYT3NqIQtGomOBFZs0WJTeXEOgIdAQaAg0BBoC
+xeBZjjfv3XXSzn3d7E6nvuNouMYIVY+MnFsbn0Q4Ng/7x2JVHHv1natBI/prvMzRj0mIOXkmnu6
OKp9O+8fwnju3YRiQj4oQbmXsbmGwEFFgLslaWve9cido1Pv3D6o2LRyNQQaAg2BhkBDYCwCzXA+
Fqn9G46x0vve974t82recxJWm1evV91yJPnHP/7xLfdWM6++yU1usl7E7jA1zKk/9rGPbcECnRBY
bOe8GuN5Oa8mH+59Pe6443a4pC35hsDeIcC8GsO582ru55565/beUd9ybgg0BBoCDYGGQENgCIFm
OB9Cp31rCDQEGgINgYZAQ6Ah0BBoCDQEGgINgYZAgUAznBeAtJ8NgYZAQ6Ah0BBoCDQEGgINgYZA
Q6Ah0BA4AAiMNpxfunHpAShuK0JDoCHQEGgINAQaAg2B9UXgE++6064Qd8yt3rwr+bRMGgINgYbA
QUXgLofdZV7RPv+8efFarIZAQ6Ah0BBoCDQEGgINgVEI/NjhPzAqXAvUEGgINATWHYHzP//j607i
avQd/vDV4u9Q7GY43yFgW7INgYZAQ6Ah0BBoCDQEpiLQDOdTEWvhGwINgYbA3iDQDOd7g3vLtSHQ
EGgINAQaAg2BhsAyBJrhfBlC7XtDoCGwXxBohvO9qalmON8b3FuuDYGGQEOgIdAQaAg0BLYg0Azn
WyBpLxoCDYGGwFoi0Azna1ktjaiGQEOgIdAQaAg0BBoCqRnOGxM0BBoCBwWBZjjfm5pshvO9wb3l
2hBoCDQEGgINgYZAQ2ALAs1wvgWS9qIh0BBoCKwlAs1wvpbV0ohqCDQEGgINgYZAQ6Ah0AznjQca
Ag2BA4NAM5zvTVU2w/ne4N5ybQhsOwIfvfyj6U/e+CfpBifdMJ18x1tue/otwYbATiCwsbGRfv9V
b02fveIz6fZn3D4decyRO5FNS7MhsG8QaIbz9amqP3/rX6QPveeDuU89Od3gpjdYH8IaJQ2BhsBa
INAM52tRDY2IhsC2I3D5Bz6e3vjG96WTTvqidMevvcm2p98SbAjsBALMq1/1G3+errjiP9IZZ9w8
HXPta+xENi3NhsC+QaDtON83VdUIbQg0BJYg0AznSwDaoc/NcL5DwLZkU0Lh/DOP+5n0hde7TvrY
hz6W7vfo+6c73vtrGzQ7hMALvv8F6ddf8OvpllnB/6OX/kg64ogjdiin9Uz2T9/8Z+mnH/vCdPyN
j+8I/OwVn00n3fakdNYPnpUOO+yw9SS6UZX+/rK/T2efeHaHxIVve0H68tvfrKHSEFgZgVf/5KvT
2179tnTNo67Z9T+PedFj0g1vdsOV060lsN15NcN5DeXdf/e5f/9ceuitH5o++FcfTOf+8LnpWx/5
rbtPRMtxEgLve+f70rt/993pM3khFv3+DW92Qvq6M0+tpvHh9304vfv33p0+/pGPd2FPvPVN01fd
7SsHx07/+bn/TO+69E/T+3M+n//859PRX3R0uvXdb70Yd1Qzyi+h59KXXpo+8Q+f6ILc7vTbp5ve
+sS+4IfM+4MwT2iG80OGXfe8oG992+XpsY97TbreFx+VPvR3n0yPefRd0r3vdfKe03VQCfj+H3hl
uvAFv5fueMcvSW/6nfNy33D4QS1qtVxvfstl6TGPfXW68Y2O7b5f8en/SLe77QnpB5949zavriK2
Hi8v+5t/Sl924jM7Yv7gbQ9Pt7/dCetBWKNiXyPwkz/11vQbr/6LdNSRV+v6nxe/6AHpZiddd0fK
tN15zTGc//d//Vd65feclz77qU+lf/nIR9LpT39ausmd7rQj5W2J7hwC//LRj6Zf/vaz0jWPPTZ9
7jOfScff8pbp9Gc+o/VhOwf5vk953dt+M5zvDYs1w/mKuL/9N/8w/c4vvTF95zO/Mx13o+NWTO1g
RX9jxuVZZz1rUajvu/D70r3Ou9fi90F++NB7P5Re9IQXpXt9773Tre78FbtS1Jc++6Xp4gsuTl99
z69OT3nlUwaVv//2r/+WXvyEF6cTvvz/s3cV8FEcXfyV4lpcilPcrVC0uLu7U9yd4sXdKcHdtbhL
cAka3DW4e79v/nN9m9nN3uXuSAKEnd8v2d3xefNmdm/+TxJRmWZlgsXHg5HfQHRnaBEkkxOEjUDS
/PgOL3r3+p3dVj9++Egps6agWAlj6fKg7NKRS+nh7YfUeHBjCh02tC49MB4AJFSJV0VWPenQZAtM
CAwif4d1Dqg+gHYu2amNPDB5K6DbYuAc63Ht3FH05MFtqtFqEIUOE1YbT0DcRMvsS5+AqC+41fHp
4yfqXLQLndjpRcHl++XBrQd07vB5ChkqpJwugMvZi2fz871wbPtxevvqrZ9vA+QPEz4MxYwfg37+
5WddOvj1yOajhPeLfwG0zZg/A0WKGkmX1eemj/im3kZn9p+R75/ocaJTpoKZ6cXj5xLgrtS+EoUN
73cdPH3wlIbVH0YHNxzU1QdBwlE7RlKIEL6Ax9vXb2lSu0m0bto6XV48xE0alyYemEhRYkTxk4a+
dSjQge5euesnrc2ENlSuRTk/8YhA31AOAhhq6DC1A5VqXEqN0t2DRke2HKV/P/0r4/GcLENS2Udd
xm/4wfjd9i2uMws4D1gGXLf+LM2bd4QGDy5NiRNFC9jKv/Ha5i84SrXrzNNGMWF8JWrZ4vsQSD93
/j716LGOWrfOSwV+T67RIDBvhgzdRt17/ENlyqSllcsbOgTOn794Sz17rqM0aeJQsz9y6d6NgdnH
wKzbyG9oyxlaBGafvkTd+LbZsfMivX79wW7zHz58oqxZE1DCBFF1eVB25KiddPv2M7GnlaKwYULp
0gPj4d795xQ3Xh9Z9eFDHSib6JcVLAp8LgWqVZ9NS5Z6adUEJm8FdFsMnGM97ho5kp7dFkD44EEU
Kqzf3xM8wPevXtGIDBnp0ZUrMqrihPGUu2VLTg6069l16+jYvPmyf9ESJw60dr6Xiu+fO0fDUqfR
hpumTBlqsHIFhfjOFMw0AgTSzdvnz2l9zz8pTprU9FuzZl/dN1BwWvsWcB5ITOxPtRZw7g+BHCVj
AY5qMorWz1hPgXko76gPX3MaNHOg9Tun3xypCf0tHoi5S99tC7bToNoDg/SwHeau13usExpTWali
24oOX1gA9hukaRCsgOX3797T0/tPKZT4UQpg4M+yPen3qr9TzwU9dYfm7s7pt1Luzas3VDtZbXrq
89RhlxsOaEi1etbS5UHZljla0rOHz2iW9yw/oIYucwA9QIhjcvvJ9PThU2o5pqW/mnsB1KxVTTCn
AHj55ZOX1KN0D7py8kqgvqMDui0Gzt++eUXd6+akF08f0pjlZyliZP2B3OdOoQWcO6YgvvEgSOQl
BJEqiHdqdqFZ/K2HkY1Hym9WdRwrH67UucgAP5eOVFrNYnqfWlgHGbxusPaegLsYvHucDUYLIwCy
RzUd5bC42bc22m31WyvtnQcQO03ONBLgBwBuBMG3Cc3vQbUGynYqCOHGgjUL0Z3LtzVBT3w39Jjf
QydMAO3yToU7SyEKaJn3WtybYsWPSeunraeFQxfKuoZvHUFZBMivBpSD8IWXEERAub7L+9EJwU8z
e8+U2Yw0UMuq1lg4PrhZPggOvxMs4Jy58/Ov2HObNF1C02ccoMA8lP/8nn6ZGt4LoSSYX+7Xb5PU
hP6egPMFC49RrdpzKSjHDHPXUz32U9EiKaltm3wOf1cD2E+dZkiwApbfvf9I9++/oDBhQtLhwzeo
TNlpVLVKJlq4oM539bv61ev3lDTZAPLxeelw4f81oCT17FFElwdlf80xih4+fEXnvLtT1J8C32w6
hDjat19FDx6+pLFjKmgWA3Qdsx4sCrhIAfDykyevqVTpqXTy5N1AfUcHdFsMnAMMH/NrDnr18CF1
OedNEaI6/l395tkz2jZ4CO0YOpSCAjiXvzubNKWD06dTu8OHKEG2b/93p4tsFijZXz1+TJd37qTZ
lSpTpqpVqdbCBd/VOyxQiGqolAUUvlbBhOC09i3g3MB8QfRoAeefSWg2j212mPeZVQeb4vvW7Kde
5f8MUhD5SxNv17Ld1L9qv692zLcu3qJ6KesFW2D53rV7VCtpLSkY0H9l/+/q4whaaTBR/fzRcwoZ
OiQ9vPWQZvSaQcmzJBcWEMrTJyEVTz8QZSuSjWIn0pvYgmniljlbSnOyQQWcf+m1arUfvCkQlO/o
gGqLgfP3795Sj3q/0dNH9yzgPHizaZCNblzLcbR68mrhOqcaFa9fnD59+kSJ0yb2AwicPeAtNLyF
wEaLMfT+zXtqO6ktRfwpkjRPfnrPKVo8YrHsc8HqBanb3G4SZOZ3zw3vG/KdgwxtJ7alH0MJtzH/
sw0Rgm1eQoN/06xNOmGWZaOX0eSOk2UmWCaq3L4yRfgpAl09fY2GNxymaXkbv7Wh3d4mTxs6L4Tl
Ygoge/y+8fJqa838P2s5NxvRjKp0sFk7QU7P1fuod4VeEuCefmo6/RTzJ62CO5fvUJ3kdSh8pPA0
/fR0ipXA11rL7L6zaU7/OVSnVx2q36++VgY3V09dpcYZG8u4GadtVn5wMDa+1Xg5D6Bf93nd7X6j
XDtzTaZtmbuFFgxZ8NV+U+oG7cbDt/w7wQLO3ZhwB0XYPLYFnNsn0pq1p6lc+elBCiLb703QpCxb
foKqVJ311Y754qUHlCLloGALLF+7/piSJB0gBQNWrWho950VNNwQtK18FL+r16w9Q48evaLQoX+k
W7ee0Z+91lOWLPGpdau8BG1zYYyHiggBi0QJ9VYy3r77QDlyjqZ7914EGXAetNSxWvveKBCU7+iA
aouB8w9v39LYHEIg/d49p4BzzO3pNWtoZrnyQQKco72VbdrS3vHjLeAcxAjA8PjaNRqYJClJYHfV
yu/qHRaAZLRb1YOLF2lIipRfrWBCcFr7FnBulw0DNSFYAefQOtm7ci+FCh2KoMUQPV4MKli9AD26
+4g2z95Mnms86aOQnk2ZNSXV7VNXpNt8NjGFzx70pi0in/chbxkVQviyylcpHxWrX4yixtJLpOGw
EaYf+fBr9K4xlCFvesLBIYcfQ/r6mEb8xlkb5QHkm5dvqGjdohRD+P5G2CP6fPfKHWGGNbTsNw7S
1L6d2nuavA+clWYrAWylyZWW0ok/aNFtnrNZHkLKvlbMRxXbVZTj37F4pzC3/EDWn6VgFnot2lw+
Zhndv35fHgaWaVaWcpfLJdPN/rlCCy4P85dHtxyj2wKURYB2Tfbi2en8kQvUU2j9BaTGObRUD286
Qj5iPAABE6VJTOnzpCOYzpfjFoe0WQpnoV8y/ULoF7SCYGIUf5gLAIjgEZjy3bN8j+QRzEftP+tQ
quwpeUj08ulLUecBOi3m4NKJS5J/QOsSDUpQsQbF5JxpmZWbtX+vpTHNxxAfzDJfQPsI/KmGA+sP
0g3v6/JgmecW6RePXRS+NI9r854hf0Zd35AHmsHgAa5T5Q+k2wuXjl+iP7L+If2hD9s8VKdZBXra
848On6DbFmyjw5sPU+SokeUheprf0oh1VpDip4ivNffiyQu55rAGMHaYg4fZb2iFYy1+ED8kMRdo
q2Tjkn7oiHHtXr6bDvxzQM4NaJ65QGaKmSAmrRy/kjpN70zpc6fT2jPesGAATLWbAefcP9SLfoAX
oJVWSGieoc+HNx+hq2J9salyHPYXqVvETz+N7X6NzyxEgDmCFp2ku0lHsae9ffmWWuduLflq6vGp
cg0z4IEi6p5mUoVLUVirN85d12gKAKRs87Iazc0qA/8cFOX2rNgjyt4QZpZC0C8Zf6HkWZPT4Y2H
pa9Z1PE5AaAG75/Yk+Gblvdr7DnbFmwlgBkQSqjcvgr9XiW/rjnsGTsW76BNszfJ/QKJCVIkoBKN
SlKWQnptRC6Ice1d6SndfuB9hXGlz52efhN7tPf+s/T6+Wuq07uOH9o4ux7Vdwz6B5++a6askYIz
9frUo6Nbj8r+Ys+B1j/2x8tel7X959WzV7Z9dPp6aSb4j+HNpDb3/EHzxLvJm6C12WBAA+lPnMeE
qyu0wPsbezHWXPjI4SmTcHGxXVju2Lt6r6RjBmFyuUb3Gn7exdwe6AYegMAI9pX4yROId0Bmmtt/
Li0atkgH0nEZ7E0QMgEoBTPMCADLitQpSvkq59X2Vc7PV3fa4rLOXAGc/4v1+OYl9WyQR2qcDxfa
VlGixiLwJ4cfQ9rMbfMzX58LDfUDW5fRMc8Nwmz2e3r5/AmlSJeDcherRikz+r73A0LjHPOGPX3/
P/u5ecm7pZqWkoCsFilu8F0B0JX3VcxTkdpFKGyEsLRl3hY5d/wdBNc3eSvm1Yo7+y7GWto0U6w9
sZ/gD3N8Vqwhz9WeVKNrDSreoDitmrCKdizZIevuMa8nZRXfCmoA2Hl402Gtn9gD8G4wChqhDH9f
4B5t4Zvx9L4zgne3yXcX1n61LtXktwjyGIO7PGisx9lnFu7wz0w46gP9mmdvLgWp5l+ZrzORDhPi
XYt1ke8Io5CV+s6BxRdjYJCUQXB+XyOf2Xcig9ZIn3JkihQCwz3C0a3HqEvRzrIfkw9P1gHathx+
/8N0OgB5mIpXTbjjuwDjhSl2oyY4W+nBd62RFjweM9cw2Hs8unlIN0UYGwceM+ozgvScR71yG2b0
UfO5c481jH0QwgcYJ0K02NGobMtylKPEr7pvhs/l96D8neAOLdwpU/CHgu4UI/p3jHvlgrDU1WuP
aOVKsWcLsOj9+08UT/jWrl4tM92994xmzz4i/J2ekvEwBdynTzGKF1fv4uDgoesi32HCFeHHH3+g
ypUyUf36v1KsmBF1I/kkXBKECPEDtWq9nCZN9qTdu1pR3jzJCKAVh5DK72rEz5p9iN68+Ugvhe/l
unWzS9/fyLty1Um6cuWR1JRFv6tXz6zr217PK3TgwHUKGzYkvX37kXLlSkK5fktMJ0/doTlzDguz
zJdkXytVzEjt2uWn0EL4Z/ESL2Fu2WbJqWDB5LLN0aN30fUbTyimGEvzZrmpXFn7v0tcoQWP97UQ
Wtqy5QJdvGj7PR8rVkQqXjw1HTlyQ2j9eQQoiAwt1U2bztH160/EmidpcjxPnqS0bt1ZOW58ehQu
nIIyZfyZ0K9p0w7IvQF5P378l1q1zEPvBYC4RNAJIPfdu8/p55+jUK8/i1L2bAl5SPT02RtZ5969
V8jrxG3JP+CLhg1yUAPxF0Z8W5uFv6fuo2bNl9LIEeWoQ/vfNb74V3Qs9H+uR7jc+g1nydv7vvhe
Im1ukXbs+C3avv2iNu/58yfT9Q15HgpwFDwAnkdQ+UNG2Pl33OsWZck6UvpD37K5Of0oeJkDfnfZ
849+4aIPLVhwjDZtPkdRo4YXv6v/J3gxieDZTJQiua+A1pOnr+VaChkyhKR3s2a5pNlvaIXPFuvg
3TsbeIu2GjfO6YeOGNdyMS9r/zkj5wY0L1ggOSUQpsXHjd9N8FecW6wDe4EFA2Cq3Qw45/5hnOAJ
rLsYMSJQzRpZCOt285ZzUksVaw4BWuxYs/bm214/voZ4FiLAXrhgfh3dO1LtH/a0l6/eU67cY6TG
udfxTmLfi6T7jlf3NLWsO/dwc3Hu3H1JW5QHoN+8eW6H5uHBP1jj4I1z533kvpcpY3xhdj4+bdjo
TcWKppJ7mzv94TL43cL7J+YdVjN4vwbfz59/lM6cvSfXHNZ2lcqZuKi8Ys9YvPi43O/BVwgpkseU
fF6oYAr5bPyHceHdNW/+EY3f8+ROSuXKpaP9+6/T8+dvqHfvYn5o4+x6VN8xT5++pTt3nhH8csMi
Q9++xWnr1guyv8eO3ZJa/9gfvU7c0fafZ8/eCtP/Yh+dfoCSJo1OI4aXk9rcAwdtke8mCGQMEBYM
4E9cDa7QAu/v5ctPyv0usqinQIFf5F4DSxqgY768yah798J+3sXcHt7zGzeeEwIjr+WaTi5ojndA
//6baOiw7aYa5yxkMmfuYbp50/a+xPuxbp3sVLlyBj979ee0xWWduQI4x+/qdy9f0vhcuaXGeQev
4xQplv+/q08sW0ZzqlSVwDn8Y+8aM5aeXr9OEWLGpLxt21DqEiVMu/Do6lU6K0D3G4cOk48wF44Q
MXZsyt2qpSxjPI9D/34Q2MKKVq1p36RJ1HL3LkqaN6/4benr/sre737TDvgT+Vr4bvcWZuGv7vWk
O15e9On9e/pBmC//tWED+rVBAwoZJoxWA9aw1+LFwsT9bRn3S8GC9F7QctfoMRotcjVvRunK+bqs
Qpkjc+ZIWnNdaCNrvXoUUfgbv+/tLdsP+Z+5fKRlrlWLIgsafW64smcP3Tx8mP4nzt3DRolCiXPn
JrQzONkvdoFznwsX6PiChXR+0yYKJywRoGziXL9RpurVKVYK833m47t3dGrlSjoqTOu/EL7UQb8k
efIIOpSla/v309vnL6ho717SJcDZ9evJR4wZHyaJc+WSfxjnrWPH6NL27bJ/H4VgR9L8+Slh9uyE
ug/NnEn/fvgglJ4+0L+CD67u209nVq+mgt26UfYG9clzwkQ5L6in1vx5lKJwYdzqwvWDB+nI7Dl0
Q1wR0MeMlStRtvr1Jf9zZvh/PzhtmnxEW+krVaJr+/bRsfkL5NhiChoU6NqFfs6k35+5/K3jx2l0
lqyURPBssy2bZTucBl43M42PMcI1wanlK+QaQd9Qf/ysWch7w0ZKVawo5WrenKtx+xrc1r4FnLvN
Cp9VMFgB5wCmhzccrhEE5haLNyxB3Yp31eL4pvnI5lKjBc84aJ3QeoKpv0POP2TjUM1Mp9fOE9Sx
YAdOsnvt6NGRSgqwBAGmL1XzyXxoCaCzRuIamolJ5FUP7PDS6V6yuzzERRoCwFj4eIQmkDGgbJL0
iZ0ys9l6nPA5LgASNbhKCy6LA/HWwlSmoxBQB37OtIV+sClqaD81SNtA6xoOKmFmc1zLsX58TsIf
5sjtI8QPB3FI9J/2LQQUzEJaAdyO2j5S8xUK36HNsjXTzaVZOVXDyDi/KtBr9Jur8izXyxpS/Iyr
PTrjgL53hd5SEEDNb7yH1pbHCQ/N/CrS0c8FgxZoWmTGMnhuPKixBAhwEA1gsVH6Rlo2PiDnw2dO
wFwYD91Bx+oJq3MW06sZ76oZ+VBapaeabuwf0qBJNv/qfDlu45pDutGcLeK+heAfLTCGhUMW0rQe
to8lR2MCmJ4sYzJHWZxKAyDTNHNT3foz4wW1MpTpULAjnfE8rUbr7s2AC10GJx6MezWKDFj9F+1e
tksCrGoVxj6fEn1rl7etmkV3n1+A7J1ndKZwEcJp8QCZOhXupGlUagnKjbEdV9YjhMUapmvosH6l
KXnbZ2lfAWLvpu2LthuT7D7DVy/eaxxcpcXGmeL93cj3/c31qFfQwQxkAvA9pN4QNaufe96DOAH7
TFfxbWD0O8zpaGvC/gl+XAe40xbX6ex1RpuDNH9CD3+zA0xPnCKjLt+xvetpcNsyujj14bfClalZ
r6kUPmIU+lzgfPWk1TSu1Ti1et09vlWgOYwfTMZ3HWfEvPwUMwrVTFKTo+Q1UZpE8j3k6ruY9ztd
Zf48zD43Wyf4xeCyWmziwUl+BNeQbvYuUcvx/TjP8ZRWCJmpwV0eVOtw9Z7HZu87Qa2Pv4Ee33vs
5z2NfdKeWw+eA3yDs6sUr10naIRY3zPOzBCCT3ulqXT+1gWwDIAZ31Sjd4zyI6AF3ulftb/wn35E
p+3N8RCyw/dH9a7VpVAQ+C1a3Gh2D7PVMar3LFCIte/h5UHR4kTTkiEsU/XnqvIZAH2KrLZDFPRh
aP2h8t1g9o3GGv5/LuxFBar9rtUH2uJ7EfuPcW/SMik3gWXFiIUclKZ0qOAeVAAAQABJREFUtw3/
Ei5devi6dPkcfnfm290ZvtR18Ct4CM7AOYDpBg0XalQGKNCoUQ4qVvxvLY5vRo0sR+3b/S4fAVq0
br2CPKb5ClRxPr5u2viHMIGdSj7u3HWJChScyEl2r9M8qlGjhjllutF8ssfUqtS40W8EDc9Eifvr
zCrv39eOcuZIJMthzZYoNVWCxNwQwNjw4UNR8xbLOEq7omz69HEpYiS/Zwlapv9uxo+rKABkX4Ev
RLtKC64TQHvO3/z+zud0XAPKbLkzbaE9NkXtLcC5NGl9v7kA6C9ZXI9atFxGZ8/eR1Yt5M2blHZs
aymBY9a+hZlfs5A7dxLasb0lhfpPQOKWEFTImm2kbi7NygHAnD+vthSEMs6vCvQa/eaqPMv1rl5z
mspXmM6P8mqPzgCJylecIYFHXQHDQ/z4P9HJE511ZrrRz0GDt0rNZUN27XHwoNLUpXMBOS4Ai+nS
D9XS2CIDm4jnBMyF0SQ46JggYT/OYno14101o3/AubF/KBspUhi6drW3GHc4P2sO6Y8eDqRoQljg
Wwv+0QLjGTJ0G3Xv8Y+/Q/M63pkyZojnbz7/MnwQvJgp83Dd+jPjBbUelMG+6+l5VY3W3QeET3vj
Xo0G1qxuTEuFv+y5847o2jP22XPfVcqT1/7vjCqVM9LMmTUpQvjQWj0QbChUeJIUntIiDTfGdlxZ
jxAQSptuqMP6Dc3RsqX1admyE7RICAA4G5o0/o2m/m377kQZV2kxc9ZBathokcPmQIfTp7pSzBgR
dfkwL3XrzdfFGR94D+J47DPFik/R8SCn4Yq2DuxvR0kS6xXX3GlLrdeZ+1LD3tD67v7/ru4owPR4
GfW/qxk4t9dOFY+plLNxY10yazfrIpWHEgP/osI9fPsDM+KTCvgvhFl1mgflaOR7vqpU6dIta9/e
PXnStByA5hY7tguLYTZlL5i57h4xkmleNbLC+HGUp5UND7BXprXnXgkaAxRe3FA/Fk5T63Tl/pkA
rz2KlyB740JdRlPtWPtbBw2ijX/2sttUycGDqECXLjpha8zxlEKF6dEVc5wAlUUUghlwCRD+J/G7
skRJCcojXtV6n1utOnktWYJoGcqOGkn527cn1uDmeGeuXc+f00B+gNIrW7ehAx4edos22STA6aJF
Zfq9M2doeLr0dvNyQut9npT4t9/kI4Q6ZpavIAUgON3sGiV+fOp48oTONQKEAcDz1zw9zYrIuIAw
+75tyJBgt/Yt4NwuywRqQrACzqEVdEVoCt0T2hOD6wzWEa56l+qUrVh28hTa3SsnrKS+y/pq2kxT
u0zVzE7ioLdgjYJS4+2G900a0Xi41OxGZbPPi8PV5PE1DRddAyYPDI5zEg6ccMAHs47q4RAOzp4/
fiG0+47JNOMhGrQD74gxHd9mS+f6cIUZzLjJ4kng6+LRCzT5yGTZR2giQuNxweAFMntKoUXdYnRL
ihI9svQ5DkAEACkOMQEYcnCVFiingqGoq+nQphQnSVyhGXpA0prrVsfMca5e1UM+tNVkSBOprQZt
MlgbQEB8tzndKUO+9BIEBWB8UWhYQ5torBA2gDYRhzwV8ggt13Li8PsqTWo/iap1qkZNhjaRB658
aHzv6j2pTQlQLlLUSHRIaDUOrPmXrIIPfvHgDnCOctD2OSM01MCzKtCLg9ob525Kc6lIM6MfBB3O
Co1PaAIDUMQBtFk+tAM6tC/QwSHwiHxmwPmayWtorBA0QAD416B/A2kx4eHthxo/IY3bfvfmndTo
miN4/eCGg7qDYfQXfVkoePP80fN+DuS5LbTTUvAsDsChcQuehRa/2o58MPnHB/cqPdVs0DCHJYRR
TUfKg2sclI/eOZoSprJpRYD24AdYJEAaBC0y5svg8kG82uaXuvePFuhXUAPnaBP9eiDMyENzu2+l
Pojywwsy8r9/8FvfMkcLyZ/wq5skfRIp9HRi10lNOCoggHM0B2GbZ0JzGTwK/uUAXmg/pYPUxBzf
ehyFixhOArlhwoUh1R8t77fJMiSV1hW2C5+649uMl9XADHGrca0kLzH4xOAtTP1CYxWWKTbO2Kjt
n2h3lrevz3leI6jQmfWIPQZWN/h9AEEAWBKACw0E1P/XmoF0avdJ+rvL39KCRKvxraQGN79L8W4E
sAXfwLyH4j0K6WfUg30DJowjRI7gFi1gReTcofM0utkorX4AUbnL5xbWNy5Rvyp9ZV+N79WdS3fR
gGr9ZRr60EyUCSm0j1aMWyH9EcsE8U99r/LeDqEovC86TuskXBdklXNyQtCgVzkbXeImjavNL+px
py1u35Wru8D5pdOHqHs924+Z6LHjU/vBCynhL+npzesXtGfdfJo3vpvsRtZ84jB2xAqKkW2PK93S
5d27ypP6VOwt42CBBVrV0Mh+cv+J9AuO7ywECGHkq2QDEqDVf1RoKo9oPEKmgb7ga8zXlE5TaOmo
pTIeQocZhYWVn3/5WT7zfDn7Lr584jJN7zFdrl3wRB/BpycFcDu161RZX85SOeW3w/yB8+V7xchT
sHiCb0ms6/kD50lhM5V/ZCX//cO77JKwzjC7zyxtrwA9qnSsQi+FpYbBdQZJfjZa/OAxucqDatvu
3LsDnL8Q36ezzs3SaZzDQsCQukNMNc75nQM6w8Q7LOLsEoJHcwfMpTkX5tC71+/owtGLlDaX8EMu
aNwufzup7dx1Vldp3cNsXKgT+8CvJbLLPQZ5jPsn9rGnPk9lcdwPFQKvsDrkTMC3VL/K/eRcm71H
cLDCALncMzw6Cf6MJ/domJ1HUAF1PKMMW6UyCp2pafZ4C3VwCGzgHPRqPb6NtJz1g9CUXDF2hXxf
IB4m5tlPvLv8HpS/E5hmQXUNzsD5C6HJferUXbp69RHVrjNPR9KuXQpSsWKppFbf+Al7aPmyBlSx
QgaZp0vXNTR8xA55D1C6Ro3MFDlyOKkF3KjxQql5isQL53tQ8l9i0tZt56lI0Skyv6N/DI5zHoB1
0Kjr03eDDkQ+632PHj8Wvxu2X5JpxgP+O3efiTE9pm3bLsp0rg/XSRMrU7Jk0WnwkG109OhNOnqk
o+wjNBGhPQ+wEyF79gQ0ZnRFih49vNAw3CgBEQCkZ890o0gRw8g8+OcqLVBGBUMBPg4bWoaSJIku
AVrQmoM9QJfTnbmy9izyoq2hQ8pQhAihadWqU0Jz/5SsAvFz59SmfPmSSvAXgPFxr9tSQxLCBtDu
51ChfHpq0SI3nTlzn9q1X0mdOxWQdUKgiYFz0B4gPEA5aFlDq7FGzTmyClXIwR3gHJVA03LfvmuS
Z1XgHBqU5875CO3Q5zLNjH4QdDhwQFiVEr+rASh27bZWx1s8TlxBh9/9AR6Rzww4h3YqBA0QAP5B
uxQa+rdvP9P4CWncxzdvP9Dp03cFv26kDRu8ddqeBw5el30Bb4JnjcA5t4V2xgif13HjRKbnQut3
0aJjUotfbQf3ZsE/sPi9EG4+cuQWNWm6SAJnAMl27WxFqVLatAdB+3btVtESAZYiDYIW0HgFX3xr
wT9aYDxBDZyjTfTr1q2nQnM7JFWsNANRfnhBRv7377CwXPFrjtGSP9eva0rp08WVgj67hCATC0cF
BHCO5iBsA1P34FHwLwfwwt9TqkrteFgbiSj2TgC54cKGokuXH1DyFINkVt5vM2QQfXz3kRYKweHW
bVbINGhzjxtbUfISQHr4lGcBnt69ilKlShmlJYcZMw4S759oV10nvEZQoTPrEXsMrG7w+wCCAPiu
gwsNBNS/dk0T2r37MnXuskZaapkwoZLc6/hdincjhIVq1pqr7aF4j8KqBOrBvnHmdFeKHCmsW7SA
FZFDQgDrj2ZLtfohLFRe7NHQhK9cZZbsq/G9unSZF1WtNlumoQ8oE0pYXRk7bjftFNZYOKjvVd7b
IRSF98X0adWl6wKsb9CgbLlpshi063l+EeFOW9y+K9eAAs4T5cxJAIdDhQtHazt3oXMbNhBAwS5n
z1DYSL7AMkBVmAUHcFphwnipOQ5t8j1jx9G2QYNkfOczpylijBhyGBe2bqW/i9gATEfjMgPpHeW3
l8bA+WOhFV/irwESyIWW9fmNG2lejZqyWJv9+wjj5QCNbGguo/8ICYRWdPkxoym80B7f3LcfHV+0
yA8tfM6f19JQBkAttKKhZPX2+XM6tWIFLWrQEElUY85soQldWdJWRrj4j31Y3z97VpYs3KsXJcmd
i/C8pkNHrTYjcL5v8mRa3qKlTM9YpQoVH9Cfovz8s9Su53EhUfVxb2yrSO/elKFSRamlfmjGTGlq
H2UYOI8gaAsLBNDgXlC7jg44B9j/QFgkeHbnjkxT27lz4gStEwIfzGf1ly+jy7t20T9dbIKcqUuV
otJDh9DWvwZK+qv8sVbk2TncppBSduQIylSjBoWLHFlq+i9u1FgTLuh2Qbg6S55cWjaA5YGNvfvI
9tD/Xxs2pPwdO9DbZ89k3yAkkFlo4NdaMF/utwDOJ/1ewCH4jXrMgPMbwiLA2F9zyLQm69cRrDkA
7L8kxudRrDiK2ei0coWptrrM4MS/gALOv6a1bwHnTkx8IGQJVsA508cIrg7dPIzS5EjNyRJsgTlQ
BDWvqlXOmaHlyP4TVcADh0chhDkqPhRjABXxCGYmuRHvyNwip9k7RON01IMD5zHCPDybe0cc2lZN
KXP+1DlT0/DNwyXIg3wAkOunri8PGNnnIuLdoQU+EvtW6ivNoKJP44VWVdTYvmbt2Zwn6mdQFffu
BtZMwpiGrB8ifG5G1Kpi7TcclBsPeZGJzY6yBnknAZaUEBYJOABMZZPnHMdXpMHPJ0KEKBEkWDy7
n14AAmlswn/7wh00qPZAbcz+8QXT3gzo5TT/6OdsPvSTtfDlAfHyfojyDeI3rGqqHdpmVeLZ/IDC
LyqEFdQfuuABj64eUvgEh6yqRigf0pvxNNJgLlcFBFEXtE5xEG02XjbL2mN+TyokBFzsBT64N6On
WoYPo4399q8fah1f+72ztDCaaofGXZSYUSTAymNU9xeOC4gr1jUshqi8YKx3mzDbjTVlNqcstJKr
dC7q4NFBx5/Gelx5Zv5FmXJCwKbZqGaaaXnQS10nnBdgUb8V/TRLFNwe78d4ZiEs1UrKmN1jpbsJ
zo8r72ngT6aNu+uR24dmZo1uNeQPfGhxQphrsNhLfxVuNXgPkfuCGMODmw+oVtJa0qXDyG3CEoc4
SGQ3FOzPl/dVVSvVHVpgvFwX9mhVuA1pAMIntptIJRuW1OYYJpdh2QJgGean5Vih1fSfphLKAIgF
IIug7kFMC9DVzLwz0wHlGPh1ty3U4WowM9U+YuFx4R4jppw3rk812YZvjv7NCtOZo7soefqc1HvS
JgF0+r4fUebwrjU0rEMFWbz/tJ2Uu6Hte4Xrc/aqgr4w9Q/XN8bA72p8F+CdAICUg/pdAI3WTMIN
B3xLYx6N885l+Orsu5h5cJQQiILQEwQz/sjyBz178EzTWmY+MHvXcHucR+UfTlOv3J7xHckCP6AD
9lQI2yBwva7woNqeu/fcT0dj5rp5niGwUL9ffSmkCPpvX7RDE8BTv4u5HL9z+Jmv6j7GcSr4bQSX
OY+9K/ePv+mQL6kQVlKfwXuJ0ya2V4WMx/uev+URgXlCPcaA/alYmGLGaPncbnI7KvNHGV2aOjYz
/uG5MEvTVSQe+FvFmXkzlnX2GWbU4UYHgizYRzsV6Szn2ax/3Hdn+B17U1D+TnB2vAGVLzgD50wj
I7gKU9Q5fk3EyRJsYZPLal5Vq5wzQ8sxd56xdPjwTWnemwEPgJAw88ym2hlARTyCmUluxDvy981p
6gE/ynDgdDzjQH/3rtaauXfEoW3VlDLnz5kzEYEGESPY3mswU50q9WCpGQ2gI03qOChO7tAC+1HF
yjNp9erTsk/7PNtS7Fi+B/Jbtp6nosVs3zUMqsrG3PzXrftaaXYXY9qw/g/6KYrtHYXqJk3eSy1b
LZcAzvlz3Sl8ONvZCTeFucyWfaQmCDF9WjVhct33oB1gqtGMOpdFGszsI8AccT9h/rdvv40aUMz5
2IT/wkXHqVbtuVq6f3zBtFeBc66T0/yjn7P5UC9r4aO9FQL8UgN+M6um2u/df05x49kEhrt0LkhD
BpfW/W4BDwCwh/AJADhVI9SRz1+kLV5yXAcIoi5oncJ6hNl4WWgFJsdrVM+idlt37wxYjALsi97Y
b//6oWvsK39wlhZGU+0nvDpLzV7QgoO6v3BcQFyxrmfOOqTjBWO9CwT4jDVltkZYaKVM6XQEYFU9
9zHW48oz8y/KtBBm5EeNKq+Z6we91HXCeUuVSkMrVzTULFFwe7wf45mFsFQrKXt2tyaYZ1cD72kq
cO7ueuT2YRmiW9dC8vdZlaqzaPmKk2IvbUrFi6XW3gEsgHBTCDYkSTpAunTYvrWFfL+wGwqA/P36
liDeV+/de6HNnzu0wLi5LgDaqnAb0uCioW27ldKKC8/xg4cvpWULH5+Xcn7GCkEblUdHjd5JHTut
RnGd8A7TAnQ9crgDJYjvexaMvLyX4h7a93CD4m5bqMPVYGaqveMJL4oozK2r61H9Xc1tsMa5UQv7
5cOHNDxtOpmt0+lTFEnUZRZgAvuDAARDCu3tEELZYErhIhJobHf4ECXIlk0rAhAS5qzZVDsD12yq
HabDQ4bWv4O1wp9x81GYSP/w5o2sIVyUKLSpX38BdvfVAcVcPft7B4j4hzDHHSai7Zzh1ZMnNCxV
anrp40MQCIiTJg0XoQeXLtGQ5CnkM5uf58SDM2bQEgHiqhrYnObqdc/YsbSqXXsKIwQYWuzcQfGz
+L7PAFr/LegO4Fdt6/m9e9QvbjzZFDTKSw0ZrNvrwBv/dO0mAWiA4DzPh2fN0gD/Vnt2S/Psan89
han9FS1b6YBzpLNAhdoHLsdpKnCONPZ533LXTkqaL58UOBiVOQu9fPBA0jpqggTE88JluS6UV7XK
8YwAbe/xufNIc/a5hYWACuPGauPm9oz0YKA7etKkhLXDc2+rkSQgPyxNWknf+iuWc7S84v1hNNV+
bMECml+rtm4+uNDTW7dodNZslLZMGYIwwOe+f4ym2r/1tW8B58wpQXsNlsA5H9pBK2Tc3nFSM9Ee
WfkwCunw7RotTnQJenP+UEJqc6Xwh3lip5cEbACImIElZgdLXId65fbMDr84zV5dnG4GGqtt8D3n
N2pT4SUwqskoWj9jvQ5M4Pwo7ywt5MFljpZSa3e8MGurCihwP+b0m0NmIDOnO3sF+Ny5aBc5Fyyo
oJbFoSaEHODHnUEmNV09ZDWazVTzqfcnhT/WWX1m6TQX1XSzeUQ609JeuloH7plnzUBBTvOvLmfz
qe2pplSNfeLnq6evUuMMjaVmmQqKczqu9nyD8uGqGU8jzQicoy4VTIT2bapfU0kBCWgmx00aj6IL
DXTWRER+s8C0MKOnml/lCdUkqfehc9QqZ0tTbTq1/Ldw7ywtMBamhwqCBsUY7fGC2jbzIeKSZ0lO
ucrkspnjFdpx4Iuowjd1orSJdGaU1PLu3DP/AhxoPLix3bqZbgBsILjTRlgCefvqrdYk3iPYlyZ3
nCzjsB5SCL/svA/DIgoEUowBgMOwBsPotLAmAVAJ7zSmA0AoV9Yj70nq+4DHx36DjbwC38L1UtaT
vtDZ5LKxHh478wwA0pZi7bhCi5TZbD+o1LqgmQrtdQ6sscigPt7DLAAEWqhakVwG7wQ276/uQTxu
5Ou3or/key6Dj/OP4gcFAHcAubzvutsW1+vKFcA5wvt3b6mH0CB/+ugejVl+liJG1h9EyEz//Xv9
8jl1qZmV7t++Qv08dlCaLPnUZHmPd//wjhUlgF6v/UiqOzKTnzzORDCfIG+x+sUoV9ncOhqC308I
lzbQOjcDS1HOzOWNo/eyq+9inmOed5W3+PuAeZnnGP0yBs7D9RjT+ZnbM4K/DJ5Ci53bRRnOj3tn
eRB5Pzdwu47GzG0wzVQgmtNwbTSwEWFvVIVVEM/8gX0a7oBCCUFVaO7DcozRDYzahpF2qMtR4HaQ
B3vjsC3DKbX4XlBN4OMbp8f8HrrvdmOdqsUVFpQx5sGzKoiTtUg2SiHGt3DoQpkVfG507QAt9nb5
bNr0ZvzDc2GWZmyf+dCZeTOWdfSMPsJ0/sxeMzRLH8b8Zv3jvhvnzIzfOQ6WVQL7d4Kx70Hx/D0A
5wwUQZPMc29bqZloj7YMnCEdh+5xhHYr/DZzgO9oaP1Bc43BBDOwxB7YzfXwldszAwU5zV5dnG4G
GnP96pXzGzX08G5t0nQJTZ9xQAcmcH7U4Swt3gptStaYhFlbVUCB+2IPZOZ0Z68An4sIEB5zwYIK
alkWcoDfc1U7k/OoWoaLFtalalUzc5Ld6569l6l3n406zUU1s9k8Ip1paS9drQP3zLNmoCCn+VeX
s/nU9uDOYOGCOnZ/LyDv6TN3KX2GYX5AcaRxgDBGtuyjpKaoOjcMoJnxNNKMwDnqU8HEShUzUA7h
tuAnYT4daxECI3HjRqZfkpmDPtwfpoUZPTkPripPDPyrFPUQPpQRDh2+QTlyjpZjNuMlmekb+ecs
LTAcpocKggbFMO3xgto28yHismSJT2XLpBO8EEnw7g+SL2IKf+xp08R2yMtqfc7cM/9CYGTwoFJ2
62a6AfCF1jMsgbwS/uI5gHevC5PsHTr6grhZxRh4H4ZFlCGD9cKMKIvf1fUbLJRmz2EmH9ZBmA5G
YQ9uC1ez9ch7kvo+4PHBUkmWzPH97EOXhXWOFCkHSV/ovE8Y6+GxM8+ECxdKrh1XaJEtawLZfbWu
ixd6Su11HhdbNlHfwywABFqcOd2NYkT3/R2OcngnsHl/dQ/icSMPhBzevrUJReFZ/KwWFgX+FYD7
Kilcxvuuu22hTlcDgHME1rR+IQBTmNCGJrB/gYFzVZsXZcBLsypWkj6njSA4NGdPCm1qmP+2Z8rb
WIb7wcClvXTO97lX+AGHdjHMxJsFBmHVNHu0wDfQ0iZN6eD06WTWbx6TFD4QoDYEFFSw3ayM2q5/
92gfZt8BaJv1G+VZq18Fre+ePk0j0meQADeD4sa20M+x2bLLeYQwQ8IcObSxFujalUoLsN0YwBuL
6jeQAhIdhPl/tkbA5tfVPnBZTjP2n2nHNDLjYZ4XLsvPqLv82DEUKU4cqQ3Pbf0YOrTQip8g5172
RdHq5vaMbgtYy/6VEBgxWzvcf6NGP7dpvDLtEQ8hhzRly1LkuHEIlhkAzkOoJXbatHbfEcb6/Hs2
o5t/ZZiOX9vat4Bz/2YucNKDNXBuNI1pRkI+jDJLM8ap/q85jQ+PzA6WOI965fbMDr84zV5dnK4C
H2rdxnvOb9aWWb85v7Ees2emxe2Lt6lBmgby0HLupbnCV+lPfrKzZpVZP/xkdhDBh2/GA2i1iCPN
VT6ghdlRo4l6tQ6+Z81KfsYBLEy1XzpxibyFuXEEe2NiWtpL5zr5ygfAZkAvwKs6yevYbctYhzNt
OmqP6+Mra/o6AtkxN00yNpEHr6q2lhmfcb1IMwPOoRnYvVQPTaON86tXmJrOJUzn2wuujI/5Ewff
6DssJvSp2EdaUXB2rdnrx9cQ7woteI0wCAp+D4pgjxfUtvFRDDcXMPdrL9TtXZfq9HZ8YGWvrFk8
868RHDDmBd3YX60xzeyZBX+4fkcmio3l3V2PZnsSt8/vHCOvMHCu7kvGeow8A+DcHVpgnMa6VP4z
9g1mvth0uuoP20gv4xiRzn6HjXnNnv8Y/gdV7VjV7bbM6vQvzh3g/Pa1c9SuUlqKEi2WXZAda2hk
l6p0cPsKatVvFlXoZTtY8a8/xnSeC2O82bM94Bx52YoA8sB6DN7LqmAi1+fOu9g472a8ZeRlbk+9
ch5eI2qaem9sj9PM2kWaOzzIdX7OlfvpzHeC2ve+y/oJADyU8Gk/VppVRx+W3F4iBNmi++kO84f6
De65ep8w7T6YFlxbIL+juBB/1wFU9e+9zmX4CpcqTTM3lQIuRv/izgq/zR80n2b8aTNpymud61ev
qhWKvsJKT17h5gcBQoNdi3eVNIGrn6bDmqrFNAEJI//gUIW1sI1pugr+e2A+dGbezMqbxWE/YKsj
SIfwwe9VfheHFj+Q5xpPSVfEm/WP+ciYpvIMC4qw0BPqD+zfCehvUIfvCTiHL2lopjrS/mAQwJl5
UP1fc34+gFcP5TnN7Mrt8WG8mofT7NXF6SrwoZY33nN+s7bM+s35jfWYPTMtAMqlTjNEmru9fEm4
wTH4nkVZ1u4z64dZ3fbi2Kzxw4fCVY53d50Pbi7jSHOVQZnHj9/4MVHP5dUra1ZyHEDmaNHCk9eJ
28I8+nUZbW9MTEt76VwnXx2Bm5evPKRfkg801cDm8rhyHc60yXn9A5ZRL2v6OgLZMTcZMg6TwDk0
lTOkt2nFmfEZ6kRAmhlwDpPNJUtNdejLGqamy5ROa6vI5L8r42P+BPiGvsNiQgVhOhxWFJxdayZd
+GqiXKEFrxEGQaP+5OseMTAHZI8X1DbxDQArD/0HbFajdfd9ehcjaELjN1dABOZf/3y7g25Zs43U
TK771zYLl3D9s2fVpLp1svtXTKa7ux7N9iRun985Rl5h4FzdJ4z1GHkGwLk7tMDgjHWp/GfsG+aY
TaenEQITJ726iN9kfufdOEa007LVMmGhxL6vYuThMGJ4WerYoYDbbXE9rlwDAjhnUFJtl0FGBjWR
Js+rqlSlU8ttWrfQgAaYCEDw9OrVUisb+dQyeOZgVienBdR1/99/07JmzbXq0L9w0aIRTHVfP3BA
xpuNl4FEszRH/VY1oJtt20rJCxYUZuttGuLOAq1aZ01uGNSFWXajVjtn5z6ooDVrPTvqA+oekSGj
BM6hqRwvQwZNC7zG7FmUra5fq3vcpvHK4LLaB87z8PJlGvxLcj/Av5GuZgCwcV74met2dE2SN6/0
Z88a4cb2uKxZu5yGq6Oxqfn4HutkkzDxv6V/f47ycy3apw8V6d0rQN4//vXfT+MigunoLL8H1dq3
gHOz2Qr8uGANnKuH/fZIyQfvOLjtJzTPQph8IHDZGPGiU6wEsfhRXvnwiDX2dIkmD44Ov5aNXiY1
Eo0HUVyNo7KcR706ys/9VttyhxZ8mIgDMZgfjhYnmtoFec9Az+ce+OGgsVe5XtIHJZsWVhsD4No6
V2uyB6ybHeip5dV75GXwB1pV0JrCGDmwf097Y2LaOwu88kGzGTh9Wvg/bys06e21xX3iOvzLh/yc
16w9ro+vqqlZo8ldzqPSS+UpMz5DGT40PrP/jE4LD2kwgf1K+Ia9e+We8B17kV49fYVo4ev9ES0b
s0zeOwJjkIHH58wegL6zj1XQLkPeDNQkUxOdz2bZqJ1/MOGM/gLkixw9sp1cXy7aVVpAW/hrBM5B
QdAZPpS9D3nTk3tPJFER94/HPw4P+d2lvj3+Ndangj+wXJCjRA56L0wam4XQwt9v4nSJpTlcBs+c
WbNcl7vrkfcktS3j+Iy84g5wDssQLf+zQuIKLTA+R3u0sW/4gc9CL/C9PnrHKD+ar/iAZdcP6r7E
dIdZffTxndgDzALAgfjJf5Zr2922zOr1L84d4Pzl8yfUrfavUuN87ApvipfIpsVvbGvakFa0aelk
atRlPNUc4mtKzZjP0TMDYcgDEBFWFrCnm4WIwmpAglQJ/AAtqKP97+21dYuyZpYd1HeLK+9iI2+b
8ZbZmjCOgfOo/GPMg2dje5zHrF2kucODXOfnXLmf6j5grz6173P+swABoLht3rbSyhDer/3E/NvT
OFffv9Bsfnr/KcVMEFPHC1ijDN468z2i9pX7B434kWL9Z8qfUUu+dPwS/ZFVmB0W3/YM4GqJ4gbt
zuo9i+YJTXgEI/AuI5V//B0WP0V8ad1CHTPvyZIeBqtUPM9GerPrgLtX7kprIskyJlNa83vLfGis
x29O52N4T0WJfuL3z2+lc2pzaW/v5NqZj4zrgudE/YYIyt8J3L+gvH5PwLl62G+PxnzwDtBs5YpG
4uBdqJvZCfHiRfZj0pUP5Vljz05RLdoIOmgJ4mb0mJ1SI5FBDDUN947KGvP6l5/7rbblDi3YpC20
+2F+OE5sv78rGOhxBtA1GwfH4b1dVvjSXbfurGZamNNwBeD6W64xZA9YdwTKqPXgXgXCBg0sRa1a
5dX5gp83/yjVqTvPLpjNc+Us8MqgkBk4vW//NekuwD/6cR3+5cP4OK9Ze0hXA/uWNvr7VfOo9FJ5
yozPUA5zCRP/+/df8yMEARPYz56/lSC8l9ctevrUZhHrzp1nYo3sks1ivdoTnkAGHp8zewD6ni//
eOmOAbSDUEjGTMN1Pptlo3b+wYTzs2dvKGrU8BQ9ml7j1U6RII12lRbQtP8agXMQDXxxX7gOOHTo
pujjc0lH0H6qx36pHYwIlf9khs/4Z49/jVWyUA98lcNyQYkSqcTvanP3UtA+Tyf8s4cSLmYYwHVm
zXKb7q5H3pPUtozjM/KKO8A5fNazFRJXaIHxOdqjjX3D72oWeoHv9Z3bW+rMtKM+fBuy6weVL5ju
MKuPPr59a34Ggt/VyZPHkEJa7raFfrgaghI4ZwARfawvNHnTlC4tNazxDPqxZrR/wHn7o0d05sZR
PiACAESYwQbIXGLQQMojTHWzRjTqPzpvHi2oU9cPgIs0V4FElOHwT7futGPoUGmau+r0aTQ+5282
MFpoZMfL6Pv7jfO7csWYJubLL02PMzBvLH9f+BEfljqNzjS4an68szC3D9/1xqDSi+dsuTDDvk+Y
YzcDVI3l1WfmDTOgHv7PYT7dWKcRyDYDgI3z4rV0Kc2tWk1q0jcQPPiDsNJoL0SOJ6x2CnPvHIzt
cbxZu5yGq6OxqfnU+zfCd/qL+/fp5qFDBCsQCG+ePacDU6f6K2Ci1uPMvX/9N6vDSFc1jxmdmAbI
F5hr3wLO1ZkIuvtgDZw7cwjntesEdSzQQR6uQdvUDPjFdMD3Hz4oQocNrZsdPhQbvnUEZSno10QZ
DgvZnzoK2jv8wg+eToU7S5PgxoMobtBeWU43Xh3lNzv0cocWOCRjgJl956r9YDAb2kQBceAHjdM5
/efI+Rq9YzQlTJ1QNgc6T+8+XQKr9g5KzQ701L6q9+qB4soHK3WAKD56WCPZ3piY9gBlavWopVYt
78FPYcOH1eK5PfWgmRMXDVtE0KS31xbn4zr8y4f8nFdaDvjPdzHXg6vq7/32pdtUN4VNms6eRhiD
Sig7+9xswuEyAvOZ0TwnhBsapmso8xgPtVFm0+xN0k+9UZuND2DtzbGsUPzj8TmzB6DMgfUHqWfp
HlxcXjt6dKSSjUrq4owP0KKDb14O/vnn5XxBeXWFFgwAY37M9kMINZCwuKmCBgExFsy5mfUBtW7m
MbO9FmubhR/s7Z9qXc7eM//6V6e6f5vtg2p7APojRLEdBKl+oKHVrgrnoAz2GvgTviPWIEBFvH/c
XY+8J6n7g3F8Rl5h4FxdR8Z6jPsqxsbvMldogfEa6zLTOFf7wv1FWTO+YLP2SFfnkPdUAOf9V/a3
y894f2GfBr+72xbadjUwcP72jbC+UTcnvXj6kODj/KcYcXRVwWcTeAQmz2DWvWvt7HTrylkqX7cz
1Wo7RJcXDz53rlHLMjaAruOwpVSyk19BNz+FTCIAikG4CKbszejORfAe+fj+o+bXm+NVHm4zoQ2l
zJ5KCFu0kMnQ2m08xNctgkp3V97FRt424y0jL3P/1CvnUflHTed7Y3scb9Yu0tzhQa7zc67cT3Uf
sFefvb6fEq4j2gnwHKHH/J5UqEZBXRU8Z+pa1WUwPLDQJqKHbBxK2Yv6+vzjrM8fiYPdjYekYFus
hDYBVnbPc/7weeo2pxsVqV2EswuhOwGcC5/2Zt8KWDMsUIMC3WaLsnVsZcGzzx48o+hCUFbVqmUN
dleBcxYcNe41DMTHTRpXutyApQ5HgfnQmXlzVI+axnXKMRmsPeAbAEJ0APbNeJ/5yJhmxjOIC8rf
CeoYg+L+ewLOnQEFd+2+RL8XmChNMkPb1Az4xby8fvNe/K7+gcIKSxZq4AP4bVubU8ECfgXA3ol3
CvtTRzkz8ALx+C4rVGSyNAmuHvAjjYO9spxuvDrKbwRMUNYdWqiAKfvOVfvBYDYAJRWwUfO4cg+N
U5h+B3C6c0crSp0qtiwOOnfv/o8EVu2Bqo5AGWMfGKRB/MMHf+kAUezJrJFsb0xMe9X8t9oG+En1
wc7tmQG9w4Zvlz7E7bXF9XId/uVDfs4LkJh9F3M9uKr+3i9dfkDJUwySyfY0vRlUQib4l0+R3Pbe
Yz4zmvF/+OgVpU1n++4zAuAoA3PtqCdunCiyXf7Hghr25pjz8fic2QNQZv2Gs1SqtAcXl9dpHtWk
P2VdpOFh9ZrTVL7CdC3W6JdZS/iCN67QggFgCJ+Y7YcQagD/q36kA2JomHMz6wNq3cxjZnutKvxg
b/9U63L2nvnXvzrV/dtsH1TbA/gfJbLtTA0WMoYO2y5NzbMpdjUvaL1o8XG6dOkhde5cQL5/3F2P
vCep+4NxfEZeYeBcXUfGeoz7KsbG7zJXaIFxG+sy0zhX+8L9RVkzvmCz9khX55D3VADnq4Spdnv8
jPdXeKFBj3R320LbrgYGzlkzGeamoT0cWZiwVoP6u5rjXQXPOH/MFCmoy9kzOt/O8Is+LkdOCRgz
CMvt8JVBWXsAMMzAhwzj+DcD12V2VcG9fg8fUMTovpbDsD5mVqgozc8bAVzUxWMzSzMDEtX2WeNb
jctcvTrVnD8vQDSKlzRuIk3Fq+bguS2MiwUWVNBa9b/ecM1q6VOby/CV/Yfjuev5cxRLzCsLAcCk
uGqKncugveOLFtFD4d+9QOfOFCqsbX9i2ptpnO8YNkz6UzfS1khXMwDYOC+Xd+2iSb8XkMC5GZ9z
P9+/fi0tIXD/EG9sj/OatctpuPLYoMHefPs2eTalpn98/55CChPxHJiuZnyOtlgQwt464XqcvQan
tW8B587OesDmC1bAOUCdTx8+iQOzy0LzuJX0Sf7nwj/lBynIBhOgRuCbgSIAuzjAGvTPIEqYygbG
4gDtysmrtGTEYtq5ZCexeXLVlCgDH/mr5KfOMzpTuAjh6InPEzq29TjN7D1DHsBN9ZpKcZPElTPH
B4Q4zBuxZYT0v47D+UVDF9GCwQtkntG7xojDwfTyHv/QD4D2qyauokntJ0nNmAqtK4iDcpuWXMhQ
ISmU0GI0hjWT19DYlmNl/krtKmmHgPAVPr71eIL5U7Utd2kBrZ25f9nMJ0MjrEyzMhIAunXhFv1V
8y/p6xZ9azaiGVVuX1nrh7G/zjzDNGfVn6tqWUs0KEFxksSRvlRxiI9gdlCKscHncOU4lWX65MOT
JRiOFxsC5k0N0CJulL6RBAZ6LepNeSsKs5xCaeLW+Vu0WPDDplmbZHZ7Y2IgFn1hv5eY5/OHL9Aq
4ffVc7WnziypqsH315qBUvMH87R7+R76q8YAu21hXAjgSdAbYAY0p1T+gOCGEehkABplGfgAP908
d5PWTV1HqyevJjY7ChoNrT+UtszdguxSMyl3uVzaPO5bu19YAvhTpsE0a/d53bUPIBYswaFxp+md
KGqsqORz04fGNBtDBzcclHMBaw3QWOTAZVLnTE29Fvai2IlshzhIP77DizoV6mg6xxKkET6NQYvL
QgMNPsohiODfHoB61QN4PKM/zpjz58NjlEEwE3ywpQTtf5UWl06I/fC3VgSt3KEbbYcqZjyBHqp0
AB9VbFtR7p8+131o19Jd5NHdQwpFAFQ37qWujJD7hzLgzUntJtGelXvI0brkQ36Ay4M3DKF0uXxN
CoKnOggBKHuH/K70DXlZUKq7EKbw2n5c7pOpc6SS9EE6wFQVVEEc9w/3AAOLNyhODIZgP9m7ci+N
bjYayTTx4CRKlT0lqesQ/N5jbg+KlyyezIP1jP0e6wRjnn91PkWOFlnOhzvrcfnY5dr7g98HzL/8
HmDAC3zce0lv27tU8A4/g294nNj7qnSoogO7/z76N8X4OYaWBwNxlhbICzq1Eu29efmGjPvCxWMX
Jfii9gV7FvsQRvlei3vbXDiIvfq05xnqXLgTomXgMeKBx4n7kg1LUqPBjTQ3I9hTT+4+RX93niK1
ahmocrcttOFqYOD848cP9GfDvHT5zGGCT/KSNdtAmoIe3L1O+7cuo/njxSGo0CwHqB46TFjavnom
Te7fWDZXq9UgKlmjjVintnfb9YsnhX/zSlIjPXrs+DRikRclzH/C1a5p+Zl3wJt9lvWlrIWzaGsC
6xDCT3CrYHwfg6/b5msr360VWlWgVuNayTrPHvSW+xQeyrcsL01eY/248y7Gu7Nz0S5SEJHnXQX0
WCjIyMtoG9+RyIsAft++aLswMT7Ezx6gfjOgvb9q/CXe17t131SoA/3H3gQgUuVpd3gQ9X1u4Hlj
vrZXH+jw/OFzapzRxk/Ym1WLS/zti/kdu2essMxgE5YDLc4fueDnG9zs+5vb5rlhX+qdpnWiggKM
x/xDw/3QxsM0qNZAmb3hACGM2NNXGJGBafSDhSmxf/ev0l/unWbCgfxtjAqxn7Sf0p7evX4nTdHv
EIJKf3f52w9YrO7Vf4rvkgLVfpf9UU21g2/Bz+q74eHth1QtQTWZt+eCP6lg9QKEb0HsWxhvnV51
qH6/+jLd0T/mVf/mzVEdxjQWgADtBq4dJN9J2Oe8D56jsS3GyP0PZXgNcXl3+D0ofydwP4PqGpyB
c4A68Gnq5XVHah4DhIQv6/9+OkltciPwzUARgF1o1K77pwmlSmn7jgd4CD+twwVwuWSpl9RE3bGt
pagnhDZdDHxUqZyRZs6sSRHChyafBy9p69YL1Kv3enog7gFAJUlsO+xVtbq3bmkh/a/jcH7o0G00
aPBWWe/uXa0obx6b0Bgi0I8QQvNt4iRPatd+JY0aWY5aCw3od/9pNIYKJQTlxW9rY5g8xZNatFwm
87drm19b6/AV3rrNCpry9z5S23KXFr37rKcBf9l+c0E7u1mzXFI7+8LFB1Sj5hxJQ/Rt5Ihy1L6d
bz+M/XXm+e69ZxTv575a1oYNclCSJNGFH/rdmsapGaiKscHncOw4vSTofuRwB4ou/OEyb2De1AAt
4nTph8o6Fy+qRxUrpJf0O3/BR/DDDgnsIr+9MTEQi74ANMb8Y54PC9/Z4yfskWbAVRCa/feizrVr
GlPpUmkJ87R8xUmqXmMOok3bwrgQYCnhwoUHUlPayB9hhIarERhiABplGXCC8MG5cz40deo+aca4
c6cCNGxoWfkdX6/+Apo77wiyS5/A5cqm0/hp7T9nqGy5aTIN7hHmz6ut/a5mwRIAVDOm16BYMSPS
zVtP6I9mS2nDBm85F7DWEP9nX9d5XCZnzkRy/SZK6Cs0uWPnRSpYaJIsZwTcsU7gmxi0wLqF5rQz
ewA6jn0jd56xUuscz/BTffZMN52VAcQbAwOPHG8m+MBpQXlVaXHixB3K+dsYglbupo3NZDfMeAIJ
Kh3AR23b5JNr5PqNx7R06QnqJoRTUqSIKfc0417qyvi4fygTMmQIatduJa1YeZIcrUsGbGHdYuOG
ZpTrt8Rak+ApCEBdET65VYBUy+DiDQtKQZhi+/aLcp/MkSOR5C9UBTBV/XZCHPcP9xMnVKIGYm8K
F9Z23on9ZKUYH/ge4dDB9pQ9W0JS1yH4fd7c2pQsaQyZ58JFH7Hfr5LrBGO+drU3RRNWDXDO5c56
HDtut/b+4PcB8y+/BxgcBh8vXVJfvEtvS97hZwiB8Tix93Vo/7sO7D52tBP9HC+KlgcDcZYWyAs6
gVdfvnxHxn3h2PFb0gS82hfsWXnzjdPW7ZLF9eSax9x4el6hQoUno1oZeIx44HHivlHDnDR4cCnN
zQj21N27L1Onzqul6X0WNHC3LbThamDg/NOHD1Kr9+bhw1R21EjK21YIAYv5f3z9Op0UWrrrhFY0
AG+AjQwmHpk7lxbWrUdlR46g/B06aE1/+viRVrZuQ/unTNGZB7/q6UkT8uSVoGWjf9ZSwuzZCWD3
jYMHaVnzFlLTG5XYMynOoGzGKlWo+swZFDpCBHrh40MXt26ljb1608sHD2T/oidJovXFlZsXovyI
dOmlRm+dxYsofcWKcu35nD9PO4ePkH7CUR/Gm699e9263Dd5Mi1v0VLSLl+7dlqaPVoY+wXT3Jv7
9dOijX60tQQ3bs6uX0/TS5WWJUG7ksL3eNSECeU4tw8dRnvHjZNpAK3rLV0ihQ+w9hfWq09HxRwj
QEs4Xbly2rjOrF1LM8qWk2kqyK8KASTKmZNqzptLMZLZvjF9Llyg1e3a07kNGwhm+nteu0oRhBl8
BNZ6x33DtWsorbBGANqdFGb951WvgWgd3ZH2d5Gi0hc584sKYDMozsA58yiDxLAqAHC/0bp/KHaq
VLJ+ANh3T56Uc+21ZAmpptrR3lzRD7gZ4PZkIfEPfDNZgPEQOoE1hJ/i2373c7pKEwbDwfc+QtN/
/1QPqaH/uxAiKDNsqCzCfQaNmm7cQIlz5eKq6MnNm7KtR1eu2HVpoGV28iY4rf2BidY4OepvNFuI
dl9lx4MNcK4CPo4obearljVJuFzSDEklWLdfAIJqMDvgunrqqnawiLw4gGIAl5/RJmvOPrj1gKon
rK5Wa3qPwzxowsE8tX/5AfJ5nPDQ/EbiEJK1L7ly1mqBmeNaSX0PHZGugp3u0EI13cnt2buCPkYN
Y3t57cXf8L5BPcr0kCCZWR5jG6ylbpaX44wm1fEiZfOhnMfR1ah1g4NRaDsBQECAD14IZ6iBAWvE
Ocu/6tj4IFWt0+zeDATG+HDQD4EQBIAfr1+8lvf8T9WWZ0CLx4P8PwsTxuBn5ne0M+nQJJ3VhoMb
DlGPUt25SrtX9TCYgXPOnL1YdkqeOTld974uBQ4QbzygBs+zRhOXM7uq9DOmH916jLoU7SyjnfU5
bewrr1sIunypYAQhzPqB/aBGtxpUqnEpP8kbZ22k4Q2H+4nnCDMggtOcuTo7V6hLnQcjv2Ofhkn0
F49fSFPtyM/7HAPWiHM1qHxgr6y6Z3IeSMcPazBMEzBBPASqAOp7H/DmbHKt4Z2AviLsXLKLBlTv
r0s3rkUIJFXvWl07OHN1PTJYxo1gHcD08qxes2jF+BUyusvMLpRZWE2pkcj24Q7NcWjHq2HayWl0
9+o9TVCmUM1CUiAGptkZ9MJemDzLLy7TgoWN1PZYm5VBOjUN4Cd4gE0yq2nGe95/1XlTwTPkxz6D
dQtBBTWwIBPi3G1Lrc+ZewbOkXfn2tk0sW9Du8VSZ85LfaZslZK9+MEzqV8j2r3eZn4ahZKkyiLL
Xj13TKtj4CxPSpE+J0XLvFOLc/XGjAd/LfEree300t4JqBMCO8M3D5N+k1UhB6ThPTLl6BS5Ftjf
M+IReK+G73NX3sVj94wTAoNjNH5EXbnL5ZYCVNCgZT7Fd8hNIQjXq/yfyKIJPUGIZ6UQbvMvQGiv
g0cH8rnh4+ebCsIYHad11FwJqHWpe5o7PKjW5c497wXqO9dYj713iPp+M37jIK3tpLZUPYH59y3P
p2pFQm337tW7UmiGvyfUNL5HHSyIyHHoq/F7l9NwNYK+RuFLNa96b7SSg2+miW0n6ngD+w+sL3Cf
VWs7al3shglxKMM8iPGwEIea3+ye33+O5s2snKM4fLvXT11f67+jvDx/eCcYf0M4w+9B/TvB0VgC
Oi24Aucq4OOIZma+ag8JMBMgG4cMGeJSokTRaO3aMxwlr/Cd269vCV3cqdN3pW9njgRQ6uPzkh8l
wOd1vJOmOXvr9lNKkND3IFbLaLhhAO7O3ef+5gfId/JEZ83nt6p9ydWyme37919QkqQ2AWdOU8FO
d2jx5OlrypN3nFP+fc1Abe6Hs1fvc/epdBkPCZKZlTG2wVrqZnk5zmhSHXtolaqzJHDNeRxdjWAd
QPLMWUZofYQPXghnqIEBa8Q5y7/q2BjAUus0uzcDgTE+APIQCEEAMPfixTtdcVVbngEtAJOcP3ny
mHTr1lON39HO4UPtdVYbNmz0lv7KdRWbPDA4hSQGzjlbsWKpKEvmn+ms930pcID4Vi3z0LixNgAF
z+B5Z/wqq/RDOTVs3XaeihSdIqOc9Tlt7Cuv2y/5u5q1diE8YC9gP+jerRA1bvSbnyzQ9m/QcKGf
eI6wZ6WA0/27OjtXqEedByO/Y58uWSINPX78WppqR37e5xiwRpyrQeUDe2XVPZPz4Hd1/QYLNQET
xEOg6qZYIwcO+J6pYa3hnZA0iQ0gxxqsVn02V2O6FiGQ1LVLQe13tavrkQFybgTr4OKFntSr13oa
N36PjJ41swYVLJicEiay/caPEiWscEHwlovI66mTXejq1ceaoEzNGlloxowa0jQ78xv2QqxXV2nB
wkZqgwvm16Ea1bMIgQ2bZr6aBoG0DOnj0XHhziFL1pFqkp973n/VeWPBMs6MfQZWZSDQowYWZEKc
u22p9Tlzz8A58h6eNYsWNbD/u5o1Zv8Vv6nHCu1wgIwcAKrDpPez27dpYJKkHC2vuYXJ8wrjxtLr
p09pWKrUmqlpXSbDQ8RYsajLOW+KEDWqlnL31CnpU5sjkOeljw8/SkAeWs5R4trOkbQEJ2/wrpqt
+GD3rxg0fuOkS6dpAHN+ALKgBUxtG2mhgsycH9dnd+9S/3g/y6hfGzakKh5TtTWo5nPnHuNirXJn
yjNoD0CYzcajHIDcmMmT09NbtzS6RxEgMeigWigA6Dy3mu9vXpR79+KFrmmYwi/Ytas2RhW81WU0
PGDOMccexUvo+C+tAPXrLFqo48uugn8g9DCzXHlZC2uz3zpyRObjquMK3+xREyWis0IYQA1Fevem
4v36kgp8c3qORo2o6jQPYu1wjsfV6N8d9Af4D7ogmNJj4F9UuEcPmc7AuXwQ/9C/1CVL0uvHj6Wp
dsQzj5mZ0OdyrlyDy9rvF9tGY1fG/k3ltYDzwJ0uaED0rtBb+r82AwG5dfhoTpw2MT9qVxzaze0/
V2pJaZH/3dToWoMKCC0Rez4ID6w7KMw+DtMdPiXPklz6xcaBrfGgEFoefSv10eUHcPuvkOwf03yM
bBUHUe2n2vx/sklUPvw39g8AjGrmFxojMJV7RrTDAdqMo3eOpsd3H1PNJDU5Wl7r9alHdfvYTHEj
wh1aAOiZ+edMDYThBmDuGhqlAJQQjH3lfK5eMd/wK/nuzTv637//E5rMP0lNWByg3r9+XwfOLx21
lKZ0sv1ws9cOawKp6Tjom9xxsqZdjjTwVovRLYRmTirqVKSTNodmfAWAf0TTkbp5QHmYbs9fNb9m
hYDbBAg9vNEIOrrFJoGO+IqtK1JWYba0pxAUQFDpZwY0yUyGfyiDw9lwEcPpUszGhwxos7AwW5oy
WwpdfmhxrZ64mqZ2naqLx0OTwU2ofOvyOvPznAmahzz/iMMBbKdpnWn/mn20bto6mU01s8ogmXrA
zHXhirYqtKmgafMizr/Dc+RBUOlni/H9z64KHOXxzW27Y40tPGFuhwqAKE2O1MZsQfrsLC1UQFDt
ID58lo5cKrXu1Ph8lfJR8YYlpGYprFy4G5ztH+pXTd8zv4POocOF1tYe9wNCAPX61pMmdjnOnSvz
AcpiH4emszFAcKPl2JbahzCng3Y7Fu+kgcLShjFkLZKNitUvRjlL5aAIwu+zGgCkTGg3UWrIqvEA
3qt1ru5nLSKPK+uR1xTXDR4HCL5kxBKCYBECtCjzV8knwSuYPo4aO6r0J89lcAUw5HPzAXUWex8C
9ooWY1rQtO7TpOlpxDGg7SotzAQWmEdn9RFWTQbYpIHRhgTQ9k2Q6xnPMP09sukoHf2Qp9vs7nI/
xTsAwThvp/aeFlYARvkRakLZmt1rCksjeXVatqjD3bZQ1tmgAueg49q5o2ju2C664jkKVqRC5RtR
+hyFhHaJTQODMxzcvpI8BregZ499ONUUpB8AABiASURBVEpeC1VoTFX/6EPRYsaTz58DnKMCvPeX
j1lOmB9jgJAC9ovMBTPJdQLhsA4FO+reh3Ie90+gOInjCA3XsdIKDtej7sNm7yp772JodY9uPlpY
dznPVUkBodYTWlPHQp1k+ygLDeow4cNogokMhM/pN0fHa1olhhu4TmgypAlBoxhCWwyeIhvSmg5t
auoChHmaq3OHB7msO1engHOTb0i0ZVw/bAUCafhmbTy0MbXP397PekK6Op94NgvgpwWDFtDCoX4P
mPHdVbppad17n+sAiA8rNrAOoAZoUWO/VYMz7x/wpSrwyuXx3Ql+h0a6GiA0+Neav+iXTL+o0do9
1jDGNaPXDC0Obaia+lqCnZvAAM7RFL5T+1bpq5sz9A2WljAfbE2I5w/Aubv8HtS/E+yQMsCjgytw
Du3c8hVnSP/XZiAgE/L0qa6UNk0cftSuV689on79NtPsOYe0OL7p1rUQVReH9xkz2N5FHM/XdevP
Cj+qCzUAEfFZssSXWuHlyqXTAG3O77nvKlWsNEOXH8Dtp0//o2bNbe9/aMFN/buK1F6Hv2WA8Xz4
z/XwFWCRauYXmnGFCk8SGndXOQtBm3HXzlZ0VwDxiZPogfO+fYpTn97FtLzu0OKF0BD88891GgjD
lcHcNTRKAaIgGPvK+Vy9Yr4PH7lJb4TJ83/F7+pYsSJJTVj4qr5+/YnO//Wo0TupY6fVDptYuKAu
AVRRAwQCOnRYrWmXIw28NWZ0ecqePREVLjJJm0MzvgLA36TpYt08oHzPHkWoatVMxFYIuE0IVcAf
75Ytvt8DbVrnpaJFU0lBAeRT6WcGNHFd6hVlADJFjBBGjSaz8SED2qxTJztly+rrRxTx0MKdOHEv
demqP8hG2pDBpam1KKean0c8AtYUzz+eAdpNn1ad1qw5Qx7T9iOK5s6pTbVrZZX3DJIBGGUwTib8
9w9ttRGa0Co4aiYsopbhe5V+HMdXdlXgKA/n5SvWMoRGEDC3WzY3pxy/JuLkL3J1lhYqIKh2FN8A
I0ftpM5d1qjRVKliBmrUKCcVLpxC+ufWJbrw4Gz/UKVq+p75HXQOJzS+VQEl5G3S+Dfq27cYxYsb
BY9uB+YDVIB9/NixW37qguDG2DEVTH9XL17iJS1tGAsVKZKSGtT/lWB9IXKksLrkk6fuUFuhdb9z
5yVdPID3Ll0K+VmLyOTKeuQ1xZWDxwGCjxixk/r03SCjYZ0F7eXMNUZqcMeOHUn4k9cDa3CfcPPm
U7H3TZZlsFeMGV2Buvf4R5qcRyQD2uAjV2hhJrDAPIo+9h+wWbaJf9hD9u9rqwkfwHx9k6ZLdPRD
njmza8n9FPyMYJy3vUIr/Y9mS/wINaFsj+5FqGLF9JQgvi9IjDrcbQtlnQ0qcA467ho5ktZ21v+u
Tl+pEuVo1JBSFC5MP4YKRaq5aG4ndalS1GDVSnomQFUjWFy0b18q1qe3zHrf25tmV66iaZcjEmBo
XaHh/VaAq6zFbM/U99l16yQIrALm8bNkoTytW1EaAZ6qQDv3zZXrqydPaG2Hjpp2OcoC6Cw3RrhB
FRryUwoX0UBjgOMxfvmFJhcqTNeENj0HaFq32LWTngswfGDiJBwtryot1ITn9+5Rv7i27z7UGydt
WjX5s+8xtwenTaOlTf/Q1ZWnTRuhSV6WpogxIGCsbQ7spzhp0shnmCz3nDiR/unSVT6r/0oJzfU8
rVtT6PDh1Wh5f0cIVaxq205qhKuJ0Hgv0KUzJciWTY2W9wDkAfBf2GKzKoRI9C9l0SI0vXQZmQd8
0Vr0Dxr0sI7AIWcTcQY+YTxNLlhIzgXG0e7IYdm3AQkSymyqQMKjq1dpS7/+dHi2ryAR11WwWzfK
XL2a5l8e/RqdNZs278hXoEsXKj10CKna/FyeNeb5GVczvkI8xpetTm0dPbhOjAHAuMrrKIOxFu3b
h6IIH+wBFYLL2rdMtQcUR7hWT7DROHdt2PZz44D2vfghEwqmgIQVb2jdGc1c2yuNsliQMJtuBCmN
ZaQZTOGzEQFtwCTo1xbcoYWkgfjBjfEBHPocc86u0gNtQ3sG4XO12mUl//2DZt0HIXkNsDBy9MhO
8wPXgUNdHLjCVCnm2r/w/PFzmR/moP3jI//qciYdABwOkyHNjfb843cIZsCEKwfQxL95RhtvXrwR
H6I/SkESozkurgtXmPF++eSlBO7AR29f2voHGkaOIdoKhLWCutsLc7oQNlH9nar9snfPfQwbweYL
2V6+by0e8wD3BtjTwIv+zXFQjA8WOKLFjSZNKGFdYa/G3GFdBcVacXaM4Imn959KYA4mgMNHDu9U
/7DXYB2ivLPr35316Ow4AiKfu7Rwp21ok8LaAHj3p5g/aaa2/KsL7lVAd2g3YH9xZp92ty3/+oJ0
FTjn/B8/vCf4PIdJudBhhfCIMM3uKMBP27MnPkIg75MYl1gjkX6i8BH1h1+fC5xz+9jfsWdjDeJd
Ir9pwgb8N83nvou5v1/j1R0edGcczgDn7tQbkGWwt8PPON49WM8Q4vHvuwTtQ+gT3wvIGztxbFOQ
PSD6iW9NvIsgtBkuUjhpocrRNw23CeFIvK/wXgUQ7YpllMACzrlvcjxybwktv3M5PjCuX/J3QmCM
J7gC5wFFK4CJb958oLDidzXWNPy1Gs1c22sLZUURCh36Rz8gpbEMzMo/EpqSCNDsU/2gG/N+qWd3
aIEyALIhBBA5chg/PuEDcyxoO1XqwbIJoxnvz2kX2p3v3n2kUOI3YfRo4Z3mB24T2ucfP8KEeAjN
tzGnmV0fP3kt84cPH8pfPjIr72ocALi3b4U7AKFtGTFCaH/HB8EM+MDmED16eH/nGW1Aox00jPpT
OIffuzDj/eTJG4othCGwTl4KE/tv336QNIkRI0KgrBUIYvxecKIUcgDYVqe2XwCBx2u8ch8jiPly
dq8w1vE1PmMe4N4Aexp48XNMswfU+O7cfSasd0SW/IN1hb0aawt7qFEwJKDadKce8MR9nxeCbqHp
tTD9HVm8R5zpH/YarEPsn86uf3fWoztjcreMu7Rwpz248ggnlBXeCzcmMcVe4cy3LtqBexXQHe+u
MGFCOrVPu9uWM+NSgXPOD5PV717997tagKJsmp3TA+L67M4d+d0TUvi4Vn2JO1s3gEhsGPANHSZi
RGeLOZ0P2tafhDntEEJQIILwdf5jyJBOl3Un4+b+/WlTn75CQKGR1DZ3lp9cbQtA+Buh+Q+6hxDn
7+Gi6M8/7NUH0+LwQ88BNHGGL0DHH8Q50v/EmQsAdmfm6pXQrIZVA2fzc5/cuYKPPr55I+mB73DQ
IzDnGvSH4AloAlrYawvrI7KwnAA+ePv8uTjXfSNpgv45Q0N3aIEy3/rat4Bzd2f+88pZwPnn0c8q
/QUpAMCIQVQctM7uM5vgxxcHktAAd+VQ8gsOw2r6K6AAa7uCdyB08Tka1V/BcKwuWBSwKPANU8AM
OA+M4QQUcB4YfbPqDBwKMHBudE8TOK1ZtQYUBQIbOA+ofn6P9VjA+fc468FzzACMWOAAIFqfPhtp
zNhdAWKuOXhSzBqVPQqwtis0cSF0EUoItFnBooBFAYsCX4ICZsD5l+jH99wmm2mHhjHMkMcQWtVW
sChgUcB1CljAues0C4gSFnAeEFS06ghyCmyYsYFGNB5h2q51IGxKFitSoQC0vhYMXkAPbz2UWsHb
Fm7TTO3CdUGVTlUoXAS9aXuluHVrUcCigEWBQKOABZwHGmm/64ohZT6qyShaP2O99LWdMFVC6e6m
5/yeTlnE+K6J9wUGD83s0c1Gy5Z3Ld0lrwHp4/wLDClYNmkB58FyWr+7Qc2YeYAaNV5sOm6jv3LT
TFbkd00BaJgPHrJN+miHVvCChUc1099wXdCpUwGKIOKtYFHAooBFgaCmgAWcBzXFbe3B3/XFrdso
dIQIdEOYHGdT79nr16civXtR9CR6E+9fppdWqxYFvi0KWMD5l5kvCzj/MnS3Wv1MCkCzfFL7Sbpa
4Le0o0cn+l34D7eCRQFHFHjz6g3VTlZbA8vVvOCj+VfnU+RokdVo696igEUBiwJBQgELOA8SMn+X
jayZvIbGthyrjR3+uT1OeEgXKlqkdfNVUODxvcfUJFMT3XdK11ldqWjdol9F/6xO2ChgAecWJwQH
Cowdt5vatV+pGwp8H0/zqE5Vq2TSxVsPFgWMFHglzGcnTTZAA8vVdPDRtau9KVpUvz5i1XzWvUUB
iwIWBQKDAhZwHhhUdVwnhLWnlylL3sJfu1lo7bmXEufKZZZkxVkUsCjggAIWcO6AOIGYZAHngUhc
q+rApQB8MsJEOwLAzujxojvteydwe2bV/i1QwOemD7169kr6Q1X7C/+o8ZLFs3hJJYp1b1HAokCQ
UcACzoOM1FZDFgUsClgU+CwKWMD5Z5HPKvwVUQD+jp8/fyt7FClSWIoX1+b7+CvqotWVr5gCN289
oWfP3gq/5CF0vcRzsqQxrN/VOqpYDxYFLAoEFQUs4DyoKK1vB76/X96/TyEMvtPhCzx6smRO+Q/X
12g9WRSwKGAB51+GByzg/MvQ3WrVooBFAYsCFgUsClgUsCjghwIWcO6HJFaERQGLAhYFvkoKWMD5
VzktVqcsClgUsChgUcCigEUBiwJkAecWE1gUsCgQXChgAedfZiYt4PzL0N1q1aKARQGLAhYFLApY
FLAoYFHAooBFAYsCFgW+UQq4C5yPov99oyO2um1RwKKARQGLAhYFLApYFLAoYFHAokBgUSDYA6SB
RTir3m+bAiHafZX9t4Dzr3JarE5ZFLAoYFHAooBFAYsCFgUsClgUsChgUcCiwNdKAQs4/1pnxuqX
RQGLAhYFLApYFLAoYFHAooBFgW+PAhZw/u3NmdXjAKCABZwHABGtKiwKWBSwKGBRwKKARQGLAhYF
LApYFLAoYFHAosAXpoAFnH/hCbCatyhgUcCigEUBiwIWBSwKWBSwKBCMKGAB58FoMq2hOE8BCzh3
nlZWTosCFgUsClgUsChgUcCigEUBiwIWBSwKWBSwKPC1UsACzr/WmbH6ZVHAooBFAYsCFgUsClgU
sChgUeDbo4AFnH97c2b1OAAoYAHnAUBEqwqLAt8JBU55nqYb3tcpQ94MlCBlgu9k1NYwLQp83xT4
3//+R3tXedKbF68pZ+mcFDla5O+bINbog5wCFg8GOcmtBgOIAnev3qVjW49RglQJxbdT+gCq1arG
ooBjCljAuWP6fAupj65epYtbt1KsVKkoad6830KXrT5aFLAoYFHAooA/FMBvmlOrVtH7Fy8odenS
FCFaNH9KWMkWBSwKWBT4OihgAeeO5+HFy3e0dOlx+umn8FSubDr68ccQjgtYqd8GBSzg/NuYp6+9
l58+faL71+6T98FzFDpsKMpb0fkf+DhUPL79OP2fvWsPiuo64z9FHsISsMBGHmoEI4E2iAar1iRC
iCSlIQM0UkfQxCCRugq1nZC625lqjQKJa2QgYZKgpbasjrbsQOtmpkRAk6ygkRAVISlBQRR5CLvI
CmGQ9p5Dd2ef10Wz7MN7/2DP8zvf9zvnnj17ft859LT3wMnZCZ4/8kT8pni4uLoYNftyfTPO//tL
jI2OgT+Xj9jUWLi5uxktyyUCd8fuomBLAYaUQ+i7cQuv734dkdGLJg3N6MgoMqMy0X65HZvf3YyU
36VMWgZXwTERuNV1C/IKOeo/qcf42Dg10jfQF+uE6zD7sdl2Y3RvZy9yN+TB288L06ZNw/fD31Pd
RWUizOTNtBs7fmhFr7dex4aFG6jYQnkRwpeH/dBNWFxeR0sH9mWI4ceMS9Kvwr8J4e7pbvF2rdlA
ZXEl5JVyeHh5oLujGzkHczA3bK41Vbrvth1hDN638VxFu0agKKsI0iIpnmQcDsXV+5gf0E52bQ+n
vH0gwBHn9tFPbFpKs7LxeWEh5jOk+Zaaakw3c+5oO30alyr/ifa6Org98ghceTyExf8cUa++Ste2
bG3aQp6yqwtl61LB8/OD8sYNrD96BN5BQbagGqeDmQjY0hiUFxfjUkUlpk2fjideiMMz2dlmWsEV
4xAwH4ErX3yBf731e3gHBmKgowPROW8iIinJqIDe1lbkPb6Q5mWdkWPe8uVGy3GJHAIcAraBwN2x
MZRvEWBYoaDrkvi3dyMkOto2lNPSQtHZCcn6DXT9RPYyR4eHaW6apIyuBbWKsgaJvdJtWVBcuwZX
Dw8qRy2DI85ZocPf//E11qSUgs/noaV5B2YxBDr3OAACHHE+tZ1IiJmWc99ghvMM2jCZ0Ja+GGWw
kUbI5NbG7zTltLWc4TIDj87hM6dX5pj8AUzI0i+rzuMMs2ne09EDH38fBIUGITgiBE3yS4h8bjEi
V02Qp5frmqHoVRiV5eruCv4cPwQuCDSaf3vgNg7vPIzywnKNiuZuDhIdS/9YCkmuRFOXBLz53iht
LoXnLE+ddBKRHZRBzJAf2o9fkB8+bPgQXr5e2sk6YbLp3nbxigZPguGS2MUGuOtUcpDIsGoYGYsy
0NXWRS3aVrgNiYLESVtH+uvNuBx8XdsIc2TUnajHybJPkb433SbJU0KkHRQdROLWJCyOiZw0HlyF
CQSaz7Zg63KBUTiIk0aqKNVoni0mkjGxMXyjjmps85FOQRuPPMh477/ZjzUBa6iFH5wtRmjUxI99
GzdZR706WT1ELwlpmqP0qY6BRiK71+5G7bFaTY699h0xwBHGoKYjuIAOAqpBFQ6JDmFe+DwkZCYY
XWvqVJjiCDkZdFx8HH3X+7ApdxPjHGrcqdOUWkfyjqBEWIIVCSuwq3zXQ7HuNIUFlz51CHDE+dRh
bamWTublQbZDiPCEBGyUlt+TOCdz1Z+TktFUUWGgkqunJ0RXr1jtZOPI4CBkoj9gdngYVmRmss7z
3S0teCcsXGNDVt0ZzFu2TBPnAraLwFSNQTJGZEIRntm2FQtiYlgB+euv1qLx2DFaxtx3iVWgBTOJ
08j5w4fx3anTtBWvgAA8tvJnmDlrFr6t+hSxwh2UmLWgChYRPcCQLw1lZbgqPwNnNzd4+vvj8edi
cKe/n5JQq7Zvh4u7fZML5xn7JGnrNfglFxVipcD4/sjgzZvY5R9Ay/7m3FnMiYrS1LNmgLy/p8Ri
KK/fQHzuXtpX1tTnQdoevXMHrbW1+O/4xIEObVnjDCnoHxEB3+Bg7WSDMCEPv62qQhPjiDbQ3g7y
PvqFLqR1yVgmYzhk1SpNvc6GBvQz5ZycnTVpTi4uWPj885jOOO7oP/1Xr6Lzq690yuuXUcd5vr4P
5GDRdfEiiMOGtm5q2dqfBJtHw8LADw3VTn7ow6MqFfZFLMKttjaKBdv7bU2w9NdPRBcen4+clmZ4
MN8j5j769mrL4IhzdhRPnW5FdMz7HHHODpP95XLE+dT2mXiTGLJDMp1GpX1Sg6tv9Te8dSr8P0I2
/9+rec/gBBkh54UMQdB2YWJiN1ZXvYFHThGnhaRB0aMwVkyTRtrK/yQfCxYv0KSRwGfln2HnKzt1
0qJToiGSiIwuENQFR+6MIOeFt9DEXP1NnrU5a7Ey8WnwvD3opqSxU6qX5E3IfjqLlk/fk05P7+S/
lkcJYbU9pk7y6OP+sBAnFCzmj0qpog4KR985ahbpra6n/anePG6saURSdjKWxple5JOy+zP207Fu
q2TNSUk19qbtuW88tLF5WMOknwu3FqKiuAKhS0Px6/1b4M04sPRc60U/cwp9SewS+AT42A085OYM
RbcCxK4hxRDSn0xndeSxG8MYRR9kvBNiq3h7MRR9CggOCOA/39+eTNfo2tHMOEb8eKPD9KnGMBMB
4jQ1NDCkWQ/Y6lxsQn2dZEcZgzpGcRGKgNph6V7rOGvBRd4jwTIBlH1Kk06dbLqRf3Mh+/gEnlr9
FJKZtRNxmOUeDgFLI8AR55ZG2PLyyVW+dR99jNC41fSU7L3mDu0N05fF+yjhTk5H9TNXvrt5eTFy
4qw2/6h1M5e4HOzuxqGEl3Ht3DnYErFk+V637xbU/UyssOQYbJBIUJaaBnPIC0Kg/ae6mo6nyJQU
pB6RsO5RWasHLkil+EvyL1mbt8d3oa6kBMcz3nA4u/QNGhsdxQhz9XrVrj/Rm0LYxiZxJKrY/lsM
9fYiseAAfObP1xdnlTghyw78dBlUfX2TJtqsojBLozebmvDuT0z/e6QXmRPDq0UikxLIyd2SX7yE
rgsXTJbR/j4j2O0JDsFQT49BecGpWgQ/+6xB+vHNmcx3/EcG6cYSJnvzjL4MbQci/Tz9OG2rtsYm
50l9XacyPqxU4mRuHmry88367plK3dRtjTN7mbeZ9RPZyxxh1n/kHdAmvdXlzPlUDQzgNnPrj74M
jjhnR6+5pRsi0Qn4+vJQUJCEmcxtzNzjAAjYKHH+PwAAAP//iu1IMgAAQABJREFU7F0FmBTHEq4E
1+Auwd0hOMEluLtDgrv7QXB3gh/u7u7udljwBHfXvP57qaF3bnZvd+/gwdH9wc5Me1dXy/VfVf3D
f8KRC27Lf1tciPX1RBnVdBQtH7+cKrevTEXrFKX379/Tz6l+ph9++MGuktfOXqMjm47QzD9n0qM7
j6h+3/oUJXYUGefS8Uu0cPhC+R4zYUyacnIKhQgVQn4/uPWAGqZvKNOEDheaus7pRqlypKQXT17Q
eu/15N3LW8bLWymvCOtKP/74Ix3ccIge3LwvwjfQ8W3HqFDNQpSxQEYZz2efD62YsEK+I78pp6ZQ
tLjR5Dd+3r97T//+/S9FjB5R5PGA6qaqS2reRkTTC+oxo/cM6Tt8+whKmzuNKYb9J9hhcP3BtH76
eirTtAw1G9VM0gx0qpuyrow88ehESpQukX3Cj19PHz6l21du06uXr6llrhYUIVoEmu4zncJFDGcZ
PzB67lmxl7qX6UbNRzeXNPzcbRzTYgwtHbOUxh0YT8kyJ/3cxbmd//ZFO6h3Ja8vRg+3K/gNJHj3
9h39nuF3unv9LmH8YT4KLO7NqzfUNFtTwpwaGOYKze9Ega1PXR1rX/tc7Go7dLzASYEbF25Q7WS1
Xdo7/j8o8L3OG/8PWusyA44C+X/I71Fmw8ilP789ylsn+rwUOL5oEc2oWInytGpFpYcP+7yFuZn7
3QsXaEDSZJS+UiWqPneOPH/wK4ulLVrSrtGjqdXBAxQ3c2a/ouvwr4ACX4oHuZxyY0ZTzqZN/Wz5
gytXqG+ChJSyZEmqu2ypS/znZ6YBGOHYwoU0s1JlmWO6ihWpSG8vCh8zJj24fJnm1q5DN0+ckGHf
2ljYPnw4rWjTVtY9Z7NmlKd1KwoVIQLdPnWK5tWtR/cvXfom2yUr7eDn1IoVNK10GXKVNx1k83/x
fvvqFY3Mmo2e3rpFHc76UJiIEf8v9QiIQl89eUKnRV/89+EDXdy6jQ5Ony7XnxTFf6N3r19Tgty5
KXry5JZFPRHtH5ouPT27c4dChAtHNcSaFT9HDnot8jzk7U3re/aS6czr2cWtW+nhtWt04/ARuXZx
5r/Uq0cVJ030Ne9gXfx7+3Y6MnsO/b1tG6UpX55Slyop6yfTCnzg/Zs3tMGrNyXOm9fltZPLVZ9Y
T0GDomJuCR0pEr1+9kzm+/blS8Pv4fXrtK5bd7fWabWM7+H9WxrfATGe3799S8MzZ7GbE9p8GPk9
dLVuo6aAPQV+bGX//ZV8/RBYgXM+wG4zsQ0Vb1DcKbkBqjfK1IiePnhK089Op5ChQxrxzx48R02z
NpHfEw5NoCQZk8h3zj9qnKg0Zu8YA2znhBM7TKT5Q+ZbHlByWgDxAPPZ4VCzZe6WEox3Brry4Wf2
ktmp99LevjYHnN99AdJXil1Jfg7eNIQy5s/AQQ6fqkCA9zlvipMkjhGX691oSCOq2Kai4W/1AqCv
cZbGnwUMgxDBYSHscGTTYTq15xS9e/NOViFL4SxUplkZihwrsl2VXr14RWsmr5ECABCcQHrEe/vm
LW1bsI12Lt5JoBUEJmp0q0nJsySzS39i50mRfjVdOX1F+idJn4Syl8pBTx48prP7z1KVjlUoxs8x
jDQqcJYgTUJaMnIx3b56myJEjUBlW5SjrMV+MeKqL5dPXqaD6w9S8JDBpfeLpy+oQLUCFD1+dDWa
8Q6+hUDG6GajpZAIC0agfeyCBA3Cr3ZPxNmzYg9tnLmR7ly/I8NQv0I1C1OeCrkpWPBgdvH545rP
NVo3fR0d2XxEesVOHJuyFM0i2haR9q3aS3mr5KP0v6bj6PK58q+VNKLxCGK+4fp9EBtsczn71uyn
az5XCeeJKXOkotTiP9yFIxfo6JajkjY4XE8rylD76eblm7Rr6S6ZH/o1cqwolF/UBf26QQiq7F6x
W/JJskzJqFbPWnY84gkt3rx+Q/tX76edS3YShEp+DPIjJU6XmJJkSkIH1x2kzIUzU6nGpWTd/fPD
gigvBQ8PrD2Abl66Sf1W96fIMSMJ/n1HMRPEoDcv31C0eJ+EbLi8x/ce0/aF2+nAugOy7U8ePKGU
WVPKPmK6clwIzGydv43u/XOXgocITuC9wrUKyzFxcP0h2jxnk+T/oMGDUoXWFSlvxV85qb+f7oIl
N87fEPXZLASRDlL4iOEJfJQye0rR3/kpTtJP85VasUd3H9Hm2Ztp64Ktkhbg9fR501MKkW6vGAeY
h4vUKWInWPXs0TPat3ofndp1ii4evyjToZ+L1S1GReoWkXRSy+B3d/id0+wTvHTt7FUjT8yf4B+e
Czie+ekOLU6KdvjsOyOziC/aG0sIXywbs4xO7z0t+bdQjUJU/PfiRh3MZbnzzX2KNXXyiclS4OPM
/jP0/NFzChYimOivVA6FfDyhu6fj0ZOxDzpgXsE4f3L/CZGQxYuTJC5lLJiBZvaeSfMGzfO3ENNO
MZfdvPSvnAchXBc7aWyx3h0VwnP/SKGEmAljCaG7DHJNUfvFP/OgOzyIeQ9lYa6Aw5yL8Ye19+jW
Y3Th8HmDdxGG9TF3udxGVZEW6885sb/C/AkXKXokKtW0tFwfzQKOnNDV9Qd57lu1z6gD+BE8j7UX
fb5x1kbZd6g/6hc7cRzKUSo7F+PWE7ywZe4W21omeKF4w+J049wNOrnrJL16/op++PEHIVSZmlJk
TW43v/h3X+LO2OcGXTx6kf7I9AelyZ2WBm0YSEGCKPsDUXe7b04knmf2+9BGsY76HPCRvpgH85TP
I+fMiNGsD/vcnXOxn3n17BU1z9mcsHZBQAyClyq2aLWfQdwNMzYYewn0tbp3UJph94o5Y+/KfbR7
2S7Cnhptih4vOv1aMS9lL5nNyA+JuK/wDv5B20/tOU1bxDqE/o+bNC5V7lCZEqdPjCjafWcUyP9D
4AfOr+7bR4dmzKRr+/fL3o2SODElypeXbp48RR/EYV+5cWMpSNCgMuzE0qX0ACCN2FcmLlCAoiVN
Suc3baL7f/9NOFyMnDCh9A8XNaolp9wXANYh7xl0ZuVKI/znXLko++8NKUYq298ERsDHFxzOnxTl
Hp41m57evEk/iLktgUiTunQpurJ3L7168pQK9+hOwUJ++vv+2b17dHjGDAoS3LaOvRN1+1kc2OO/
I3frzBn68O4dnV27llZ36kwpihenEoMGysN35B1SAFWhxf9goUKJ5v8naDaDnotygoawCd3jYD5T
7doUNnJkuu3jQz6rV1PQj3VCWIbq1Sl8dOu/+RzVyex/4+hRGp4xkwQrGm3cIGnBcbC2/qjO+x8D
GDhvtHkTPb19m3aNGi1BhKii7wp07UIxU6fmLOye7wUtAJiANx4LIAAujOjXzLVqUtoKFSjoR9ra
JXLj4/nDh3RYgCc/Ct4C3bM3aiT7EP19UPi/F0+xsMq1NWuDBgaduQj08cnFi+n0ylUGXyTOn58i
xo1DO0UbK0+dQgly5uToxtMTHjQSu/ly5/x5OjpnLp1bv55CCfAM4NPPObJT+ipV5NgxZ+cOD5rT
evK996+/aFGjxlRq6BD6tU0bsQbazlxQT6v+ZcGNLHXqSPB236TJdHXPHsmHv9SrS+gnnivM9fnc
dAc/DE6VWoJ0+Tp0oN/697M7QwMAOCp7DrotxrkVcP7i0SM6Pn++AMUE74nxCocxkrVBfUoi5jpH
7tLOnXR07jz6V4DyIcOHF/vCHylVyRISvAsbxaas4yitK/5Mc8S1ApHvibm3f2Lb+WXrw4coTsaM
dtm6y4NIDFqeEEIIPmvXSVq8ePCA4mfLRhmqVPY1h2IuPCbo9viff+QYffX0qZgjalGE2LHprOB7
gJm3T5+Wc3GeNq0pvRBoUN2bFy/o/MaNdO/CBekdNlo0Sla0KF0/dIimFC9h2eYzYm69c/asMScA
lMrRuLHdGsBlIP/9kyfLT8wzAFWvCJ5FvbCeoI/zdexAsdOn5yR2T/DtGTEPXjtwUJaJwLBiHs/Z
rCmlKFbMbu+PsA9ivwswdXSOnHJ9aHPsKIUTbQKd2DkaI57woKfzINfFnSeDnQCvs4mx7pfjteen
OHGoxb69kifUNCs7dKRtgwc7BJi3DhpEqzp2IgjBHBf8CPC9/amTFDFePDUb453LQxzzfoKBS4D8
rgqdGRkrLygD/N718iUKHjo0cb4YI53OnZV+LGDEAgEXt2yhf48dM/YDWOOSCx5HHY11EGu3WO+w
V0kkwP2YadLQgWnT5B7sleAnCA1I4YXNmyX4Cn6KIdZuCAJgT2LlPvecy2V6woOq0Bbaun3ESHp0
9arcY+Ru2UKOLc5ffYJ2p8X+8dTSZYS5EXse8EPaShXFvFvSbt26JeYd7OcwJ4ePFYvSV64sxysE
Oo7OmSPnJMz1EUT6dGJP48i5C5xjHYcAx1sx92B/GEvMLfg/oUBBeijayMI0AQGc7z9wlby9DxKe
cEGC/EAVyqenOnV+oWhRwxpNeiHOk2fMOEhv334Am9GrV+8oQ4bYVCB/Ujp56iatX3+WQoa07fPf
vHlPVapkoFgxfzLSX75yn1asOE0HRDlnz9mwhejRw1GzprmoWNEUxjx46/YTmjPnCAUPHoQeP34l
lFv/o7XrztDp07do3NiKlDp1DOrltY6WLz9FRYokpzGjy1HiRJ/+Xngn/g6fOm0/vX79XtYTdYkV
6yeqXCm9UYZRKfGCei1eLNZeUffw4UNSvnyJZfnLlp8kpM2TOxF17lzQjhZq+kePX9L8+UdpuvcB
GR9hSZNEpQYNsknaqHH1ewBRQAPnAURIF7NhkNcZAM1Z8SG/lcYjA8CXTlyi0QIgT5k1Bd29cZeq
xKsik/dfM4B+EcCh2fEBZc3uNamOVx27YK6blYbwouGLaHzb8U61c10FzleMX0Ejm46kbMWzUc9F
PaVgwH8f/qPwkcMbB8p2FRMfrFlu1rBHPAaEAdh7LfFyeMiKuM5oinD/uLEtx9KS0Usss7DS1sdh
OzT02eEwtvv8HjRK0ObqGdsiwmE4UB66ZYhsGw5LhzcaTptmbeJgy6e5H5lOlpGFpyNhDuYLNd3Y
/ePsAGIOO7btOLXN34Y/HT7bTmpLv9X/zS4c/NuxaEdfbedIoA+EQWImsNdqXjZ2GY1uPpqjWT55
vKGMRpkbSSEQy4gfPQG2dJ7VWf7hig1e5986S+EBBKuCIX2q9JFCDpxX46GNBYD7aQMDMH9wvcEc
LAVWitYrRp1EO81OTesJLTAntMnflk7vPmXO2vh2ZYwYkZ28mNtlFTV+yvg06fgku/EIEKxryS5W
0aXfrwL4bjuxLYX5KYz8fvn8JdVIVMOuv/os/5N2LNouhSvUjALaioSrcwX4Y06/OTS1+1S1Onbv
Dfo1kAAGBErYAchrV8Amhc9+5qe5v7hOmPetXKqcqWnYlqEUNJhtA+kJv3O+4CdYE1DnIr9o7C4t
zGOLyzY/JR0Wi7ndgcCNOb6jb7/oh3RYlzp6d6TwkcIb2fiVzkx3JPR0PHoy9lEehI0GCCEWZ868
JjiLaw4DDeqlrieFZMxh5u9eoq9yl81leJvnC1ilcWUedIcHreYKVGDkrlFS0KlTsU7GHM4VU+eo
W1duUfWE1TnI17Pen/Woehff4e6sP+umifVAWM5RHdcB9DXPdRzmCDhW8zG/b5q9ifrX7G/29vWd
tVhW6jSzk8Hvnu5L3B37AHp7lO0hhYB8VUrxgBAo1hHVOhDA5THNx9BqITjoyA1YN5CyCEEx1bk7
584dMJcmd7EdWqr5mN+trB3tXr5HtK+7XVTeh9h5Kh/Y53Yp0cXhGMP8O3zbcIqX3HbwBqHJ+mnq
KzlYv47aPZpSCWEs7b4vCgR24HxT//60tktXh50KEIMP+XB4CGCKtRsdJhIBtZcsprRly9pF2T1u
HC1p2szOT/0AeJendWu7wzEcQOOw0VmZah05v1PLl9O0MvblW4FOHP/N8+fUN2EiCbqxn9Wz+e5d
EjhC/M5hfVtb43AceM+vZz+vcJhVvs78AGaiLQDinTmAE21PHPel3chggqO0rQ4dpLiZMtkFP7px
gyYWKSpBRruAjx+gOYCQyAkSWAW75IdD7cGpP1nKYzDztgDEBqX4NNda9S/q1yeuNXjChZcdPYpy
Ce1c1XnCg2p6V9+xlm/q109qHTpKA2AXAC//TeMuDzrK1y9/0G54psx+8noGAe5Xmz3LqB/yVUFc
q3IkUDRnti8Bji9B9z3jx9PiJk0J46DD6VMSxDbX8cyaNRKMbXv8GMVKm9YIvrx7N43J9UkA1Aj4
+ALgrsq0qRQ8jO3vangDiJ9VrbrTcVl/1UpKKQRw/ONWCSGerQMH0s9CCKTJtq2+BBPAa97CQsb5
DRuovWh3xLhxZXGe8CASApSeUqKkwyqDFgBOQ/1kA1Ws+LbeiuUC6FxEh2fOtMvHPJavCmGtUdmc
C7aa520AlUPTZ7Cbm8z5qoWa5xk1TH1vvmc3/Zzdvi4MgKrx1Pdiff+kgl0+ncdsHjCA1nT+9K3G
Vd/bCjA9Vjp7RRRPeNDTeVCtizvvKtjpl4UKtW4N1q6hFAIoNjsWBCvUowcV9eplF4zxNSxDRimE
0MHnDK0WIPv+KVMsBSk4Ia91TF9eOzPVrEFpy5WjgclTUHgh0NFk6xZfcxTn4ddzsdjDnBBWadR9
kdm6APMNLHPUEXshjCcIT6mu6J99qFDXrmTFnwhLKwQ81HVQTau+g/cbbdoogXbV/0vMuShP7We1
fPXdai1mXlLjqe9WwhnYG0CYxtF+ELRosn2bYQEBlgFgkQNOnSMOz55Nc2rUNIqD1QRnPOEqcA5Q
f7UY/zuEhRBHTq2Hf4Dz10LBqnnzJTRp8l5HRdH6dX9Q4ULJZfjpM7codZqBdnHTpo1Jx460p0aN
F9LESfb57N7VknJk/1nGv3L1ASVI2McurfrR98/i1EWA03Bz5x2hatXt5301rvk9YcLIdOpkRwoV
0qbUZ1VW7twJaevmpuIs/NP5L+czbfp+qld/Hn9aPqNFCyvLiBrlkyABIu7ec5ly5R5lmQaeFSuk
o2nTqlGY0DYBXIcRdYB7FNDAuXv08m9sBiH9OkBDOXxYbwbOAZziABZgoQrIQiu2qzh0A7iMgzyE
mR02o9BmwQFcymwp7IK5blaH66yp7qzergDnKH9Yw2G0ZuoaWXYKUQeYg2fntaQ35SqTkz+NJx/m
WpmBdxZmZPDxxRFNzfE8+Z7UaZLU6oMZftaKvSrAcRyewty+CowifxwcXxCaVtDeHdlkhN1haS4B
OpRqXFpo016mca3HUeV2lanhwIayWir9oGFUoU1Fcagclg5vPExjWo4xqm7uRxU4B92bj2ohTPwH
J/Tt/rX7CQfUU09P9cU30Jy6JLTOcR3A7L6z5EG3OW8uFBr3HQq350+HTzNIz/0CQBB823ZyO8pc
KJM8hDq+4wR1L91N5mUWnNg8Zwv1q9FXhoGnO0zrKLT0Ygm6XRXCBcMMwJX51lMgEZqIp4UmF4AI
FTiHVte1s9fp/r/3ZBiXww2HhjRod0ukN4MYVTpUocxFstBuocUJk/a9FvWS2o+e0oKtUKAf+wvt
7wRpEhAAhuPbTxhAvRmI5Xq6+4QAzupJqylshLBSWxoa56B/iYYlhMTyB3otrkRImC4hFan9SVva
58BZaiZMn8Ohjt3mdaeEoo4vn76UmpYYP3DmOmJ8PxYatHP7z5F8KiOJH5TXekIbCVCObj6KQoUN
ZXdtBcfz9Mn9YJ5/zfmxIBD8AfzX7V1XasTf++cezfCaQVvmbZFJVN7gOYvzaj+lPaXOlZru/Xtf
psGVGXAqr+Gb63Tr8i2q26euDAegdEBoGfet9iei0Og9QpDq49zuKb/LjMQP5vS7N4RWktDo71W+
p/R2ZrbeE1pgDMFqA48PjP+O3p2ElmQiKRw0rcc0Wa4VOMX1dPXJ9GPBA5T1+8DfKYYQxjkqrFXA
GgscLATA8goLIHA6V+mOPDwZj1yOu/PgNmHBoU/l3ihWjq1GQoAHdV8yaom8fkUGiB9H8zaH+/WE
FZBeFXpJjWyOm0XMYYWEFYinwnKEKsCkCu95Mg9y/u7wIOYhgJ0AVNG3PRb2pAz50ktaYCz8LdYX
7JHgMB6z/pbVEMRi4BzzSvPRLeT1MdDKXjJyCc0Rcw/8p56aSj9F+STF7O76g7X+6JZj5FWxl6wD
9jNNhjcRljoiy29ce9OhSAe5FwCg3XhYY4qbzHaQKCO48QONdVjl4LWTk0KIB/y9e/luQ/hI5XdP
9iXQFnR37KOc1vnaOBX0Qp2tgHPejyIcFmPyV81PocOHFlZhrtOQBoOJx7dqnciTOdc/wDnW3jNi
bwthHwizYX1T1wDUXXXgjTop6hh7FghRZiqYUWr6HNt63OAZ8CHPwaDhxWN/k3fP6cbaCMsjFdtW
pGePn4s5tZ/kJQgCdpndxQ7UU8vW74GTAoEZOIem0yBxkAwzqvVWrqDkRYpIjae7Qkt2VtVq0qyx
esiHHoYJUu/yFej6wYNGhycT6TLXrkUvhcbVkmbNDX/1sPzksmU0vWw5GQbNqXwd2lPE+PGlBvT2
ocMMc6y1Fi2kdOLAGA6AzIhfshoACQ7X05YvJ7WuDkydZqQx1xFpcYAJTXpoM18RoBi01swADOKx
wwH7FgF6vHn+gqA5tm/iRBkELWhoCkP7GYenBTp3oggCmIO7c+4cbejlRUfn2Q7tGq5fR0kLFpRA
Iw79Ty5ZYhzaVp3hLTWaHGmGyQwd/KBu4/Lmk+1wEEV6uwKc52reXGpKPhMaV2ziGQBpdQF2sjUY
PiSGWWto+FWaMpmSFiokwy/t2EFTS5WW5cG6ADT7PGkTMoBp25vC1DTM9UIrjIFzhKHvoB26qV9/
Ya73sAFSIAyOQVKAeKVHDJfmuEHzY6IvoEENZ+5vT3hQZuTBD9cPSVHHon16008CsIFWrsozah09
4UEPqiaBjoAAzjHuoNUPrUlonm8WggJwZm3PL0V3AFp7hHAOa8+7Spu7Fy/SgCRJZfS4WYR1Q8FP
MQWo/laM+WNz59LS5i1kGEyklx01Uo4DnMNNE/PZaSGgA1d8QH/KJLSsQwhgHUDYggYNjXlL5WsZ
2Y0fjMWxeX6V821V7+lSk9sqOQQabhw5IrU0ofUO5wkPXjtwQJoYR3rMJ7Xmz6MYQhv0tdAiPzJr
lpxHESZN9S9dYoCPsLDx4v59OV4xltmBRyr8NUFq5S4Va0OIsGGNOUMVkME8A+sekYQgjs/qNcbc
jnzUMcL5or2PhQAILIpML2dbLxjI5Dj8xLiCtu+6Hj3lPAN/rEG/tm1Drx4/lgAagDjzPIh4DICi
HWXFdQYJBcAG7dWdI0dJfoc/hBXYsoCnwLknPIj6cR+7Mw8inaeOwU6rPjHnyUIqWCegdR9S9LHZ
YRxBexga+bBooDofwUeTfysu1qtmVE4IQcEUO9ZBZ+sOA+fYz2AsvxJWJJDHr8LSAYB+WIcIEiyY
r7LUcp29Yzxi7oSlGeY3Xi9Vs/wcL3WZMvSbEK7AvglzCfYhcACSMwvrNKDJO6HxfENYVxid0yYo
D2GqX9u1JVjt+ff4cSkkotYJ9EicL68IO0Ebe9vOLDB+IAzEgmxfas5FvTzlQeYl5IG+B02wl1jZ
voMcp1IA6sxpg2/U/SrS1Fwwn5KI/RasH8G0/4wKFeFtB5A/vXuX/hFWepY0bmITwPh4bQKsUGAP
izkeYbjCxpkVAqs+loUpP+Bl7H+xBsFBiCxzndpyXlzRtp0hqIY5g3nHP8B5h44raPCQrbKsoUNK
U9WqGYTGdSjy8blN9RvMpRMnbsqw8+e6UJLEUenN23d0+LAQOPxzA61da8OMli6pR2VKp6Gbtx5T
rNi9ZPxixVJIEDxTpri+wGwA0GNGlycA2RD4GzlyO/Xrv4ngf/pUJ4oSOYwsZ/36c1SqtE1gHuBz
z55F6U9R7jyh2Q0HoL1gwaRUtdoMunTpPh072p7SpY0lw/Bz6PB1oRH/lu7ff0Flyk6hShXT09w5
Ne2E+Djyk6evpBb8H40WyrzgP2xoaSpTJg0dOXKDKlScLqNOmliJGtT/JBh18e+7lCSpbc+SJUtc
GjG8HEGQ4PXrdzR37hFq3mKJTAeN+lEjyxn7Y+mpf/xHAQ2c+49+7qZmcNrZARrnaT5Ej50ktgyC
eWh2AKpa/9VafjIwagUuc3xnT66bClDg8BWmRXFYDqcehksP5ccV4BzRuRxOigNuHKyz6zK7KxUQ
B6Gq4wNqM5CEOK6Wi7hMU7/AMMT11EnTnsIUKrTooTm7f+0BeVhvBgQ5f2jVwXw8H/a2E6BxMaGV
zA59wKbD2WIAwqx46KQ4oG0lzOrDmUES5g+zdiSAcWgSwgEsgrloR47vSTfnrcbHYS7Mi7Kpdgby
4A9nZQqd88Wh8PiD4yla3GhqlsSgBjx7LuwlTJLmpudPntMfGf+QB8Pg+S6zuthppKKPW4j77AGm
qLRiU/Jb5m6VoDuHOasfyuU6WPEgh3FeiK86Docf+H3ghkHSSgTHwSE7mxf2hBbIx9kYYQA1R4kc
1GZSmwBdRHk8m6944LbhiT5vV7C9BPEgtDF4w2AJdKtxVA09Nu+vhnM58CsthEoaDWtk0Ax96olW
ppq/+d2VuQI8VjGWbcMLgZmGAxra0Rab0UkdJ0lAFrwNGgF4g9bp+unrJShkvlIDfOhV0UsCW47m
DNQV8wLM4cNhngFI7+3lbcfrCPOU35FWdQB+oDnMoI0ahndPaMFzDY8PjI3xh8YbV3GAfj3L9ZS0
6Dqnm7zmwFyuO9/cp5hrIYQzWmhiRowe0chC1UjlecYI/PjiKt09GY+ejH2YnobWKYSzMC6ajhSS
rYpm/sJhC2lCuwmy9s7mbXM7HX1zHRHeYkwLKt3EdhCNb8zJfav2lSCeWcgJ4dzPePdrHkQcs/OL
BxFfLUO9xgZhLMyAuk07M81YVxGmOggnvn39VgLuoGW7Qu0l+KnSz9P1B+XwXCbHt2JJAXk2z9Fc
WnlQy1Lr5s479hZYA2F6HgC0ea7ZK/Z23Up1lVmarQS4sy/xz9hH4QxqMz3s2ijMsqlzu9q/Vlrl
apvLNC1DzUbZtPY8nXPlfk4x1T7p2CT6KepPfppqV9vAdXa0P0BcXKUA/jbPgZzPPxf/oVpJa8lP
vl6Gw5ifzGuQyu+oN4TLtPt+KBCYgXMGLnCQ1/nCeTsNTWj1ARi6IwARHMgC8GDH5lrxXW7sGMrZ
pAkHSS3MmVWqyoNPPuAWGzoJxgCILdyrFxXp2cOIzy+sVclpcICqags127lDmmfn+HiyRpV6EKmG
8zuDH64c9iMNx7cCUjhPfqqAR9Md2yWwwmH7p06lBfUbBOh90ACoBqVMJfOEJpvq/DLVbqY9zBXj
sN4MgnH/gq7QRmcNVi6L6YNvVdCBw919MthhBTAiDGZx+aAZeWNPC21+8IdVn+LqgL8KFZbCABmr
VpXV4YNvd3nQ3bYgPszAesW0HQIDBAGoykIJCEf9AaDARDFo3E4IH5ivNmAau8KDyNNdB3PSAACP
CjBndvUaBh0BMsL5Zaod9VYtDuDvU1iGgHnaFnv3GMDUl6I7aIo7zKHhbMUTzujD/IerGeoKMBjA
mup4PMCv03mxD0ySxADx4AeQLlWJEng1HIR+xuXLL8EZ1jp1ZJ7bSGTxogoPsRatRTRfXp7wYBhx
xQT3IYCsPzZusJv3UYhqycM83yGcaYn3HGJdKD1MWG/7eJUFeI6vkgC/APCG4AHm/GZC21u9xuKc
MN0+sbAQ5BLOr/7E2nFQWPhQ5wiZ0PTDdTOPyWsCQBspBLRQD/Nap2YBsA1AW1DBHxDImlCwkBRm
Ms9bZlPtyDOsAEHBo+zMvMB1c4cHPZkHuXxPnwx2+tUnyJ/jsrlytqzhStloG6wo4CoO5jN1Lmm6
fRslzJPHV1ZMR3OAK/U1p3H0DUE5CG7kF3M7eJvrpQLnmEehdYx+B0CO+Z/jYQ0qPXwY5WnVyiji
HyHYAe16q70M740Q2bwPwn4AwgQQfoRQHAR71HLMaz4XyHmq+y0Oc+fpHx5k/pCWNIQFAJ53+coN
1ENdG9lsP4QEcCUF5mHVqXsxVXiKTemr/cPpOMwv8/1MU6s8OC9V6AiCkplrftJox9wxo1JlaZ1E
7WNPgXNVK1vVKue6vBVnoDlzjaSDB69LU+oq8AtN9fIVptHq1Wck4L12zR/CtPlhGjpsG2XLFp82
bmhMYcOE4Kx8PWHyHeBysGBBKGjQH6lgofG0e7e4jvZAG8oswHY4Lv/q1YeGpvex4/9QhoxDKGfO
BLRtS1ORNgi1aLmERo/ZaZdWLRD5ZM4ylJIni+4QOOfyEA/CAosX1aVyZT9Zkxk1ege1bLWU6tfL
RgDPeS/GZRcvnpIgQBBMOfNDnitWnqLSZabI6rDwgfzQP/6ngAbO/U9Dd3LgAy5nB2icn3rIz37m
Jw7Z+q7qJ7WjGBj1L3AODTLeJEATmZ0ZcGV/froCYJvb1EloFhaqWUje1Tiu1TipKaZq1HDerE1v
1TY+ULQCNDk9P7l8HPQ6AoA4rrtP3O0J7bTl421SvOb0VnVHHK4TwJxuc7tTvsp5zUmNbwZjVA0x
I/Djy8oJ4u5uocFuBjKZP8za3vgjoFf5XhKc8uuwnvPwKx6qwrzuTlyk8xJWB0ATdlgo3omDMIA/
AId47LD5fowBtNXqPm0WJOg0Q/CZuCtZddwWzk8Ns3p3xt8c5igvDkddRwnTwdAGd+SYbgh3lRaI
e/nUZWqQtgFeKUnGJJSjZA6KJO4ch9Yk7h6OKAQi4qeKb4xtGTEAfri+zvpZBZmGCVOz6fJ82hhw
FbCJZZDUbJ0BcbgcgAMN+jcI8HZwPfjJ49LZXME0Z1CcgWDOA09oEkIwBgIcECJJkOZnapq1qQTH
/lzRl7KXsJdURhqAoW2ENmaqbKmo9cTWdm09sfMkTe853U6TGGnYOeJBd/md8+Mn6I+72B3Nm57Q
gjXjeXxYzZE856ntgnDB2qlr6cWTTwJXXE/1iT6EVY54KeJJb+5TzLV8xYkaH+8sgADNTQiZ8Fro
Lt2ZHsjT1fHIPI40ro59Bh3Bg2aNaOQDIJGvcHA2RhHXFcd85Eiog0FC5GVeg7ifXZkHreriFw8i
DeYRtsryW73fDEEhdX7hfYdaBoSXdi7ZRdO6T5VjVQ3jd5V+/ll/oFleM4ntD9PBm4ZQxvwZZBGL
Ry6WFmasxgHXwZ2nyu9WwkjIa3qP6TTzz5kEWqlzjZrWr30J87o78yCPfdSB+cKVdjP/IV3TEU0p
UozIUjAL33DBhHWMpWOWyfmReVS2xR9zLtPC2VpgK936l9unzmFqTPAmA/uwCFC1kw0wUePgnbX6
uV0sUMDzhir0ivi4vgBrDYQjHc3biKdd4KRAYAbOAcoMSZtOmr3EYWTW+vUpSuJEUosvXIwYUkM2
eooUvjSK+cDTDLgyBzDoh29on0IrcEDSZDIYdyOnEneT4x5Pdgj/e9t2qWXIh4q4S3xhw9+ladZ8
HTtSCQE+mh3+7ppXp64ELxxptCENm5d29fCc4ztqn7kefFivmlJWtaPMwIo5vTvfXDd3wAiunxl4
Uw+oVdCJ46NedQSQqPYVhCBw7z1rULlKU2dt5PKs6IQwM3COvFShCtxZHD/rLxRK8Ax4CWBAuJgx
KWrixEaxTDd4uMqDYYSlAU8ctOiHpEnrEBRHnuCPkZmzyLGnAs1cHtfXVR7kdO4+eSy72o9cLwD6
ZjPuO0aMoOWt29gBnRwf9fqcdFcBZnNbcPc4NET5wBx1wXkI7tUNLfoYZpYBZkHDsfy4sdLSBeLA
gZ9wJ+2KNm3lN/Mo8x9M/DbestmX+XREZkCW5zTwE8yg4451tS4yY+UH4CzuKcf92QzYoH7m8ask
8fXqCQ9GT5lSgnfQvnYETGKfxZr2pQQo/qu4WkN1PJYBTpvvmFfjqf0FAYz4WbOqwfJ9vVdvYZ2h
lx0/+YokPBzNEea4XDczHbkuqhYxp4XlkhPCcsi6bt0dmodmnuA0eHK/OQPaOD7HdZcHkZ75EO+u
zIOI5x/n13zxWNwZjzETVghhcFx31iquG5v/xtiB8BauBQCwCoGjXaNHS+sA5vkHabmPC3bvLub/
RNK6xtqu3eTVAq7cyc7lu/Pk/nOlr1kTHO2CQEV4sc9Sx5SVeXJuk9V4Qz3Nmv2oh7v7LU/XOpTv
KQ8yf5jbrArV8NgCjVhYDvNKgU42zX2UrzrWflfXTWf9w2EBAZwfmTNHCqFJfre4ruSRsDbTJ05c
O+EIT4HzRYuPU8VK02XTR44oSzFihBd/w38SzMH94gCkt227SCVLpqKli+vZmTkHeN6gwTyaNfuw
QT6A5gDRI/zkWzgc8ZcsOUHduq8xtLqNhB9fVOD8lVCayJptON269ZTO+nSmiBFC04WLdylpsn52
2uMMXqtp1Xw5H7+Ac46H8i6c70rhw4U0sjl77jalSDnAjg4cH0B7nDgRxN3rFej580+YCeh39eoD
atPWhkU5qp9RiH5xjwIaOHePXv6NzQdcjg7Q1PzVwzr1QBwaMPeFSV9oMsIMMGt27Vq6W2rQAlTF
ARpMa7vjuG7mNDj0r9qpGuUsnUNqYJnD+ZsPB50B2AA82Dyn+fBPBZjUA2rkzwfN5jQIOyVMaLcU
WlVWYQhXnUrTgDxIVDXBUV56cRCeKE1CAqi/b/U+WQVHdOE6PX3w1NJUulp/PjQ2gzpqHEfvnNaK
97jvzXQ358V5+BUP6VzNE3FHNR3lUOAA4ar7Y/AfVKltJeOwHZp0Vibm1TRW79wWK3pYxXfG38yf
jvLitK6YTPWEFqgvNmfevbxpZh/H97PU6lGLavawNhlj1WZX/FzpZwaZrIRiuAzUv3el3rRj8Q7q
OL2jvO6Aw/DkcszggBonIN95XDoDSxjUdQb4ALxomK6hBOOg9Yf5uakwWQ/wFt8J0yZ0udor/xJC
MY1HGPFRLky1Xzx+0bjywhEPusvvRiEfX0B/Z8C5J7TgtvP4sJojreqt0tRcT/M3zxfw5z51Ntey
RrW6nnhCd0/Goydjn820O7sPm8eOK/O2mX7mb+4PswAWx2Mag7/N5XE/uzIPcn7q0y8e5Li8HgOg
xzofOVZkQ7DIag5S5x7kgXR5K+aVQke7V+w2zGer7eG2eLr+QLsYWsZpcqeloZuHSKs7bKrbrCnP
7XL3yX3hLr+jHFfScn38M/aRB9PSavxzGfxk/uNvZ09J2y1DhKnN9x7PucifaeFsLXBWD26fo7mZ
Ae6rZ66Ss76HxY/B9QaTef/naHz7t97O2qTDvn4KBGbgHNRXNQitesNK89DRgSen58NIAAE4+Awp
Dr35IJfjOHqqIBMfGDszUewoH9WfwTszoKbGUd85vjx8XbbUEPxT46jvqqBAo82bKEn+/MKU70ha
1qq1NNfpzASomo8r7+7WDXkyHfkQmsvhfjIf+LPJa47n7FlyyGDK29YGKjqL5yzMUf2QBmFWwDnM
sk8SJnhhht+Rwz3LqcQds3BMN0dxVX+VB1V/V9/tDtDnzrHkH1VoBQCKet82yuH6usqDrtbNHI/H
ckCMDau8uB3mcq2+/Ut35iO1LdiXTir2m6/7hVE+7hEG78L0MsBsVxyEHOIJkJdBHDPoo+Zx8+RJ
KZgEQQ4I9sBqB6dT41m98527EFrh6ypUfrZKo/p5woMAPHGnsrN+kH+TfdQEtpqXuQ/M4LRaN7yz
tRMIbHX++6IviwuIw5r+an/C3+wczRFW8QC6ujoPqm1FXqgrQDFYasC6CS1fOHN+8HM0tyLM7BDX
XR5ks+buzoPmst39thrjnAfaMThVauMOcczbsGYRNWlSKfThzpUee//6y7hyg/NXn+gLCOVFjGcT
6OcwM/8BhIUQ0y/16vp7neIyzE93+5oFdYoJE+4Fu3Qh1lT266oVR2OK9x88bl8IISFP9lvmdrn6
7SkPOuMl7kceWyzcgnka2uYQLLJyDOLjKgbMzVDacNY/HBYQwDnvm4r160sFO3f2VT0uS91vBQRw
7qsgk4ej+8GfPX9N4cJ3kubJASBv3NCIChawCbiqWWAeBEi/WADncOHChRDgdwZB2x9o+YqTdOfO
M+mvgssMTFsB5wDylwkNb/TN5wDOGaiXlRI/DNir5aJ+mTIPpTNnbnM0p8+9e1pRtqzxncbRgW5Q
QAPnbhArAKLyAZejAzS1CL8OvVRNMxwO375ym/7I9IfMwtnhm1qG+s51gzn2DPnTS001hIcK41uC
R03H73w46NfhJ5dTs1tNqtO7Dien5+JOxlIRS8lv9YAaHs6ANz5MxGF851mdLf/Q40L8oinHc/fJ
gAfuOG46vKk8qOc8WBvLEV3cqRMfGjvKi8u0enJaK97jPjHT3ZwP5+FXPKTjPF3hRaZftuLZqN6f
9ei1onGu1gGSznHElQUAC5nfrIAQNY2jd26LIwDInI7LswJJWXjDirbIh9O60m+e0ILrijH08PZD
8jngQw9vPZTe8Fs1aZUl+MPp/PPkfnbGE6pQjPdZbwkeW5XJbbeioyvlWOXpqZ8r41I1hQvtWith
JeTTKHMjw/xyvBRxDY1zZzQz11vNp37f+lSmWRkJ8HG8jbM20oBaAwyLDOzPT3f5ndPxE/R3Bpx7
QotkmW138zkbH1xvlSegHdwqTyu7u7a5nuanqtXPfYq7yqecElYqTFdCIC2DgBirXku8JOjG/ecu
3d0dj8z/7syDDPTDIszwrcPszLSjPfjDgbVZ3eE3pLVy3B81u4v126uOrygqCGjW6nfWz74ysvDw
iwc5CQ4c+GoInt95/jCbuUYarhfevYTFE1iBYHP3jujHaTxdf1TN/LH7x9GV05clKOrKPgb1dMV5
wu+sxcxpXQGL/TP20Q6mpdXaam4nC4qA7ugrXAvjyEURAhMY4ypPejIG3KGFVV24feocpsYDj7HQ
mDPtfm47z03cV8zb5ra5Wm9cTQBh3OAhg0uT/mrd9Pu3S4HADpy/EnfX4uAT9z0+EJqGMNH8Rtw9
fW79BgOUNAMXfOCJO8eLevXy1bnqISe0CQGcA5CBqy3Mi+OOcJRj5XA/b7TkyaVGJh9Emsu3SufM
j8E7V/Ph+O6Almz6FGlwJ/jobNmlhqKjw25n9XUWxnVzR4vPfAjN+Vsd5CKM6Q6zwbifFfGsHP6W
jCzMpfpHWw35Oqofa55d3bvXlxlmmEN+Ke4nBs/CzC3usoV7/O9NaSIX7wwkoH4M1MHfHR5EfHcd
axo7M4MLmjJYxuCAWg73szs8qKZ39Z3HsjMAWM3LWb04L3WcfUm6M98CqJOWLj6aXL9++DA9+fdf
+lF8w7LF1oEDpXZ5m6NHKLi4EoKBaQBZyYWW93tx57CVA7AcM3VqqfnKmo3qvefmNNx2lQ/Xinu2
N/XpY47q65vnVuxr2GS1O2PeEx6MlCiRYQWh47mzFE3Q0coxndV+5niOxjKH85PBPgCgMH8PzVuz
Y/Dfqhw1Lsq0Eq5R4+DdUd0czYPM60gLyxsphTl+NrGOfmEhCKvx6yhP5GV26nrpDg8iH3fnQXPZ
7n5bjXHOg9vMICTu5x6eMZMMdgZ2cnp+wnw2rhDBniR12bLSND6H4XlRXAcBoQUrvrDqY2jBA7SH
FZvP4bjdKiDqrBzWEMe8AIGaFULA7tiCBQ614rlNDdauoRRFi/rK2jzPPLt926P9lq+MXfTwlAed
8RK3mceWOg/WmDeXMlSubFm7YwsX0kxhEl2um2LM4moIZ/2DO9CHpE5DifPm9fcd57wH5LnbXEEe
56plC0+B84WLjlGlyt7S1PrSJfWFNrm4j82BixUrPMWNY289B/Ts5bWOevfZYKQCIL5/X2tKkTy6
4YcXBp7xDpPmJYRpc5hZh0M+9erPo+neB+zMrX/twPnzF2/ol6zDJHCO+9aLFUtOb968l20y/0D7
PHXqmL5MuZvj6W83KKCBczeIFQBR+YDL0QGaWoRfh14Xj12UdzzzwW1QYaKSTQDjEH3IxsHyIEzN
E+8nd52iZ4+eUbbiWe1MLnHdXAE6zXnimw8H/Tr8hFbsjN4zpGlQ9b5l1Zyz+cBdPfhUTY6qB+TO
Dhy5vn7RlOO581TrNkjc3ZypoL00GZvXdEQXd+rEJutRP0faqjApvGfZbqrQpgJFiR3FaAoDHla8
x31vPng1En984Tz8iofoDAKppmjV/NR7vfl+TwBGvZf2NkALNT7ewSMhQ4eU4SrwYKWhjPjQ+F89
cTVlF9YS0ogxoTpuC4D66l2qq0HyHYfJKIsd87cV+M31t6It0nNaRzzAZeDJeblDC6RjAM2K3uCx
Vr/agEZX+g75uepc4R2Uz+AjTK3/PvB3X9mr/Wl1v7Qr5fjK1B8eroxLviYCxfRZ/qcwj5/dV4nc
LwiA0ECMBDGMe4fNmoOc+MXTF7Ri3AqKED0CFa1j+2ODeQhxlt5dSuEjh+focgPIZu4d8aC7/G5k
/vEF9HcGnHtCC2jfw3HbrMYH19tRuz5Wz6UH9ym0oa34EHN5i5wtpDUANpnMdUMB7tCd+92d8ejJ
2FfrZ1UWC26h/gEx9rk/oJWt3keP/OFgQn9IgyFSqMMsnMB1tepnW2rnv37xoJr68KYj1KFwe8Je
qP3kdnL+eyPutzLXCWm4TeBHWC9hQBJhMHMNCxG4akGlnzpfebL+IG/WOsc7u4C0qKHye8U2FQnW
F1Qzm6pAk1kQgtO6Apz7Z+yj3cwXrH3PQgtMk7dv3hr30R/bfpzaimsssO/FHihSjEgcze6J9RtS
4QCD1XvP3ZlzOUPe44EXrMqEFSgSlubM9eb03D5ncxivb+DByScmG+3lPNAfvIbz3e3cl5xW5U+k
c6UP1b5DGvM96fDT7tukQGAGzhm8gFnTYr29fHUQHwSaD6j5wBOgh9Vdk3y3t9QKO31KAk1D06WX
h92ske2rMOHxTgBWAK34PnUunzU2Q4ryVIdDO9w3eu/iRcrXvj0FC/npbw01HgMg5naocdR3ju8O
UMW0VPOxMmethnvyznVzZCIaNAwqAD7VmQ+hOczRgTLfJSrv2xUa9wwWcTp+QuAiWOjQDsM5nl9P
rp/ZZLMjU/LID2mgXQaA7ydhll113BcqYIk7nz3hQTVfV9/Vu1YdaQmzNi3ytAIpuZ/d4UFX66fG
47HM2o9qGN5xN2tw0cfsnNWL81LH2Zek+9/bt8v7flFXK21o+J9euZKmlipNfActzr/4Xm9nJoCR
FoIaMBkNx23FHAeLAZET+L46Tp2/AOS7o3ErC/n4w2AQPhuuX0fJCxdWg+X7s/v36dy6dZRQmI6H
Fq4nPIh0LMwBU+slBg7wVQ6PLQTUWrSQ0olrElTHY5kBLzVMfcfcw2VZ0R1zy6jsOaQlAJWf1Dz4
HWV+DuCc+xiCGB3OnDbuZ0e5mJtGCRP/MGtv1VYVJGOT3FxfPAE2Yv3C3OopDyIfd+dBpPGPY5pY
9QmvJwycvxMCeCyUgmtMGm3aaLlGX961i14IwaeUQlAL+/EbR49KwN3RGnd+0yb6q1BheSWHeVy5
yn/+oYE5LbfbVeBcFQzgvKBt3kHslSA4aHbcJitBLPDQ3Np16PDMmcRXxQCY/VJrHerqKQ864yVu
szq22A/jsd3JE772OeiHsXl+lQIXqkCTs/7hNcOvddZZHtxf3B7sO3C9QMS4cTlIPg/PmkVzatay
E+jzFDjfvuMi5c03VgLnx4+1pxjRffMNCsV95NAMDxkimF1devZaK0FzmCnfsrkJDRu2jSb8tUdq
k+/e1ZLSCKCYHZuFT5o0Kp051cnO5Pu9+8+lSfZLl+67DJxXqpjeuK/8S2qcq+Vizi0g7maHKfv+
/UpQp44FuLm+no+fvKKfwlv/beErsvZwjQIaOHeNTgEViw+4nB2gcVl8zy0O68YfHC+BEhwE4kDw
8qkrNFLcYw3TjmyqHdqOuwRg2rNcD5lFimwpqMvMLhQrUSzCweM/F/6hBUMX0Prp6+Wh9uzLsyl8
pPDyUPHD+w/UuUQXOrZFLPrbR1CKrMmlvyva5nxAiTu+G6ZvKE2md5vbTW6sgocI7uswkbXHUUkV
bJrdbzZN7TbV4YEoA+5oL8D9sBHC0rYF26lPld6yPdPPCpOsMSMz+SyfrhwkWiZ04qmC9zh8rti2
IoUJH0Zq8GyYsYEmd5ksUwNwBV1UMBYHsq+ev6IKMSrIdnM/Y0MBZ6Y/1x/ADw6Oey32otQ5UskN
28M7D+Ud63P6z5FpR4q7tBHGbuNMoZFaewA1GtKIcIjODubzRzcfTTBHrAolIBwHwigTDn2JqwGg
1aryCMLM9YQfgwLQwm8/tb2Mgzoe2XSUpvWYSo/vPqaJxyZSzAQxjYNzpMNdq/X71ye+Lxo0OrHj
JP3VfoLkd3XscBlI106AIwWqFZAH5QDY963aL68uQBg0Rat1roZXw7EQAug4Zu8YWQ+kO3fwPC0b
s1Te+a7yp8q3rMUK2u1YvJP+rGqTwgZtK7SuYIAToB/MxF489jc1z9HMbmygIgBocLCvOj5kh587
tGDwB4BW/7UD7Pr+zvU78s5sM/ijluvuO2gVLHgweScv807yX5IRaAIHPueDfXwzoIZ3gJLlWpYz
NLTBzz3EvIX6wfTxpOOTpFUBxOX5xWp+Qri5HPh56lR+x7jkO+MdjUuM04F1BhLGFpyX0IDElRbc
7j0r91L30t1kmKpJyqAqAiq3q0xVO1eV7YUwydkD58irYi9pIUA1v431oH6a+tK/+7welLtcLiIh
qHnj3A2aP2S+nNeRn5kH4QfnLr9jzQDgBAdAaFyrcbRz6U5jLTLPUZ7SAvn7HDhLzQQ4iTmyx4Ie
cq6BP5w6b6ljyxbq3i+Awpa5W8p5BCkBEpVvVZ7CRQpH189el/MjeBHO+5ywjJAkjrxv3hO6ezIe
PRn7Zu377vN72AQ4BG+c2n2a2hdsJ9uDH/P8bgS48cLtQhLMNV3FmpYyawq5Tqybtk7M7dNkbpi7
WDDOk3kQmbjLg7Lgjz/qWsn+GGu/D/qdP43nyd2nqJXgC6wFfVf2o+RZkhHo6rP/rLHPQmQz/fyz
/iC/uzfuUpV4VfAqnTpHsJ9/nmYaAHCFQF2Yn8LQdTFv9K/Zz7jPXb2P3t19iX/GPtqnCiGw8Afo
jzEJwbfl45fLeRJ9xyA27337repH8ZLbTB6CXy6duEwLxHy4bcE2mxn8LUPkOuvJnMu0V4H3xkMb
y7ULbb5z9Q5tX7idJnW2XcEBUJ3Xc9QTDms8742RtmzzspK3EKbuj/l6Afhjz4R9TsRoNkn7+zfv
04S2E+T+C+GqcAXW2z+r/imvODHzp/o3BPbMWFvNTh3PCMMYCMhrjMzl6e8vR4HADJwzCAZqAmjK
UK2aPMjHNwCzGUJzx0fcyWs+JOcDQsQDcAQNIJgvhlnhg9Om0brutr+fcWc6NFmxl+NDT8SvvXgR
JS1Y0Njj3RPgwyHvGbSxd2+7Q0UVpIFp2mqzZlIUoRUJd+f8eVouNLXOrl0r69D1ymUKE+mTABCA
C7gfxNxxV8TFQTLuCM3VvDm9F/fWwgUJEcJoL74BOkMTHuZAAepAa6mmMLVtONEOFUQ0/D++rO/l
RRu8PgkgBLS2OYpRacJCCLiH987Zs7R34iTaM24c5RVCBCUHDZS1ev/uHS1t3oL2TphATXdsl8Da
x+oStK3G580n73+GAAQsAcCpfIE+LCbuFA0X1Tbvga5/79hBK9u1dwnU4rKcPVmDFUB95alTKJw4
eH54/Tot+qOR7F8cRKv1Q16cBnwB/osU/5MZzYtbt9L4/AXseAlpPOFBpHPXYV1jMANpoa2aunRp
g98ZvEWYWbjCvzyIPN1xqvYjBBcAALMFip2jx9BpYZJaBf9vHDlijI3aCxdQUDGG2B0S4M3cWrWp
1NAh9GubNuz9xeiOcyQAao3U+TUAAEAASURBVBe3bJFlY97K9vvvUnAHHhgLuEIBvKvOaep8Vm7s
GPqlbl0D5MYYObV0qeRF5NHywH6KlyWL3R314E+AgrgzHQ5z5+6xY2lVh47y21VtfhnZ4odBG1x9
AQeLFhmrVpV1fP7woQTMZ1ezKS7A/Hyhrl3l2aEnPMhCTygHgHaeli0NWuCu+Olly0mw2GxWGm2G
CfPJxUtI+mOuwZrwQWgPw0HAhv+mlx7iR9W+h3nj7I0aEYSjMF/PqlpN3juPuOCnPOIudU6PMcL5
/iiAZ1yJcVLcQw6wKoy4W1s0XhYRPEwY+cQP+n5mlap0cvFil+fBy+IaiDG5cst5pP6qlbLfMdde
27+fFjVuYpj3N8+rsjxFaxrrTm5BR9TrwdWrdEJoxa7u1NlmwlwIXUDgyxMeRDmezINI564DzdG/
x4SgGsA/81qK/F4LHoCllbiZMxvau3ynN8LVNRz53btwgbYNGSoFoLAvwBoO4HhNl660bfBgX/2O
PCBw8FRom/eOFRuf1GDNakohrETAYZxY8Z/KBzJiAP0wH74WayLMwcMxD8I6hSOBM8TzEfuWyeKq
EXaOBH0QzusW3uOKuafCXxMooljvnou5CXut44Kf4KqLe7UxL8BxGnf2WzKhBz+e8qCj9cLRnoUF
KlDFdBUrUlkxv2OvAAerAivbtJWClPhW914sxIJ9HQTE8rZrJ0H364cOSX6B9QK51xP7CHV/B17D
nhbOqo/N84y6N8OaUH/lCootTMq/FeMCgj0Lf7dZM1b3M54C56rGdMKEkWn1qoaEe8Dh3ogzR5he
Hzx4Cy1YeIxUU+24q3zo0G3UtdtqGffvi10pYYIocr0oWHg8bdlyQYLn27Y2o4wZbPvB3XsuU67c
oyRIv2plQ8qSOR4hn/37r1LjJgsNc+c7tjej3Lls+/OHj17INPfuPafDh9pSnNgRDM11mExfuKAO
hYCiarNFNG78blLTAuz/OIXT69fvKHeeUZQoURSaN7eW4Q8Ne1UY4O49ociafQQ9e/baKE82UPwc
OXpDmmVXy0UYCwTgfeyY8lS3blYKFdImYID8li49QX80so2tA/tby3YjrnYBQAENnAcAEd3IwlXg
XD2Q9Sv70XvGUEoBkrNjAJq/rZ4Arqp0rCIPpp2ZvFVBSqt8VKDeKtzRIZyz9pmBXc4Xmk8A5h/d
sZk1Q9787igNp+UnHyS7okXFaVx5mu/AdZaGacqCAM7isplZNY6qQcj+Ki3gB23lbvO6SbCa28yA
EMKh1YSD8nv/3KPqCW1/tMAfTtVmYn61hTj+tdLiunzyMjVI18BIZK4jvnEAzMIOrJnPCbIUySI1
xvav3c9e8smgNT4A3oJ/1bYlyZiELhy5YKRBOSN3jpQgmOH5Me0fGf8wgAOAlDiMVx0f4sNPPTxX
45jfUR4OnkOFDWVoFpvjqN/qITj7e0IL8wE47o/OWiwr4X5bmGqHU4VsuCxPnuayrPKo0bUG1e1T
1wjCAT9MRjPIjAD0FZzaX+p8xlqjMpKDn4AEm1zld9UqB8CJZtmbGXwEMDG2uE4AoBjPTwAsxh0Y
Z2hH4nDqr3Z/0cLhto0Nmob+UvkYfgDxYBkEDmnYnK/08OPHrH2IseIqv2POYAsBfhRjdx+9J7Sw
Wgumnpoqadg4S2M7mnh6nzTawNcpoH+g0e/MqdZLPKW7eYy4Oh49Gfsq6OaoXTy/+Xe8mNtlVR7m
mXHC/DisIrg6b5rnQU95UK0Pm91nP/AV6GB2EKjg+8XNYeZvnt9xXYh/1h/OF9Z3sBeAc2RFhuO6
+7Ra+63y6OTdiQrVLCSDPN2XeDL2uS4YYwB/AXbDWY1R1TIMC9rIyOIHYyt6/Oi0VwgqqU7Vovdk
zlXz4iuBVD/1XdWWd2WMIK15Pls5YSWNEAKx7KzWx5ZjW1KpxqVkFFXggNNAYKXt5LaGBRr2x9PK
MoK5ruDvGednSOFPNa1+//Yo8L0A5+gZHLJmqVOHAEbsGD7c6CyzRqx6yG9EMr1AO6qFAJnCAsgQ
DgAUmy/HN8rCgTebXYUfnNRM27jBAGtgwnRm5U+CUUj3WpiXVx1Al/wdOxpXjLlSP6SXWl5CkxBg
DQ7dWQNSzVt9R9lW96pyHBze8oG+escmhwfEE3PwLAEAgS5wlvQQh8O4O1U9yOWyGVRXNZ45TNUg
ZVPUHJasSBEJnEBQQXX1xOFwKmHC2D/ODCI4yksFO/mwnuOifjikxuE4wF44VesM357yINK666zK
iirM2j+6ccO4Gxn8B406NlMdEDzobj0Bkg/LkFGCoUgbPWVKAxDkvFhAgzWo2R+8B21aCFwMz5zF
ADoRrmpHWtHClbHP5bjzhCYwNMgZZEYdswggHPf+wvQ3u5JDBht3HgNwn1enrtTa5HAAM4+E8MbV
ffvYS441mFaOIuY2uKsCQB0lgEJ2MdOmlWAZhAvYQZOx2uxZTkE0juvsef/yZVkW36ttFReADAs/
INyK7n7xIEArmCCHBis7vk9YbRfueud7tlkDmONbPc0CIogD0H+sAKYxZv1yaFuHsz7StL5f8zTn
xWCk1TwIgaBKkycZ96hzGjw5Heo3KHkKY7yqcczvXD/12gq+b9kcl79VjWpPedCTeZDLd/VpRT9n
aVUz2Yi3qV8/Wtu1m7MkUkgjY/Xq9Gc8339bqusSA8JqZujLSAkTOCxDXTfUdP55NwuzmPNyZCWH
42GcjRNCa1eEcIa6D+Fw9WnVZjUc7zmaNKGyo0YaVhGsxv7nmnPd5UEr2vH1Go//+Yf6JrDNr9xG
dR3fIwQAFwuhFXZWc1P5cWMpR+PGHEU+V3fuQlsG+LagYRdJfFhpuJvjmL/VawhYGMAcR/3GXIF5
HAJVC+rZBDzVcFffDxy8JrW9OX7atDEpfvxItHLlafaSzx7dC5NXr2K0Zu0ZKl5ikl1Y926FqLfX
b8Qa7GrgmNHlqWmTXAQQPHmK/sZd5moc83u0aGEliJ/ll09/PyDOpImVqEiR5BQvfm+ZBJru5852
pk6dVtHoMTulH8orXDgZJU3WT3779QNN+7RpYlm2a87smlS1Skbq1HklDRxkE6Tj/Dgd5tw6defS
zFmHOIgqVkhH1288on37PuEYMGF/7Gg7KWBgRNQv/qOABs79Rz93UzMww+Cpo/QzvMRhqpftMNUq
Dh/CF61X1BcgiPhHtx6joQ2HGGAO5wEwsm6fesR3ywLM8qroJbVrOY767DqnG+Wvkk/1sntnLUY7
T+UDB+g4EMdBqOrwB/TCYQuFFvFfqjc1GSYW0BZljUMEu0DxAa3f1nlbG4AUwnGgWrVTVYdp1Dz4
IDmggXPZnqGiPR3s21OlQxUq8XsJqdHNAHCnGeKQukYh2f4J7Sao1fP17oj+OKSe1WcWLRWa0arD
QWutHrUpW4msBj3QZjbxyXHZDDjAPTNwXrtnbarVs5aMOr3ndJrZ59MfIZze/HRk3nPf6v0CLB1k
11+oI+5nzlk6p6FVzPnhGoHhjYb5ArBxmAuN8dzlcvu6lxiaadBKG9NyDGcjn+C5hgMaUoHqBRwe
Al/zuUZDfh9Kp4XGITukg+n2Xyv9KrXQ2R9P0Gtw/SF0eOOnxapc83KUqXBm6lqyi4zKPA8LED3K
9qB9q/dZAgGcr6rpx354uksLHouof/BQwe1ojvyKNyhOtXvVpsji3lf/Oi7LWT7QroOGsNntXLJT
ggMMKnO4Vf3YLC/igG9UgJ3TQdCj6cimBr+zvydPV/nd3GfQil8+djlN7DjRV7EN+zekMs3L2Fma
4Eh7V+0TZq0H++orzBulm5SmaPFsEqkcHwDf+LbjCVZD2KG/mwxvIrRkk1O7Qu2MvMx1RHxX+d1q
zuDyzM9ei3rJccn+7tLCLOiFsQ5Blxg/fzJpz3nD7PbgDYMMSwXs78pTFTgCzRoNbSTG8WGpMcrp
sT5CqCxxhsTsJZ+e0J3HiCfj0d2xj0rC5PLQ34fR8W3HjLqDlp28O8v5CustnH/HCwNtEOpKlC4x
LR29hDbN2iTzRnl1e9elInWKGKamscfwZB70Dw/KyogfVVjEL4EBjI1ewtKDKjyF9sC6AwQt2HIE
z+/oVzj/rD9IP3fAXGmVRtXQh39AON7vQHhq0PpBdHjTYZrVd5YxR6DMcq3KUYLUCYziwCee7kvc
HftGoeLFaowhHOtrQQHq856V09y8fJNm9p5J670/zYUcVrVjVcon9q2J0iViL+Pp7pzLCR3t8fKU
z0NF6xWTV/QEDRZURuexz2kdPcFLEJaAkB2784fP0wSxL1bHMcIwN9URYwvWENhhPwIBJ3UtxV4M
V6FY1UEVOuQ8oM3eqVgnQ0AJlnuKifZo9+1TIDAD5+qBOA4gVWAEPQcwsmif3lLTTu1JBqZx8Bcr
XTraNWo0wQwlHA4FkQYAvNlkOO5T3zFiBK0X9/yaHYCVX+rXo8T58/vah0LTcVnLVuJ+4m12yQBu
5evQXmq4qQGsRav6Wb3jcBvAH0zD4zCXzXxaxYUf2gbgzGwanOPDLLVXzFjyEwB7jFSpOChAnwB0
oF0FYEZ1uVq0oMw1axj0UPuX47FZZCvg3GwGGiZ0FwqtbzOwBToU7NKZUpcr58scKZfj7vOgt7cE
LzkdyoBm7ZkVK2nfJNthb7WZMyhTjRoyCoO4ACsZJOW0eBYf0J9yC3qYzWN7yoNq3q6+mzWP1XSo
H6wfqBpuAcGDahmuvt/28aEFDX+XIA6nAeBcsGsXSieAXzZDvq5nL2kVguOgjwAahIse3biTmMNg
PaD2ooWGaeYvSXdoBYOfYLHAymGc/NqmtZ2VAuxNoBUITWezS1qokADf60hT0mZTyhCE2Nx/gLT0
oKYDbaARma7CJ+t5argn76Dh5n79LQGgMiOGS+16M7+7y4NcrxNCgxsAlRmoz9awIRXu1ZN+imWb
5xCfzR3j3WodgT/ArzIjR/ia29Gmtd26izVkFKIZDqA2BLgg0ADHQGQQcU+9X/M0ZwLLJmnFHIU+
AtiutoVN0VutFaowEMaGd4WKdnMg+rbW/HmEusPsv1o/9ToR8NT2oUNpZfsOXCX5TFO+PGUVax2s
rqA97DzhQU/nQS7TlafVOuIsnVVfwwrIggYNDQEdTo89RjFhJQFa6gB7YQHFvN6o6xLPQegD7s/C
PXtS5EQJpbUL1Z/LYEEI/g6IJ+aY8UJAB8C3lTMLAJrjALQDHyM9XxthjsPfDJw33S7udhcCQDtG
jKTLO21gY3IhfJireTND657T4Pml5lx3edBqneNrYR6LsWoGzgv36kVFetqsGKFd1w8fllZDzPtB
R/tVpME8iHlGFQhF/AKdO0ntfN5DYD8YS+wp4JjX5IeTH/Ne74KweIJ1hPkTSVFWoe7daHnrNtKU
PPxqCGtGMyvdxqvH7vKV++TltYG8ZxzwlQfMj1cR4HG6tLa5etPmc1SosD1e0q9vcercqSAdPXaD
MmYaKrXK79x5JvOaO6cWVamcQb77nL1NFSpOM7TL4QmQfP682vT06WsqVXqyjAft9+XL6lOatIPk
N/9AWzxPnoQUK3YvI57PmU60efMF+q34ROnnPb2aiJOIEiTsw8kcPgFmQ5M9SeKoZNWulSsaiLvY
UxGbpOeMUOe9e1oaIDjm3PkLjlHVajM4ivEsVCgZ1a3zCxUvnpLChwtp+OuXAKCABs4DgIhuZOEq
cO5Glk6j3v/3vjR1DFO7MG2O/1+TAwD88NZDaXIYmsfqvb2O6glznDDpjEPKH4P8KAEWR3HN/jCf
iTtsAxo453JwUP/80XNZL7SFzXZyeEA/UR7ubQ0SLIjMGqb3v0aHQ3FM8jDtrR4SO6orTLrjWgJs
0GDOFKZl/XIAMJ7ceyLzxztMvbN5LL/Sgo4AeGBW1ZWynjx4IuPDTLgr7fGrfGfh7tAC4z1SzEiy
3cwbaBfa9Lnr6awN5jCYbsZhP66IwH/MS67Q3ZzP1/bNPMj1cmUOkLS4/YhChA4hzIW9pnCRw9mZ
Kue81Cfmzbev38o5EGU4ultXTaO+u8vvalpX3z2hhat5B2Q8d2jhLt39Ox7dGftMEwBhENrBOunO
HMjp/XoycG4W/pPzp9hnfG0OfXbvxj2KmzyuSwIX6DOsVVi7XdmPcHuZ3zHPurr+oK8qxa4ks3Ck
Dc/5e/JU9zuqFjH6Ctc8qHe5e5K/ozRMCw53ZR7kuADfAfhj/Qct/ZrbsLfAHigYzJT9R3Id8SuN
J3Mu1w/jCtd4gEew/n+uPR72GC+fvpRrecgwId3iRa6rO8/nj8XVK+Iuuc/VHnfqouMGDAUCM3AO
CuGwOqQAjgG44HDx9bNn4mqkt/JbNX2uUpOBc7MmF7SonJkn5TxQzgsB/jJgjXuDHd1PzmnwRF1h
LvY/sfcF4Mh3oatx/p/vG4Sp+fUCXFRN1H/O+oCOOIQGTUALV2jvSX1gGlfSXfwtCdPcfM+zJ3k5
S4P24LAfYFLoiBGd/u0JM7ngofACtIVJVfAtaPFB8GDYKFHsTIhblekpD1rl5ZcfQBYAHuxgTtoV
fuf4X+oJ7XOM4R/F3/Cfs489Gfue0AB0h2lszBW4sgHXMADkdzZOpCno27elaXGY2AVQ7so8A759
KfgR5QDwhQlhV89O3G0b+umZmAvleZCYt/1qE/L3hAfZLDbmW7yHihDhs/EFhIHQPygLNP/axsfj
f/+V9A4qzKqzFRVX+w1zFUw9iwwkL/rVNnd40L/zoKttCKh4oCPmXozBkIKfQov/36NjKw0sEKIK
XJjpwRrdqjY0eATj39lcxvl87rXu/8WDzx88kNaHMM8GE9cyuDIuMXe+eflSzi+fa40D3dE/EKTE
2oE11VHdPDXVzn3LT2iFv3z5lkKKv+HBF7iTO+hnOEv69+ZjTGOinKAUOZLfmALX72t/vhdn6Lfv
PKXQoYPTixdvKLygX9gwIb72an+79dPA+ZftOwbOrUxwf9mafJ+l4UAWGjq4N17f4/h98oButaaA
poCmgKaAZxTgu6L1HsYz+qmp2Cw6awmrYQHxDjP5uO4AgoKzL822tHoREOXoPDQFNAW+PgoEduDc
E4qztrJ/7+71pOyvNQ2baYemrmrO+Wutr66XpoCmgKaApoCmgKbAl6WAqm1eb8VySlWypNMKsMa5
em+30wQ68JuhQEAB599Mg3VFNQVAAQ2cfzk+gCTNsIbDaM3UNfJOxnjJ49Hrl6+p6+yuX5U26Jej
yJcradvC7bRuqu1+s4PrDxJMsGrg/MvRX5ekKaApoCmgKfDtUgD7lzVT1tBasY767PORa2iBqgWk
djDu+67Zs6aflhK+3dYHTM0hsOfd01tI2geRdFs1aZXMGGbfcd1EkdriLlYhgR4QDqb7Fw1bRCsm
rJDZ5a2Ul2DVB9rShWoXpjTi2gPtNAU0BQIvBTRw/qlvsX7tnzKFDkyZKu/+hVnUjNWqSU3fUEJD
GOY0oZH8vTjcM35h02YKLrSdrh08aJhthZn6Qj26Gyauvxd66HZqCmgKaApoCmgKaArYU+DG0aO0
d/wEuVd4KjSRj86bJyPEzZKFivfvR0kKFLBPIL5gxQJXMxyYOlWa/cY1NjAj/kZYL4ifPRv9Utd2
jYGvhNrjm6GABs6/ma7SFQ1ICmjgPCCp6XdeK8avoJFNRxoRo8aJSpOOT/J117MRQb8ECAUWDV8k
7wbmzMz3lLK/fmoKaApoCmgKaApoCthTANZa6qWuJ69JsQ8hAvA7+/Js+lqvCjHX9//1jXvU66ay
PjCInzK+3AsGlPn0zXO3UL/qfS2bWq9PParetbplmPbUFNAUCBwU0MD5p36EKezBqVL7uqcUMaBp
3fXKZXJk3v1TLoHjDUIEU0qWIp/Vqy0b1Hz3Lvo5Rw7LMO2pKaApoCmgKaApoCnwfVDg4PTpNK9u
PcvGFhV3vBfq2tVX2N0LF2hA0mS+/OERPWVKanfiuLxWwzKC9vwmKKCB82+im3QlA5oCGjgPaIrq
/DQFNAU0BTQFNAU0BTQFAhcFcCf3k/tPpMa02rKgwYJSrESxVC/9bkEB3K198++b4g6xD/KOcY6C
7zA/hSEIUgaUwz3mN87fEPe72muwwz96/OhS2CGgytL5aApoCnx9FNDAuX2fwCT5i/v35T2+agju
pY6SKJHqFejfcef6M3EfMu40Vh3u6Y0saOHXXbZqGv2uKaApoCmgKaApoCkQ+CiAe8YfXL5MPwQJ
Yte4D+L+6/CxY1MYYbHHygE8RxxhRs0Ixv4idOTIFD5GDMNPv3ybFNDA+bfZb7rW/qSABs79SUCd
XFNAU0BTQFNAU0BTQFNAU0BTQFNAU0BTQFPgK6CABs6/gk7QVdAU0BTQFNAU0BTQFNAU0BTQFAgk
FNDAeSDpSN0M9yiggXP36KVjawpoCmgKaApoCmgKaApoCmgKaApoCmgKaAp8jRTwFDinDyO+xubo
OmkKaApoCmgKaApoCmgKaApoCmgKaApoCmgKfFkKaOD8y9Jbl6YpoCmgKaApoCmgKaApoCmgKaAp
oCmgKaAp8DkooIHzz0FVnaemgKaApoCmgKaApoCmgKaApoCmgKaApsB3QwENnH83Xa0bqimgKaAp
oCmgKaApoCmgKaApoCmgKaApEIgpoIHzQNy5ummaApoCmgKaApoCmgKaApoCmgKaApoCmgKfnwIa
OP/8NNYlaApoCmgKaApoCmgKaApoCmgKaApoCmgKaAp8bgpo4PxzU1jnrymgKaApoCmgKaApoCmg
KaApoCmgKaApEKgpoIHzQN29unGaApoCmgKaApoCmgKaApoCmgKaApoCmgLfCQU0cP6ddLRupqaA
poCmwDdAgf/++4+WLT9JT5++phIlUlGkiKG/gVrrKmoKaAr4lwJ67PuXgjq9fymgedC/FNTpSQPn
mgk0BTQFNAU0BTQFNAU0BTQFNAU0BTQFNAU0Bb59Cmjg/NvvQ7Tg8JHrtGPH3wJsekM//ECUIkV0
qlA+na/GvX//gY4e+4f2779KDx68oFChglHevIkpc6a4vuKqHm/evqMtWy7Q4cM36MOH/yhatLBU
uHAySvBzZDWar/enz17T3LmH6datZzLst99S+FmWr0wCocfuPZepY6eVFDvWT3Tt+kPq0D4/lS2T
NhC2NGCb9OLlG7pw4R7t23eFMmaMQ1kyx3O5gMtX7ksevnr1AQULFpQiRQpNDRpkoxDBg/rKA4fn
q1afoYMHr8qwzKKcEsVT0o8//ugrrvawUeDmrcdUrfosiholDP178wnNm1uL4sSO4DZ5Lv59l5Ik
7SfT7d3TirJlje92HjpB4KQAeGz58lO0Zq0PvXv3QTYSPNalS0H6OX6kb6bR27ZfpA4dVxjrJ9bJ
rL/Epx7dC4v1Wyzg36kLDGP/7Lnb1KDhfLm2v3z1lmbPqknhwoYItD367t17at5iCV2/8YjChA5O
aPOc2TUpbJhvs82BgQcDLbN9Kw3TwPm30lO6npoCmgKaApoCmgKaApoCmgKaApoCmgKaApoCjinw
vQDnN/55JECwawIwCyKJgcPpokWSU5Ag9kDYlq3n6fnztxJ8VqmG+KFDB6M4cSJQ4kRR7A63cegN
UDlIEL8PvIMHD0IF8if1Ve71Gw9p9uwjtGfvZQoZIijFjBme8ot4Dx48p3//fUKtW/9KoUMFV6sk
3+/ee0a168yhtQJIUF3u3Alp25amdkAfaFCk6AQ6c+a2GlW+N2+Wm4YNLU1Bg9roo0ZA3fLmG0uX
Lt1XveX72DHlqUnjXL784YG65c03xld5kyZWogb1s1umgefDRy9o+/a/RV1sfQOAJF++JPRT+JAO
03xrAbPnHKYaNWcZ1R4zujw1bWJNRyOSGy9Hjt6gf/55bPBxlChhLQHI/Qeu0p07z4x4ahHg94QJ
ozgFpHBovnHTeVqx4hRdvfaQYsX8iZIli0pp08aiPUI4IH/+JPRrnsQC5LLFg+CG2WFshQkTnBIn
juIQaD156iZ177FGgmacHvzaulVe/nT4RNk9e62jfv032cWB8MdZn84UMYK9RjPi16s/j2bOOmQX
v17drPTXhIqWY4QjmunpiO4cPzA9ARilSDnAaNK+va0kGGh4uPhy6/YTihmrp4x98EAbPwVtVq85
Q7NEX/XvX8Ipr7pYfIBHA126dFlNzZvnpnx5kwR4/t9LhgfE+p0123DL5v7Z5zfq2qWQZdjX6Gme
/1HHkiVT0dLF9XztDb7G+jurk3/Go7tj31k9/l9ha9aeoeIlJsniHa0x/6+6fY5yn794Q2nTDTL2
h996mwMDD36OftZ5ukEBDZy7QSwdVVNAU0BTQFNAU0BTQFNAU0BTQFNAU0BTQFPgK6XA9wKcQwNo
ytR9dr1w/15fOzPAOAAMG66jXRyrj2zZ4tOa1b8bgNuixcepYqXpVlF9+VkdKk6espca/r7AV1zV
wwpAggZttuwjJPCJuACxs2X7WQL8AOyiRA6jZiG1oJgGw4eVoTx5EtGqVWcEqLhWxrMCtD98+EAF
Co2nbdsuSi3zBfNrS+GByZP30YCBm2W6zZsaU/58Se3KQrpCRSZIgQK0eYkABLZuvSjBT0R0pkm6
cNExqlTZ2y4/Z/HtIn4jH9DghylqL6/1NHrMTgpI4PzV67eUKfNQO4GFlCmj04ljHexAGcSL/3Nv
g38cka5ihXQ0cWJlivBTKLsoEMQoXmIinThx085f/WAw6PyFu5Qy1SdQVY2jvqOsMWMqULSoYVVv
suIJV2gGDfXCgg93774s8+vYIT+VEZr9ESKEpJAhg1kCrSNH7aBWrZfK+PPn1ZZCBcyPo0eVo2ZN
c9vVjT9Az1SpBxoAAvwhwLJ1c1M7unP8wPi8fecplSw1SQgpXSerOcuVNj95+koICi2TgjcjR5Q1
tHKt0sIyAOZOzGuelmeVb0D6zZl7hKrXmBmgYzwg6/ct5IV+btZ8MY0bv5uyZIlLw4eVpSjCssF1
Ya3j5s2nVKBAEim08y20BXV8/eYd3b79lEIIITkI9JUsNZkqVUxPc+fUtBN2+1baw/X073h0Z+xz
mV/j0+fsbbneWe33vsb6+rdOEHaEgGfqNAPlPtFKIM2/ZXyp9IGFB78UvXQ5FhTQwLkFUbSXpoCm
gKaApoCmgKaApoCmgKaApoCmgKaApsA3RoHvBThv2myRPHSHSew6dX4haL6mShnDTnMcXbdPmDD/
99/H1LjJQnr58i2NH1dRgGyhpHnynTv/psFDtsoerlI5A82aWUMCYjg0XL3ahzZvPk/TvQ/Ig8NB
A0vSmzfvDW6Apvl074MCzLxlp+U6fMQ2atN2uYzXrGkuqVkeQWjAnhIatnXrzTVAODMo9FZoxebM
NVICVNCC37unpUNtXa5E5SretGDhMdqxvRnlzpWIvalT55U0cNAWCfJt2dTETqP270v3KHGSvhQu
XAg6faojxY0T0UjXy2sdefVeL83LevUqZvjjBRrC0EKCQ7qUKWKQCn6AfrNn1bAECQAqQyse1gDq
N5jrLxBOVuAr/lmx8hSVLjMlQEE1FTif4V1dmjSH9riVWf2t2y5IoYjefTZIKk2ZXFn0E8m+WrPG
h5YuOyn9GzbILrWt2YwwtLLSpR8sQXfwxtw5tShHjp/pyZNX5O19yBDGYDDorbAasHTpSbonrBD0
+XODTAct0bhxI9ArYdoVppdhghkuZ84EtFVYSwimWD/AYfYdAcrGixdRxgOQ7QpwzjyKfM18Dz+z
QzkZMg6R4w5tAp/CMXCPsXbmdCeHpnchzPLs2Rs6ffoWVa02I1CAYWYa+fXdouUSKQxinrP8Sudp
+Jcuz916smCVK/zqbt7fS3ysd+kzDBZA+SM6drQdJUwQJdA0/Yq4OiJBwj5S43zZknqWa+K31Niv
fTx+CVpiDYZ1hFu3ntrt975E2f+vMjBGM2cZ+l21+f9Fa13uV04BDZx/5R2kq6cpoCmgKaApoCmg
KaApoCmgKaApoCmgKaAp4AIFvhfgnA9zrbSqzWRSDwAvX+puZyJ946ZzUoPVSpOIQVBHZaAO8xcc
NQ5SL1y8S0mT2e7ytQJVGLRG/Q4faksZM8Qxqrpp8zkqVHiCBOkPHWxjB2gbkUwv0IJ6IbTqM2W0
v8/84KFr9EvW4VRc3OG8eFFduzuf2fwy2mumBbeXtYpVs/eDBm+Rd3hDGGD0qPJGTbjNyO/UyY7i
PmR7zWIj4scX7rfPAcIB5Fyx4jQdEObKz567I0uMHj2c0CjORcWKprATqkDcxYtPCC3loBRemIzP
ly8xzZlzhJYtPykFJPLkTkSdOxf0pSnN7YHm88aN58X93HelF9pfVJRxSNAeZl2t+p/TuvvkQ3to
gh872p7SCbPpzhwDNwCJcTcpg+NIA01eWGsw8zv3C4BkmOTGXe2qw/29EDJh4JzvBuex9eDBSzp3
trPd2IKJ3xIlbSZunfW3q0Ak7kOOFbuXrJaVVQS1vvy+fcdFeS1BwoSRJX+GElrpcCpNXQHgmaYY
GwENhj16/FII6pyhXbsu0bHj/0j+wzURMCVfV/w339kO3oXQAoR3IMwTS/QV+hr0gZDD8hU2Hs6c
KS717FnEl+buzl1/06RJ++i0EPqBy5A+DpUqlUpcI/GC9gtBo44dC9hp7jNvgOa3bz+jUaN3yHKT
JolKXbsWotSpYsp8zD/o/7NijoIWLtzbt++pceOc4uoKWx+Y40P46ccffzA0kblfYGqfndXVEwgD
DefPPyoFnVjACfXDnfe4SsORc5cWyOeviXuoUeOFNHRIaWrTOq+8tgD+H4SESvBgtrbiG/WG4NXL
l++E8MVrqlUrizGuli47IYU5QBvUt0qVDHb9tGv3Jdq376qcn169eieEWBJQjuw/04mT/9KMGQdp
q7AYAh4pXy4dtWr1qx2PoNwVK0/TjJkHJTCNukQVFh9q1cxCFSqktasjwuDu3X8u5sPjtHLVaaHx
/UTmnV9cpxE3bkTZ31OnVKWcog7+dRBKu3LlgVi33lKt2rMlDWDtBVeZgA4JEkSSAm7xRLlmd/7C
HTlHr99wliJGDC2F33JkTyBol56SJolmFx3zM6yoYO4T/+T96VgH3ggeXLDgGGHOQTtjx/6Juncr
TFkyx7NL758PXhNdnSvAg3PnHpV9i7UIY6BkiVRUvnw6X1ZmuF64NmX27MNy/wG6oX/z5U1M2QWP
4JqNVKliUJ3av9jN/e6sjyjHP+PR3bHP7XK1jyG0N1/04z/CSgocrhDBGBs+fLu8YgT0aNwoJ5Uu
lZqz9teT1wuscydPdJDjav/+K/To0Ss5v4HumG+tnLt0Rx6wYIA1AWMSexmM9fTp4lCmTHFo7Tof
KlI4uWyfuTxPxj7yOONzSwrcYVxiTkqfPpb4H4cKFBxLV68+NPa45vJc/eb5DkJ8sCaRNOn/2DsP
+K+mPo4fQlQUyZb1FEJZSYPHzsiKzKxkFNmVXY9QdvZeT0Zkh4ykPOKxMzIjIxJlFZXCcz+n53ud
3/3f3/z///3X+7xe//9dZ933Offe3zmfc75nBTc6WhLm00+nRwPt5kdLyDT155O/H8vzHiymDj70
8Dtu8uQZ8bcqfCdrMOIbb0zx72Ldr66tueZyruverePbf/2Nr6Ln7t3o+/2NX1JHF/Rd1XIeuX6v
Ffr90e92WZPS71U5MdMzrt+1KvO7onfBjOgdbt8TLZOzx+4VU/d9gnX9H8J5Xa8B3D8EIAABCEAA
AhCAAAQgAAEI1AYCdU04L0SgtE7PtNlCMue+RbvLo5mzv5bpHDRBLxTOL79irO9gu+rKru6gg4e5
Mc9/Eoezmd6aYav1yJMijzp7ZQL+mWc/ypjtbecffOgdN/jCLk7mp7+JOvXV4b/ySstkdH4XUkdN
2JFZ6eSM81B8lEBvorvyoLXVtQ502lrTNsN/+L2Huv33WzBrV3kRWzMjnksctXybCFeIXwtTyNaE
zWx+Lzh/N3dmJISbu/2OV/y613acts02GEDrXsukfi5XSL3MFT68ZvVXwnkh3ELhJrnGrnEKhXOZ
aF+9+b98kqOePNrt3Hn9MHm//9aEKW7TzS4rY43A8pb2bIXLAuTKtz1n+Zhdf8N41/u4B+IBIT/8
8GsknjnXtGmDrGKszSyXaKZnNhxEYHU6X7oCEDKtSOHc+GUzj582W19irKxXmNNghiOPbOc673yj
nYq34bMsMfGYY+73neyxh5SdZFnZM5vi1Z8K3yPmx2YUy9KEubDO2Tnbjh03yW273bV2mHV7y837
uyN7bJlxffxLk12nra7KOBceaLmA228/yDVssER8ulgWekb0nvvuu1lxHGk7oeUNfVvWXmdQHMa+
Iyrz5JIK4dIVehfvsttN7umnP4yTkEgvKxO9ej8Qn7OdMKzy2XnnGzKWdTB/2qoMNDAmtFYRPv+h
33A/15IGob98+8m6m+Y/uQyFeFw4eLQ7+5wn07z7c/pu9uu7bTy720xrWwDdt5Yl0fsjrJO6XtHL
LxT6rpA1DP2GkECazT0+8ii3266tMi5LyNtu++syziUPkoPf7L2f9GfHye9jeZ7HYp995aHYMi50
GZ6Kqrf53tO6Bw1UlEWY5aJBHeaK5a5w4qd3oS1HYnGF22T56lopz74E+jPOeNxdMXRcGH3Gfq73
dobHLAdil1zyJIvXaAmgI9ze0dIrcuV5DxZTB5Pvacvb+BdP9IOVdt71xox3sa6H7ygbcGrhktu0
QX7Ffn/Sfq9aHubMjQYeBN+ZZP6S+eG4BAII5yVAIwgEIAABCEAAAhCAAAQgAAEIQKCaEUA4L1sg
1umZNitWMzUOOfSuMjNwFYsJeupUljA1PzJPffrpI93PkflqiWcTI1Fo6tSf/YxGddRt/c+rvRny
O+84yM/uK5uTBQLcm29Ocbvssr5bZuklvRcT761DXx2VJtBo/+mnjo1mG62aFl2Zc6HAkyYIqjPS
BHKZ5L7l5gOcZqdcffV//OxIRZgUwhTG1qNNzngOryUFtzKZi06YCFeI37Tw2c5ZB7V46b4lhmhW
9JVXjvOii85PfO/0eAafRAvNTD/m2BGx+XyJjHvttZFT+ezb7Q6flIldlq7N2Nex+MmE/1prNfXi
h9Y2N5fG3q4Vu7X6W4pwHoq8mqV4xhlP+FnnLVs2cxMjCwEa3PHkqPf9LHnN+lL5Lt2ofpksqpw1
G3WFFZZ2W7ZbI75ueUsTzu1avnzbc5aLmdK3ta+V+JZbruFn5FpGHo6ex7323MgO462tR50sR3mw
a7nStYgKFcPMf6FbYzR58g9Opu4liGg27VNPfehNwyueUBjV8cxoZuW77071A3i6H3KXTsVOg246
d17Pz0hXfZTFCc2MS/Lbp2trd+qp20ZpLeUtJ+i5NJd8Nu2Z1fU+x2/ljj++kzffa0tPpFk2kF8x
mzLlp2hm/GKu6z636VQ8yMgfBP/M4kZwKnU3WY6TPv3etWi5wMqH1soeekVX17r1ym5uJCbcG61F
3ueEBfcVDpwohUX4Xk3N2P9PhsK5TmlWvyxbDBg4KsMKhWZ4aob/mDGT/LUk82+i74rqxHPPfRIv
k2DpXnftvm6ddZq6wUOei2ZCfuWtl7T4R7MMKwp6N916ywFuxx3X9YNFXnjhU7fHnrf4KJLWF2xA
igYYDI3WoNdgrV9mznXDh7/pZ9YrUCHPiOUv11YDcGTtoEmTJf2M4c8+m+G/vUcf1d7PcNbs/DZt
VnGHRbPzbZCL5U/xKo+DoudEM8W//vpnN3DgU254ZGlALsyjZmG+NeFr9+OPv/nBBkrH3N7RO753
747R8gvT3EknP+z6nratu2jI7nF65q/UbSHvCtXBvaNnwpazGDK4S2SRYHPXsGG0hEq0LETPo4bH
An9YN5IDAm679QDXqdPafjmagf962s8aVr6Ts92L/T6W+jwas2KefYUppYw1O/3OaLkcDaqQs+df
A6msXuRbisMHLOCfvadtgFP47deSPrbkj76rsrxjy5IUy11ZMYtByrusMWy0YfQ+iwTucdHgIhsc
lRTOw/wV+uyrDtrvOqWrAVha9mjGjN/cqac9kvEbtLxrnH815Ue3z763+9/HSktO3yk953oPKh/m
wsF7pbwHLZ5i6uBnk6e7IUPGuJtvedn/rntgxOGRFaIWvhz17n/nnW/8byTFrffMrruuHw8+st9P
ejcdFw3Qax1ZBPr++1nRu+URNypasiZZVqV8f2SpY8yYT+LfpSqroUP3it7VCywDyZrVTp1v8L9l
1ba44vK93LrRrH5cBRFAOK8gkEQDAQhAAAIQgAAEIAABCEAAAhCoQgII52XhW6eihIjz/rVL1Dm9
hDe3eG8kDNisnlBYsRhM0LNj2yY7wnQ+FL+T4rKFy7a1/FmnrPxJ/AmP1RmrNdxzOYnBW219lQ8n
cUTm4Js0XqpMEIn8S9Q/rcx5nbjh+m7umKM7ZFwL7y3sxDdPJqylXTM/ti3Gr4UpdqvZPBLOFl+8
XiQML+p22PF6X87J/ImD1vAUZxMYLS2Zoz7xpIf97FaJdRJxNIO6a9T5K7FDfF8af6JbMRKSzZnZ
fx2HIo5dL3Ub1o/kPaTFacKNrqkeSRyXgGmDMXQ+nMlo9Txphl3+8jnLm4TzTz4+Kx4Morp41VX/
ceec+6TviJ74Xv+syw9Y+vmYWd2xPEkgmBkJfOZklv7AAza1Q7/NNau80HQVkTFNClIZiZXz4Pd5
871Zb0XTODLZ/K/znnZa0z0bFxNl5F8snn2ml2u3xd+DGiS2mJl3sxggv2nxhbO2k3XMuA8csLMb
cG5nReHdSy9/7jp2urKMMLDgauZ/WeO4/Y5Xswrn8i2xU8tDmJhjAwZ0Xi5pCl3nLG+a7anBEyZY
6ZpcOBvw44/OdBKYS2VhpqvvHf6WO7j7sJhjrvyFeUjjbvlLMveZT+Rf75wXxvWJzb3Lj9I2yyYW
lwYJpS33EdYXCUMy8y4Rp8eRw/2gqbT8mYCa9mxZHkvdWtnl+rZ9O+0Xt/IqA3wS/fpu5yQwm6Cu
k8p//2gwm4RL3XdyuZDwHS//t96yf7QEwt8WC/TMheb15ae8rpB3hS0hobRGPtbTddltg4xk9c3d
drtrvNCod85D0QAYPRtWVmlLaqgu7BtZtNH3Ke03iiVQ6PdR8RX7PFoa4Tbfs1+eMrY6r4FUev81
igYeyEloXG/9wf6bp29Pq/Vz/3YK85u2b985/VZI+/aHVgDs2UrGUyh3G9CV9q2xATy7d9nQ2e8S
pWMcinn2X33tS79uu8Jrpvwh3TfXrnfK63773+kHBCrO8grnitTyqP1rr9nH9e7VSbve6ffCAQf+
2wvN4qvn2JZVkYcwbL734IIYM//nq4PyHb4fk0sp2WAGpf3B+6eXeWfot6EGaoqbzKirjfHNNz9H
M8HPLzMot9Tvj/Jo70x7J9i7X/zadxjqB9tk+5YoPK5EAgjnJYIjGAQgAAEIQAACEIAABCAAAQhA
oBoRQDgvWxhhp2fZq85deMFuftaZdUKZHxPWJChKmPnzz7+8ieQ0gTFMo1jh3Drala4EsNHP9nZb
tG2eYXpTaUq8CNcdt3xqK5FMM3rM7GuuzmKZmz/1tEd9cM1I3GzT1dyQi57zx+okTZryVdwS5F97
7atUU+HWmVdIh10xfn2GCvynPD4Umbo/OzLnG84uDIMn82dllhR9FcZmlocCRDiAQIxCkdLSySd2
mr9itpZPddon7yEtnrA+pV3XubDzOazn995zSGzuOFvY8HyYN80g0/q8cpppZe7cc3Zy/xq4ix2W
2Vr6acKdeQ7T0Tnr6FdH9UknPeJniqV18J874Ek36PxnY5HT4tO2kHTNvzFNEzPMT6lbrXN67oCn
4tmiyXiycbE86Z0hs7KamZjNmRiTnBEZ+r/hxvF+dm5SyLRnNvle07rYG2w4xEeRT1hRHPfd/1ZB
Aoyll6+uh3VCQqJmYv/66+/xLWkN+C+++MGdcuqCd53FVx4WiryYepPPv8VleYsz//8duy5hcNST
x6QOhLIwxk3HGkQgAceclv2YN+/PeCZpWKdC8+myRNAusijRpMlSkaWAev49ofXH/7FOM4uqwraW
32z3roTemzjVbdT64lRR3DIikXTztpf7974NtrBrYR1JLjNifip6a89lrneFMU9bTsXyY2Kdvddk
uUHLysgyTZrYrnCyKrLNtte49luu5W66sVv8Li/l+2j5KKSczG/aVuFzPfvlKWN7PpKWKMJZvWH9
0mCA225/xf3yy98DrtLyrGdnn31au/XXW9FfDutRvm9/jyPaeVFbQmop3I2HEt40+m2mtapXXnlp
/23Vd7tZs6WjQZQrxmUrf1ZG2i/02bf3YLbfll9Hwu9qqw8sI/wqjVKclVX4myqMJxSuk98gC1vI
ezCM0/bz1UH5C+uMlgOxgQk6b9Yh7HeHxautvoO33vpfd3pk8j7N2fO7bJMFJvyNeynfYs0s/0eL
C3wyoQn4K696wVvPSGubpOWJc0USQDgvEhjeIQABCEAAAhCAAAQgAAEIQAAC1ZAAwnnZQrFOTwmk
mllcv/5iTjNRJQTLffP1wNjkYRjaOuvCTtljjr3f/feVz92br5+WIWKHoupjj/Z0u3fJnEEWxpvc
17rjG29yqZ8dFa5JLH82KyjZ+RbGEc4O0vkxz/V2227TIvQS74edk+F6khIftDaumMh07cUX7RGH
0Y51zIad0DofzsJOXtP1pMsWT9JfMcfq2NTa8VojXk5C4n7dNvEdzY8+9m480zqZv7BeJIW/NPHD
xHTF/+mks12z5RuVyabNjAqFqTKeijxh+SxWOE92UGt2peI47PC7vfhyVM/27sYbujmbQauOXImj
4UyvfFkN85b0K7PVffps7dcJTV4Lj+05y8VMgsc2/1/3NXlfoXCWLONHHn3X7d31tlTh3KwK5ErX
8plWH+xaebY33vRSbA5b8ajje7nlGrgJb38dm6LPlj/LUzZT6WG+jHEo6oTXc+1ne2at7NPM9Cfj
K0S4sDDZ0rPrtlX6Wnfclriw89m2JqqWh4XitvDZyiWZfi7/di1Zby0Oux5+g+xacmvWFZLn044v
vWQPd+op2/pLmq24a7SmullfSfNf7DctLY7kuULK2USmXIKQvr2t21zshfO3J/R1rTdaJU7K6qiW
aXl/4umpy1DEnitox57LbMK5vlc2czxXub773lR/XxJL9V5efPFF/QxhvcOT95kr66V+Hy3OQsrJ
/KZt8z375Sljez7SnsW0fId1JS2v4bnwGSmkHtm3375PGkRWyu8SlZcsjZw36JkwOxn7svyhAWkS
5+VKefYtjAaOnnH6Dhnx68DuuZD3e5nAKSesrLLVeUsv7XdOvrApyWWcylcHzbPNBtdvPP0mXGXl
xhmDd5K/E8PfHopDv9P1PZ4+/Ve/FIydC8PZvZTyLVZ8mj1/0cVj/HJEY0b39ku3mHWF5Ex5+cdV
AAGE8wqASBQQgAAEIAABCEAAAhCAAAQgAIEqJoBwXrYArEMunFmsDq9OW13lRRd1dMoUarYZ52Gn
rMLJDPhKKy6TkVDYOZ2rkz8j0P8PLH/qMBz7/HHun1v/I/ZmHXnZhHOJHjvseF08CCCXaK5IX3p5
gXlliaS2xrXOy9kMN+v4DWe3WydryEJhlP4mm17qRYvkjFRdT7q0zuykn2KPTahQOM226hJZB7Cy
DEWKpDhl3NM6hi3OUPywQQfqVJXZ52QdUPomAiQ56VqpzvKZ1qGcFqflPVs9tNmOVs7vvPuN23Sz
y3xUxXa8Wt60DILEHK09rJmt9eot4pasv3ha9sqcs47kfMys7pxz9o7Rkgu7xvH8/Msc12TZM/xx
soxHPDDBm5wNy1EeVS8OO/weN+yu1/3Msp5Hto/jS9sxpsl40vwWek7sTPiVeHF8tH54uL78XXe/
4Q459K5U0V9pFJMnY1xK/o17kq2Vfdrzk2RQqHChcJZevroYDla64Pzd3C67rOeX4EimrWPNnt4w
mpEvU+7lYaG4LHw2AUh+Qmf+0+r3FUPH+hnxSbYWPldY82Nbe0fLOop4zJkzzy5lbGXqvEWL5Z3N
gJQJej1DstQxIVqD/Kef5nj/MjV8xdBxfj/b9ycj4iIPrJyz3buis2+SxOOk+WZLLnyOknEVU0ct
vvJuC3kubU3vtCViLH0bqGXswxnnyfu0MGlby4+uFfN9tLisnPI9j+Y/uc337JenjHM9H5bvkFVo
PSeZz+RxOKvf6pG+c9mWHbFvv31XP5s8w7Vc90IfbbHc9TxOi5YpePXVr9y33/7i4/j559nupptf
Th0IWMqzbwJsNosw9n6VCBwKv0lOhR5bWeVLTwOhkrP6LWzaO7SQ9PPVQYtDA0G3j5b2GTt2Uvy7
wOrRZZfu6U45eRvz6reWLz2jT406xm2y8WrxdTOfnuRnYUr5Fity+x2q/VdfOdlNnPitt4Qlwf7u
u7rHgyl0HVdBBBDOKwgk0UAAAhCAAAQgAAEIQAACEIAABKqQAMJ5WfjW6ZkUeMJ1fdPWcLUOrkI7
60ykUw6efuoYt9OO65XJzIwffnVPPfWhny3SfPVl/XWtw6q1gjXbe9i/u7vuB28Wh9PMUwnT1nlu
Yoc8yETkP7e52ov/EnPHPn+823STBR136rSbPXtexhrcCmMz2IsVzq1TWKLMI5E4bcL0Sy8vEOJz
CRtK15x1Qoad2Xat1K2Vk+7p/fdOz7AEIEbttrzCi0LJNLPVC+XDxIZQfJZ/EzoHX9jFnd5/+4ws
W0epOn4LrTMZEWQ5sHxWlHB+8y0vu6OPuT9eB3dONBDETAB37LhWtFRAr1TR+8Xxn0Wi2my3266t
4nWGLW/hoJQst5H1tJVfPmaahSdT+KEZVUUaDt5IdriH4pOEN7MSYGbGte77Rx+e4Vq2WCFr/nTB
6kOpnd1pkVucujb9+/Nd0+Uaxt4k7Jt52GxcLHxYR+MIEjtPjnrf7dblZn8222xVmYx/5JH33Cmn
bJOxjna2ZzYs+3zCSqHChTJoIlBoija8HYlfWrs9FDnSnscwjIQorRsvVx4WCm/1VeL0mWeUnakp
CyANllpCXr0z/8lyDPOffDflC2vXw+3Fl4zx630n39GhH+3reWmw1OLxO1xlo8E0eg5WXqlxhncT
adK+PxkeSzjIVq/CqCZ9+r1r0XKB+Jht1rvN9FW45LNcTB0N0y3PfiHPpdUJfbf1PK61ZtMySZqw
ad/WxRZbNP6dkG226sxZc911173oVlxxaXf4YVv4OC2tYr+PlqFCn0fzn9zme/bLU8Z2b8lnS3ko
pH4l85rt2OqRvsH9+m7nLhqye4ZXicwdOg71Fl3sXWR5K5a71ee095/ysfU/r/a/FcN3RinPvuVP
z/brr53iVl9twe9RuzEbuFVRz76lpzqvQRgt/pG5/MNtt//XHdnzPm8xKDk4wcKmlbPlN9c2Xx0M
w45+7iO34043OP0WuvWWAzxv/ZZO5klh7NlIqxP2WzvJr7zfH6Vr7wbtmytk4Kr5ZVskAYTzIoHh
HQIQgAAEIAABCEAAAhCAAAQgUA0JIJxnFopm00kkkylXuWQHoXVAqXPrxf+cEHfmyTT0tdeN9+sG
ynx6n2g26Nzf/4gEm3qx4JCZ0t+mLdW5KnfrLfu7Aw/czJu+1kx1CeYHHTzMXzt/0K7urDN39Pv6
Z8K08iEBXGtrSoDZt9sdfr3o5FqoobCm8Ddc383tueeGfo1fdbAffsS9kaD+bZmZQiaEKEy45qvy
Z6ba02bB2XqXCnfvPYd6c5QSYLT2ue432ywi+Q9dRXZmW7w2AELsHh95lGu7eXO/tugrr3wRrdk8
Ijbl/MK4491WndaxYH492C3bD3WzIrFBHbmrrdokvvbmW1O8SC6hdMT9h3uhThdtzWzta5bwscd2
8LOEP/7ke3fgQf/2LHRNs5NOPumfscCsc6W6sNM+7CzPFl+Yd5VxpMFG+XDRff7uxo2b5Gc1O0g0
AABAAElEQVRgK6zq9FVXdvXRmElzHWgd0buGdXfrrL28k3n3Tz6Z7i699HkvrqnT+/PJ57rllm3g
r2l26katL/Jx6Nlq2rShN5FfyGxziQ16nobfN8HPrA6fs4YN/hYefeTRPxPBdRyKaBcOHu3OOvsJ
P7hEIlRoCUDPcYf/D0pRvb5y6N6+TI7v86C77vrxLm0AiaUXbk0Mq0jhXOsRb7jRRX4G4X3DD3Nd
997I5+2jj79zl1yygLfykKxLeqdpsM2ECd+49h2G+gEQVs7ynzbbP6xDek4eerCHN6Gv2cfffT/L
XXnlOCeOclovvUP7Nf2++PU54SF3w40vubTnR+spa0Zd8vlRvZHlATm9j0466WH30MPv+Pev6ojq
pFxaOds7udu+bdzttx/k/SiPo0d/7M4590n3fbRvYqMJKorr2mv2cUdE6wvbUgPi+3CU5jHHjtBl
PztP74ZSWfhIon8mfIijBmpI9NS78LXXvnRXX/Mf9+ij72XUTxtQJf+jn+3t16KX/4suei5mnmQr
fotGZZP2DVI+ZLZ7icUXsyz5rdVRHWhwyeDBu8UDRfSsvfDCp+60vo/692EoQJn4o+de9WiN5svF
8T4/9hO33fbXpQ7cij0VuaN7lwWAk09+JK5XW2yxhps/f0F9kaiveikXWobQsWbu7rnHhvH1kY9P
dHvseYsu+W9SOONS96w171dc6Ryff3s/5ap7PqIS/ll917On76EGa+ldke251PfW1mUP64WS1nf/
2mtfdP36j/Q5CS0bmKiqC1pS5Yxo4IYG02kwyauvfuF/L2gwUKtoDex3JvTzg8hK/T76xKN/xTyP
CmMstF/Is1+eMraZ+/p2nHTi39/bXO8t5atYp/IyC0UKK6H0pJO2jpbVaOg+/PA7d+hhd8Xfflmj
kShcKnd7p+lb+9SoY+N3sdL9asqP0Rr215YZCFjKsx/+FlQdHPnYUdHAy1Wj+jfP3XffW35wndLU
teT7XeeLdXZfCqd707PRrt0akWWM+dF7/lX/bte1cGBcKe9BxVFsHVQYc+H3wc6lLV+ka2YxZJdd
1o9mqO/vB5wlf+sn+YXx61qh32LLi7ZTvv7Jrd78X/EpZpvHKCpnB+G8crgSKwQgAAEIQAACEIAA
BCAAAQhAYGESQDj/m3bYQfX3Wec7tDVrWutDqhPfTI3Ljzq7JXhKLEhz+YSzyZ/PcBJj1Xmdzamz
zAQX86O82kwiOxduk8LKc2M+jky0Xx96KbOvdJIzQdVJfWIkYkngMde69cqROdCZcZ6Ts/bMn3US
6lhhbICA0kkKlhYmua0M4VwdlbbGYzK95LExefnlz+MZuObHrA6YUGDntdX9ae3cZAd66Ce5b2mF
VgKSfgo5DutxLuG8GDO0aWVmAnSuPGk2Xf9+27kvvvzRrbX2oKxec+VTgaweZIsg2yzqtLKxONJM
qeqaCRjaV4f9zJlztetd8rmy88mtCRP5nv9kuFzHehbDNXBz+dU1MW3TZpV41mku/2mzz96bODUa
5LBgAJGFVT0I31WarSwRX4J2KKyYfxMQQgHPrj0w4nC3T9c2Xpg2ywx2Ldv2zjsOcoce0jbjsq3t
bCeTedTxhLdO87OjNWtbg4Rkct+cBPevpvwUrxGv8yp3hVl7reW9t2JZWNzaJr8ZEimT66yHs0WT
IkcYV7hvdeubqb9kiCKhH9tfbbUm7p23+8bm1u28CYl23Lnzen4gy6hRH9gpvw3NUJtwbh4URgLa
+x9M84MAdD5tMJX5L2YbimfZwp191o5u0Hl/L8WgARD6psqUvJzKskWLZm5KVMZWd8XjtVdPjgfN
mHWKbGnofChI5/KX75rez4XUd9Xb8Hv8SiR0677M6ZsqSy5vvjnFTjm9BzUYwCy86J1xWt/H3OVX
jI39hN9iO6kBZLIMIlfK9zH8ZhXzPBbKQvkKn/1iyzjt95LNzJ82bWaZb1N5hMWXXl5gVSf57dA9
JJ3E4P3328SfLpV78hlR+e66Syv3ww+/eVPtitzu1QYJ6Vwpz77em4cedreCZ3X2/i3v85K8r7QE
dV8yPy7rK4W8N9Peg6XWwTA/NpDVzmm2eav1V7LDeGtLKcUncuzY+13tjvJ8fyyJ8wY94wYMHOUP
7fepXWNbwQQQzisYKNFBAAIQgAAEIAABCEAAAhCAAASqgADC+d/QJSRuv8N1bvz4yX+fjPZs5qk6
sORshq72NdulV68OfjZYmiCi6zfd2C3nOoIyl3rhhc+6IdGMwqQbesXe7uij28ezIsPrEmSOiUxo
D49m+4Qu7AS384UI9NlM9mo21tArX3B9+z1m0fmtOiElqGzcZtWM83agTnuJq2ef86Sd8rORwpn6
8YUsOyaY5hNWswTPevqDD6dFs+1uzxCw1OErEVBCqc1KVMesRMVXXvncm+MMIzQxSZ2R6pQ0p3he
funEWHRT+Z4dzXC+6uq/Bx/I7y037+9n2EnIk7O0wnWr/YUi/6kjWDMYNVAhF7ds9T1Mrm3b1aOl
ADZ33btv7meNh9e0rxmmPY+6Lxap7LrENFlJ2Hyz1f2pb6P1Vzt2uqqMP12UwKCBIWkdzRZfkrGd
t23yGbXzqoMSjSQehe6Ky/dyJ/TZKutz+fgTE93ueyyYmWrh0p4ru5bcVoZwrjQkrpxyyqN+Nr+l
KX5Dr9jLtW27RjQ45rpYHJSp+XWj5Qj26nqbe+KJ98sMArDw2srvBq3KdvRLoBoU1e1w4Iz8b7rp
am7AuZ1dl0g4t/dimnBuZojThHNbniJN1FIaae7BB46IZtq3LnPpiSffdz2OvDe+d3lQHmUlQZY1
QmFPdeK++yd4iw/JiHbccV13xOFbOL0Ll1l6gal281MMCwtjW71vjjr6voxvi8pNVkT2229jPwvd
/GqrwRtd97kt434kRP3xx1/u2F4LZsTbt0Wz69tsfIn3m/YNUny53i1aUuGYY+/PeBcqjN5jZ56x
o+vadaMMs8w2GCVNgFW4IYO7uBNO2Dr1m6XrxTibrZ8rjGYPn3zSNhlekrOww4vKX5/o2Q/N4+sd
ceppj4beyuyb5ZQyF4o8UWh9TysziYODo2+qrF+ETmUlqwD77tMmnl0fXtf77MiewzPqk65rUFPv
3p2cLQNjYYr9Pia/WYU+j4WyUL6Sz34xZZz2rZPFhHFjj3dTo4Ena66VOahr4ICd/fvNeBSzDUVO
PeOqn88885Eb8cDbcTT6Pg6+cLeMNa51sRTu9oworaUi6ws2OMQSO6pnezdwYGe3ysqZyyroerHP
vsKMef7j6N05LCMd3c85Z+/kTj7lYW8WXv7K+7yYcK73XpvoN+ZVV73gZA5eTvV90Hm7uMOjd7VZ
0tBvjFLeg+Wpgz4z0b9wcFS+QRd6NrrsvmAZFAuvwVvnRfdz771vxr8l7f1u39fyfH+UjtoXZ5z5
eMYMfUufbQUTQDivYKBEBwEIQAACEIAABCAAAQhAAAIQqAICCOdVAD1Lkup8k1lhCTtLRWverhh1
DtrMsSxB/GmJ4jKrLTOna665XIUIFmnpSbT75ptforWC//Ii3BrNl03tpE+GVWe/zOrKDK7EgHDW
U9Jv8thmN+YSgJNhijn+ZurP3gz0kksulrFmdDFxFOpX/MRO4tcyy9RPXRe80Lhy+VNHcCHCea44
ir0mjr9Fpo5VX5s0Wco1abxUsVFUqn91OstKgiw6r7zyMgWVtcprRrRsg8pL5sKXj/4KdZUlnFv6
up+50Vrziy9eL7qXBgW9JyxsKVu9m7Ruq9KTk+n96uhUZtHr05v2btSwfs4syoT9tO9mugbRbHnV
3WWiNc3zhVGE5WGhsHoX1qu3aLyGerZMKn8zolmjco0bLxkv/5DNf3nPS4BfdNFF/Duqfv3FsuZP
Zo1//HF29H1aOno2/nSzovf6nDnz/H0tv3zDSs9nMfcpwVRLA5hr2rRBpb13LY2FsdVgrB9//M3X
I333V2jWKO+3OFnf9U6rv0Sm+f5k3sv7fSzmeUymXehxTSnjYp79YrnL/8orLePrgL2f9J7Re6OQ
d1qhz76VierSt9FM/UaN6kfP/R8FfU8tbKFbE87DZSIUVukV8ru40HQqyp++ybJqsV60bFK+37h6
h37//YL3khg2jr49hTor32K+xVO//dmtsupAn0S22fCFpo+/AgggnBcACS8QgAAEIAABCEAAAhCA
AAQgAIFqTqCuCeflNR9ZzYuz1mWvsmac1zpQwQ2FwnmaCe7AK7uVRGDSp9+7Fi0vzFjmoZKSIloI
QAACEIBArSJgVkr4zV7+YrWlKPr13c5dNGT38kdIDLkJIJzn5sNVCEAAAhCAAAQgAAEIQAACEIBA
TSBQF4RzzeA+6uj73a23/devtb3euiu62dEMOa1RXchsnJpQjrUpj1ojtVfvEW7VVRq7+0dM8LdW
WTPOaxM3u5dfo9mzW7S73Jtelqn1FaKZoW03b+7OPWenvLMSLQ62xRPQe+bsaFmCTz753r0RrTus
NZa1TunDD/bwM0OLj5EQEIAABCAAgbpDQN9R/Va/9bZX3H//+4U3y37QgZt5qxbLLruUGxCZ0c9n
KaHu0Eq/0+mRpZwBA0Z5K1Rz5syP17qXOf+rruzqDju0Lb8F09FVzFmE84rhSCwQgAAEIAABCEAA
AhCAAAQgAIGqJFAXhHPxvf6G8a73cQ/EqLU+9ztv981Y+za+yE6VEtD6vp22uiojD9nWYM7wxIEn
oI7nww6/xw276/WYSL51N2OP7JRMQCZkd+x8gxs7dlIcR3Kd0vgCOxCAAAQgAAEIZBCQxZwNNrzI
DzzLuBAdSPj9fPK51XapkGR+q+r4gw+nuVYbDElNvlWrFd07E/oxmC+VTgWdRDivIJBEAwEIQAAC
EIAABCAAAQhAAAIQqEICdUU4r0LEJA0BCEAAAhCAAAQgAAEI5CGgNblnzPjNz5gOvWpd73XWXj48
xX4KAa1B/+ln090ff/wVzSz/24OOte79aqs2+fskexVPAOG84pkSIwQgAAEIQAACEIAABCAAAQhA
YGETQDhf2MRJDwIQgAAEIAABCEAAAhCAAARqFQGE81pVnNwMBCAAAQhAAAIQgAAEIAABCNRRAgjn
dbTguW0IQAACEIAABCAAAQhAAAIQqBgCCOcVw5FYIAABCEAAAhCAAAQgAAEIQAACVUkA4bwq6ZM2
BCAAAQhAAAIQgAAEIAABCNR4AgjnNb4IuQEIQAACEIAABCAAAQhAAAIQgIBDOKcSQAACEIAABCAA
AQhAAAIQgAAEykEA4bwc8AgKAQhAAAIQgAAEIAABCEAAAhCoJgQQzqtJQZANCEAAAhCAAAQgAAEI
QAACEKiZBBDOa2a5kWsIQAACEIAABCAAAQhAAAIQgEBIAOE8pMF+ZRCYOWuuGzHiLdekSQO35x4b
unr1Fq2MZIgTAhCAAAQgAAEIQAACEIBA1RBAOK8a7qQKAQhAAAIQgAAEIAABCEAAAhCoSAII5xVJ
k7jSCDzw4Nuu2353uBVWaOQ+/OAMt2wkoOMgAAEIQAACEIAABCAAAQjUGgII57WmKLkRCEAAAhCA
AAQgAAEIQAACEKjDBBDOq77wf5k5x5111hOuVauV3LHHdHCLLLJI1WcqyMFff/3lLrt8rPv665/d
4MG7uSXrLx5czb877oVJbpttr0U4z48KHxCAAAQgAAEIQAACEIBATSSAcF4TS408QwACEIAABCAA
AQhAAAIQgAAEMgkgnGfyqIqjDz+a5tZvNcTtvvsG7uEHe1Q7U+a//va726Ld5W769F9LmjH+wYfT
/MCA5Zdv5K68cm+31JLFCe9VUSakCQEIQAACEIAABCAAAQhAoGACCOcFo8IjBCAAAQhAAAIQgAAE
IAABCECg2hJAOK/6ovlk0veu5boXuv26bezuvecQt+ii1WsN8Dlz57l2W17hvv12ZknCedUTJgcQ
gAAEIAABCEAAAhCAAAQqkQDCeSXCJWoIQAACEIAABCAAAQhAAAIQgMBCIlBbhfOp3/7s7r33LbfE
EvW86fOjjtrSffTR9+7FFz9zv/76eyROL+I6dFjLtduieYZpdJklv+/+CZFZ8p9c/fqLuZkz57pD
D23rVl2lsXv6mQ/d3Xe/4Sa+/62P95STt3Hd9t04o6Q+/uQ7d889b3q/yy7bwP3551+uQ/u13AEH
bOxatlghw68dvDVhitt0s8vcVlut7Z59pperF+XNnMy216uXLqRP/nyGu/PO19zIxyead9ep41ru
6KM7uA0is+9p7vvps/w93Hf/W+733/9wzZo1cttu8w/Xvv2a7rHH3nMbbLCSO/ywLWImf/zxp5sV
8erQcaifcT7hrdPcCs2WduJkbrHF6tluvJ0//w932+2vuLlz/4jicj6tVSKG+++3cRx37DnYmfv7
fDdy5ET38MPvOA0o0L03X31Zt18UTjPyl1h8sdj3b7N/d7fc8l9/PH/+n26ffVq7l1763N19zxtu
6tRfIt7NXP/+27uN26wah2EHAhCAAAQgAAEIQAACEIBAhRNAOK9wpEQIAQhAAAIQgAAEIAABCEAA
AhBY6ARqq3Au8bT7IXfl5bnLLuu7u4Z1d8tFIreczJKvvc4g9913s+Kwjz3a040YMcENu+v1+Jx2
VlihUTwDW0LyhYNHu7PPeTLDT3gw+MIurl/fbf2McgnLe3W9zT3xxPuhlzL7q63WxL3zdl+3bJMF
+TMP113/ojvu+AftsMz2skv3dCef9M8Mkfr5sZ+47ba/rozf8ERoLn7IRc+5M858PLycuj/hrb6u
TetVMq59/sUPbq21B2Wc08CA5587LutAAJms363Lze6zz2ZkhLMD8R439ni33ror+lMawLDhRhfZ
5azbl8af6NpvuWbW61yAAAQgAAEIQAACEIAABCBQLgII5+XCR2AIQAACEIAABCAAAQhAAAIQgEC1
IFBbhfPf5813Tz/9kdtjz1syOEu8btmymXvkkXdjIVzH773b3y3+/5nTWpN7xoxfvRA+atQHcXgJ
tzfesJ+bN+8Pd3yfB12jRvV9OK3Zff0N413v4x7wfrvt28YNGrSrW3XVxtHM9Z/dwIFPueH3veWv
XXP1Pu643p2chPNttrvWjR8/OY4/bSdNOH/k0Xfd3pHoLtfjiHauX7/t3BprLOumTZvpLrtsrLv6
mv/4aw+MONzt07WN39c9tdpgiN/Xv9tuPcB16rS2++abKH//etqNHTvJX5Nw/shDPby4Xx7hXJG9
/sZXbs6ceRHL39xee9+a0xT9jz/95tZbf3A8YOH++w5zO+zQMprZ7tzzz3/i9u12h89fOFhBDCe8
/Y07d8AoZ+UkHqeeuo37+ec5fuCERPgD9t/E3XP3IRmDCHxk/IMABCAAAQhAAAIQgAAEIFARBBDO
K4IicUAAAhCAAAQgAAEIQAACEIAABKqWQG0VzkV1XiSsdux0pXvtta+cBOj/vnySN7luxB9/YqLb
fY8FwvpDDx7h9t6rtV3y2xNOfCgWoXv36uguv3wvV3+JBabCZcLcTKh/O+0Xt/IqA3yYfn23c0MG
d8kQaTUbvf/pI90llz7vZ6lLpG+2fKM4LRO1JVo/9MAR8XntJE2123rj77wz1Q0csLMbcG7nDP86
OP2Mke6ii8e4tddu6oX9JSOT8z2OHO7uuPPVVA4SoPfd7w736KPveXPoDz/YI763pKn2tyf09XnP
Z6o9zJTKYfO2l/mZ4tnWcL/4kjGe0dJL13dvvH6qa/GPZmEUbtKn37sWLS/05zSbXmbyzVk5Jdm/
9vqXbot2V3gOynejhvUtCFsIQAACEIAABCAAAQhAAAIVRwDhvOJYEhMEIAABCEAAAhCAAAQgAAEI
QKCqCNRm4TwUmV8Yd7zbqtM6ZTCfO+BJN+j8Z92RPbZ0N93Yzc+0Nk+hIDv4wt0yrpkfbd+bONVt
1PriVFHc/GlG9eZtL/dmyF9+6SS3Zbs17JJfy7vluhfmnJFtnrXut/zKaS3yPffcMJrVPd8u+7XX
NXtcs85tdvYSkdi/RbvL3fvvT3MjH+vpuuy2QezfdrT2+TbbXhOZNF+rDAfj+O23M2PT9BaukK2F
l4n1NOFcIrwJ+7IIcHq0Lnmas1n9oTl5+bNySpqMl9l93ff06b+WlO+0PHAOAhCAAAQgAAEIQAAC
EIBAGQII52WQcAICEIAABCAAAQhAAAIQgAAEIFDjCNQF4fyHH2a79yee7paOTKsn3WMj33N77nVr
mZnW8pdNkE3Gcc+9b7qDuw/LKXxLxG3d5mIvnGv2c+uN/l4T3MTw0Ex6Mg07Nr92nGtrwvlSSy3u
2m15hdMs9WTaucLbNRO+K0s4N4Fbwr5mm2+6yWqWdMZWM+aP6HGvN09/8037xQMZrJxee/UUt/lm
q8dhypvvOCJ2IAABCEAAAhCAAAQgAAEI5CKAcJ6LDtcgAAEIQAACEIAABCAAAQhAAAI1g0BdEM4n
T/7BTXyvv1t9tWXLFIqJ3slZzPKYTZBNRhKaBJcZdq15nnQScTfb/DI/6zsp8JoYvl+3jVNnZIdx
ffjRNLd+qwVrlcu8vEzQ//lntBB4iltmmSUj8+gruN9mz4tnnCfTTglW5lR5BWgLn2vGebfIVPyD
D73jht97qNt/v03K5EEnRjwwwe23/51lBjlkKydLN5/gL3P0n3/xg09zrTWXiwX51ExwEgIQgAAE
IAABCEAAAhCAQJIAwnmSCMcQgAAEIAABCEAAAhCAAAQgAIGaR6AuCOeaaX3qKdu4Sy7eI2Pt8dB8
+rnn7OT+NXCXjALMJshmeIoOwvW3H3u0p9u9S1lT6DazXWE/+vAM17LFCnE0JpxvtdXabszo3m6x
xerF17Tz+7z5bonFF6ytrvXU22x8ifvuu1nuudG93HbbtszwawcK8/vvf/h1vcO13nsc0c6Fs7XN
/8xZc911173oVlxxaW8C3s5razPCZfJcM9ZXWnGZ8LKT8Cxz68l8mycTsLMJ5/JnrFu2bObefadf
fL9hHFv/82q/Xv3xx3VyV13ZNS5LC5scFGDp5hLOdW/bbneNj1dpKf033zjNNWywhCXNFgIQgAAE
IAABCEAAAhCAQG4CCOe5+XAVAhCAAAQgAAEIQAACEIAABCBQEwjUFeFcZSHB9ZRIQG/ceCn30Uff
ue6H3OVNp+uaZopv0Gol7UYztH+PZh0v4nbrcrMbM+YTp/XR20Vrks+b96e/3iAyfb7IIov4ff2T
aHzY4fe4YXe97s89/FAPt+ceG8Z+Rj4+0e2x5y3+2gH7b+Luvqt7xqxmzXZea+1B/rqJ4XN/n+8+
/PA7d9NNL7nrrh/v+p62rbv4oj28HxOKl166vnvwgSPcDtu3jNP6bPJ0d+edr7nzBj0Tr3G+bJMG
LhTuFdcZZ+zgdF7pvPrqF27fbnd4Mb5VqxXdOxP6uXr1FvVp6V8ovF9+2Z7uxBO2ju7ZuS++/MGN
GPG2O/2Mx73gLFF9yfoLZtuLofzIzZ0732219VVunXWW9zPK7Xy9eovE/t+aMMVtutll3n+3fdu4
a67Z163QrJE/nvrtz1G5PeqG3/eWPw7XMp8//w93wIH/9rPVk+vY27rtEvxlAn61VZv48OE/G7QQ
nksK8OE19iEAAQhAAAIQgAAEIAABCJQhgHBeBgknIAABCEAAAhCAAAQgAAEIQAACNY5AXRLOsxXO
v+882B3SfXN/efRzH7kdd7ohm1d/Pk38lki7ZfuhsRAvUbtFi2ZuypSfvCCtgDKr/tqrJ5eZsS3h
XeLv/SMm+PgVdubMuX7f/l1w/m7uzEjslktLa5ed13djx02K05K/jh3Xcs8+08ubjlcap/V9zF1+
xVhd8q5165X9uud2rO3jI49yu+3aKjzl92198TIX/n8inC2fJkZnCxeuuX7DjeNdr94PxF433XTB
WudvvjklPnfdtfu6Xsd29MfhgAPzcGSPLd0tN++fMVDArt15x0Hu0EPa2qHfpuU1FOYzPHMAAQhA
AAIQgAAEIAABCEAgjQDCeRoVzkEAAhCAAAQgAAEIQAACEIAABGoWgbognP/ww2z3zNPHutGjP3bn
X/BMLC5LZD3ppK3dhhusHBfauBcmuW22vdYfS7gNRVvzpJnrVw7dO2PWuK5plvW1177o+vUfaV7j
7ZDBXVyfPlu5BkulmwCX2XjNqpZAHboTojCHRGLv5putHp52Mq0+dOg4d+6AURnndSBh/8gj20Vm
3FuUyePjT0x0R/YcHjOwwP37bed69+7kmq9edh14+ZHwftnlY13ffo9ZEL/dp2vrKK0t3Q47tHSL
/9/EfJqgnRHo/wcaIKCZ4C3+0Sy+/MabX3mBf+zYSfE57XTuvJ4bdN4uru3mzePzU77+ya8bL7P1
5vr13c5dNGR39+So973FADuv7cjHerouu2Wa0deM+z59HnI33/Ky99rn+K2cZtVnMzsfxsc+BCAA
AQhAAAIQgAAEIAABTwDhnIoAAQhAAAIQgAAEIAABCEAAAhCo+QRqs3Cu9as7dBzqtMb1Jx+f5ZZZ
eklfYDLvLVProTnyiixJibEyD26uadMGsUlyO5dtK/F9zpz53lR8o4ZL5BVw5f/HH2e7Ro3qR+Hm
RWbol8ybltYkn/bdTNcgWsf7t4hR06YNXf0lFqyhni1fdl5rp//66wIz7A0aLJ43LQtX7PaHH3+L
Zt3P8eXUMOLQdLmGxUZRlP9forRknr9Rw/pFhcMzBCAAAQhAAAIQgAAEIAABh3BOJYAABCAAAQhA
AAIQgAAEIAABCNR8ArVZONfa3Ju3vcwL55M/OyfrbO+aX4rcAQQgAAEIQAACEIAABCAAAQhUGQGE
8ypDT8IQgAAEIAABCEAAAhCAAAQgAIEKI1BbhfNJn37vLr98nLv+hvGe1X7dNnarrNLYz5Y+7LC2
rmOHtSqMIRFBAAIQgAAEIAABCEAAAhCAQB0mgHBehwufW4cABCAAAQhAAAIQgAAEIACBWkOgtgrn
9w5/0x108LDUcjp/0K7urDN3TL3GSQhAAAIQgAAEIAABCEAAAhCAQFEEEM6LwoVnCEAAAhCAAAQg
AAEIQAACEIBAtSRQW4VzrWP+8Sff+3WrQ/Dz5//p1lhjObd0tCY4DgIQgAAEIAABCEAAAhCAAAQg
UG4CCOflRkgEEIAABCAAAQhAAAIQgAAEIACBKidQW4XzKgdLBiAAAQhAAAIQgAAEIAABCECgbhCo
6cL5jz/+WDcKiruEAAQgAAEIQAACEIAABCAAAQjkILDsssvmuMolCEAAAhCAAAQgAAEIQAACEIAA
BGoigUX+ilwhGUc4L4QSfiAAAQhAAAIQgAAEIAABCECgthNAOK/tJcz9QQACEIAABCAAAQhAAAIQ
gEBdJIBwXhdLnXuGAAQgAAEIQAACEIAABCAAgZIJIJyXjI6AEIAABCAAAQhAAAIQgAAEIACBaksA
4bzaFg0ZgwAEIAABCEAAAhCAAAQgAIHqSADhvDqWCnmCAAQgAAEIQAACEIAABCAAAQiUjwDCefn4
ERoCEIAABCAAAQhAAAIQgAAE6hgBhPM6VuDcLgQgAAEIQAACEIAABCAAAQjUCQII53WimLlJCEAA
AhCAAAQgAAEIQAACEKgoAgjnFUWSeCAAAQhAAAIQgAAEIAABCEAAAtWHAMJ59SkLcgIBCEAAAhCA
AAQgAAEIQAACNYAAwnkNKCSyCAEIQAACEIAABCAAAQhAAAIQKJIAwnmRwPAOAQhAAAIQgAAEIAAB
CEAAAnWbAMJ53S5/7h4CEIAABCAAAQhAAAIQgAAEaicBhPPaWa7cFQQgAAEIQAACEIAABCAAAQhU
EgGE80oCS7QQgAAEIAABCEAAAhCAAAQgAIEqJIBwXoXwSRoCEIAABCAAAQhAAAIQgAAEah4BhPOa
V2bkGAIQgAAEIAABCEAAAhCAAAQgkI8Awnk+QlyHAAQgAAEIQAACEIAABCAAAQgEBBDOAxjsQgAC
EIAABCAAAQhAAAIQgAAEagkBhPNaUpDcBgQgAAEIQAACEIAABCAAAQgsHAII5wuHM6lAAAIQgAAE
IAABCEAAAhCAAAQWJgGE84VJm7QgAAEIQAACEIAABCAAAQhAoMYTQDiv8UXIDUAAAhCAAAQgAAEI
QAACEIAABMoQQDgvg4QTEIAABCAAAQhAAAIQgAAEIACB7AQQzrOz4QoEIAABCEAAAhCAAAQgAAEI
QKCmEkA4r6klR74hAAEIQAACEIAABCAAAQhAoEoIIJxXCXYShQAEIAABCEAAAhCAAAQgAAEIVCoB
hPNKxUvkEIAABCAAAQhAAAIQgAAEIFDbCCCc17YS5X4gAAEIQAACEIAABCAAAQhAAALOIZxTCyAA
AQhAAAIQgAAEIAABCEAAAkUQQDgvAhZeIQABCEAAAhCAAAQgAAEIQAACNYQAwnkNKSiyCQEIQAAC
EIAABCAAAQhAAALVgwDCefUoB3IBAQhAAAIQgAAEIAABCEAAAhCoSAII5xVJk7ggAAEIQAACEIAA
BCAAAQhAoNYTQDiv9UXMDUIAAhCAAAQgAAEIQAACEIBAHSSAcF4HC51bhgAEIAABCEAAAhCAAAQg
AIHSCSCcl86OkBCAAAQgAAEIQAACEIAABCAAgepKAOG8upYM+YIABCAAAQhAAAIQgAAEIACBakkA
4bxaFguZggAEIAABCEAAAhCAAAQgAAEIlIsAwnm58BEYAhCAAAQgAAEIQAACEIAABOoaAYTzulbi
3C8EIAABCEAAAhCAAAQgAAEI1AUCCOd1oZS5RwhAAAIQgAAEIAABCEAAAhCoMAII5xWGkoggAAEI
QAACEIAABCAAAQhAAALVhgDCebUpCjICAQhAAAIQgAAEIAABCEAAAjWBAMJ5TSgl8ggBCEAAAhCA
AAQgAAEIQAACECiOAMJ5cbzwDQEIQAACEIAABCAAAQhAAAJ1nADCeR2vANw+BCAAAQhAAAIQgAAE
IAABCNRKAgjntbJYuSkIQAACEIAABCAAAQhAAAIQqCwCCOeVRZZ4IQABCEAAAhCAAAQgAAEIQAAC
VUcA4bzq2JMyBCAAAQhAAAIQgAAEIAABCNRAAgjnNbDQyDIEIAABCEAAAhCAAAQgAAEIQCAPAYTz
PIC4DAEIQAACEIAABCAAAQhAAAIQCAkgnIc02IcABCAAAQhAAAIQgAAEIAABCNQOAgjntaMcuQsI
QAACEIAABCAAAQhAAAIQWEgEEM4XEmiSgQAEIAABCEAAAhCAAAQgAAEILEQCCOcLETZJQQACEIAA
BCAAAQhAAAIQgEDNJ4BwXvPLkDuAAAQgAAEIQAACEIAABCAAAQgkCSCcJ4lwXOsJ/PXXX+6JJ55w
s2bNcp07d3Z0ehVf5F988YUbN26ca9GihWvfvn3xERACAhCAAAQgAAEIQAACNZgAbYgaXHhkvUII
qF39yCOPuJkzZ7ouXbq45ZZbrkLirUuRTJ482Y0ePdqtt956bquttqpLt869QgACEIAABCAAAQhA
oNoSKFo4l2A2Z84ct8gii6Te1OKLL+7WWmut1GuchEB1IPDZZ5+5zTff3Gfl6aefdm3bti04W/Pn
z3f9+/d3X3/9tWvQoIF/Fm666SbXqFGjguOoDR5PP/10p/uWaP7YY4+5evXq1Ybb4h4gAAEIQAAC
EIAABCBQEIHyCucSzPK1q9dZZ52C8oInCFQFgUmTJvmB1Er75ZdfdltuuWXB2VC7uk+fPu6rr75y
DRs2dLNnz3b33HNPnWtXn3DCCe7qq6/2ovnzzz9Pu7rgGoRHCEAAAhCAAAQgAAEIVB6BooRzNew7
dOjgPv/886w5qolCmkTQCRMmuMUWWyzrfUkk7dixo1t00UW9HzX0xo8f7xt44SCClVZaybVp06ZM
PD/99JN79dVXnUZlK6xGFFtHyG+//ebj+vPPP+NwGoDwz3/+0zecik0rjqQcO7/88ot7/PHH3dix
Y532V155ZS8wN27c2L399tuue/furnnz5uVIoeqCTps2za2//vo+A88995zbZJNNCs7Mr7/+6hu1
9gw0a9bMvfLKK65JkyYFx1EdPKpML7jgArfuuuu6I444IutAmGx5HTp0qDvvvPPczjvv7IYNG0YD
PxsozkMAAhCAAAQgAAEI1EoC5RHO1a7eYIMNnAb0ZnOafVrThLQpU6a4119/PWe7WiKp2rlhu1qW
rNQmDtvVq6yyitt0003L4Pnxxx/dSy+9FLerxVFWsOQUh9qvYbt6iSWWcNtvv33cri4mrTKJl3BC
7a6HHnrIPfvss+7nn392q666qh98rPbjG2+84Y488ki35pprlhBz1Qf59ttvfT+BcvLaa6/Fg9ML
yZna1a1bt46fgRVWWMF9+OGHNc4anMr3rLPOcq1atXLHHntsRh0uhMOQIUPcGWec4XbffXf38MMP
064uBBp+IAABCEAAAhCAAAQgUMkEihLOv/zyS7fxxhv7LO25555xo0CzbTVz9/vvv6+RQtrdd9/t
RzvnY/3pp5/GDbmPPvoo1UT10ksv7TsLJKiGLplGKLiqgagBCUln6RWbVjKeYo8lBO+yyy45g118
8cWuZ8+eOf1U14tq3J599tlu+vTpbvDgwW6NNdYoKqsaBKFOApVZWI5FRVLFnj/++GM/I6BU4Vum
7u+880637bbbltRBUMW3T/IQgAAEIAABCEAAAhAoF4HyCOcahGtW2rp16xa3q9WWHDlypPvuu+9q
pJB2++23ux49euTlOmPGjNis9wcffOBFx2QgsdCMZgmqoUumEQquEydOdBtuuGHo3e9besWmVSai
Ik9ooH2nTp1yhrrmmmvccccdl9NPdb2odvXJJ5/s+4GuvPLKuE4Xml8Ngvjmm298mYXlWGj46uBP
fTkalF+q8C1T97LkttNOO7kTTzwxfhdUh3sjDxCAAAQgAAEIQAACEKirBIoSzjWC+/DDD3f77ruv
22+//TKYjRo1yh188MFODaZDDjkk41p1P5BAbaPWNdP73nvvdS+++KIfMS1xWDMC1JBTYyYcGS8T
1b///rs3KSb/5q677jp3wAEH2KHfala7/EhA14ztJZdc0h1zzDHulFNO8TO6NbtbfC+55BLv/8IL
L3R77bVXPDK+mLQyEi7yIBTNNcJf+Vl77bXd1KlT3UUXXeQeffRRH2NNFs6LRJLqfd68eW677bbz
nVo1cca56rxM1KuO3XLLLXG9Tr1ZTkIAAhCAAAQgAAEIQAACGQTKI5yr3ac29UEHHeQteYURq92n
Qeo333xzjRuo/MknnzjN6JaVNc30vuOOO/wMcJnwljgsc9yy0LbbbrvF7Q9ZV3vggQd8u1qi+Nho
xrg5DdQ99NBD7dBvZdpbfm677TY/Y3uppZbyguOZZ57p29Wa3a3ZzLKOJSdLWeq70NJSxablIyjx
Xyiaq92lPoJ//OMffsmvf/3rX27EiBE+5posnJeIJiOY2tVaRk0D02vijHPV+ZYtW/o6pn4k6y/K
uEkOIAABCEAAAhCAAAQgAIEaRaAo4TzbnckUmgQ4CcMy0WUmyLP5r+7nbf1miekyqZ7LhfeuDg4J
y2oQq6EsET7pLG6d1yj6MWPGxLxMjJX5bHWUhKbq5L/YtBSmGKcOBs1A1kh9ladGPofm6zWAYMcd
d/TX0wZIaCS/7n/06NG+40Mzs9UI7tq1q9tiiy0ysvLf//7Xz8zXSTHWrG8JuDJnr04NdW4cdthh
rn79+hnhdDB37lz3zDPP+NkYaqjKv2YWyBqC0pagnTbTQWHkX504cuItfxrEkMupAW9m+RV2o402
8untvffefk22NOFcZvhkak3rtCkdOT0XGlQi04ShU8eS/GpwguKfNWuW23///Z3ME8qUvDqSlAfV
p969e/uysfDq/FHn1Nio80j5sLTEQIM+ZGI/zb3zzjtum2228VYT1LkUrlGuehceW3iV73333RfX
a5WDyjVZtubftsXUiy+++MKXq8pdz4dMVOr+NcNd96ZZ/ieddJKf6W/xh1u9f5RHmT2U00wexfH+
++/78JdeemlGnQ7Dsg8BCEAAAhCAAAQgAIFCCZRHOM+Whtp7Miuu3/ayEGUmyLP5r+7nbf1mtS9l
yjqXC+9ds/AlLEuQfO+99+L2Rxje4tY5tRv0+994qd2gdqjSVHssrV1tnAtJK0y3kH21q9VuUZtL
7VoNnk+2q9u1a+evpw2QkGU03b8mJ2ig/g8//OCthWlwftJSnfpg1LaWk9l6DXqXGK++DLXp1P48
+uijs7ar1c568MEHfXtT/tWm3myzzXzanTt3dr169Spzywqj9qm11cVb/vK1q9UmU93WwBGFVVr6
U1moHZgmnKtPQe07DcIQCznVC7V1FS50alfLryYtKP6ZM2f6gRcyjy8LiSoH1UW1uTWBQWVvTu1q
9SXoT21/S0sMjj/+eN82N7/h9q233vJLCqjNKXP8YTs6W7ta5fvvf/877pewJRGTZRumo/1i6sXk
yZN9uapMlllmGW8pTs+CZrjr3rbeemtvIj5p0cHSVJ1SHtXHIKc+Llmbe/fdd327WgNBwjpt4dhC
AAIQgAAEIAABCECgNhCoEOHcZq+q8SfTcjX9B7SJ24Wsf62Gg4RQCc433HCDU8NKptWzhbW4rfJI
VJZArZHJJkyrwZ82C7jYtCyNQrdqJKphr44HNbTVwEw6zQI49dRTfUM+bKhKlE7Osg/DalCBxHY1
2tSgVSNVgwZyOTFVYy2sT2qU77HHHnEDLi18mvlxhVPjUGVjLp+ZdQnDmqlw/fXXW5Ay27Q41LjM
ZepeLNSZofX95NSxotn9WurAnBq1GoSghn/okulpPbQbb7wx9BLvJ8tRnQFam15llctJsFcHTHLd
9ieffLLMjJh8lgeKqRfKU3JJg7R8ioE6M5ZffvmMy1dccYUbNGhQxrnwIMkuvMY+BCAAAQhAAAIQ
gAAEiiFQGcK5zV7t2LGjFxjDdlAxeasufk3cLmT96wkTJrhNNtnEm7weNmyYF4gltGYLa3Hbvaot
qraEtavVN6EB2mmzgItNy9IodCvBe9ddd/Xtagm1q6++epmg6juQ2Cy/ar+akyjdpUsXOyyzVTta
Ynvjxo19u1rtTonCuZzMiGuwdFif1D6WEKp2VTaXZn5c4SR2q2zM5TOzrna12q1qr2VzaXEob7lM
3YuF+ifCdrUGDmipA3Oy4KBBCKpToUumJzPpV111Vegl3le7OixHtas10UBllcutttpqfnBE8l2h
dr7Chy6f5YFi6oXiTS5pEKZl+2KggSlqJ4dOy9nJgkM2l2SXzR/nIQABCEAAAhCAAAQgUFMJVIhw
rkaffljnE9FqCiQTt7OJ3+F9yHy5/m699VanGcgyBSex9aijjvLnQ7/at7jVeFOD5M0333Qy067R
xfmE82LTSqad71gm4yRuS1zVNjkyX+E14lsjqWVubs011/RRanS/ZqLLSXSV2Tyt86WZ07rPgQMH
+muhoC1TbP/5z3+8uXpdVGNUo5Y1m/v+++93MlUv98ILL2SsUydeO+ywg09H/jSLQA1xNapl7lAu
TMef+P8/DfDQGmoaYW4m/9Jmi8u7xP1+/fr5ctWxGrYypajR/uecc04scifF2M8++8zPblAYieG6
D+VRo7o1kr9///665OvHkCFDYsYS9LXG2+WXX+5HuXtP0T/Fr3PqoFBYdQroXmWSUM7KTB1H6izS
DHPNTlEZSog///zz/Sx1+VUDX50fNmpc59JcNuFcnF9//XXf4aI4VK65nvlS6oXWyVMZawbA59Ha
j3K6B5lz1BIHh0dLRcglLR6oXqpzTPeszjHNuFf91bqIehbV0ZEsKx8R/yAAAQhAAAIQgAAEIFAC
gaQYVkIUZYLoN66sK+UT0coErKYnTNzOJn6H2VbbQm2b4cOHe+tbaitJbNVs36uvvjr06vct7qee
esq3z5SGLHFpsLTa1bmE82LTKpN4nhNq86vtfuSRR6ZaklNwtf00MLl9+/Z+lrjOyfqa8i0n0VWD
qNU+1szpu+66K25LhoK2rJZpQLraf3JqV2vwucRthVHbVU6DBdq0aeP39U+8ZDlM6SgfSkftPTHU
ZAC5MB1/4v//NMBjypQpvl2tiQByabPFdV7tapWh2vpyGqivNp2skmlAvoncSTFW7TizIKC+B/Wz
tG7d2udR7b0+ffr4+BS3BG/ru9A69opb7XANSjCn+DXgXO1qhWnUqJEXja1dbWWmPgD1FWgSgeJS
P4DyqDa51nOXU7ta1ttyDTqQv2zCuThrRrcGMigOtfNzPfOl1Au1qxVOywOqj0JO96D7UXvb+k6S
Fg9ULzXgRPesSTGqC2KrPoYDDzzQDwRIlpWPnH8QgAAEIAABCEAAAhCoRQTKLZyb2CthSj/MZcKp
pjsTt/MJ52qMqMGkGcNq8GgGrAmnEukk+q644ooZOCxuzeiWeKyGpgRoNZxknk4CdNqM81LSyki4
gIO+fft6oTgpSuYKGpqPlzk8jWRXIzR04UxljZRW54Dcl19+6Rv0atyHJuvVuJZJOYXTzHtrjCuM
zHbL1JzEcXUEhGuIySSbBFM17rIJ/4pDTp0ymtWdTTgPRV/NOJfpdHMyLScT75pNnRRjrXx32mkn
P6o9aa5fjfeDDz7YR6XOiuSyBhZeHtTRItHYTOD98ccfGabfLD/a6prqodhpVr+sByjP2QYRSKhX
Oei6OlZCp4ZxaGIuvGb7VnbZhPPy1At1Zqgc9U7RuobqsDGnzg51oCUHd6ghr7UTVR7iKgbmFJ/q
k/zomUzWT/PHFgIQgAAEIAABCEAAAoUSqGjh3MRemffWb3WZo67pzsRt/T5XWzGbU1tXs8018Npm
wJpwKpFOA2i1NnroLG75l3isdrRmG0vsVFskm3BeSlphuoXsaz13CcVJUTJXWOXZzMerXaPB6sl2
SzhTWe0amQeX04BjLVGldnVosl5tQw3uVziJzaGFOLWF1S5VW0vmu8N2tURxmWvXNd2DidJp+Vf7
VbObswnnoeirdqfaZebUrpaQrj6CpBhr5asB1FrWLNmu1kxyWXKTUzvPRHaL28LrWMudSTQupl2t
8tCsfrXflYdsgwhU3zRQXtfVFxK6QtrVVnbZhPPy1Au1g/Xc6Z2iQfxhv4oGG2iWfXJwh8pRkyBU
HhogkWxXqz7pnvVMJutneO/sQwACEIAABCAAAQhAoCYTKLdwbjOA1TCtDWbaVZgmXuYTzs20uQRI
NUTNqWEl0U+N5bBxmoxbo8BNIJY4q1G/MkWmhkrSVHspaVl+Ct3afRcjnJugrwafzZxPphcK4eEM
aDPxr1HPyfs1gTwpzKqRJtOFchoxL+FXnShq6GuddA1e0AjpsOGfzI+Oda9qgGcTzi195U2dBUkh
WTPXta56KJyHg0g0a1vraaszwJwa+1999ZU7++yz/am0+mVloIb+ueeem/c+1KEkMVkWD9JcGlv5
y8U+LZ7kOQufLB/zV556YRw1yj0pgptAnhwQoEED6jhSPVSHkYR1dR7JuoAa/ZqJr85Hm1Fg+WQL
AQhAAAIQgAAEIACBUghUtHCu372aAVxbzLSLqYmX+YRziZMyba7f82pTqv0op9njEv00mNYshvkL
0b8wbom8JhBLnJWlMM1OVntN7fSwbVhKWpZmoVvLWzHCuQn6GohvM+eT6YVCeDgD2kz8S4RO3q8J
5ElhVgMONMtcTpbStBya2kxipQEIaudqzfSQXTI/Ota9amZ8NuHc0lfetJ9sV2vwu2Zmh8J5OIhE
19SvovaeObXxtCa6rJTJpdUvKwPNIJelv3z3oXam+kFsZrylZds0trqWi72FzbW18MnysTDlqRfG
URM2kiK4CeTJAQHirGdH9VDtagnrmhwj5up30Ux89VfRrrYSYgsBCEAAAhCAAAQgUBsJlFs4N1PR
2QS0mgjNxMs0YdPuR43WI444wmmkczanBoZmooejo5NxmxAsoVWdBD179nTNmzfPEJJLTStbvtLO
Kw2NONYsbjUyZb6uEGdCZiggJ8OF+Q8HE5j4KhE0OXtco+LFN1mvFJfM3ul8NidTZ5o9n6txnE84
t9n3Mm1nJtnC9EJx18R3ndM6ceE66mGY5L7WopPZudBZ/UiaqA/92L46kWTxwJw6ltS5Ia62jnka
W/nPxd7iy7W18MnysTDlqRdpbC1eSzftvkLLBuY/3GaziBD6YR8CEIAABCAAAQhAAAKFEKho4Vzt
ALVzsgloheSpuvkx8TJN2LS8qn2ntao1Izab0wBYCb1huzoZtwnBElolPGsAuwbShkJyqWlly1fa
eaWhpaI0sFmircq0EGdCZiggJ8OF+Q8HE5j4KhE0OXtcA8LFN1mvFJfa/FpmLpsbMGBA3sHcKodc
wrnNvpfpdFkOS7pQ3DXxXec0GCJcRz0ZLjx++eWXvfWx8JzVj6SJ+tCP7b/11lt+8IAdy/qZxGNx
tXXM09jKfy72Fl+urYVPlo+FKU+9SGNr8Vq6afcVWjYw/+E2m0WE0A/7EIAABCAAAQhAAAIQqMkE
yiWca11hNSo0y1OmxzXTN5+TSWmZeZbTDOFc4ma+uCrruomXuYRzM1WtPMhEWNJ8mRqschIwQ7N0
aXHb4AON8pYYqpno4QzsUtPyGSji3x133OFHbecSwZPRhXUgl6l+E6JDoTWXCJpNOFf6GnWt2ciy
dqCtnVPngda4lstVdrqucsg149zKRJ0d8pt0Gomttda15rkJ53ZOwrlmleu61jZPcxqxrZHaYeeP
/KXVj7TwOmdMVf/UEaEZAuZsQEaawCw/xj7bjHSLJ9vWwoflGfotT70oVTjX2n/6U8eHZiDIrN3s
2bP9MgAqI7ls+Q3zzj4EIAABCEAAAhCAAATyEahI4VzrCqvNqFmeslwm08/5nNrVaofLSSCuju1q
Ey9zCee6B+VfTgJvsl19//33+2ta2szW/9aJtLjVlpJQvc8++/g2gZiGwnmpafkMFPFPFsGOPfbY
jFnU+YKHdSCXqX4TokOhNZcImk04V35+/vlnN23aNL/knmYl27mbbropbmfnKjv5zyecW5nImpra
2EmnNrQsLUyfPj2etW7nJJxfcMEFbpdddsnZrpZlgWS7Oq1+JNO2Y2Oq+qe11DWpwZwNyEgTmOXH
2GebkW7xZNta+LA8Q7/lqRelCudqU6vPRWWvd5K1qzXw39Z1z5bfMO/sQwACEIAABCAAAQhAoKYS
KJdwrnW3tI6yZlZLOF9sscVyclADSCKfBE85hXv++eddw4YNc4Zb2BcLES9NZJZAaibCwnyqwa4/
jTYPR5mnxT1jxgzXoUOHWPRNipmlphXmp5B9myUsv9lmWs+fP98PBpBIq3Xo1BizWdZqnGrUetKF
wr/uRQME5Ex8Td6vrmUTzm2NcA1M0Azr0CkvXbp08fWrvMK5pa9BBFp/XSbJQqcOHHWGhIMM1KDU
vbz44ot+ZP5JJ50UBsnYV0M0XC/MLqbVD7sWbkORXmuphTPP5e+2225zp512ms9POAjD4jD2WmZA
95p8diX4S9zP5ix8NiG6PPVCYbVGoQZF2KAEy4elm6wzVsc0mCBtJoMNhMiWX4ufLQQgAAEIQAAC
EIAABAohUJHCuSwnabkvzayWcJ78bZ7Mj9oCaoNJ2JJTOLWxq1u7uhDx0kRmCaRnnnlm8lZ9+1K/
5Y8//nh39dVXx9fT4pb4KgtcNrg6KWaWmlacaIE7NktY3rPNtFa7WrOZ1c6UwK82kM2yzjZTPRT+
JYhrgICcia/J+9W1bMK5rRGudrMmQ4ROeVFbW/WrvMK5pa+Z9K+//rpbffXVw6S85TktXxfOtA/X
9ZaZdbWRszmJ/1qLPOnS6kfSj45DkV79Wxr8Hjotqac10tPYyp+x1zID6jdIPrv52tUWPpsQXZ56
obAabKJBETab3+7N0k3el9Ux9QelWSNQWah/K1t+LX62+aEJxgAAQABJREFUEIAABCAAAQhAAAIQ
qMkEShbOZdrLTJUXKkaZ6BUCyydwhn4rc19rUeuetOaWzLrJVLYasmq86rwaQLYel0RPW8dcfjRC
2q4pj2oEv/HGG35ktIRVdYSss846Ph6Jmbfffnsct4mTWu9LnQHyrzTNdHmpaZXKyoRbhe/Tp4+T
+KtOITUo3377bXfqqad6U+TrrruuF4h132beXWE0kvyYY46J17xSx48awmqAaeS2ROUmTZrIq2ck
gVSzosWkfv36/rz+ydxbr169nNZE19ZmHpigrfW2RowY4dlbIK2PppHgSitZr9RgnTdvnveqslSn
jEzjq3Gr+1MZy1lnkwmxOqcyUfloTXXVE4n2JorrWiisW/4U7pJLLvHr69n6X+rIUX0x0+9at17r
yckpXs0SSdY9y3ODBg1iBvIfivTqWFFjXkL81KlTPTtr5IqthHOFD114fzYIYe7cub7hr5n7Mi2o
8g9nBagOyKnM9Syrc0Dlc/TRRzuFlVMZWmdBqfVCnHbaaSdf50K2il91UJ2EyToTvlu0HMC+++4b
50Nse/To4Qd8FPquUlo4CEAAAhCAAAQgAAEIZCNQUcK52iFmqrxQMcpErzBv+QTO0G9l7oftarWZ
9XtebWsJeMl2tURPW8dcfjSYPNmu1kDaTp06eWFVbckWLVr4eNT+ueGGG+K4rV2tgdrqp5AQqzTV
1lE7q9S0SmVlwq3Ca3Cv2tnLLbecb+Oor0BtXM2olnUBWZ3TfWvws9aUlpNgrKXUrC0pP1rHXTOA
ZY5ex1YHZflN96q2sNrIYbt62LBhfn34yy67zLdDrV1tgrba1U899ZRn7xOO/n311Vd+YLbSStar
ZLta7WIN5JYo3rRp0zLtarXNzaKAymTkyJG+Dax6oja/2pJyuiYuujc5y5/2r732Wl+mxkJW5mQ9
Tv0Ocrp/WwLN2tXJuperXb399tu7sWPH+r4M9XeoXf3NN9+4f//73/GgbLEdPnx4mXZ1eH82CEFt
YwnVmrmvtqnKX+1Qc2G7WpMX1M+gNevV/k5rV5daL8RJZtVnzZqVwVb50EAb9Tsl60z4blG/wEEH
HZTRrpbQrj6NQt9Vds9sIQABCEAAAhCAAAQgUJMIlCycS6TcaKON/L0WaqY9FLcMUiFrOZvfytrq
h7/E3WzORq2r0a41srp27VrGqxqUEsc1qtdmYIeeNFJZjQsJyaEzIU/hbLa0zaYVm1LSklCaFi5M
N9t+KDJm86PzasjayHQNFFAjTw1fc2r8yUnoNBeu6W0zgO2atqpHYqh4Q04S3LVumRr1oTCtMCob
ie8yYaaGndyaa67pTYhZwzpbmXjPiX/hGuwm3ie8ZBxKOFeD9Morr/R1SIK2TL2FLGRlQc+LOhPM
6V609p7yqkZ6vvLSdTW8QxOMZonA4sy1tXpmftRppU4ZdSTJKT8yyRa60JpCknvoL9wPy6qUemFW
LMI4b775Zj+bIq3O/Oc//4nXdbfOEoXV/Rx44IG+A0rPnrlcywmYH7YQgAAEIAABCEAAAhDIR8BE
y3z+8l2fMmVKPAtXbaBCzLSH4pbFX8hazua3srZqW0jczea0brTNfpVIqnZc0klIlDiuNpzNwA79
qM0nEVjCcehMyFM4my1ts2kl3peSlsy8a2BzKU7tahMZc4VXG1mDhuXUftKAX4nd5mygtVnt0/lw
TW+bAWz+tVU9EkPNZA85SZSWWK+2UihMK4zKZtddd/VLkandKbf22mv7teXDdnVamXjPiX8qp0MP
PdSfNfE+4SXjUMK5LAWo7dezZ08/UPzwww/PYKEBJhL1ZbbfnO5FdV951cD0tHI2v9qqPO++++6M
drVZIgj9Zdu3embX1a5WnLakQFq7OrSmkORu8SS3YVmVUi/MikUYryYDqI2cVmfUb2PrusuChTnd
j8pBg+OvuOIKO+0nU4T+4gvsQAACEIAABCAAAQhAoBYQKFk4NyGtUDPtYqXRs/379/cjd3Ws0cWa
sWozVHWuKlyaWJfMhxqdumetHZ003yXxVGuZa832UAAP49BoZY2UtrWW7VoockvU00xamc+W6TQ1
XkpJSw38zp07WxJFb9X4UxyaAZ90KjONfA/X0zY/Gj2uGfW2zridV4NZ5R6G0Yhqlb05MVTjrnnz
5n6mftgxoNHzGsWuBruVlRpwSy65ZEFpZSsTSzvcqoGvUdfmNHhB5vbDe5Kwr1HjZ511VrzsQFiO
4qcR8GrwJ50GVWjUthr0Zqpd64RZmhpwEA42sPDKg2YdhMK50lGd0iz/0Kl8DjvsMKeZ6Oo8kNNs
DHXchE7rkEscVwM6dBq5L78yxW/OuNtxtq0GAohZo0aNYi/F1Iu0QQRWn4cMGZIxUl91Rh1NSjOc
QZ/GUGUmKwPW8RRnjh0IQAACEIAABCAAAQiUQKCihHMT0go1066sql2tgcsSGeW0r/ZVVber08Q6
n8Hgn2bASsjW2tGy3BY6iacSRTVDORTAQz9qF0o4t7WW7VoocmtAdseOHb2FLC0Np7ZlKWmpHaPB
7aU6tdfUvtQM+KRTmUnADNfTNj+6R81IN5Pzdl5twoHR0mhhGJmCV7vUnBhqZr7aSGKgAf7mdKx2
ndrVVlZqV+u4kLSylYnFH24ffPDBjMHhKnOJtmE66rOwJeIsn2E5ip8GpCtc0qk9La6aWW7tag1M
32abbbxXtfvCPgULrz4ODXpPtqtVp9TGD536MNT/oTBaMk5OgwC6d+8eevOD+LV8nwa2h05WBzRB
Q31J5oy7HWfbaiCA+gXCdnUx9SJtEIHV5wEDBmSYYVed0WAMpRnOoE9jqDIbNGhQPMM/W/45DwEI
QAACEIAABCAAgZpMoGTh/I8//vCjkdXICn/MFwJD5sfVUCk2XCFx13Q/1YmNzLDJRJlmUS+++OLe
tJyZMs/GWfVCIrO2Cqf1xqwhmy1MsedljnyllVbypsvFSw14jcJWOpVRp3Qv06ZN83ErHZnYK8Qp
nDoGZCZdMw7UKVEZ+RMDqzfKmwYUFOOUN3W+6ZlU+VZGh9vCqBcy8a78652ke5IJPJnk03FFdWwW
wxW/EIAABCAAAQhAAAK1l0BF/b7U7+QZM2b4NkOxbQVrAxQbrvaWyt93Vp3YqF0tywLWrl5++eXj
JcL+znHmnrUltdWfljtLW8s7M1RxR2rra3C7zLeL1+zZs327WulURp3SfcjigOJWu1qm3QtxCqf2
uLWrK6vdLwYaXC6z+cpbKe1q9U1YX1dltavVx1CZ9UL9OSoja1fL1Lu1qwvtCymkXPEDAQhAAAIQ
gAAEIACB6kqgZOG8ut4Q+YIABCAAAQhAAAIQgAAEIAABCFQmgYoSziszj8QNAQhAAAIQgAAEIAAB
CEAAAhCAQHEEEM6L44VvCEAAAhCAAAQgAAEIQAACEKjjBBDO63gF4PYhAAEIQAACEIAABCAAAQhA
oFYSQDivlcXKTUEAAhCAAAQgAAEIQAACEIBAZRFAOK8sssQLAQhAAAIQgAAEIAABCEAAAhCoOgII
51XHnpQhAAEIQAACEIAABCAAAQhAoAYSQDivgYVGliEAAQhAAAIQgAAEIAABCEAAAnkIIJznAcRl
CEAAAhCAAAQgAAEIQAACEIBASADhPKTBPgQgAAEIQAACEIAABCAAAQhAoHYQQDivHeXIXUAAAhCA
AAQgAAEIQAACEIDAQiKAcL6QQJMMBCAAAQhAAAIQgAAEIAABCEBgIRJAOF+IsEkKAhCAAAQgAAEI
QAACEIAABGo+AYTzml+G3AEEIAABCEAAAhCAAAQgAAEIQCBJAOE8SYRjCEAAAhCAAAQgAAEIQAAC
EIBADgII5zngcAkCEIAABCAAAQhAAAIQgAAEIFBDCSCc19CCI9sQgAAEIAABCEAAAhCAAAQgUDUE
EM6rhjupQgACEIAABCAAAQhAAAIQgAAEKpMAwnll0iVuCEAAAhCAAAQgAAEIQAACEKh1BBDOa12R
ckMQgAAEIAABCEAAAhCAAAQgAAGHcE4lgAAEIAABCEAAAhCAAAQgAAEIFEEA4bwIWHiFAAQgAAEI
QAACEIAABCAAAQjUEAII5zWkoMgmBCAAAQhAAAIQgAAEIAABCFQPAgjn1aMcyAUEIAABCEAAAhCA
AAQgAAEIQKAiCSCcVyRN4oIABCAAAQhAAAIQgAAEIACBWk8A4bzWFzE3CAEIQAACEIAABCAAAQhA
AAJ1kADCeR0sdG4ZAhCAAAQgAAEIQAACEIAABEongHBeOjtCQgACEIAABCAAAQhAAAIQgAAEqisB
hPPqWjLkCwIQgAAEIAABCEAAAhCAAASqJQGE82pZLGQKAhCAAAQgAAEIQAACEIAABCBQLgII5+XC
R2AIQAACEIAABCAAAQhAAAIQqGsEEM7rWolzvxCAAAQgAAEIQAACEIAABCBQFwggnNeFUuYeIQAB
CEAAAhCAAAQgAAEIQKDCCCCcVxhKIoIABCAAAQhAAAIQgAAEIAABCFQbAgjn1aYoyAgEIAABCEAA
AhCAAAQgAAEI1AQCCOc1oZTIIwQgAAEIQAACEIAABCAAAQhAoDgCCOfF8cI3BCAAAQhAAAIQgAAE
IAABCNRxAgjndbwCcPsQgAAEIAABCEAAAhCAAAQgUCsJIJzXymLlpiAAAQhAAAIQgAAEIAABCECg
sgggnFcWWeKFAAQgAAEIQAACEIAABCAAAQhUHQGE86pjT8oQgAAEIAABCEAAAhCAAAQgUAMJIJzX
wEIjyxCAAAQgAAEIQAACEIAABCAAgTwEEM7zAOIyBCAAAQhAAAIQgAAEIAABCEAgJIBwHtJgHwIQ
gAAEIAABCEAAAhCAAAQgUDsIIJzXjnLkLiAAAQhAAAIQgAAEIAABCEBgIRFAOF9IoEkGAhCAAAQg
AAEIQAACEIAABCCwEAkgnC9E2CQFAQhAAAIQgAAEIAABCEAAAjWfAMJ5zS9D7gACEIAABCAAAQhA
AAIQgAAEIJAkgHCeJMIxBCAAAQhAAAIQgAAEIAABCEAgBwGE8xxwuAQBCEAAAhCAAAQgAAEIQAAC
EKihBBDOa2jBkW0IQAACEIAABCAAAQhAAAIQqBoCCOdVw51UIQABCEAAAhCAAAQgAAEIQAAClUkA
4bwy6RI3BCAAAQhAAAIQgAAEIAABCNQ6Agjnta5IuSEIQAACEIAABCAAAQhAAAIQgIBDOKcSQAAC
EIAABCAAAQhAAAIQgAAEiiCAcF4ELLxCAAIQgAAEIAABCEAAAhCAAARqCAGE8xpSUGQTAhCAAAQg
AAEIQAACEIAABKoHAYTz6lEO5AICEIAABCAAAQhAAAIQgAAEIFCRBBDOK5ImcUEAAhCAAAQgAAEI
QAACEIBArSeAcF7ri5gbhAAEIAABCEAAAhCAAAQgAIE6SADhvA4WOrcMAQhAAAIQgAAEIAABCEAA
AqUTQDgvnR0hIQABCEAAAhCAAAQgAAEIQAAC1ZUAwnl1LRnyBQEIQAACEIAABCAAAQhAAALVkgDC
ebUsFjIFAQhAAAIQgAAEIAABCEAAAhAoFwGE83LhIzAEIAABCEAAAhCAAAQgAAEI1DUCCOd1rcS5
XwhAAAIQgAAEIAABCEAAAhCoCwQQzutCKXOPEIAABCAAAQhAAAIQgAAEIFBhBBDOKwwlEUEAAhCA
AAQgAAEIQAACEIAABKoNAYTzalMUZAQCEIAABCAAAQhAAAIQgAAEagIBhPOaUErkEQIQgAAEIAAB
CEAAAhCAAAQgUBwBhPPieGX1/cUXX7hx48a5Fi1auPbt22f1xwUI1FUCM2fOdI8++qhr3Lix23XX
XV29evXqKgruu4oIUAerCDzJQgACNZ7AK6+84j7++GO35ZZb+t+6Nf6GuIEMAn/99Zd74okn3KxZ
s1znzp0dgnAGnqwHcMqKplwXJk+e7EaPHu3WW289t9VWW5UrLgJDoDYSUJtmxIgRrkmTJm7PPfek
XV0bC7ma3xN1sJoXENmDAASqLYHx48e7Dz74wP/GXXfddattPslYaQTUrn7kkUecvpNdunRxyy23
XGkREapaEKjzwvmLL77oBg4c6FZYYQW34ooruiFDhrj69esXXTinn366u+mmm7xo/thjj1Xbxos6
PnW/K6+8spsyZYo74YQT/INc9A0ToNoSuO2229yTTz7plllmGV/GV199tavoj/Fvv/3mnn32WffU
U0+5GTNmeBZquPfs2dNtscUWqWwkmh9xxBGuWbNmTvVQ/nEQWJgEqmMd/Prrr12vXr1c06ZN3SKL
LOLmzJnjkeh70qhRo4WJp+C05s+f7/r37++U9wYNGvg8F5Jfvj8FIy7j8dtvv3WjRo3y713xl1tl
lVXcKaec4po3b17GPycgkI+A6tSxxx7rBdLZs2e7Vq1auXPOOce/h5Jh9V7adttt3UcffeQGDRrk
jjvuuKQXjiuRQKnv3GKy9Nlnn7nNN9/cB3n66add27ZtiwleZ/0inGcW/dixY12/fv3cSiut5Nua
V111VUntarVP1X6RaP78889X23a1Oj71e2jVVVd1X375pb/3vffeOxMKRzWawPXXXx8P/FYZq529
/vrrV+g9qV2ttrv6kKZPn+7j1rtF39oOHTqkpvXAAw+4bt26+T6sDz/8kMFOqZQ4WZkEqmMdVP/m
IYcc4vub1K7W71u5e+65p1q3q/v06eO++uor17BhQ5/nQvLL96f02j116lT/Xtd719rVq622mjvz
zDPdmmuuWXrEhKyzBFSnunfv7vv09E3faKON3IUXXpi1Xb3ZZpu5999/31166aXu1FNPrbPcquLG
9cyX8s4tJq+TJk2KJxq8/PLLfuJBMeHxW70I1Crh/IUXXnB6SelHUi6nB0WNEDVINFL3mGOO8d7L
I+gNHTrUnXfeeW7nnXd2w4YNq7YN/PB+ddMXX3yxFztz8eJa8QQ0K+v88893Rx111EKfKdGjRw8/
usly/dxzz7lNNtnEDsu9lVC+4447us8//7xMXBLoNRglbTa5ftzvvvvuCOdlqHFiYRGojnXQZnCG
DMrzLQrjqaz9X3/91b/X7B1QaH75/pRWIm+88YZ/56aFPuuss+pMY+uZZ55x999/vzv33HMZLJBW
GYo8l3z35Pr9qt/NXbt29d93fjcWCboCvJf6zi0m6WnTpsViUEX/biwmHzXNb20WzseMGeNU9wpp
V2+99dZ+NsXd/2PvPOCsSaq6fclZEFBB5ANBTCAgiAgILHFFERF2SRIFWRQUliDBsCyIgJJhlSUI
RsAARhBFEFFEsmJAASNiQElGRJ2vnv547vefmuq+3X1nZuedt+v3m+m+3VWnTp06dc6pc6qqf/In
O8ch/cii9LkBPRayP/axj+3mDa961aua84qjwCvZXvB53vOetywsOoCOgY8IaODoZBHXYaa73vWu
ne1hnW9729vWi4x8ts2VQPkNb3jDFYuX6sSCtj/4gz9o8j8nHZ5yyilbjbO6vuX3QoEpFDiKPIis
qBe2bKOLptBjbl707LWvfe21DBiL76J/5lH8rW99aydzW6Xx3zK3PhkSp0z9xE/8xOrJT37yslhg
Hzq8lj34vfvsV+bV+NNZbLrYjftA/Ikg5srcKdWwQYHNqqT9thun4LHk3R8KHJvAee1U2kQeHX//
9V//1RkpBNLHOv9bsFE8P/qjP9pN5tjBs8nJ0IJxGM9oL8cw0n52CEqHw6j7ZKqDFbgPfOADzxP6
MhY+9rGPre52t7ut/uiP/mi13w5Q23apS11q9exnP7sz9D/84Q+v+FzBF37hF66ue93rNruanWpP
etKTOscaBtrFLnaxZr7l4UKBg6LAUeTB//mf/1n94z/+44rjfD7xiU90i7q20UUHRbsaLjIGg3CK
7lz0T03Fzb/hC3bvvfjFL15d73rXW8tQdvsT6CJYoVG+GdqJmwM6PPShD+0m+Put005cqmyP+Uc/
+tEuGH6f+9xndcc73nH1ohe9aHX+859/D2Dof84556xYoIqNe8tb3nJPnuXBwVJgjsydghH657u/
+7u73Y7YaFe5ylWmFD9p8x7XwHntVNrUwTr+0PPssrjmNa+5VUCP4w2Zp972trftZP9RnldzDOPZ
Z5/d7ZCXDpvotbyfRgF2X37TN33TeeJgZiygK7/u676uC2LvtwPUtjGvRgdj62Hf8bkCAoDsSmsl
jnglwHP5y1++m48v8+oWlZZnB0mBo8iDzKsZP9it2E3Xuta1ttJFB0m/hI2M+dCHPjQJX/Tton+S
ipvv4YuHPOQhqx/6oR/qTlZ65jOf2clQdvuzY/hWt7pVd6LbZkgndg7owAYv/Av7rdNObMpsh/1H
PvKRLhh+5zvfeXWXu9xl9bKXvax3Xv30pz99xQLVhz3sYZ2tu13NS+mpFJgjc6fUwbz6zDPPXBEn
IWby+Z//+VOKL3mPGAWOTeCcYyRZtXPBC16wUwI4/nAsE6i7znWus37GblgmKBkwtizBCxQHR1wf
98SRr0xAkw7Hvc2H2T6PhD4v6evnA/Y7yCDcH/uxH1uO+T9MplrqOvYUSF10InzO4FOf+lQXQEN3
TsF30T/jWRkaExzHmcLOjquexMfHqXv2W6eN743jmZOjZ1nwxo5zdh60AufHs+UnXqvmytwTr6Un
DsbHNXCOPcIuWObV7PJFLuBYZnEFgT2fcYz6S1/60l0BTcuyuO5973vfSTGv5ohtvjO9BM4PZux6
JPR5SV8/H7DfQQbhvvKVr1wtx/wfDP8sUE9OCqQumnv6yWFSDhuPT+agO6fgu+if8b0EjZnzYM+8
+93vXl3talcbX/iY5VT37LdOO2ZkmtwcTmQkSMqOcxaBLvPqySQ8tAJzZe6hIbhUdGQocOwC5xwV
/cIXvrDb8a0zkOMlfdZy2BusYNXJK17xiu4bU3y/mYF0SjkCi+9LsZq3ThxZTf4LXehC3atPfvKT
3fed+77xbPkPfOADKyaAOH+pg2/b4hjn/nWve13ngOB76/uROLqeI0A8/ot2sJIOQ4Gjx/oCu3yH
4ed+7ue6HcusgEbg41RFAYBvK3HUGEfxciSJ7eLbdHwnEbp/8Rd/8eoe97jHipWgrL7im0Os4gYP
vtVK+uVf/uVu5/KFL3zhDgYTSHbTsXIUfKA1q3eAAa3YQfqDP/iD3Yrspz71qV3fsROKdtWGEEei
gAd9xqIKEm1hZ/Yd7nCHFXWa2D39S7/0S913+Wg/7aDPOFmAtrHLktVh7AxtJZxIfHuW436+7du+
bf3tnP/93//dVU+r7NRnGNfwEvzLjgzaffOb37yjC6ubWkGGKbQAH1a0cqwrfPCMZzxjxeSeTxPc
+ta37j6PAL+ycpF+TOOAejhGirEBbtCO7x7Sr63dI9vS/eMf/3jHfyyOoS7S1a9+9e5bV9CklQ5z
PNI+ePCd73xn50wEH3iIFZ/QskWTFs5jno0dj1kn9OM45Le85S2r97znPR0NOXafRTaM3Ytc5CLr
qpEtfJaCxHhENnD0FTKA8Qrd2SHK931aCZ741V/91W5MIZ/gG74txa5HZE2Ox23qmsqDiStykAUi
TF5JtOV2t7tdN9Y4Ppv21d+Xfte73tW1C/qxctlynEDBqvehpC6aGogeglm/m8uD0ICj7pHb9A20
oD2MZSafrcD5FP2D/EB3QDPgczKKugEZhvwFB3QAMhU+yUS7Xv7yl3e09/lXfdVXrdhJi+5ppTlj
H75ljKAfCAgwPqADk3B0EvqHz2Vsm9glgQ0Dvb/1W791xSSMY8qRtchjdoPCL4yZOmGbsHgLfMgL
LBwx2EK1feLYQg7wx3hBHlGOyR7OGMYzeviRj3xk9x3XbXXxVB5EviAf3HmPHr7RjW601qu0n+DO
fqa3v/3tHT8xzkn0M3bC3e9+9116P/mWfNgK2DV8E5VxgY0BP3zt134tr/ck+In20LfQmXoIVpEf
RwY7SR71qEetLnrRi+4qy45O+oGxcZnLXGaFbUHf0sdf8AVfsCtv/kCmIaPIzyJRygCbQFgrcM63
11gNr+xnXJ522mmrK1/5ygm2u9+WFgDBNqM+dBFygM/MoEvQKyR4gfo5xnJqgren2p5Zx9yxP8cu
od45MjfxHXuPPEOWqXOxneDZmueAp7zgfo7ep9xxS8c9cM5R0djU6Af0EM5A5k0+aznsDVaw8wb5
hj7iO6LoFRa58y3H1vwJuxWbS14EDvMt/oYS/Mtc47WvfW1XB7DRxfAyNjf2A3OP/UiMAXwE1ElC
FiE70RnsSO4L7L7pTW/q5A/HbiN70WnYzexKavkYgM0uFdrFvBXa0S6OKUf/QXd29d/3vvftxiLz
TuwFZPS9733vTlcDA7sKGxsZDgz6jrkac0f6EFojoxjP0IqTytiJh13z+Mc/vuu7U089tWtXrVuQ
qeBBn6HvSOBI/chp+5Hn7J5GZyFXaD/toH7sDPDCD8LR/H2y/dxzz+1OO2GHFvNr6iYdxLwaO5T5
CbYUfH+Na1yjm6Mx78XX0AoyTKEFeNNmduvCB3wDFfsVfwZzDHgMfkWnYuORx0Q9fGMdfQRuwKE/
sZf5Xadt6Y79CP/BX9RF4nS5BzzgAZ0/qa6P34c5HmkfPMj807kadjI7SqFliyYtnMc8Gzses07o
hwxk4w6+N2iInYeOvd/97re2raiffufEARL9jGx485vf3MkAeBK6P/rRj+492Q+eYG7CmKcPqIc5
KrsekTU5HrepayoPdg369D/kID5Z5AwJGw/bGl3BPJL2XbVaIIxspY+hn/47yrF4i81RQ0ldNDUQ
PQSzfjeXB7Gvf7P4aOkL5DPzSP7w0zJPgp9r+4K8Y/UP8kOfJ/CZT6gb0JXoFvoBvkCmnn766bua
Rrs4TRWeMn31V391d6ImuqeV5ox950HoB9oM30IHTtpAJ6F/mAdvm/CT/mWxYaAhdEAvYpcwv2Vc
YtugQ2u/DvXqUwMf8sKv+BjQp7V94thCDvDHeEEeUY65HvYI4/lKV7rS6nu+53u6+dS2ungqDzqv
duc9p4kxfwVX037Pqxnf8BNXEv2MnXDfYsOk3k++JR+2HHYNJwMwLrAx4AcWKrYS/IQMZCE4dKYe
+Jb8zIGJI/DJt3qOg5+bfmBsMO6wLehb+hjZ25eQadgE5L/0pS+9uslNbtLBZu6K3K0D5/gHqcP6
GZf4WFunfG1LC3D+4Ac/2NUH/yMHiMtg0zD+SfQ5ft45sSfKTrU9u0o//W/u2J9jl1DlHJmb+I69
R+cjy6A3ibkIPGufJxzlBc+g51S9n7CW+wOmQBmQo1JREDtH+a9M2HZK0HynONN3inLrcC1CbKeQ
b6dMaNfPigHRPSuB1XV7yk6unWIAdM/JX/+VCclOUa7r/NKhCOQ9eROu+fJaAo57ytT1FWG6p66E
Mfa+OMM21lXjWwyKnXIs3mC5Mrnbg19xigyWsR/KpGOHvipKb52/BHc7ePRDPqeMtChG9jp/Ta/W
72J07xTjeo1nUVIdf7Ty8ox6izN5nf+5z33uxvooU5Tsugx11Pi36iuO7TU/ju3LvnzFOb8Rz+JY
X+MInKm0oEwxNDbWUxYY7JRA1K66yiRnT7ni8NmBD1ptmkN34RRjdk9dSf9iMHW8Z36uhzkeW7RI
/MouniZNEt+x91PGozA3ycESzNkpgZ01jmUyP0hv2+YYth6uJTC/wxg1T31lHJHHMtvU1aL7EA9S
ZzEyd4qjoRc/8a3HVjFCB8sU43ndJtuWV/uA9rd0Tuadc9+ihW3h2uLBMunYKcbeYLta+E7VP7Ve
AJ8ygdkpzsA9ddf1FWfjnjzZrrKAaac4QHfRfs7Yh/8ZBwm7vsfe6JNvU/qsON8H66FebJ66LvRz
jVP+Rg6i58Wllu3QtjhJmvqScVOc14Pwsy7ua108lQeLs2xUfdoRtmvuFX4vDpXBOovTY00/+LZu
c+t3cbavy4gbtBiSg8CpeR0+LkezDtZZHAJ7bIwyWRy0c6kr7WdxLAt+9tRVFmTsaQv5t6EF5Uuw
Zk9dLVqWgEazfnHuu9YyRp4Zsj2FNXfsz7FL5spccZ1ypV3IkaRzzXMJbxtdnHCO0/2oSfQJmKk4
KndK0LyzhYqTtWsBcx54pTgDd3xWHETdM3SWqTifd8r3WnfxVfJYCQZ2Y9j8XrGRMh/3Cdd8eS1B
hD1lahjouf1I2KU17Pp3jW8JSu+UgPpgubJofA96ZQHRYBnqpR+Ko22HviqO53V+5swk+iGfU0Za
YF/VuA/9Louyd4qDb40n8hT+6CtDvdixphLs7c0rDMqUhaMW6XRKjb9581oc22t+XBeeeVMWAWzE
E/9Spqm0oCw6OdvQumdejc7PVAIke8qVgEfHB5nP+zl0t2wJ9u6pK/EsgbaO98zP9TDHY4sWiV85
dTJR2+p+yni0ok1ysARYdkowzew7f/iHfzhIb9uGHq5TWYSxwxg1T31lHJHHtE1dLboP8SB1lgWl
O/e85z178RPfemxt8mcwDx9K9gHtx+7Y79SihW3h2uLBEszfKcf3DtKihe9U/VPrBfBhTnWve91r
T911feXTTHvyZLvKAqadEijcRc45Yx/+Zxwk7PpePbershk/XvKSlwzWQ73oNHRqJvRzjVP+Rg6W
QN66SC3boW1ZINHUl4ybVjwh4df3tS6eyoPllKDB9lhfWcSzbtM2N/B7WZA/WCe+QhN8Kw5DV3zG
dYIWQ3IQeDWvw8f4iYbqKp+v2mNjMHccsnOBhy9RW1lcy4KfPXWVhV++3nXdhhYAKgsV9tTVamfZ
GLOr3rE/ahkzxvYU9tyxP8cumStzxXXKlXbVtnHNcwlvG12ccJb7g6cAq1lHpaPu5MgguY7kfFYH
08uuk7XjzWCFggQnPA7NDNbi0KtpgHMLBzOOsbIquxNMdSA6yzD5KbuIunw4Nsuqqc7pXVb77XLU
1sGYhDH2Po0rJl4YOGXHzk7tBE18Ez9ocdZZZ3UTO5zsKLR0riWOteMdRQbtoU1Z4bUW2LmAAaO/
HLu6h2Y8L6v/1u+sp6wU7YIo9hHOf/IShPYZQR+MNh3RZfVc12fZv9CCSSSKlXal4yAd/LwjsCIs
6kCpElwvK6vWdep4pV8OO3Cek2EWd/C77ADeRXPwlobgOIcWlMNZBu9g6MvDwC4rg7tnBNbKbsQO
fs2j1E+fahi2nPOWmUN3ypbVyOs+KTvndnCsl92aO2VX3g4BC3kEww0+p0zy+0GPR+ozYIRTmr5i
AltOTNgpq3w7/HheVurukTPSZux1zngEtrzBGMFAhNcZJxjO0i+D4Di36NuyU379nkkx45J8jh3G
qDSnHhxptFWY0IJnLLrIsZXO+7l1SbMpPAiuObkvK+G79iBTn/KUp6zxBv8cW9TlwizkE/KPdmEM
S6NNQVX7INtuG/bjOpUHocX973//dZsZu2W19M7zn//8XX1Y4ztH/9A+eBdZIb3kEeAj2+AV7lNW
89x89FtZydzx8u///u/v0nfwljScO/YJGFIX8hbDHXjYAQRSxWFTH4vDpiuT7LIjpZOvjiXajpxF
DiNzcdDn2EqnBTgiB7EzsDG0UcAzcWRs0S7aYD225fa3v32nB8tuqK59TPZob+rNKbqYNk/lwTEL
HMA3dfEm2g69zwktOh8HCE5xxnousMTGEQ5jXDkOLuogeFEbhf6gLywDzLSpym76nbJqfaccx7+L
b+ux9bSnPW3Na9CeOtB1WRc4pG1X11V2sHf2YO0oaOlmdBKOS2S6iypruWebuM6hBeWUndIPpx19
mjwpXXMBV9Y95n6q7SnMOWN/rl0yR+aK55wrvEwfM5eB32qeS5jb6uKEdVzuR02iT8BMGSTXkZzP
dAb6DJvHZLCC8cwf4xl7MnUHDr064dxC96Fftd3rQHSWweGJHKQO7Nayk6hzerNwOh218Pi2CZvd
9mAns3AZHZs6g/eJb+LHO2xI7DyC6ciidK4ljrXjHdsHOkObU045ZY1HLmDA+Va+s969SxzQ/+gW
31lP2enTBVFsE85/YBCE9hlBH3SLjmj0Nyn7F1pgF5bdTF3wIBe7pYOfNmOjCIs6yglmnZ2cNpSO
V+pBd+FwFJ++634FzmmHdbC4g99l59oumvNeGs6lBeWQpfBO2WW/5mFg43vhWTnVrlvMCq3rRP30
qQtNWs55y8yhO2XR/dKi7FDbwbFedsZ1i/JykXvZsbgOoCW/H/R4BEdkCjjCI/QV9in2weMe97j1
c3yC26Y545E6HSeMEewZ5oSME3yQ0taFLOQvu9I63io75dfvmQcwhpEXjh34HVqb0KU5TqAFz5gf
5NhK5/3cuqxzCg+Ca9o1ZUdd1x5k6nOe85x1W6FJji3qcmEW8gn5R7vwnUijTUFV+yDbbhv24zqV
B6FFOTVt3WbGLvNe5rLZhzW+c/QP7YN3kRXSS74DPrINXuE+ZTXPzQf/lZ2THS/jo0t9B2+Z5o59
5gzUhbwtp7F04LADmHOIw6Y+FodN13LaYzd3Rr46lmg7/mNlLsH1HFvoP/EAR+QgdgY2hjYK7xNH
xhbtog3WI4xySl+nB5/1rGd1cJmP0d7Um1N0MW2eyoPpKxCv1jV18SbaDr2njcInHoENRMCVsZ6B
Z2wcE2NcOU5ZdRC8qI1Cf9AXJmCmTYVvF18Q/szk23ps5aJtaE8d6LqsCxzSrqrrKicHdPYgNo1t
5drSzegkFmIh+11UWcs928R1Di0op+yUfvjB6NPkSemaC7goOyVNtT2FPWfsz7VL5shc8ZxzhZfp
Y+Yy8FvNcwlzW12csJb7g6XAsQmcMwFBwLIbSmcMQghhkQFbBhwBQCb45jNYQV6MAJ9z1dmMgzGf
1/c6g9NZWedJ52XL8YjQBQeM47rslN8sEjC4idMRwZ/ly1E4a6Ge+EIT6ucvFxZYFvxxXPIemkJz
jPJyvEj3DMcwwtP8XMkjLums5527MxMHy/ou6cRkiPpx6iGQyIuTGXzYBUhdPHNxgGWFRTmC29bh
1b4DTgZXqE9HOQ4e83NlQkh+AjUZuEAZ8vsFL3hB9962gRt/LABIOHPvaT/tAQcmI7ZdeOkQlw68
m0sL4SaMqYEK6dlyzid889G2sXS3z3HsUz7hJc7ARC7w7LDGY40Lv9nRzASagAfyx12s2Vetcpue
bTMeEzZ8ygSJP56zQALayc+ZV9qX7yTtGgsGGpBBtNMyylQcCfaF77hmsKGWu1PrSrjcy1tDPMjE
nLb2tTd3ELb6y0Va9DGLAXDkYLQDbyggAX7qok356nbN+T2GB3NyhZM466G8gbTEd67+Sdj2MzRD
vkFD37swjt/Si3zwqHnyWo7T72gPH3oKydyxr1xPm8K6XDhV6wTfb3OVHkO2AXR3oVo5ln3XmLNu
Fy9BLyZUPufq2OAdfziz8n3qLvLO0cUJj/sxPEg+9BuyTccbzgif76deTVugtgWpz3ZDn1yExTt1
a0175Ly6OvuPCbi0xmkGjPzzFIUcW+k4q+UtZaGRzgHKaSe58AGZy06DrAfZZHC6xdeZ1za25F4r
31haJF1plzIUmIx9HA/Qql6ElXVOubcdLX3mu7qNc8a+43aKXTJH5k5p+6a8yMvkub78tq3mwz69
3wfnODw/2Gn6eQcdZ84Tn/jEbtGrWCBTGIsZsEUnI3ewnUwGK8iLvM6ksxkH41DSGZzOyjp/Oi9b
jkdlH4GnbRKLBAzQ43REH2bKE3YS37Qnc2GBZcEfx6U0heY47cvRpd0zHMPoyUzkEZd01pPH3ZmJ
g2V9l3TCWUr9OPXQpSTtVXYBUhdJvWJZYVEO+75O9h3tyuAK9ekoxxeRiTkl+dHzGbhg0Qa/lc22
Ddz4YwHAfiTaT3vAASerbRc2Dn/e8ScdeDeXFsJNGFMDFdKz5ZxP+OYD97F0t89x7FO+TrYbmMgF
0mGNxxoXfrOjGX1CwAP54y7W7KtWuU3PthmPCRs+ZVeqO1OdC8vPmVfas6Ayx4KBBmQQ7TQpU7Hx
7Avfcc1gA3ycaWpdWZZ7eWuIBwlYOnZa7c0dhK3+cpEWfYydS6AR2xqYQwEJ8FMXbcpH3m3TGB7M
QCynW2SivIG0xHeu/knY9jM0Q75BQ5ML4/gtvcgHj7aSPiH40FNI5o595XraFNbJXB061DrB99tc
pQd+674E3V2oVo5l3zXmLOPiJejFhq1Mjg3e8ffiF784X+/SXeSdo4t3ASw/xvAgZdBvyBYDii7g
2W+9mrZAbQuCh+2GPrkIi3fqmJr2yHn4gjJp2+WJAiwWqZOnKOTYYo5p/9TylvLQyMA/5bSTXPiA
zC2fdNtVFbLJ4HSLrzOzbWzJvVa+sbRIutIuZSgwGftuEKoXYWWdU+5tR0u++65u45yx77idYpfM
kblT2r4pL/Iyea4vv22r+bBP7/fBWZ4fHAWOTeC85XxhgCIMNzkDdb7jLDJQJDxWkwsjHfa+92pd
LUeceTKoBUyEFqvPEb7s6mTijWPU/HOvGRQAZguORk/ii7ADL45jRTG0yukU07GWdbWC7cDAiGdn
Fe1Nh6gKLnGwTt+l8zL7CaVEXumegTAdepb1N21jRSe09g8jJndPJi5ZX80X7qisFwPU+Cc83+3H
FQOH9tAPTIhqmDiiW8HYubRI+PbN1LZJz+yrhOu9+VrjsUV380MPFm+wo8X+5UrwvbWQ4LDGo+3C
OMMpYpACfOs/edYyU6/bjEfqIphm8K3Gjd+tPpenPOFBnMVFWcHzpDkrQc1bX91VWY+vKXXVMPkt
rwzxoAGS8i3H5iIM4OhAy0AYzxmLZ5XdIi3a8SxpMYTfpnytsmOeTeVBaQG9WvqPCWfdLvud51P0
T+JvP9dBtMzDvfKfuljAVct3xr6wkqbJh5Qdq4tZaU5+/sp39bpgffnmVreThMkzzp/UcTW+c3/b
hiH5gI5StnCsXKsu2u1CtnpRimODtqEXW+V9Zt6kqX2RY6uF91QetE6uLXj5ftt7dRs0YHEcu/xq
XaJ8rGWTZesFZdDcCar9l88IVLbwho/4TAF96k51+Q+6Y1e1ymEbyQc4KZLXW/IbGO7q32Qr20bb
0aqfZ+YbQwvyY/fSpuSnhO2ChuStfD/1Xvxa9PBd3UZpP3bsO0bIP8UumSNzp7Z/KD9jrK8fspxj
cYzez3LH8f7gpuhHDzJyB57e5AzU+Y6ziB2vmRxLddA383BvXS1HnHkzqAVe7I5j0RfjiDkpcwZ0
zrYpgwLAbKVWIEx5wnGsdSBWGDrFdKxlXa1gO+WYo7OzioBCOkQ5WQ46tGjmO3S1KfuJsUmS7hkI
06FnWX9TF7sTobV/fC4md08mLllfzRcuDOvjC/FPeLZjP67uKqYfsHfrhCO6FYydS4uEP7dt0jP7
KuF6b77WeGzR3fz0L4s32A1p/3Il+J476+SLwxqPtosAAHN+gxTgW/+Jm2WmXrcZj9SFjjT4VuPG
7xY/y1PYPpnERVnBu6Q5dmtfcldlPb6m1NWCLa8M8aABkvKd4OYiDOD66cE6kMlYrE97SzomLYbw
25SvVXbMs6k8KC2gVwasrYuFUrQv8bXfeT5F/wiTq/1cB9EyD/fKf+piAVct3xn7wkockw8pO1YX
s+ic/PyxIBs9yiY4/GXY4exCTx1X4zv3t20Ykg/oKGULG7VaiXa7kK1eDOjYoG3oxaFk3qSpfZFj
q4X3VB5MPFrw8v229+o2aMCckNPFal2ifKxlk2XrBWXQ3IX09l8+I8bRSvARnymgT92pLv9Bd4Pi
dVlsI/kA/3vyekt+U95F0LRpiH9to+2o6/a3+cbQgjLYvbQp+UlYXP/i06e1JG/l+6n34teih+/q
Nkr7sWPfMUL+KXbJHJk7tf1D+Rljff2Q5RyLY/R+llvuD48CS+C8CEMdXC1nkbsfNznsEAYM5JYj
Lh1FGDzUQ97WH+8Qyllm6j11ANuVp63yChHxTedq7ezM8q4K1Zkr7aiP1V2Zd9O9DgVxyPy+S+el
dWU/Sfd0+OrQs6zKtUXv+hm7K8SjVZ/vWvX6jqv4t9qW+ebe49AHdxYktAJawK3pwLO5tEg857ZN
em4aS+bLfrb+Ft3Jn0fe1n1a/3a3IjAPYzxSD+OLI7/FhbFJMIVv6aY8kGdt79SrtKOeqeMxnSCU
p5/ud7/77bBrULxb/NziM/AWl+zHDKrWOx+zrRhe1FkvtplSV8LzXpyGeFD+rusWRt81A1bgTrvP
OOOMndNOO21Nv6RFC474bcrXKrvp2RweVF5wGkoLfgvfOfqnhm0/10GZOp/yQP4cutY0nTP2oSFO
h6F6mLDtd/BcegzJB+letzNpljxQf37GvqyPFM/y3ps367IvhnRx1g8Np8rBMXQQxzlXx/5Q//qO
BYapey07VkbalrofhvDOoGofjyFjDZyjA1Lm1qcMWJeB6ew73+XVNg7xIfnNN5YW8i71J02tm4WA
nP4zJLfNO+Y6hJ/v6jZOHfuMkTl2yRyZO6bNY/PAlzmu+8rJvzWdWrKhD8ZxeX54U/bzviYduZuc
gTq4Ws4idz9ucthZV8sRl5Qg8Ec9yub6yjuCotskg4vorD7nqrtqxDedq7WzM3EhMADOOnOlHc84
ZnRK0kEpDlnWd+hqk3VlP0n37GMdepZ1l1pN69ZvFsKaWvX5rlWv77iKf6ttmW/uPUcWgz8LEloB
LeDWdODZXFpQ1jS3bdJz01gyX/azdbfoTv488rbVr/nM3YrAPIzxSD2ML478Fg/GJvqT04BSHsiz
lJmTpB31TB2PbMwQP67004Me9KAddg36vMXPLT4Dd3HJfsygar3zMdurbUNAMwM5U+pKeN6L0xAP
yt913cLou2IjGLCCXrSbBdWedOkz8vUl8Uua9eWd+nwODyovOA2llVr4ztE/NWz7uQ7K1PmUB/Ln
0LWm6ZyxDw3ZSDFUDxsSkmdrnOf8lh5D8kG61+3M+pIHWKyfyb6sjxTPPN6bN+uyL4Z0cdYPDafK
wTF0EMc5V8f+UP/6jgWGqXstO1ZG2pa6H4bwNh4yJL+QscohdEDKXPxUrWRgOvuulc82DvEh5cw3
lhbyLvUnTcWBhYCc/jPUbvOOuQ7h57u6jVPHPmNkjl0yR+aOafPYPPBljuu+cvJvTaeWbOiDsTw/
WAosgfOeAI8OHZgXgb7JoWi+lqNQWFxZAcS3KljBR94nPOEJ3R+CS8Wxqa6E17rXCYryRHC28uiA
TXzd5VkfQZrldXDqWEunbO1Ay3Kte434xMF87hBOmC2HnHRPmtUOPR2RHJeJgmMXZOuP1WEEv8Sh
VZ/vWvX6jqttG1qEkPmn3qvo84j6hIGT14lF0nAuLRK2bWv1W+ar76XnJue3+eSxhNOie/Ig3yni
aMRW//KMdzjhhXkY45G6xJsxzk6MPNGhr6/Ecco1aZH9vgkGNNfJT5DUHY6Wc/Lf6vN6vFmm1Y8Z
OBva1erCkDqQMqUu8cirOA3xoPydMiVh9N1bDr6FzzIfu4Ghb4unM5/4bcqXZcbez+FBjzknWNyq
R35LfOfqn4Tf18+Zh3v1EeOKI+84EaVv7OPYg/+EMXfs05fsEGNMqL/57jg0UIdPGXviM3QdQ49c
uAF+ffDUAfVYnsJ7rbzyV46bGm/zzJWDwhtadNPX7jHPlTv0JacN9fESz1kpnTAd/zVdySPeyRd9
/ZAw63tP/CEw7mcH6jz0jbKc+vjtJ3Y4FaHOz2/HUfZdK59tzHYM5RtLC5xD0BybtaYr8N2hugm/
Fi6tZ7ajhV/L9hTGlLGvbITXp9glc2Su+O3HFV5Ned4Hs8XT5G3Jhj4Yx+X5wU7Tjxb0liO3heGQ
o2csDPO1HIVZJ7utsOuRj+TlMxf8edIHY3CT8zLhte51giKjsB1ayXlZ4usuz/oI0iyvg1PHWjpl
0ZlTkg7KxMHyLo5NmK1+ku5Js9qhpyOS4zKx+dAhrT+OyGScm1r1+a5Vr++42rahRQiZf+q9Cx/y
iPqEgZPXI/SThnNpkbBtW6vfMl99Lz03Ob/NJ48lnBbdkwf5zj1Hbbf6l2e8wwlvOozxSF3izfjG
p5YnOvT1lThOuSYtst83wYDmOvkJkrrD0XL4AsC91ef1eLNMqx8zcDa0q9WFIXUgZUpd4pFXcRri
Qfk7ZUrC6Lu3HHwLn2ViNzD0bfF05hO/TfmyzNj7OTzoiZ8Ei1tJfkt85+qfhN/Xz5mHe/URvMlp
VMwn+8Y+C9LgP9Pcsc/nC/CNMybU39jN0AA8+Jsy9sRn6DqGHuguA6bg15fUAfVYnsJ7rbzyV46b
Gm/zQKM5clB4Q4tu+to95rlyh75kLtfHSzyvP/vi+K/pSr3inXzR1w9DeHriD/3sZwfq/PSNspz6
+O0ndpgPt5LjKPuulc82ZjuG8o2lBX5maI7NWtMV+O723oRfC5fWM9vRwq9lewpjythXNsLrU+yS
OTJX/PbjCq+mPO+D2eJp8rZkQx+M5fnBUuCkCJwPBUlQikOOHgQZA3QTDPO1HHE6h3RocgRwBs58
76Qb52Br1435Nl2tB7xbxyEbxOF94qszESHLN85a9ejU03GLs0KnbN8OTYJwrBZEmCZM60sceM9O
Ko9DTQdtq5+ke/ZP7dDz+DwC5y26ixN0yfet+szbqtd3XG0bhl8+956jmLyfc7V++rDlDNfRzPuk
4VxaJI62re63zNO6l57ZV0P5Ws5b250wkl9a/J510Mf+dpwc9HikPmlGXfXYZveNOwSzr8RzynXu
eJSu8Mv73//+NY2om2Cjxzu3+rweb+Jrf9f9aH5okd9NznLKlHoRj2VrOvXVJUyv5kv+8Z1XjpGC
Dvz17dpn5yYGOkfKWc5AGKvhfebVI5tqWvjeq/htymf+Kdc5PGgZ8GkFtFxQkfjSBgN3rfHYp3+y
LX39nHm4Z2JC3fRVSw6aHz5j4uBvcZw69tXRrbqAKd/W/Gm9c69j6GGboEWLB6nbRQ3keelLX7qm
B+8oz67e7Ms+fFt5lSE5tmq85ae5ctAx1qI/uBLQ6MN5zHOOxYU20ADe6iuD/oYG+d62jZWRaUvV
C5WAi9wlQPDYxz52XZcnIIEjx5Nm/d7Lo+RxAYUBpNZCO+pxkV32nfDyahs38bf5xtICu8uxg52W
eprv18GXtOegA+dpS9RtlK4t3oMXxN9yCaslB5Ou2V5pBw+OlbkJa9t7xuwYGVCPbettyQbfHdfr
wU7TjxZ0nbRDQRIwHnL0jIVhvpYjTqro0OQI4Ayc+d5gKM7B1q4b8226Wg9yqHUcskEc3ie+OhOZ
V7O4rZV06um4zW9T9u3QJAjH8cXIi0zWlzjwnt16HoeKrja1+km6Zx/XDj2/qUzgvEV34UOXfN+q
z7yten3H1bbhMG0lvu26TbJ++hA5XicdzbxPGs6lRcK3bXW/ZZ7WvfTMvhrK13Le2u6EkfzS4ves
w29288xxctDjkbqkGXXVY5t5tgGv7CvKTU1zx6N0hV+wBzIRbPR451af1+PNsvZ33Y/mhxZ8S71O
lDPQUy/isWxNp766WrA37Vxkzgwd+Ovbtc/Gloc//OE72NcmA2Es3q6T362taVHnG9uOutyY33N4
0DLg3QpouaAi20UbDNy1xmOf/sk29PVz5uGeeRR101ctOWh++Oxf/uVf/Dl77KujW3Ul39b8ua54
5s0YeiTdWzxI1S5qgF4/+7M/uwubKbzXyqsMSdlc4y0/zZWDjrEW/WkMiyG2SWwkgTbwVN+iQ+Cj
v6FBJts2VkamLVUvVAIucpe5M5serMsTkMCRT5K0kjxKHhdQ6I9oLbSjHhfZZd+1YNvGTfxtvrG0
wO5S5mOnpZ5m4T0ym/YcdOA8bYm6jdK1xXv0j/hbLmG15GDSN9sr7abI3IS17T1jNuV5H7x6bJuv
JRt8t1wPlwLHMnCuU5NdQQgFnG08YwdIy3HzgQ98YL0bsHZUsbNJGLVTFnj84SgiwEI+dqvgBPRd
HYg1oIDTKZ1l4OVOlxhr0LkAAEAASURBVG0D58B61KMe1eEDTuwgZcIOLnyTVyek+LoLL3es4Tjj
WHbpBf3OPvvsNczcSa1DEXgMeuBQDnphLAOLd7Q9g4a5u8u6oAmGM/n5y6NFgQuMdCgiTMkHzewf
lZllzUM+HMgYIraLfmI1nP2Sjl7yEdDM+iw3xBfkMfhGWRch0DZWAxqE7HN8W8fQlbbqqKVd0BI+
5DmOXZ75Jx2AN5cWlIUH4CG/QwW/EqiV16V/4u24I4/jLMcjz8E7y8yhu85m2sxq1dyNBzy+Qyw9
2JVCfdRrvx/0eHzNa17T1Q8/WD/04lvE4gB+2VdJkyn3c8YjNAI3cICX6GfGKvLCoArv6HPlBTiR
zyPoa9yBWY9XymhEAw/HAUao7WP18p3udKd1X+VR3XPqAu5UHoQvlJHQhL6zzeCa8oldqeKu/L71
rW+9Dqgjswh+0Vb+gFfrGOjsGAI+ecyXuFvP3OscHsxAKzixAIB+QJY961nP6m3XHP1jX0H/m93s
Zh1seIqgt/SxH5IGBnBwTPPttczDDgWPVgd/ddPcsa+coa7se/ChX/drAYztg87gyicT4B/ogdzo
owffdpXXCNalHMRGET+OY5cW1AU8eC95dIj35uriOTwoLbgabEZugDPPwJsTdGjb0KK/hNN3D0zl
MfBYAW9e+JDJHcFl6FQf1e6JPS0Zmf0nvBxbfA6D1f6+I+CNHKEe2oTu5B28zXfP7WMcbMnv2BS+
Q47irKWc9gjvoB3jgnFMUJrPSVgm7SjKpWwivwtl6nEp3l6n0oJyLloQF/r6wQ9+8Bo3nm8K7Fv/
putU2xN4c8a+ZcB9rF2SfDFF5m5qc9/7lK/IFnh1k/6Zq4v7cDjRnx/utP28qU2nJjIRfsbZxjN2
gLQScsndgMjVTMg6YdROWeDxh6OIAAv52K2CE9B3dSDWgALzTwIImZ7+9Kev66qDa5lvzD1zafDh
jx2k8C24IEd1QvKOOt2FRx4DeDjOOJbdBP2Ycwozd1LrUOQd9hRwSNALuxhYvKPt2a7c3WVd0ORx
j3vcuh7Km4Bb9xO2O7DpY/tH57plzUM+5tzIBBP99OpXv3od6ElHL/mgB/hP4Qtgo3eoj7LYICTa
xpzKIGSf47vLvOEfbdVRSz3QEj7kObqfZ/5JB0DOpQVl4QF4iBOTgA2vE6iV16U/eU2OO/I4znI8
8hy8M82hu85m8DrnnHN27cYDHt8hlh7YLCTqPazx6KcD4Qfrh158i1gcwC/7Kmky5X7OeIRGjlNs
MPqZsYq8MKgCfikvwIl8HkFf4w7MerxSBpvOvjj99NM73wzPScwh7na3u63fY2OY5tRF2ak8CF8o
I6EJfaeMxI+U8omNHyZ3Kt7udrdbB9SRWWnrAq+WJdDZMQR88vBHoDpxt5651zk8mIFWcGIBAP2A
LPM0UPqybtcc/UO7aC/0v+Utb9nxADxF0Fv62A9JAwM4zD/wpWce5iPML8VR3TR37CtnqCv7Hnzo
L/WnwbPEc849dAZXPplAG6AHcqOPHpyO6NgiWJe7krFRxI/j2KUFeAEP3pNOm3hvri6ew4NJN4PN
yA1wJoE3vkTaRr+ob7Pc2HtgKo+Bx6J0E3xIvxJchk71Ue2e2IMcSB5kvGT/CS/HFp/DYCOQCV8B
coR6aBO6kwRcvntuH+Onz7qwKXyHHCV4S9Ie4R20Y1yAF34XNi9YJu0oyqVsIr8LZepxSd5MU2lB
2fS3gg99/YhHPGKNG882BfYTh6H7qbYnsOaMfcuA+1i7JPliiswdau/Qu5SvyBZ4dZP+gRem6v0h
HJZ3B0OBYxc4z8CgQiuvBE7T0ZhBJvMZ0NQh73Ou7uBJh1i+r+/ze6HplDUfjsAzzzxz7dDm+Yte
9KJO+aJE5/7p2LaeoWsGFFxsYH4CSNe5znV2CVlwxngXN+jppDrLee+VI6QswzVXb5undcWZ68rS
fE/wPmFAa5z92W8GwnXkWh4DUse0z7i+7GUv63BMR7PvcWqAt857n3Otd6YS8DBIwXud8VmmtXMp
6bPpvlaICdt7600n+lRagMemcUV97CLE2BLvMWXEU/rNpTsBggwoABdHSn6fm2cYS0wwwfGwxyPj
zPYOXXM8Sssp1znjkTIGwIdw8x1OpHTw+xz5Cq4tuZrf8tWZaTlkTC1n4FPbPbeuOTxInXligzjW
/cfOSHhIHMeMR2Eh0wxqpbzyfevKYh3rmnNFJ9RtaNXDs+RBF8r05TU/VxdUzdE/HAk3VAfvUo5J
A5yWKWsZ4+iouq3stjWQPHfs13of/fiwhz1s5z73uc8ad3CxHnGcc63ratGGI+ITNnq5loOtsfXa
1752Xc5Jcwu+z+xX6mqNqbG6eC4P2kYdBOJV9zG/WXxj/jlXT4ewDvqY8epvr36+AKdkLmLjvTzQ
klvJwwZwhQnveu8VZ5mygva0+J0+TlpgC+WOeeR7LoASdt+VCTx1jZVNyH1w3IYW1IeN2IcTz/cr
cJ5241B9Kafr8Thm7M+xS6DDHJlLual/9Jc24hAdeKf+bvH0WL0/Fb8TJf/BTM+PDtQMDLb4hMBp
OhozyGR+A5o65H3OFYcmKR1i+b6+z++FplPWfDgCOalDhzbPmdttm+BHHcDW1XfFSUZ+kosNzEsA
qdYZ4IzjzAQ9c5EmZQ08CYcri28zYdvk+757nLnvfe979+RlnouD33LQmsBL9puBcB255j311FPX
jmmfcWVRFCkdzb7H30Jq2SH1zlQCHtmnrb5o7VzqKhj5LwOQ4lhfrTed6FNpATqbxhX1soswj0Ef
U0Z8pd9cuhMgyIACcAkQ5Pe5eYbdQtCAdNjjkXFme4euOR47RCf+mzMeKaMjfAg332Fbp4Pf58hX
Ukuu5rd8a7sBGVPLGfjUNLeuOTxInS27q+4/dkYavKPMmPEonZBpBrVSXvm+dd32eGpkfN2GVj08
Sx50oUxfXvNzdUHVHP1Tz2da9aUcg+Yk5pIpaxnj6Ki6rey2NZA8d+zXeh8995jHPGbX/ANcrOf/
YTjvf11Xix6cFJoJvVzLwdbY4nNwprPKKast2PnMfqVMa0yN1cVzeVBcWWCXeNV9zG/mCtuk2odP
HzNes17uWZBBYmFDLmLjnTzQklvJw7UfuTWvZuGjsoL6WvxOHyctsIVYXGxCvucCqLot9W/mTqSx
ssnThrahBfVhI9a45O/9CpxPsT2lfT0ex4z9OXYJdJgjcyk3NeUCoqRz61793eLpsXp/Kn5L/u0o
cOwC5y2nTjIrkzOUjH+1gCWvAc06QIpj0t3DrXJZj/c4UJmEUh8CF2cb7+ogEc+AjyMVJ6f4bXPl
+M/cTSROOLlZpeNvcMyjQjFuGbC+97oJPxwT6by1HHREMbfawg60ugz4ucoUGDjlWsYzqwBxklsP
7WD3jKueeK6zj7pZAd9yElI/SpR2i2MriGNQ3R2M1kt5g7GW54oRRbDGfFxR4BhU8lHmn3PP0a0e
a2894IMyyt1aHHmdzvcptACvTeOKuusFFWPKSBMmjNSzDd0ZNyw6kQ55vcUtbtFNPljQIJ0PezzC
DzX/0Vc4FHP1dD0exXfqdep4JKhVB1fgV3axErACV2nKTnTGSz7jnUdEt+Sj48d2vP71r9/Du8Bg
UYu78s07t645PGidTGRagSNkNwsDcjxZphX4YQEHjtOUGwaaKJfPpW/rCs2tZ+51Lg+iE+u+pp+Q
3+mYyUVfU/VP7jht6UdoUssx6UBdOMpbdCNQiVzJ/po79uVrxkVND+q+973v3e0mEa9trtbVapPP
2N3cqgNjfCx+npQgzNY1+7U1pqbo4rk8aDsZY3Xb4Bec+cgw821zRT/f/e53b/ITCyUMLFMHvFTr
eRZsYYu4YzJpWtugLBqrdTj5kRsEAVrtYIFgngCU8LEveF+XQz/mKRGWwUbMU2rgbWXNWNmE3Af+
trQAZ3Q0NhwnOnBF9vMHvhnIrts39fdY21O54XicOvan2iW2Y47MtezYa2uhg3xRX5EpwJ2ri8fi
dCLm224afvRLt5w6yR98AipTK1BnQLMOkOKYRG6TWuWyHu9xoHpELLs5DCinLWJe4CNHcHLuR+L4
z9xNZD3oSD5/4m9wzKNCcSrWC8zJuwk/7KJ03gofOmL3tBL2el0GJ7wnhgCDOT7BTuF5Rb8iF/xN
O9g9w5zRZzr7qBv9ZSDZ91ypH32D/8PUCuIYVHcHozAobzDW8lyZ8xOsMR9XZDLH1stHmX/OPUe3
eqy99YAPOil3a3HktQ5g6plCC/JvGlfUXS+oGFNGmjCHIW1Dd8YNczfpkNfb3OY23dyVBQ2mwx6P
8EPNf/QVC41zp2A9HsV36nXqeESf1cEV+BWbGb8YuEpTPv2FnMhnvMMOI7Xko+PHduATqnkXGCxq
cVe+eefWNYcHrZMAVStwhOxmYUCOJ8u0Aj8s4GBxaMoNZJrl87n0bV2h+bZpLg+iE+u+pp+Q3xk0
ZPyZpuqfXNDf0o/QpJZjWRdHWrfoRqASuSK9KTN37MvXjIuaHtTNvJ/F6PuRrKvVJp/hf24lTrQb
i1+9OUTYec1+bY2pKbp4Lg/aTsZY3Tb4hQXDyLD9SOjn3GSQtGChBL4FE7xU63kWbGGLMEfMstzX
Nihz75YcRG7gb24lFgjmCUBZB/YF7+uEfsxTIiyDjcj49je8zUkjpLGyCbkP/G1pQZ3oaGw4NgVx
xS5zgWQuOCLvNmms7anccDxOHftT7RLbNEfmWnbstbXQQT6or8gU0lxdPBanJd/+UeB8gCoduTF9
9KMf3ZhnybCZAsXoWRWBsfrMz/zMVVlFvCor6FZlkK0ucIELrIozeHW+851vM5CJOcp3HlZFyHT1
FuG0uuhFLzoKQnFMrIqwXZ3//OdfXfCCFxyFH20rhvHq4he/eNe2y172squLXOQig/VRpijmLs9n
fMZnbMw/CGzEy3L8aNcmaAJu1HmQyT6njw+qruKkX13sYhfreOryl7/8aD46bFocJJ2FXfMgPH/J
S17S17uu9s1hjscSXGDBUjcOGR8HmWpajBmPJVCwKsbp6kIXutCK/Iz9g0zolrJSueNZ5MZB02Rq
W+CRYrh29KAsvDKUkOvQkATfHdSYH8Jh07s5PAgvlRMlujaVo6ZG99Nc/bOpDa336FPqg+70GbTv
03dzxz60u8IVrtDxq7wBPairT860cD3oZ/QX8p0ruu7Sl770keLFOTyYNKOfkaPIqYOiO3Vgn8FD
1EUfH5Q8RGZga9Ff6PIxbUJOl8DsmizIzj5+NxNjBLuOfAdpk1jfflyLo2NVHIqrEjhflWPtOrz3
Ay60nmJ7bjP2qStt4yG7xLZRZo7MtfxyPRwKbLIJDgeLk7cW9LA2CfZXcXCu59XFGTx6PjSFgtit
zquH7IwaJvNqyiJ70SVj8FMOOK++3OUut3GeTBl1A7p/0zy8xnPqb2Qb+st5NXUeZLLPoeNB1YW8
d149xT9z2LQ4SDoLu+bBIXvXvsEeOazxWBZ7rOfVjI+DTDUtxoxHbHHn1eQ/KDvSdmPXIGvwKV7i
EpdYHTRNrHfsFR7BtsZ+J22a98NH0JCEbXxQY76rYOa/OTwIL+G/o03osLH9NFf/zGkacwbqA0fm
1dC+b54xd+xDuyte8YrreTW8AT2oa8xcaE675pShv5DvXPm7zGUuc6R4cQ4PJh3oZ+a6F77whQ+M
7tSR82r6+KDkoT5u+gr7aQwvIaf14UEbxmQfv0s7fU/Oq4+ifBJXr2UTw+rGN77xqgTOV+V4+n2d
V0+xPbcZ+/Qrc2Rt4yG7xHZTZo7MtfxyPbkpsATOT+7+X1q/UGChwEKBhQILBRYKLBRYKLBQ4EhQ
AMeFgZ6y02RVdresymr9VTnRYfXMZz7zQAJhR6LhCxInJAWWwPkJ2W0L0gsFFgosFFgosFBgocBC
gYUCCwWONQVyXl12OK9uf/vbr8qpJ6tyosPq3HPPXebVx7r3l8btFwWWwPl+UXKBs1BgocBCgYUC
CwUWCiwUWCiwUGChwGQKsNOhHOO5Kp8uaZYtn/dYXfe6122+Wx4uFDivKLAEzs8ryi/1LhRYKLBQ
YKHAQoGFAgsFFgosFFgoUFOAeXX5XvrqpS99af2q+10+77G6/vWv33y3PFwosFBgNwWWwPlueiy/
FgosFFgosFBgocBCgYUCCwUWCiwUOEQKcMzvne50p1X5hvyuWss37Fflm4Gr8s29Xc+XHwsFjgIF
lsD5UeiFBYeFAgsFFgosFFgosFBgocBCgYUCCwWgAPPq29zmNisWnmdiPv385z9/dYMb3CAfL/cL
BRYKDFBgCZwPEGd5tVBgocBCgYUCCwUWCiwUWCiwUGChwMFTgG9Z8s0zriS+Lzf2u48Hj91Sw0KB
vRRYAud7abI8WSiwUGChwEKBhQILBRYKLBRYKLBQ4LyjAPPpD37wg+t59eUvf/kVf0taKLBQYBoF
lsD5NHotuRcKLBRYKLBQYKHAQoGFAgsFFgosFFgosFDgJKfAEjg/yRlgaf5CgYUCCwUWCiwUWCiw
UGChwEKBhQILBRYKHEsKLIHzY9mtS6MWCiwUWCiwUGChwEKBhQILBRYKLBRYKLBQ4KAosATOD4qy
C9yFAgsFFgosFFgosFBgocBCgYUCCwUWCiwUWChw3lFgCZyfd7Rfal4osFBgocBCgYUCCwUWCiwU
WCiwUGChwEKBE5ACS+D8BOy0BeWFAgsFFgosFFgosFBgocBCgYUCCwUWCiwUWCiwgQJL4HwDgZbX
CwUWCiwUWCiwUGChwEKBhQILBRYKLBRYKLBQICmwBM6TGsv9QoGFAgsFFgosFFgosFBgocBCgYUC
CwUWCiwUOB4UWALnx6Mfl1YsFFgosFBgocBCgYUCCwUWCiwUWCiwUGChwCFRYAmcHxKhl2oWCiwU
WCiwUGChwEKBhQILBRYKLBRYKLBQYKHAIVJgCZwfIrGXqhYKLBRYKHCcKfBXf/VXqze+8Y2ra1zj
Gqsb3ehGx7mpS9uOKAUWHjyiHbOgtVBgocBCgWNIgSVwfgw7dWnSQoGFAgsFjgAF/uIv/mL1ute9
bvXFX/zFq5ve9KZHAKMFhZONAgsPnmw9vrR3ocBCgYUCCwVqCiyB85oiy++FAp+mwH//93+vHvnI
R67+/u//fnXxi1+8e/oP//APq2c84xmrL/qiL1rotFDghKLA7/3e760e//jHr654xSuuPvjBD66+
4zu+Y3X7299+X9vwmMc8ZvWCF7ygC5r/4i/+4uoCF7jAvsI/DGC//du/3dHpsz/7s1ef8zmfs3rK
U56yushFLnIYVS91NCiAHH70ox+9+tu//dtODv/nf/5nx2OXvOQlG7lXq+PAg82GzXz45je/efWa
17xm9fa3v311qUtdanWJS1xidZvb3GZ197vffXW+851vJtT/V+yHfuiHVq9//etXn/EZn9E9OCi5
MhVJeOass85ave997+uKXuta11p993d/9+r85z//VFBHKj/2xxlnnLEiUMd4+LZv+7bVHe94xyOF
43mJzL//+7+vfv3Xf331q7/6q6t//ud/7lC5zGUus3rAAx6w+sqv/MrzErUDrVtb9eMf/3hnr37X
d33X6qu/+qsPtM4F+P+nwBI4//+0WO4WCgxRAFmF3vrQhz7U2SLk/bu/+7vVueeeu/qSL/mSoaLL
u4UCR44Cv/M7v9PNT650pSut/vqv/3r1nd/5natv/MZv3Fc8mas/97nP7YLmb3jDG07IefVv/uZv
drS5whWu0PkgnvOc5yzz6n3lkmnAkMPf/u3fvvqbv/mbTg7/x3/8x+qnfuqnVn3z6uPAg9MoNJz7
t37rt1b4uN7ylrd081/o9rVf+7Wr+9znPlvPq5/5zGeuXvva164ufelLd0gclFwZbuHet/DMox71
qNWf/umfdi+vc53rrJ70pCed8PNqfPzf9E3ftLrc5S7XjYczzzxzdZe73GUvAU7SJ8yrX/3qV3f8
/k//9E8dFZjzPPjBD17d+MY3PrZU0Vb92Mc+1tmr3/d937c65ZRTjm17l4aNo8CxCZzjRHz3u9+9
uuAFL7in5TD/TW5ykxUOtFYaKmt+AqfAqB2vCJGf/dmf7ZzHH/nIR1ZXu9rVuoH1Z3/2Z6tPfepT
q+/5nu9ZXfSiF+3AvO1tb+uceS1n9cUudrEVhjflW+/F47hdP/GJT3SKl0D0/e53vyPV9n/7t3/r
Jip/+Zd/uYvsv/Ebv7H68i//8l3Plh8LBY46BX7mZ36mC7qI5w/8wA90AQV/78f1Wc961uoJT3jC
6mu+5mtWP/7jP35kJvjIY4yeb/mWb9m4Yj/p9Fmf9VkrFhz06Y79oNkCY5gCtRze1CdHlQeHW7n/
b3d2dlb3ute9uglPDZ0AOvbStgGfb/7mb179/M///C7wByFXdlUw4kfNM0dNHo1oQjMLcuyrvuqr
1u+OAq3XyJzHNwTKWRBS22ughX3JgqgTaSEX4/ecc87pgko5j2iRueb3o8YXOF4IMPzv//7vHvSZ
n13zmtdcXfWqV93zjgfbzM8++clPrn7lV36lk1E4iKmD8fM///M/nfxjMc3/+T//p6v3z//8z1d/
/Md/vLrQhS60Bw+eXf7yl1994Rd+4Xo+l5m2laMJ6yjdsxCKBVd98+qb3/zmvTpkqKxtZBEXMOp5
9Yc//OHOiY/zmDk2Jxgxtv/kT/5k9V//9V+rJz/5yet+wHFN/ta8mXn7la985dUXfMEXNN+Lx3G7
Mq9m8cyXfumXrh70oAcdqbYjq6597WuvGG+Z8I98xVd8RT5a7hcKHHkK/ORP/uTqnve85xrP5z3v
eV1AYf1gH25YvP3Yxz529fVf//WrV73qVUfGjnnve9+7etzjHtcFYG9xi1sMtjTpxKJ0yh5XvTlI
iCPyspbDm/rkqPLgYZMTu5yFMb/wC7+wp2rm1cw/LnvZy+55N+XBXe9619VP//RP7ypyEHJlVwUj
ftQ8c9Tk0YgmNLMgi3LR3lGgdRPR8+Ah9vcNb3jDPfYaqGBf/sEf/MGR0UdjyMP4ffrTn97NK3Me
0Spb8/tR4wvm1SxI65tXY2cTU2ylbeZnzKuxQ5BRnPB59atfvVuoz1z+He94RxfTcz7//ve/f/We
97ynOa++8IUvvMKfy9gzTtrC9ag9OzaBc4wyVs/1JXag9O042VRWmB/4wAd2GXq/9mu/trrb3e7m
6z3XdPAzAK93vet1E/w9GeMBZQjcwPAnQ9IRfFQd2ygNVmLicL33ve+9euc737laAucnA2cevzbi
cPzXf/3XFU51doUfhHMdJ/WP/uiPrphEHyWHHYubHvjAB45qM3TCqcdKypThx48jTpwWseKTVcFj
+uSo8uBhU1vdSr0sGjn11FNX7Ehl9ToT/Fve8pZbO9Rx0PNHYOlHfuRHVj/4gz84aowdBi3gGQIq
6G0M8xe96EV7AjSHgcd+10GbCCCx0/wgZPh+43tY8JTx8Pazn/3szoaGVkzsCHhe97rXPSxU9qUe
5gy3vvWtVyzIHbN4i3HIThXaftT4AsfU0M4EgnyPeMQjmnSbOz9jvsYOIHigL2nL40zhBA7mdJsS
cq4+5eG4BgBe8pKXrFgc1ZdYDNHXr5vKCpMFL+loRn8PnYSUDn7GCI6hf/zHfxRc80oZfAAny4Jn
HcFH1bHNmMTpx4IMghAEzZfAeZN1l4dHnALMF//lX/5ldfbZZ3e7wg/Cuc7iVObst73tbVcPfehD
t7bb94uk7FBmp+aYNkMnnOgskksZvl+4LHCmU+CjH/1ot5OSE7k29clR5cHprd6uhLoVKATg0LHM
NTnKnh3ijNHWIr4ptWLLA5PAEqe6PfGJTxw1xqbUMTcvPIO9dac73WkF37zsZS87FvNq2vSHf/iH
q1vd6lZHhtZz+2g/yynjmVfjQyGOxcl38Dt+letf//r7Wd2Bw2LOQCyQ2A5jedPcDZ8ZAfanPvWp
R44v/uiP/qgbg31Ew+/H3LqV5s7POMWR0+yG5lza8syrkY/M6TYlgvCnn376pmxH4v2xCZzjHOPo
FCZiCHJ2l3CkyOd//ud3O7+ZiPcNEBwsHGdKJ+MAtjyrnznikaNhMSpQiK6MR6mxCocJIKtNCdp/
7ud+bnfMB4zKcUp10IUjTRE4wmdVGavtSazqxyFDQkCBDzvQj3uC9je4wQ06R9RRd2x7BLDOtuPe
N0v7jicFOLaZye5Rc64fJLVZHcyJFmPbjMxnhxPGAUaAR1EfJI4L7GEKcIILwV76ZEwgaRja8X8r
z3/rt35rtwL0oFt8FOWK45gdi0fdvpjSPyzswT4dK8+mwD5R82qf/diP/dhg4O1EaZ+8O0XeHcUx
CL1xBBK4ZGU8czOcMQSfmVPhUGcXOIsbWmnO/Iy5HAE55oTMy+AJ4OP0w2HAqSSktOXZbc7uCfGj
HHM5nKA4iVgUZGJxMw42U9/c0vcn6pV2QyPmxS996Uu73Q2cfsAObvoN52kGvbOdOFje+MY3dvNq
HMCWp6854pEFyRzb+3Vf93XreTX9w3d84XkC9hx7/Hmf93ndLi6Oz+QzDLWDn8UOHPUtfE5ZYcEJ
id3oP/zDP9zdM6/G0cQO9OOeoD38znGjR92x7RHAOtuOe98s7TueFODY5m/4hm84cs71g6Q2ixVx
do8JnIMHNg1+UxZBI6OWefVB9s442MyrmUvQJ2MCSeOgHt9c8vzDHvawbqHqQbf0KMoVxzG22lG3
L6b0Dwt78BWMlWdTYJ+oebXPXvnKV+77J0jOC5rIu1Pk3VEcg9COeTW4Ma8m5sgcCJufORW7wm96
05t286kWnefMz5hXM7cilsm8DJ5g8QSLn5///Od3nzWlrrTl2W3+rne9a40f5QjoM69mvLEoyIT/
gk20Rz0dm8B5EloHGk4TVkRNTZYneI1iaCUdVBiBv/RLv7TrKLsMqqdjRjh98HOHxH45RFlVg5OH
YxUwkPiGB4OJYDVtoH33uMc99qyQ+93f/d3Vz/3cz3WOBhwOLBiAoVk9AgwTAwnYOC5IwGZFD84K
jkYkLw4Qdn60Eo6qU8o3I250oxt1gzCP0mRg5W/K4whhkQHfHEYwsHKIPxwiL3/5y9fHcYInO17z
28Tkx3nH6hccz7SJQYwDj7bh3BlK9lurT4fKDb37/d///dWb3vSmDk+EIM4kjri+ylWu0gkUeIlV
jbSZHbMci1VPNlg0QttpmwnnFN/a6eNfeA0DkLbIFze72c26+9e97nWdAOb7zpmgH04q+B2hS98w
vtjJRRmCWq3dKQhNcEOAyidf9mVf1rVnaHxyRCcCmhVf9A27RTgSBH4mcdzmaaed1jnSxJO88COO
WdpFogzONBepmNfrHFpYduqVvmLccXIBNCSxwIYjxFFIuVKVvNAaHmYMMrboM/iXtrHTB+Od8q3k
MS4eichRozh7OaKZRTv7JWNQmq94xSvWR7HkuGzh5RjmHfwJrxPUeutb39rxFIof3s2x24Iz5RkG
xcMf/vBOYfN9RY6UIWFwtMa9QQscubSN7/vgtIXuyCscv9CzlebwYAvOmGdTxv62dEcnEIBgck1i
DN/udrfrghEcz8NOCI+9FXd4gwAu8gFHO/KMSToO974TYChLHexmQx7SP9SFrCAYgl6pA+eHzYPI
amQTxx0xZjkKGlsAHkHGoReRN+C9bRqri60H2iEboTm7YAhOPf7xj+/oz5hiVTx/fB5mP5OB+jFy
Za4uxtDGLkFv8fkExi98BD8RzKmT49jAOX2lveK45xn6AdrQf+zUp/+0LYCZehrckb2svCYxAWMC
QXAJWOxwB0/GGzIYOwN7C77n/X4kdBYwpTX1IKeQT9TBlQARdlAm5B76h7zoVxI2Gicn3eEOd1jL
QtqPTcFuZ+kETPIRKOMbd9BKGc27WhczeaIeZAOJRazoMAKU5H/a0562y27uMk38h0yhv6DxM57x
jK4f+FQIuhSaYMPQFoKg5Mk0lQeVn7Q5ddwY2zPrHXPP+MWO5pQI+oAAJHqetphax2fnGOQYPSaz
2uHYwwYUheF1LF+Yf5urcyd2xjPupibt8KH5GadqYJdCM+R0LkKGhtSLTnf8JA59+LGrEDsNG7g+
Ieu4Bs6TLjrQsB/5tuXUZHnGC7zZSjqo+Czab5YjCJPHM6iejhnhCJ9dQ+xqNGFnu0NivxyiLJjn
JATkGzIIPuOUJeaxtIH673vf++6R98z1cDQz72Ueh0xCRt/5znfeZU/CoymjmVtxWhQnSmDzUR8L
4gjUtRJzLvQT8hY5nfNo9EP+pjyLRZBvHJeIzkS/8Qee2Hx+Vxk8mXMo9ymLLGSegl51XogdiB1P
29Qf5G0l+63Vp638Y54xv2Lc0x7scXQBcwxOJ0DvwEt8m5U2s+kB553fkxU+i0Y4PYu2meAj5uHJ
X77jSvvhCz4xIF/Qd+g75ArzNxaLZIJ+zOmwa7Dd6BtkFzu5KIMOoK/rhE8AXmM8qsuZI9OeofGJ
zQp+0IB+xI7APgJvErqAhdU5/8duhx+ZR9EuEgsz2FiSC4i6F5/+N4cWWX7KPX0FLZhDOj8B/4c8
5CHdHCXtLvJCa3iDMci4xV/Ajlrahh+EY9FZoNNK8BJjivaRyIc+oD9wWO+XjMF3x9hz/OS4bOHl
GOYd/Amvgwt6Ep5C58G7OXZbcKY8O/fcczs/Gz4q5tdj5tXMk7Bp4HnsFfQwdGehOqfOINtaaQ4P
tuCMeTZl7G9Ld3TCC1/4ws6HCW6MYWxxTxp69KMfvbpq9Rkb/brIB2hHXnx+2OfI7b6E7Y1ehYfh
A+QMf4xh9ApjJ22Zw+ZB5tXIJnBhzGInIHPhFWQcehEbFpy3TWN1sfVAO+1kbFDGOvYj8htZwnyU
v/2eVxuoHyNX5upi5lDIQGhP/zOvho/gp9aCVmQR4xj/HfYMfaW9onzhGfqB34xxTkmj/7QtoGvq
aWDiM0EfkfCjABv5Byxsb+adjDfmRthOwAIP3u9HQqbTXmnNOEEGo7+pg7F21TIW8Tdkgi/QP+Rl
vkVCjuELYF6sDKf95GFcSSdg4u9kHg6N4HX4icS7WhdjswADHxgJvwc6DP86eHJCQdrNXaaJ/6gX
XKDx93//93e+ABYO4++DJtgwtIX4SWtePcUeVH7S5tRxY2zPic3q/GLY0fANfYDthP6mLaYW7XIM
4tNj4bV2OH5P6NJKY/miVXbqM/iP+QC6hHE3NWmHD83P/rJ8hgI/DjTD3slFyNDQT1g4fhKHPvyY
V3PaG3zPfIF5RD0/SThH4r40dlQqinnnRPkrxiGjYKc4V2fhPKZ82R3e1VF2mzfrKMHPnbLDcac4
cPa8H4JfVmJ0cItC3lNuKv2LUdrBghZ9f8Xg3ylOgHVdZWDsFEd7b37gFIfqOn9REoN5rbccc7Eu
U3YTbKyDcsXZuVOCfutyJTiyUyahu+qDXsVo3/XMOosRsC5blM1OUXjNfOQvSm6HPEM0Huq3oXJD
74oC7sXJduS1KOJdOBZlNlge+kC3xKE4+QfLUF/SjrLlpISdYqAMlqt5iXJlMj5YpkxWd+EmnkX5
D5aTJiUgvy5fJhGDZYpS2YFfrYPrHFpk+Sn3RUkP4le+t7kLt+c+97mD+aEBfFuM3l3lwKk4dzeW
3Q8ZQ10/8RM/saeuPtitMWxf5hVeQk5MoW+dtxiSHX0SbuueMViMqF11fehDH9opzoc97bJ8LZus
ew4PWnbqdcrY34buxdG2U5ygvbSQJrW+RU/4rnVlPKJvst1lsrRTnISD5eD51AuUP0weHDO2aG/Z
rbirbdnOMfdTdTEwkW/Qp0XvfJZycwwuY/KUnZxdvX1jXxhzdDH8Cz2zDfX9937v9/aO47I4rrNz
0GO1HVAWJe2UQHSnJ9O+QAYpFyif9aFXbU9xHu56l/nyvjh8unost821BBl20bqlW8pijl22HfKQ
Z4lT3sM3JeDStavPrpNvWrrJd7Sr7ErtrYc6W2N4Dj3KopLBeqjL/k34U3mwJT/H2p5Z75h7+Dj7
pe++LAxe86BwHYN9ZUqwek+ZKXxhPdtcxXGTnOirY4wdTv9CA8Z6cbjuaTN8U04h22Ec1fUM4QeP
Axd5oGyg/MmQSkCuazs0m5PGlC/H9XV13P/+929WUZwqO2UByE5xtux5PwS/LKrp4BaHzp5yUx+U
gGwHq2+M8bw4gHaK02wNugRvd4qjfbDcL//yL6/zF+feYF7rRg6bitN0Yx2UK87OjuctV5zkOyU4
u6s+5tRl8fuuZ9bJ2DEV5+pOCdA185G/ONh2yDOUhvptqNzQu+Lw78XJduS1OOV3gTvnnHMGy0Mf
6JapBFMHy1Bf0o6yxUG9UxaJDJareYlym3w72OKtVBYCDNYlTcqi1XXx4tgeLFN2HO/Ar5nm0CLL
T7kvQc5B/MoCiV3g9N3Z1tYVvmX+WSf1SquMz/ZDxlAvvhFheu2D3RrDlskrvISc2CZhG0KfhNu6
ZwyWBYC7qioLoXfKZyh7y9ayycJzeNCyU69Txv42dC/Bvx38xy3a5bNa36In8n19z3gsiwx2NbsE
pHbKiS2D5ejT2pY5TB4cM7ZoK3b3NmmqLqYu5NsYnk+5uQ2OWbZsFOr6rW/sm3eOLoZ/oWfNQ/m7
HFPdO47xC2HnoMdqO4B5F/Omeowgg5QLtV8JO83U8ukkXt6XoGVXj+W2ueJLBa60bumWsphjl22H
POSZ+NRX+AZ/FanPrpNvWrrJd5QvQezeeqi3NYYpNzWVRSKD9VCX/Zuwp/JgzRvAHWt7Zr1j7uHj
um9av/Gl1Mkx2MrPsxKsrot0vrixfLGn8IwH4ijvTgUxxg6nf2kvY70soNhTBXxTguddTKJ+OYQf
PA5c5IGyoS5/lH6z0mJUqp0LR/n3GMfKEP5jyjvBp7MJYJSVSqMDPUPwZd65TiXbVTsUmWBjgJWV
QDtlBd9agKRzGCVXdoav35111lk7DAQc+ARS0+maQZKyynenrDZdlysr3XdwMJUVUTsGhgk0lRU6
nWHGhGRTEBa6toJTZTXMDsGpsuJvXR95+SsryXfKyqCufQh1nWIorQwmoJx4hrO8rKBew9nkzB3q
N+k+9Qoe6XjHiCEwk859JrsGoKGJwSYWZ9h2DHDoTcCv7I7bEVfe00bxyj7GQUufsHACuhKUF172
L2XL7sXuHfUzieEZQS7obZlW4LysQuzeEySD92gv/EIQgXJDZXgPLzGRweGbNJHHCISAS1n9tMbD
dyxaKTv/dli0IY44SKABZebSgrJz/gxuwGfwIEqorKBcjx2eI0eETT8T2M92wx8EN5Jva2d4TkAY
BxgiKK3kCeixrYwRT/iAvmVclp2tHa2HYCNTkufBEV6GPuVEhXVftQID1jnmup+Bc2Q8+GEgyUss
7kg85vBglp9yP2fsz6E7YyQn92UlfKcL4LGnPOUpa1pAk5QZ6ThDZqAPkDXIGXmEMjn+qQuHufQl
OIGeLbsmd8nvlpw+LB50DIMjfIvOgQ8Iwog3z5n0Ieum9GnmTdkE3LG6GN3KGCq7wnbKKuY1Tizi
w3FSTlvoaMzYyPr2434o4CR8aEL/Sauxuhg6WwZdgq5DvqeNwfta7rgABj6DpshO4YAH4whbSfx4
r2yijMExxg7Oat9lPWXH+U5Zrb+GK3z0K7q7nO6xfldWh3eL0Kxv7hXbhnqQS8AoO6jWdTBG0RvZ
x9KBMvAndMcpgI5J3DPQWNMWXS89KMcEzbYSZDFAmX1cdgx07YUvy86n9WKk1hieQwscHeg1eDtt
17JLp3vGIpxHPvKRnV0k/MQP/Mfy4Bzb0zqnXPcrcF5OOOhkMnTX3kIWa4eD0xy+mNKWVt4xcqJV
zmfaMalvfOcV3pc3yV92tuziAfO1rkP4qXdTbwHjZEjOTWtH/ti2jylfdiat+w27n7nJ2EDPEPzy
2bYO7lynkm1ED8hXyg5kUNnFt3PKKaes36VzGOcgOsty2E2MOxz4jM10riVtmRukPVx2Yu3gYCq7
AncMDBNoKrv0OvSg06YgLDi0glPIbuZ15YSaNZ7ii33D/J/2oTtoLwm+z2ACthrP0LM5L9zkzB3q
t66iGf/AIx3vzIGwWdO5j840AA1N6A8SizNsezlBraM3AT90nrjynjaaso9x0NInBBSgK3NO4WX/
Upa5MO+ov+yw6sAR5ILelmkFzsvunO49QTJ4j/bCLwQRKDdUhvfwEnNI5jNJE3mMQAiJ+ah4+I5F
K9gBuXiu7OxeLySYS4uuwhn/sGPAET6DB5kL4Bdw7PAcOWKin5mfZLsJ2GAXJN/WznCdxtTFOMDm
YV6TPMG7bWWMeMIH9C3jUh/GEGxkSvI8OMLL0KecqLDuR+Yw26T9DJwj48EvbVBs5kxzeDDLT7mf
M/bn0J0xknPdcpJHpwvgsec85znrvoKfUmZgk/OMP2QG+gBZg5yRR3iX45+6mPdZjuAEehZbJuV3
S04fFg/CA+IH36Jz4AOCMPncjTZT+jTzpmwC7lhdjG5lDOF31v6kPIv4yukUnQ8PGjM29jsNBZys
a64uhs7SF12CbYF8TxuD97XccQEMfAZNkZ3CgY8YR9hKJt4rmyhjcIyxw0JE32U9Zff8TtmluoYr
fPQrurucoLF+V3aJd8F765t7NXCOXCLlJgnGKHoDv4NJOoAbfIv+KSe5dAtXEvcMNNa0RddLD3ST
8w9glp3l6wBl9jH+VnQ0fMm81MVIrTEsrlOuzNfRa/B22q74oXiGf4mNXrTflPiB+1h7cI7taZ1T
rvsVOC8ne3QyuZxstba3kMXa4eA0hy+mtKWVd4ycaJXzmXZM6hvfeUW+OQ7JTwwtecB8resQfurd
1FstGEfl2RI4LxMOBnz+qRiHHDMIfAJ0MpFXdikSgERo6GRM2NwLPwNDOF8xFIQDk9Xlxv5m4lqO
X+9g4ShjgGdZhKJOxnQAIYytH4dnluGeQWObKQcc8xjYxVmXu+zTSYmTwPxeDfALD5j+5U5483u1
PvDF2dtqo3kN1KDYEAo+95oBLwKTPq+v9tsQX9Rlxvw2GFOO+VvT1B0S5Rt/HT5MBOEtHc7wnzti
cRK36ilHiHT9mc5w+tAFEK12uFOs7qsXvOAFHSz6qeZrA5QE2OC9Ghfzs3MVQcvE1gCG7bEM7ZTH
ytEhu+qinCsUWZCRddk3nJZgMF2YXJNf5IG5tEi4c++hBWODsUJfupCk7hP7HT5HPmR9GgJJd2jt
2KbfMdKyTAZYMviTeba5l5c3wTZfPSbpU/EvRyvuwn0OXsgQYMq/4qWMQe624Ob4wpmSeZQntayY
w4MJd+x94jZl7AN/Kt1x3KgTpF3imTvs5V140MVZtT6wrBMlYOME5HkG23FKmZcr48WTUGqZkfm4
t40tfDOv+abwoDKVdjHZT3ieAIDOBd98N/V+G11sXbavlpW+3++rE74hujt2apqLS0sXp8MSnZBy
n3L81uiHN5j8Cs+xwiKM5FXGKvrEfHmVbi1d57u6jam3WjYX9pTjiMlw1jfnHh0GPJxlyElhM25q
+gBf/Qd9MqBu3bYLOLnQLvvDcWoZHXw1nVy4RV0EG8zPFToxjtFNaSdmnrn3trFeSFbDm8ODCcN6
oNUm2zPLTblHb0E7bDXoyBjgmXqLawueYxB7Iu0gnM/A4S/Hh23h+RS+aNU99pk41mNobHn1rPqm
r5zBUscGV+QOsgAHXZ+MFr+aj3Dw0d/A0S637qMyoT9IPJSxQ46VofrHlMcJQ4Au+4x7HIMEIHH4
62Ss6xI+ssyE8zVtXnTA3ISDuBy/3uGGowz+yYQTUydjOoDShkKv14ldSLaZcsAxGdjFWZe77OE7
gx44TutkgF94wPQvd8LX5awPmuPsbbXRMgZqGFMG033HNQNeBK77kv02l6/64GKf0Y5yXP2apizC
5BmLk0g4n+EtHc7p8ERPtBI2t/Rx1w196AKIVjvcKVb3lfKXfqr5mvkpeBFgg/fqZH52rqLzCXIZ
wLA9lqGd8hiyy7K8p5yLY1mQkXXZN5yWYDBdmFyTX+SBubRIuHPvoQVjg7FCX7qQpO4T+51+RD5k
Qu7zPOkOvRzbjAvmjZkywJLBn8yzzb28vAm2+eoxSZ+KP7botgkZAkz5V7yUMcjdVsrxRcAok/Ik
d53yfg4PJtyx94nblLEP/Kl0ZyEfPMaftEs8c4e9vAsPujir1geWzR3i+JdJGWxn7pGJ8eJJKLXM
yHzc28YWvpnXfFN4UJlKuwg8ZiKICZ3QueC7TdpGF1uv7atlpe/3+zoUcLIux05Nc9+3dDHzX3kQ
nZByn3L81oaGN5hzmBwr+GOTVxmr6JNWkm4tXee7mrdSb7VsrvSTsFh824QOgyYsCqvn7DV9qEv9
B30yoC4etguYudAu+8NxapkXv/jFHQ41nfSDUJeL/CwDnRjH6Ka0E32/zdU21gvJaphzeDBhWA+0
2mR7Zrkp9+gtTuPAVoOOjAGeqbe4tpJjEHsi7SDm5MDhL8eHbeH5FL5o1T32mTjWY2hsefWs+qav
nDEiZQdX5A6y4CXl1Mk+GS1+NR/hY6K/gaNd3lf3UXl+0gXOYXRW9g457cY6ZphU1rvukplwEOK4
1bniVfgcC8pOEHeDWLZ2ellu7DUDgq0AOHBQEDjlmDAZ2GTAgUMGcOs63XmMo41Jmu8ZMJStnU1M
6JyUtRxdDFLK1UcfCrfvan2tAEaWoX4XETAo813eu6MNJzA8ku+8t99a7TDPnGuLBrZPehoAkO6W
gXa0j9WjOND9I8gqvpYBt6QHZekbeLh8s6MrywQQBV23w6M0KFO+n7aDoVu+t9f1N8Y6xpN8lGUx
EM4qq9Qo1/pL3ChH3TyrnwtTB3/yi7QBPkELVi9LB67QgiCn9dt/c2khLlOvKGmUhs5X8cmruAnb
tkGPOghhgCJ5Nsc+fSmcvDpJmeu4Tlj1vXy5Cbb5sh+FVQe5fb7N1fG0CS/rGKK7x7Um3c0/lQet
b8pV2lHXlLFPHZYdS3f7YminLE5RcHGxDXwqj3OsXKttjD0XSLgAwbrArSWDWRxFPX2ywXps46a+
Nt9YWmAYuyAAp4/1eTV4ugk/8w9dt9HFwrV9yae+O4jrpjGW8naKLlb3QFfslhbu2CLyXPZNjkt4
h7/yzbEmDOEm3Wqd5ruat7KeOsAsXJ0QaXP5bupVPGwTV8ZPHxxtAfLVtgIT9TzVoW6bZbFLDdhC
b/oDeLXOQgfZF0yo2PUNTGwMdPMb3vCG9e70PnznPN/Ef8Ccy4OJj/Vssj2zzJx7eWqKPBE37Ubr
hY+Vt9lf9u0cvhD21Ks41nwmHIJ+nBTk7/oqztmOOo+/sf3kRdqYf9CVBZzm9Sp+LEx1fiavUx6e
rhcZHJUJ/UHiMeRYwfnESQZDTruh8ok3jhcX5WR/eY+DEMdtnYTPsePsvHX3reVqp1ddftPvDAi2
AuCURz7ilCPoZnBSfsoAbl2XO49xtMGHpj5nE05cdyyiC+qkAxhnlnjUeVq/ra8VwMj81O8iAhbw
9iV3tOEEhkdayX5rtaOVf+yzFg1sn847AwDS3TLwDO1jJww+FP8IsoqvZcAn6UFZdqrDw+hkyjJX
Y/5XJ+SI/MmCcQJ2nGoDfsg3fFWt/sM+HvI9JW7USd08q5+Ljw7+5BdpA34ELdhBJx24QgsX+JPH
/ptLC3GZeiVQg12h81V65lXchG3boEcdhDBAkTybY5++bCUX5M11XLdg+ky+3ATbfNmPwqiD3D7f
5up42oSXdQzRXTs/6W7+qTxofVOu0o66pox96rDsWLrbF0M7ZVkECy7Me0nwqTz+xje+sXtW/2Ps
uUDCBQjWBW4tGYwfm3r6ZIN12MZNfW2+sbQgWOWCgPpTFtRt8HQTfuI5dN1GFwvX9iWf+u4grpvG
WMrbKbpY3QNdM+iXbcAWkeeyb3Jcwjv84YsaSkm3Wqf5ruatrKcOMFuXgby0uXw39Soetokr46cv
aQuQr7YV+FRhnupQt82y2KUGbKE3/QG8Wmehg+wL5iDs+gYmNga6+R3veMd6d3ofvnOeb+I/YM7l
wcTHejbZnllmzr08NUWeiJt2o/XCx8rb7C/7dg5fCHvqVRxrPhMO/gT8AH1JnLMdfXmx/eRF2ph/
0BX/UJ3Ej4Wqzs/kdcrD061FBjWco/D7pAucG2zi2BUdJfV1imOGskxi2EkLbFY9oUBkJAZaH3zz
eCUgiWLPnSJ12TG/dbgB901vetOe+lsw0qFYO90yv6vLcEblkY8aJC1n2BA9GaTgiXO/dlJnvfW9
9Q3hSpkMJOKwreH4G2EDHkNO7aF2CGfOtUUD2yc97VOdqJaRd4aulhE3+DQdgXVZ3uXxtZSDP1iV
WOfN3wRksw8Rnum0BO4ZZ5zRBS4s18KNd33BHsYGDs0MdkEbd9ELd+iagZU5tJCOU67QjyN0xQsl
Aa9xOkX2Re0Mrvs965QHcuwo34CPEZj5vXciJW/5fD+u4rQJtvkSd+uved/n21ynwhyiu7sw94sH
p7ZL2slLQ9d6fFl2LN2l25BcrPGXB+u6M1+OB5yrvNMRzEQo83o/1Cfm4Wob95sH1SVD7WJH+tD7
xLPvfltdLFzp0Opr8+znVV7po7v0g1+n6OJcUJH6JXHPYG3aPPJMjhEWV9WBr4Q1RDcmp8Cq22g9
wE67KOEqd+mP1sKQzLvpXhyzXcgjA9t1ecdW5u+7r21jF6uR36MS3UGXMjDrzBMlWvX0nUSRMKbe
b+I/4M3lwcTFejbZnllmzr08NUWeiFvNn9Tfsl+34Ys5baLMEI60GZuRxbt9Y6TVjk24sJiLscuO
YxcOwpfoNeRtlhe/mm/pBxyTzPUyP/cnQxpyrBhsYgFyXxoq3yqDk5++ATan0RiopV8IlNVJ+HW/
EZDEaZM7ReqyY37rcAM+n8Mak9KhWDvdsjwBUuDijMojH3U2tZxhthddUCcdwDj3ayd1nTd/W98Q
ruTPQCLjqi85lggk9+Ex1I4+uGOet2hg+6SnfaoT1TI1D7V+W0Zc4NN0BNZleJfH11IO/mARYZ03
f7PwPGmHvEmnJXA5iSf9Ti3cgNkX7GFs4NDMYBe0cRd94tN3n4GVObSQjlOu0I8jdMWJeS86jdMp
si/qMVL3e9YpD+TYUb4Bvy/I5C4zeSthbnsvTptgmy9xt+6a932+zXUqzCG6uwtzv3hwaruknbw0
dK3Hl2XH0l26DcnFGn95sK478+V4YNEgyWPasdlbaahPMr9t3G8eVJcMtQubbeh94tl3v60uFq50
aPW1efbzKq/00V36wa9TdLHz0RxvNd4ZrE2bR57JMcLiKuZXfWmIbiyUBVbdRusBdtpFWYdyl/5o
LQzJvJvuxTHbBX0MbNflHVuZv+++to1drEZ+/L4kFpfzu69P8kSJVj19J1HUeE/5vYn/gDWXBxMP
69lke2aZOffy1BR5Im41f1J/y37dhi/mtIkyQzjSZmxGFu/2jZFWOzbhwmIuxi5xQRcOwpfYYMjb
TOJX8y39gC+Fud6Jkk66wLkOx5ZjSWfIGMcMu+Rw8BActFxedc7UR/qRR/gwEkc+oWz4y/Lb3Kdz
sA7EDcF113V+B7rO3xcUcYLcoqvtbeFif/Q5YOv6/T1Un3m4MhgNWLKzKt/lPd+5ZEAPObWH2pGw
pt5Lgwxw1O2rnaj2Azhz/BInAbDDuPXHhDadg6w+53torJCjv57whCd0fyhrhVriYntwPrIzgt1p
luH7oTgULZd9bBt4zxFJwuEKLI8hzTGE4UJ+Jqit4IarkhO/5He+u0JdLTrwjHe5MGUuLbItY+7t
Y+jEKsQMcNA3Oj2SfsCt+z3rEmbSwiAH9GOilfm9NxDVGqvmmXsVp02wzZe4W6d8swmG+cdchTk2
2DGV7tvw4Bj8M882Y38q3aVbq58Sp7zPBTPIi3yX9wZt7GePQW/pTMpJY+RDyoyEyb1Oe+j3AABA
AElEQVRtFG793t/ma7XNdicMgrYeF4/uFo7XPpnm+ynXbXSx9Qy1zzz7eW3RLOHP1cWecoO9xfew
Eqb3jFcXT6UMzXHMBNv+I8CNo87yeZVuLZvE0yaSLyhrPX16izzKXfitLyiYeAzdiyM7YjnVwQVq
BAJbsB1rtJ+V+336kQBVa2w5NsEdHW19wGrhyeIBdsqg67CVsRf4NpqfJEEP1jRswZnybBP/AWsu
DyYeY+rJ/HPv5alN8i7hD+HWsl+35Yuse+z9EI62uTX2hN9qh++8soCZsdi3QIdPacGDrdO9xA/b
FjsNvcOfsFvXE2XCvw2eQ44VHY4tx5J1DpU3D6fX4OCBxq2kc6Z1pJ/wWRzBUcE48/jbr5TOQeTv
2OSu6/wOdF22Lyiis6lFV9vbwsX+6HPA1vX7e6g+83DNAA07q/qS42zIqT3Ujj64Y55Lgwxw1O2r
naj2A7IBGYL9ir3d+iMIns5Bdj4zt8Reob/4dA9/6GTg8Ze42AaODmU+jq60DPNYHIqWyz62Dbzn
yOdMODI9hjTHEHKM/MjE1q4edx8mfsnvT3rSk7q6WnTgGXjkwpS5tMi2jLm3j6ET/owMcGSgLOkH
3Lrfsy5hJi0MckC/1skBlDcQ1RqrCX/OvThtgm2+xN365JtNMMw/5irMscGOqXTfhgfH4J95thn7
U+ku3Vr9lDjlPePZBTPIi75k0MZ+1hfd0pnAkMbIh5QZNXzbKNz6vb/N12qb7U4YLAryuPjWp1T6
ZJr1Tbluo4utZ6h95tnPa4tmCX+uLvaUG3jKT44kXO4Zry6eShma45hPGNl/BLiZf7aSdGvZJPp1
ky+snwVdfXqLPMpd+K0vKNjCp/VMHNkRy6kOjjcWuLRgO9ZoP77XPv3I5xJaY8uxCe7oaOsDViux
eIATItB12MrYC8yt/SQJerCmYQvOlGeb+A9Yc3kw8RhTT+afe5+82+qTFtwh3Fr267Z80cJh07Mh
HG1za+wJt9UO33nFP8RY7Fugw6e04MHW6V7ih22LnYbe4e9ETEvgvBgjDJ78G+OY0eFUf4tVODpf
WAnsM6/C73PqmG/ulcmb34nu2ymIY5OVzAhZ6xFnBkbrCEPy6UCtndiWbTlDbW86tK0TZcxA6zse
vu8bxEP1Cdur9XPccAsezjrpNbRoQDitdljXnKs0SGdh3T4dijpRMfK5h3buAmvVTXvzswTAIcAA
LTJ4a1mNkNq57/NWXUm/pI1jpDUG/J6x7bF+cLIvcPITjPId34fzu+4Z7CKg5RHKQ0cAAyfhzaWF
+Ey52p/QvQ5sEMAxEJH0A37d71lni29sE3zRooXBPd63xmrCn3MvTptgmy953vqk1SYY5h9zFSZK
u5UfYzSfT6X7XB7MOsfezx37wJ9K91e84hVr513u5E1cOZoaQ5FAGc+TB1tjnzwu8IAP/aayfYRM
aC2a8fuUtcxIXLi3jZv4x3xTeNCJDjjkqRw40ziSmvZswq/Gt/VbWszRxcIbap959vMqzkN0V4dO
0cWe8ABt2WnYwln9RJ5crOE49jvvyD91CDI3daNwpVvqGN8ZuKnbaD3U/+AHP3jXQjXKEoxWxvct
DLGOMVdxdCEQvEjd/DHmcqEc8MQbndrS+9YJfVrvc7xaDzRtnQBgXo6mF25etSFrGmaeOfdj+A+4
c3gw8RlbT5aZc58LhZD5NQzsiLqvhnCz3WljbMsXNU5jfg/h6DhqyWRht9rhO6/W0dpRTh5lCnKo
XoxjWceWMIeuJ+LkfyrOQ44VHY5DTruh8uKiw6n+Fqvvdb4gQ+sk/D6nTp1/6m+PjEX+9e0UxLHJ
EdrwkEmc0eXogVbSrqid2JZt0dX2ogvqZH/0HQ/f9w3iofrqOqyf44Zb8HDW+V3toUUDwmm1o65z
ym9pkM7Cun06FA0aYcdxTx8jJ/sS7c3PEgCHAAO0yOCt5ft2xfm8VVfSL2njGGmNAb9nbHusH5zs
C5z8BOtNyD+CE7Q5g10EtDxCeegIYOAkvLm0EJ8pV/sTuteBDfSjgYikH/Drfs86W3xjm6BRixYG
93jfGqsJf869OG2Cbb7keeuTVptgmH/MVZgsrGil+nunU+k+lwdbuGx6NnfsA3cq3Zkzwyv85U7e
xJFFqQ9/+MO7QBnPkwdbY588LvAArt9Uto+QCa1FMyzYIX8tM4CXyTZu4h/zTeFBfNHikKdysADn
zDPPXL/DBtsmSYs5uth6h9pnnv28ivMQ3dWhU3SxJzxAd476biX1E3lysYbj2O+8I//UIcjc1I3C
lW6pY3zn97HrNloP9T/iEY/YtVCNsvCDMr5vYYh1jLmKowuB4EXq5o8xlwvlgCfe6NSW3rdO6NN6
n+PVeqBpnjAjDPNyImMraUPWNGzlnfJsDP8Bbw4PJh5j68kyc+5zoVBrERx2RN1XQ7jZ7rQxtuWL
Oe0awtFx1JLJ1tVqh++8WgexnXoskEeZghyqF+NY1rElzBPxeqwC5wQ/GAj3u9/9OkGHcZI7unHK
uHupdtpRFkcVeW52s5vtKg/MOtil86Z2oCPIWX2rkzR3ORPQbsHftJthyGHT9y4dyQwIJuzkpS3Q
BbwR1ARRbVs6d3nP8QvChz5nn312V4ZytVPJHXLsLkqnLY697A/hedXJCkyDsuCI0WjgFfzNT38C
06NCqY/f0JC/VmCcXcYqJb5HgQEgPBQjDmDf1zuohEu/+Y3Imq+ENffK7i/qx1FP24GD44VntI/f
1I/Dn34xQCUPYgTyzYmkOzyIogcGZex/4Lgzj/IZSKYe6hMX+SLxoS523fHMP4Jc8ns6ZYXFrjhx
Bg8EJ3WIWx0k4/uBvueKo51gRD6rHavSizyswktnKMYQ32O3PDIA3OfSwnZPubKSlvrpC+unr9kt
aH/wHt5KuOAObSlX04mFN5RJvqGs39LlHUYWNGeM8A1qg0a8o3+SZ7LeKfc5RgiuCjvHJfcJ04UT
Ne7k8dte+4UfMA0AQ0cXBcH7rNx0XGdQjuNY6ZcpdJ/Dg0mTKfdzxj7wp9JduUOfQgv4WJ5BjjKx
5x1/KRfyG6VMaHI8wiPKC3b+KptSF1AXuMI39JNHWIlHPRYOiwdzIgUuBGYe97jHdbSRDuBum6b0
aealvDQC3hRdjA6k31I+SB+u9SKRrHfqvXYT/ZQ2QN/Yn6OL4be73vWuaz7D0SMPgi/jVtpnMBf9
BY9CP/SF+gyZqswlkAyt1bvAY9W48PiWJ89oD7acz2vZlOOEPCzAQ84gR/g0iH3JO+TwVDpnfnDR
Zkg7VtuWOpD7jDnyUpZJnbjDs9BAmPAEOwOlScI0D1cn5sKpbSXzZl3s8BAH3sMv0BwYffUIZ+wV
mNSRegNbW57PvgXmHB6k3Bzbc2wbWvlyASz8xiIFeBjbTkcjgV94z/JJA59xhT4tOzz7ai5fZD1D
99LPBVC0CbzsJ67aO7V9p5yhrWPmZ6mLCcImXiwaxoEAD9YLZcGnNbfgecKo70/Eyf9YnAl+4MB+
0IMe1NGMcZ87unHKuHupdtpRFkcVeW55y1vuKg/MOtil8wYnfjrQwRVZqpM0dzkT0G7BP4jdDOlI
dmEQuNEW6ALe8BVBVNsGr4g37zmW3QR9kIPK1Nqp5A45vlebjioce9kfwvOqkxW4BmXBERvLwCv4
m+hPYGpnUR+/oSF/rcA4cki8Tz/99G63tfAYpziAfU+9mYRLv/mNyJqvMv+ce/U4jnraTtJ5x24t
EvXj8KdfkDEkeZC5Lno26Q4PYs/SLsrQtyTguDOP8jjKM1EfZcBFvuC9+FAXu+4yEeSSb9Ip63fF
2RUnzuCRdhC4IU8zpd4DF/Q5wQj7iGvtWBU/3p1zzjm7nKHIRL7HbnlkAGkuLRLXsfd+OpD2Wj99
zW5B+wP84K1M4A5tW3Ri4Q1lkm8oi01lW9ER0JwxwoJ+g0a8p6+TZ7LeKfc5RgiuArsel9SfyYUT
Ne7kQQ/uJ37AxF8BTOiIHU2C97FFHdcZlMNup1+m0H0OD3aIzPg3Z+xTzVS6K3ekHXwsz2D3Mafk
HX8pF3IOwgKODE7AI8oLdv4qm1IXQHdwhW/oJ0/BEo9aZhwWD6IvbC9XFqbxySjw9Tn3tmlG13ZF
KC+NgDdFF6MD6beUD9KHa71IZC6OlNNuop/SBuC3debYn6OL4bd73etea/riC5MHwYFxK+0zmIv+
gkehH/pCfYZMVeYSSIbW6l3g5YkO+HhJtAFbznpq2ZnjhDwswEPOIEeYR9uXvMPHvE0CF22GtGO1
bakDuc+Yk/bMV8SdeAU0MNFP7MCVJgnTPFzP+vSiEeHUtpJ5sy4+wyAOvIdfoDkw+uoRztgrMKlD
vYHuwdaW/7JvgTmHByk3x/ak3NyUC2BpE4sU4GFsOxa9QkMCv/CeSRpoN/oc+rTs8OyruXxhHZuu
0s8FULWNQH9p79T2nXKGto6Zn6Uu5kSmTCwaxocA/eqFstCpNbdIHk5YR/3+2ATOM1CsABq6ptNO
huvLb8ASgY0y4M+grmU4DhxDBoXvs3Sg47xzJ63v85r4WMc2VxSLE2TryaCZz1BaWY8OWd9Thm+v
+5srTi0GIuUweOp24STGaZuBEMunY5vy4Ak83zOB9N6ru0QJlvis75qBmGyXE1fL0aa6XTj+s0w6
3yzXutaLCBLGpvsW72Eo5yT4tNNO6xz72X84Q3QyihO0g5bwnc+4chylgSsMYx3k5qEMqzrTuf+i
F71okBbg8rCHPWznPve5z7ou+9021xN162td6919aUy18oNz7nbjPoMrlGHixrdUszw0QsGD41xa
2L4pV2RH3S+JV94rNwz25jsca9Trrr18545g6qr7OPPlvXVNaUvmHTtG8tu/LdwxgjHGk8fBM8tl
vVPvCb4mf7fo48Kdli4xqG7AOmmIYQ0+c3hwajvMP2fsz6W7x2hlm2teJhjGeBI/9EM9Hlsyl6Ci
Zbga+Mm66nvrVu4eNg+yuzd5qYVf2grZvin3U3UxsNHHLd5OHJGBOAym4NLKm0G3hF/f17J9ji5u
8Tv8JC9QJ7LCnbm1vQUOBs5bciblIO9rm6ZuE7+zDHSvZVerDPzdouXYZ7VNlXZjyz5K2ruwQbyY
KLGozd9eXSxQ45SLRpggpf7NvDVfwG/ITU9ksB7lZpadel/XJey8ElymTxP2VB5s0Tbr4L7P9sx6
p97jBKnryd+e1NTiP9td8wzlM2C8LV+MaVMLh2xHfZ/jtWUjZ37GXY5F8Kl1ArKChb+50AsYudCz
pR+tJ8dRq71HfaI/F78MFEuLoWs67XDEDuU1YAk9TfWcle8Xo+dTdqQDHeedO2lbdSU+1rHNFcdy
zUMZNBMHFsRm0iHre8rUOganlo4kHFl1u3AS47TNQIjw0rFNveAJPN8jg7336i5R7Daf9V0zEJPt
qu012lS3C8d/pnS+9dXH83oRQcLYdN/iPWR4BgP4PBb8k/2HPtHJKG7QDlrCdz7jynGUBq5wTuog
Nw9l+DxJOvfRrZlqWoDLYx7zmPWpKMCy3y2XDmrr6rsSQM3da/BlX16eg3Pm5z6DK+RhkQTfUk04
0AjHM2kuLWzflCuyo+6XxCvvlRsGe/Md8ztSvTiQPO4Ipq66jxNG3lvXlLZk3povEnbe57d/W7gT
1CdQkDxO+SyX9U69J/ia/N2ijwt3WrrEoLoB62ybO1zn8ODUdph/ztifS/eWTVnzMsEwxpMJ/VCP
x5bMZY6aycBP0re+t27l7mHzIPOL5KUWfmkrZPum3E/VxcBGH7d4O3FEBrIoc9uUQbeEX9/Xsn2O
Lm7xO/wkL1AnsoL5NKm2t8DBwHlLzqQczIBl3Zb8nWWgey27Mq/38Pc2qbap0m5s2UdJexc2iMup
p566w6I2f3t1sUCNJ3M38/SdZESZmi/gN+SmJzIIQ7lZ1zPld12XsPNKcJk+zTSVB1u0zTq477M9
s96p9/X8sK7Tk5pa/Ge7a54BRgaMt+WLMW1q4VC3JX/neG3ZyJmXcZdjEXxqnYCswAeVC72AgR1t
aulH68lxZP4T4XpsAuetIJOd07qy6wElzN+YsgTgDD5S5owzzlgLuxZ8HIsYrdaBgnJnYyt/Hai0
3LZXJmrpXLZunER9znMMunphAOWAw7fACXaLFwo1v1tJPmjF7hJXyVonVwaRZb0SZPAbz5kXGqdj
K48o7gsOENDAeBF2Xv8ve+cBZk9Nvf/QpAoIKF9EBQQRFQVEUbGBfxFB7CiiUkTEgoViBRVRQFAp
ighYsGFD7B0RxIYNsYtYsGAvqGAv+88n+t7f2Wxmbmbu3d27d0+eZ3fmzqS+OTnJKcnwLRYd6W3L
QYGsXcA2fg1dkI+lJZu+5r5kpEOhbJkaOIC5VezJSEpbEc5te3SPkwJeQVbBTX9JwZ87DpCu1Me0
Q1gwWZfoaf/9959F72p7yQCOQZvFq3bEU25JEY+xk51w7GTlCl1K2CgpMsGIcaT22+uuu+6aFDHk
qbr1xULpu14RZnK6BUuER+soIRqm72wbuJdRw2LHc/KRQwD1gi5KPAolJDsHlK/K6toWxRddKL+m
K+XoWGQcYWw86s5EWzJYWacPldn3Cv45r4Kej4ken9qFTt6lNsmobscgbaDuNm1XGuzbFtJ1Hfuj
4M5CuuQ0AA+Bh1keY9uEZywY2f7mvolfkBas8zTwaHa7W6Ws5sxSf+Xl8XucNMh8jtGfujJO4ccI
QNSPuo/DcA4WXeZi4qsOpfbrGfVDSWH7qc99rTEMI11OH13nYurH7ip76o3aw5UxzHu1g/7Rzmbe
2/mlhJGlDfIAd+YMWwb81M5nlneSJ/MqxlP4DJ7LloYpHwcU1a/v1a6BqBvCmfIq9Ud+bDse8Pkc
RD7UFW962q388qvdMdC2a97Wo7TGaFpv5eXV/LZl2b6y9zjZQQ95fl1o0OJewo/yLD3kZfX9zXzC
N+xse7jHUZc1kRwCSjQN/dPuEkb5OnwUuqhpW6kOeZvsb8szavh7Lp+V1tU2f/g0jp227hgSbRx7
z9xHX9j49n4pCPt96lgyMllc8nucHBRq0mKAk/GRdPCrPE/7G8UicrgChgTtbLTxdJ8bKpVu1CtK
UKtcVnmMK9ZlpYCSMHcMIB35MJbtbi8U1Pa7lcQDK3aXIMOoPF355EIeoM8DDzxwTlwwtoot5CC1
pck4gEGDHSWlwGcPdKS36sMVBTKybB5q6IL0lpbyPIb9LhnpUCjbU1nAAcytYk9GUtpa4rvUCycF
TkOyBmZrgLdrVOFR6mPaICyQQ9QHSsMVPmjpXe0uGcAxaDNPaUc86dHj2HqSHmMn/J71CFfkMv6I
X1JkghHjyNZL97vttluSXclToS8WSt/1ylo2p1uw5MQl6yghGtapW2oDVxk1LHY8Jx85BFAv6KLE
o5BF+OSU8lRZXdui+KIL5dd0pRwdi5zPX9Qdua1ksLJOHyqz7xX8c14FPbMGRg5SKLVJRnU7BoW7
TduVBlVmn2vXsT8K7qzPSk4D8BB4WD521R5OmOzCL0gH1nkaeDS73a2TlubMUn+V6HCcNMh8jmxB
XRmn8GM5kVF35rRxhC5zMeWpDqX26xn1Yx0+aqg1hmGky+mj61xMXdl1ivFL7bBXxjDvFegf7Wwm
np1fShhZ2iAPcGfOsGXAT+18ZnmnDJcYT+EznGRoaZjykVlHDXYNRN3QWymU+iM/th39Tz4HkQ91
Zact82tToGzh0bZr3tajtMZoWm81ldv23JaluuVXnOyghzx0oUGLewk/yrT0kJfV9zfzCSfT5m3C
UZc1kRwCSjQN/dPuEkb5OnwUuqhpW6kOeZvsb8szavh7Lp+V1tU2f+YR7BA22NN+bVzumfvoi6UW
VqLCsQFDwzXXXDM0znKKEBXBIRpMQjTEhFVXXTVEpUqIC9iw0korhY033jhssMEGEwNHnFxDXKCF
tdZaK0QlRarb6quvPrR+tCcKRGHllVdObYzK1dS+oQl7RqBuUTGQylt77bVTmT2zak0GLUcvztQW
MJmkvmqteMtLsIvfGQvrrLNOiIJrWHfddcMaa6xRTBEFgwBN3OAGNwhxgkg0ESeIsMoqq4S2Po6T
XFixYkXCjTwoJ3obprIotylQBuOFQDzq1jdEhU+IC4QQDechKlZSnfO8cnqPQlwqN4/H775YlPKq
fQaOsF36Z75pD5qIE1Pqb3Booonauk9DPPU59D4KLbZh0YUG2/Kpeddl7Nfk1xZH43611VZL0eAh
wwJYxN2+iQahxfXWW28o7qSJRqE0buEx8z1OhrWh5j1jjfUAIR6HF9Zff/2aZFVxFnourqrUGCL1
mYtZI7DeUoA25ouvUT/ob80112ycQ6hHVC6kOYl1FnOU+AppWRPCayYpMB5Z1zEeWQuqvm11jMqV
EBUpIToBhOiA1boWZL5nDQdu8CfwicJm+l3DM9rqMe53fWhw3HUYlp/WaawbwHS+6L0PXQyr+2K8
h0dEhXCITg5hk002SfIPsozmn0033XSs1Zo0mh5r4xYwM+gP/hkdnJP8x2/WHPBQ+nHDDTdcwNq0
F6U1iuRq6lYrV8NzmBPQHUTlaisvba/F8LfwX2Q1+D3yF2XOR4hGjYEOBN4/SX3Vt71gR19Jrmbt
2sR7oVOtVeHXzHmSq9v6OBpbEm1D4+RBGvKhrGFyNeODQDzi9w3R2S/svPPOIRrOQ3TaL65Xcnpn
zdBUv75Y9K0/6cBRcvV80x40IbkaHJpoYpT2LLW06nP42ii02NbuLjTYlk/Nuy5jvya/tjga95Kr
a+RdsEDe4Mof8uYw3IkXNzWlcQuPme9x0tbm2neMtW222SZFv+KKK5LesjbtsHjI1Qs5Fw+rz7je
95mLWTNLT0s9oI354mvUD/pj7dQ0h1AH5lDmJWg2fj95IKeSdhLlasajlauHjUfaGB30wjHHHBOi
E0CIpz20rgWZ78FLcjV2DMnVNTyD8hYq9KHBhaqbytE6jXUDtDhf9N6HLlTHSbrCI6JDYohODgEZ
Gh2t1kLIwNHBZZKqO291ccP5vEHrGTsCjsCoCMCopYyKnvchevuHeJJDiDtWQ/Rkal1kjFq2p3cE
HAFHoAkBy5tQfJx00kkhHlUVNt988xB38yThpimtP58uBBBe407qpMjCoRIhbJoCiguEJZyv4vdD
E41PU/u8LY7AKAi44XwU9DytI+AILCQCdu0adwGGvfbaK8QTCEPc4R7id8tdrl7IzvCyHAFHYICA
5U3I1RgV467dEHeehrgj1+XqAVLTf4NcHU+TSobzuLt26uRqNlHFU+qSXB1P5Uo0Pv296i10BJY2
Am44X9r957V3BKYSATzA4jEeIR5hXmxfPGY1bL/99sV3/tARcAQcgflE4Nxzzw3xiLFiEezGjd+h
K77zh9OHQDxSMsQj00P8jE1qXDwaPO0gw1t+3333HZxCsNRaHj9DEOJx1mnneDx+K52iQBviZ3XC
M57xjLDZZpsttSZ5fR2BeUHADefzAqtn6gg4AmNEALk6fu4gxGPFi7nGY1bDjjvuWHznDx0BR8AR
mE8EkKHYeVsK7MY9+OCDS6/82RQi8P3vfz+ccsopaTMCzYtHgycjM3L1AQccEOLnIZZkq+NneUL8
ZEySqzldiU0WhAMPPDDET4WELbbYYkm2yyvtCCwXBNxwvlx62tvpCCwhBDgGLX6jPXzqU5+aVev4
zdRw8sknh/iNl1nP/Ycj4Ag4AguFwFlnnRWOOuqoWcWxGxejOYZTD8sHgfi9wbRTq9Tio48+Ohx5
5JGlVxP9DAU7Rv8LLrigWM+PfvSjYaeddiq+84eOwHJDwA3ny63Hvb2OwNJDALk6fmM24HhuA/I0
a9r4jUr72O8dAUfAEVgwBJCfDzvssFnlIVe/9rWvTYbTWS/8x1Qj8La3vS05aZcaedxxxwVk66UW
kKv5HEr8vnSx6hjROZregyPgCEwuAm44n9y+8Zo5AssaAb4/wnfLuBL45s5S+CbTsu40b7wjsEwQ
4JgtvpFG4LtTfIOV7255WF4I8L01vOP5tpkNfE+Qbz6h+FmKge/d8U21/PvsKN83j58jmK/vgS1F
rLzOyxsBN5wv7/731jsCSwUB5Omrr756IFdvtNFGgT8PjoAj4AgsNgLo/DiinYDsxFHWLlcvdq8s
fPnI1VdeeeUcuZrnnHa2VOVqZGq+Db3qqqvOAhV9wZZbbuly9SxU/IcjMHkIuOF88vrEa+QIOAKO
gCPgCDgCjoAj4Ag4Ao6AIzDBCLjhfII7x6vmCDgCjoAj4Ag4Ao6AI+AIOAKOgCPgCPREwA3nPYHz
ZI6AI+AIOAKOgCPgCDgCjoAj4Ag4AssTATecL89+91Y7Ao6AI+AIOAKOgCPgCDgCjoAj4AhMNwJu
OJ/u/vXWOQKOgCPgCDgCjoAj4Ag4Ao6AI+AIjBkBN5yPGVDPzhFwBBwBR8ARcAQcAUfAEXAEHAFH
wBGYAATccD4BneBVcAQcAUfAEXAEHAFHwBFwBBwBR8ARWDoIuOF86fSV19QRcAQcAUfAEXAEHAFH
wBFwBBwBR8ARqEXADee1SHk8R8ARcAQcAUfAEXAEHAFHwBFwBBwBRyAi4IZzJwNHwBFwBBwBR8AR
cAQcAUfAEXAEHAFHYPoQcMP5EuzTH//4x+GSSy4Jt7jFLcJd7nKXJdgCr7Ij4Ag4Ao6AI+AILGcE
ZmZmwoc+9KFw3XXXhd13390NUMuZGLztjQh84QtfCFdeeWW4853vnNb9jRH9xaIg4IbzRYF9rIVe
ddVV4cILLwzbbLNNuPvd7z7WvD0zR8ARcAQcAUfAEXAE5hsB5Or3vve94dprrw177bVX2GCDDea7
SM/fEVhyCHz2s58N3/nOd9J6/5a3vOWSq79XeHEQcMP54uA+UqnPfvazw6tf/epkNH//+98fVlll
lZHy88TjQQDF5tOe9rSwySabhL/97W/h7LPPDte//vXHk7nn4gg4Ap0Q+Ne//hWe/vSnhz/+8Y/h
l7/8ZTj66KPD3e52t055LFZk6vuEJzwhGRL/+te/hlvf+tbhec97XlhppZVaq3TOOeeED3/4w2Hd
ddcNV199dTj99NODLwhbIRu8vOKKK8L73ve+cNlll6VnK6+8cthxxx3DoYceGtZaa61BPL8ZHwI/
/OEPwx3ucIeU4cc+9rFwxzvecXyZd8wJZcPJJ58cvvzlL4ff//734UlPelJ40IMe1DGXpRW9L59Z
Wq2crNp+7nOfCx/5yEcSnbE+XHvttcNuu+0W9t133yJ/Zy256667hu9+97vhRS96UeJHk9Wi/6vN
cp1/3HD+fzSwVO+e+tSnpvUSRvOLL77Y5eoJ6UjWZQcffHDYdNNNA2vht7zlLS5XT0jfeDWWHwLI
1ayN//CHP4Sf//zn4bjjjgu77LLLkgDiF7/4RXj0ox8dNtxww/CXv/wl3Pa2tw0nnHBCcd1lG3Tm
mWcm2XC99dYLP/nJTwLrnFvd6lY2it83IPDtb387nHfeeeGLX/xiioFcfac73SkceeSRLlc3YDbq
4+9///sDB9tLL700OdyOmmff9MjVxx9/fPj85z8ffve734XDDz88PPzhD++b3ZJI15fPLInGTWgl
P/WpTwXsYdAZ+s911lkn7LnnnuGAAw4o8nfkavR78KeXvexliR9NaNOCzz+T1TNTYzj/2c9+Fr76
1a+GVVddNQ0SdmYweGzgPYpCjA+8W6q7tU877bTwwhe+MNz3vvcNb37zm5ekgP+1r30tMLnkhqB/
/OMfyfB8m9vcJqy55pq2+0a+/9Of/pQmcAxJj3nMY+aUPWoBH//4x8M+++yTsrnhDW8Y2CW0/vrr
j5rtkk//97//Pe0qxAPypz/9adh8883TQu7f//53GrPPfe5zw81udrNFa+d808WiNWwBC/7tb38b
zj///HDRRRclo9PNb37zJEzjTPLPf/4zGX3XWGONBaxRCH/+85+TJ+GPfvSjVO5LXvKSpIBb0Er0
LEy7C5W8ltcfdNBBydNY6T7xiU+EHXbYQT/92oAAihCcLErhox/9aNhpp51Kr6bq2WLwwV/96lcD
BdRi0yp86l73ulf41re+lfp1KfGLvoTYl8/0LW85p0OBtN9++yXHphwHDOjIJyUDLIrqhzzkIeEz
n/lMmHSanI/5B76EMgT8FMBk2223DZtttpkeDa7EYx1CnGGBOHe9610H63QrRzalxYmKNCiAFUr9
pndL+YrzHY5EkqsxKudyNY5mGFCQ5TAsLNXd2ieeeGJ4znOeE+5///uH97znPUtSrv7KV74SoOGS
XI3h+Xa3u928yNU4peLcibNnXvao9I8j6P3ud7+UzY1udKOAIX1ax1sXrJCroVOMUpxCuOWWWybH
YHgaYxJjBbL2YgX49nzSxWK1ayHL/c1vfhPe+ta3BpxKkbE5ZRInO3bJoSt78YtfHBZDroaP4PRK
eOUrXznRzny2v+Ad1uBdy+vR6zHOFL70pS8NHH71zK9zEcDgg5NFKbDbc+eddy69mqpni8EHsXOw
gYuw2LSKXI1z/Ne//vVUn6XEL1KFe/zry2d6FLXskyDvPfjBD06OTTkYyNXof0snLrBOYi795Cc/
OfFz2HzMP/ClT3/603Pk6u222y5sscUWOZQp3gUXXJD0+XNeZg/A9p73vOdgnW7lyCzq4CcbCEhj
5erBywm7mRrD+Rvf+MbkySR8n/GMZyQhWL8R7FG0KDCgMN4uRcMmR5vSXnahzIegKozm6wqje9jD
HpaUW01l0D9veMMbUhub4nR9LiVxrRGqa/7EZ1cQDhluOP8vej/4wQ+S1xcCYFNYbIPJQtBFU9un
4TmT6SMe8YjGpizmWGBxcOqpp4aXv/zlE290yAG85pprkrEEj0l2vr72ta8duqjAWYCdAPQHBsDF
Hlt5mybxN5jd+973Tryb3QiHHHJIUpqjGEI5xRHiy2HH+WLwQcYnjlMoBVEClgxhC0kzKKOPOeaY
dKLPpBspx4VLHz4zrrKXUz4aX7SZXVrwFU5DYQcT612cNkpGJ9bLZ5xxRsCjnvU+8SY1zMf8g+Hg
yU9+8pwm4wCL4I9R1waMSF2cxexJF+xmfcpTnmKzK96zrrXGO3tfTLBEH3Ky2eMf//hB7Tn1Bqdt
BYy0N7nJTfQz0TH4L0U8cOylvfe5z33SyWGlsTho6ATewCf22GOPZGRrqh585l3veldSGDbF6fpc
SuJaI1TX/ImPoRDDvBvO/4ve9773vWQk//Wvf90I52IbTBaCLhobPwUv0PNxzHJTWMyxwLqF9fpJ
J5008UaHHD9Ok8JY8tCHPjTtfH3b295WJVezTsaBBwPgYo+tvE2T+Ju1IA7n7OjEoZITXTgdld3Q
yFnMF8tBrl4MPohczc5u9K7ovkqGsIWkGfobmwwnIC4HwznY9uEzC9kn01KWxhft4cRA+Ao6UD69
hCMv6/nSWp71MvFxsj7ssMNSvEnFBF467vkH+xobSPPAOhvbaC5Xgycb4mqDPeni9a9/fZoDhqXl
RIqSk8OwdAv9fmoM5yheOaZBu8bwtMWjTbuW2Q2JQlyBI1mXqme82rCUr+wgYbc8i1aMQhjSmVzZ
3fCqV71q0DQUhhxhOY6AsoujYGuNUH3K5PgPvJgQaJf7jnMmJjzBUPje+MY3Dm9605vC1ltvnSYA
GCknJxAW27i3EHTRh5aWQhoWKBy7xQIdoyNKZ/qakwXYbcCRl4tpOAdDjsV91KMeteQM59Qdo8r2
22+fThc599xzhwr4pCHocx6LPbb+W5vJ/q/jwlkzMC9d73rXm+wKz1PtnA/+F9ilzC/6kkZfPtO3
vOWYDpkDQfWJT3xi2g04zRiMc/5hjfHBD34webzjBKcTZMAPwzmnU9mAtztjGEcFdl0SOIpvtdVW
G3jXw+PZwY9R3s6R8ECO0mftSnzkE+KxY4bjolnfY7BAGWM945eiodhi1nTPug7ZWbvGUJx885vf
HMjV4MfaSgElFA7dHhYHAWgVB0sc6zkOlb6BZpFFTznllEGlUJrhkDmOgBEXuY7yaoxQfcqkDcgZ
7KRDUTqt460GG3gTjp6MNZxW3v3ud6ddtCgdzzrrrMDJCYTFNu4tBF3U4LUU46Ak32abbZIeCaPj
M5/5zNTXzH0YxDjdcDEN52CKvvWBD3zgkjSEgSPGRIwsOEzZubyNXvQ5j8UeW211nJR3Oi6cNQOO
T8tVrnY++F+KXMr8ou+Y6stn+pa3HNMhn2A/wviNfDjNYZzzD2sMTiz6z3/+k5zgdIIM+GE451QZ
G5CrGcPwcja7ELDVWbl69dVXTzp/5As7R8IDL7nkkiRXMw/w/pPReY2TwfkUJp9gWrFiRXJMq52L
bd0W+n5qDOcAJ+WfQNROAgQNlFU6agcDD15Y1gsFD0p2TqI4/8Y3vpGOI8A7DsHzkY98ZIAgFDgG
C28KOhjBBa9QfkNsEADfz+FbultttZWSJKMwSgaOLcF7hHwhWIyKGFmpI0cIcQSgjP2DxPEGoegd
73hHIlKeY2TGm690hCx5MSA4Cp2AgwBlcmwOBi3qx2Kc7z80BXYSIJiBC4TODg6OAnvnO9+ZknDM
9t57750W7015DHsuBTV9wRGWCjhBsCMHQyse8jhA2F0NDGAGIQMPhQCYEtiJg3JLR9QoP13xFN1l
l13SjnCETftteGjB/laaLnRBGhnOYUrUGxyhF+GI4b5pN0zXsigPOoBuP/CBDwSYE23gZAWMbRde
eGHChL7Og5SL0BR1JEAX7FR9wAMeMJZFrsYjhlNoiaMCFaBRHVuqnX08e/vb35489bTIpm+pE15I
7OZHYNRY5F1OgzBr2gTmBIQj6B+vV+KjQM09qfrQBXmzs4b6cpSzAhMBCimEXgWUvsSlTfQxyh+O
hsaB41nPelaiZRRO8A+8uB/3uMdVC3IqY7GuGsMotaBBi601qks5Dd3RVvgkPIkjaDC0EyxO9BVO
F6WxDB2QBzyAQB+jSNpoo43SbhuOtYWPKshgAZ3hTYdySXyQHXykHWe4/PLLE00wj4gH8y01HLfs
qSd5mcwhpGVe4DhUeDvH8N3+9rdvNJxDS2ALv4GHIaRy3M1LX/rSNMcJd8rim244KxGPP/oCWmNX
NcoDFkUcnQ3mOKBRrg04NUHvGlvwGngFjk2M8VLoMx6Z66AlxhX1oRzGMPyDHWF4LUNvowb4HmUh
3Bx44IGpDZrfyJvymOdQUOUBpQA7t8CXU2voM/oL2rPzPukY++weYYEJXbNAJB59B54cRcpzeDYK
MtYDGITgc3iOM1boN3Zj841jxpW+xQ1NHXXUUXOOz+1Dg335YI5NzW/mLOYry+eZp9qOnew719XU
x8YRv0AogL5ZZ0ArlA+vYg3R5BXbB3eMdQh/0BJ0wDx8j3vcI90zhyNkbLzxxraK6b52/skT9uEz
eR41vxlbYEkb4DHQLQZIaD9ft9IWxjw0z5qP8Q4mjBsw4UhHBOMmPlNTnzwOZTJ/cbwxtEggf3gi
cwI8chwBQw98BByOPfbYZHR9wQtekDChvXjF85ev+1mzsG7Seue6665L652b3vSmc6rF2on5kzUX
YwrMoBnWGOCO7AMfpU3QMXha/t53Pdhl/plT6Y4PoCcd7ckaGh4Cv8RIXwpaf0JvGBPzoLWLnSPz
OHIAwJhu13R5vGk25DE/2h1L8A/WudDc/vvvH3DoIzz2sY8Nr3nNa2aNG2iPMYxBl08RwAegQ3g9
TiSibdLzDVTkYeRq5jrWf8yDrDeYA1nfYZTHSKsALeOEC70zPsiXuZg+hTapI2sueHY+vsgDWRM5
U/MQ8hs0JjpTOVzJy8pLyJuUibIOXgLvQM+AMakpcGQhegnWa7QdeZDjlznpgMA4RDdQ4vdNeebP
paCmL5CHFXCCwJmV5/BYHCDsJ7IoGx7FH7IrfUXgZAxOfNA6XfnpypwHL4FnI5/RvwrwG/tbz7vQ
BWlkOGcXF+tq1u/I/uQDjpzyxtxSCl3LIg/oCrpljQf/pg2sz/gmJnwDTOjrPIAh+ENT1JEAXTBO
kFVFZ3m6Lr81HlmXsia38wE0qmNLtbOPZ9QHWtd4o2+RU1lroAilrVp78S6nQfRi5AHmBNa4jEXp
ylgrWdmPOH3ognTsbMLxg/WAAvo01rrWSQodF8pe2kQfc6okOi4cOJhfoWPWTszv6Jig4aWglKXN
GsPIsaw/LbbwDhnVpZyG7mgrfBKeBL1J32Jxom/Rp5TGMnRAHuBGoI85wQL6ZW1BOmRLBRksoDPk
WzZCiA8+7WlPS2kVdxxXaB1cmEeks2IdgLM+x8s2BeYQcGJeYJ0FptA6+swmwzlyO/Inaw54GDya
NSGnrbDLXrhTJnI16wvi8UdfQGtgzboLnMiP/uDEFni+DYwp6F1jC14DrzgwyqQl2ZO0fcYj4x9+
xriiPpTDHAb/eMUrXpF0UlZvYuvY5Z45jrmGsSn9nNWRUR7r4dIch7MjenLmSNZU9BlzMbRn533q
A5+AtuGpYA1NE4+2gSeyB8+ZFzhFjPUA62n6Hj2c+g2dCXpBxpW+xQ1NIWtDLzb0ocG+fNCWW3sP
H2e+Ep9nXcQ8Jd5eyqfvXFfKq+2Z+AV9A12wVmCOZG5Hv8+GM+ajUuiDOzId6ypoCTqAj0HvYMIc
Tn3QxeShdv7J0/XhM3keNb8Zx+ipaAPtYk3Eehzaz9ettIUxT/+jU2TOZnyh7yMtegY+T9TEZ2rq
k8ehTPg063lokcBYhycyn8AjxxGQj+G14ICcxmkg6HihZ9qLXo6/fN3PmgWa0Ji49tprk42vdNoh
ayd4DG1iTIEZ+lHWGPALZB/4KG2CjpkfLX/vux7sMv+MiiX0pHUVdYeHPP/5z0+6ilLeWn9Cb+jh
86C1i50j8zhyAOBUVHTySy5EwqgKcXDOTPpfFLD5CN7gL05+qc5xoTV4xvt4VPdMJJZBe+KCeyYS
zqw4Np+opJ+JCvxB/KiMaoxr00WlzkxcQKR0caFTlSYy95moZBiUJczjAJ2TPjKJOfGIHyejOXFt
vXQfF4DF9FEIqkofF0PF9KrzsGtUeKRySu0A7yiMp/dxEM8qJx4d2Fi/qBCYiYxxED8aIWbi7pDG
+MIiLrpm4kJvkI66d6WLmjSUR32isnzkssAI2lQbSldoXTSo/gCfeMxlYzpoMC72ZtVPabtcRfOb
b775TBR05uQXFXAz0elkJjLY9K6JbkVn0WA2p856R72iUDLnvcWEdqmPR6ELyoqGydayouPHTBS6
Eg3RfluPYfdReJ2DVRfcFzJudABIbYvOSMU6R4PfTFSQzkQl9qCP6QdhEBUa6TljzT7nfVzczMkT
XqG0Tdecn4jPNMVXHcaBW1yot9YvLljntCkuAFvnH+rNnGPnLOoalUStZZEuKpAH5THeLAbgHYXo
Ii+IisgB34iLuJmoiJmV1ubDfRRCBuUIxy7jUWngTXne+e+meUt51FwZmzXzQlQ0z2oX6XiW18n+
Zr6yfRUVS7Pi05fgZdPoHr4RDT3Fd4qTX+kb2+YuNDgqH7Tl1t4zb+Xzj+XNpXz6znWlvIY9G8Yv
wD8qkWdhTp5dcFcdogPf0L4u8cHa+UflcO3LZ2wetffRIaS1XdG4NBMFsAGGpbk9p3NoJCrWBmlq
61KKl8sEeVnRo3os5bCmyee1vCx+23WM6hsNBXMwjErtYr1KayfWwjyPiqo5+Vi+1nc92HX+Ubv6
XqNyN7WD+VpzWRvfYF0JtnbuZL5jPcacFg2I6X1pfKmO6gM7j+qdvVYJ0Us0UnQSm0U/8cjN1JKo
TJr1PBohZqJCfNDKaMSZibsWZsWxtB+V9DNRETWIH5VRjXFtOubXqJBK6aKxpypNVAzORMewQVm6
YT1m8+ae+boUokFqTtw8Lb/hZaVQGoel9NFoXUpe/SwqVVM9S+0A76gcS++jk+6sPKMyq7F98BLW
8ApR+TwTFZWN8dWuqBBP/ErpuHali5o0lEd9WJ/Z0KcsMII21YbSFVoXDao8eG1UAjamgwaRP0cN
ovlo8JmJxp852THPR+N5mit52US3ojPJcLadekf6E044obFNpKFd8ELCKHRB+njCYGtZ0WF0JhrT
Eg3RflvnYfesuZdKiAbX1LbojFSsclTmz0Sn75mo9E/v6WP6QRgwtxGgf/uc98ydechlFOVjrzk/
EZ+xcey96pCX1ed3NIIO2mbL0D3zcx7QKbTNP6RlzrFzFnmwtle+TVfWFgqMNxsPvKOzQ5EXROei
Ad+IhpaZ6KQ5K63Nh3vWJnnoMh6VtrQ+zMtqmreUR82VsVkzLyDn2kA6nuV1sr+Zr2xf5XIafQle
No3u42krM9HQU3ynOPmVvrGhCw2OygdtubX3zFv5/GN5cymfvnNdKa9hz4bxC/BHHs5DF9yVNhrl
h/Z1iQ/Wzj8qh2tfPmPzqL2PDkyt7Yo7r2eiE9kgu9LcntM5NIIeaBwhlwnysqJjyjiKSWuafF7L
y+K3XceoYOyCedxo5NfrWdfS2om1MM+jQ8KcfCxf67se7Dr/zKpwjx+ve93rUjuYrzWXtfENdDDg
Z+dO5jvWY8xp0TEjvS+NL1VPfWDnUb1bCle8qKuCVRJM6r2UkNErcCZ6B85gDIWpxV1qMxA7ykYU
LU2Gc+IwOWM0hAFEL8LBwLDKFYQflAd28JEvC4+4m3GWUjju3BsouqI3/aw0pGdyRqDGyK78qEdu
uETRg9InetfMRG/aFDc3ENl+gREcccQRgzwxQqOci16NA8U8+EQP0UH9SB896melYSJBUWWNf8oL
ZbYts+u9Fj5N7aDfwCQ3/kZv1vQcQT/uBEl9Rf9IQQnzUl2YEIYZlymjzXBeSxeUCb1ZJwzSIuyx
aBCzoLzozTvLGUPpupSFElV1l7MFdGKNMjl2Kod0lMXECq2jxBbD412TsVu41lytEQwFZPT8Tvi0
pbX0ST1oi4xQ1NEKeChuZZBnTKr/oxdUwpa+hz7UH7y3hvO+dIExmLrxh8GYOoNr3DE+I0Ur72QA
ZyzbsQjO1shCvVjowbdIh+FMbW7DahLeScCn3vDX6OWZFmFtdaNPoodgaqsd+zyPu28H73JltfgB
ZYEZZTPx0h/qe97ZPKmH+AzvovdxMiZTFnMEz0p8sK3+be/EPzEMwa+hN3ixysrHI4sra0RkXoFX
5EKkVf5Tvl0QU39+g0PcmZHaRLv4sxgyHuAZjCnLz4mHAwvzp4RyeBVKSMqyfIt6sbii3uStsUUe
9IWw6ToelS56fqd6g1/0Rkx1YNwj+KpNef8qbdcrmOGEFT2yB3lHj+QZ5ux4HOJM3L2W+tDmq/pR
F+rI2EehnPMtW0fmWObes88+e1CO2sJchmAovsFaAOxsXDCPuytn9RnxxEPof2uE7EKDo8yPFpeu
99AK7WY9w9jlT7y5lFefua6UT80zyy/op7jrPPEa1nZ23DBObX5dcCcd4yue+pNoAmMQdIKTG3Rv
HVXsGCZd1/mHNH35jG1f7b1VWkCb0D5to11au4Kr5YXQL/zH4gvdM3cyj2q8jMvJSYZz6A4+gDEi
nmQymKd5zlxW2+ameIyveCLETNwtP3PAAQcM2oEzGTwmHoE9g3KctVKeB+UzRljbysknpwWbhjmN
coSVHGpYS4hP0y7oVA4IfdeDfeYfW9eu98gacqRlPqVNWr9pnZXnCY8BC7AD37j7Ia0NwAB6o89x
8GjjO+LLbbhT7jQHjWfWd3HHyAzGUAwyzD/IEMiIKFqaDOfEYdyCc9ylMcP6XDRqlSvgmDvbka/W
NlYpjGOLgsay8uQad7ckxRZ8Vc+pB3WwAUUPSh/kJxzyiJsbiGx8eATjWXlihEY5B21JMQ8+8aQY
m2wm7uKYlQaaRVFljX/KC2X2KEEK6qZ2aN2QG3/j6Vepjugi4m701FfwFCkoWYMpYBgYZlwGozbD
eS1dUGZuACct8h9zi9XFxF2Js5wxlK5LWfAX1V3OFtCJNcrk2Kkc0lEWsgm0jhI77sAZ9H2TsVu4
1lyZy0V/rM1xwqf8tmDpk7S0RUaouPtyloyE4lYGecak+h95Btqk75nLZZTkvXjgKHSBMVjtYu1N
nWkXvNrKIDKAM5btWARna2ShXqzL5WTI+FSb27CahHfIwcIC/sq6EGzbAmM2nmiT0tmxT1/F3ZCD
d8yLNogfUB6YUTbrA/pDfc87myfpxWd4F3c8JvmPOjBH8KzEB225Xe7FPzEMwa+hN3ixysrHI4YN
O18wr8ArrBxJHa3yn/pYfQb15zc4xBNLBv1BOosh/QLPYExZfk48HFiYP+Nu/JQeXoWRmGD5FjpC
1mLUm7w1tsiDvlDoOh6VTpuhwA+dGXWANyHTUAZ/ef8qbdcr60t0s6xvlXc8oWOGOTvubk3yNn1o
g+pHfOrI2McpJOdbto7Mscy9pU1lzGVxd/mAb2DkAjsbF8zZ3GP7jHjiIfQ/vFGhCw2OwgdVXp8r
tEK7Wc8wdvkTby7l12euK+VT88zyC/r5oQ99aOI1yLO2D9AJ2NAFd9JB2+hmKAN7DnSCkxt0bx1V
7BgmXdf5hzR9+QxpuwbmMo0naBPap220S2tX3lteCP3Cfyy+8EDmTmsnGJeTE7YE6gDdwTuxRyC7
aZ7mOXPZqIHxFU+ESLpiyWiUizMZPAZ9O7I1a6U8UD5jBNlDTj45Ldg0zJ/SV1OGHGpYS4hP0y7o
FHmf0Hc92Gf+sXXtes96To60zKe0Set6rbPyPOEx4AB26D7jSR5p7gAD6I0+x8Gjje9oPdeGe17u
JP2eKsO5FJ4sNLUbAkJkcYSSRYZrFHZNhimIgIU6f3S8hEmrCOe5FdYxnkEsPOcv35WGwVDvZPSF
8Fig6jlXBjJKHd7BDOw7e6+y8zrZONxrQYyxSDs+eQ7TVDkIxkpnlVMsfCxGtA8cqRuGPRlVlLbP
Vf3V1A7tWM6NRioLBkg/waypjxTXViGruFzBl/rzHgZn/8jLxs3va+nCKiJRArPws3lpUUY9mhR+
tWXJkFiiZxSF9DG0aftKNMG7krJWtNVWP9ueYfdWOCBP/lAs0KcsguOxTrPwIb94LE+KR1wmI1uG
dh3lbRat0C6NXaWDrlGe0h92HOh9F7qw/QtvUB72qjFOeTLsC3cUecSlTzDI0EYZYIR9E/3aMibl
Hjyk0Fb/ckVRj+Ie/mv5iOotPEpjX++sspo+lVEF2mHsKi+uKMH1Ps9TfIY5AFpQOgwT0At/LAb0
fNSr2gtto9SCd2IAAhfKgv+qDBmqGRMXX3zx4DnvSaM2WXqnruRDfhhdciys0d1iqDLBQIYU8mBM
6R1X+I9+iyaJx0JKz3W1cwYLSvGaPuORtPGzKKldeR9SnhzjWOSr/HFchQdGvhI/Uhna6QMWzI9q
q97zWwvCEk1ZLOlvjOFKy9WuIRSXnf/qXyl9UGwTX/XOaYp3XWhQdejCB5VmHFf4ZakNNu8+c51N
3+Ve/IJ+Zh1p00IfWgdZ/q44XXC3xuzSOJURya7R+s4/ffiM2tTlSvvlvJOvO5WPVV7Z+V30DO44
hig+VxQgPM/XMzZO33v6FJ7M2gB8ZZAt9UnfMkinMd1n/VyaE5vqYvk/Rko5AMNzGOM2nfJl/NWu
B0edf2z5tfcoWul/5kHxQ41TyyNtfgjlpMn/hvEam4eUMsNoYZKE+nHXRQpP5BXthkB2ZSyiZBFd
o7BrMkzF4xOTol67YeRAYxXh1FuKN/oM4xkGS4V8VxprKwXJ6aTDSGQDjn4odXjH/NwUVHZepzy+
ZDiMRdrxSRzoRuWgbFOwyinmbosR7QNH6oZhT0YVpe1zVX81tUPrmNxopLJQMqMAw/BLfaS4tgpZ
xeWqXSq8R6Fp//Jd2TYd97V0YRWRKIFZo9qAIhQM+WtS+NWWJZ5YomfmbPqYdbftK9EE75hH8iDa
aqtfnqbtt9YGajNX+Dt9Cl+Mn8Gakxx5R/HRhdmgaqudSAAAQABJREFUXUd5m0UrtMsakUgLXaM8
pT/sOFC+XejC9i+8oRQ0xilPhn3hzvqAQJ9gkKGdMsAI+yb6LZW12M/AQwpt9RlXFPXIWfBfy0dU
X+FRGvt6Z5XV9KmMKtAOY9cGZBK9z/MUn2EOgBYU0KVBL/wxV48rqL3QNrIWvJN1G7hQFvxXQYZq
xgQnkdpAGrXJ0jt1JR/yw+iSY4GhVX1hMVTeYCBDCvEYUzbAfxREk8TD4J4HO2fgBCZe02c8kjYe
+57qnvch5coxjg0d4wzCAyNfiR+pLGhMuDI/qq16z2/pEUs0ZbGkv9E92GDXEIrLzn/1r5wH0M0R
VO+cpnjXhQaJT+jCB/+bYjz/4ZelNtjc+8x1Nn2Xe/EL+pp1pA3Qh9ZBlr8rThfcrTG7NE4lC9s1
Wt/5pw+fUZu6XGm/nHfydafysacn2fld9AzuOIbYgEMrz/P1jI3T954+hSezNgBfGWRLfdK3DNJp
TPdZP5fmxKa6WP6PE6EcgOE5jHEblC/jr3Y9OOr8Y8uvvcc2Sf8zD4ofapxaHmnzk+GcdPZvGK+x
eUhPOm5asGXM5/1UGs5hBiiBbKeiTGJBx+6+kiEW4VAKP5tO97kinw7nHUqYktHFGhTwppMyRooY
6qNn9irjL0rZfDe44qnsvE56r6sUS/kuHRadmqSsQohFGe1pUixJQVLCT2V2uap+Te3Q0fvWaET+
eMnB6NU3+bWpfsKt6X2p7l3pwiq2c8OI8pcASB9I0c67rmXhcaa2x288JSeP+L29tLuDSRSvQ5s/
ZYj+SIenH0pV/bHQZxFJ//O+qV/UjtorSnAZAFVfXSkLA2Gel+qJEluKUgQe1c3SLWlRaKgMJjJ2
kVJ/FjYIBBglZcTOy+pCF4pL/THy5RjSVtXdjiPRuh2LiieDqfLO6T2v76T9xvBw4oknDmhRfasr
TguMC1tv4VGiMb2zfSxDLH3LLhCbl+5RlFAmNKxnXJWfxZ7njA3t+LRl2bRd71FOHXPMMY1YWJqA
D7cZiilbxmJLEzJwkhfl5XVk7mkz/lgexZjP09vfwg5cUU6x+0v8giv0rnmTOsoBqe94RLAX3eBY
wg4KxjDOcPBHnGps/cZxT11xJLB9U8pX/JZ4pTmfNPAo8SEUIjYfjW9oWCeE2Pf2XnHtXKW+EB2r
H/N6d6HBYWXa9/N1Dx/M25CXJeyhjdq5Ls+j9rdwtvRs07KrRjSKkUbvuuJuxz/5sR6Aj0LvjC3W
D6zJlD9X0QXxa+cfW06J35Jvic/YcmvvrYOTvI7ztNRHfNeugy09585v4v9NfZKXMew3yjoccDRW
1Z/2Oq45QXVR3/Vpg2iytk7WeE6b4DmWVlUnrUGIk69lmtaDo84/KrvLVc6I7FqCTqAP7Zah7qW2
CW/4BfMK/Y38h4MUfLqmfOEzDPf5FNIXO28pUsAPJZAdIzhzYRxld1/JEIsCTwo/m073uSJfShmU
MCWjizUosPZQkCKG+pQCawfKRCmb7wZXfJWd10nvdbV46BlXFPySS6E9BXgN7WlSLEnxV8JPeXS5
qn5N7dDR+9ZoRP7sOMFgpL7Jr031E25N70t170oXVrGdG0aUv5wxcLiQop13XcuyuiOcgsmXE4Cg
f/gA8ofNnzJEf2DGzjWUqvrjVAt4K/3P+6Z+IZ8uASW4DIB5X1EWPC4PqidKbClK4YOqm6Vb0mKE
UBnMIZxoQv1xZGSHNzoaGbHzsrrQheLSDox8OYa0VXW340i0Tt8oKJ4Mpso7p3fFn9QrhgdtFMj7
l984LTAubBAeJRrTO9vHMsTSt+gbSwFZhfKgYRuUn8We94wN7fi0Zdm0Xe+RK9t0DJYmhhmKKVvG
YksTMnCSF+XlgbmnzfhjeRRjvi0IO3BFnkPvK37BFXrXvEkd5YDUdzxq/Uh5OJYgBzCGcYaDPyK7
jDtQVxwJbN+UyhC/JV5pzicNPEp8iPWnDRrf0LBOCLHv7b3i2rlKfSE6Vj/m9e5Cg8PKtO/n6x4+
mLchL0vYQxe1c12eR+1v4Wzp2aZFj0g9+OP0ToWuuNvxT16sB+Cj0Dtji/UDazIbRBfEr51/bDkl
fkv+JT5jy629tw5Ol1xySTEZ9RHftetgS8+585v4f1OfFAtqeYiTCvp2jVX1p72Oa05QNdR3fdog
mqytkzWe0yZ4jqVV1UlrEOLka5mm9eCo84/K7nKVLYoj9KET6AM5QP1Vapvwhl8wr9DfyH84SMGn
a4LwqcW9Js+FjDO1hnOMIjIeQATs2sGgUFKcaCeXiAVlNUcpsmNGz3KFIx3Ou7bdI1K62LR6xmKl
pLiRcbpNkayybb6lvLRYKsVTPaxCaJhyUjuCrDK/VG7ts7b6kQdHK4GxVTRq54n65R73uEcykuoo
S8XPDcbkJ9zIr/Q+r3cfupDyF+Vck+ODvPxsu/qUhQIaD01hUbrCGG1bpdgpxc2fcRRKjskov1F2
Isxi4BTDpkwMBrTF5q1xwHt9F1qegk30Z3ey5W3hd9MOuC50obil/PNndgyXaD0fg8q7lj4tXpNw
zwKXXUDwEQwxMgqDC0KJrWMJD73XO8ubhE3buFL6/Kr8avlgnr72tzWa0mb6n6PA995778EYtTSB
wVbHtKPYLZWjcWBpQsfkkhbMS+ly2rJxaniU4gu7nLZLv+130UnfZzzCI+y8XSqHhZrqN46r8LB9
U8pXu56b+A9prMNAbswRDbetGVSu4tp+V1+Ijkv17kqDKo9rqUz7fr7uodVh2PeZ6/rWVzjLQSHP
R7hDm+JRfXGHV9L2Ep3zjHd2l7D6qCm+fS5M+/KZvN01v7WGVNmlNPSlTluxTqXCtZRW7bbjoZR3
zTNbPngh/LIG4YQUyhaG6tuaPGvijNIG0WRtnWijHJpoDydklOrYZz046vxTqkfbM+aENgcH2odh
Pc9DeFt+y5xEfzNe8/il323zqI2/kEL7Qpcl5RJrOIwiMh6AO7t2MCiUFCfayaXxhLKaoxTZMaNn
ucJRSpm23SNSuti0esZ6qRRknG5TJKtsm28pL+FRiqd6QHsKw5ST2hFklflK2+faVj/ykxOaVTRq
54n6hU/WYCTVUZY8J35uMCY/4db0njg29KELKX9RzjU5PmiXj21Xn7JQQNsj/oWJveIca7Focziw
6bjncz/jDCg7cYbAwCnnAcqBt9MWGzQOeM9cQtCuuSb6szvZ8rbwu2kHXBe6UNxS/vkzO4ZLtJ6P
QeVdS58Wr0m4x2jKfA4fwRCj3cPggixkQwkPvdc7y5uETdu4Uvr8qvxq+WCevvY386w1xND/rGes
fsHShN1xip61FDQOLE3omFzmMhmq87Q5bdn3NTxK8YVdTtul3/a76KTvMx7hEXbeLpWDI8w4g/Cw
fVPKX/rQJv5DGuswkBtzRMNtawaVq7i239UXouNSvbvSoMrjWirTvp+ve2h1GPZ95rq+9RXOclDI
8xHu0KZ4VF/c4ZW0vUTnPOOd3SWsPmqKb58L0758Jm93zW+tIVV2KQ19qdNWrFOpcC2lVbvteCjl
XfPMlg9eyFmsQTghhbKFofq2Js+aOKO0QTRZWyfaKIcm2oP9pRT6rAdHnX9K9Wh7xulfdl5V/9gr
dpo8CG/Lb5mT6G/Ga01om0dr0i92nKk0nEu5JAWPjvIrKeZ4JuMFx1/lxk4JXlJWQxj8MdAgMLsj
Vu+4stDVws6mlSKGAWvj675G8aiybb5Kb69StpXiqR7CinQMCBSHDAA80Wxe3EvgHofykvza6sd7
GVftEcBS9OFZhdLG1nFY/YRbm+FD+fWlC9FYE4bkLwMMOGL46lsWeWnnDXTKN7L54xu9TQpg4Yej
AUIFu9pKfwhotcpFYZZfMZ6Cg3ZU5+81UTCGcMrI32uXEThBm1KeNjmdMHbZDYhnNDuuwILvnVhD
XGksdKELjU/GPscN8e3dEn48w+ABH6BdJVrPx6Dq0Ta+GJc4H7DzJ8drMX6DM/3SRCsawywwbP1K
eOi9dstZ3iRsSkYVpWu6tpWV90FTHjXPVQ511HfYlI5xyjxj68+41zH3cg5RfF1Fb5YmJGjWzD0W
Q+UpHmXronf5VXMocXFkaqJ1nudzRp/xKOcL6o3hUjzNfoe8pt55O9p+1+Kh72xD702nV1henmMv
GrZ92VSvUlzRl3hYqd6KA0Y1NGjLV5k186NNN+o9Y7CmT7vOdX3rJQxznqX8rCFafaw0XXHH8x0P
X7yS6VfRO0okCTCWXsQPusw/0EkfPqP2drlaBwJ2BDel1TpEtEy8Ej0rvWjTYqF3Xa/KCwxZK+hE
G/Kx63b1bdf8m+Kr3D5tEH3V1ol2iX50RZmS10390GU9OOr8k9dh2G+dwsVaEt5k/+QwW+IfJbwZ
b+xK0rpsWNm164PFFuTns/xcuaR1u47yKynmeIYBAtrD4TU3doo+paxW/aWUsTti9Y4riisZjmxa
KWJ0PLNNw32N4lFl23zzfPgtPErxVA9oTwH+guIQ+i0d26hdX+NQXg6rH+91IpI9AliKPn0DV3Xn
Oqx+wq3N8KH8+tKFaKwJQ/IXXwJHDF99yyIvlIrMy9Ap38jmj9MumhTAwg9HA5w3mKdLf3ynFJ4z
SkA2BwftqM7z4hhvxh1jCKeMPEgmAydoU8rTJqcTxi67AVmjsOMKLFinWENcaSx0oQuNT+qN3oC1
Qwk/nmHwgA8QSmMxH4OqR9v4YlzifFA6cj7HbyF+gzP90kQrcpDQ8dKqUwkPvdPmDMubhE3JqKJ0
Tde2svI+aMqj5rnKoY44+NiAQZh5xtafca9j7lkvlYLozdKEHG9q5h6LofIXj7J10bv8qjmUuOgt
m2id5/mc0Wc8yvmCemO4FE+z3yGvqXfejrbftXjo5CDoven0CsvLc+xFw7Yvm+pViiv6Eg8r1Vtx
wKiGBm35KrNmfrTpRr1nDNb0ade5rm+9hGHOs5SfNUSrj5WmK+7sfEanjM6GfhW94yAtecjSi/hB
l/kHOunDZ9TeLlfmAc3TrEuagtYhomXilehZ6UWbFgu963pVXmDIWkEn2pCPXberb7vm3xRf5fZp
g+irtk60S/Sja378PfVUP3RZD446/zTh0/Rcp3CxloQ32T85zJb4Rwlvxhv6Xq3LmsrU83GuD5Tn
Ql6n2nAOs0HZKsVYSTHHgNEAYOFMGv2hXNGRklbBx3ubrqSQkpJdTER5ShFTUr5T3j777JPq02QU
sWXndVIZukrZVoqnelhFHDhJwYpCCuyUF0ZqfRe3j+JP+dhrW/3sznIdeWsV1ghXNi/u8eQG7ybF
v/pMjhR5evttX8Ulvy50IRojXWmXD20QjiwgqEPfsqQoKBndrLLc9rEELvpX4yLHgd923JTe1zxT
/5Z2lJNe3zLfaqutioYo7bYFS/2xe8juoFc9FJdvIemZvcoIXxoLwr+GLlhgoaSlPiXcVSa0ZI3b
wsKWn49B1aNEv/AGfeeJspnsiK/yFusqxXv+LWDVR+3Ox4KeWzxIQ99qp5ylW/Uvbbe7FFUOV+iJ
CRnlqX3eVBZx8j6w6breC4u8reSjI5tyBb8W8iV+T5/L+crShOikiQblQMR7i6HaIx6V10Xv7ZVv
+ZAPcaF9+87eo1gjXz1Tf3Udj/QHtI1yTHnpqjxr6q00NddaPMSvwKNp17t4MnFyw6H6zfZlU/1K
cXM6LtW7Dw2qDiqzhg8qzTiu9PmwPhWuJZ4LDlq3lOi9ax2FM3SIkiRPL8c3Oyb64E69caZh/ivN
xWoz6y2dLNF3/unDZ/J21/xWm6D/Eh8kD41j4nBUpPIt0bPeiTZrxo7SNF3Vv+AuXBWXIyvloDcO
WlK+XEdpg+pcUyeOggNb/hCO5fzL7/zTHH3Wg2oH+ZXG47D5x2Iy7J45UKcTlMpivSDHSEtLo+Kt
etWuDxZSaF/oskrKJQwWUoyVFHNSrkAj9JENKFd0pKRV8BHHpisppKRkJ19kbAUpYkrKd8rbb7/9
0nhoMorYsvM6qQxdhUcpnurBGFEAJylYUUjpO++8xwFP38Xto/hTGfbaVj+7s1xH3lqFNevUPLDe
Bu8mxb/6TI4UeXr7bV/F7UoXojHSlXb50AbhqO9d9y1LCkx4bR6sstz28UknnZQwon81LvK0/Lbj
pvS+5pn6lzVHSVHJHAZOW2+9ddEQddVVV6X3xNEfu4fsDnrVQ3HZVFIKMsKXxoLwr6ELfc6A+pRw
V9nQkjVuCwtbfj4GVY8S/YKf/V48az7iL3aQ4j3/FrDqpXbnY0HPLR6koW+1U87SrfoX3O0uRZXD
FXpCjuNEAxuayiJO3gc2Xdd7YZG3lXxwRKHuuYJf6/ESv6fP5XxlaUJ00kSDciDivcVQ7RGPyuui
9/Yq/SZx82OjbTyO6ydfBfVX1/FIf0DbrLHzoDxr6p2nbftdi4f4Fbg27XoXTyZObjhUv9m+bKpX
KW5Ox6V696FB1UFl1vBBpRnHlT4f1qfCtcRzwUHrlhK9d62jcIYOOZkyD5J37Zjogzv1xpmG+a80
F6vNrLd0skTf+acPn8nbXfNbbYL+S3yQPDSOiXP++ecPsi3Rs16KNmvGjtI0XdW/4C5cFRc5W4b/
cdCS8uU6ShtU55o68ek5sOWPzXty/uV3/mmOPutBtYP8SuNx2PxjMRl2zxyo0wlKZbFekGOkpaVR
8Va9xrk+UJ4LeZ0qwznGG4gOZVFJEcmEi7KTP4gQ5QjEym/SsbuOdAxyjnaX0YJ37IJEiSOFCgON
5/rDowmlJmXwfUo9Rwlnd7FLEcN7lL0soJhEWABKmcC7/GhjDK78sfDhCFjiUCfqq3d5m2VIzutO
PI6iJ4/8iGAZSnjHHwbHQw89dNAeno1DeQmO6i/qx2/qhYFeR3JTllUaW6Mak4cM+6SxR6uRBkOO
+kpXq7CVEo4JEyaoCZABTfy+dMGOK51gQP1RHmMEUjkymvMOGhqlLClTWYiwG1Tt5Ap9lxTAlm5R
ptNOpYOO8IRV/XOjpuLVXlU/2ooAaNMxJpiseWdPFLBxuJdgTjz+mnab23ah6LFjAVrQzqRSm7rQ
BXXSGAZ3lHuWL6CYgjapK3wFeiCNaNqOReWjMag2QL/Qi8VCRgXhwLXUFptmIe7VBtpqjxSmbLAQ
DeYKe7uTWd97ZjwfccQRA14jXNQOOT/Qdr5ZBCa8I52MWbxDqFQarjmf0bs2Pqg4Xa70LeXf+973
TicfkJb+h5fznD879/Beu+l4B/8HM/FBjnlXOksT0IYMhbwHS7DgOXxNabjmGDLGmaN4p7owPjSH
5O3lufgBfYkHvOLgHMKii/mA/DC4yhAlWuZ5l/EoPsxnFTiSTWVxlcBjx5V93/WeugoP2jgMD8a5
HNtoFwtnO/YxpvOcP+vgQzn0Dw5gvNP8JMxFx7b+7OBXXPEC8VPNl6TTt9k5aYP0fWhQ5Xblg0rX
9QrdqO20jbXIMOzV9i5zXdd6Kb74BfhTL5Q5GDgYy9q1wzs7b/XBnf7T2IKPaj2jeihP6EXjinfi
uV3mnz58RvXoerXf5WRdZk9nYO2qOSH/1jRrEd6JFmy5nFqTjwf7vss9jlXqW4xvpIUOEYzVH7zP
eWeXMmxc6J2+tm0Q/XMtrVXFm3jPfCDjN3Wy48eWQxprNLeGZK0/aBf0Lb5l+XTtehCs+s4/tr41
96wp1Fesae04ID3YaActBnTw0vMSvy3x2rwemg+Jy6egRAvgTtvzOpB+mgNrdzBg7V1SRLKzB2Un
f+BPoF/4TTp4D+lQpiGryWjBO3ZWWuMfPIDn+jvjjDMS5pTB9yn1HCWc3cUuRQzvUfayjoLGr7ji
ihl2UStdfrQxBlf+UC6y3iAePJ766l3eZhmSiWfrTjyOoicPsLJBhhLVA7nmyCOPHNSL5+NQXlKm
+ov6EagXPFhHclOWVRpboxr8GuMugTQYoVVn0mDIyYNV2EoJxw4U1hNSfGN4I/SlC8aYTjCgPshY
jE+VI6M576ChUcqSMpX5FScgG3CGLimALd2yhqWdCtARu8BV/9yoqXi1V9WPtrKBwAbGhJzk7IkC
Ng73x8Sj5tWvXOmrUrDtwrBqxwK0oJ1JpTZ1oQvK1hgGd9a/dmyhI5OOB74iniuatmNR+WgMqg3Q
L/Rig4wKFotSW2yahbhXG2irPVKYssFCNJgr7O1OZn3vmfF81FFHDfpbuKgdVseCnA4mBNLJmAU+
rCFsEJ+Bh9vQxgdtvNp7+pby99hjj7RWIh39b+UtO/fwnnWS+hT+D2big+jk9M7SBLQhQyHvwRIs
eA5fUxquOYaMceYo3lEX+ATjQ3MIdbKB5+IH9CW6YwWcQ1iXST+GwVWGKNEy5XQZj+LDfFYBOcOG
iy66aFBvjSv7vus9dRUetHEYHoxzObbRLnZ12rGP/MVz/qyDD+XQP1ojan4S5qJjW3/0F+Rj+138
VHRMOn2bnbUgoQ8NqtyufFDpul6hG7UdmmUtMgx7tb3LXNe1XoovfgH+1At5iBMGoDnJN7yz81Yf
3Ok/jS34qNYzqgf9LBrQuOKdeG6X+acPn1E9ul7hzdSbP9Zl9nQG1q6aE/JvTbMW4R2Ya32usjm1
Rljkc6Pi1F7R45IX5eDgSiBPvsmu/uB9zjtr88/jQe/0tW2D6J9raa0q3sR75gMZv6mTHT+2LNJY
o7k1JGv9Qbugb/Ety6dr14Ng1Xf+sfWtuWdNob6CJuw4ID3YnHjiiSkOBnTw0vMSvy3x2pTA/NN8
SFw+BSVaAHfantfBJJ2426kwnCNAWYMkHcIfxm+YMn/W6KL3GDQQrrWjQc/briygyM8qnNriMzmo
Dlyl9GxLw0CzypnXv/71qT1taXin7/+Ch1Vs8Q6FJIKwVY4rP6vkp45W+aY49joOw3kNDhhPWHRY
/DSR2vo03eeGRfpaRh7SMEHmaTmOjfL60IW+yV7KNy/HGhL7lEUdc7pgDPBdugMOOGDQLvW7xVAO
FaoTTAxjn37riqLKput6n9dvu+22mzn22GNnGUcpS2OqlL8YPPFQCOA8UYqXj0f6ABqzRzyTR74L
lLy60AXxmRSl/CdPyoKuUPjzW38ochlzOa0TD+HFGkZREFqPMuLI6E6ZjGmr1KeMpm/wlvCZr2cy
dKrN8FIWdQcddNAAh7wt1MW2VWlLV4xG6nMwy/k8NGXTURa0IMzy+OwyRMAt8UFrCOuDV64ctfXK
79UuaM86aOXx8t8s8KhbTVmiF/F3qyDJ89XvEk1pt7zigCn1129dUWYKt77jMacneBPHyenkF8oa
tZ9URykYVf/SFcFS8bmWxj40CN0pPfOwdudDa/lcrHj2qn6lDC3m7XsUuFZRtPfeeyeDgqVv+GgN
XShf0aDa15UPKl2Xa4mPqT75FQOF8s7nEtpdM9cpfc0VPiNDmcZOXif9hv/btUkf3BFY8nKYR6B3
O7/giGnrX6LBtvmHtH35jC239h5B3TqYgBljJOfVOkmIfK1hXxjLebS0dscAX1ufPB7zqh2vKq90
Lc1deX5tv2vonfUDSm6bT75mKNWNZ1oTleZTneQDL7L0RDo79vusB2voXbSt+ce2r+a+NF/RDtZU
pM/nGGFkFa16puuw/izxXqXlCt8p5TFxkv0YKoSCwxokhQNOWgqlPmKeQoGkHQ1K13alLwlW4dQW
Pz+mWkrPtjQYD6xyRkrjtjS80/d/wcMqtniHQhIFJnNBno9V8tM2q3zL4/J7HIbzGhwwnlxzzTVU
aRCs4rpUN/ssNyzS1zLyEK8k/x5//PGprD50oRMsSvnaenFvDYl9yqKSOV0wBp797GfPkuPU7wMA
440cKlSn3XffPRn79FtXNieMEvL6sb5E12GNo5SlMVUqi3lJ9UFWK+02J10+HukDaMwe8Uw++S5Q
0nahC+JLwa96URZ0hSJez7iiyGXM5bROPIwk1jCK8xhGTKUnDnOHAmPaKvWJx7pjsYMMnao3vBTZ
zOoz8rZQZ9aUStN2xXCoPgeznM/nMgtlQQuE0rzALkM+C1Dig9YQljLo+A8nqLa22HdqF7RnHbRs
nNK9HEdqyhK9iL/nTiil/Es0pd3yik8fUH/91hWHEYW+4zGnJ3gTnzG0m7VG7SfVMZfh1Q57zT+p
Uhr70CB0p3TMwzguEqC1fC5WPHtVv5KmdMwy62a7XkQXgxHHjgf4aA1dqFzRIGUSuvLB/6bq9r/E
x1Sf/GpPlsjnktq5rkvt4DMylGns5HXSb+ZVuzbpgztGvrwc5hHonfxVFvptG0o02Db/kLYvn7Hl
1t5jzLQOJrSDMZLzagybCtawr3bLebS0dscA3zcwr9rxqvJK19Lc1aXcGnpn/cAGPRvyNUOpbjzT
mqg0n+okH3iRpSfS2bHfZz1YQ++ibc0/tn0196X5yq5n8zlGGLXJ/MP6s8R7lS9X+M6wPGratlBx
psZwnjMPlBsQoRQ02gVqO0uGQRRpufGCQcfOGbxoyEvpZIyX0gbFFfd2sU5aBAsIUOXrKoUYQjQT
GLv0lDfGS7wcFVfXklJRaewVpRJCAgNaxxfqPUZodkzIq17PucJAVZauGKmoC8ZgriwwpJyzSjfF
73ot9Qd1ATswReCxzgPKHwUw39ey9ece5Sr9bQ3AKAOUTtdSX5MeI2ZuwC3FbaMLCfhqB4KOXZjy
nAUEDEj10bVrWaQTXVAnS6OUw9/+++8/5zvwKg8PeCk2FZ8r+eBZTF8rbt+r9Va2ZeieMVvCwpaH
0lfxNfbse91bQ2iuoCc9uGt3mdLYawl/0pXognRMyCzEVDd7RVHMTgAZfHPFP+MUT1aUMUqHIwXx
xceIY0+qoEzoSfGJx24a24bFuLfGf9XNXhnL7DIq1Q3hKadb2midY2QYUHp4mzzhbDmMAQwA8C3F
RTkkPBVXnyiw9KJ3JT6ovGqvJacjeACezpbn2XbB06znouoDtnYHOW20Y4Cjw3WsvdKAJ8KQPSUE
QzO0pR2silu65kY6tfvyyy+f2XfffQf0Z9NiwLSGX9JYfLuMR40VaxC2ZbHok+FEdet7tf1hy7D3
CB55/oxdHIBsPN1TP94rDcKYTrug/xQvv9p+LfFNHH7s4hPagG6EF/nJmNiHBlXfrnxQ6WqvpTGZ
Y6HfrI+U7yhznfIYdgVPq/RhjKKQVn10ZX6ED+X5dcWdPETnpTHCWOY0CeqVl9Vl/lHavnxG6bte
6b+cv4NhaV3CfCl8ddX6PB+n5GnX9l3rRXyUC/n6h3xRolkHldI83KW8GnqnXBwEbb55m4VJfkXu
oF9Zr+VYw3dw3GFM01bbXuQQrU8ot896sOv8Y9tXc6+dIbbNtAlMSa85xvJVMGBNadtq0w/rT/EZ
mya/R5bK56CFEtgXshyUU7lyGuUGu/cUtAvUYiTDIH2UGy/oK9a6OIqQl9LJGC+lDYor7u04IC1r
bubUPEghxu4WToFil57yZqci9J2HklJRaewVpRLHQ6NQ1/GFeo8Rmh0TrDv1TFc+g5AHjFTUBVmR
K/K6DHtW6Zanq/1d6g/qA3Zgym4Z6zygfFEAc2qe6q4ra2L6Gwz1DOeSPJT6mvjwp9yAW4rbRhfS
O5Af8TBC2VMEeI4hiDkhD13LIr3ogrIsjar9rKcZ/6XAGkyKTcXnSj6s8enrUYNOXrL523vGbAkL
Wy5rD6XR2LPvdW8NobksRXpw1+4ypbHXEv6kK9EF6dgxX9LvkAZFMU68Mvjmin/GKbua7NqcNRnx
xceIY0+qoEx7QiTx0JMtdrD6RPWTvTKWm2gQnWVOt4wZ6xzDOlc40lZ4mz0pSGUxBjAA2F2bpXlB
nyiw9KI8SnywK74lpyN4APohy/Nsu+Bp9iQ61Qds0fXpN21ER6HA0eE61l5xwBNdqD0lBEMzGJbW
KUqna26kU1mszexGF8Xnin6INY4NFt8u41FjxRqEbVnoVOwOVltm13vbH7YMe4++IA+M3ZK8RTrq
Z3eQYkTUaRf0n83b3lveVuKbOPzYz6pCG9CN8CIvGRP70KDa2JUPKl3ttTQmLQ723n4CZ5S5rrZu
4GkdN+BdON/ZOnHP/AgfykNX3K3jQ2mMMJaxaVCvPHSZf5S2L59R+q5X+i/n7+BXWpfkm16Ip/V5
Pk7J067tu9aL+Mix+fqHfC+OG0itg0ppHu5SXg29Uy6yog15m3Ma1G/kDvoVw3mONXwHxx3GNG21
7UUOsfNqn/Vg1/nHtq/m3p6oqPbSJjAlXPU/J2DLV8GANaVtq9JyHdaf4jM2TX6PLDWuOagGh1Hi
rETi2IChIXoBDY2z1CNERVKIQnBYbbXVwgYbbBBWXXXVxiZFBhPiIjtEI3I499xzw8orr5ziRqG0
NV08sixExUGIC7ewww47pDRxoOHA0JqusSIL+CIKwCEKSqnNUXgOq6yyygKWPruoOMEF/sCdvlpj
jTVmRxjyKw7Q1NekX3vttVux70IXpWKpJ30MXuuuu24pyuBZ17KiABxWrFgRVlpppYRHXDQEaJBy
1llnnUG+TTfROSFhGCeJsPrqqw+tX1M+peeMpSjEhajEDJtsskmICq8QBbBAWeutt17YdNNNS8lm
PYsL6RAXzSEaMUI0qqZ2zopgfoAdfbnmmmsG+jcutENcYKffN7jBDUzM5tsudEEuxI/fLExYgz24
d6XF5trMfRMnt9SmYXQ0N+X8PAHzaFQN0VEnjaGoxA9RyZj6aeONN05js61kxkVcgKQotAkarAnQ
FmVB49xvtNFGrbRRk+e44sRFVQAXAvWr7StoifEB/dTwCtU3KnoSjVPufOMArUOD1JE5i7Y1zZN9
xiNtoIy4UEs8kzEsnrbhhhtW04ewmc+raFBl9JmHlHbc1740qHp05YNKN5/XUee6vnWDR8HToPe1
1lqrlQa74q61AfMTacGd8cX4j0bAoTytz/zTl8/0wQ/sWGNw1bxfyw/7lNc1DTRFv8LPGL/LPfRZ
Dy7k/DOp/VO7vpzU+s9nvaAp5krkaubwpvUCdYhKoxB3dIRoRA7RabBaro6OgiEaeAIyanRsSM2B
5ywFuTo68YSdd945tTk6xy26XM36i/mHvuoqyzC3sF5Drmbt29bXXeiiRJ/Mnci61BV5si10LSsq
XJPMKrmaOZmyKKdGrkbWBQPJ1cPq11b3/B1jKSqiQ1RiJhk6OkcF9HOUBR+KOzPzJHN+R+N0iE6e
IRoaQzSqtq4zwI42S66OO/oGcnXtnNmFLqgs8WkT5UJP4NeVFuc0uuUB/cv6a5z91FLc0FdgDi+L
jtFpDPEbeoce0aUwNtsCvA/5mECbusjVyG3gDp3VrEHb6jHOd/QPOBCoX21fQUvwNOinhleozqwN
oXnKnW8coHUrV9O2Jt7ZZzzSBspAJwNtMIYlV6MzqKUPYTOfV+hO+hPK6TMPzVf9+tKg6tOVDyrd
fF5Hnev61g06hKexRkNv20aDXXHX2oD5ibTokSRXo1uCj7aFPvNPXz7TVo+md2DHGoMrf+uvv341
P2zKc5zPoSnJ1cPmqnGWO6l59VkPLuT8M6m4TWq93HDes2ei53DYfvvtQ9xdOlTwsEVEL8IQvSBD
9LgL2267rX01cfcsYDSZRe/WED1+Q/TMDHHHUDj11FOHTj4T1yCv0JJCAIUsyoHo+RTiTpKw+eab
L6n6e2UdAUfAEXAEHAFHwBFwBKYXATecj6dv487tsMUWWyRZM578UC1jxp1i4fTTTw9xh16Ip3eM
pzLzlIuVq+OOlrDXXnuFuAM/xB1D4eyzz65u8zxVz7OdcgRQyMbPCSW5mvESdwtNeYu9eY6AI+AI
OAKOgCPgCDgCjsBoCLjhvAd+8fiFJODGo9ZSagRevAPx4ItH+SShJM+WHUsYm+MxrMlrMn5LM8Rj
OpMnFDvXH/WoR+VJFu03nkLxyImA4qIULrroouQ0UHrnzxyBURBgl0k8ajN5IMajQUL8DlTKLn5K
IXBaw2abbTZK9p7WEXAEHAFHwBFwBBwBR8ARGAsCbjgfHUZ20XKqVDxSNWUWj8IdyNXPfe5ziydU
IVfHT2eE+EmLtAMnfpIpxONok1wdP4MWHvOYx4xesTHlgFwdjykN8TNkxRzjpw/CjjvuWHznDx2B
URCIR9OGeCRxkqvZyRw/FZCyO/DAA0M8vjQ5q4ySv6d1BBwBR8ARcAQcAUfAEXAEphkBN5z36F28
2zmevRTid3DCTjvtNOeVjnaf8yI+4ChrjrTmGKFJCBz5xU56dsXbgCd//J5PiN8NsY/93hEYCwIo
luJ3lMMFF1xQzK9pbBUj+0NHwBFwBBwBR8ARcAQcAUdgHhFww/no4B588MHpM2alnDD0cZx5HnS0
e/6c35xWxU7uSZKrd9ttt4DjuQ3I0/H7w+nTb/a53zsC40AAuZpPH8TvTBazaxpbxcj+0BFwBBwB
R8ARcAQcAUfAEViGCLjhvEen4+XOEWulb9Bw7FXpOcVgPOc7Wfb7GvouFd+emaTAd0H4TgVXAt+p
8G9VTFIPTWdd+LYR33DKlV2ME45qn8/vnE0not4qR8ARcAQcAUfAEXAEHIH5QMAN56OjilzNUe18
Cz0PW221VaNcjfE8l6v57iPy6ooVK/KsFvU38vTVV189kKv5vix/HhyB+UQAmZpvoee6KcbJlltu
6XL1fILveTsCjoAj4Ag4Ao6AI+AILHkE3HC+5LvQG+AIOAKOgCPgCDgCjoAj4Ag4Ao6AI7CQCLjh
fCHR9rIcAUfAEXAEHAFHwBFwBBwBR8ARcAQcgYVBwA3nC4Ozl+IIOAKOgCPgCDgCjoAj4Ag4Ao6A
IzAlCLjhfEo60pvhCDgCjoAj4Ag4Ao6AI+AIOAKOgCPgCBgE3HBuwPBbR8ARcAQcAUfAEXAEHAFH
wBFwBBwBR2AYAm44H4aQv3cEHAFHwBFwBBwBR8ARcAQcAUfAEXAElh4Cbjhfen3mNXYEHAFHwBFw
BBwBR8ARcAQcAUfAEVhEBNxwvojge9GOgCPgCDgCjoAj4Ag4Ao6AI+AIOAKOwDwh4IbzeQLWs3UE
HAFHwBFwBBwBR8ARcAQcAUfAEZhOBNxwPp396q1yBBwBR8ARcAQcAUfAEXAEHAFHwBFY3gi44Xx5
97+33hFwBBwBR2AIAl/4whfClVdeGe585zuHW9ziFkNi+2tHwBFwBBwBR8ARWA4IuOF8OfSyt9ER
cAQcAUdgXAh89rOfDd/5znfC3e9+93DLW95yXNl6Po6AI+AIOAKOgCPgCIwdATecZ5D+5S9/CT/8
4Q/Dl7/85XC7290u3P72t89iNP/86le/Gj73uc+F6667Lqy00kph6623Dg984AOLCX72s58FFo0/
/vGPU1wWjbvvvnu43vWuV4yvh5dffnm49NJLw5///Oew5pprhrve9a5hhx120OtZ11/96lfh97//
fVhllVVmPbc/ttpqq7DyyivbR8vm/pe//GV4whOeEFB6/fWvfw23vvWtw/Oe97zUH8sGBG+oI7DM
EIBHf+QjH0k8/vrXv35Ye+21w2677Rb23Xff4tj/29/+Fnbdddfw3e9+N7zoRS8Khx566FgRYy54
4hOfGDbccMNUPuURXv3qV4d11lmnU1nnnHNO+PCHPxzWXXfdcPXVV4fTTz/dFRKdEPTIjoAj4Ag4
Ao5APQJuOG/HCrn6e9/7Xvj85z+fZOo73vGO7QnM28suuyx86lOfCtdee21aH93qVrcKe++9t4nx
f7c//elPwyWXXBKuuuqqFBeZbq+99hoqVyPvU4bk6l122SXc4Q53+L+MzR1y429/+9uw6qqrmqez
b5H9l6tc/Ytf/CI8+tGPTutZ+v22t71tOOGEE4pr69mo+S9HwBFYqgjAP9///vcnHo/8iey65557
hgMOOKA49pFzd9xxx/Dtb387vOxlLwtHHnnkWJuO/LvffvuFG97whql8dHyEt771rZ3l6jPPPDO8
733vC+utt174yU9+EpCzmYc8OAKOgCPgCDgCjsDyQWBZGM4/+clPhiOOOCIJxk2GCBZvCHcYHRSO
O+648KQnPUk/G68I0cS78MILZ8W5y13uEj7wgQ/MEqBnZmbCaaedlgwwsyLHHze+8Y3Dxz72sbDp
ppvmr8Lf//738LSnPS2cd955c9498pGPTAvPNdZYY9a7pz71qeHcc8+d9cz+wGj0ta99Lay//vr2
cbrH6H7/+98/nHzyyckbdE6EKXigHaRqyn3ve9/w5je/udXRQHEX+wq94uCx2mqrzakKz+55z3s2
toM+R7mBc0cp/Otf/wo3uclNwnbbbTfnNbR+/vnnh4suuig5Zdz85jcPKJnA8p///GdyPIAOyYNx
9+9//3tOHpS71lprhS222KJI63MSDHmA4RGnlZIii3rgXFKicZstebzzne8MX/ziF8Pqq68eVqxY
kej+mmuuCSjKMGxSZwJ54vSCIGYxJE0JM9IMw5w4BPK+zW1uEzbffPP0u88/BFgUVrZupXwoa+ed
d06OI6X30/YM3osgbXm82ggvhIZKCnBweshDHhI+85nPhJe85CXh4IMPVrKxXHM+RKYI++xyH0a3
eQUOOuig8N73vnfw+BOf+ESjY9Ugkt84Ao6AI+AIOAKOQC8ESuuGXhktoUTIu49//OPT2rZJrv7G
N76RZAKMDgqnnHJKOPzww/Wz8fqb3/wmGV1wcrSB3YnIFtYwzdruxBNPDEcddZSNmu6RZXA255oH
5GrWcyU5+cADDwwYTHK5mvive93r8qwGv1lL4hBfoglkCWSzs846KzljDhJN0c0VV1wxy6iEHuE9
73lPozw6SU2HXr///e8X5Wo2Nfy///f/Gtvxla98JSBHNsldyBE3u9nNipsxoHUMeuh/kLE51Qpn
Xnbj/uMf/wgvfvGLEx2Sx8c//vFGuRonYDZDlGi9K84YHnEoaZKroeMSjdtycGR5y1vekjaUMI42
2WSTcK973SvpDn7+858nPmDlapxectkVvVjTBpZhmKsu4MZGGPQVfQM6DxxrmvpX+VLWPe5xj7DB
Bhvo0VRf4b0PfvCDk2E5byi88Ec/+lERC3CCxuHlr3zlK8fukJ7zIep2oxvdKPB8GN3m7dhnn31m
6V6/9KUvNTpW5Wn9tyPgCDgCjoAj4AhMBwJTbzhH8MBwxuIb4ZmFXClgbMDoYEONkQQB+T73uU9A
8CG89KUvTQsqdoOzg5A/G37wgx8Eedvjlc0uRwygT3nKU1K0JuPty1/+8nDsscemOAjdHBmMIefJ
T35yevbc5z43OQeoLIyYe+yxR0CwQFDBA5SAsgHhDqNMm3Hmd7/7XTKq0S52aG6zzTbKeqquGEbB
Ea/YBz3oQeG1r33tLIXMJDYWQeVhD3tYMl431Q86KwkHNWnJkxMQwMWeVnDBBReERzziEU1FzqIn
dufiODIscCID4wxa7BsQzDV+Snl89KMfDTvttFPpVXqGswROKW3BGiCb2gZvQdGQt8XuWG4rQ+9G
2dWMYI9iEWG1JtTwuJp8lkIca6DGKYoTPv74xz8mD3L6Dj5ZUoowZs4444zkeMUJFcQbZ8C55Ne/
/nWgnD/96U+J77bx5ray6f8//OEPaZx+61vfCpZu29L5O0fAEXAEHAFHwBHojkBprd09l6WT4pvf
/GbaSYyBDifeJrkaZ9SHP/zhsxpWYyRhxzgyLusiAusvfmNk22ijjdKfzZTd7OzyJiDHY/TGACqZ
vsl4e9JJJ4VnP/vZKR1ywN3udrdkyHnMYx6Tnh1//PGzjPHI1egTMJywfmQHIgG5GiMhDrVtxhmM
ojjG0i4w5H4aAyfdYRB76EMfmvr/bW9725KQq9GZYLxuCuhFSgZR1u7D0pInJyB8/etfnyVXf+hD
H0qnIjSVaekJfRZ5DAvoBxhnpO0bXv/61w/GTykPaB3H66aALuVxj3tc0+v03Bogm9oGb2Es522x
O5ZbC/nfy1F2NSNXYXhHV1cTanhcTT5LIY41ULPRBl6LDAoPhz+iH22Sq4mPQ8Jhhx2W4o2zvcjV
bABibFKfbbfdtpU3t5VN/6MrvN/97pfGr6XbtnT+zhFwBBwBR8ARcASmB4GpNpxb4/Gw3eMYLBBq
UQSwIxGBe5hRyebftlvckgtelnjqs6PUGqMxZCN4lQwmCAh4ZmIIQRGB17MC3sd4Q+JljCCjHcgs
FvHsR4DFEGe98zlqaPvtt0+G4te85jWzhDjly/UVr3hFeMELXjAnbxtnGu6FB04L7DywWE1q+zDQ
yhsdOoVGUACx8wOvcwzS1uht28FxiRgREWbwZs/TQzscQyUHD9IieNzpTndKDiI4fGCohuZRFh19
9NHh4osvnkW77ORAIYCiAYEVBwzicZoC76Bb7fwlX474Eu3autbc47zCLms841HQYPB/xjOekXa0
M0Y5qrFJsfmqV70q4HRCQMhnZznCHtjilCIDtDVAMoapL9ixS4DyFMiv5Fzw6U9/Onk6CwvVjzwI
tB0PfBR1w/iOyipdxSvAgvbIUYZ82Q2vZ9SZuo9SVqn8SX7GricUovQxeExiUP+hWO2z41xtghdw
1LulW73zqyPgCDgCjoAj4AiMB4Gm9eV4cp+sXKzxeNjuceRq1jLstGX9hRF9mFHJ5o883rRb3KLC
mpyd6VtuueUswyIyMcZwa3xUOtZayB4YMkmL/KeAbIKRBGM8Bm7JJshGnEyHrgCjj5UVkRU4RYs2
srZukr9Ycz/rWc+ak7fKnpar8MCQxsYEi9WktpE1N7vOkcvYqMCpYi984QuTXI1sjUG6qV+RqZAb
JVfn6aEdjq3HAUQBYxx6IMYIOqdnPvOZSQcFdpzKgJxsaRfZmd370B96HdKh27rpTW+adADQrU53
wMEDuVy0qzJrrxg+kR9I/4Y3vCE5QvApO3RN4MMpXCUnAvI/9dRTBxs5kKNpC6dnMZaQwWSAtgZI
xjCn2ZE3RnscLxTe+MY3hv33318/B1fah15MWKh+4ETglAB2ziPjD+M7g0wLN+IVyNXoPqBldB/k
y254PaM+YDVKWYXiJ/oRfca4wPhNv09iUP9x4kefHedqE6d48vkzS7d651dHwBFwBBwBR8ARmG4E
ptpwLqMyxmiOgOIo5ZogA8swoxILe4QH8sdrsnTEek15xEGQ4JtqJcM53o73vve90zd2893fMvqW
0jWVLWMhC/wHPOABTdHSznQEPUJusG9M1PEFRk+UFuyMZ9cAgbZg4KPN1lOVI7zYFUDAmxSBnKO1
qRuepShN2DmsOqeI2T+UMHwn/j//+U/ahc9OZI4QQ/gZp+GcMtjpjBDOsegE6nXIIYckz9esWr1/
omRiBywCOFjo2LPaDGvT00ePetSjkqKJzw/Y49usUT031LXlb3ew5+lq65/Hk8EQQzoexm3Bnv5Q
GusoDvgGFwGBOD+GHRrilAIUJjgqwDdyBxZbfhsWxNNYLtXF5tN2L8MrJwbgFMP4Ub7wKj1Tf1LW
Yx/72PD2t789OdmgaCBQVxwAUIywwx5eyhH2esc3JlEcMJ5QIqDgxEGB3xxLj8KJ0zZQWoJJKUjZ
+Y53vCPxGuKQhnLhS6pLKW2XZwjK8AscllBm4QH/gugQhIKGNuEowR+nhNjATir4utp93XXXpW9r
oqRqC+xiR7mF8hQcCfAmjonneMO2oP6rNZyjCGDsMP7pa44ipAxOPuGUknGNq7Y6+ztHwBFwBBwB
R2C5IrCcDOcyKmPQ4/M2HL9cE2RgGWZUYp2Gozj54yA8bL3VVjY7VTn22hofFR+5GvmPdV6++1tG
31I6pc+vMhbSTnZaNwUMeWpTbrBvStP1ObILzr3IhKx/CRtvvHFyBsZBP5er2R1MYE1O3dEzcJIX
sivOAxj6cbZvCjgGY0xCJmItjdEWuZp17zgN59AD7YLuODmPsMMOOyTDZS6fNdW15jnrdvQxbDxA
/ukjV9ekpy3IjuCFPsnK1daonhvq2upnd7Dn6WraXoojgyG4D8PZnv5QGuvI3ZIJL7vssjnHsEND
bA4BDwyy6HdyBxZbxzYsiKexXKqLzaftXoZXdvsj1zF+lC/yqp6pPymLzze+6U1vSk4OkiGROTnd
EDkXJwv6Sp+C4B06Fm0EQK7ebLPN0jHojC+wQq7mxI1dd901YVKqM2OYelA2MjoBnRqOB8jt45Kr
4ZuS4dG74GiEPgGnBdqEowR/uVyNToxTHdTua6+9NvC5SdraFtAzoStAbwlWBOiCT2fYzUSlPNR/
tYZz+B76OzZ+0NfMIegjcaLhlJJxjatSXf2ZI+AIOAKOgCPgCEwmAlNrOMe7V9+zZYcsRgQrLLZ1
R43hnPzxnGWB+vznPz8ZbPXdaAz0tWWpHhiuWGiXDG8sThE+8YamHbRLgR3SCDVNR7wrnq7WMINx
EWG6KdBGDNGUUZt/U16l5zLold7xLD9+HgVA29FgyodFud0tzXMWzAhheCc3hXEd1S6jZFM5eN/z
DaxxBNuffXao1qbXpwwYS5xEkAcEQIyMGCbt9w7b8reG53EZ+GQ4r8mPujKe2HWSOwPQPo1xjOYo
knLHGARAjJSMDT6fwNGNKFmayrZYIHjx+QQcPhD6wJedDBjqRz2qHQGPEwP02QE5CFjHEDkVIejy
uQgp8my/6oj70lH4vKPN1HtYYBcFO+ztTg2UXgjx4FUKCPo4VgwTpktp7TOUozjF6FMa9p29V1vt
M9GSfYZSt+l7e8RjDKKYbAooyVCqcCpEKVgaGTaeUSKwe74tNNFiWxp/5wg4Ao6AI+AIOAJ1CCwX
wzlrYn3PFodLOWLWoFRjOCd/5LR3vetd6bvOGGw5iQl5GgN9V7ka4xGGqpLhDbl6l112SSe1sVam
PQrnnHNO+o3cXfN9btZtyBHImTiOtjnp00Ycw/lOem3+qlfNVQa9prictmS/BY9MPMzJmLyQgfLP
b6HzQK5g135TYAf+OI5ql1GyqRzWuuP6jJLtzz47VGvTYxQGH2hPzgu2fchX6DNwhM3latFbXj9r
eB6XgU+G85r8kJswLpacAWibxjjyHbSXy54Y53GGYGywUQKdD0baprIt1hjtkasZh+iAoAnkTvRq
ox7VjpMN40S0LAcB6kk/YeiWUxEyHp+LsH2mftUR96Wj8HmHTuK8885T9MYrekf+rFyNUw56CPAq
BRyBOHGQkzFGCcjVOGnj4N0W1FYbR7Rkn+Hgk+vs7HudHGKf2XvmDPBsk6ubxovNh3tornS6gY3X
RIs2jt87Ao6AI+AIOAKOwHQhMLWGc2uUxRsU4a421BjO7S5w8sXQI+MM9ygJ2nY+kwajGUYpdluz
4CZQNt8ozoMM5Dw/5phjkvcjQgE7Jwm5QT09LPxjgQoWGInbjmlXUhnY+J3vdlecvlf1EXghaCGU
I3ycffbZ6Zh5nlOmvhOPogNj5Ytf/OK0e5RyMeTicIDX6uMf//jkBWx31hIn7yuMeAhBGO10TDfx
xmU4F2YYyfCG5Tt2HK2GsgLDG/izOLcCD+X3CQiN7M6o3aGal1Gbnnoj4BMQ4sGKnQXWQz7Pm99t
+esdwvO4DHwydg7Lj7LZIc3YazpenfpjdEYphHEbgdwGaJY/FGAoE0877bTkkYxSjOd5UHvpK5Rx
eI6j9ABL6os3O57lCPmbx0859AnWSC4as8/0KQI9QwmAoI0SgDq/+93vTsXCv1AqMh45bvODH/xg
2q3CyzPPPDPtCMeznHvoQYExizDP8X7swJFh/OlPf/pAWScc6He+XwfvwoMepSjjHe9zAhggMOce
6yqr5grPoF84rYIdHBz5R8DpCW942sAfx8zljhF4m6OAwDOeYzlR9LTRlU4NIX+M6xzpSZ/iHY8i
GCUwAfo48cQTi0pgYTNsPKOo0fc7+WQCxzWCObzTfjqgrb6pMv7PEXAEHAFHwBFwBHojsFwM59Yo
iyETo1FtqDGcI6tpFzj5YuiRcYZ7jIhtO59Jg9EMwzeyLvI0Aade1ph5kIGc56zJcHrEiVJrtdyg
nqfXb9atGAqHHQwaU58AAEAASURBVNOu+DKw8Tvf7a44fa/qI/DCgIc+gXU862zWpDxn7Y38QWCN
jLGSdTtO3wTWlkceeWTg9CRkbNa2dmctcfK+4phsMGDNfMQRRxAlhXEZzoUZRrJDDz00fXManQtr
d+o9TicE1uG1hja1015r01PvPffcMyU944wzEv0gl9TI1U31U9nIreMy8MnYOSw/ymZTAPGajlen
scibyN6Mt1yuRqeFUzubSfgMIePyOc95TpI/OSY7D2ov4x49hegbmZ16oIdj/HMKG8bePsEayeVI
Y5/JcK5nOOKjX0D+pT20hQD/wrFdcjXyNrIoAScfnMlpD7IzDvQKtAkckPHQf8kwjv5K8YQD/Y5c
jV4C3RByNZtkdLokGMBzRpWrqQ88gFMZ+CwY4QlPeEL6LB4yNfWh3ziNzgZ0YejxKB+5lU0XbXSl
U0PIA+M68jzfm6cM9Bcck0/gkwBs6ig5VwkbaCR3NEmJ//dPjiz8pN58igTM4Z2cgKDQVl/F8asj
4Ag4Ao6AI+AITBcCU2s4l/EbQw6L5two0taNStt2ZDILMX13XHlhIEUgVRhmaGaRhrFXgbpiOGOR
XAosqmlLHjg6i12xNQGjO8KHjH3D0rAzVA4ALHBzj/Nh6WvfY9jCwITAyB+GSHZclgw/Mo4izNEe
LZQRxBBKMLghKMjbl52xGK0RJlD22KPGOBaLslA2YNCWYbG23k3x8PpGOKJdLPA56o1FO57U9POw
3aRN+ebPRYfDDG15Ov2uTU88GZqVlis0zy5p3uHtT5ttsPkjbEhIxhiLsIUih35hrHQZo7YMey/a
KNGNjWedKaCVmh0XNj313yUalskH4y5KKBlO6d/SaQ7CwvII5Tmsvoo37CpDMTu1UTARZCS39I1R
GIM3yiaUXQTVn/t8rMtxx+ZBPDm/cI+CjTx1LB07CxA89T1xxidjUycyNPFmm+cbhnxOgnJrg/LN
HWtq0qvObf0k2uMoeJwWELhtUB48YyxwjGUeRCNt4xnFA32G0pCdKihSrKJNn+Ig77b65mX7b0fA
EXAEHAFHwBHohsByMZzL+I2M2vUYdaXFmIvhsxRY/2AQtDuYMZLY38MMzTijsxZVoK6kbzpdjTUt
Bq084PzI8cg1gVOVWPvK2DcsjT2uHVmh5Cw/LI+a95I/WYuyRkQ+Rl4pGX5kHKUtGMUkVxMXZwYM
buyml1yNMQmjNfIbRiV7EhNHxVMWMoXdkVtT57Y4Vq6GVthhyokE1I1+bjOKteWbvxMdDjO05en0
uzY98WRoVlqu0DzjAN0Ejs0luVqGc4y1Vq7GeIgTA/2CrJnv6Lbl1N6LNkp0Y/OwzhQ1x7rbtNwj
V6Mj4bNYjHNkRBlO6d/SaQ7C2vII5Tusvoo37IpczZhgpzbHqRNkJLf0jWzGcd587kCf5VL9SZOP
dTnu2DyIJ+cX7nFiQaazcjV6E236QL6H/nUiQxNvtnnCi9s+J0G5tUH55o41NelV57Z+Eu1xFDxO
C7lcrTwo78orr0zHqudli0baxjPyNHogZG8248DfrFyNLgNnIkJbffOy/bcj4Ag4Ao6AI+AITAcC
U284ZzceO/Dw4q0NNYZzGaPIEwEFz1EMiPYI4mG7uhFqEQ5YeCLosHDDsMT32MnTBgzjWugiTLCY
5qhe0hJYCA87pkzfomYRWWuoJK4cBNocCVIlOv7DoMxOVgxrakeeRcnwIwNVbvCUMRQPWBmmMd7h
kcqpA031R+jHmJYbBfO61P7GKImhEa/pUqD/VL/S+y7P1D9NhjZojPpwzKEVAlTGsPSKx5W8aBf4
lwIGQwyd+nYVcZQ/Arw1rOMZroCipilPxam9ijZKdMN3rjlaUB79ouucjmrK0g58HEnwelZAuKOt
pV3swgIDLvXk++GcTgDvwCFm2E4aldH1Kl5VQ9/CD6WMjq8X34A/5bgqb2haDgS2fnx/jl0Fdme/
yiAeBmb4gALKOtKIHzaNWcXvclVdwUG78WvTa07I26/06lv6njmHYwEZLwoI+3xvTsqOYfk0jWfy
YxcDdAfm8HGdyKGywI/dBU2OR4rnV0fAEXAEHAFHwBEYDYHlZjhnNx6Gqi7trjGcyxhFbyADs87G
aGuPIB62q5t1F0Y7jLYYOlhLYVjiWS5Xs/5GbiFgcNJ3iUlLwKCu9+lB4Z++Rc33h2sNlawX5SDQ
5khQKG7oI9bTyBSsNdWOPFHJ8CMDVW7wlDEUo6AM08jV6CCQ95rqT98hY+VGwbwutb8pH4d/5IdS
WEjDOTSGPISzd5NcLcO2MCvVmWfkRbvAvxSQKRk7uVwt+rGGdZxzFThBoEkHoTi1V9FGiW6Qq9F7
Ic+CheqV01FNWdSfHfg4kqAbgs4IOBfAb0q72DWWcNbAaI08xOkEOLHg3INebj6CeFUNfQs/HJ7R
N4GT+Ab8KcdVeUPTciCwbUDGIy/SCROVQTwMzOCiILla/LBpzCp+l6vqCg7ajV+bXnNC3n6lV9/S
98w56FXgRwp8r53NLzrhYlg+bYZzvjnPCXFgDh/XiRwqC8w5taTJ8Ujx/OoIOAKOgCPgCDgC04nA
1BrO8eTkeOBRjCRtRhsWYHiUIjxx3BACtwJe6giMXQykHNuOgQkDMjvROWZKgQUbRkcWc3h4H330
0emYb7xgXxCPgWIxWfo2utLrqh2PXTCRMRpjTRseKqP2ikCkb8STBoUGR5vjWU09wZVQMjDJ8Ja/
Y5EN7tboZOuf76JNBcR/2olaY1hUmqYrRkb6So4A0ABGeYzXCAmELnTRVI6el9qsd1x1qgFKDLsj
QHGGpVc8e0VQxjOcPsLbn3bhmEDg+H85ePBb+UO7eQCXQw45JCnG8nd9fzfRBvnhjXznO985HW3G
98fYEQFdd/2UQ067pbqWxqOwQGDmGElOIRDtoaBr+8ZXqYzaZ9ZgPOxEBdWHvDl+DoWFTmwofcpA
ebft4lafiH/wqQQURTVhlO+95/mrrn3GeY3hHKEaeqoJTf0tGrE8LM9Px7Rz9CBOYaVPPgjznEfm
eflvR8ARcAQcAUfAEeiPQBcDcv9SFj8ln+ZB1h3FSNJmtMGxFQdS1j/s8Dv88MMHjWbNjFGui4EU
OR0DEwZk5ErWfgrI1Xe4wx2SQY71EnI8aynkao5qp/zSt9GVXlfteOyCiYzRHLnchofKqL0im+gb
8aRBrsbRALmaNSy4EkoGJhne8nesSXMjsK1/vos2FRD/IQOzQ7fGsKg0TVdkJvpKjgDQADtcMaZL
9uxCF03l6HmpzXrHVacaQJMluW1YepuX7pGrORqfPsJRhDJwTCDQxn333Tfd80/5l3ZZgwubBfg2
+LhCE22QP44Bt7rVrZKzMEd161MLjAv6vjbktFtKVxqPwoINE8hfyNWivUsvvTTJ/KW8Rn1mDcY6
qr0pT9WH98hk6Ih0YkPpUwbKu20Xt/pE/INTPNAF1oRRvvee56+69hnnNYZzHB90NH1edv67qb9F
I22Gcx3TjvGccVWSq4V5ziPzevhvR8ARcAQcAUfAEZg+BKbWcK4jyUvGnmHdKCOJDD2l+CzEtGOV
nZkI5wosujjGuauBVMaOvFyEQ/LHUMkCcsWKFSoqyFCLINu2i9ka+/huG4aumkC+eP+y8M/rVZO+
KY6MWLxn9yde0/Lcpq7aJV4y/Ain/J36xBqdeKYjxmUIzOskg2ofg1qel2iHvmchzpFrChibaafd
Ea93fa+lNtu8VJ8cK8UZll7xEMigG3ZGl05v0Pe+893jyh+DLAoWdr6jsEIosR70KmfUaxNtkK9o
DjrmiGs5bnTlEda4jLOHjjRU3aEzAt/ERtmjICwsffIOJQnHSOZHkCndqFe1u5a+2aWAUE98jv1j
xw3jv7QzX3mjWNMOdVtfO5bFP2Q4J192xYBLKYArx5mX6K0Uf9gz1bUWB5vfsHEEn5QjBm3ink9P
lAJe8iiaSv3dRCM2HzlA1WDeNO7JD0UdtEzgaP/8OMj0wv85Ao6AI+AIOAKOQCMCy8VwriPJS8ae
RnD+90JGEhl6SvFZ/7CuQYZmZ6aOOybu5Zdfnpx/uxpIZezIy0We1tG8OAAjmyjIUMuR0W07hq2x
j5OnMHTVBNaLyIYYgvN61aRviiMjFu/Z/Ynsa+Vq7RIvGX6EU/5OfWKNTjzTEeOsMTEE5kEG1T4G
tTwv0Q59zzfoOc5bAbmaE5jsjni963sttdnmpfrkWCnOsPSKh3MG3zZnZ3SJhyCLsTki3z2u/Nll
zfHl7HyfT7m6iTZoh2gOOsapRo4bXXkEMiaOFgTyyOXq8847L737/Oc/n3hE+hH/CQtLn7xDtmFM
l+QspR3lqnbX0je6CfQkxMdxHCd+xn9pZ77yRu8HH9QYVn3hOxrL4h8ynHNCAac4gkspgOstbnGL
Ir2V4g97prrW4mDzGzaO4JNyxKBNbC5qk6vh56X+bqIRWxc5QNVg3jTuyQ+5GlomQM8uVyco/J8j
4Ag4Ao6AI7DkEZhaw7kMHQjhCJBdjHRKK0NPqZcRUnQEMTsyERIUvvGNbySBv4vhnIXwfvvtl46Y
ystltzJGeq4Yx/sYzmXswwO99ph22sOCUw4Ceb3U3j5XYczOXLxErXen2svis2T4aTKOqq65YRKh
j522JUOTNex1NaCW2i2jIGUi8NrQ5yQCm75039RmxRXOJRyJMyy98lG72HGyzz776PHgqnLydtv8
ETb0LbZBwjHfNNEGxchwKjrWzl3eIcCVlD84OYAdihmOCiOwC4CjwTCQ6oiw9OJ//+RE8LjHPS4J
ynpnsWhzclH8cV3V7lr6Fq+w5eNowzfpcyFQeROXI+MQnm3giHaMyAT4MIpQjPGMDQznjMtcKaD0
KMTYPdD0XvFqr6prLQ42X9F30zji24vkyw5wlFycDNIUaFfTOKihEbWD/EvOQBw5J0eupvqikMDp
g/4hwIf5HAjfjPTgCDgCjoAj4Ag4AnUIlIxedSmXViwZOv4/e+cBJkFRtOFRREAR/DEAIgoCCiqK
GRERc8KcRUUURQQjGMAAggqKCII5Yc5iVlQUc845oKiIOee8f72N31rb2zM7M7t7t7dX/Tx3MzvT
0+Hr6uoKHZAv2MWqi16tb+XoKdUcvZq00RWYUO3PKsfBhMO0i+Mc/Y5zopHf8nxxtKIT4kBnpWof
x7mcfejVbbdpp97IeZogkJerhEvbZ8KYlblMsvd6teqLs67k+KlzjqqsuWPygAMOSA7AkqPJO/a6
OlBLdZVTkIkb6Fc+9NmJwH9fuq+rs+IK5xKOxJn0vdJRvV7xilck+4+e66p88nr79HFc1ukTSmfa
ax1tkK4cp6JjrdzlXd1RB9h4mADBoozLXOYyRK1e8IIXVKxYx0F6xBFHpGf+HzojEwkOOeSQ6pRT
Thm+8lg0TXIZfjCjG9W7LX2LV/jsmWjDzgK5Xq20ifvmN795bKELdIdDmQAfZodK7BrslIHjHL2w
Tm+etV6tsrbFIRX6v/9E33X9CL2aujF54Nhjj609poHk2K1h880398kP79vQiOrBR+jNuT2ILfN3
3XXXlGZdedGr2XmO9wT4MDp26NUJjvgXCAQCgUAgEAisaQSW1nGOQMY20F2c1wg9G220UTofDAGe
rdtIgzPDSoKPz4PZimydy3lVbAONMIuzDYVdAixCIIoSwj2OFQTCTTfdNKXPal7O9SXkzg6EPjmv
UWCIh0KMcoowybZL29nZ6Jy9s8kmmxQJEgcV37Lassv5vmCilZSsOm47o75YCPcQxyETD2gfZuqz
jTg441zmHCZteZxvr842eijs4J2/wzCA4w5nJyujmYVN4Bw7OXtxFrEbAU5QDCY48VDYCGBz6qmn
JhpID3r8AyOtOD3ppJPSecfsCkCb4kglUGdfvh7ZpE9oG2bfciaY6owBD7ogQMu0O85dT1PMiIWm
CNDrnnvume5ZIU3ZWBErmk0v7J8c0rwXresdCiGOVa7MpMZQRaBsKDNKnzpTPpTELgY35dN0pR70
CRRu2hDaYIsvDHEE3mFIgpblOPf9ijjQAtvM04fyNuN4BOgSpVPnmJMHyqs3TkGf0LBom7PWWDUN
5rQRPELtr7Yq8RbKM20AE7BG4cNJDX3DZ6CPSXnK+a8ylFab8847cfl9/PHHp1Uu5PvRj3409VWe
w58+/OEPp60j/TcYRnE06zwxaJqJNPA4eIDaijT6BugQ3kt6KLXgwJECCszAx0Hvg+8jfkzI6crj
KOc66YDDPe95zyE/hjfxrbYe9Ucn+Lx8f1R/UX9WXvBJaFBOb44loU7UA76KA1+BPBmH8uDbQO88
j9CzuAYCgUAgEAgEAoFAPQLrxXHOltH77rtvJ+e19GrOHGZyOKts2VGsTq/2eeAwYXce5KI73/nO
abt1nG3IRtJRkO3uazo3juvDDz88yULSq3HmcWQbIXd2yJnC6nYck0996lOHejUyKfo/Z6MjP9fp
1che7F6F3tnlfF8w0UpKnVFcT13t32ADQN9icgFnRLONODgjFx500EHDLY/z7dXRW9DtcdLl79CT
97Yd9JBh0W00gRjdBjmUwArh4447LjlBmbiO/oA+RQAbnKnI0X3DiSeemPRY9Cpkd3R7dgXA+Yqc
TaDOvnx986JtwAw6o86sBufcbMnh1AM9FxuRpykvx5OGnGyskGZHsZJeLYc0ZRetq9xMcMDuw5W+
IxsG+gz6qdJX+eapV2OvYoEItMGED69Xs1AEWpbj3Pcr6gJWbDNPH8rbjD6Gbo2dQOeYkwfbzOd6
NTQs2maCMqumwRwnPPiCobBoo+MK565X6dWs9GfVOPRN+7TJU85/5Vlabc4778TlN7sSYGOhjeF9
2rYf/kQaTNzx38CTsA1iayBAj+AKL8QOorZKL3v+k15NethawAFbnkIbvVpjQk5X0nVJS8517sGB
nQLFj+FN8N0DDzyQ1+kIPB2dUNcfPY3wjfJSn5fTmx0OqBP1gK9ir1WgvPCHPPg20DvPI/QsroFA
IBAIBAKBQCCw9hBYWse5X+nISrqrXvWqja0jx2BdpNIqRRQEbQNe+i53WqDga1Wi4uPIoXwKOJJw
uCIg++CdMjxHUMYJhxBIYBXsbW9723Sf//Or4/MzqPO4+W9tO8/zWTpWUPw02z/PM/+N8I/ShNOS
8+98AC8UdG1f7N/J0Y9Co63f/fu6e4RitnzqEzxek77H2YVjO2/rSd/xXttpt4lLHN92k2gdBRZH
oi+bVpwrP2gNhxyKAsYjgtqJrbVLq5b1LVdfHv+8z32p7ZvS8c7YH/7wh8mpjAJWF6gXkwrYFq90
xAGKEc5x+AH9WZM+lB4TM8AIGi6FWWKh9EuOUb3jSr9hO3aUwlJgdQlnfRHqeBLvJuVDHELOg8FD
Bk3eM7ubfoBD2QcUcY436Bvq2sSnBy9FMZZBkHeT+oi+99hoYtTrX/96vU6rus8999whn+YF+TGJ
YDubTEBom5fHsA2fYXyAFku7BZTabRq+lyoS/wKBQCAQCAQCgXWGwHpxnCPraqUjTkomPDcFOQbr
4pRWKSKzaRvw0ne50wK5S6sSFR+HIxOmFXAklXZM8k4Z4iKbXelKV6pwdhJ4z2TaUvCr4/MzqEvx
/TNtO8+zWTpWcEzuvPPOw7PMfZ75PY5GJvHjtNQW2YoDXkyy1fbFes5Vjn70am0X7d/X3dc5Cevi
++ceL/+8dI+zixW3ffRqZPF8RXspDz3zbTeJ1tFxcNL5smnFudKD1qB92oXd3QhqJ3gMk9PzttK3
XH15/PM+96W2b0rHO2PRlXEqM4miLlAv+hm6CP01Dxyhh3McflA65xr7BBihu5XCLLFQ+iXHqN5x
pd9gY6vTq3/605+mxRTEpe8Qt0Snk/Lhe0LOg8GD7fIV0J1JHxuJDxyrhu2yb6hrE58evJRJR9pR
gHeT+oi+99hoYhQLfhSYqHPOOecM+TTPyQ8ew2QCQtu8PIZt+Ax2ESYLlHYLKLXbNHwvVST+BQKB
QCAQCAQCgcBCILC0jnMcsygqKBreUVaHOrOliVcXWC3MDM5cyMWZy4re0047beRTZlKyyjMPP//5
zytmT6PE54H0WU3tZ9r6ODjimbGfBwRKzfzO3/GbGcs6a5nZwVqJXYqbP9MKapw8WjGax+n7G6cO
KwW8oxEnJTOUOVtOM8mVN1jTpt7JiXDMLF6/qlzl8U43lHxwyrdQZqYqs9i1ShPhm+3FMD70DThZ
85X5rHRnNQR0IjrzTreueU2i1zw9tudXndp8i6McI4IUQMqulfl52vymLsTRdofQObjS//IwC4x9
mqW29+/z+/xohT/+8Y+pTzJhJQ+sQtlvv/3SDGc/GUfx5FTnjGiUydJEGoxqlJGV8KXAymyMdbMM
kyYusKUbf3WB9mOlD8HTTh5fDlja/2EPe1jqY1ppQjvDz1jpohXl/nuMJqzA9v2f92DKcwxgXXiV
T1v3dW2i91zJD97mj8Bo00f4Fv7DDhbqJ/AZZsBT7zwwqQKehpHIb63YNq+8HeDr8DNWXyhQF3g2
q1eYnU8ojV3Mrqf92SKSwM4qrP7QKq70MP4FAoFAIBAIBAKBQCMC68VxrrO/kT28o6wOHGSjo48+
uu512naZCZwlvRrdDD3aB1ZRl3RdJnoiq/stnPUd6eOgrNOrcWRqlyx9wxU5Tnqhf677s846Kzn2
+I28ve222+rVxKtWUPsVoxM/ahmBo3pYnY9zRwEnJRM60XU0wV554zjHMemdnNoa3K8qV1re6Ya8
i4Md+dEH5GJ0Xq3SRBdA3tdkXB+37T32j9zZhwMN+kLXF53VTZJok88kes3TwDEo3a3Nt+ykxaR3
6QvoTNKX8rT5jQPxmGOOGTpboXO2xqf/5WEWGPs0S23v3+f32FfQAxWgNfok+k0e0LWhGVYO4+DW
ZBzFk1OdSQLocKWJNDj2KSP6fCmwIvwqV7lK6VXvZ9gzmiYuYIuCDuoC7ScbiaedPL4csLQ/dhj6
mOxGtDPb1aMjo+/lAX0Q3un7P3HAlB35mEjdhVfl6fO7rk18XPLDaaz68q5NHyEe/Ae6UT+Bz8C/
tNKeOAro06xCZ1zwenXbvPJ2gK+jM6NDK1AXdGXsOCeccEJ6TBvkYxd6NYt0mBBB4J4dVkKvTnDE
v0AgEAgEAoFAYE0jsLSOc1oFhQRBFscrs1K1vc88WoyVq2yHhHLODMtJeeEERlFluyO+wUHE9nKT
AvHJi9nuG264YRKA22x7zUQCAquB2waEY4RStsCbdG5v2zRL8ZiFi2BMPbbYYotSlJk9Y5stDAXk
Be5e0J5ZJpYQ7cQ2bwTadV75pAxW4B91YTYuuwSgBLA9Gooxig3bpM273VagimlHA+olWkRZWq8K
D0o6iiuGkKaV6XKc57snsPVjW+yYCIPhlJnlbIO41vsKtMo2cfB3dm6A52DsaMPf+9A5xhjGG3gO
ExRkbGiTFuMQ2M+rbG3KEHECgUAgEAgEAoG1isB6cZzTPsiGTLrD8YrTYZKuO02bsnKVSdTIkujx
k/JCnkEewoHBNziI2sg2yE7kxZUttZkI20avZiIBoUv7o1frfHMmy+MYm0f4yU9+MtRl2Gp8ngEZ
FxuD9Oq6s4anLQPto4nztOu88pm2nG2/py44jtmCHHrlNzSMDI/Dcd7t1rac08SjPtQLvZr+i72g
rW44Tb6L+C2TO3DoTlqZLsd5vntCF70a/dPr1Wu9r9Ce6NVM6pdeja2gDX/vQwvYJaVXM0Eh9Oo+
KMY3gUAgEAgEAoHA8iCw1I5zFEdtuc2scmatRmiPAJMNENxx+rDacdrVn+1zjpiBQCCwWghgeGRl
CP3ebyleKo9WtjOLvWmLutK38SwQCAQCgUAgEAgEAoG1jEAXx+laridl5+gZHWvDMUPsAhahPQLI
1HvvvXeSr5mUPu3qz/Y5R8xAIBBYLQS0TTt6td9SvFQerWxn50J2rOvitC2lF88CgUAgEAgEAoFA
IBAIBKZDYKkd50Cjs3TZNp0zkdbrTNeuZMLMVpzmnMvMitPSFvFd04z4gUAgsJgIMLGIrck4g48t
6XUeO1uLs20/K3DywBbzbN/PdnkEtjeDv7Ki5tBDDx1uL5h/F78DgUAgEAgEAoFAIBBYBgTWk+Oc
9tJZumyPi+wYenU7KkavxmnOpHQmmpaO9GmXUsQKBAKBRUfgDW94Q3XGGWckvZqdBXQeO0cUsotj
adv3M888M9nc3va2t6XqsSW49OrHP/7xsYBl0Rs9yhcIBAKBQCAQCAQCS4nA0jvO2f6X881w7jDL
c70ZOPpSLduusRUfZ7xxHnsYRvoiGd8FAouNAFvocXbY+973vmJBTz/99LEz6IjIOYZMRiqFum9K
ceNZIBAIBAKBQCAQCAQCaxGB9aZXolfj/MFpzurIZTiqaSXojq3dwequd71r9epXvzr06pUAPfII
BFYBAfRqFp+8613vKuaOE32PPfYYe8dkmpe85CVjz3lQ900xcjwMBAKBQCAQCAQCgUAgEJgZAkvv
OAcpZnmfddZZ1eUvf/l05s/M0FvihITZTjvtlM4CX+KqRtUCgXWPAGfYcw7dBhtsMIIFBlLOliyd
98gZ9+ecc07R+Mekm5hsMwJl/AgEAoFAIBAIBAKBJUNgvTnOaT50xG9/+9vVLrvsEnp1S3oWZjvv
vPOYrN0yiYgWCAQCawQBdGrO5M51Yc7q3mGHHWr1aiYjbbjhhmO13HHHHcfSGosUDwKBQCAQCAQC
gUAgEAgEZo7AunCczxy1SDAQCAQCgUAgEAgEAoFAIBAIBAKBQGDdIrAeHefrtrGj4oFAIBAIBAKB
QCAQCAQCgUAgEAgEAusGgXCcr5umjooGAoFAIBAIBAKBQCAQCAQCgUAgEAjMAoFwnM8CxUgjEAgE
AoFAIBAIBAKBQCAQCAQCgUAgEFgsBMJxvljtEaUJBAKBQCAQCAQCgUAgEAgEAoFAIBBYcATCcb7g
DRTFCwQCgUAgEAgEAoFAIBAIBAKBQCAQCAR6IBCO8x6gxSeBQCAQCAQCgUAgEAgEAoFAIBAIBALr
F4FwnK/fto+aBwKBQCAQCAQCgUAgEAgEAoFAIBAILC8C4Thf3raNmgUCgUAgEAgEAoFAIBAIBAKB
QCAQCMwBgXCczwHUSDIQCAQCgUAgEAgEAoFAIBAIBAKBQCAQWGUEwnG+yg0Q2QcCgUAgEAgEAoFA
IBAIBAKBQCAQCKwtBMJxvrbaK0obCAQCgUAgEAgEAoFAIBAIBAKBQCAQCLRBIBznbVCKOIFAIBAI
BAKBQCAQCAQCgUAgEAgEAoHAfxEIx3mQQiAQCAQCgUAgEAgEAoFAIBAIBAKBQCCwfAiE43z52jRq
FAgEAoFAIBAIBAKBQCAQCAQCgUAgMEcEwnE+R3Aj6UAgEAgEAoFAIBAIBAKBQCAQCAQCgUBglRAI
x/kqAR/ZBgKBQCAQCAQCgUAgEAgEAoFAIBAIrE0EwnG+NtstSh0IBAKBQCAQCAQCgUAgEAgEAoFA
IBAINCEQjvMmdOJdIBAIBAKBQCAQCAQCgUAgEAgEAoFAIJAhEI7zDJD4GQgEAoFAIBAIBAKBQCAQ
CAQCgUAgEAgsAQLhOF+CRowqBAKBQCAQCAQCgUAgEAgEAoFAIBAIrBwC4ThfOawjp0AgEAgEAoFA
IBAIBAKBQCAQCAQCgUBgpRAIx/lKIR35BAKBQCAQCAQCgUAgEAgEAoFAIBAILAUC4ThfimaMSgQC
gUAgEAgEAoFAIBAIBAKBQCAQCAQCIwiE43wEjvgRCAQCgUAgEAgEAoFAIBAIBAKBQCAQCDQjEI7z
ZnzibSAQCAQCgUAgEAgEAoFAIBAIBAKBQCCwFhEIx/labLUocyAQCAQCgUAgEAgEAoFAIBAIBAKB
wKohEI7zVYM+Mg4EAoFAIBAIBAKBQCAQCAQCgUAgEAgE5oZAOM7nBm0kHAgEAoFAIBAIBAKBQCAQ
CAQCgUAgsIwIhON8GVs16hQIBAKBQCAQCAQCgUAgEAgEAoFAILDeEQjH+XqngKh/IBAIBAKBQCAQ
CAQCgUAgEAgEAoFAJwTCcd4JrogcCAQCgUAgEAgEAoFAIBAIBAKBQCAQCKwJBMJxviaaKQoZCAQC
gUAgEAgEAoFAIBAIBAKBQCCwKAiE43xRWiLKEQgEAoFAIBAIBAKBQCAQCAQCgUAgEAjMDoFwnM8O
y0gpEAgEAoFAIBAIBAKBQCAQCAQCgUBgHSAQjvN10MhRxUAgEAgEAoFAIBAIBAKBQCAQCAQCgXWH
QDjO112TR4UDgUAgEAgEAoFAIBAIBAKBQCAQCASmQSAc59OgF98GAoFAIBAIBAKBQCAQCAQCgUAg
EAgEAouJQDjOF7NdolSBQCAQCAQCgUAgEAgEAoFAIBAIBAILikA4zhe0YaJYgUAgEAgEAoFAIBAI
BAKBQCAQCAQCgcAUCITjfArw4tNAIBAIBAKBQCAQCAQCgUAgEAgEAoH1h0A4ztdfm0eNA4FAIBAI
BAKBQCAQCAQCgUAgEAgElh+BcJwvfxtHDQOBQCAQCAQCgUAgEAgEAoFAIBAIBGaIQDjOZwhmJBUI
BAKBQCAQCAQCgUAgEAgEAoFAIBAILAgC4ThfkIaIYgQCgUAgEAgEAoFAIBAIBAKBQCAQCKwNBMJx
vjbaKUoZCAQCgUAgEAgEAoFAIBAIBAKBQCAQCHRBIBznXdCKuIFAIBAIBAKBQCAQCAQCgUAgEAgE
AusegXCcr3sSCAACgUAgEAgEAoFAIBAIBAKBQCAQCASWEIFwnC9ho0aVAoFAIBAIBAKBQCAQCAQC
gUAgEAgE5odAOM7nh22kHAgEAoFAIBAIBAKBQCAQCAQCgUAgEAisFgLhOF8t5CPfQCAQCAQCgUAg
EAgEAoFAIBAIBAKBNYlAOM7XZLNFoQOBQCAQCAQCgUAgEAgEAoFAIBAIBAKBRgTCcd4IT7wMBAKB
QCAQCAQCgUAgEAgEAoFAIBAIBEYRCMf5KB7xKxAIBAKBQCAQCAQCgUAgEAgEAoFAIBBYBgTCcb4M
rRh1CAQCgUAgEAgEAoFAIBAIBAKBQCAQWDEEwnG+YlBHRoFAIBAIBAKBQCAQCAQCgUAgEAgEAoHA
iiEQjvMVgzoyCgQCgUAgEAgEAoFAIBAIBAKBQCAQWAYEwnG+DK0YdQgEAoFAIBAIBAKBQCAQCAQC
gUAgEAgERhEIx/koHvErEAgEAoFAIBAIBAKBQCAQCAQCgUAgEGhEIBznjfDEy0AgEAgEAoFAIBAI
BAKBQCAQCAQCgUBgTSIQjvM12WxR6EAgEAgEAoFAIBAIBAKBQCAQCAQCgdVCIBznq4V85BsIBAKB
QCAQCAQCgUAgEAgEAoFAIBAIzA+BcJzPD9tIORAIBNYQAoPBoHrXu95V/elPf6pufvObV+vdGPrp
T3+6+s53vlPtvvvu1U477bSGWjKK2gaBZaX3H/7wh9WHP/zhRLPXve5120ARcdYYAivZxsEH1xhx
RHEDgRVGYL3LiisMd2QXCAQCawQB9Iy3vvWt1R//+Mdqn332qbbYYos1UvL5FPPjH/949c1vfrO6
/vWvX13hCleYTyaR6qohsKz0fvbZZ1dnnHFGtfPOOyfaXTWAI+O5IbCSbRx8cG7NGAkHAoHAHBFY
947zj33sY9VRRx1VXfKSl6y23HLL6rjjjqs22mijOUIeSQcCgcBKIPCJT3yies973lN97nOfqy5y
kYtUF77whaub3vSm1T3ucY/qfOc731gRvv/971fXvOY10/P3vve91bWuda2xONM8OPfcc6uDDjqo
utjFLpby/9vf/paSe+ELX1htuummrZP+17/+VT3mMY+pSO9CF7pQRTpd05iUGWne8IY3rL797W9X
xxxzTHXwwQdP+iTeOwRw7KFk/uY3v0ltfbWrXa3aa6+9qg033NDF6nfL5I5TTz21usAFLlBd8YpX
rB7/+MdX5z//+TsnNm9671ygwgc/+9nPUh9+//vfX0H3hEtd6lLVIx/5yOoyl7lM4YuqeuxjH5v6
A07zt7/97dUGG2xQjNf34XOf+9zqgx/8YLXZZpulJH784x9XD33oQ5NRsEuaOGSRPbbeeuuqbxpd
8lumuH3buOuYEHxwZagm5PCVwTlymQ8C4TgfxfVDH/pQ9ehHP7raaqut0vh28sknh149ClH8CgTW
JAIf+chHklz9qU99KsnA6K63utWtqv3226+oV5911lnDidef/OQn00TsWVYc2fne9753dYlLXCLl
/9e//jUl/5rXvKazXv2QhzykOuecc5KtgHS6pjGpXsiT17jGNapvfOMb1TOe8Yzq0EMPnfRJvHcI
4NjDpvPrX/86tTX2mhvf+MYz0auZ3PH85z8/6dW77rpr9ZSnPKWXXj1vendw9L796U9/Wr3tbW+r
3v3udw/16ktf+tLVEUccUW233XbFdNFxTznllOQ0P/PMM2euV5944okVdrfNN9885f+jH/0oyRB3
uMMdiuWpe4hDFvvYNttsU/VNoy7tZX/et427jgnBB1eGkkIOXxmcI5f1hcBSOc5h3n/5y1+Kwrtv
Vgzwe+yxR1pR+sY3vrE68MAD02sEb4zZF73oRX30Vb1HwMbBUXK48OwGN7hBUYBh1uNHP/rRSkpE
qRL//Oc/q912261CYMoDDrPXvva1FYZmHAQ77rhjistKPhyK97vf/dInYAlz/ve//50nkdoBx972
22+fhJixCB0f9MXCZ4OzkTb/zGc+kww5GHaY+fvb3/62wkmDY5MyE/7whz9UKIdgqUB9r3zlK1eX
vexl9Wh4JR4OFTl4hi8KN8S53vWu15vWoHMExP/85z+F1Ecf4STee++9qwte8IKjL5b0F+2AIo1S
kAcc6F/60peKq8l//vOfV7vsskv65AMf+ECFs3OWQau3fZp9eM6f//znRLM/+MEPUlJ90vBlKN1D
n3e84x0rHBpPf/rTqwMOOKAULZ4VEMCxijM7Dzh8UQxR6KYJT3rSk6pnPetZKYlb3OIW1Stf+cri
GDApjy70Tp96znOeU6FwP+EJT6g23njjSclP/f7zn/98muhSSuhxj3tcrdHppJNOqo4++uhqGmxK
eeoZYx9GFh/69BEve5BWnzR8GdbTfdc27jsmLDIffN/73le94Q1vqJ74xCfWTiJZTZpgvHvyk59c
PeABD5i4QsX3hXmMZ9Pi0Ff2hO6WTQ6fFstl/H6ZHefoNMicpcmmvi3hlUwOZEXpq1/96upe97pX
es2k9G9961tFmdt/v5L3X/3qVyscHCW9Gj0JZ0xpwh39GacB+lddQK/GOVaa2MdK05e97GUVtgoc
BJe//OXTZF0mWTLRD/2TAJZMFqzTq5kEjE5e0t3rylX3vC8WPj2cjbQ59gJkQyYD3uhGN0oTR3/y
k59Uj3jEI0b0angiWCpQ36te9arJVqBnuhKPsQ5cJwXSwSbStz/Srtgz2urVTMReT3o1TiwcbnlA
r0YfLa0mx64CPRA++9nPDien52n0/Q1vkd6uNPrwHHjcVa5ylWRvI50+aSj/uiv0Cc1AY89+9rNj
QnodUIXnz3zmM4s6HzyQCRnT8kIm4z7taU9LOd/mNrep3vKWtxTHgELRRh51oXd42wknnJAWQRx7
7LEroldj+7zOda4zUmb9QF5Hty4FFpUdfvjh1TTYlNLVs7vd7W5Jn9Fvrn36iJc9+qbhy7Ce7ru2
MfTbZ0xYZD7IwpRXvepVFf2xbhLJatIE4x0TXJjkxeKmpuD7wjzGs6a827zrK3tCd8smh7fBK+Is
BgJL4zjPnUmT4JWR+h//+EcSlHGkL5rBDuZwl7vcJTlj6+rzve99r6gkgsfVr3716pe//GXdp+l5
7oAgTwRUZlvWBe+QwMHeZjvc293udskxAMZ9wjRYKD8cTA972MP0s3j1DlNmGx9yyCFj8dheC8Wf
FZ8+sMq0i7N1mlXNJSesL0t+7+uVv1u23x4bFAG2Xf/973+fZp+i4GPQKRkBmSiBw/NXv/pVEppK
kyOmwQoj2C9+8YtkMCKvaXjO7373uzTRY5o0mupCf8NRioHvQQ96UMKsKX68Ow8BJrOgWBKY9Ywy
CF/AcIhhCV6J4SnnHed93e4/dMSs+/vc5z7V7W9/++rFL35xr5nxXeid8eQmN7lJMoSuxOQy6I8V
ay95yUvSOMZ4hFGOiU84/DHQyxiXo4bi8/KXvzwpFdBuqa/n33T5DW78YXR/6UtfWh1//PG9nN7I
HhwLgSzCjhGSSbqUZb3G7drGfceEReWDlAtZBgV/Ucf2N73pTdUDH/jAVnQdcvjoRCDadxHl8PXK
bybVu6+jblK6q/0+dyZNKo8M3fRnHNNXutKV5uKAmlSOpvf0rVve8pZpEmNdPFY0lpyA4HG5y10u
yfF13/I8d0CQ51Of+tTihEql4x0SONjZTWhSwD4A5hhF+4RpsFB+yJ9MjmoK3mHKxIH9999/LDr1
/fKXvzwmG7PKFMzbhmlWNZecsE35+no1xVuGdx4bnH3QK3oo7cMkkJvd7GZFWRtZGf0HWxQTfllI
McuAPoROAC1THhY29HUSsICCiR7TpNFUN8oIdkxGevjDH54wa4of785DgAU7LP4gHHnkkUn3he6Q
L1lYxOIXMJ1Wr2aHMhYM3PWud00Lh/rs5NaF3hlPrn3tayebE/1r3nIE9IdNk8n9LIBilffFL37x
tMsCk+KZMMYE/1Jgsjh6Kv0c3WMeejX9l4lIlI+dDiVPlMpT9wzZg2MhWGDACvk+adSlvezPu7Zx
3zFhUfkg5UKWwe60qGM7fol99923FV2HHD46EYj2XUQ5fNn5yrLVb2kc52z9wUxOBCcYHwIPRnYM
7sxk1jNWUMJ4vJFa3+LUgllqC9ZFaGy2mUaJhgFSZsrKzEi2x2LWOQ7p0sx4ZnThXEERwMCPMuCx
4D2CD8LotttuO6wq+SEYEVD+ESI32WSTtEoXIRXlxztr/v73v6dzoTE0sPUU73HGs6qSd8ya18pf
ZjkimJZm+Q8L0HDTFwuS9KtAoQVm9qPsgS2CJE4tgjdCI8S9853vTAoZAqbiEA/HOUYhH4Q5RnpN
PAAT6gvDJiAUigZ9Xj6dNvdMmEDwpS3UXkoX5zD5Uh52DeD5NHm1Kc8ixcExiWGGNlY7LFL5KIvn
OX0dkazAYBIAfKtvGouGy1ovD0o9yhpOX/i0AityGIfomzjXp50dzxZk7BbCJCacZ30UfJWtzXUW
9NomH8WBtnGOM25hNFnEmb+UlTEWJcbLE6pD2+ss0mib13qNtxbGhK5to+3qF3VsF+Zt+4bnMSGH
L64c3pVO10P8eRu8VwtD+iR6G3o1K1yQM5BlmGDKxGw9Y/UHDlFvpNa3rMD77ne/u1B6NfIyq13Q
qzGwszMbu9SgV/OHQ7pOr0aHRd9Fl2ObaI8Fcgt6NbYIP/GW/HbffffUjEyIufvd7570anbVuec9
75lkeO+sQXdmxSOTeHEgIOOjj6Orgys6NfyVwM5l4N9Xr+6LBXmjF3NsDgE9GgcpO/Z97WtfSzoY
Ti2CN0Jjk6BurOpmVZfiEA/HOat+fUCPBXN0de3khD7v9WqO1xMN+rx8Om3uoVN2AaAtbn3rW6dP
lC6y+/Oe97ykV0PrH7JVw9Pk1aY8ixSHiXD0Cxy+tPsiBs9z+joi6cNsAQ7f6pvGImKzlsuEPs0E
ZXZXgl8rMCkd3ZC+Cc8p7fKhuG2u2PiY2MGkEJyIK6FXM76uFK1B29gNGMPZebHLhKQ2+M0qDvwe
27aXJ7qmPYs0uua53uKvhTGha5tou/pFHduFedu+4cfEkMMXVw7vSqcRf/UQWDrHOauBX/SiFyXl
Vc4FnL96VjJSw1hQdFHoXv/61yelFIcvQgaOZc73ZVZeKSC4ve51r6tOP/304WsUZM572nnnnYfP
pr2hLDjJKCNb7Wg78bbplrAofattgBFQUZB8+MIXvpBWHZZW5jeVj23WMBQQZmHkbcrLl1f3cjLz
u2TEZeYqW+sRUJJxcPmAkYSVvQRWlFOf3DHm43usmY2fB9HgNFioTszgZltygtJFuWelK8Eb11EI
cKRjEMK4A46sqrjzne+cDGPM2GVLUowQBK6kg0LCLH6UCBx+++yzT/qNkQODE2d277nnnmnrwPRh
9o/V3hhKmLBCnoQddtghlZtt9WYVUHKZfc62h9AxEwqOsjOEMY5RFyZK8MdEEB9oTwQKbblHGdmO
edJ21NP0ffGctk5v6obDFbwpJ2dwMSuebZJQgmblOKf9oQPRACtioQ8/ucZjxz1GPjB8xzvekXCE
vigbChptAd/S0Q75t11/Y0TDkYrRijqLnsiD7eT9KmQmq0B3zKQmMCudGd70DzCDbikX5/PNKnD2
OOfW+X5J2pSTMn7961+fCQ9U/2c7VIxYjAmkDV1B49QVg0IpdKV3+hS4sXMDZ7aDP2OAJgORxzQz
/X0ZmawE/4TOmfjyAzNksB31lltumfoxxmjqmE88gEczdst4DE0yk5+/pqDJTnzLRDsCdMF4ddvb
3nbIE+rS6OIc1DagMhQjUzDDHwMGfLY0NtXlO+k5Sh91wjBPgPdDE/RvaJGJVbQZOIkv08ZMAsCg
zU4T8CbamG0wMc7nfFNl6MMHyZdV47Qtq4XgGRiQ6IuUnRUDj3rUo0Z4cJ827jsm9OGD4IGjg23H
4TvgDC2BO5PcGJ+RCXGUTLNag/7IWKwdGcCRnSygZYW6/gjuyKp8Ax1qTGcCHpNwNAYqnWmuOBdw
quDwefCDHzwsH/RVykdjYsjhVZJfGEMWWQ6fhjaW7dtld5yzGphxAr7FmMx4whipZyUjNf0Zno7M
AL9hrMThizyOvo2cVLcDGToZu8YgUyqgYzB5O5+wrPd9rvBonGSUkd3TuurVJSxK5UAPYxtgHMV+
QiVxGe+QU0qrZJvKB6boYkqDekwTmvIqpSsnM+9KRlxkVLaTJyCHMNHCB8ZKtSXjI/XJHWM+vsca
PTYPosFpDN6qE/YiHU+ldF/xilcMdW1vXEeXhValV0PfyHaM84zDyNtf+cpXhrIMuhW7RaE/I2cx
BiPXossxIR+skH9Jg61YceSXArIyMh7jLHkSiEu5kStnFZCFJCdDu0woQFZFlkBHZqIEf7l8SHsi
f0mXhL6Q6Sfp1dP0ffGcto5I6oYuiWxOOdFZ+QM/5FrKPwveziQddhhU3ZFvoQ8/uSZvL8nIb37z
m1M5oC/Khq0KWRJ9DDxnEWhfdHX+sDOInsiDCTF+FTI6gdeX0GuxE6CHghk8nXLh+JxV4Oxx0vT9
krTFs+hf0/R7lVP9//73v3/1ghe8IB09Qdr0R2icutY5m7vSO3I8uGFbhBeiBzIGzEOvRqaGf0Ln
8B5kf8Zi7CW0NeM5dcwnHlAu+J7kdfoX5ZU9VLjlV+gJvsm32FoI0AV5Y09Sevl3+t3FOUidsNfT
dgQwRJdhoRW8qjQ2KZ+uV47upE7YngiMb/Bo+je0yIQu6dXYgnhGG2NnQu/B5gtvoo2xke1t/oWc
b6pMffggPAPdk8UU2L3gGchN9EVsuOyGwBgrPkRefdq475jQhw9SRhbkse04fAd6hZbAHb0XOkOO
uO997zsTvVo7MjA2o7u31auRVcEeOgR3+hIT8JiEM4neqWPbAF9iJ0V2LkG/Vvma9OqQw89Ddy3I
4W3pIOKtIgLGwFsFUywHi/xng/PAnOYDMwAObCBIZTVBimW+AxtEh8+M8aZnJvgP62Or2gbGeNNz
4ud/JjQOTNAYxhcONgNyLK7/1gyGAzP2jn2n77tcVUYbMIplmZRWCYvSNyYwpjqZc2ms3NTFVpMP
TPkf4qk0mspHe9jgndI1wWEsXaXR9tqUVykN21Yo5W2Dx8CcAWP5Uy9zkgxs1urABvax9yeffHL6
3gyZAxM+0n1TOwhrT4s2qA7MkTUwYWZgwn9KwxSpsbxK5S89Ux6ejk1QS+n6Z+Z8SM/A3c6fS/ee
RqmzGTgSnZpSMPaed9TDf1N3b4b8gQk4I3UyBa/xWxPoBvTdUh27PCMN2qSubHpuToORvMxpk/iG
3nNtaluVadq+35aGoRdTGBvr1aa8Kvekqxkmx/IyZXoEM58G+NGvPH75Pfw3pwufRpf7Aw88sDav
vP9CE3lZSr/NoFlbvy5lI65tz57yNIf2SJ3NOJOez6qt1P9L9dGzUn/sSu+mZLXC0JSMmWBoSu7E
/Bjnc3oyRXHsO88HS+0Iryct4ZVfaasvfvGLjfUq8dxSXmY8rc1H+U4qbynd0jM7g74xL0+DZgho
jKuy8Y3tXDKGRR8+aAaiNBYq7dLVl1F17NrGfccE8uvKB/nGHEMTsZyWF5qRYGIe4ImsItx0pa2R
QUp48wzMiaP4fa70KdKpy0PPbTJrrQypOPk15PDzdLBFkcP70MeyftNKiV6DkczoOzCn+cAMgAMz
9Kca2I5aqX+bQXD4zJwG6Rnjt4IZ4ge2eriWF9jkt8RrFF9XOyKo9ht4ghkMB2YkVPSpriqjGduL
ZZmUeAmL0jc2cSjVyYzuY6+pC7YCeLYwVqSm8hHXDO8pXeTBaUNTXqW0JevapLqBOQjGolCvO93p
TkmvtsmQY+9tO9RUdvRhM8Sn+6Z2ENaeFpGrzZE1MIfOwCZxpDTQ0fsG5eHp2CbCpXT9M8lY4G4T
y9N7P16hi8CnwcCcj2PveUc9/Dd198jgZhwfqRKyWF18ntvK8AF9d9pAGrRJU168M2frSFbm3Eh8
w3/X1Lb6eNq+35aGoRfbHaGxXm3Kq3JPutrOHGN52WTn2s/Aj37l8cvv4b85XdQmOOGFTQSpzQta
9v0XmsjLUvptO69NyLX9a9vJLeVpDsiROttinvR8Vm2l/l+qj56V+mNXeseGqvSaruhKswjSU5vy
YpzP6clW3Y+V0/PBUtnQu0irLi/aCnt6Uyjx3FL8NvrrpPKW0i09sy2ea+tEXT0N2u4ojXGFDd/Y
xIyx7PrwwbPPPjuNhUq7dPVlVKZd27jvmEB+Xfkg39hCnolYTssLbcHcxDzA0xbCUaSRQFsjg5Tw
5hmYE2eaQJ8inbo89Nwms9bKkIqTX0MOP69lFkUOn4ZO4tuVQYCZT63Cohs85Ejwhkn/LHem24zl
oYFQTiwxFIzBCCxycPLcZpIN44OFnZc9ZGI4SWwG2oB0bBbxiNHVZgOPfNcXR5WxZFBuk2YJi9J3
UobJx1bSDxiMcydF6bum8ukdOK6045y8baZ7aqu8DX09wAdF3mZljrQXjiZ9j6IDHclRWNe2wtpW
PCdHvM1aHuAUAVPSZxAF29JkDF+mpnsJwhhcFE/PvAOGZyg+KBg203GA41jOIsrjDeUYL+Qk5x3O
fhR8yikHvPoI71GMbCbwMD3eHXbYYcPy2IzPYR8BQ/JGAbOzDwc4K5WWbZ0/9QQTJkQcccQRA9sl
YWC7PQzTti3bk4KM4YpJIaWJEbQXTg+c/NSLv6a2mUXfV59oygvsNZEFrGgbW6GZMOc74deUhmij
7dVmSyYsmNQB/ZJHU5/FqU4cnBpyrOHstxnDw/J5nty2HHXxNAkGRZ+JIPAnyio8fH8gDfqszcoc
lkV0CL/GeaOy20z5Id3W5d3muRzkpMu4AHZ2DvYwf/Jsw08n5SUeQz78UX/yYVyzmbjD/Hx/VJpd
6H2lHefgh3EEo5acfNSNevCMSSQowvQN1YcrNAe/og/bLhOp/p4P+rjcq/+BHfwR7KAl+LMMsLyj
DLYSfSQvn1aJ5/r33Hvlnrww/GMYyJ2zTeXN06z7Dd9SX4AWGL/gjfQVTQ7kvedvTHoQHekKT7ZV
VAMmX+gZZfcTCfrwQRRAjT+kS/q2ympguxiM4JGXkfp2beNpxoSufFAT6oQVYyP9DJrUpEHewQsl
i9a1YdPz0047bdgeyqt0zR3nni6ID73zjIlxyDFKo4R7U3nyd7N0nIccfh5fX1R9McCAAABAAElE
QVQ5PG/79fy7lRK9BiPJkeANk/6ZHL16Br9TkBNLvAVjMGOsH18ZY3ywFTtDXoQcgO5EOozL3uiK
fDmLoDKWDMpt0le9/SSC0ndy/JCPHf81sBWAY06K0ndN5dM78GWsmTYovTZYENdWiae2ytvQlwN8
4F+265h/PMDRpO9tpX8y9spRWNe2wtpWESY9En0WWZDykj7yAdjCh/oGOWxsO/1hEnrmHTA8Qx5i
/LRVfslxLGcR5fGGcmRNOcl5h4yLkZZyygGvPsJ7xmZkK6XHO9uiflgeZBPFB0Oc1raCOckVyB16
Zyvnpp5gwoQIOypgYCu1RuQzW/E2OPzww5NuhW6NXJcH2gunB3oh9eKvqW1m0ffb0DDYayILWNE2
tvo2YU4Zhd+k8ub1bfqNzgcWyInQL3k09Vn0VuLg1JBjDWc/uq7K53lyU95t3snuhzzORBD4EzqD
8PD9gfTos9hbVBbRIfwa543Kbitc22Q/MY4c5KTLuAB22EKUP3nmTt+JiRYiiMcoXepPPoxrtkvK
MD/fH5VMF3pfacc5+KE702fl5KNu1INn2M3QZekbPkBz8Cv6sGx2ng/6uNyr/4Ef/BHsoCXbHWPg
J/1SBlspnn8+/F3iucOX/72Bx6qdyIvFXtgYvZzA+6by5mnW/YZvqS9AC4xf8Ebb5W84OZD3nr/h
Q1D5dIUn2w4SA29XoezoYgp9+CDObD9ekD6+CPR1j0deRvLs2sbTjAld+aAm1Ak/xkb6GTSpSYO8
myR/Cdu6q+1YMNZWytNf8Qn54OmCeNA7z7BPeRtoCXefzqT7WTrOQw4/bzLDosrhk2gh3q8+Akvj
OJeR1LaxSIwL5oVwBTPzxkqUDgzWDH7E4c8b0WF2es5VRnjvkPHxETh9fN3LwTPJ8K74k67Ks69h
s4RFKc/SYA+GrEamThi4S9/58nnnM/cSsBEQSo7LUnpNz3xeCBxNcb2hvs+qSAZo0RA0Rl5yltg2
McUV7MKa7/xf37Yr1Q+BAjr2K6hVLu+Aofw4X2lXpaN4lAchRM8Z7G37sFRmnwbvPV3gEMRI4b9j
JwLVFSGdd3IM4YDFgaP4utrWO8NvwEzPp72qrDgpcwfbpLSh8aZ2Eu1R12n6vtJpyssLc/kOEHa2
4tCx3ZTGpPo2vVf7NDnOX/jCF6Y29DxWacqJAr10bQelUXdFAIe3nG2GWNLWTiIlJ73qYVtZJoOb
0oR3gB1tiZFAz6e94rRSX/BX+J/vN9Pk43kM/Vu8SWkyXilv9Ue989dJ9E5cYY3DE7xQWHlGnvrz
ac7qXvyja9uo/+c8zJdLNEF9SmOS0gDDuglSpCdeWpcXTlLbfjy1BbIAhiVfDpRotVNdGj7+pHs5
6amXH4f5Dh4ML6YcTGDyaUleoSwYEf07jH3qJ7QJ78S/iN+FD2LEUH3zfEhXK9jJr2lsV/u0xUzx
+4wJopU6PujHTSYQYXj0+NFHRAMl/uTjtrknPfLUpCrtXKO+iEMhT0dyLDyoNNb6SW5e1s3TafMb
3kD5NDaojZrKR7qepkIOHze60W8WSQ5vQwvrJc7qq/LzKYGMpOz2oSDngjdW0ucx0KJvKHgjOjzK
BxnhvUPGx4dflYIcPJMM76VvS8+UZ1/DZgmLUj7IqRr3/JXVyNQJA3cp+PJ55zP3ODRJC57uV4SW
0mnzzOdFv20K3lDP2No1yBEGDUFjBDlLbHvU4TOfrrD2+HHft+182rpnDIKO/Qpqlcs7YCg/zlfa
VUHxKA9jnQLOKNtGNrWVT4P3fK/64BDEiaHAd16Ox0lPkCMEBywOnDz4nW/AbFZBZcVJmTvYJuUB
jTe1k2gPLKbp+0qnKS8mTQvzfAcIO65o6NhuSmNSfZveq32Qw+qCZE7PYxVXThTkv67toDTqrjif
4S04O0lbO4lQjtwxrXrY0ZRp4obShHeAHRjjWJxV8AuZ1H5c4X++30yTn+cx9G/xJqXJpGflrf6o
d/46id6JC544lHF4ghe2AZ6Rp/58mrO6F/9AT+kS1P9zHubTEE1Qn9KYpDTAsG6CFOmJl9blxYQ9
dqskHWQBdB4f/A5vdWn4+JPu5aSnXn4c5jt4MLyYcjCByQfJK5STCeI+YMNVP6FNCOJfxO/CB2WH
KOVDulrBTn5NY7vapy1mit9nTBCt1PFB+I/GTSYQYfP0gT4iGijxJx+3zT3pkacmVWnnGvVFJsjl
QXIsPKg01vpJbvCOaQK8gfJpbFAbNZWP/DxNhRz+P3mLvqK/RZLDp6GR+HZlEFiaM86tA4wFE2zS
2ZJmrExnfnCWVCmY0JXOXDNlJ52Ts9lmmw2j2czPdF4Kadgs4HR2hdIlEucU3fKWt0znPekjzlnl
nCAzHKazODgPhfNxpgm+jKX0OOfFjJXpzJrS+ZYq8yQsKCNnvdrM5VT+UpltlnRlq/9GXql8nLPL
OUDCmjOTFGw269j5bnrX5aq8aK9JWNhgk9qWcnFmCefKdAk6891mZqZzOk1ISme/6uxcziTTOW1K
V1hzVrqt3EtnZ3GmLOda2czNqWlB+eRXE0QqW2E98axc4Qcm1ItzUgicrcbZg+a0GMNVdeIdtM35
az7Y4J36gRkU0jk/tjp6iLs5E9KZutCoAn3EFMCUP8/MKZHOj9f7aa4qq++zbdPjDBTOqSnRFWko
be6n6ftqgzoaJn1TLNKZjmBpSmPiPTxXMCNPoudSeynONFfRU1PbmEKRzj8mH+gdzLfaaqvhuX3Q
Cef6ih9MUx6+td0K0tljtjtEMSmwsu2URvJTPcyhPTyjkI9tiK3MYZjGhqY6FjOqecgZb5xVaE7L
FIOzECkz54kRbCZwylNnHHNOoSk9w7O5U6Saf/e+973T+eW8Fh3WtT18z5SJRMecu2WKTTHVSfSu
j9rQq+LO6krZGEO7to2wMYfd8JzKvExKm+eM65wNpkDbwM8Y58wh0MhPRVt1eXFu+E1ucpN0fipn
XZbOITXlK51/WpeGytXmSn6cywX9mTJX2aSVdH4dZ2yZ0pzkA87BzM9VEx5mqE3jXJ4XZ8hxDrs5
3dMZ9/AtW2WSorXlg5tvvvmwv9HvjjzyyDybdA7cwQcfnOjWJumlOoxFsgdt2th/p/h9xgS1cR0d
+jbm7FXOhcyDTaBI/RHMTjrppBH+lMdt+1ttVlcupQOfM8NMOo8Y/mOrS/Rq5Gqz+Svb2SHxcMm6
IxE6/hBubena8xgzplQhhy+2HN6RHJY6+izOwV0rAJkxMJ2ljHxh23zW8jL6M2crmlE7nfvo+7NN
hktyI2kgb3MmpNIFBzOYpnM5SUOBMexDdh4xuiljmU1Cm/r8YV/GUnroLMgA22yzTTq7VGXRVWWe
hAXxzfCbZAnKXwq2FWxlq/9GXql8nLPLuCI5mjOOFeDp6KnTBuVFe03CAvmStqVc5jhPsn+X/Bm7
kHue8pSnJP0TvZp8bXJmSobzv22b/5EkhbXtGpXGM86kRl7h3FbKMa8+iB5mW59PPCtX+FEW6mUL
BlL5sSGBVYlmVSfemSMr6d6+0sihthI/2aU4R91WRw9xN2dC0rWRPxToI+gg0ukZR0syp+J3uaqs
vs+2/R49iPNpS3RFGkqb+2n6vtqgjoZJ33a8qPbdd9+EJffwHh+wf4Ftqb18vL73oqemtoEWdt11
15QF9G5HCSbZnf5vDrpEJ9idxA/6lkXfmdOnQj9GVywF6A7Z1uenemCbOOCAA4afIW9i90JHb6rj
8IMWN+agS3qUTaZNsbEl2qr3ChmTYCu4K3NSDs84Nsd/xbno2JkmBcou+6zosK7t4Xu20jXZwOiP
nNldCpPoXd+0oVfFndWVsjEGdW0bYWMOuwodrRSUNu8Y16mfgvTqQw89NNlQm9IRbdXFgedhgzXn
c2WTxRNPVD66Miaa83ki31b8piv5MR5Bf+jVNmklnW8Ov8XehXywyy67jOnVwsMmCI7ZzMkPu5A5
3VOfZhyFb6GfE9ryQWhX/Y0+cNxxx6Xv/T9zuKb0sN2SD3UohTZt7L9T/D5jgtq4jg59G9tCx2qf
ffbxWad7ZDP6I2edYyvy/GkscssHarO6cikZ+JxNdqte9rKXJf6DTFMKtugp2VT6YFRKT7jV9Y38
G89jaK+QwxdbDs/bL34vIALW+VuFtbhywBhfmlFixtLG7TG10sWcEGOrnLQSh22StcWm0rXmHM5Y
qbsvpdkHy6Yykh4r7SlD3XnEKvMkLHzZbBBPZ4+xUputw/wWq/kqQJWvhAOrvPzKaJ9Hn3vlVYet
x8KvOGeLwC75mfNhuF1wqV48Y6Venqaw9qvbWLHBrLSmVXR5Ol1/a9ahGarHypSnpVlrYMhsSlaI
aVVcvs0r35bqlKepFaLkTxt5eqnDT8+1ai5Ps89vlbULrSsf6lBHV8RR2ip307UpnUk0TF5aUch2
fiqfv7ZJw8fvei96MsdMMX/Sg27Y3q0JB2bdind2LYOPb0bTkXz22muvtP2YtpSnDKU2Vz1K/UI0
21RHX4ZJ91q5y+p2c9YNcWOLKWFkhrXhc60Q1rumq+8jokPPY/KyqW6leivuJHpXvHnTmvLxV5W/
a9sIm6Z6q2814a13rOzy5fL3TbRFPLUvvJ8Zyf5b3YsXN5VXcdtcS2eBqy5c850XSFNY1+3Kwqoy
vhVPE8Y+3bp7fePzaTo2pU0dlX9bzBS/xB8m5ac2rqND9Q3qz6qCSenN6r3arK5cysfLQJzlpuf5
1RTx1MbsEDILfi3c2raRcPT0ojKGHP6NwaLJ4WqbuDavzm2lYK+hSFqVZ4bAsfMUfTW00sWcEInn
+HdmwEu8hm2S8+3e68YR/7yUpk+/7X1TGUlDYylbJ5dCWyz8t6xcgtcxprItq99iNV+hqfL5uuue
VV5+ZbTPo8+98qrD1mPhV5yzBW+XwCpLVuepHqUrOkMehLVf3cb5rMhW8KB5hUmrH32+5shL9QJD
VpCyQkyr4vJtXvmuVCefHvdaIcr4TBt5eilh559p1VyeZp/fKuukfl9KmzrU0RXxlbYve919UzqT
aJi8tKKQM4tLoU0ape/aPhM9IZPWBeiG7ZbrMOC5TTwd8s66dNo81+4Pyotdbdi6W1vK87zU5qoH
dJkH0WxTHfNvmn7DDygHq9uxOSj47do5bk1BK4RVp6ar7yOiQ89jlKauqlup3j5OE50q3rxpTfn4
q8rftW2ETVO91bea8NY7W0zkizVy30RbRFT7wvttEvfIt/ohXtxUXsVtcy2dBa66cM13XiBNYc1Y
Xwo2IWQ4XjCGCWOfbt29py/l03RsSin//Jnyb4uZ4pf4Q552/lttXEeH6hvUn23nVyoIy7pyqRxe
BrJFZ3o8dpUezI4yknXHInV4INzatpFw9PSi7EIOXzw5XG0T18VFIFacG1dmRg4rbUurP/1KJVMc
04wmGywqGyTty6qyrZ4qVtQyo6sUbGBPM8i0wrAUp82zpjLyvVb3mBG1uHK3VI88X2Y3s6qRVWXM
mM5n4rIqjxWdrMY15l3d+MY3Hiah8tn2PGll99Zbb51W7ZHGxhtvPIw3ixvlVWov0vdY7LbbbmkV
tin3qez5atSm8miVHW3o68o3rERgBaEZecdWJ5ewBjutXJiWFurKrHqboXpkBnApPhgyg48V4sRn
xh4rFaFlVoP4WWl8rzoxc57Zf/muBsbihqvaSO8e97jHcKUlq9pZdcmqglJg1iazNdvMDi59nz9T
Wc1J0rjTRP4dv5k12LTifFZ9fxINUxbtdlC3UwMzMsHVBO4xGuT7aYPoqY6nKH1WfNAXoSWuBJ4x
IxuaJ0xKI0Wa8O9Rj3pUmsVuhqiK1TnwGAWtfC+1uepR6hdtV20qn6YrYwAz0JlFzEosc+wPo9M/
4K2881jAL+FRkwJ8xhzniTcTVzTe1B+1mr5Ub+U3id4Vrw29Ku6srn3bRtg01Vu0ZJMu0q4X1K8U
4NU77LDDcEVCHqeJtoir9mUMYeXRlltumScx3FmiqbxjHzU8YGcT/mz717T6CLo05amyMxYTn+DT
PC9hnY/rykZ8T+Md/byPDCTc8/yVT9trmzb2aSl+iT/4eKV7tbHvtz6e+DArYOri+PizulebmTO8
ccUfvIedaJCBWAXEjhilAM9iBj0YzXLFeb7TRylvnjXxmFL7iSb5NuRwUPgfhishh5+XY/wHgXmt
dl1EdP0qI3hG3Sof+jPySWn1ZykNVqOiBxBOO+20tOqzTq9GP2Eno2l1qaYyUg6t7jEjanHlbqke
fOcDejU8l5WiJ554YlGvRr9kNRgryeG/CiofKy5Zhc3KNtKbl15d116Ux2NxjWtcI63CtqNm0srd
fDWqyl+6apUdMhG79fnAWGrbQxdX+5awRq+2I2iqbbfddmpa8OXw96q3GaprV1oqPu2F3A+9EB+d
mp24WMHMDm+5Xq06sarcJgYX9WqtaiM9ViFqpSU2GvBr0qvZYW9WerXKak6Sxp0mhIW/soqvacX5
rPq++kuJ56g8yE3sdlC3U4NWOrJLUN0KeaXV5yp6quMpStO2hE60jd5AfQg8Y2Wl9OxJaSitpiur
h1lpzq4K7IaEDUhBK99Lba56lPpF21WbyqfpyhhgE8STXQ/5mh0tFZBt4a3I6B4LdtzafvvtFa32
as6kyhzniTcTSTTe1B+1urdUb2U0id4Vrw29Ku6srn3bRtg01Vu0xCpq+BP1KwXG7Z122qlWbmqi
LdJT+zKGoAew6jsP2lmiqbz5N02/0amxa0FnrDyXXo1dhrGbkOclrPNxXfmI70GH3DOW9ZGBhHue
v/Jpe23Txj4txS/xBx+vdK829v3WxxMfZleBujg+/qzu1WbswMpuH3UB3gPPRAZ63etel3bkK8XF
psKOHWCk3ZVK8do+E275Th913zfxmFL7iSZJL+Tw81AVhishh9e1YzxfIASs87cKa3FVgTHbNJvL
rxYv1aNppUspDWa7sSrGmnHALLRSmjxjxbYZsGrf131Xet5URuJrVpMJlsX8SvXI8/Erk/IV5Yqr
VU756m1fPlZqK/48rj6v0gruHAu/2tMGnWLZbDvltGpfq0GZ1WrbY9W2MSuyzMiQ3ttWLSNptsF6
Hrio3uaUGClPXV46Fxo61l9ptTnfq07EY1ZjniY7HSgNVlGAz5577pmeMXM6j+9/z5peVNZJ/d6X
QffQN327RFfEmVXfn0TD5KX2pDylc5htK7KEb1N5Va8+V+Vfx1NIU6tlS3yQOprgmcrYlEabsnne
ZMLcGD0xexn6K7W56lHqF+Jn05aPOvhdG3I8/LtZ5CUap845L6YsrERSf3znO985hpcwn0Tviif8
oTX6gJ7rahMk0sxv/Z7FtW/bCJtSe6tcnB8GPuxWYEaosfooHryp6X0TbZEGfUA7b5T4IOnrfVN5
VZ5JV60MNwd1sU7aESHPS1jbpLmBbVU58i20a9u0J7wY88CjLx9U/uTDCpG8PuTFyizbsjZhl7/X
7zZtrLhcFb/EH3y80r3auK7fcna8+Fzdam3qygohM2yM1bmUZ5tn2jUh5zX6lhVvulf77rjjjkku
1XNdPa82w2DiZXrX9yrcbOLcsBw+Lc6s87+bxsRS+/WlQZ9n1/umMpKW6lxHK6V65GUQr4U/LbIc
npd7Pf9upUQvSSQzVKexwK8WL1WtaaVLKQ34FatioHv6T11gxbYZseted3reVEYS0uoe+m0plOqR
x/Mrk/IV5YqrVU756m1fvvxsVX07q6vPi76chxwLv9qT3ZBKAT2QlepaDWrOhsGd7nSn2jZmRZY5
rdJ7dHUf2mDt48/qXvVm7G4TdC605G+uNmG/+KnqRBwzwI/FYacDpYOODT62NW16ZttTj8X3D1jZ
P8ugsk7q96U8oe/SijfFnVXfn0TD5Kf2pDzY5/LA7opg3lTe/Jsuv5V/HU8hLXMEpzKU+CB1tCN/
0vumNNqUyfMmWygy9gk7Q4FFqc1Vj1K/ED+btnwUCJ6hXRtyPPy7WeQlGqfOOS+mLNhh1B/tKCke
FcMketdHwh9aow/kwbaGHztnPY/T9XffthE2pfZWGXTmM7sV2AQvPR67MpY1vW+iLRKjD2jnjRIf
JH29byrvWMFqHpjDLLU7uz+WgnZEyPMS1uywYoutRj6Fdm0xRUqXMQ88+vJB5U8+5twfyYcf5IWd
6Oijj07YjUX474M2bey/VfwSf/DxSvdq47p+axPChnyubrU2dbWt6ZPeVcqjzzPtmpDzGqVlTlTd
DncUsO31B8ilefC8+pBDDkntkMfp+lu42cSU4qc24WDkedOYWGq/vjQ4kmnHH01lJCnVuY5WSvXI
iyBeC/9eZDk8L3f8XjwEOOe1VVhLRhEMchi4bEVwGpRsBveAZxikSvWw1SzJeF1yULG1JR2NNGAo
+l6GSJvxlhQeDL56x9ZH2r54Fk4typ2XUfXhHYZsO0MllRNmr3LguOe9xwLDN8/0neJylVGQ+rKd
K85k/x6HlYRGFDq9Ix9bbZUcjsJQbaA4s7pS7q5Y+HpR/pNPPnnoHMBBiqFe9Xrc4x6X6sX2TTxT
fXAM+TqAOYZw4ghT3vMcIwLPPd1RBv/9LO/BmnzZeox87dy39BusmvLxBn++s5nGRWcGaTBgEUd/
xx9/fHKe0O4YBfTcO0RkROYd8b1DhoHOVl8Mv6s7YqCp/Pk76BCcfZ8VrXMFp9I3ikP/tpV5wzb3
fcx/17fvQ0PKq9Rf9E55yQkGftAhii3tjLPNZoYPsRON6ru+V18+8pFjHkOQeAll9OmrjeGD+XEM
KJnQA+X3fMl/3/beT8SAt2qyBQKQ39JOfc6nK6c6/cLzaepIe1M+6ui/6Xsv2si3apcxhrw87+yb
j2ic9PiDp2GcpH0kZPI8d4T6dmxL75TR8wpwpD2gF8Y68UGccrPgc7Qt6fi2oazqH74NhZ/e8R3b
ZVN3zwd5T3srvudnODvhR3pHXIzCdQ5t8QXS87TFb5XD54UTW+2E4s2Yw3ucYnZO4fBdTp8qT5er
rxdGL18Oyq1jDeoc55QTJzDHIjDO2u4yQ6MV7xgrVR7RehcZyPM0+ghbnCk9+oXtoJHwIE3y1zuu
wrZtG/NNnzGhDx/UBCIwwlhCG5M/dAtvgUfzDpoifV+vvveahIBREWxIh3HFViSlfg+GtutAek57
kj9/xCee8rUZ/QOOfND7uu36Fb/tVRPzqLvKQd9mYp2OhfGTfnK5zucjfhdy+G8GiyCH+7aJ+3En
Yyuleo1FwiCHgUvHj9gKmgHPMEiVAuM0xmucAvAnH+D78BvSKBki4V3o7xh8FeAPkvVm4dSi3L6M
ONFUH95hyJYM7A12GEh577HA8M0zfacyc5VRkPqynSuykw/I9eK98GUF8kHuoq78qXykN+tAubti
4etF+W03k6FzAJ4Ab1e9kG0IjDU8E03gGPIBzDGEE0eY8p7n0sk93c0DC5UHWiBf6VrYWPgNVk3B
G/yph602LzozSEMGX+H0nOc8J8kMtLut4h/i5x0iXr4nvnfIIO/pqDrSRKaaNkCH4Oz7rGidKzjl
QX2E9/TvBz3oQSM0rO/9d3Iyde370JDSK/UXvVNecoKBD3SIjEu74mxDdlJbiEb1Xd+rLx/5SBdE
zvI4+fTVxmCRH8cAH4AeKKfnS/77tvd+Iga8VZNzsNXgkBQW6nM+XTnV6ReeT1NH2ptvqeMsgmgD
/gmfUkCWVBk979T7rlfRuNKEp+Gcg4Zs1fAwr9wR6tuxLb1TNs8rwJH2gF4Y68QHccrNgs/RtqTj
24ayqn/4NhRuesd3bJcNLp4P8p72VvD8jIm98CMF4tpuI7UObY29pOdpi98qh88LXVrthO2TMYf3
2ITsPPLhuxNOOGGEPlWeLldfLxYO+XJQbh1rUOc4p5xMdsFeAv3aqt6BrVYelpGxUkG03oUPep5G
H8F2r0C/sJ1JUl6k6fsPcYRt2zbmmz5jQh8+qAlE4KfFAOQP3cJb4NG8Q84k/VkETUKgfcCGwLiC
jk+/B0P0ewLtKRokPvEUsFNw5IPe123Xr/htr5qYR91VDvo2NnRNMPKTfrxcF3L4eXxhUeXwtjQQ
8VYXgaVznHvDsRiWv2Ikh5HI2OMNnoonY54Mw3rOVU4PBlI5hXgOM2U1kwyk+ganqncYKt+2VxlH
ld6kqxxUMG1vlC99R/n9CmOYqpwFig8GCHAydPIc46WMv94Qrm/8VeVpW9+meH2xIE0Mt3nb+HJy
LwOvBk7/3jug6miMwcp/4+9JW8b0pjp2fXfqqafW5kn+z3ve84a0XkrbG2ERVktxeFZXZ19H7jFw
Kw0MRFqpqHgM7DhM9JsrfQcBRN/1uULvOe36PJSPdhQgjzbfKA2PTd++X+InSt9fPYa0n39Xuhdd
+77cB8O25fOrKnP6g+dwPtp+++03LLfvO33KpW9Q2Er1Lz3DMUj7aiWo4qgsJb6F8wiaVX59rqV+
wplxyn8WqzkxQpIe/Ubplq68/9jHPjasT196Fw4ohaV89MyOexhx1Oq7LtecnpS2vx522GHDOpF2
m2/4Pp8YJKe30qad5LjVM64YMFWHUvv6uLpnjBQtwfcn8SZ9N+04kZcPGqBfH3TQQSNtJzlG9WrT
9zGEaNznu7580O8AQ71LdIxRRPj1beM29E7efkwgrzZYUG7PB5EpNVNdbVmSv2xLtyEtCfu+V/q2
8uKqcUDP+I2jQuljQNI7rraFbPrzz+gTij/tFSc5/Fbpl/qAVsuHHP6sIe6LLodPSxfL+P3qqvHz
z90bjtWf/ZWxwRvevcFT8WTMk2FYz7nK6YGhXU4hnsOfWc0kA6m+wanqHYZdESjpeEq7dGVcJWBc
9kb5UlzKzwQzBYyvWv2m+GDAZEcZOnmOc0rGX28I1zf+qvIoj2mufbEgT2SbvG18ObmXgffI/040
9++9A6qOxvykL/+t0oafzDrIcZnnp992NEhjln4yRNO5s3V1Vj664tBTwLmmlYp6j9EeY7B+c6Xv
4ICbJkDvOe36PJSPdhQgrzbfKA2PTd++X+InSt9fPYa0n39Xuhdd+77cB8u25fOrKnP6g+fYFvMj
sqnvO33KpW80OaiEQf4MHZD21Yp3vVdZSnwL5xE0O00o9ZOb3/zmwzacxWpO2RdK+ojqyVU6g+rT
l971/ST91Y57GHHU6rsu15yefH10z85QPrT5hm/ziUFyeitd2kmOWz3jakc+DrMrta+Pq3vGSNES
fH8Sb9J39OVpxom8fNAA/foRj3jEkAbJS3KMKtam76M3atznu758UBOVVecSHTPBQPiRV582bkPv
5O3HBPJqgwVl93wQmfKRj3zkCMYl+YtdFWcVsAcIQ64aB/SM39gWFHIbLTbH3O5In5hVwEkOv1V5
Sn0Avwsh5PC1I4fPij4infkjsHSO85JDRAyGK0qiN9zkgw1xZMzLHbUYIrVyhjQYGNhS1Keve5ww
OCW98dfn2/ZeK9eV7qSrtnYsOY1K33qnAN+UjL3+OwZePxGA7TK9cdTHZfBUedrWtyleXyyUJu2F
U8+XUfe+XrmBmTis1AMf0hKNecEE2kDBLxmH+R6MyF9lmdXVb5enuvirb99SngivbconhwzOAu7t
HJghjuCAAIlwmeeBQ8GvSPdlu+ENb5gMTFo9nH/b5Xcbes8dCW2+UXnz7en79P229Jv3GfgRZVdZ
uOLkYwa0F9DAuQtmedy25aPtNflI/BMayMtIOe3M7zQDOM+rz2/yZKspjwP38GkmXninJ8YAVnsy
ccnHZ9IGq1A1e9q/y8eGPmXkGxxaJT6AMxClqG+6+s6vKMEZrBWmvi44/1Di9A3Xaeid7+vw50gL
+BCzbX1+fe5FT74u+T0TB3zabb4hDXgwqzX8t8yAL7UVtMyYkB+RIN6flyn/zQQJP/bDLw488MAR
WuQbJruwakjfTztO+PLhGFW6usI3Srt7yFmMAgqvYxKEvqFf0b4eN9334YN8y64AOspD+XDFkVCa
bNenjdvQez4mULY+fFB4MN6W+CA8KnfQ65tprjji8/xodwycpYl6ds59Efc6upimbHzLKsGcBzNW
4ETxsnSpfUMOP2+HAN8/dO/lVXBeSTl8WppYxu/nr6qvbg4lh4hokStHn/igVTE+jox5uaMWQyS8
SoEVfiU5j7RwwuCU9MZffdflqpXrvnxN93bWb0q+5DQqfeedAnxTMvb671jV7CcCILt646iPC/+s
22qyCwaK2xcLfU974dTzZdS9r1duYCYOK/XAhyAao376HtpAti8Zh4kDRuQ/64BcqDKUrr59S3nL
2T+pfHLI4Czg3sse4IB9CZ0hDzgUkDVKZbvpTW+aVvtr9XD+bZffbeg9dyS0+Ublzren79P329Kv
+rDqDz+i7CoLV5x86G/eMQzO04S25aPtNflI/BMayMtIOdEvsMPNIpAnOwJ6HLiHTzPxwjs9WS3P
ak8mLvn4TNpgFSq2HP+c+3xs6Ftm5OcSH0AW8iuA+6bPkRIqO85grTDVM644//yqUvKaht75vg5/
jrSAD7EqfdogevJ1ye+ZOOBDm29IAx6XH52CfldqK2iZMQE93Afx/rxM+W8mSPixH37hbZGKjy2M
IzT1exIf9mUp3fvyeZub0odvlHb3kLOYbf3hdUyC0Df0K9q3FPrwQdLBrqWjPJQPVyZWlSbb9Wnj
NvSejwmUrQ8f5DsC422JD8KjsEHMOmAHyfOj3Znkgv6Sh8997nNF3OvoIv++628mxOc8mLGCRY5e
li61b8jh9Xq1l1dpk5WUw7vSQMRfPQTOR9bGWCeG3/72txPjrNcIpvBWdp5Utemmm1YmVFabbbZZ
tfHGG69JOMzZUpmiVhlTrmzwrmh3GyirDTbYoNpmm21SHddkxVyhqZc5gZg0ktrJBsjqAhe4gIux
Pm5tlmNlMzgr26qsMqNGZavDaytuClRlymRlKykrUzCq85///CkuabTBzoTdRFcXutCFKvqLDfJL
QUsr1ffBzxS2hBmYb7HFFrVttdIvTLiottpqq+p85ztf4hnwQMoIH4QnzjrQf/mDBsFhUXmtGRES
rcM7wWfzzTefNRQj6TEGwdM23HDDueCuzEyRT/Uir0022WRh8Vd521xtJXWiJzNiVBtttFGi3Tbf
dY1DG5EH/RkeOA/aNYd9deELXzi1DfzJtpKrzLCUfv/f//1fsci2DVpl2xJWplRVV7va1VIcykgb
t+HvffkgZaUfkxe0NA9+UazwHB9SF2QojXXwKGhqnqFr30eus5WQiWdTznmPJ/BrcIEXMi7MI/Sl
wXmUZdo014McPi1Gi/R9HV9dpDKutbLQn+FT0quRn+YxXq4ELjaxpbIJm9UNbnCDyhyalRlfkwzF
2LrtttsuxbgHj0eOkly45ZZbtpIdVgL/lcwD3WfvvfeubIvtylY2V7Y6vDb77373u5VtxZz0cJso
1kuvRi+UrDEvnau2AnN6sVJ9H5mEfgmPod0udrGLzalG3ZO1iZ/V1ltvPdSrscNRRvjgPORk+i9y
JDIaOCwqrzXHUNJp4J3gc9GLXrQ7uB2+YAyCp13wghecC+4qCno1uhp50Z8XFX+Vt80VPQj9Tnr1
vGwgtJH06nnZ3xnb6HfoqfAn9Cfp1XX608EHH1zZauPKnNaVLdpIkMFzuujVfWQg2TPIC1qaB79o
0/6zjENd/FgHj5q3Xt217yPX2SSSxLOxwcx7PIFnMybAs+fVt1ZqLJ4lrdSltR7k8Lq6x/PZIRCO
89lhGSkFAmsKAZsVX9nOCJWtckzOcxxudcFmiFa77bZbim9blyXBoC5uPA8EAoFAIBBYOwjYirHK
di6o7Nyw6spXvvLaKXiUNBAIBAKBVUYgHOer3ACRfSCwIAjYjj6VrfqubJVjZWfZpomsdUVjcu32
229f2U4KlR0RGHp1HVDxPBAIBAKBNYaArYavTjnllMp2gqtsJ7A1VvoobiAQCAQCgUCOQDjOc0Ti
dyCwpAgwM+3EE0+smMnMLMQ3velNaYUA1bUtbyrbBimtVMyrb9suVbY9dGXbCqVXtk1YWknAyuJD
Dz20su2i80/idyAQCAQCgcCCI8DsaMYE25YwjQV77bVXZce1pJUP7DCy7777LngNoniBQCAQCKwu
AuE4X138I/dAYLUQQK8+9thjqx//+MdJr8YBzkpLwlFHHVUddthhRb36zDPPrOyonsrOIU1x0b9Z
RYtebecNpx3+0ov4FwgEAoFAILBmEECvtiMEqpe+9KVpLLCjsCo7riXp1XYMWrX//vuvmbpEQQOB
QCAQCAT+h0A4zv+HRdwFAkuNANtA2TktQ2e5ryzbBjMrsmQAZNYk27OXwumnn15d+9rXLr2KZ4FA
IBAIBAILjICO4CgV0c5+r+y8x7QNWOl9PAsEAoFAIBCoinJz4BIIBALLjwB6NavL5Sz3NUavZlV5
aSvfAw44IB2P4+Prnm3e99hjD/2MayAQCAQCgcAaQUBHcJSKa2e/V1/5yldCry6BE88CgUAgEFhw
BMJxvuANFMULBGaJwLnnnpvOh+ZMFB+Y6c6WcZxTnQdmT55zzjnF8+owGPBthEAgEAgEAoG1hwDO
c1ZNed7PeXFMouKc0giBQCAQCAQC9QiUJpzWx443gUAgsEwIoB9zdn2uC/N7hx12GJGtVG/0apzq
pSPSdtxxx7G09F1cA4FAIBAIBBYbAZznuV7NOd2ce73VVlstduGjdIFAIBAIBAJFBMJxXoQlHgYC
gUAgEAgEAoFAIBAIBAKBQCAQCAQCZQTCcV7GJZ4GAoFAIBAIBAKBQCAQCAQCgUAgEAgEAmsZgXCc
r+XWi7IHAoFAIBAIBAKBQCAQCAQCgUAgEAisOALhOF9xyCPDQCAQCAQCgUAgEAgEAoFAIBAIBAKB
QGDuCITjfO4QRwaBQCAQCAQCgUAgEAgEAoFAIBAIBALLhEA4zpepNaMugUAgEAgEAoFAIBAIBAKB
QCAQCAQCgcB5CITjPCghEAgEAoFAIBAIBAKBQCAQCAQCgUAgEOiAQDjOO4AVUQOBQCAQCAQCgUAg
EAgEAoFAIBAIBAKBNYJAOM7XSENFMQOBQCAQCAQCgUAgEAgEAoFAIBAIBBYDgXCcL0Y7RCkCgUAg
EAgEAoFAIBAIBAKBQCAQCAQCgVkiEI7zWaK5wGn98Y9/rN72trdVm2++eXWrW92q2mCDDRa4tFG0
QCAQCAQCgbYI/PCHP6w+/OEPVzvttFN13etet+1nES8QmBkCQYMzg3JhE/r0pz9dfec736l23333
xGsWtqBRsEBgBREIx/kKgr1AWaFXv/GNb6wuetGLVre73e1Cr16gtomiBAKBQCAwDQJnn312dcYZ
Z1Q777xzdf3rX3+apOLbQKAXAkGDvWBbUx99/OMfr775zW8mHnOFK1xhTZU9ChsIrDcEwnG+Tloc
p/n+++9fXeISl6gwfqLor3Y499xzq4MOOqi62MUuVp3vfOer/va3v6UivfCFL6w23XTT1S5eMf9/
/etf1WMe85iKsl/oQhdKZW5TXjA/6qijqq233rr68Y9/XD30oQ+t9tlnn2Ie8XAUgZ/97GfVe97z
nur9739/Bf6ES13qUtUjH/nI6jKXucxo5Pi1EAi89KUvrd797ndXm222WaL3U045pQqBsH3TQPMP
etCDKgzyf/3rX6srXvGK1ROe8ITEJ0upPPaxj63gQzjN3/72t4cBtwTShGff+ta30uSyz3/+8ynm
+c9//uoa17hGdfDBBydeP+HzNftafZX63uhGN0p016cy86JB+sIDH/jAJCdw/+IXv7jaZptt+hQx
vpkCAeSzG97whtW3v/3t6phjjkn9York4tNAYGkQCMf50jRlp4q86U1vqu5yl7tUl7zkJSvkh0Wg
A/TLe9/73knXR69GfiS85jWvWWi9+iEPeUh1zjnnVBe+8IVTmduUF4Mz+jjywI9+9KPq0Y9+dHWH
O9yhUxuu18g//elPk7yLnia9+tKXvnR1xBFHVNttt916hWWh6/285z1vuAAGekd232WXXRa6zItU
OGj+Xve6V9Il/vKXv1S77rpr9dSnPrVWr8ZOh+0Cp/mZZ54ZenWPxvzGN75RveENb6g+85nPpK/R
M69znetUhx566FLr1eqr1PfmN7959bCHPawHelWyFc+DBukL97znPZOc8JOf/KR63eteV8H/I6ws
AujV2JnoJ894xjNSv1jZEkRugUAg0AWBpXWcf/nLX65QajHy4by57GUvm4QfmBPK7d3vfvdaYakL
gGslLgrmbW5zm4VynGvlksdwXo59lIyvfvWr1QUucAGfXXI0QR9tw5///OdERz/4wQ/SJ23Ly6qE
Aw88cJjN05/+9OqAAw4Y/o6bMgI4sW5605sWXz7ucY9bF0LGYDConvOc51QIujhPN9544yIe+UP6
15Of/OTqAQ94QKLZ/P08f9/vfver3vrWtw6z+MAHPlBd7WpXG/6Om2YEct54i1vconrlK19Zq7if
dNJJ1dFHH11Nitec6/p9iwHqsMMOKwJw+umnV9e+9rWL75bhoe+r09DPvGgw7wvve9/7qmte85pz
g55JcV/60pfGZAWfIZPmrne961UYRRSQOTH8b7jhhnqU7vfee++ReLz83e9+lwxJ8HaM1qxo2WGH
HdJ3GPSQ1/7zn/+MpHODG9wg9X/i8x6HCI4Rha222qq66lWvqp8zv5LvHe94x+pjH/tYtWjyCzSB
ce6JT3xiTKabecvXJxi4n4fNIjhM61tpdm++8IUvJAcsejS7l22//fZpshW61RZbbFHd5z73GeFJ
s8t5MVNilx/4+yI5znHg5860eZUPPbg0Vu61117J7tK21dCrr3KVq1Tf//730ydty/vqV786OcKU
z7Of/eyY0CUwGq44sXBelQI6I7r1sgdkrxNOOCEtgjj22GNb69X0LyYXMNGDiYQrGe52t7slOUd5
fvazn52rLKx8luWa80Zsom95y1tq9erjjjuuOvzww5PttCnesuAz63rgPH7wgx9cTBYdZo899ii+
W4aHvq9OorOm+s6LBvO+8KlPfap2TGgqX9t3TOj73Oc+16hXM2kOPdfr1cic7Gbn9eoLXvCC1U1u
cpOReJTjt7/9bfWJT3yikl59pStdabgzGnr1hz70oRG9mnRufOMbD/Vq5Dnieb2aRVpXv/rV21az
czz0amzclG3R5Jd3vetd1ate9aqK8TEm03Vu2t4fBO69oVuRD5fOcf73v/89zUB+xSteUQtgW2dn
bQJr8AUTCJ7ylKck4wZMcJNNNln1Wvz73/+ufvGLX6RB7g9/+EMSoubVNkyUwMiXh8c//vFp5XL+
vOk3Rm9WviH0tS3vP/7xj+pPf/pTMjizMnTRDM9N9V2tdwg/rCB4yUtekgQX0S+OjZ///OcVxhlW
8C97wKiEkPib3/ym024RTBxipeZq0Bplpp/Q777+9a9X4TjvTqUoATip9ttvv+r2t799WmnrFQqf
IoLWy1/+8mTIYaW6F/x9vLgfR0D9izGS1Qj0GY4ywYgL32a2OI7SZQ0oih/96Eere9zjHhPprAmD
edIgcgKz41Gi581LMMZjFJ0Uvve97w1XGEJDKNe//OUvxz575zvfOWYgyvPwcgQGjZJBSflBp6Xj
GC5ykYskwwRpzSMwHjOB6yMf+UjalYDdCRYhUC5Wc6Dgz5s2FqG+i1KGwP1/LbHsjnP0anjii170
ov9VOrtr6+zMPlvTP9leEyfjxS9+8epZz3rWwujV6Ef0T2TwK1/5ynNz7LNrGuN+HtDVcC52Cci7
rHzrUl7kM7bLf9KTnpRWhi6a4blL/VcqLnRxyCGHVM997nOra13rWtWJJ56Y6JdJf0zOxpGAs2DZ
AzIbE2J/9atfddotgp0Q9t1331VxclBm+smtb33r6itf+UoVjvPuVIodBSfVne50p+qud71r9drX
vnbMAadUmfyPve5mN7tZkjFDrxYyk6/qX0yyY3I2q/fRq88666wKeQJn8rLr1R/84AdTPSfRWROa
86RB5ATaAT4yb15y6qmnJjpoqivvfv3rXyc/BffQ0OUud7nkJ+C3Dzi5sQH7kOfhZVLskMgWeVB+
yHLs7JgH9GpolrTmERiPmcAFrTz84Q9PvGYe+XRNk3Kx6Ar7+7xpo2vZljl+4L74rbtUjnO/Igbo
jz/++LQdNs4GjH0wAYI3UqYH8W/VEWC7EmZdYSCfx1byrFojXRz0rNpVQEH85Cc/WTE4dgn//Oc/
00qLruVly3GUrtVwZnap3yLEBWMEI4wpCEnrdcZb376h4xlWk9a0fXM4NPr1KHbK2G233dJKchxD
dY7zfqnHVyCAg5wVzPAXZl0zC3m9hbVAZyvFS3BQa9Y6s9wxrDGBBRphlxj4MUo0xjTfH5l8wKx6
Vp5jbFNgMgar8X1cJn+RJg504rOLCDvScPwIMgrOdiY0IMMS2E6SyTMYnpBzOY4BpwFGXNJRwBjO
ZKX1FlaKNtYbrpPqG7ifh9AyO879ihhqy+QZdp6AnyHXMaGJ4I2U6UH8W3UEGKtYWcxEbyZkzZpO
SZPx5/e///3Ijj1s+YrDpI9ezTjbtbyMh5wxH47zySSHXo1OgaOc3QJwTKzH0Ldv6HiG1aQ1bSEe
Do1+lMtOGeyWgtMQx6SXzfulGF/lCOBs3GmnnRJ/wSm5HvXqtUBnK8VLvvvd7yY7Lo5BaOFlL3tZ
msCy++67p11i2EGNXdOYFOT7I0ckYJ9g91G2rFdgMgYTOX1cxrQP2aQYdhAkPgsEmVTNJD706tNO
Oy0549mdkYBezqQG6dXwdvRqHPCko8CiFHZTWm9hpWhjveE6qb6B+ySEVvf9UjnO5SgCUs5tgiH7
wMxozv7CWYqy58/5RvFjRTKGc7adQ7mAmeLkxDCw0UYbDZPCoMm2uQRWTSN8sfUV23Ezg4stN2HW
nJ9TCsy2Y/tXyoPRHsaPoolhlK1SvYAxTV4YPDDMkh8zJakTAxNngE2aOYkzmVX7KMYE6nLLW94y
zXZlQKJ++fnSX/ziF1O9wI+Zy/qOFXylmV4pwn//9XUO+jTa3GMQZ5Y8DlkGYwQb2o1Z1nUBDLQ1
Km0DFtQHHBmoS45+2o2BV1vPsSKBPFBU2cLHOzMRJNgGCsxIn5XpxIFOMUwxmFMGjPhsewSd+MA2
NpxPA00pQPusVGUL2FLAOUC6pA9dcM48mHB/xhlnJKFmyy23HPkUOqKPvOMd76gQgugf4IASzjes
QEOYmTawSoK2QZA66KCDUhuxDSvlQajh2AXopXQeD7MH4QOUh7ikhSEGQ1++3bL6Fn2BP/oLk2v4
DmUKYwz9mVXtbOPMOXpvfvObUzsghNH3yYcVgDg42B7xaU97WuI9YEEb50YJ2orJE6ycBEMCE3nI
l1Xleb8kD2ZdsuqVmdJMICA+NKOQHz+g5wimOGLYeg+6oX4EtgD2PEbxdWU7JeiJfk6gnW9729um
Fal1qxkxdEFLzIanDtSbLZfAhZU4vJvVVu1t6d33K+rBOWVgyfZh9FtoHnq91a1uxeti6MMHu9Cg
z5S84KG0D8dHQK841FjJyriQO87J5/Wvf/1wCyv6J9/kdK48GNtoWwJ8gX7EedGMXbQxCgQ8w491
+pYrzj5mxTJWQj+0J2Md/JMArd75zncemZmLYYcyipYwVtAOGFXhNZzpVEe/KdE5/qM+YMgYcN/7
3jf1K9WFbOnv1Kk00xijALwAukaOoM3AHT6z4447jpQaemWsh39rDCYefYZ+hqzCc/goO2z02UUD
PoeDV1hCC4xT9EEFxaGt6aOeXhgPWH2ErAPPZewXXSADITcpbaXHtSsN6lvyBhP4OjyWMmHgpy9C
M6wie9SjHjWyfaacdPBmVna/4AUvSLhBg5yXl29Pq7ymvSpfZIe68dTncfLJJ1dHHXVUMuQzFuE8
QH4ojVdKm++JR//Slu3QBOPIFa5whWQgyMcGaA5ZAFkWpwF5QXvk5be182Xrc09fpVziC8gn9PNt
t922MbmV6Pv0T+Rn7UwDTbEaX2MdBSzRLc+hwbZyOPGnCaxqg7cg59GujD3wQfoc8gB0Rd+jjf24
1UcehD+TD5MqyIsATdGHPT/w9ekjl/TFnbahzowL8GACeDDhAzmjSTbxZV6k+1k7JBepbnIUUSYm
B+25554jxYMfowvB31gF6bFgzKFPwqPQfZCt4fXIXfvvv/+Qp5Ag8jjyCAEaYUUgPBcdFt3o8pe/
fNpNjnGyFOjP6CbQvvQTdFTkGnR0T1fT5EXZMMySH/2VOqGrobPlPDovJ/hh7GX1EwEZCprXblKc
171ddr40Mhu6CPipv/AdOwBMOpqjr3MwL/ek3yxMgLcwXiFPoffSx5Fb6wLjCjoybcHYQrvyh54M
P0Ln9bREOsR9//vfP9SdkM3IA4wwuHtnJnxUPIb0kSkwfiPXvfe97010RTtAF+hJnFXvw9lnn512
cYKmFKB97BlsAVsK0B30SvrQBfoSmMCHwYO+hA3GB8lCyJPUmf4BDpx7yjfofshk0wZ0M9oGDMGB
NkL2RN6krMjm6Ny5XYd8NX5RHuJCr9gY4Nn57jjqW/QF/ugvrHDnO+Q9MKA/0w4sYkCOYKyiHRi7
GNPJh7ZhIiA2BuQp5BuwoI1zGZu2oo8gs4IhAXsB+WK3yvsleSDHUHbqRt+Cltro1cid7OrFKkHo
hvoRJunV2IlwwHAl0M7IUfc13aOkYxAHnJBRkLOpA45I7AQ4frA1zNJx3pbefb+ijNA3WLJzAf0W
modekUnrQh8+2IUGfb7kBU60D8eLcMQSejUyUclxTj7oPxov4KHQSU7nyoOxDd2aAF/A9gGNMnbR
xshd8AzJz/pOVybbwi/on8RBJqSd4SME6AsdzNvjyI8yipboDxwbINs1/aZO7lW+87pSH/Qz+Ivs
Ad42SX+n//n6qCwscIIXgAe8nzYDd/gM478P0CtjPe0Eb2EMJh59hn4Gv+A59r8jjzwyvffft7mn
TUhLWEILjL3eXqw4tDV91NML4wHlpo8/4hGPSGO/6AIZiInYStuXpysN6lvGEjDBVgQOlIkxi76I
fQm7JcdZ+eMe5aTDloEujv4KbpSb3XQm2e6Vd9er8oXPl1Z65+lhT0U+YpxGl0Jf/trXvlYcr5Q2
aRAP+xN9isBYDE2QJ7SWjw3QHO37IZNNlBdYkNcs9Wr6KnSutkA+QQfELtcUVqLvS6/WzjTId+ir
GusoX4lued5FDif+NAE+A59EzoNmGXvgg9gAkAfgx/Q92tiPW33kQXQZ8sGuTl4E6II+7PmBr08f
uQS9ug/utA11ZlzAvk0AD2Q9+LDGM1++uO+JgBFTq2CC8mCR/4zhD8zBgDdpYEa0YllNaRgYIQ3M
QDuwVazDONxbB0vf8n3+R3zSV/1t4BuLk3/Db2OKw2/0rTG9wXbbbVf7PeUjjuJPk5cpA2P5GEMZ
GLMZpq98dDWhZ2CGhrHv8vrZIDuShjGvxm/MuDISX/npqjag/iZwNcbVN12vpnwMzEiRymmD4sBW
haV7U7yLmJjgMTAFoLFepfKac7nxG7A0IWBYR2NyiS49xjagD8wQM5ZOnp85Jsfi+HTMaTqg3h4r
m3XX+A3f57QL/dMPfNr5fR2OPu8296Z0NOZDvuZMGGszc0I1fmfC4wAeoDKYIDkSH2zNSJLSzutG
vzGFeSR+Hif/TT83Q9cwv1J/9N/YsQHDuJTRBNxW+ZlQM/zOhLExWvJ56N4cdwMTzoffkR/0boNs
Y55m9Bj5hu/MEd34DXnm/EJt0PXahd7pV6pv09UMEGN16ssHu9Ig9TcDYuP4Q9nNQTbWXqYcjdXP
8xWPLTzADBxj8XNc6MO2i8YYHqaIT/yWtExBHn5rRrHGb3Je5ss773vwsBXDjeWjPqY4DutDmfiO
Zzlu/jf91vetnJ/RlvQj/43u4dd96l6SE5BpUqWF/wAAONZJREFUfDlyfkeeqp8ZlorlUbkoc0lu
6EKDqhd8sEkGIs8SbZjxqbGM5tzthZ3KVXdVvm14GOMLdaP8NhlhYKvNU5nr+qXSFs6eL0smKvV9
ymqTqFLa9FnyZUwknTblrKtr6XleRvKwCWONWK9E3zclsZEehKlN3Bora1c5vIRL22dmwJtYTi87
TSMPmsOhMS9kINL3Ze8ql0yDO/KJ6FTt46/0G5s8NlI+X9ZFvW+lRK/BSGYgGpghP9EU41opmLNr
YI6fgTkkBuZ4G0bh3s6trqVH4pO+ghkma+N6GmGsy4OtaBuYw6L2e8pHHIVp8jJj2Fg+ZlQcmOFK
yY9dbcLmcCzwdcnvGYd9mMQ74PVNQW1A/ek78whmaB7YJIeEiU0IHsgWYE6pIibmWBiYE2EMQ49F
qbzwbB+ndI+spWDOvESXPh68yxxZY+nk+dmuCmNxfDrmNB1Qbx/Mod/4Dd8jg/kA/dMPfNr5fR2O
Pp0297aKrjEf8jVnwlib2e43jd+Zc2FgRuVhEdBnfB3AFnsLafvn3NNvSjJkHs//pp+bc36YX6k/
+vh2bMAwLjd2VOFYOXx83TMuKjBmUg+9q7ua425gTgd9lq7Qu02Mb/wWe0sezADe+A1lyPlFnkbb
313onX5VV3//3FaHjmXflw92pUEyRn5uGn8oK7bOvL2wVfp6cO/5iq8UPMAmc4zFz7+nD5vDzn+a
7s0pO/Fb0rLJsMNvbfepxm9yXjb8cAVuwMMmMDWWj/qg5/rAdzzLcfO/6be+rXJ+RlvSj/w3un/m
M5/ps2t9X5IToClfjpzfkafqZxMBiuVRuShzSW7oQoOqDHywSQYizxJt2AS8xjLapDRlMdOr8m3D
w5AxqRvlxwZz//vfP5W5rl8qbeHs+bJkolLfp4LoH3xHn2Vc07jVppxdAMrLSJ428asxiZXo+7bC
v5EehKlNch0ra1c5fCyBDg+w96gsdVcvO00jD9rkqMa8kIFI3wf6Y125eJ7LJdPgjnwiOi3lSb/B
rxZhNggwC6NVWFSDhcrljT8o1nqeX22G7cBWZo0YlGWgtJlJSaiGcUL0MAYRoXck4lhAYbWZn8P3
GEjJl3gyCmMEhcmrDBAuhiGlabPWEzFjYLVZLMPn3mjcNy/lSTmps5STOiMs8SmrDL2UEScz9UFh
Pe6444bl411unLWZOOk9hjmcj9SVQUAYecOgyuavagNfd/9+FvcY7Sg77WOr/ZIhRW3BoOjz8IMz
ccDNZksPnv/854+0YV5er9xDTyjYNjtukBufc0M6CjXtJLxULtK33Q0G0Ar3lF3OWJ4rHu1ms0+T
smBbv47kB22pbtTLVvWl7zCE2Qzh5BCxWX8jTtO8fTGUk5fN6hwwiJAejlbvAJrUxirDpCtKts3G
TMYV9SXqbqu+0zMmMyAw+b7ljRaUEQcedaNeNlt9iJMvI32LelEH5SM8bVeCARMMJKgg5FBfJjQo
DrROn6ef6xnOb8qi9LxTWzyKutCeCBm2Wn1gs9bT9zy3GarDtlppx7kX5BD8UQgYkKEFP7HI9xXq
obqDO7+hS5vlOnzO+5yeJtFA6X0feocHCV/KweQqaIO+onaj3NCK8uzLB/vQIPh6R4Ktsk38Ilci
S3wbeoTX4iwRjed8RXXiSnv6yR/wJzCFLm0rq2F7eZrlO/F24YeRBWeUaFzPwVUTzPxYx3jLc/ob
/UW0BL0Tz5dxJe+hVdsee2RyFJMLxGfgQeDry2Qr5Ic40f+hI9sdY4SewMO3A7QFNh574vBnO7cM
MI5rfMCQ4vNrew8t2LZjw7LB02hvvmes4wr+tK3tLJLiUX74I+/o0yoT7cIEEOjC952SXNWVBnN6
Z5KjrQhJTmBhQDlKtOHfc0/fxqAmOszlrbbYTYqnfNvwMGQEyo+hlHShH35TRo3bPj+ljYygiZ/U
iTiSiUp9n/c2+z6lbWeQpfgaL5S3z2eae8YkaBRZUJNNmrBYqb7fZgIg2OeOc18+3sMHeNYkh/fF
L5+sgjGZvgZd+DESuSSf5NJVHsTARX340zgHb7LdMQZMDtM76MPLTl3lkr64i54pB2MPuKNnMenD
y1V1faVvG6zEd62U6DUYifYR3WBErgvwcGjaG5RloKSt6YP0MVudlfRvpekdiTgW6Bu2QnSYJ2Mw
YxRjj4zCGEExtCvQvhiGlCY8mGfQuNdPvNG4b17Kk3JSZxm464ywxKesMvRSRpzM1Af531Z3DcvN
O9L1wVbrp/cY5tCLqBc6gzDyhkH/ne7VBr7uejerK2M6Zad9bLVR0pPUFjgOfAAL2/1qWGdwg88h
h/o2zMsLVkoTemKyLjKV11l4nxvSkYFoJ+GlNEjfVuYlnZ57yi5nLM8VD/qzFcxpQgh8yucHbSlQ
L+QpvsPBYyv7kkOEMd87TfP2RYbhG9utYWC7NaTkcLQy1qoMk9pYZZh0ZVIDuvPhhx8+7EvUHZ2V
Z3a+6gBnlO9byLcqB2XEgUfdqJcfU3wZ6VvUizqozyoN25ki6ceSVdF3qK+fjAWtw2vo5/oOIzNl
UXqMWQpn/5dHURf6PjIp+oZ0Gp4z6VNhpR3n1FH1wB7EOIiRHVrwjl3fVyRH8h248xu63HvvvYdp
8S6nJ9Wxy7UPvcODhC/lYHIVtEFfUbtRbmhFoS8f7EOD4OsdCUzkhF/gQFVbcC3xbegRXoudSzSe
8xXViSvtKfsqacKfwBS6POaYY4b5eZrlO/F24YedznYjGdK4noOrJpj5sY7xluf0N8ZI0RL0TrzV
CtgLbMXvyOQoJheIz8CDwNcHPzGf/g8d2QrcEXoCD98O0BbYeOyJwx+6EY418WvbzcNn1/oeWtAC
K9KFp9HeBMY6AvjTtlqYQPnhjwTvOKdd0O2gC993SnJVVxrM6R1dEDswvgxhQPlLtOHfc0/fZlK2
eG0ub6WKzeCf8m3Dw5ARKL+txE05Qz/89uO2L5LSps9r4id1IkgmKvV93h955JEpbWwgBI0Xyjs9
nME/xiRoFBlYk02asFipvu/tmGBc9wev8sGXj2/ayOH++y73yHW+XOiS9DXowo+RyCVeJ+kjD2L/
UF4a5+BN6Ovo83oHfXjZiX7OO/pcG7mkL+6iZ/Ji7CEv9CwmfXi5qq6vdME94p6HwNI4zmE4EA5O
EBQcOnGfP4zMfK80ZJz0hnClK6MnQoI3RMnJiAEIw5Xiy7kBcVNePdfVG75wnOg51655+W+5R5HA
YVFnhCWOBiNwLNXXr2YpGU5l+GO1JkZIFBjN3ioZwn0ZZVSbFM9/0/VeRgqPrXBF0PDpeSaGku7f
UT8ZkH15qb+c0rQ9wp//DuENbOvwJa7KQxyMLWCoNPyKP+FFPGhUcfwVpwzvvSHSOy5KbaiVYrmT
RMJjbuAlP61yxnnv+4EvS9974ZGXx6cH7jJC2xY8I31O8bxwjcKi51zVN8CKP+jEv5fjSXExStPu
DNQ808o/VuTjnOKZyl3CmPfQEIZE+ANtqdX8eXzaHF6Ec5U8MSDxjHz0R3r+j/e0g9pMfVnxfX30
nYzn1B+DkJ7rCkZy7MjwTv0pE99Aq6q7vvHO37xeitP22pfeSV8rYHLaAH+V39NXHz7YlwY1MYMx
gRmHHg94J30XfEv9zsdV+6mt/Tt/r3j5GAS9iHcxYUzf+HZnnBOP5z28CeWD8uVOS00gAl+NpT5N
+Gc+Pur9Sl/V/5Ed6Jd1+XvjbT7m8w0YSmGj3uIPSk/Ygxf4szOJ3nH1vN4/b3sPzmBK3tA234mW
4c1qO8khOGuVtuQnvoXu9NzTNUYDPS9dVb8mGsTwQf35QxnO09GOEr4OiiOemo93KMek5ydF6ZtZ
XJXvJB5G+2tHG40xnm/JIe7LpLThP3JI0obwaH1bktl8W4vOJD+CHbTq85nVvXhpExYr2fcZc8Bd
jinRaNNYJ/rPeaAwEo7QlJcV9b7tlXLZ1nuJNuEtGMj8t5RRPLeOdkUflKVJHiRdxYW3/n9757Ji
S1O04eX5iMcPVBAnIjhwIIgTB4KiiOBEceJEcaY48TARHYjeg6Ag/A4E78KReAGOBS/BS/Cvp/me
zbvDqFpVtbr37t07ErqzVlVmZOSbkZlREZlZjGlZFte2HbS69w/S7NVLzuBu+cgnOmPlz/ED/nKx
Z033GH8/VYMCYwvtgROEXT9nA0ZmDDnuTLUPpiFc2s6hLKpKQ5RORgxAGK4MOjfoz/BbQxq+cFxl
OFpW5uUaxwUOizUjLGlwWIIhf119czcL/bIGDX/s1mRMwajO/A69zhCe+TWqXUuXeY5es3ALXnJX
n7hidM6QTjB21GagfhqQk1/qr1OatmduzJAnvHX4klZ+4BPHPRgacsefeJEOGe2CNqE0RKbjomtD
9XwcXBkcE6uBlzS8q4MD4372g8x/9lo8OqeNNMFdI/RyLPtzfc40LhwBLxZlZrBv8Iw/5CSDjifu
kRajNPVlbiFoO2JHPs4pgnx3GPMcGWJ+YHygLd3NX9PT5u4mpEx0b+5Rjn/Qy8Bz2sE2U9ZMn/Ux
n8Zz6o9uUoP15rmGd+oPT9xDVq27eRnDeMZfrZdp9sZn5R36noZRZQP85T/l/cw4eFYGXZjBnLAc
0/wcHIyd9F3w6/pdJrb9bOt8ltemq3MQ8uLYxQJyQ7Y785xjPM8Zm9zAVJ2WvoOCb52Pocn4WedH
y3zRMfwwN6I70C/XAn1Pea5zPnnA0MUn1NvxQXpiDw3w5/0jQ471eX/vde52RrYJyjJjs22nHoKd
3KD+BN/InSHlOhcP+jxj67clgyx4EkMWitXgiRLwYR1M45ha5zsWJdhHco40362x5V4bw2h/T7Rx
jslxS4d48iNt5jdt+fQLxmjzdjpbtrVypv4IdsjqQwTH0i0sXmTfZ84Bdxc5KqNbc53yX8dA8RJH
ZKrq4abZE8PXcvz6nWwytvDOmgEeHXNzQV+mUT7gZUsfJI9pGVsZ02qw7aDVvX+Qfq9ecgZ3y0c+
8SfU4PgBf7nYs6ab3/sRGMf5MhEykWDo1PmGgNW/zhisoaru0NM5mcbfNKJVJy3l++eOtmpIO1KW
tDLeMsKaTkfb8r2c1vBGOpX2dDRxn0HxN2+u1KrY8TuxsLyM5e9ausxz5DodQKzUZLBlVaC7WOuu
U7HAaJ0Oa8tkQq71st25X50i5vOlu5Mn0tjO1UllfmMmWHHGOEs9cHj5x85FaSWmKYfkR0HnNAFe
NMgL353RXSWKPMt39e6c9cs3re52kvDyjPFHx4w83kdsHbYM9ToR4K1zTsAH9dZIXY3hyh753b23
xrtpE1PbIh0cHd8oXazS0xlKefWvq2dX5hp/eV9lek3WurTwg7GLFXzKEjHy5Pjo2IQyRXqwoP8n
Pa7pc2sLAmraa7/FmPKOyDt0xaHuPEQmfEFN3O37R8bBMzKYfXGtjXSmgflW/xKfNTria7qUVZ9Z
76TBWED7prybnlhnR6XHWKico0izyhy6jDPsLmSRAONv0npZ1/DKorK1OsqXYyDpUJC9nzEvx9Zb
J57PxR48PLXDZ/cRI086EHWKuwuZMmlL50HqkOO8vLEAosoZu33odykXHb/SWEuX/Y1FXR0NyuYT
JWCYp0CQ1jG16luMPdTnWvt15e25Z7k5RnT5PNEGPrhmTEDGzd9h6zNog49zFIv10DtYMFX7FmWz
qpg24RMilOOfpzmwg6Pj8dZ7jqVbWLyMvp84btUxx9wzevgW7fos9UGMpvU5vxlHaONc2JLprNc1
fVAdAZlAl2WMrfP32kK2s3oJfMrfljxYH9PCY9VX0bvyNKe1MURajy3e/8r9aqXU8HvWcc5YrfON
dq9/nTFYQxW6RQadk2n8TSNaddJmXne0VUPakbKSntdbRljT6GhbvofYGt5I5+eOqiOTOaCe9pYY
JhaWl7H8XUuXeY5cpwOIRXoYCNm57S5W5CZ3nYoFRuvOGM97OfVLfm137leniLxuLcQgje1cnVTm
N1beKQvjLPVg7PaPxe/SSh5TDsnLTnUWYKNTkxe+O6O7OgN5WJhMPTiZiPdExlR2oeuYkcf7iK0D
Otta0IkAb51zgnzUWyN1LpzgmbJHfnfvcb8Lpk1MbYt0cHR84xhjvtMZSnn1r6tnV2bHW72Hbg39
buxaS0t63j/ZjassESNPjo+OTe6mAwv6fw30ubUFATXttd9iDH9H5B264lB3HiITvock7vb9I+Pg
GRnMvrjWRjrTrjnOxWeNjviaLmXVZ9Y7aTAW0L4p76Yn1tlR6TEWKue803FKBHQZZ9hdyCIBT85I
ei/jGl5xnK/VUZ4cA0mns9Jnxuh71lsnns/EHjw8tcNn9xEjTzoQdYq7C5kyaUvnQeqQ47y8sQCi
juPYT/eMI9JI+cl6ZX/DvtwFyuYTJWCY8zFpHVOrvsXYQ32utV9X3p57lptjRJeP9yhwgg8cg4wJ
yLj5O2x9Bm3wcY5isR56B6dR1L5F2e5s5xMilONiT09zwA76EMGxdAuLl9H3E8eteueYe0YP36Jd
n6U+iC+nC4wjtHEubMl01uuaPqiOgPyhyzLG1vk7TzHJ9jurl8Cn/CW95D+vTQuPVV9F78rTnNbG
kKQ319cReDKOc3e5MJHljqk9BpYUfIQPQ+UPf/jD/7JDkd/8dYYcDUHVaKQRKw25aUTDabDGF4JN
edWQdqSsjrY8dUZY02sUrWX7fC1OZwG8U2+OwP3ud7/7DL/EoqMjf9fSdXn33HPnne3ZxToboKfi
zw7sjn7Hb8ogyk6XTyW6kyfS287VOVBpMaB2dejuVUzhk3tdWu7xDOU0y8TgzCSzlof7KG3V6ZI0
zlyLR+1jSUvcaz0zDfy7G7A6FWzLungi83tt2izLtkjnZuU7ywcrxin6Gd8Uz7bo6tmVKT9bsf15
TdYyr2m32tdnOGtQqnGucw/DP7+TntcVB+8fjcVYHrbibBvKsW4dDh1/pj8yDp6RwZwT3KFacdEx
nbJV0/BbfLo6ZnrTdfSsd9KwXqTv2hhH7NpJJnnKQ9de9QSA5PNFXu/tXy4s2JpDaVMd56z8znqI
fd2dn2luvfZYfZRpxmIXroA/85tGitqe8rZXLjo+pZHyU9PZ3+oYXNN1v81bx8i97dfR3HNvrdya
t+qRVeY17GS+StvFGcxF7GrAmF7lrc4ltRx+by36yfKPXjtG1DaodF503684Vn78nWPuGT1cOnti
5ZL2qGPBnvyksV7X9EHKYh7uZKG756KeKktH9JLk75o8kFaduuOn3uOI070YPYZ011+1X80ULK6i
bZCL3DG1pzYshMh2xVD5ox/96L/sUPR+Z8jREMR8kkEjVhpy04hWdxZmXsctHJppwD5SVtLzWp46
I6xpNIrWsn2+FiPXOgvAi3qzgIaFo+KXWHR05O9aui7vnnvuvJOfLtbZAD0dEOzA7kLHb8rgmmPF
XTedPFGO7VydA5UHnRRdPeq9iil8cq+m8zfPcIpmwODs4kbT1ZgNCSmzmf/stXjUPpb0xL3WM9PA
v7sBq1PBtqyLJzK/16bNsmyLdG5WvrN8cGOcYp7hVLRsi66eXZnysxXbn9dkLfOatrZp9xtnDU4d
F0Vi+O8Wl0C/4pBlHrkW446fei/bhjKsW4dDx5/pj4yDZ2Qw5wT0pi78+81jdFO2unTi09Ux05uu
o2e9k4b1In3Xxjhi104yyVMeahvxu54AkHy+yOu9/Uub6NYcmk5DjiDPIPZ1d36mufUa+wzYsvOd
sdiFK9zjxDPeK7iu7Slve+Wi41MaKT81nf2tjsE1XffbvHWM3Nt+Hc0999bKrXmrHgnO+ceYzyL7
DJW2dg/mIk7D5XSTKm91LskyvN5a9JPlH712jKhtUOm86L5fcaz8+DvH3DN6uHT2xMolbVLHgj35
SWO9rumDlJWf/FAO1mIX9VRZOqKXJH/X5IG06tRrPOV9NuZOuB2BJ+M4T+dt3Vm4ZVhJgxNO0rrL
yUG7MwZr1KpGIw1m6cBJA9XWrladUdWwfaSsrr7yVI2wmVbjQmc8z3T12nzUFwd1PmcnFAa9xCKf
ey1/19KZ/mjsseXslgaD/HOBRGJuepzFXVkaYJNfnVwMkijGXT6dL508kX6tnSstHVoMiqyi4/MA
7Bbv/hjMkT9psCKS79iwOgk+fve73939oUg4yHYyQFtyXCJ9wjx8DxgMzFf7gmWejffgkX0f/tbK
0nBbsT8ie11aJjfqn5hVvk1DOlaAYQCST9pGY1iHX1emebdi++We8dBxh7bkRaCTI++hhFKuLzx5
RH3yc61emfba9S3yLg613SmzthP3TJ/teY2/MzJIu3r8PQpxV4b1vsaL8tXVMemarqNnvZMGL23I
BGOa7Z70dPR19JhL2UGFvLPbkTGDbymmMzfLSrpegysvOvwx5nr/PuO9/Ss/wbK2Wx5aOrBqX97C
/r7qY3vhOKV8x2VixmperLmujust3jq56PiVxlabro3BHb16r+urpNnbfpXe3t9r5WZ+d/KD7be+
9a3n9At0DefIik1HW92DhV4swqg6m3oGZbGSPnUZrrnPH+N18ngf18pCle1K+z76fqW59Vsct5zh
5L9VD9/ioT5TR6QtruFV8/rbel3Ln2XxLUn0cOfrGvMMeaUM+yw8HtVLyC9/13AnrX2fo+QxaFe+
/M1uMMZ9MXgV4ttfxR8nBbDXeVt3Fm5xnAYnnKR1lxOyhsx1xmCNWshmBg1m6cBJA9XWrladUdWw
faSs5MVreapGWJ8TaxTtjOeZrl6bj/rioM7AbigMeolFPvda/q6lM/3R2BPU0GPBIP9cIJGYmx5n
cRc0wCa/OrnQQXM3X+b3XaSTJ9KttXPS4FqHFrLJaU+8T6KDd384wZE/AzuMGFfRE+GDz87wxwJc
6PHXyQC72ngfp0+YhzEcDMxX+4Jlno334JF9H/7Wgobbiv0R2evS6jBKzCrfpgEn7BkcdWqgbTzS
tcOvK9O8W7H9cs946LhDW/Ku1MmR9zxm1UUgeUR98nOtXpn22vUt8i4Otd0ps7YT90yf7cn9rXBG
BmlXv2uM3tQF632NF+Wrq2PSNV1Hz3onDew/yARjmu2e9HT0dfSYSzmZA3nnBFDGDN6t05mbZSVd
r8EVXZg/xtyHCHv7V36CZW23PLR0YNW+vIX9fdXL9sJxSvmOy8SM1X6Gszqut3jr5KLjVxpbbbo2
Bnf06r2ur5Jmb/tVent/r5Wb+d3JD87f/va3n9Mv0DWcIys2HW11DxZ6odNWnU09g7L4Tn3qMlzb
5ozX9x2UhSrbtZz76PuV5tZvcdxyhpP/Vj18i4f6TB2R9riGV83rb+t1LX+WxcmL6OHO1zXmGfJK
sM/C41G9hPzydw130tr3OUoe21Dly998Jolxf8LtCDwZxzkKgIYZjJRru851/KF4IEQ5Cf7rX/96
zlgDTY/OrAZP8mo0qkatNUOu6TFqd98ZJp+OFL8jTDlnyjKfsTxVI6zPid2tRmdf2yHDyjs6Kg4R
84o7q+G9Z+yRSLTJljFM/q6lk+6RmHIxQEO7c2h77Dr11vGqgZg8ncPIBRXJL3XQadIdA+oiAsrp
5Ik6KSNVpmp9qQdlQ2vN6UYe5AzF3PzyiAym89bnGiBwhOUOU+93ZUFTub3Gt+XsjffgYZ3AopNB
ykpnQ/1+Jvn3HNUMnS6tY0j2rcq38gTuiSs0OWrYXaodfhrF1+QXel1bWiaKfYe3YyDPOPIG/NbK
MD95wIDf1ntNBnWq8ryrlzT3xGflHdri0PW52k6kPzMOnpVBjWrd4gPmHxdUpGx1eNkWXR0zvek6
eh1OyJV9G4cHY5j0+H6dR0NXx7n9jRXaps9Y5+AWvyh8yI5/D7ULsevTyavX+e1jjob0fsaOk/Ds
XOLzLexNc2uMzHiyhrhhyFWP8R68ZFlbvHVykXm9lsZWm9rujHd1kSJ04B+DJAssHGek3/VVnu1t
P+kcjdfKTTqeaMNpHN1Y7CcXqHcuuuhoe/S8bVX7qjvb18Z1DQTokMnjfVwrC1vj+X30/aO8qoN2
+gm0cLhIU8zP6OHS2BPnYoq100voA+woxPDT0ZTXLbzJx+kSfkql0z2Tdo7htucZvQSaR3D3OGXm
ka6PyCP8bT033WOKb38Vf5wUMIhpmMFIybtUF3T8+S3TNBwhmxmg6dGZ1eBJOo1GzCcZ1gy5pseo
3X1nmHw6UvyOsHTNu7cs8xnLUzXC+pzY3WqM52s7ZFhI8vOf//y57zWKO4u3a/Bb4bQJ/WAtyN+1
dGv5t+5TLgZoaHcObd4VnMN0vGogJk/nMHJBRfJLHXSadMeAuoiAsjp5og5r7VzrRz0oG1qMuWsB
OeM72gZ5RAbTeetznaE4wnKHqfe7sqCp3Fb5lO7ZeA8e1gksOhmk7HQ21O9nkn/PUc3Q6dI6hmTf
qnwrT+CeuEKT92IX/XT4aRRfk1/odW1pmRjSu+AYyDP1wrUyzE8eMCBY7zUZ1KnK865e0twTn5V3
aItD1+dqO5H+zDh4VgbVS7rFB7nwIGULHmuwLbo6ZlrTdfQ6nJAr+zYODxbPGHg/8Gjo6ji3v7HJ
qwvq/lv8umgA+eHvoXYhdn2645n3HXnhKOQuOE6SzrnEdFvYm+bWOB2D8sr7vXqM9+AlwxZvnVxk
Xq+lsdWmtjvjXV2kCB34x2bBAgvHGel3fZVne9tPOkfjtXKTjifacBpHNxbrX6Deueiio8184NxO
e9W+qk1/bVznPY186JD3HZSFrfH8Pvr+Ub7VQTv9BFosFjSI+Rk9XBp74lxMsXZ6CX2ATxzxftsF
ed3Cm3ycLuGnVDrdM2nnGG57ntFLoHkEd78tzzzS9RF5RE/eem66ia8j8GQc57zEpWEbBxCTMIZY
BkyUzTwSi12V5GFS0gHJrksMNqTnG946LRgs2TEHLfLwRzoN1CiE3pemu6zT6aoSDT0mXBQA87F6
mSNcecZfHs14pizo8uKK040/duzBEw6OvJ/GaQ3QlA8mHLFmneGVF3v5Ez/K8duJX/va15451DGw
YAA3PfQSC/KBs/xBnzSmSx7F6GzsyzhGbehWOtRboyMKCHXW+CsWTNC0A0Y9vtO7Vi8cRT5DuQUH
8iFPOpl4XuUJvuDjy1/+8l1+ZAqnt/jYDsm7RlVWrbLiMdOgcHi0OpjCB3kpQ+c++dOIynPbsjrO
NbBSVrY9eWjXLcdv8rz3Gr7glU8mgBd48JK3hgffkxN3+nk6J1gEIn8cgSsW8AI9ZI+8e2SPvLVv
M/mSH8zgEbq+uDk20JcsA0cWaUjLN9ltD56bPnFKAzztgyGSvkMbq8xh+AavzKcDmHq5kAhcWQGn
I00HIDjIB1jhtJQWcojihAMHHj2qHf51qnKf8RMeuI8Dg3v+dfWS/t74jLxDmxdD+Kh9jn6Z8iUf
1MG+CnZ7x8EzMmgbwR9zAm0KXzil+dyF+KVsyad9AX6RcetIfp9xbXpiXzQ6en5ns+Lkogp5wfn5
k5/85Blv3K/OPfsEz9jdnHww1uE84dmWk9XTOSwXmlmXW6+df+j/2afX5h7GV76/LT/MKznm0pd8
lt+zphzaiOOReQ72WQbPbq1L5vf0CMqiL9Mf/SYb91ik4Y5T87FjVN5I733ilIu8z7VytlcGc17l
pBdW1EoTQwQ6BHwwz6Cz+Az56foqz9Hhsv3Mc0ts+1CvOieDD20qfXjzRaz2HdKQ1u9WUjd2IXEf
2ck65WJKjCSkZfxBXhjzycP47djEmJp88Bxecq65tc9A3zaGtsYFyk79hLL9u4++L629sQsyGEPh
l3z0a8YQ+gDy5Bx4Vg/fy0umy4U0yIi6BzIEhrQv7Yz8Zlsif53s2RY57lieOhr02IWUOhB9xG8q
8lwdJGXFe/C2Ry+h3CO4p1ywkACe5J160S/UQbbmBfM8pvj6q/armyIN2xgemSswxOJYwvmZcwuL
JQmMFRop0XEw2JAevcZdoMghO+agZSCdRz/XY3ah6S5r5MWgcRV67BRibjPQhzjClWf8Mf8YzpRF
XpxcON34ox/CEw6OvJ/GaQ3QlA8mf//735/VGV5/9atfPeNP/CjHBVLf/OY37/QF7iHzqWdAL7Eg
DTjLH/RJwx9tlTyS9pbAewR1wqgN3Rqot0ZHFs3Qzv/+97+f1RWeWABAO2DUS32v1ot3aduQEwzA
gXzIk04mnld5gi/4+OpXv3qXH5nC6S0+KXvy71zOnMEpGJkGnUQ7EjzCB4EydO6Tn/pkgC/4q45z
DayUlW1PXtpry/Gb9Pdewxe88skE+AEPjN9reHA6orjTz9M5wSIQ+eMIXLGAF+ghe+TdI3vkrX2b
+UHMNNBrUHZsoC9ZBvojgbR8k9324Lnp7xK8+S8N8PQ1jOT0HdoYozv5MHyDVwbmbctkPieAK/On
jjQdgOAgH2CF09KAHDIn4sCBnke1w79OVe4zL8ID93kP555/Xb2kvzc+I+/Q5r0OPsAu+wj9MuVL
PqiDfRWZ2DsOnpFB2wj+mBNoU/hCJ2JzhfjRH5Ut+bQvwC8ybh3J7zOuM7iQqaPHiZDQqGNT6qE8
x/b4i1/84hlv3KvOPfsEz9jdnHww1uE84dmWkzV1UtJC8z6D8w/93z69NfcgO3x/G174Y15JeaIv
+Sy/Z005tBEnavJ8aw6+j/p5egRl0ZeRG05zlDcWabjj1PJ4v5W3KmcpF6Y3Vs72ymDOq5z0wiZA
A+9B6BDwwTyDzmJAfrq+yvM1fcu8Z2L1D+pV52TwoU0N8KY9vfYd0pAW/U78+T45AdnJOuViyv9b
HKmkZ/xBXvwECk5PxybG1OQDmvCSc82tfQb6tjG09VFQduonlG24j74vrb2xCzIYQ+GXQL9mDKEP
IE/OgWf18L28ZLpcSOPmHJ4jQ2BI+9LOjD/Zlmf0QXU06P3+979/Tgeij/zxj398JoPqICkr3oO3
PXoJ9TiCe8oFfgd4MtBm9At1kK15wTwTX0fgSTnOUb49MsXBtIsx2vOySXomER3gXdp6D8U1jb8+
xxAEvaqU8DyPRfUFynwcHc6fv4lx9ECLv7NlpZEqaXfXubs8d4maVuOevxM/eKwKoOm6OI3AOsK6
dHkPQ414HIkZ4NOxJ83cze9E6jNiDK0oejoM8lm9FhuPw2YS0fhX09bf5CW9u9Hq8/ydjhgxYMCE
V9MxieHAkifv4yjRiIrcV/7I87Of/ew5Wn/605+ew7zihPH+pz/96X9/8IMfPCsfXixHHs/EtSzr
kTHHDidtJot0apG261t+25O8Tk5Jt17brqTv+hTPWThgPhzzGL1TtjEC0861XcxTY+Ui66cjpab1
d7fTESdLykdtd/LmDj2dqtKkjemv/jbOzxfs6fuW28lw1vHa9VF5R6mu/V8Z7cbV5O/MOHhGBpl/
coGWGK/FKIXgtKePQAN5dGevTo6kzYIexkmdcT7LfJTHMag+6+ItxznpGZvoEz/+8Y+fo4NS2bU7
uLgbn/w5Znfpz9xL+l2duIfSnLQ7GWScyb4NdhjIyLc2B9XybNcs6+x1jkfqJRj1LLPuSK1yQVvh
ZOzkwv4Db2dkkHzp2IcnypM3YwzlOou7voqxD1qdvlVPFDmKoy+x8lJj+opjdGKd6ZKHnAtM873v
fe9/+hzPdBjm2GXfWtMTmJeoI3kcay2HuM7lR/DoeE/aXiNntledJ4/2/SP8mdYXVfnJ/sg9frN4
wfRH9XDzHY0ZxzT2y1sda7nP+CrttXY2P3HOVeYD/6oDYcj3U0Tmpz0wcpDvVr3kKO4uYpMXjGcu
lvEe8V//+tdneFi/xxxff9V+tVPgQMz26a4x2mtcw3ipA7xLW+8xZqTx1+cYgghpKPNZHota39XQ
+6rux3u44WxZaaSSj7U4d5d384TGPfMnfvCZhkjTrMVpBNYRtpbW+3uOgRSvjNPhKC3i3M2fxkbT
YGhll7YOA+93sdh4HDZ9X+Nflz7vkZf09X0m03idjhjriB4Pr6ZhvMSBJU/ex1GiIxm5r/yRh5Nz
khbjWoaKE8b7X/7yl8+9P5LfcjLv0etalvXImFNsMmDUT6cWabu+5bc9yfubN3fmJd16bbuSvutT
PMcGYz4c8xi9U7Z5J6ada7uYp8bKBWUarumw3U5HnOTZprXdKRc7oUGnqvzQxvRXfxujlxv29H3L
7WRYOnvio/KO0ysd+/CvjHbjavJ3Zhw8I4PMP7lAS4zXYt4xCHv6CDSQR3f2dnYkFvQwTuqMs9zM
R3ksUPRZF285zknP2ESfwH6X+XGWdgFc3NRB+hyzu/Rn7iX95CmvWbCZoZNBxpns22DHok7C2hyU
ZXBtu2ZZZ6+xnUpfvQT7hffqjtQqF7QV+nYnF/YfeDsjg+TLTRjwRHnyZsyiM53FXV/FCUno9K16
oshdwgP/XGgnLzWmrzhGJ9aZLnnIucA02KNrn+OZDsMcu+xba3oC8xKBPI61lkNc5/IDUDw3jyXN
ep07qus8ebTvH+HPtP/85z+fk6Hsj/DKb+wOhqN6uPmOxoxjuZETXrp2Z3w1rLVzYp5zlfnoL1UH
YiGBnyIyP+3BAi3CrXrJUdxdxCYv3/jGN54tlvEeMZugJtyOwJNznCOw7DznO5MpMFxjPPvLX/5y
5ywnnX9MZtV5QSdgByGGoTTC4WhA+ct70PaI6Dp58awagf72t7892+GcPGJEcteHvJ0tqzM2Z1le
U08Nr5bJAN0ZTHEQYKjWQGp64s6xgtGOnavufKbMNLDmffnpYjDPsvZed4ZE6GOUl4btlQZnDI06
gHEs1ramnVD80jCTxmkcVblb1DrhZGXFkr9xQpA2d3TWRRSmxXHU4U5+Xs5NlzHGVYywmQ/FU8Nt
VxZ1xbGBwVeMiMUJeal4UOb3v//9u9X/mefstWVlXeo1O/s6+hjT9vIHjUq3/s527foUq6FzNyFt
yk68XJ3qwhmMCylnlAWvrKjNXSTKRdaP9uCYpcofi34oCydXpveaMvOb0uSnDTFuuAPPtMTcw6lT
y+E3CyU6Bx/jrSc2mI968QKQO5PXZDjLv3Z9RN6R9Vp3+jbt40py+SXmRSfLPzMOkv+IDJKets1T
LOSJMSR37tNujoV7+gh0kCUMUJSDUUzaxLQRY3/n3M3FNmLCQgxkjRMniJmbNITkgijSZ1/pxplu
rrMc4rrAx3pnmluv98w/7Fyo5bAw5re//e1zWIor/Yrn5sEg4O562s90Nb7P+jHe2x8dv8ATWaBc
jHryR1xxQC5o104uqAsvSuQ7I4OWy2I9eUws0BkqfylLptX53znOebm2nDPxnnqpIzBG1DEdHpMH
8QVX+WdnSR2beGZ7wTf9jHue8JGLH6QDTcfxdLb7nLjqn0cwkfek112j/6ozZHud6ftH+Mu06KCJ
MXxSPkYTdPxMy/URPbzmPfqbNqi8wR+LVnhJTnq36IO0ATLUtdFXvvKVu1OgGMezvFv0EugcxZ0V
8F2fAR8Me4w9yd+rcH37q/jjp8DOc74zWWUL4xl6CsasDLRbdV4wB6IzI/NphONzWcxReY9yGH8I
uYPQ8qsRCD3UHc6mIcaI5K4P+TtbVmdszrK8pp7MDRnQBTpjL++RGKo1aGeezrGC0Y6Fee58pkwM
+ebP+/LTxWB+JnSGROjTdw22VxqcMTTqAGaOr21NO2FvSadcGqdxVOVuUevEeMdCNX/jhCBtLurN
d3XTEeM4Ejd5JyZ/975FHoyrGGEzH7uJNNx2ZVFXdObaR8QJeal4UBbvTNgi7iNYVta/XrN7uAts
SNnLX12UVsvgd7Zr16eYU9BnzEubshOPucN7Lpzh/TvljOfwyoaL3K2qXGT9aA9OZ5GmMYt+KAsn
VxcoM78pTT7akJ3q6Bo1cA+njvQzZqEEOlMNjLd1PKNe6IW5M3lNhiu9rd9H5B1Zr3Wnb9M+6BZZ
N645bSLDmXGQ/EdkkPS0bZ5iIV+MIYw//qbdcHQT9vQR8iFLfqqBo52lRUwbMfZ3zt1cbHNX4PKP
hRjIGov1iXlfd9FILogiffaVbpzp5jrLIa4LfKx3prn1es/8gx2pBhbGsHA4sfSafsVzA4sp3F1P
+5muxmfnOMvJmPHe/uj4BZ7IAuViS8lQcUAu0Ds6uaAuOGgJZ2TQcrFryWNigc5Q+UtZMq3O/85x
zqajW8KeeqkjMEbUMR0ekwfxBVf5//Wvf/0/YxPPbC/4d1OMJ3zk4gfpQNNxPJ3tPieu+ucRbOQ9
6XXX6L/qDNleZ/r+Ef4yLTpoYgyflM+iM3T8Go7o4TXv0d+0QeUN/rDlYivOcIs+SBsgQ10bff3r
X7+z3zOOZ7hFL4HOUdyxqXV9BnywLzOnTLgfBN4CmUUYrob//Oc/V9M8tgSLAfmyKISXt7zlLZf3
ve99l0WANlkk/aL8Xd7xjndcPvKRj1ze/va3b6a/9SGYLhPvHX/vfe9778q8leZ95ge7RUm+wwO6
H/7whzfJLwrBBQwJ73//+y8f+MAHNtO/Kg8XhemyOBHu6rQc+7G7nZbjXy7LgHsh/6LcXd797nc/
WJUXg8SF8sCdNgP7tfJoV3iiPWkz8i7KweVtb3vbZTFe3sljx+jiiLx8/OMfv3uubIAHZVHuYwnU
bTn29K6O4P/BD37wUckiODLs0j6MM0eC7UX+97znPattXGna5rTxnn6JLCET8EhZ5Lk2Hi4O6Tue
4PGNN95YlaPK25nfR+T9DP3Mo6wzLxCujYOkOSOD1GlRvu4w39tOlPUyw/Iydlle1i+L4/yy7NS9
G0Pkh7mAeRc5pW7Li+9leeG9+30Nw2XF/GVxGN6RWhZbXRbF7/LWt75V0o8iRldYHFXPeKEvr425
zxK9oAv4WgyPl89+9rPP5u/FAHunbyzHTz5o3zxSRWSEdqW/ICePaR45Uo+HSsvYAz6vGi639P1b
sWTuYs5ivN6D24vSw5HxxSB0QddnPGS8eNe73nVrddv8tSz0z2tY3KKXwMRR3NHRkG10NHDYo5e0
lX0EN6/NZ4+AxXtjgXZDT+G9Gpn62Mc+tkmb9L5Xf/SjH72qR24S2/FwMeZdFqfGHX/oH5T5mAJj
Orq1+uS1dwD0aTAkgDfvM08hMEbxzkCdeI/c206M175XM2Y8pM7FOE158Mh7NdivlUe7ah+gzdB3
fa/G9kR/6QJ62ic+8Ym758oGdCiLch9LcE4h5u9DH/rQo5JFcPS9eq8sia3tRX7m57U2Nr2xbc77
2p5+iSzlezV5rr1XMy+jG8Pjln1Gnm6Jj8j7LeWQV1nfOw6S54wMUid0E9p0bztR1ssMy2LGy5e+
9KXL4ji/LDt1n3uvZi5gXPC9Ghuy79XX5pJlwdVlca7cVW3ZzXpZTnZ4lO/V2pFhlL68tz8+dJvB
17Iw/rJsPno2f/MbfYN37bUx/qH5qvSREd+rGc8e0zxSeX0Zvxl7XsX36lv6/q04M3cxP77zne/c
JU8vSg9nTsA/43s148VDvldnWeif1/rWLXoJbXYUd2wM+V69Ry+5VTZet/xP2nH+ujXm1HcQGAQG
gUFgEHgoBDCAq5TiiF1231yWVeuX5cSJy/IN3Xt7cVx251yW71TdVWNZnX753Oc+91BVGrqDwCAw
CAwCg8BpBF4nx/lpkCbjIDAIDAKDwCAwCDyHQL5XL7uSL8uJqZflVJbLcuLEZfmG7r29Vy8nrl6W
Y4fvyl5OObgsJzI9x8f8GAQGgUFgEBgEBoF1BMZxvo7NPBkEBoFBYBAYBF57BFhpuhwzelk+KdBi
sRx7fPn85z/fPjtzc/lm22U5ivFuJzsv+6ygnDAIDAKDwCAwCDw2BMZx/thaZPgZBAaBQWAQGAQe
LwK8V7Pz+89//nPL5HLs8eULX/hC++zMzeXzb5fl+Pq7nezL51XmvfoMiJNnEBgEBoFB4LVFYBzn
r23TT8UHgUFgEBgEBoHrCHA05ne+850Lu78zsGJ9+abhZfnmUd6++ZrjDJdvT10+/elPXz75yU/e
TG8IDAKDwCAwCAwCD4HAOM4fAtWhOQgMAoPAIDAIPE0EeK9evpF7YeF5Bt6n//CHP1y++MUv5u2b
r3mv/sc//nH5zGc+c/nUpz51M70hMAgMAoPAIDAIvE4IjOP8dWrtqesgMAgMAoPAIHACAb6xx/d6
iAl8S+jotwRPFDtZBoFBYBAYBAaBR4vAOM4fbdMMY4PAIDAIDAKDwKNEgPdpvpPte/Ubb7xx4W/C
IDAIDAKDwCAwCDwuBMZx/rjaY7gZBAaBQWAQGAQGgUFgEBgEBoFBYBB45AiM4/yRN9CwNwgMAoPA
IDAIDAKDwCAwCAwCg8AgMAicQGAc5ydAmyyDwCAwCAwCg8AgMAgMAoPAIDAIDAKvLwLjOH99235q
PggMAoPAIDAIDAKDwCAwCAwCg8Ag8HQRGMf5023bqdkgMAgMAoPAIDAIDAKDwCAwCAwCg8ADIDCO
8wcAdUgOAoPAIDAIDAKDwCAwCAwCg8AgMAgMAi8ZgXGcv+QGmOIHgUFgEBgEBoFBYBAYBAaBQWAQ
GAReLQTGcf5qtddwOwgMAoPAIDAIDAKDwCAwCAwCg8AgMAjsQWAc53tQmjSDwCAwCAwCg8AgMAgM
AoPAIDAIDAKDwJsIjON8RGEQGAQGgUFgEBgEBoFBYBAYBAaBQWAQeHoIjOP86bXp1GgQGAQGgUFg
EBgEBoFBYBAYBAaBQeABERjH+QOCO6QHgUFgEBgEBoFBYBAYBAaBQWAQGAQGgZeEwDjOXxLwU+wg
MAgMAoPAIDAIDAKDwCAwCAwCg8CricA4zl/NdhuuB4FBYBAYBAaBQWAQGAQGgUFgEBgEBoEtBMZx
voXOPBsEBoFBYBAYBAaBQWAQGAQGgUFgEBgECgLjOC+AzM9BYBAYBAaBQWAQGAQGgUFgEBgEBoFB
4AkgMI7zJ9CIU4VBYBAYBAaBQWAQGAQGgUFgEBgEBoEXh8A4zl8c1lPSIDAIDAKDwCAwCAwCg8Ag
MAgMAoPAIPCiEBjH+YtCesoZBAaBQWAQGAQGgUFgEBgEBoFBYBB4EgiM4/xJNONUYhAYBAaBQWAQ
GAQGgUFgEBgEBoFBYBB4DoFxnD8Hx/wYBAaBQWAQGAQGgUFgEBgEBoFBYBAYBLYRGMf5Nj7zdBAY
BAaBQWAQGAQGgUFgEBgEBoFBYBB4FREYx/mr2GrD8yAwCAwCg8AgMAgMAoPAIDAIDAKDwEtDYBzn
Lw36KXgQGAQGgUFgEBgEBoFBYBAYBAaBQWAQeDAExnH+YNAO4UFgEBgEBoFBYBAYBAaBQWAQGAQG
gaeIwDjOn2KrTp0GgUFgEBgEBoFBYBAYBAaBQWAQGARedwTGcf66S8DUfxAYBAaBQWAQGAQGgUFg
EBgEBoFB4BAC4zg/BNckHgQGgUFgEBgEBoFBYBAYBAaBQWAQGAReCQTGcf5KNNMwOQgMAoPAIDAI
DAKDwCAwCAwCg8Ag8FgQGMf5Y2mJ4WMQGAQGgUFgEBgEBoFBYBAYBAaBQWAQuD8E/h8froP8d8M6
vAAAAABJRU5ErkJggg==
--Apple-Mail=_E308C386-1613-453B-B261-E8AA7EAA7E10--

--Apple-Mail=_435AF4F8-0612-4631-BFB5-BD8C1BADD77E--


From nobody Mon Oct 17 21:10:06 2016
Return-Path: <ben@nostrum.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C88412943E; Mon, 17 Oct 2016 21:10:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.33
X-Spam-Level: 
X-Spam-Status: No, score=-2.33 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.431] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZtuzDsNF6BzR; Mon, 17 Oct 2016 21:09:58 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0693D12952E; Mon, 17 Oct 2016 21:09:48 -0700 (PDT)
Received: from [10.0.1.21] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u9I49ekj015914 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 17 Oct 2016 23:09:40 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.21]
From: "Ben Campbell" <ben@nostrum.com>
To: "Dino Farinacci" <farinacci@gmail.com>
Date: Mon, 17 Oct 2016 23:09:39 -0500
Message-ID: <96848257-D21D-4ACF-A76D-975503C7A0E0@nostrum.com>
In-Reply-To: <A7D2111B-594C-4EBF-A07E-26077A845677@gmail.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com> <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com> <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com> <A7D2111B-594C-4EBF-A07E-26077A845677@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_AFB8E0AC-10F7-4AA2-BE93-8CC0907BE41D_="
Embedded-HTML: [{"HTML":[1245, 2712], "plain":[651, 1635], "uuid":"61D9D81A-15DF-4F1F-A896-15B2CBEC3D57"}]
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/FaH8e6BIeAJYl4hWwEnOuRvTqlU>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 04:10:00 -0000

--=_MailMate_AFB8E0AC-10F7-4AA2-BE93-8CC0907BE41D_=
Content-Type: text/plain; format=flowed

Hi,

I can live with that, with a couple of minor comments: I think it might 
be improved by changing "examine" to "consider the applicability of". I 
say that because I do not know for a fact that RFC6820 really applies to 
lisp use cases; I hope people who understand lisp better than I can 
reach a conclusion on that. But I'm okay with an experimental RFC 
pushing that analysis into the future.

One other point: RFC6280 and BCP160 are the same document. I think these 
days we prefer referencing BCPs by the BCP number, but the RFC editor 
will do the right thing.

Thanks for addressing this!

Ben.

On 17 Oct 2016, at 22:22, Dino Farinacci wrote:

> Ben, how is this?
>
> Dino
>
>> On Oct 17, 2016, at 7:26 PM, Ben Campbell <ben@nostrum.com> wrote:
>>
>> Hi Joel,
>>
>> That seems reasonable for an experimental RFC.  If someday this gets 
>> promoted to standards track, we would probably want to readdress it.
>>
>> (The fact that this is experimental is the reason my comment was a 
>> comment, rather than a discuss. I probably should have mentioned 
>> that.)
>>
>> Thanks!
>>
>> Ben.
>>
>> On 17 Oct 2016, at 21:17, Joel M. Halpern wrote:
>>
>>> Ben, given that this geo LCAF is experimental, would it suffice to 
>>> put in the LCAF document a note that any specification for using 
>>> this form of LCAF needs to discuss RFC 6280 considerations?
>>>
>>> Yours,
>>> Joel
>>>
>>> On 10/17/16 4:21 PM, Dino Farinacci wrote:
>>>>> That's not really what I had in mind. RFC6280 has considerations 
>>>>> that apply do the design of protocols that can transfer location 
>>>>> objects, not just their use or implementation. My question was 
>>>>> whether the working group had considered whether they apply to 
>>>>> this document. I'm not saying that they do; I am not an expert on 
>>>>> lisp, and maybe the this data doesn't get sent or used in a way 
>>>>> that matters from the perspective of RFC 6280. But I would hope 
>>>>> that the working group has or will make an informed decision about 
>>>>> that.
>>>>
>>>> We, the LISP WG, had not look at RFC6280 considerations. But the 
>>>> draft-farinacci-lisp-geo-01.txt draft is the use-case document for 
>>>> the LCAF type. Since this draft has not been made into a working 
>>>> group draft we have more time to look into this, if it becomes a 
>>>> working group draft.
>>>>
>>>> Any comments chairs?
>>>>
>>>> Dino
>>>>
>>>>



--=_MailMate_AFB8E0AC-10F7-4AA2-BE93-8CC0907BE41D_=
Content-Type: multipart/related;
 boundary="=_MailMate_BF26B4AA-F696-4D64-B54D-F727A911EC59_="


--=_MailMate_BF26B4AA-F696-4D64-B54D-F727A911EC59_=
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"=
>
</head>
<body>
<div style=3D"font-family:sans-serif"><div style=3D"white-space:pre-wrap"=
><div dir=3D"auto">Hi,
</div><div dir=3D"auto">
</div><div dir=3D"auto">I can live with that, with a couple of minor comm=
ents: I think it might be improved by changing "examine" to "consider the=
 applicability of". I say that because I do not know for a fact that RFC6=
820 really applies to lisp use cases; I hope people who understand lisp b=
etter than I can reach a conclusion on that. But I'm okay with an experim=
ental RFC pushing that analysis into the future.
</div><div dir=3D"auto">
</div><div dir=3D"auto">One other point: RFC6280 and BCP160 are the same =
document. I think these days we prefer referencing BCPs by the BCP number=
, but the RFC editor will do the right thing.
</div><div dir=3D"auto">
</div><div dir=3D"auto">Thanks for addressing this!
</div><div dir=3D"auto">
</div><div dir=3D"auto">Ben.
</div><div dir=3D"auto">
</div><div dir=3D"auto">On 17 Oct 2016, at 22:22, Dino Farinacci wrote:
</div><div dir=3D"auto">
</div></div>
<blockquote style=3D"border-left:2px solid #777; color:#777; margin:0 0 5=
px; padding-left:5px"><div id=3D"61D9D81A-15DF-4F1F-A896-15B2CBEC3D57"><d=
iv style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space;">Ben, how is this?<div class=3D""><br class=3D=
""></div><div class=3D"">Dino</div><div class=3D""><br class=3D""></div><=
div class=3D""><img apple-inline=3D"yes" id=3D"800A3B8D-A90E-4019-A761-8D=
4FEAAA3249" height=3D"258" width=3D"749" apple-width=3D"yes" apple-height=
=3D"yes" src=3D"cid:573E45EC-AF86-4B4F-A1AA-3A7D48021A58@wp.comcast.net" =
class=3D""></div><div class=3D""><br class=3D""></div><div class=3D""><br=
 class=3D""><blockquote type=3D"cite" class=3D"">On Oct 17, 2016, at 7:26=
 PM, Ben Campbell &lt;<a href=3D"mailto:ben@nostrum.com" class=3D"">ben@n=
ostrum.com</a>&gt; wrote:<br class=3D""><br class=3D"">Hi Joel,<br class=3D=
""><br class=3D"">That seems reasonable for an experimental RFC. &nbsp;If=
 someday this gets promoted to standards track, we&nbsp;would probably wa=
nt to readdress it.<br class=3D""><br class=3D"">(The fact that this is e=
xperimental is the reason my comment was a comment, rather than a discuss=
=2E I&nbsp;probably should have mentioned that.)<br class=3D""><br class=3D=
"">Thanks!<br class=3D""><br class=3D"">Ben.<br class=3D""><br class=3D""=
>On 17 Oct 2016, at 21:17, Joel M. Halpern wrote:<br class=3D""><br class=
=3D""><blockquote type=3D"cite" class=3D"">Ben, given that this geo LCAF =
is experimental, would it suffice to put in the LCAF document a note&nbsp=
;that any specification for using this form of LCAF needs to discuss RFC =
6280 considerations?<br class=3D""><br class=3D"">Yours,<br class=3D"">Jo=
el<br class=3D""><br class=3D"">On 10/17/16 4:21 PM, Dino Farinacci wrote=
:<br class=3D""><blockquote type=3D"cite" class=3D""><blockquote type=3D"=
cite" class=3D"">That's not really what I had in mind. RFC6280 has consid=
erations that apply do the design of&nbsp;protocols that can transfer loc=
ation objects, not just their use or implementation. My question&nbsp;was=
 whether the working group had considered whether they apply to this docu=
ment. I'm not saying&nbsp;that they do; I am not an expert on lisp, and m=
aybe the this data doesn't get sent or used in a&nbsp;way that matters fr=
om the perspective of RFC 6280. But I would hope that the working group h=
as or&nbsp;will make an informed decision about that.<br class=3D""></blo=
ckquote><br class=3D"">We, the LISP WG, had not look at RFC6280 considera=
tions. But the draft-farinacci-lisp-geo-01.txt&nbsp;draft is the use-case=
 document for the LCAF type. Since this draft has not been made into a wo=
rking&nbsp;group draft we have more time to look into this, if it becomes=
 a working group draft.<br class=3D""><br class=3D"">Any comments chairs?=
<br class=3D""><br class=3D"">Dino<br class=3D""><br class=3D""><br class=
=3D""></blockquote></blockquote></blockquote><br class=3D""></div></div><=
/div></blockquote>
<div style=3D"white-space:pre-wrap"><div dir=3D"auto">
</div></div>
</div>
</body>
</html>

--=_MailMate_BF26B4AA-F696-4D64-B54D-F727A911EC59_=
Content-Transfer-Encoding: base64
Content-Disposition: inline;
	filename=PastedGraphic-2.png
Content-Type: image/png;
	x-unix-mode=0666;
	name="PastedGraphic-2.png"
Content-Id: <573E45EC-AF86-4B4F-A1AA-3A7D48021A58@wp.comcast.net>

iVBORw0KGgoAAAANSUhEUgAAB84AAAKwCAYAAAD5k1XfAAAMFmlDQ1BJQ0MgUHJvZmlsZQAASImV
VwdYU8kWnltSCAktEAEpoffeQXqXKh1shCRAKAESgoq9LCq4drGAqOiKiIprAWSxYcHCImCvD0RU
VtbFgg2VNymg62vfO983d/6cOefMf+aeO5kBQNGWlZ+fgyoBkMsvFMQE+zGTklOYpB5AAfIAADsg
z2IL832jo8PhLzDW/13e3QKIuL9uJY71r+P/VZQ5XCEbACQa4jSOkJ0L8TEAcHV2vqAQAEI71BvM
KswX4yGIVQWQIABEXIwzpFhdjNOk2FJiExfjD7EPAGQqiyXIAEBBzJtZxM6AcRTEHG35HB4f4kqI
vdiZLA7EDyC2zM3Ng1iRDLFp2ndxMv4WM208JouVMY6luUiEHMAT5uew5vyfy/G/JTdHNDaHPmzU
TEFIjDhnuG77svPCxJgKcQs/LTIKYhWIL/E4EnsxvpcpComX2Q+yhf5wzQADABRwWAFhEGtBzBBl
x/vKsD1LIPGF9mgkrzA0TobTBHkxsvhoET8nMlwWZ0UmN3QMV3GFgbFjNum8oFCIYaWhx4oz4xKl
PNHzRbyESIgVIO4UZseGyXwfFWf6R47ZCEQxYs6GEL9NFwTFSG0w9VzhWF6YNZslmQvWAuZTmBkX
IvXFkrjCpPAxDhxuQKCUA8bh8uNl3DBYXX4xMt+S/JxomT1Wxc0JjpGuM3ZYWBQ75ttdCAtMug7Y
4yzW5GjZXO/yC6PjpNxwFIQDfxAAmEAEWxrIA1mA1zHYOAh/SUeCAAsIQAbgAiuZZswjUTLCh89Y
UAz+hIgLhON+fpJRLiiC+i/jWunTCqRLRoskHtngKcS5uCbuhXvg4fDpA5s97oq7jfkxFcdmJQYS
A4ghxCCi2TgPNmSdA5sA8P6NLgz2XJidmAt/LIdv8QhPCV2Ex4SbhB7CXZAAnkiiyKxm8pYIfmDO
BBGgB0YLkmWXBmMOjNngxpC1E+6He0L+kDvOwDWBFe4IM/HFvWFuTlD7PUPROLdva/njfGLW3+cj
0yuYKzjJWKSNvxn/casfo/h/t0Yc2If9aImtwI5ibdhZ7DLWgjUCJnYaa8LasZNiPF4JTySVMDZb
jIRbNozDG7OxrbMdsP38w9ws2fzi9RIWcmcXij8G/7z8OQJeRmYh0xfuxlxmKJ9tbcm0t7VzBkC8
t0u3jjcMyZ6NMK580xWcAcCtFCozvulYBgCceAoA/d03ncFrWO5rATjZyRYJiqQ68XYMCPBfQxF+
FRpABxgAU5iPPXAGHsAHBILJIArEgWQwA654JsiFnGeBeWAxKAFlYC3YBLaBHWA32AcOgiOgEbSA
s+AiuAo6wU1wH9ZFP3gBhsA7MIIgCAmhIXREA9FFjBALxB5xRbyQQCQciUGSkVQkA+EjImQeshQp
Q9Yj25BdSC3yK3ICOYtcRrqQu0gvMoC8Rj6hGEpFVVFt1Bi1QV1RXzQMjUOnoxloAVqMLkNXo1vQ
avQA2oCeRa+iN9Ee9AU6jAFMHmNgepgV5or5Y1FYCpaOCbAFWClWjlVjh7Bm+J6vYz3YIPYRJ+J0
nIlbwdoMweNxNl6AL8BX4dvwfXgDfh6/jvfiQ/hXAo2gRbAguBNCCUmEDMIsQgmhnLCXcJxwAX43
/YR3RCKRQTQhusDvMpmYRZxLXEXcTqwnniF2EfuIwyQSSYNkQfIkRZFYpEJSCWkr6QDpNKmb1E/6
QJYn65LtyUHkFDKfvIRcTt5PPkXuJj8jj8gpyRnJuctFyXHk5sitkdsj1yx3Ta5fboSiTDGheFLi
KFmUxZQtlEOUC5QHlDfy8vL68m7yU+R58ovkt8gflr8k3yv/kapCNaf6U6dRRdTV1BrqGepd6hsa
jWZM86Gl0Appq2m1tHO0R7QPCnQFa4VQBY7CQoUKhQaFboWXinKKRoq+ijMUixXLFY8qXlMcVJJT
MlbyV2IpLVCqUDqhdFtpWJmubKccpZyrvEp5v/Jl5ecqJBVjlUAVjsoyld0q51T66BjdgO5PZ9OX
0vfQL9D7VYmqJqqhqlmqZaoHVTtUh9RU1BzVEtRmq1WonVTrYWAMY0YoI4exhnGEcYvxaYL2BN8J
3AkrJxya0D3hvfpEdR91rnqper36TfVPGkyNQI1sjXUajRoPNXFNc80pmrM0qzQvaA5OVJ3oMZE9
sXTikYn3tFAtc60Yrblau7XatYa1dbSDtfO1t2qf0x7UYej46GTpbNQ5pTOgS9f10uXpbtQ9rfsH
U43py8xhbmGeZw7paemF6In0dul16I3om+jH6y/Rr9d/aEAxcDVIN9ho0GowZKhrGGE4z7DO8J6R
nJGrUabRZqM2o/fGJsaJxsuNG42fm6ibhJoUm9SZPDClmXqbFphWm94wI5q5mmWbbTfrNEfNncwz
zSvMr1mgFs4WPIvtFl2WBEs3S75lteVtK6qVr1WRVZ1VrzXDOtx6iXWj9UsbQ5sUm3U2bTZfbZ1s
c2z32N63U7GbbLfErtnutb25Pdu+wv6GA80hyGGhQ5PDK0cLR65jleMdJ7pThNNyp1anL84uzgLn
Q84DLoYuqS6VLrddVV2jXVe5XnIjuPm5LXRrcfvo7uxe6H7E/S8PK49sj/0ezyeZTOJO2jOpz1Pf
k+W5y7PHi+mV6rXTq8dbz5vlXe392MfAh+Oz1+eZr5lvlu8B35d+tn4Cv+N+7/3d/ef7nwnAAoID
SgM6AlUC4wO3BT4K0g/KCKoLGgp2Cp4bfCaEEBIWsi7kdqh2KDu0NnRossvk+ZPPh1HDYsO2hT0O
Nw8XhDdHoBGTIzZEPIg0iuRHNkaBqNCoDVEPo02iC6J/m0KcEj2lYsrTGLuYeTFtsfTYmbH7Y9/F
+cWtibsfbxovim9NUEyYllCb8D4xIHF9Yk+STdL8pKvJmsm85KYUUkpCyt6U4amBUzdN7Z/mNK1k
2q3pJtNnT788Q3NGzoyTMxVnsmYeTSWkJqbuT/3MimJVs4bTQtMq04bY/uzN7BccH85GzgDXk7ue
+yzdM319+vMMz4wNGQOZ3pnlmYM8f9423quskKwdWe+zo7JrskdzEnPqc8m5qbkn+Cr8bP75PJ28
2Xld+Rb5Jfk9Be4FmwqGBGGCvUJEOF3YVKgKjzntIlPRT6LeIq+iiqIPsxJmHZ2tPJs/u32O+ZyV
c54VBxX/Mhefy57bOk9v3uJ5vfN95+9agCxIW9C60GDhsoX9i4IX7VtMWZy9+PcltkvWL3m7NHFp
8zLtZYuW9f0U/FNdiUKJoOT2co/lO1bgK3grOlY6rNy68mspp/RKmW1ZednnVexVV362+3nLz6Or
01d3rHFeU7WWuJa/9tY673X71iuvL17ftyFiQ8NG5sbSjW83zdx0udyxfMdmymbR5p4t4Vuathpu
Xbv187bMbTcr/CrqK7UqV1a+387Z3l3lU3Voh/aOsh2fdvJ23tkVvKuh2ri6fDdxd9Hup3sS9rT9
4vpL7V7NvWV7v9Twa3r2xew7X+tSW7tfa/+aOrROVDdwYNqBzoMBB5sOWR3aVc+oLzsMDosO//Fr
6q+3joQdaT3qevTQMaNjlcfpx0sbkIY5DUONmY09TclNXScmn2ht9mg+/pv1bzUtei0VJ9VOrjlF
ObXs1Ojp4tPDZ/LPDJ7NONvXOrP1/rmkczfOTznfcSHswqWLQRfPtfm2nb7keanlsvvlE1dcrzRe
db7a0O7Ufvx3p9+Pdzh3NFxzudbU6dbZ3DWp61S3d/fZ6wHXL94IvXH1ZuTNrlvxt+7cnna75w7n
zvO7OXdf3Su6N3J/0QPCg9KHSg/LH2k9qv6H2T/qe5x7TvYG9LY/jn18v4/d9+KJ8Mnn/mVPaU/L
n+k+q31u/7xlIGig84+pf/S/yH8xMljyp/KflS9NXx77y+ev9qGkof5Xglejr1e90XhT89bxbetw
9PCjd7nvRt6XftD4sO+j68e2T4mfno3M+kz6vOWL2Zfmr2FfH4zmjo7mswQsyVEAgw1NTwfgdQ0A
tGR4dugEgKIgvXtJBJHeFyUI/CcsvZ9JBJ5canwAiF8EQDg8o1TBZgQxFfbio3ecD0AdHMabTITp
DvbSWFR4gyF8GB19ow0AqRmAL4LR0ZHto6Nf9kCydwE4UyC984mFCM/3O23EqLP/JfhR/gno8Gz+
GcRuRwAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAZ5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4
OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4w
Ij4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJk
Zi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAg
ICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAg
ICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MTk5ODwvZXhpZjpQaXhlbFhEaW1lbnNpb24+CiAgICAg
ICAgIDxleGlmOlBpeGVsWURpbWVuc2lvbj42ODg8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAg
ICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KhcfBxwAAABxp
RE9UAAAAAgAAAAAAAAFYAAAAKAAAAVgAAAFYAAJZIM68f6cAAEAASURBVHgB7J0JvL3F/McniYRK
adGuaCNUUpaQtGizVBRJ1miTXfztu7QIUZaQFJUlSUURRaGkpEW0F0mkVNb7P+/J95g7v3POPdu9
95x73/N63fuc8yyzvGee5zzf+cx8Z6GJRkhdhD//+c9dnOUpEpCABCQgAQlIQAISkIAEJCCBuU3g
QQ960NwuoKWTgAQkIAEJSEACEpCABCQgAQnMQwILKZzPw1q3yBKQgAQkIAEJSEACEpCABCTQNwGF
877ReaEEJCABCUhAAhKQgAQkIAEJSGBkCSicj2zVmDEJSEACEpCABCQgAQlIQAISGEUCCuejWCvm
SQISkIAEJCABCUhAAhKQgAQkMBgBhfPB+Hm1BCQgAQlIQAISkIAEJCABCcwzAgrn86zCLa4EJCAB
CUhAAhKQgAQkIAEJzAsCCufzopotpAQkIAEJSEACEpCABCQgAQkMi4DC+bBIGo8EJCABCUhAAhKQ
gAQkIAEJSGB0CCicj05dmBMJSEACEpCABCQgAQlIQAISGAMCCudjUElmUQISkIAEJCABCUhAAhKQ
gAQk0CMBhfMegXm6BCQgAQlIQAISkIAEJCABCcxvAgrn87v+Lb0EJCABCUhAAhKQgAQkIAEJzE0C
Cudzs14tlQQkIAEJSEACEpCABCQgAQlMEwGF82kCa7QSkIAEJCABCUhAAhKQgAQkIIFZJKBwPovw
TVoCEpCABCQgAQlIQAISkIAExo+Awvn41Zk5loAEJCABCUhAAhKQgAQkIAEJTEVA4XwqQh6XgAQk
IAEJSEACEpCABCQgAQkUBBTOCxh+lIAEJCABCUhAAhKQgAQkIAEJzBECCudzpCIthgQkIAEJSEAC
EpCABCQgAQnMDAGF85nhbCoSkIAEJCABCUhAAhKQgAQkIIGZJKBwPpO0TUsCEpCABCQgAQlIQAIS
kIAExp6AwvnYV6EFkIAEJCABCUhAAhKQgAQkIAEJLEBA4XwBJO6QgAQkIAEJSEACEpCABCQgAQm0
J6Bw3p6NRyQgAQlIQAISkIAEJCABCUhAAuNKQOF8XGvOfEtAAhKQgAQkIAEJSEACEpDArBBQOJ8V
7CYqAQlIQAISkIAEJCABCUhAAhKYVgIK59OK18glIAEJSEACEpCABCQgAQlIYK4RUDifazVqeSQg
AQlIQAISkIAEJCABCUhAAikpnNsKJCABCUhAAhKQgAQkIAEJSEACPRBQOO8BlqdKQAISkIAEJCAB
CUhAAhKQgATGhIDC+ZhUlNmUgAQkIAEJSEACEpCABCQggdEgoHA+GvVgLiQgAQlIQAISkIAEJCAB
CUhAAsMkoHA+TJrGJQEJSEACEpCABCQgAQlIQAJznoDC+ZyvYgsoAQlIQAISkIAEJCABCUhAAvOQ
gML5PKx0iywBCUhAAhKQgAQkIAEJSEAC/RNQOO+fnVdKQAISkIAEJCABCUhAAhKQgARGlYDC+ajW
jPmSgAQkIAEJSEACEpCABCQggZEkoHA+ktVipiQgAQlIQAISkIAEJCABCUhAAgMRaArn73rXuwaK
yIslIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACgxB4xzveMcjlfV+rcN43
Oi+UgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIIFhElA4HyZN45KABCQgAQlI
QAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQggbEjoHA+dlVmhiUgAQlIQAISkIAEJCABCUhA
AhKQgAQkIAEJSEACEpCABCQgAQlIYJgEFM6HSdO4JCABCUhAAhKQwIAE7rrrrnT77beniYmJdN/7
3jctscQSaaGFFuo71n/84x+Jvwc84AF9x8GF//nPf9K///3vHNff/va39Kc//Sldf/31aeONN06L
L754M+6bb745n7vMMsukhRdeuLl/FD9QjjvuuCNnbZFFFsnluPe97z2KWTVPEpCABCQgAQlIQAIS
kIAEJNAlAe3qLkEN4TTt6iFANAoJSGCkCCicj1R1mBkJSEACEpCABOYrgb///e/pzDPPTOedd94k
BIjSu+22W1p22WUn7e/05c9//nP67W9/my666KJ07bXXpvvf//5pv/32y0J8p+s6HTv++OPTJZdc
ssAp++67b1p66aXz/u9973vp7LPPzp/XXHPNtMsuu6R73eteC1wz2zvasSZf2267bdpwww1HMt+z
zc30JSABCUhAAhKQgAQkIAEJjDKBdraedvXwa60da1LSrh4+b2OUgARmjoDC+cyxNiUJSEACEpCA
BCTQkgAjtD/zmc8kBO9WgZnne++996SZ3a3Ou+aaa9LJJ5+c/vjHP+bDXLf11luntdZaKy222GKt
Lul631//+td0yy23pC9+8YvNaxDMyRfiOLPaP/3pTzfTRqzfZ5990v3ud7/m+aPwgZkHRx55ZGYN
n1133TWtsMIK6dxzz80DF8jj4x73uPSMZzxjoJn+o1BW8yABCUhAAhKQgAQkIAEJSGC+ENCunrma
1q6eOdamJAEJzDwBhfOZZ26KEpDAPCCAS2P+InTr+hdh6rbbbktLLbVUniEa18/UdrbTn6ly9ppO
XZ+IhKM4i7bXcnn+aBD417/+lcVoXJ/vvPPOafnll0833XRTOuGEExKGf4RtttkmC7rxvdwy0vu0
005LF1xwQXM34u/mm28+0CzzZmT//YBb84985CPN3cS/6aab5u/cJ5///OfzDHd2DGOWezOhIX3A
/T2z4s8555wc47Of/ez06Ec/On/m2FFHHdXMPzP0eRYbJCABCUhAAhKQgARmh0Bth2lXz049DCvV
uj61q4dF1nggoF09c+1Au3rmWJuSBCQwOwQUzmeHu6lKQAJzmADi88EHHzyphK94xSvyjMZJO6sv
rAt8+OGH573Mgtxrr73y2sbVadP2dbbTn7aCDRhxq/rsJGAOmJyXz0MCuD8/5ZRT0qte9apJ65Bf
eOGF6Rvf+EaTSLt295e//CV94QtfmDRbHbdoG220UfPaYX34zW9+k4455phmdC9+8YvTqquu2vzO
THfczbMW+hOe8IS02mqrNY+Nwod6VvwrX/nKPFAh8vad73yn6Sq/m+d2XOdWAhKQgAQkIAEJSGC4
BFrZYd28n822XTvb6Q+3FoYXW6v6bGffDC9VY5pPBLSrZ662tatnjrUpSUACs0NA4Xx2uJuqBCQw
xwmwtvDRRx/dLGU3Bv7FF1+cTjzxxOY1L3vZy9JKK63U/D7dH2Y7/XblYyQrouAWW2yRVlxxxXan
Tev+q666KuchEtHADxKdt8yWZjDIKLrr7pzzmT3KzAsMz0UXXXRSwueff3761re+1dzXqt3h2h0X
7+XM9B122CFtsMEGzeuG+aFcw5wZ5bhpH9QF/DDzN1VcdNgdccQRTV4lK541DGD42c9+lqPp5rk9
VXoel4AEJCABCUhAAhLon4B2df/s6iu1q2si4/Ndu7q7utKu7o7TMM7Srh4GReOQgARGmYDC+SjX
jnmTgATGlsCtt96aDjvssGb+uxFgfve7301aO7ieCdmMbJo+zHb67YrFusOnnnpq6oZhuzgG3Y/L
L9Zu/sMf/pCjaiVgDprGXLuejpmvfOUr6brrrhtIOIc9fyEq02nAbGbE2k6uGjGa41wE3kUWWWRK
xOU1uA28z33u00x3qovraxdffPGpLpny+E9+8pPsfj1OrJ8JlK9eF/2JT3xiHmQS1wxzW98Hj3jE
I9JOO+20wDrg1A/n4jmjXcC1PHwXWmihfArfY1/UdbtrB2HNOmyf+9znmuuwU088Wx7wgAekco02
9uMBYNTWZ2/HxP0SkIAEJCABCUhgLhLQrh5erWpXD4/lTMakXa1drV09k3ecaUlAAhK4h4DCuS1B
AhKQwDQQYK3ij33sY82YuxF9MYguu+yydOONN6ZVVlklPfzhD29ePxMfZjv9VmWEx3HHHZcPdcOw
VRzD2FcLhgrnnanSlr7//e+nH/7wh3md615mnDO7H3ffzKRGdL/++uvz/bD11lunb37zm83BC+Tg
RS96UXroQx+6QGaYmfK1r32tOasY4ZwZ2FdeeWVeO3zppZdOiNClmH7ppZemk08+uXlNRIo4vMkm
m2SRF8F2ySWXnCSmUtZf/epXk7xFcC3eIp7//Of3PRv7iiuuSF/+8pcjG6luc6R7/PHHp1//+tfN
czCouU8oL59DlG6eMOCHW265JX384x9vxsJs7cc85jH5ucXa57fffnuuH/L+oAc9KC83AWOuu+GG
G9Kdd96ZeDbCGtEfrxorrLBCdu1+9tlnN+N93vOel9ZZZ53m9/gwDNbcy8w4p41F4HlLXdFmzzvv
vLy75h3nupWABCQgAQlIQAISmDkC2tXDYa1dPRyOMx2LdrV2tXb1TN91picBCUjgHgIK57YECUhA
An0SwDURfwsvvHBei5wtwtGDH/zgLA61Es5xx1wHZs1iEDFLs5xBy4xXQn0N+zkPMeruu+/O6ZNm
iICIe4hDZYg0EItiJijXhLBG2q3Sr+MinzFLlE4M0ifuZZddthlXmS4zSBFAuY7zEPS6detcGvfE
yVrKuGonnjKQb/ICJ8qzxBJLTFonujy302fyifhHHMwyXWqppZplqoXzcO/MNYiBMCl5lunA4Lbb
bst82f/ABz5wgfy1q2PaE3kikJ9WI40pP/kgHdiQd9KIus0XF/+Ik3ZLO2qVl+LUlh8pC2Um0Obg
HW2PfdT1D37wg3TWWWfxNdc5Yi71Xp6XD7b496Mf/SidccYZLY4suIv2VK8LXl7P8a222iqdc845
WdBdZpllsmD6yEc+Mu24446ZEW2cdcQvuuiinADXvPSlL833VylcR+rlEgowP+GEExLrfhOe/exn
5/J+6Utfyt+33HLLvM53/tLlP+7Rn//8500Bl8t222239LCHPWxSDFdffXX6/Oc/P2lf+YVyPOc5
z0lrrLFGuXugzzBiQEIE3LRjyONZIBjEscc97nHpGc94RmZcr4vOOczo3n333dNJJ52Urr322rgs
b9daa62EeB7PQHYOk/V3v/vd3CYmJfrfL3Dbeeed02ojtjZ7q7y6TwISkIAEJCABCcwFAtrV2tXa
1drV2tXa1XPh98wySEACc4eAwvncqUtLIgEJzBABhMGYTVsnueqqq+ZZsBh+tXC+3HLL5dmaHCvD
y1/+8iz8loIUx/fbb78sLn3iE5/Iwmh5zZprrpmY1RkBQRURCmG5nhXKOYhBiLtl2syI3WWXXbKI
WwtiXEP6iIrlDFP245oZUZtZthFKd8fsQ2j+6U9/mk4//fQ4pbmFAyIzM+vJM8JbHVqVIc4J0Zrv
CG6IdsxeLcNTnvKUtOmmmy4gspfnxGeE6e985zvpkksuiV15S5n22GOPLFjXwvlGG22Uz4m1kPlC
OajLGBjANQjI5UzafFHjH/VEOWDBeYcccsikMpB/RGbWky5DKdqyv56VHOfSHhBaYbzddttl8ZR0
ELMRlsuAwInAWw9IKM/hMzO/TzzxxEltKM55+tOfngVihM5WbSnOq12Nx/56G/VPORBMCeuvv356
/OMfn5mUbb9kUro251rSo16Ylf3Vr361mQxtGPGcUArtfI9Z7AxIOPLII5sz3BGgGSCy4YYb5vbL
YIcvfOELeSY111Fnm222Wfr973+fPvWpT7ErtXNlng9W/+qBIuVhBo3wbInAM4i0r26I5xG4x5/5
zGfmgQEIwxGiPPG93y1pljPc4brXXns1B0OQl1LIr2eN0/7Kmd541PjnP/+ZcL+5xRZbTJqxXwvn
w2ZNXo466qhm3QUTGO6///7NMsV+txKQgAQkIAEJSEACwyegXa1drV09+b7Srtau1q6efE/4TQIS
kMBsEVA4ny3ypisBCYwtgRAGEVmYmcpM4Msvvzwde+yxTaEMMagWznFJjBiHqMasUmbC4j4agY9Q
in58D9fkiEsIlghrEUgb4RVxGrfUEV796ldnoZBZwYhYpVCOiPeoRz0qz/AMoRmX1czYRTRtl/5N
N92UBa9Igy3p4yK7FM8333zzLFZzHMGYPwKCJ3mFUbhdZz9xIJwjHtcBsRShFtfZUQbiYMYwwjT5
LmexhkDJNZ/97GdzdLX4VqfBd2Y3IObBI4RAZq+H8EkcDC6g3mKNc/Id/Oo4SwaI1Ayw4PyYFR1t
h+sQ5pmxS/0TH/VVuo/mHETa888/n485xMAMBOpyTXryjkhMPIcddlicnrfMOl5vvfXyAAPaEOkh
NpM+az2zbns5O3jSxf/9wiz1gw46KH/DmH/Sk56UvSswszrWfWe29aMf/ejMFGGbuiNQ/mc961lZ
jER4joEF+WCbfyUnTqF+mSFOueNei0vjPsHFO2JyhFIcZwBCDGCg/Ai+zJSH1+GHH96sz5LvX/7y
l3TooYdGdLkNc78S6OTDbfyFF16Yv1NG4mTL7PYQrmmzcU0+scM/1temTV9wwQXp6kIQ5xLyHIMA
+I7bc9pjGaK8dd6iXXcz27+Mr/5crv/NsXot9fL5UeeX82nbDAIiwAn2bLk3qNcPf/jD+Rj/YhAC
n+vyDIM1SwDQPqPtkk6EXuosrnErAQlIQAISkIAEJNA7gXjn5/1Ou/p/g9JLm1K7OuXB39rV2tXa
1fc8Y7Wre/+t8QoJSEAC/RBQOO+HmtdIQALzlgAizre+9a0sboUAiZhLQJi7+OKL05577pnF3lbC
OWs+n3nmmXnWdsx4DZiIOJ/85Cfja1M4ZwczomPtXToWED4RxGpxLwQnZlSG0Mv1zFBnBiju5EvB
mWPhBrpd+nVczBTFlTFCHLO9Q9APoRrRm5m6IXhH/LXwtu+++2YBnDy0CvWM33K2ch1XzDqmfso8
Pfe5z03rrrtuq+gXEORY4xhO5Tp6USZm3pc8EXKZ3duOAflAlEbgJCD6Il7X9RWiL+fUdcxsd9rW
ueeem0499VROyUIj64Uvuuiik2b/Rr2TbjkrOMTUUmSPQQa4ci/T7FQfZZsJkZ72X14frBBBy3LS
XvFewPndBMpQitJcU+aN+6yciQ9DPBhQPzHwoBSL6zZRiuMxsz3yxWAWZrUTanG6XPMaYZuBDhEY
SMCAAgbMxMAFyh0DJuK8brcMSMFVXRnKGdz1DHrSKteRL+ulPlbG2ctnxOYYlMJ1cV/zGcblDHgG
tjAohLYQgUEGuMRnoEwI1i95yUvy+vXRaRrnlmUdJmvEejx7xGAj6gzBn/0RaKcxsCL2uZWABCQg
AQlIQAISGC4B3h+1q7Wrtatfme3k0n7TrtauxgYmaFdnDP6TgAQkMCsEFM5nBbuJSkAC40zg29/+
dipddCOoMdMWkQjX4auvvnoW0ErhHNGXGbGnnXbapJmrJYdSsGV/O1G1FD5r98cYWfUMaeIqZ1GW
4h7HQhBsl34tnJdxlQZe5It4SvfuIXjX8YSoSx5ahfr8kkcpHNYCZZmn0uis0yjFXY5FPktRPkb7
13mZigHxlQJ2CIE1+7JMZb7LNbjrsiKQMgCiFIrb5YdR2dtvv32zU4p8hXCMcF4K1KUQynllKAdV
IEpHHso8R/0Tb9mWehVuGXjBjP8YeFHGW4vgiJzU2zXXXJNF2cjzrrvumqh7QlmffI/2zudaOI/B
E6TDYIUYrMK54fKcQRRf/OIXUxiz5IEZMtz/uP8OETbO59p+Qr0Od5nv+hgeAzhOIO9lvZI/BvPg
GWOQUM6kJ07awAMf+MAcZemRgB1x30R65Km8H9iPNwWWESCUojvfw3PGMFmzJAMDk6J+XvjCF+Yl
DFp51CjvJ/JjkIAEJCABCUhAAhIYPgHt6v95p2plV2lX75QbXWlHaFfvk+53v/t1dTNqV9+Dqbad
tavv8WjXbx+GdnVXt58nSUACc4CAwvkcqESLIAEJzCyB0iVxmTJiC27Ja+GwPIfP7dxil2Ij57UT
VUMcJ51aJIuZthwrZ0iXxkFtQEV+2rmXr0XjMq7SwI984Vq+FHVjNjjpfuYzn2nOCg6RkrK2CnW6
JQ9m9uO+nlALs2We6mNlOrVgVsaPYEf6rAtPqPMyFQP433nnndndPLPSl1xyycSMXVzMhSBMvGWa
Zb6DJfG0Es6ZcR4zNIgnZkrX7SFmQtedUlxTh1rsrI/jBp8y0cZYc5pZwqWwXOa5bMud6qBOg+/l
GuF8L70G4Fr/4IMPZncOuJtnXXmE7JhtXqdXz5RmFngsD0A5EFOjTmLwADOSjz766Ehmkqv4smxx
AssWMDCGgIcD1oynzgcJZb0TT9nm6vos10Cv7294hBv5fvPD/cAMewYGEWLwRcwoLz0acLzMD99p
N7hpD9E6BjzQluoBLKusskrC2wJxD4s198Upp5zSHPAUHhrIG+EXv/hFHmxwz7eUyoErsc+tBCQg
AQlIQAISkMBwCWhXb5P7BqDayhbUrt4l961oV38s33i1nTvV3ahdfQ8h7Wrt6qnuFY9LQAISaEVA
4bwVFfdJQAIS6EAAYQqhLtxwl6e2E6HLc/gc60GX+2uRqBtRletLIzuMKcTadsJ5LQIjeDJyG/Gw
nCUf6dfnlwJemXYpnJZrscVsWGYFMyM3Qswqje/1tk438sN5pXAYZY6R12We6mNlGqX4zv6YcV6e
E5/rvHTDgGsRc1mHHg8FiIWs7x0iLcfLMpX5LlmWhl5ZnlKsRIDENTZCcClQMvN6jTXWmNQWcEeP
i2rExBh8QV4Q41n3u12AwaWXXppnYiOArrPOOvl7nF/muWzLZZ7j3E7bUsSsZzbXLr2pB8pXttto
zwivlLGczRwDS7g/IjAggAEd7QJreT/1qU/Nbvk5p3bhzj6WL4Ar3iZwpzaMcHXlDj5EfeIu20rN
tx4QUh/vJ2/1gIUYqBFxlWvIk14t1Ndlieck7e+SSy7Js9EjrvLZOCzW3BcxmKcU7SNN2vYRRxzR
HHxRtqE4x60EJCABCUhAAhKQwHAJaFd3Fs55V9auXig3Ou3qBScMTHU3alffQ6i2RbWr7+HSTx+G
dvVUd53HJSCBuURA4Xwu1aZlkYAEZowAQssvf/nLPOu3TjTW9i3FPISmCy64oCnMcA3nxfrofC/F
Rr53I6pyXikih+DDDNF2wnn5ssv1IQK3S78f0Zj0MfJZ051Qi6wveMELstiYD7b5V6db8ijFtloY
7CQqlknVBlQp2JXn8bnOSzDjWJleKR4jllM3BGZGk3+4lDOmyzK1i6edcE68CNms6U54yEMeku6+
++6mMI84juhLh0sZN8Iuwibu3rsNuONifesQ/bfddtu00UYb5bXGWXOcUJa9bEt1/XRKE6G7dMUX
7RkRvK6DEGiZsUxbj1CKunUdw2OLLbbI9RCzpW+88cZ05JFHZn7MNIYhabFuOkI4YnsZ6gEXZVvg
POqYWe4rrbRST4zLNPhc1jtib7nudnnP17O/65k79fFIhxkslJW4w7NCHKu3l19+eTr22GObu2m3
yy67bH6e8QxjQEwMJIp2cPPNN+d2z4CWssOPSMILBfVdu5XHBTxtlvplrffwLMF1/bIu2w73Il4H
YqAN8RLKe6SekX7PGf6XgAQkIAEJSEACEhg2Ad7TtKsnv4vG+zTvxNrVC+VB6NrVvQnn2tX/e1Jp
V2tX/681+EkCEpBA9wQUzrtn5ZkSkIAEMgGEPUTD1VZbLSE+IeJ+4xvfaNJBVEKMKoVzxCAEawS6
CPXs137Wvy4FIeINF8P//ve/Jwnn5Zq9dTpxrN4fom6dRilelWJTaeDDBdH8Rz/6UV7vGNfYCJWs
iYxwe+973zswtN3W6YbYRtl+85vfpOOOOy5fi8CGEPaABzwgf2+Xpzqhury4iGZd6laCcp2XqRgg
MB922GHNJEOUr91SB2NObJfv0tCrRWiExRNOOCEvEbD22mtnwZFZ7Yi+zCCPcNJJJ+WBG/G9TJd9
zCjGuG4347zMW9luy/1l/bcTzuHYqe5Zj/zjH/9406V3ybkWb4NpLWTHunely3K4MUuectMB9aUv
fSntt99+2fX4Mccck7GwljpxdsofJ5aDNvge9w+fCSFcd/JgwHm0P8Ro2LPW93rrrcfuHKiL0rV4
ORiAExiswCxvQrkGPB1rpUt1jpcj6vlOqGfZ14N47jnrf//LGeXUP2U788wz0xVXXJFYcgEvBxFg
yL300Y9+NLvZp1187nOfawrrZfupXbhvsMEGCdH6kEMOyS74uV943kbol3U5WIi2QN3zjI7AM6XM
47Oe9az0mMc8Jg67lYAEJCABCUhAAhKYBgLa1VPPONeu1q6OfqWyL0C7+n8PJO3qRRZYGk27+n/t
w08SkIAE+iWgcN4vOa+TgATmLQFGOyO0bL/99lmEA8SFF17YFM+ZGcoMzkMPPbTJKES0UvDiYMyA
5XPtljiu4VgpUDJjkmMIpMzqPPzwwzklh9133z3Pkq2FXsS1HXfcMYvXpbtrxCNEfQTtdukTV+nG
uBSvynyFaE9GYtYw8SN4h/tqBEGEy5jte0+uW/+vy4B4+KhHPSodeOCBWQD9+te/3pzBH2sqEz8z
sC+77LIcaSvRMFLj3NKNN/txyY1wRx4Rv3HhjZi+1FJL9cQA4y0MXOIN4bNkz/5SwC5nEQdL8lEK
xtQ9IidcS9druGTH1VYEBNRSAGagQQjEnMNsaK7B+P7DH/6Qlx548pOfnDbeeOOIYtK2zBvXMFCB
OoQf1xPKNlYK5xyjfsgPdRP5Z38d6jYY9YrAyqzymPFeuvq+unJpjuC56aabZmEXkZtAnhHOH/vY
xybWL4fvZpttlk4++eRJAwo4d/31108MQlhxxRWbgzHYH4Hysi56BIRg8kkaPAdYe577mhn/1F+7
wKCSM844o3mYdsZa6YRyXXaEZwYDlPdMebxsKzW/VtfSNvAewLkRygEKsS+29X34sIc9LD9jTj/9
9Nx+b7/99kmz0Ynr/PPPTyussEIeVFAPIimfebfcckseKBFpwXDllVfOgzgoMy4Zh8Gaez2eSaQV
7SrSLQfRlPdYHHcrAQlIQAISkIAEJDB8AtrVOyQELoJ2dWsG2tV/mtSvoF294HNIuzol7eoF24V7
JCABCQxKQOF8UIJeLwEJzDsCYdQisCLgIWIyu5q/cIuM2BkutAHEuQiTCIDMbAwBkGMIRIieP/7x
j7PYxz7CTjvtlMVIxLdI854j97j+ftrTnpbOOuusZlylcFmLXVyHoIiYxUzWCCGYcX679BFdv/zl
L8clWVxFFGQW59e+9rUsRHIQARHxD0E/1hNuXlR9oLybb755Wn755asj//tK/IhmJSuORjmvvfba
PLuWfSEQIqKy/jwBAZTBDaXgmA8U/xDmytmyHMLlOTO2mclM/W699dbpyiuv7IoBotsee+yRhb9S
OC+SXOAjdYBgykxhxF0CwjbtAnfS0bbYT1vDzT3iIgIt7v/bBWb5Iw4jAtcDCuprmCHMoItSbC/P
qWesl8fKzwifDMSgHMwcr0M56KI+xvdzzz03r6Eex6g/1jBH9Ayht65XhNuDDjooLmluYUX5MaSD
KwdZi3yXXXbJ7aIcfNC8sPhAW8O1+5JLLtnci/BMG6OttQqwfOELX9hcE73VOez7+c9/noX7OA47
6pxZ9+EWHZGZ+6Ruw9RnuDjnupe85CV5sA75ok0TaEMMHCk9D7C/nH3Nd0I8B+75Nvl/q2cJZ8SM
/3JgR1wZs9Kpg9ojQDlAoDbwuZ7yhAeJYbEm3tLbA2kwU57nIYOP8F4Rz5lyMAvXGSQgAQlIQAIS
kIAEpodA2Lja1drVdd+CdrV2tXb1PX1sTJrRrp6e3yBjlYAEJNCJgMJ5Jzoek4AEJNCCACIegg/r
PpeCHDMxcfGLi+hWoulzn/vcdNttt6XTTjttUqyIOAjRCGF1CBfK0anAcV6aEfRK0RSBd8stt2wK
n7XYRRqsRVyKfaWIWboDL/OASFvOVI5juJbGxTSibhkYOIBYx0ztmIlcHq8/77vvvs3Z6PUxvtcz
tCk3YmqIgaSBq/IQCyMOxG5mT3ea8RvnMoqdQQ51flnHmxnK9Sj3uK4TA0Toc845Z9JACGYwky+E
XFxcE+gQgBdtqi4DZeXvq1/9aiSZt9Ql4jTeC0hjqoAYyxrziJAI08wULgOcaH+LLLJIuXvSZ2aQ
M+CjbO/wwVNBuMznAmbWb7LJJlmoZ4AG4nAE0kAIblcnrTwAxLWxjTqp4wiX9XEejOCKpwBc5ke+
Ec0ZkBJretcuy+P6cktcIeTGfsRtZsiQbhnwWPCkJz2peR+Wx+rP7eLgPOqLgTYM4mgXcNuIu3Rc
w9eBeqBea8Gd8+DM0hKsJRkB7wMMPmkXfvazn+XyxvGdd945t02+8xxkgEswZlAMojoDaAjl+uaw
xCMHWwLPSp4V0fa5R4i7HKjQjlMvrHNijX8MsmCWP54B6sCADAYj0aYNEpCABCQgAQlIQALTT0C7
OuUlm7Sr2/ctaFffs4SXdnX751E7e5ErtKv/NwGgHSft6vZtyyMSkMD8JqBwPr/r39JLQAJ9EGBm
YqwFjViEgIVAVYo9fUTb8ZJSOA/XzAhWCE+IgAiwZaiF81izl1mXHEO4YjbzdIWpZvJGut3M7uQF
nz9mQ9fljHioE9znE1jrPIT1ON7NlkENUZfEEeJqN9e2O4f2Qd7JT6zBjoCNGE/8iHS1CNwurnp/
7TK8Ph7f69nEtJkQORE3u2UFXxgRSj6IkXBrFRfpkB5phJAa+aq39XrXT3jCExJ/tPO4vzrVCWnB
lj/SioEA8Cd/zGJgyQB4852OuhjAwCASRFu8K8Ta4WX+GPSy7rrrlrvyZzq5CLBhQMtUZcwnV/+i
3dG+YUWb6CUe+HNfI4jDqV7fvkoufyW/uNnHawNMELMXXnjhVqc295EO1/HsCLZxkP0cpwzRzuPY
VFvqC47kvdP9MAzWkRfaCvklr2x5nvfCPOJxKwEJSEACEpCABCTQPwHt6qnZaVffw4j3d+1q7epO
d4x2tXZ1p/bhMQlIQAK9ElA475WY50tAAhKYBQKlcM4sZGbNdhJca+G8nF0+3dkvXSIz23m11VbL
Yib55Q/RmFnidJSw/jkupQ29ESjrF9eGMbseERIBko4FZvoyI7oWzntLaebOxhsC7uojMGMcLw7T
EcoOKO4lBqNEgCEzknFPHyHWqI/v477lHmU5BdpJeLUY9zKZfwlIQAISkIAEJCABCUxFQLt6KkLz
67h29WD1rV2tXT1YC/JqCUhAAqNLQOF8dOvGnElAAhJoEigNfNYPxlV3pxmizAA98sgjm+7HceWO
gDoTgZmhRxxxRJ7ZznpM5LcMzKrF7TfiHTNdY/Z+eY6fOxOA8cEHH5xPauVmm9nHzJzGlTvu7VZf
ffXOEY7AUVzPx2xvZm9PV9uATbk+fCvhmPvnU5/6VNOF+Fwa4HHjjTfm2fYMXGFtdNaOM0hAAhKQ
gAQkIAEJSGA+ENCung+13H0Ztau7Z1WfqV2tXV23Cb9LQAISmEsEFM7nUm1aFglIYM4RwBi57LLL
0sknn9x0r00hn9pYS5k1eVuJzgjTrIH13e9+dxKP5zznOXkdY0TJ6Qy4UEO0R5gjMBt65ZVXzq6y
b7755rzONvt32WWXtPbaa/PR0CMB2sU3v/nN5lrNuBFn/W5mm7Me+VlnnZVjZF1x3J2zf5RDOdKf
fCLm7rHHHtOW74svvjideOKJGQmz2lk7PQZ44Mb9oosuyuI6J2ywwQZp++237+jhIUc04v+YXU67
+OlPf5rXJ2cgTaw1PuJZN3sSkIAEJCABCUhAAhIYiIB29UD45uzF2tWDVa129SPyBBXt6sHakVdL
QAISGEUCCuejWCvmSQISkMB/CeA2+txzz81rMpdQ7r777rTqqqu2FJ5ZK5qZxvV60KwVzczzZZZZ
poxqWj4zY5eZrb///e/z+sWIkRilSy21VFp++eXz33QL+NNSsBGL9I9//GPmjFjOGt5wZh34FVZY
IT3kIQ/peb3p2Sge7uTPOOOM5kCLyANLEmy44YbTMlue+4oZ7meeeWYkl9cop33edNNNeR/tE0F9
vfXWG3vRnALhfp7y7rjjjvnZ0Sy4HyQgAQlIQAISkIAEJDDHCWhXz/EKHrB42tX9AdSuXrU/cF4l
AQlIQAIjT0DhfOSryAxKQAISkIAE5i6Bq666Kov/iyyyyKRCMjhkpZVWmhbhPBLCO8Ktt96alw1g
1jt/iy22WB7gwQCTUZ+pH+VwKwEJSEACEpCABCQgAQlIQALzl4B29fyte0suAQlIQALDJzDrwvlU
RQpXv1Od53EJSEACEpCABCQgAQlIQAISkMBcJhBLi8zlMlo2CUhAAhKQgAQkIAEJSEACEpDAfCOw
UMNl70Q3hVY474aS50hAAhKQgAQkIAEJSEACEpDAXCegcD7Xa9jySUACEpCABCQgAQlIQAISkMB8
JKBwPh9r3TJLQAISkIAEJCABCUhAAhKQQN8EFM77RueFEpCABCQgAQlIQAISkIAEJCCBkSWgcD6y
VWPGJCABCUhAAhKQgAQkIAEJSGAUCSicj2KtmCcJSEACEpCABCQgAQlIQAISkMBgBBTOB+Pn1RKQ
gAQkIAEJSEACEpCABCQwzwgonM+zCre4EpCABCQgAQlIQAISkIAEJDAvCCicz4tqtpASkIAEJCAB
CUhAAhKQgAQkMCwCCufDImk8EpCABCQgAQlIQAISkIAEJCCB0SGgcD46dWFOJCABCUhAAhKQgAQk
IAEJSGAMCCicj0ElmUUJSEACEpCABCQgAQlIQAISkECPBBTOewTm6RKQgAQkIAEJSEACEpCABCQw
vwkonM/v+rf0EpCABCQgAQlIQAISkIAEJDA3CSicz816tVQSkIAEJCABCUhAAhKQgAQkME0EFM6n
CazRSkACEpCABCQgAQlIQAISkIAEZpGAwvkswjdpCUhAAhKQgAQkIAEJSEACEhg/Agrn41dn5lgC
EpCABCQgAQlIQAISkIAEJDAVAYXzqQh5XAISkIAEJCABCUhAAhKQgAQkUBBQOC9g+FECEpCABCQg
AQlIQAISkIAEJDBHCCicz5GKtBgSkIAEJCABCUhAAhKQgAQkMDMEFM5nhrOpSEACEpCABCQgAQlI
QAISkIAEZpKAwvlM0jYtCUhAAhKQgAQkIAEJSEACEhh7AgrnY1+FFkACEpCABCQgAQlIQAISkIAE
JLAAAYXzBZC4QwISkIAEJCABCUhAAhKQgAQk0J6Awnl7Nh6RgAQkIAEJSEACEpCABCQgAQmMKwGF
83GtOfMtAQlIQAISkIAEJCABCUhAArNCQOF8VrCbqAQkIAEJSEACEpCABCQgAQlIYFoJKJxPK14j
l4AEJCABCUhAAhKQgAQkIIG5RkDhfK7VqOWRgAQkIAEJSEACEpCABCQgAQmkpHBuK5CABCQgAQlI
QAISkIAEJCABCfRAQOG8B1ieKgEJSEACEpCABCQgAQlIQAISGBMCCudjUlFmUwISkIAEJCABCUhA
AhKQgARGg4DC+WjUg7mQgAQkIAEJSEACEpCABCQgAQkMk4DC+TBpGpcEJCABCUhAAhKQgAQkIAEJ
zHkCCudzvootoAQkIAEJSEACEpCABCQgAQnMQwIK5/Ow0i2yBCQgAQlIQAISkIAEJCABCfRPQOG8
f3ZeKQEJSEACEpCABCQgAQlIQAISGFUCCuejWjPmSwISkIAEJCABCUhAAhKQgARGkoDC+UhWi5mS
gAQkIAEJSEACEpCABCQgAQkMREDhfCB8XiwBCUhAAhKQgAQkIAEJSEAC842Awvl8q3HLKwEJSEAC
EpCABCQgAQlIQALzgYDC+XyoZcsoAQlIQAISkIAEJCABCUhAAkMjoHA+NJRGJAEJSEACEpCABCQg
AQlIQAISGBkCCucjUxVmRAISkIAEJCABCUhAAhKQgATGgYDC+TjUknmUgAQkIAEJSEACEpCABCQg
AQn0RkDhvDdeni0BCUhAAhKQgAQkIAEJSEAC85yAwvk8bwAWXwISkIAEJCABCUhAAhKQgATmJAGF
8zlZrRZKAhKQgAQkIAEJSEACEpCABKaLgML5dJE1XglIQAISkIAEJCABCUhAAhKQwOwRUDifPfam
LAEJSEACEpCABCQgAQlIQAJjSEDhfAwrzSxLQAISkIAEJCABCUhAAhKQgASmIKBwPgUgD0tAAhKQ
gAQkIAEJSEACEpCABEoCCuclDT9LQAISkIAEJCABCUhAAhKQgATmBgGF87lRj5ZCAhKQgAQkIAEJ
SEACEpCABGaIgML5DIE2GQlIQAISkIAEJCABCUhAAhKQwAwSUDifQdgmJQEJSEACEpCABCQgAQlI
QALjT0DhfPzr0BJIQAISkIAEJCABCUhAAhKQgARqAgrnNRG/TyJw3nnnpSuuuCJtsskm6eEPf/ik
Y34ZLQLXXHNNOuuss3I9Pf7xjx+tzI1BbiYmJtK3v/3tdMcdd6Stttoq2Rk6BpVmFiUgAQlIQAIS
kMAsEfBdcZbAj2my55xzTrr00kvTpptumtZaa60xLcX8yPZVV12Vvve976W1114719f8KPXwSold
/Y1vfCPdfvvtabvttktLLbXU8CI3JglIQAISkIAEJCABCcwAgYGF8wsvvDD9+Mc/zmLTQgstlNZc
c830zGc+cwaybhLTTeDuu+9Om222Wbr88svTe97znrT33ntPd5LGPwCBN7/5zenII49MiOYnnXRS
WnjhhbuO7fe//3165StfmcXiu+66K6277rrpbW97W+Keni/hd7/7XXrsYx+bi3vaaaeljTbaaL4U
3XJKQAISkIAEJCABCfRIYNjC+fnnn59++MMfZrGJd/B11lkn7bTTTj3mytNHkQB29YYbbph+/etf
p4985CPpda973Shm0zz9l8B+++2XPvaxj2XR/Pvf/35PdvVNN92Udtttt7T00kunO++8M6233nrp
/e9//7yyq6+88srmpIuf/OQneRKGjUsCEpCABCQgAQlIQALjRKBv4fyWW25Je+21Vx6JWxYY0e5b
3/pWute97lXuHovPCMTHHntsHgiw+OKLp4c97GHpMY95TJ7Fi4j2kpe8ZCzKMaxM/utf/0rPec5z
0tlnn50+/OEPp5e97GUdo2Zm+nvf+9708pe/fGRHZt9www3p+OOPTz/96U/Tfe9737T88svnvP75
z39OiMevetWr0mKLLdaxnKN68NBDD03vfve709Zbb52OPvrongz88CoQZesnjrh2NreDtME//OEP
uYOS/J9xxhlp/fXXn82imLYEJCABCUhAAhKQwAgTGJZw/sc//jG96EUvSt/5zncmlZaZyT/4wQ/G
0q5mZvXnP//5PBBgiSWWyIPrGaDKLF76C7C55lPArt5iiy1yfX784x+fckD6ZZddlt7ylrekfffd
Nw9kH0VW1113XTrmmGNy38miiy6aHvKQh6SnPe1p6dZbb0033nhjes1rXjO2dvUHP/jBdMABB6Tt
t98+ff3rX+/JrqbuGPQSoZ844trZ3A7SBulXoT0QfvaznzUHp89meUxbAhKQgAQkIAEJSEACvRDo
SzjHJfSWW26ZMPIJBx54YH4Zvt/97pdH1jK6dpwCrqQOPvjg9L73va9ttsdVSGxboC4OwOUTn/hE
7vBgNjKGcKdwwgknpFe84hVdieyd4pmuY4jJr371qztGP86CKW7Gv/CFL+TOFeqr19niDB5gkAQd
d8961rPSZz7zmbHrqBukDf71r39N//d//5cYFPSBD3wgrbrqqh3bigclIAEJSEACEpCABOYvgWEI
57iEZkmsm2++OYPE9uI7A3kf/OAH579xIoz9yOxa3qnbhXEVEtuVp5v9cDnooIPSmWeemfbff//c
l9Lpui9/+cvpBS94QepGZO8Uz3Qdw05ksHynMM6CKW7G8eRGnxf9B73a1QweYNDLjjvumJ773Ofm
yRnjNrFkkDaIXc3ACfoLP/rRj6aHPvShnZqKxyQgAQlIQAISkIAEJDByBHoWzv/5z3+mZzzjGemC
Cy5IK6ywQsKl8YorrjhyBeslQz//+c+bxiszppllzSAA3NAjBPPCP65CYi8cBj33m9/8Znrxi188
ksL54Ycf3uzAwchnlgOzH5gNsc8++6Srr746F3+chfNB64/rr7322uxlgYEiX/rSl8ZOOB/lNjiM
+jEOCUhAAhKQgAQkIIHRIDCocI5d/cQnPjHPyFxppZUSLo3ZjnM477zzmm6ZGZi+yy67ZLsaN/TP
f/7z8wCBcRUSZ7JeGAy88847j6Rwfsghh6TXvva1GQd2NALpkksumX71q1/lvgCWvyKMs3CeCzDg
P/oXEIwZKIIQP27C+Si3wQGrxsslIAEJSEACEpCABCQwJYGehXNGziIsL7PMMnnE9LiL5hB617ve
lUfCvv3tb88jwEtqDBB4+tOfnstLRwBGYRmYfX/cccelU089tbmbWQLM2l177bWb+8oPf//73xOz
g7/61a8m3EOzFvXGG2+cttlmm2xg3n777ekNb3hDwuUZLrJwaYehhVvxZz/72XnEM9edeOKJaZFF
Fkl0ulAP5dry5Is04jjXUm+4zSK/p5xySr4OV/RvfOMbm660yCdrrzEaHlfmhDvuuCOvr7fyyivn
7+3+4Y4PI5rBB7jxxyUd4T//+U+6z33u07zsL3/5Sx51TbkZvU3+l1pqqZzGve9975w2eYj02T7v
ec9rfm9G1OWH3/72t831qlu5nGemB2vOEVjD7NGPfvSkmOnEgvUll1ySHvjAB+a6QFjGCC69KzCT
AFdurGtGwL3i3/72t/TJT34y4cqOc3H3Tz23Cn/605/yMge0pWgXxEHdMuKdddZoJ2Xgmq985Su5
ntlP23rc4x6X/8rzWn2mXL/4xS9y/bA0AdfR5jbYYIPs7r2VcN5Lex+kDd52223p9NNPT+eee266
+OKLcxuhvTDzgk63aBt1ubptg+V1pPOb3/ym2UZpj9QTLDoF1m6jXTDYgucC7RyG3Gcs81AGysEA
HQLPBWazM1ODJQMoFx2IPDNalaufdlGm7WcJSEACEpCABCQggeETGFQ4x8bDffeyyy6b3xOnsrWG
X4Lhx/jmN785fehDH8rem/hcBoRU3pUpLzZuzQ+bDO9ZLPsW4UlPelIeyP6IRzwidk3aYvtgf2G3
YIPxXs012MXYOsx8xcbnvR5bDnf42NVMAMC+xBbFPmZ2LfbqP/7xj7TKKqtMWluefJFGHOdaBgSQ
Hvll4C7X4Yr+He94R447Mokdw0SDsCuw87FlpvJsdcQRRyQ8iDFLHfu6nV2NxzDyEHY1+cBTAWlg
V2PnXHTRRc30sTV23333ljZH5LnTFptpzTXXzKe0mg2P3R12EIMlsCvL8KMf/Sj3A5An7E/qApua
mdnkOwJ2NTYuy6wR8HxHnwSiPTYmfVEMhC/7P+JatngQw06jLUW7IA7uscMOOyx97nOfy4NW6mu+
+MUvNm1C1qV/whOekP/K81p9ply0b+xBBuczIIY6X2ONNdoK572090HaIH0v9AvhWY6JIbQR2gv2
LpMeWtmflLHbNljyIB3u7YgTu5p6ivZfnlt+Zrk17kHuFZ4LcIQ991m0tzifcmBbE3gurL766nmA
yY9//ONcrhe+8IX5mRF5iOvY9tMuyuv9LAEJSEACEpCABCQwfwj0JJxjwPByfdJJJ2UDFLdVGCIY
nAizvbqwGhXMiNSf/exns8CJAV0Gysxo+Qc84AHZHVk5UphruLZdQEDGUCi5MKOX2etX/3eGc6tr
MQRDpMeAYCQ3odzPOt177rln83LWiqNeMIII5XV8J83ddtttUicA+wkhdN/zLSU6ORBqy0DHTm34
chxjFiM03PaX15SfEROJE34YUxhCZUCQxpBDgGR0PcJ9GTDC686V8ninzzEwAtEZ45lOhDJEu0Y0
x+CKwSB0tOBxgA6HdoFBCLhwIyCSd9PhRWdS7doOjuutt167ZPL+VtcxAIJ6LUOrwQHlcTqHYEzn
UbvQysNCr+293zZIJwWdiO3yRz3S1hkUQuinDUa5Meaf/OQnp8svvzx2TbrPmjuLD/FM6LS0Ax10
++23X27vnN+qTRdR5o8MxqCzpmyf/baLOm6/S0ACEpCABCQgAQkMl0C/tgm5iPdDxD2WCHrTm96U
14XGbmRt4NJ+HG6upze2vffeO+Hpi3daBKwyUGbcuGP3Yd+WdjXXcG27gIDMzOaSC/b05ptvnmKG
c6trS5GeAbb0ZRDK/azTXdpTDFzGLgy7uryOaxnw+tKXvjRttdVWfJ0U6DcgnxGwBxj8XAYGzm60
0Ublrvz5+uuvz4O5w23/Aif8dwdiInmGH/bSIx/5yEmnwhc2tE88BSJGloFBuQxa7yfEwAiEYSZU
lHYL8UW7xn4mb2EbY1cj5iOstgsnn3xy2nbbbfNh7Gr6X6YKsI2+kjgXjpFu7Ku3ra5jAAQ2cBla
DQ4oj9MXhg3HQIB2oZWHhV7be79tELsa27ld/qhH2nrY1f20wSg3djWTMpgAEaG8z2JfuY1nQqel
HXg+MtGD9s75rdp0GSefGYzxta99bVL77Ldd1HH7XQISkIAEJCABCUhgfhDoSTjHgGH2dYhMCLkh
mPIZd05TiX+jiBVBkj/KELN6MdTCWG6VZ4y+6AzA0N53332zgQYP1qYL4RkjZ4cddshR1PwwAHip
Z0Qtxm9cUwrkjIrF0Hn961+fhdkQ1O+88848W5hR9hzDSCnXpGY0O27IGZFdCuxkhAEPiN2UgTQZ
pU4+ImBMY/AwMphOCgzfdi7M+xEtGeWMSE4+aEuUF0E7RhMj7L7lLW/JLs04xohwhPayoyTyOtUW
Y3G77bbLSwtgoNLR0CogzMOZzhdGv2OUUb8I0wRmDzCogvUGyTOdIHEflGyYhYyYTqcJgcEGdBDR
cUEbw4BjlgIzIOjUiEAZqUdGzXM+A1GoQ84PV3itBHHqn5nMdFrQNt75znd2dJVft0EGfjDzg7KU
BmstnPfT3vttgyGcM8iEdkBnBAMq4Pyyl70sI6MDKDqc+mmDwZ0tdX/jjTfm2QXMwCDEfZa/VP+i
rthNfZFHOjjpOIk65lhZX7RpZiLEvUjd0x55XuJ5gjon/PCHP5zU+RVp9doucmT+k4AEJCABCUhA
AhKYNgKDCOe8k/MOHiITAlMIpnzmXRf7btwCtgiDlikD77EIc7z3drKrcWONVzUCs2CxkZmRjQcu
bNEQnulrYGYyoebHoFWOYVeTblxTCnfY6XjbYmA7s5dj1jt2NbOFsas4xszxY489tinsY9Mwc5xZ
v6XATj4Y8ICAzox00mQgBAPGI2DLcy3LwDFYHZuqnQvzfkRL7GpsQQZl05Yo71lnndX0fId9wprq
2BscY8ug4X7taq4l//QfhN0UZY0ts9Lx2ofAGXY19YswTfjgBz+Yr73//e+fxXXsu7gPSjbMQiad
sJOw/Q499NDsxY12hs3N0gZcW9rVeHvD+x0DlzkfOw3hnvOZxU9oJYhT/8xkxq4+55xzct22Oi9H
0PhXt8G3ve1tub2Tn7DfObcWzvtp7/22wRDOabu0P/p8eG7h4W7XXXfNRaFfAo+JhH7aYL7wv/+o
e+LAO0PcB3GflefF56grvlNf73nPe/IkBuz7qGOOlfVAm2aSRdyL1D0DdXhe4nmCeiDQ31R6Eoy0
em0XOTL/SUACEpCABCQgAQnMOwI9CechaJUzQXGPVH5nxm47F+WjSjfWda7zh7iMsMVLfzkgoOSA
scxfHWKW82qrrZYNL4zlcgYugmwYKHFtzOgthXOOMXqXvNCZUgt6cezhD3/4JOE84izLhlGBMU9n
QAQMxFZurOI47uxwj12Kw3Estv/+979zxwJxM0M7BMN2LuXiuliPmvJinIZ7NkRrBiLAK+KKa3rd
lkJxLUp2iov8xGDCr5zQAABAAElEQVQCOk7qGQXEi5hJp0A9UziYwRnhO0bL4yaNEd902pT3yVTl
ZTQ/bfDTn/50s7OoVd6jrjsx+9SnPpWFXtoCs7ZLY5JBFnRqMEOBMoWr9n7be+Qx8sX3XtsgnUGk
T6DjJQa51GXstw3miIt/3Le0u/o+i1PowFtnnXXyVwZPMKCi7HiiLjHy6Tir23VwgAHGPq77COUg
DQa/RCfDsNpFTsR/EpCABCQgAQlIQAJDJTCIcM77bT0T9FGPetSkmaGsGd3ORflQCzLEyLAjWNe5
DthSCFsMYi4HBJQceIfm3boOMcsZl8wwwa4uZ+AyOBX37GWIGb2lcM5xbGdsNAa11oJeHKMvoxTO
I96ybLzPf/e73520jNZUdjW2F/ZjKQ5H3LENm4b0scFDMJzKro71qCkvjLBDCNgTDEaAV8QVafW6
LYXiWpTsFBdC/lOf+tR8CoPlGdReBuLdbLPNMhfs73KmcDCj3wTeYVfjop56on+Evqh11103RzlV
eWN5BOy9EI7LvMTnqOtOzD760Y/mQQm0Bez10jsfQjUTTvCGQJlijfN+23udL7732gaxq++6664c
Fe7ksXu55+oy9tsGI4+x5b496qijFrjP4jj3IIMaCAyWYUBFbVfTz3bggQfmQR9lu476gQFLAtAX
RqD+Y5AG91BMmhhWu8iJ+E8CEpCABCQgAQlIYF4Q6Ek4Z2ZmzPLkJRWjhrWhGRG600475VmrzFRF
4Os0qnwUyVIGxK6Y9V3nkZGr4Xat5IDLMUZTYyhHwNUVwitxhQiOccIMa8RItq06BRghj4s6RDsM
TBgTMLBwXd1KOI9j7YTzyCtxIeiGURl5nWob4nYn4TziiHNrUTOO19vIO8Yus51jZDbGD+UNdvW6
8nU8nb6XafQinMcgB1zgU67aDR1pIppjENf5DA4Y0+GVgPMx2KIN1DwjPc7DQwH3FW2GtsTgi+WW
Wy6v38XxdiHquh1/0p9qQEKI9KVwHvGSbrftvayzuL6XNsjId9yysYZZq9CujMG+3fFWcZX7MPCZ
MdJOOMeLAzNnqPNysEcZBwMkGOiCQV/OjA8O9Wx+rqWzqxx0EvENo11EXG4lIAEJSEACEpCABIZH
YBDhvFwrmndkBD1moDNbE5GZWavMVOVdcNzsasrAu3jM+q6JM4P4gAMOyLtLDnvssUcWlrHfIjBz
FfuEuEIEx85ghjWDzhHWENzqgF1NfLyvI/KWdjUDFloJ56TLsXbCeeSVuIi3HFhfp9/qe4jbnYTz
uC7OrUXNOF5vI+94UGM5KTxiEXALT5mC3SBttkyjF+Ec0R4X+bjAZ/BwK7saJrT/Op/Bgf6l8DxG
ubBrow3UPCM9zsMLAeWnzdCWGHyBWBvrsHNOqxB13Y7/VEIscYZIXwrnES/Hu23vZZ3F9b20QQaW
4JGB+6hVaFfGYN/ueKu4yn0MMmed+nqASpyDEM49VA/2iONsGSDBQBcGIJQz44NDPZufa3hmloNO
2EcYRru4Jyb/S0ACEpCABCQgAQnMBwI9CecYmE95ylPyjNl6Xexhip2zCZ6RuLfeemvCrRozcCln
uOSOWcIhgHWTz1JURZRDTO/kMrxVnBipgwrnMWO5HMXbKq16XwiRtdBbn8f3OLcX0TJmZ8MJYRvD
KVyk18JzqzSn2lfOOMeIQhCeKpQCc6c80KHF7AaE7XKgQycO0QZqnriPwxU8gm27MFX+o12241+y
wE0ggwLqELOi2wnn9fn197K9x7HIV7dtEKM2BlEQB0IzHQa4OcQVIaFdGTuxzxdO8W8q4ZwOBATu
VuJ3RA1nOoYQzumoiJlCwaFkG9e0y/cw2kWk4VYCEpCABCQgAQlIYHgESkGr11hxN8zMawZG1+ti
D1Ps7DVfwzwfu5olwCgjM3Df+ta3Nl1yxyzhEMC6SbcUVWPt8E4uw1vFGeLvIMI5s1ixy3q1q0OI
rIXeVvmMc3sRLWN2Npx++ctf5oHXMfu2Fp5bpTnVPmycWF6AtMI7W6frSoG5Ux6w8/C4gLBdDnTo
xCHaQM0T+2mbbbbJgxva5W2q/Ee7bMe/ZEEfBrZfHbAF8b7QTjivz6+/l+09jkW+um2DRxxxRNM9
PXEgNLO+PYxxS09oV8ZO7POFU/ybSjgPgbuV+B1Rw5l2gXBOm+YzITiUbOOadvkeRruINNxKQAIS
kIAEJCABCcx9Aj0J5yHgYujiZouZlxEY3YwLrlbCWZzDFtdPiHME1i67173ulT/P1j9csiHUIn4y
Orse0c9MckQyBM3jjz8+r4HNelvhZp31lFizmlHtrQKjgVm7G8Oa9aQZGd9O9Gt1PfuCe6sZ5wj8
1AN/5RrnEVcnsS7O6bQNQa8WeltdE+d2Epvr6yhbrEEOF8RcDE+YMlAB99yDBIx1RrhjHHcSO+s0
Ym1pRrLXbsPi3GgHdZsPDq3quZ1wzn2BMYeBzejr2267LSdDpxrrcRHqdPLO4l/Udat0Oa1kjbs4
1qirQ5SpFHdjH+f20t4j7shXGWccq7fkEVd9DFbBywMzC2KGCOeyLh9r07UrY7DvpQ2WeZhKOA8v
AzwvmGmCq8g6lGUo75tOHCLfdbmG0S7q/PldAhKQgAQkIAEJSGBwAoMI57wvMhMWG5qZoAxOj8A6
3Lh9biWcxTlseU/EdiAg0I2CXY1Qi/h5yCGHtLSrN9988/wOzeBpbANmo8YySHizY83qdnY1diGz
wbGr8dLGYPR2ol+G0uJfcG8lnLOc1iMf+cjcp9HKVXsnsa5FUgvsCkGvFnoXOLGxI87tJDbX11G2
WIMcLtjULMsFU/pvhmFXsz40y7N1EjvrfMXa0vvss0867LDDcv3V50Q7qNt8cGhVz+2Ec+4LbGnE
VgRivIERbrzxxtwu+Vynw74yRF23SpfzStbYe3gbq0OUqRR3Yx/n9tLeI+7IVxlnHKu35BEvdgz2
x8sD/Eu7Gk+I9IO1K2Ow76UNlnmYSjjnPmAgRrkEQ3k9n8sylPdNJw6R77pcw2gXdf78LgEJSEAC
EpCABCQwdwn0JJwjMuOWHPGItZIxmCIwShiDv5O4x4jRWBea63CR9f3vfz/d//73j2hmfEuecLeN
UBczyutMhNgZM35Z5xijFOO6nQBJHIyy5y/W4irXPS9nKEd6iLwYUBh5uNRedNFF8yEMhnYzzhHv
MJzaicIh1rU7Hmm324agVwqAU51bul0vz73zzjvTYostVu7Kn1mvjNnWZehX+CzjiM/UEWu7ETCk
Whm2eBmgjAj3dC5EuTEuGUXOII86lPVZiqhxbS2Ccn20pZon++mgYYDG8ssvPympmAXe6d7igqjr
VulGhBiwGMl01DH4pXSVV860L9tLv+090ox8lXHGsXob57L/yiuvzCPi4xzyF94I2pUx2PfaBiON
qYRz7k3cxRHieRDXxja8KPCdGUPhCjDK1opD5Lsu1zDaReTLrQQkIAEJSEACEpDA8AgMIpxjVzPw
GTHo6KOPTrvttlszY4h966+/fkdxDxs21oXmQgZqY6PPtl0dM5JjRnmzUP/9EGJnzPhFwEbcZYB4
OwGSS2u7mnfkD33oQwvMUI70sBuOO+64bE8weL20q7GDWgnnsRZ3O1E4xLp2xyPtdtsQ9EoBcKpz
S7fr5bnt7OpTTjklbbvttuWpeXD9S1/60kn7+v3CRILoA2JJqi233HKBqPAycOqpp2bhfpVVVmkO
AsCuZtYwgzzqUNYng8hjcHIwq0VQro+2VPNkPx7M6N+JNbQjPQaakP6gwjnxMcCbSRHcxwx+qe3q
WFu+bC/9tvfIfy9tMM7lWiZbLL300hHNpLXAW7HlxGDfaxuMRKiHTq7asfVjbfJ4HsS1sWU//YcE
6pPnHCHKVrLNBxr/It91uYbRLiINtxKQgAQkIAEJSEACc59AT8I5OHgRxVUxIh4vsmuttVbCcGON
JtZx6rQmdAhHJdZaQCyPzcTnEKUx7hHEMLBxXxUBIwgX04RSBMO4w+06BiCGGbPtw10bBhnxIIKV
YmcIoMRFWrjOCsMRw4G1yGBInHSYRGdMKe4jCDJamDW6mI2Amy4EfEbsM+M8hGlG1NIhw4AG1smL
43QiEJhZHx0Iecd//3EdTAj3ve99s5DPDF9cezNimTgJrTplQgCnzKeffnoWm5lFTT4ZqYwh30ps
LAdkEDezzVnDCg7DCGUdEx8j3VnvDIOcEei0QWaWE3Ah+LrXvS7vj3WqKQ/rXsf68LR3jORYp74W
+WO2Om7+X/WqVzXbxb/+9a+8Dt9RRx2VeZau0sMbAe2CuFdeeeWcH/7h7huDsWxLcZC2QaA+ub+Y
WUC63KN4SyBQj2HIRx2xnzgpAwMFaENwoU0SaC/kk2sJ/bT3ftpgeFAgP3DEGwH3FcYxxi/th1Cz
zTsb/6J83bZBOuGiTcOIe/Dkk0/O6+9x/8X9Eu2d73vttVfuBCBNOjpxBRj3Pp1ErANP4LnBMyJm
/8RyFjVbzqVTgbZSl6vfdkGcBglIQAISkIAEJCCB6SMQtlq/KfBey1q8iHjYnMy8xs7YaaedEgMx
ea9vtyZ0CEdl2rWAWB6bic/YXDGLHu9svFOXYl2s+UxeShEsBFBsP2YzM6g93q0ZtIo79ne/+92T
xE7s7bCjSYuBwWussUYuJt6y9t9//8yQODk37HtspxD3EQRf//rXZ7ua5aAQnBHwGZSOLV/b1djn
2G9xPOyEbu1q4mQQMIOy4RQ2SNgZZR2FAE7bwKU2ZcWupo5Z751Bt63ERuKMARnEh53HjONh2tVR
x8SP3brrrrtmu5r1qEtbCLsG27pcp5ry0A5ifXja+yc+8Yn0xje+kehyn0G5lnnMVmc5A+o02gV2
NRMNmMxRu0oPbwS0C5iXA+CZtIGN30o4L+1q2hADOkiXdFrZ1VFH5JuZ+HipY6AAbYhBHdjWBNoL
Aw7Cru6nvYdd3UsbxJ7GgwL5wdbENoUf996BBx6Y+7DI30EHHZRe85rXNNmyjxDl67YN1nY19cWk
EO4tngNxv0R75/uLXvSibE+THv0t9E9EHTPIf4cdduBQ7vM65phjmnZ1LGdRs+Vc7PPdd999gXL1
2y6I0yABCUhAAhKQgAQkMP8I9CycYxCHa+1WuNqtncy5rYRzDB1e6GcrlKJ05AHREZdR5A2DgYDY
xUt4uHJH4GOENYY4AWM0XM9hpETAsMRgiFHT5eznuO7222+P0/MWF9WvfvWrm4YBO+ksOPTQQyed
1+oLIjA8wzNAq3NiXyv2IZDGOe22zIogPyEKch7GPAMIggmDKjDMytBuhn45QKHXNeDL+Nt9Zr16
6qusm/rcUmzlGEZeOYqetaoRVxkpH4HZw4ij7G91b4RLb9JlHcMylMJqCKRxHIMeYx1+0QZrt/Ex
SzmuabctByJgoGL8hwDd7prYH22k1/YOj37aIPkL1/qRh07beuBNL22Q+gq38J3S4FjZJlux4HmB
+79oXzAnb8stt1yOOrwTlOng4YIOPuqagTsRyvrqp11EPG4lIAEJSEACEpCABKaPwKDCOe+i4Vq7
VS55D0c8bxVaCeeIatgPsxVKUTrygN3BrFLei7FdCIhdiGRhV/P+jMiJSE7ArsaOwD5E9IuAIMwg
2bCrWcKp9FrGdbVdjYvqN73pTZNs1gMOOCCLnBFvuy0iNTxLIbrdua3Yh0Da7prYz8xkBpnXdjVe
B4IJA7gRwMsAU+yIOpQDFHpdA76Oq9V31qunvsq6qc8rxVaO4VWNayKwVjX2Il4SIjB7GHE07Or6
3giX3nhDi0ETcS2TCUJYDYE0jjGJgKUP4BdtsHYbH7OU45p223IgAnZrzCpvd365P9pIr+0dHv20
QfIXrvXLfLT7XA+8wa7utg3yLAu38O3ij/1lm2zFgufF9ddf32xfMCdv4ZUvvBNEfGyxpbmOSQgs
fxGhrK9+2kXE41YCEpCABCQgAQlIYP4R6Fk4BxEv0a997WuzIFwiY0RvKTSWx/jMSF0MV9ZJJiBQ
MxIZY2C2Ai/5uEEvhas6LxjcjIYNIz2OY5gzyvkDH/hA7GpuEUURlzH4SiOYE0gLg/3ss89uns8H
RthiYGOg1IHR2IyKj/WuOY6hzOhgjIfIP7OTEaxJm1nfrToQIu5WrukZKc1M+akC+WS2cowIjvMR
ehldjHEcgTzQXhCZyxHfcZxtuJxHaG7lxr48t9/P1Bfr7bUagNCujm+44YZ8PqPpy4DIzkjyclQ0
7ZsylmXHeGO2BQZ+3ZHFvcAfIYRVxPmoyzI9WHO/lG0wZleX57X6DFM63mLJAIxoBoFQT2XYc889
cycVZSBQb7jgYy1BQi/tnVkA/bZBvADgWaEU98kL7Z9OD9ZODIG6VRvutg1y73caBJQL/d9/GPh0
8kWovQ7EfrbUFYMcYpYK+5itwLMuAu2HARHMSqgHGJSDbfppF5GGWwlIQAISkIAEJCCB6SMwqHBO
zrCreQfHji4D9kPtcrs8jt2BKI3gSuAz75uzbVeXs5HL/MZn7LDapuEYdgbH3v72t8epzS2iKK7G
sX1ruxqRjAHniOxlQDBkFjO2WB14j8fWwC6MgLiKfY6NG8Ibg6URrLGNmBzQya7GvTh2XBmwCRj8
PlUgn9jgtV196aWXZpsCOzkCeWAWNyJzLR7HOeFyHqEZsZZrhh2oL+xn8l2HdnWMGEq/CQOSy4DI
jmcxPC0EA9p3TEqIcxHeKdtNN92UsG/L8M53vrPpDS6EVcT5qMvyXPJMPZd2dcyuLs9r9RmmtIvS
rsbrH226DMRPPwFlIFAHeA4ID3a9tHfs6n7bILP96YfBQ2IE8kIdbbTRRtm7QwyAaNWGu22DUw0C
irTZ4lWCvrIItdeB2M+WuuLZVtrVtDvugQi0H/rVaBP1AINysE0/7SLScCsBCUhAAhKQgAQkMP8I
9CWcByZm8TKynNHiCECl8RHntNrSQYDRGwZHq3Nmch9CGwYDL9bkDQPjrrvuyuVaccUVp8wnL/uI
fZQHo2HxxRdv6Qa9LhMzV+GA6y3YdcOD/JEGbtZJZ1QD+aRctI2p8okxiCiJ4MzAgHLmwHSUj7yx
9hoCMhwxtqbqZMK4ve2223J9cS7CZxj2w8gjrs1oQ+QFbtxX1DNscG0Wrt2GkVbEQbulTDDopp7K
6/pp73F9t1vuDzpNFllkkexecao6quPtpQ3W13b7nfzRliLgBrLVEghxvNftbLSLXvPo+RKQgAQk
IAEJSGA+EhiGcB7cmMV7xx13ZJsEAWhc7WqENtZxfspTnpLtjFtvvTW7n+c9nqWoprJ3sU+wxcOu
XmKJJbp6t2ZQbdjViGxTpQN3bAVsft7dSWdUA/nEJsRemyqfnIcHOMR2JivgGn46A3mDPXY1bRZv
W1PZbNjV1DHl4Vzs32Hb1cRPXrCrua/Crn7wgx88bXY19nHY1VPVU9RJv+09ru92Sx2FXU3fwlR1
VMfbSxusr+32O/nD/o9APodtV890u4iyuJWABCQgAQlIQAISGD8CAwnn41dcczyKBJghwKhjOokQ
zxFKDRKQgAQkIAEJSEACEpCABEaVwDCF81Eto/kaLwLhpp2Z0Zdddpl29XhVn7mVgAQkIAEJSEAC
EpCABEaEgML5iFTEfMoGI+Fxjcea0MwIYE2xcL2N63LWHLv//e8/n5BYVglIQAISkIAEJCABCUhg
jAgonI9RZc3RrGJX4/4cN+jY1Sx1Fa63cV/++te/Xrt6jta9xZKABCQgAQlIQAISkIAEpo+Awvn0
sTXmNgRwQ85a1SGWl6ex5hZrsdkRVVLxswQkIAEJSEACEpCABCQwSgS0V0apNuZnXrCrmV0eYnlJ
Abv66quvzktelfv9LAEJSEACEpCABCQgAQlIQAKdCSicd+bj0WkicMMNN+R15VjbrAyst/XQhz50
qOuclfH7WQISkIAEJCABCUhAAhKQwKAEFM4HJej1wyBw3XXX5fXk63Wr+b7GGmtoVw8DsnFIQAIS
kIAEJCABCUhAAvOKgML5vKpuCysBCUhAAhKQgAQkIAEJSEACgxJQOB+UoNdLQAISkIAEJCABCUhA
AhKQgARGj4DC+ejViTmSgAQkIAEJSEACEpCABCQggREmoHA+wpVj1iQgAQlIQAISkIAEJCABCUhA
An0SUDjvE5yXSUACEpCABCQgAQlIQAISkMD8JKBwPj/r3VJLQAISkIAEJCABCUhAAhKQwNwmoHA+
t+vX0klAAhKQgAQkIAEJSEACEpDAkAkonA8ZqNFJQAISkIAEJCABCUhAAhKQgARGgIDC+QhUglmQ
gAQkIAEJSEACEpCABCQggfEhoHA+PnVlTiUgAQlIQAISkIAEJCABCUhAAt0SUDjvlpTnSUACEpCA
BCQgAQlIQAISkIAEGgQUzm0GEpCABCQgAQlIQAISkIAEJCCBuUdA4Xzu1aklkoAEJCABCUhAAhKQ
gAQkIIFpJKBwPo1wjVoCEpCABCQgAQlIQAISkIAEJDBLBBTOZwm8yUpAAhKQgAQkIAEJSEACEpDA
eBJQOB/PejPXEpCABCQgAQlIQAISkIAEJCCBTgQUzjvR8ZgEJCABCUhAAhKQgAQkIAEJSKAioHBe
AfGrBCQgAQlIQAISkIAEJCABCUhgDhBQOJ8DlWgRJCABCUhAAhKQgAQkIAEJSGDmCCiczxxrU5KA
BCQgAQlIQAISkIAEJCABCcwUAYXzmSJtOhKQgAQkIAEJSEACEpCABCQwJwgonM+JarQQEpCABCQg
AQlIQAISkIAEJCCBSQQUzifh8IsEJCABCUhAAhKQgAQkIAEJSKAzAYXzznw8KgEJSEACEpCABCQg
AQlIQAISGEcCCufjWGvmWQISkIAEJCABCUhAAhKQgARmjYDC+ayhN2EJSEACEpCABCQgAQlIQAIS
kMC0EVA4nza0RiwBCUhAAhKQgAQkIAEJSEACc5GAwvlcrFXLJAEJSEACEpCABCQgAQlIQALznYDC
+XxvAZZfAhKQgAQkIAEJSEACEpCABHoioHDeEy5PloAEJCABCUhAAhKQgAQkIAEJjAUBhfOxqCYz
KQEJSEACEpCABCQgAQlIQAKjQkDhfFRqwnxIQAISkIAEJCABCUhAAhKQgASGR0DhfHgsjUkCEpCA
BCQgAQlIQAISkIAE5gEBhfN5UMkWUQISkIAEJCABCUhAAhKQgATmHQGF83lX5RZYAhKQgAQkIAEJ
SEACEpCABAYhoHA+CD2vlYAEJCABCUhAAhKQgAQkIAEJjCYBhfPRrBdzJQEJSEACEpCABCQgAQlI
QAIjSkDhfEQrxmxJQAISkIAEJCABCUhAAhKQgAQGIKBwPgA8L5WABCQgAQlIQAISkIAEJCCB+UdA
4Xz+1bklloAEJCABCUhAAhKQgAQkIIG5T0DhfO7XsSWUgAQkIAEJSEACEpCABCQggSESUDgfIkyj
koAEJCABCUhAAhKQgAQkIAEJjAgBhfMRqQizIQEJSEACEpCABCQgAQlIQALjQUDhfDzqyVxKQAIS
kIAEJCABCUhAAhKQgAR6IaBw3gstz5WABCQgAQlIQAISkIAEJCCBeU9A4XzeNwEBSEACEpCABCQg
AQlIQAISkMAcJKBwPgcr1SJJQAISkIAEJCABCUhAAhKQwPQRUDifPrbGLAEJSEACEpCABCQgAQlI
QAISmC0CCuezRd50JSABCUhAAhKQgAQkIAEJSGAsCSicj2W1mWkJSEACEpCABCQgAQlIQAISkEBH
AgrnHfF4UAISkIAEJCABCUhAAhKQgAQkMJmAwvlkHn6TgAQkIAEJSEACEpCABCQgAQnMBQIK53Oh
Fi2DBCQgAQlIQAISkIAEJCABCcwYAYXzGUNtQhKQgAQkIAEJSEACEpCABCQggRkjoHA+Y6hNSAIS
kIAEJCABCUhAAhKQgATmAgGF87lQi5ZBAhKQgAQkIAEJSEACEpCABCQwmYDC+WQefpOABCQgAQlI
QAISkIAEJCABCXQkoHDeEY8HJSABCUhAAhKQgAQkIAEJSEACY0lA4Xwsq81MS0ACEpCABCQgAQlI
QAISkMBsEVA4ny3ypisBCUhAAhKQgAQkIAEJSEACEpg+Agrn08fWmCUgAQlIQAISkIAEJCABCUhg
DhJQOJ+DlWqRJCABCUhAAhKQgAQkIAEJSGDeE1A4n/dNQAASGG0C5513XrriiivSJptskh7+8IeP
dmbnee6uueaadNZZZ+V6evzjHz/PafRe/ImJifTtb3873XHHHWmrrbZKdsj3ztAr/kfg9ttvT9/8
5jfTEksskbbZZpu08MIL/++gn6aNwExyn6vPXH/3p615GvGQCfg7PWSgRicBCUwrgXPOOSddeuml
adNNN01rrbXWtKZl5IMRuOqqq9L3vve9tPbaa+f6Giy2+Xc1dvU3vvGNxHv5dtttl5Zaaqn5B8ES
D40A7ej4449PSy65ZHrmM5+pXT00sp0jmknuc/WZ6+9+5zbmUQlMRWDeC+dnn312euc735mWXXbZ
tNxyy6UPfvCD6b73ve9U3DwuAQnMAIG77747bbbZZunyyy9P73nPe9Lee+89A6maRL8E3vzmN6cj
jzwyIZqfdNJJPRkUv//979MrX/nKLBbfddddad11101ve9vb0kILLdRvdsbuut/97nfpsY99bM73
aaedljbaaKOxK8MwM0yb+M53vpO++93vpn/961856hVWWCG99rWvTausssowkxqpuIb1XoJo/uIX
vzgts8wyCSESQ98w/QT65X7ZZZflgQ7nn39+zuS97nWvtOGGG+bfvcUWW6xlxgd55raMcAR2+rs/
M5Xwuc99Lp1yyimJdva0pz0t//7OTMpzKxWF88n1+YMf/CC98Y1vTMsvv3x6yEMekg477DDt6smI
/CaBWSPA7yvvFb/+9a/TRz7ykfS6171u1vJiwlMT2G+//dLHPvaxLJp///vf78muvummm9Juu+2W
ll566XTnnXem9dZbL73//e+fV3b1lVde2Zx08ZOf/CRPwpia+tw9gzaBjcK7X9jVK620UnrLW96S
VltttTlb8GG9l5xwwglp5513zroBNpvvfzPTZPrlzu/cV7/61fTTn/40ZxR7Z+ONN86/e+3s6kGe
uTNDo/dU/N3vnVk/V3zyk5/Mz1faGROgXv3qV/cTjdeMKIE5JZz/8Ic/zC+GUwktvCg84QlPyD92
jBrbc889c/XYuTyirdRszVsC3KvPec5zEkLShz/84fSyl72sIwtmpr/3ve9NL3/5yx2Z3ZHU9Bw8
9NBD07vf/e609dZbp6OPPronAz+8CkTO+okjrp3N7SBt8A9/+ENaZ511cvbPOOOMtP76689mUWY1
bcTDLbbYomUe3vrWt45dZ18v7WJY7yWMLt5+++0Vzlu2ounb2Q93RMzXv/71LTN16qmnpsc97nEt
jw3yzG0Z4ZB29tLe6yR7/d2vr5+P3/uxf17ykpfkmVjwGtff21Go67nccXrmmWemv/3tb1MKLdyz
T37yk/NsvmOOOSaLNdQNg9LtXB6FVmoeJHAPAe5V3q0Rkj7+8Y9POSCd+xdRbd99980D2eU4swSY
0HPAAQfkd/mvf/3rPdnV1F3YlOQae6DXOGa2tK1TG6QNMgCbAVyEn/3sZ83B6a1Tmtt7EQ8RDVsF
+s6wrccp9NIuhvVeglfFpz71qb7bzHBD6Yc7IuZee+3VMqfY6WhBrcIgz9xW8Q1rXy/tvU6z19/9
+vr5+L0f++d5z3teHqgBr3H9vZ2Pdd1tmeeMcI5hj8upq6++uquyhwj3j3/8IzHLj4enwnlX6DxJ
AjNGABdbn/jEJxKdwsxGZlZUp8CIxFe84hVdieyd4vFYfwRwM/6FL3whd65QX1MNYqpT+fOf/5wH
SbzoRS9Kz3rWs9JnPvOZPBuuPm+Uvw/SBv/617+m//u//0u33HJL+sAHPpBWXXXVUS7qtOWN+54Z
a5/97GfTBhtskN73vvflDvkbbrghMbiADvroCJm2TAw54l7axbDeS/DUEexoT/e73/2GXCqja0Wg
V+68vz796U/PnlWYHcRvGG71eTelLTBqud3I+EGfua3yP4x9vbT3Or1ef/fr6+fb937tH2ag/ehH
P0q77rrr2P7ejkJdz1XhnHb1qEc9Kj+HuuEcIhzPLGb5PeIRj7BzuRtwniOBGSTA7+tBBx2U6BTe
f//905Zbbtkx9S9/+cvpBS94QVcie8eIPNgXAdyM48mNemL2Wq929a233poHSey4447puc99bjr2
2GPHzq4epA1iV7/mNa9Jf/zjH9NHP/rR9NCHPrSvehj3i7jv99lnn3T44Ydnb3aHHHJIevCDH5yu
u+66xCz0zTffPOHRbZxCL+1iWO8lLHHBAAPY0Z60q2emxfTKnfdXBpwz45xBwswix67m3fTvf/97
FjXb2dWDPnOni0gv7b3OQ6+/+/X18+17v/YPdjXvVojm4/p7O9/qupfyzhnhHBcUjKC9973vnWeb
4iKBTnY6jR/96Ec39zFzlQdPCOfAimtvvvnmPBpx8cUX74Wh50pAAiNCIFzklvf3iGTNbHRJ4Npr
r02Pecxj8gy4L33pS2Nn4NsGu6zoDqf985//zOL4jTfemBhlPBfcx/XaLnwv6dBA5tihWKKBdn7u
ueem+9znPmNfwl7b+9gXeBYLEM+Kfuyfcf+9nUXszaTnqnBOu2J2Gu2K2abY1XSyM7iPAW2xD/fB
n//85ycJa3Ets/1+85vfJO3qZnPxgwTGigCD4HBNHANjxirzZjYTYFIRgjGd+YhCPMvHKdgGB68t
7Gr6VvgNv/DCC9Pqq68+eKSzHEOv7cL3klmusBlMPpZooJ0jus8Fu7rX9j6DuOdcUvGs6Mf+Gfff
2zlXmUMs0JwTztdaa6306U9/Oo/IjA4hXD3HPtZLZeRsKaxxcyC6M9vxK1/5Sl73hTVVecl4asMd
C+sqM7KsVbjmmmvScccdl3ClGWGTTTZJzJhce+21Y1feMgoF98WMFuUPtxm4lGYUHC+yrAnMbDpm
0uGyk46JMvSSVnldr59vu+22dPrpp+cO3IsvvjhzYJQW3J7//OcvsFYd+WLW0yKLLJLPZV07mNNh
AhvW0YkXNmYRljMFYUCdwJ2BDgTWYtpll13SDjvsMJQfOjqif/7zn+e4qRNmcTKTFZdFlIsRQdRX
u7XtWRPpxBNPTJdcckl64AMfmA0O3FpigJDXYYU//elP6Vvf+lZuS7QD8oYXhRVXXDGPNmaNq1Yu
lvppF4y2o85Y9yXSIu5tttkmDx65/fbb0xve8Ia06KKLZjeL3/ve93K5qdtnP/vZuf1yHVyi3snn
M5/5zCaOQdoFIwQZsRV1cscdd6Sddtoprbzyys34W32g8471j3E5hXse2hfhP//5z6S29Je//CWP
uoYx9yLtc6mllspp8CNJ2uQh0meL+5X43irtbvb1wr2Mr9s2yIhC3LAxephA+2HUHO6KMJZor4y8
pJ5bhX7aINdw/9IOCJSRUZ7tXAuX6VKuX/ziF7l+6FjlGtoczz7usVbCeS/tfZA22OtzMMrVbRuM
89nyvKVzOV7saY/UEyw6BQwD7kHcurN+Ne0chjx/H/awh026dJDnYD/tYlLiXX7hvuR3mzXuX/Wq
VyVePnlGLbfccvl3kmc3v9esx1aHXlgM+ltcp93N917bRb/vJTzzcEnHfRjPtvK53S6vv/3tbxNG
GW2J9sezgpn9fOb5T/6ph2GEXtLCZT/PCTr6qPftttsuf//lL3+Z2wn5fNKTnrRAe498ch/zTGTA
JGUhrLHGGumFL3xhespTnhKnLbAlzS9+8Yv594+DrA35jGc8I78nkidm/qyyyirN6/rhzjsP9xbt
fI899shej3DTH4Hf1H//+9951mbsY9vvM7ef35+ZfA72+7vfy70/yHOwrINR+hzPin7sH+7FjTba
KL/b88ylzce7Me/83Ce8E7UKvfwWt7p+ruyb68L5uuuum5+f/J7wrEKAwUbjmco+bFfe/UthjTaJ
TcFsR2wNBtJgC2LvYm+zrjJe3lqFq666Knsuwh6KwDMeTxzMYi8Dv+XYc+SDP57DzKojHd4d+E3j
fZhn6dve9rbc1svre0mrvK7Xz7zbwIHB+4gW5A/7g/e8F7/4xQvYFuSL3y3eCTmXmYAwpyx4dYIn
+x/72Memd7zjHZNmCsKAOuFe5r2fAOvdd9892zjxntlrGcrzKQfPUgJ1Quc09f/jH/84l4vnBvXV
zmbC0wUzXy+66KI8qILfd2xqZsW2628p0+/2M96beEemLcEO5nguw5Y87LDDEkukPPGJT1wgun7a
Bb+v1Bl2S6RFu+Xe4H2Cma9vf/vb83s9/Qn0fVBu6hb7kvZLvwn3VdQ77xjYvhEGaRf055x22mlN
uwI7nz6dqTxbHXHEEdnjG7PUsa9pX4TarqYPjbYZdjXtk7okDX5DsHOo77BraBu0yXZtJMo81bYX
7mVc3bZB7Oqyj4r2Q58EM3b5DeTe4rez7P8o0+mnDXIN92/cqzxP8YzZzrVwmR7lwiU59bPEEkvk
9g1z3nvbCee9tPdB2mCvz8EoV7dtMM5ny/MW18bRvnj/p56i/ZXnlp9ZZoh7kHuF33Y4wp3n75pr
rlmemp/n/T4H+2kXkxLv8gv3Jb/b/FZyvzFQl99i+mK5R/k9x+Yu7ZmIuhcWg/4WR5q9bHttF/2+
l/DM47ci7Or4TY7ndrs806+DPU5b4hqeFTw/aIs8/3k/wT4fRuglLd7x8eTJ7w/Pf/p1eW5g29IW
eG5vttlmC7T3yCf3Mc9E+gUoF4F7g+U08VzQLpAGegy/fwSWI6Svn/fE8847L73pTW9KqzUGkEfo
h/v111+fvUvQzvntZLmgUqPhtx+7uu7P6PeZ28/vz0w+B/v93e/l3h/0fTDqe5S28azox/7hXuR+
oF8Hbye0+Xg35p2f+6SdXd3Lb/Eo8Zo3eWm8EHYVGg+1iVH+axiHE41Oo4mGe9+JxsMv57Xx4jjR
qMiJhgDT3Nd40Od9DeG8WZ7GrLaJhuGX93N+/dcwaiYaD+Dm+cHhwAMPXODc8tqGeDfR6OBsXtcw
nCad3/gBnWgYcznf5XV8fvzjHz/RcCvUvLbXtCKPvW6nYtHoCJloCKbNfBF/w1ieVC7qoPEyMGlf
lA8mkafGw7xl2eNc+DREteb5cV0vW/g3XlJa5iXSYUsbaXgcmJRW40VzouEaq+O1jYEBk67pJW/l
ubAo89Pq84c+9KEF0uqnXTQ6bSYaLyYd04N9tPmyfsv9jRfWSXHUbba8jvJ02y7g0uhwmRQ31zfE
mwXKz7mwI1+tmJX7GmJi8znQ+AFb4PzGoIiJRidyvmdbtRmOlXXW6+deuRN/r22Q52BZ5nafW7Wl
fttgo5NogTTL52srTg2BpOMzl3yXz/KIo9f23m8b7PU52E8bjDLxPOW3q6yr8j6L88otz7WGq7BJ
15TX87nRQdds74M8B/ttF2V+u/1c11ddJr7Dqvxt7JUFeRnkt7jbsnDeIO1iqjbY7r2E50zNrX42
12X42te+tsA1dRwNw3+g51+k2WtaPAfqvLT63hiUN6ldkF6jY6LjtY2OzgmemZE3tg2je6IxmK7j
daTfGGAw6bpeudNup3q/IB3u8zJ/fO7nmdvP789UbbB+HxykvVOuXn73Ob/Xe3+Q52BdB6P0fRD7
J+ykVvcU+7j/yudtlLvX3+K4bi5uuzKix/Ckhjg00eg0ys/DRkdjLkGjMy0/GxsCzETsawgUeR+/
3xEana8TDTfvbZ+jjUFQ+bkW58e2sTRT22tojw3xbqIhZMTpE7xLlm230Uk60Vi7Oee73M/nxkDS
iUZHbPPaXtNqXtjjh6lYNITbiUbn86RYjzrqqEnl4jeJ3+C6THw/+OCDm9fyLKDOWp3HPvhg2w0S
4N9YPqRtGpE2baQhEExKqjEQa2LbbbfteO3JJ5886Zp+v3RjDzUGpC8QfT/totHZOdEYPNCxXLDn
+Uco67fcX/+21222vA7O3bYL0mx4iFggfw0BhUMLBNiRr6jLdtuGmNh8DvzqV79a4Hzsan5327UZ
jg0SeuVOWr22QZ6D7cpf7m/Vlvptg43JNAukWT5fWzHjfa3TM5e80l7iuR1x9Nre+22DvT4H+2mD
USaep/VzsLzP4rxySxulj7Ks0/pzY8mrJr92bbq+ptVzsN92Uea32891fdX54zusyt/GXlmQl0F+
i7stC+cN0i6maoPt3kt4ztTc6mdzXYbGBLwFrqnjoC9iGKHXtLqxcckr/UhluyCvDZG0Y7ka3kkm
eGaWoTGBZ6KxDFnH60gPe6QMvXKn3U71fkE63Od16OeZS/56+d0nzanaYP0+OEh7J71efvc5v9d7
f5DnIOmNahjE/gk7qb7f4zv3X31fwaHX3+JRZTeX85W6Ldyod3ZE5w8CaHTylPtqMb0x0rnZGVl3
DtIhRCdjY4RI8yHfWBOmeT4sGjPHm8f4MWiMlJognsYsqEmdf43RWM3rEGYR/xCVa+GyMYtqgg7l
97///TleHnQYFP2m1W99BQuMHV4QEa75YWiM6G+Wt+5Ab4y4nWiM5pqohVQeEI1ZWRONkfFNJo3R
yLlMkQ7nkFZjJF9OB6GwMdKzmRacGrOymgz7KRcvc2XeSI/6o47f8pa3NNNqjL5rpgP7xqzc5rHG
iP78Ukj+KH8pdNUd6P3k8SMf+UhOi478xki8XPekRYdIPGhrMbKfNsgPcJl3xIbGCMCJhjvkZh2R
Xinc8QMQbbbcj8DAwI84Vgud/bSLYNcYrZXbDaxDXGjHuZ/O+sao/txmgwXlaowabtY/bSYEG45R
zrgfI4+9bPvh3m8bpCOkMSug2W4as7dzWXlGMXiA+kV0o37KMvTTBrm+MbMi80Gkeuc735njr9tq
mU7NouHZYKIxy3IBg7VuT/20937bYDyfun0O9tMGSyb8VvGchCHtrbzPyvPic9QVdckzg7ptzNTO
26hjjpX10M9zkPQirV6eTZHPXrd0eDdGY040Rmg2fyNh0fDAkvc1ZgvkgVrlvRj564VFv7/FvZZn
kHYRbZBy8dfNe0nkj2dlY0ZBU2Ct76U4j235nMFI5p7hHYrfocbshOZzpN3zt4xrqs/9pEUnP8+I
4MCWNkEn5ac+9alJv2e0k8hDw8tM85p4BnKPNGYnTzBwKOJreP1pPtvJX2ncN0bC5997fhs++MEP
Nq/h2lY8euFOPnnv2XPPPSdo15EfBm1Fe+de4LcnyhTbQZ+53fzuk1a0wZl6Dvbyu0/++rn3+30O
BvtR3Ja2Tq/2T1wb9xWDQXk3Lt8hGGhYlruf3+Ly+rn2uVs7etzOi84fOv6jk6fcFwJM7ONZFaHu
HKRDCFuytO+wB8vQmK3bfA7y7GvMFsydjNhCZecfNkcEhFneebEV6g7MxiyqCTqUDz300BwvvyN0
8hH6SSvS7HUbLHiONtZEzcJ1YxbgBP0Q8dyvO9Abs5MnzjnnnOZveJzHtjEra6LhFavJpDGjOmcp
0uEc0mrMuJ8gncbsponGDPRmWnBqzA7stRiTzue3oRR5SQ+m1PF73vOeZlo8SyLAnvfIKAu/qcSD
kMkzphS6eC4NGui3IS068ulHIH1Y8N4QeajFyH7aRXSwRpy8R9EXRP9J2W5L4Y530Giz5X4EBt6D
41gtdPbTLoIjvw20G9paiAvtOPfTWd+YeZfbbNQj5Wq4yI3kc12HYMMxyhn3Y/OkHj70w73fNnj5
5ZdP6i9qeGnJZeUZxeAB6h7RjfopQz9tkOsbs90yH0SqeF+t22qZTs2i4V0j2/1lHxJ5rNtTP+29
3zYYz6dun4P9tMGSCb9LtHcY0t7K+6w8Lz5HXcGJZwZ12/DKkLdRxxwr66Gf5yDpRVq9PJsin71u
L7jggmxjHHDAAc3fSFg0llyZYN/+++8/gbhe3ouRv15Y9Ptb3Gt5BmkX0QYpF3/dvJdE/nhW0l8a
Amt9L8V5bMvnDH3p3DO8Q/E7hM0Z6bd7/pZxTfW5n7R4B+cZEflgS5vAJuX9Pp7h7KedRMBGi2vi
Gcg9gsby/+ydB5h1NbX3Q68CAhZEryIgoDRFUFARVESxV0RERUFELICogAVEsXEBG/qBIvbeC2LF
3nvvWEDFhoq9zZdf7v2fu04me5+dnDPzzsy78jwz2WfvlJV/VspaKwWZXN/iqT8jfoK+hz70oaNv
8VSZNN4zNsRTX0bviVvCowZ36GSDZLzPPOmMRA8L/cTvyNuMPbmbts8dMu6Tp3hwsfrBmnEf+lra
fms/SH5L1UmuaZF/FBf+o12xGPSSODe2NicWGlrXMhbb+P68OAisGMM5QggMiYFUShk6W5jW7jin
02dXi1VG0uC14xyBXPHxZQiyO6VteARYG17PGIzJu2T4ZYeh8iMMA4fi4WPU0+9p81I6LT50oLDg
j/iUFXqtMcami4DMd/4YEOKxXKNyEA5lr8LHo2tSOBTgGBf0Xr5Nyy4+0PdaX+lBF3yh+FaRz+IA
vYc/VBa7yELfmbihjCdMabe6wg3xoSEeZZbSKmGrHXos5FB6rXzBhF/lwrCi9ORrF1FuuBPP5u+J
p29dxhlhP4QvRIf1xSslQ4XCMTEAx/POO28MR/oF/mybUhx8hAXoolwMdPo2qU4Ubqjfgvs0PCjM
4jGOyaAqOjFCUVbKbJXhk8pb4kGlaX3VdYmPFU6Lg2iL8W7MEeZ8R9GkRUW2327ld+Upulp4cGg/
2MqDolE+Y0epnek7wgbl4A/hgLrTN3x+S1mX87VwGNoPzoovLH1Dn7X71PJpHncaLEhLfZfw7BuL
87yH/m7lC8vzQ+YlJXpUvq6+mTiMZVpAVOpjJVz31UMp79K71rzEt9QThm07l4BH7ekLKInIW/zD
witwyOlRH0mamhMgTIsXSn2Y3cFewkp5DMFdYfEVngVNLEiz3yY9C5sSvYrbMv4orvzF7gdVP104
T9P2hdnQflAYLFV/GvlHchJjhT3hCUVYPGY4tQeMOCq77Zda5B+ls5L8xRHXFz8XFOEYQTGQykkh
hDJJhnPGOOYcVhkp5SD9KfxjnQxBdqe0DY/cXXKSQUuGX3YY2t2W559//lgSGPXkps1L6bT40IHx
lj+cdAzWGGPTRdmmMYn+ikVc1qHslWPxJWFR1LFILHc2Lbv4IA839LfSgy74Qs4q8pGf5ez4ahdZ
6DvGP5TxlKG0S1PhhvjQEI/JTGmVsNUOPRZyyLXyheRI6MawkjvtIqJe6PfkxLP5e77rW5dxRtiT
5yS+UH7WF6/Q/3c5DD3gqLFYONIv8GfblE2DhdDiQ8YmuUl1onBD/Rbcp+FBYRavY0wGVdFJnVKH
lJkFp3KTylviQcW1vupa+NtvetbiIHghHres18lH7teiIttvt/K7EhddLTw4tB9s5UHRKJ+xo9TO
9B2ZgnLwx8JS6s46fmsBL+lYvhYOQ/vBWfGFpW/os3QDudHGxp8GC9JR3yU8+8Zim2/NcytfWJ4f
Mi8p0aTydfXNxLELWUp9rPRgtr8o5TXkXWte4lvqiYWKdi4Bj9rTFzhxEyf+YeEVOOROfSRpak6A
TC5eKPVhdgd7CSvlMQR3hcVXeBY0sSCtxgmbEr1Kp2X8UVz5i90Pqn66cJ6m7Quzof2gMFiq/jTy
j+QkxgrGXzlkpv322y+1B7tY1vZLLfKP0nd/4RFYMXecx055ntPdfdEAU7wrVxHiYJHuXIsToXQv
EHftynEPCPH5i6uw0t1NSpcw0eCZ7r2MnZ+ipLt+40rxdC91VEalezu4f1ZO+cUBM8QJRbpbRN9y
f9q88vSG/I6NOcQVcununlL4qKBN9zPk30Rr7DTT3S1xxVoeZPT7xBNPTPjwAlwtftzzFTusdB9d
VMiM3Uc/SqDyQbRFA0K6D497XeSiAiHdxWbLxf1G3JMXj7hNd8mV7qKIk4Fwu9vdLt1Zw90sto6V
9lBf+RGe+1722GOPdDcV90ZHQ2K6iyUKPqPkVB5eDOVB7rriXtaoBEv+KaecMkpPD3GyFI455pjE
s3EXerrTnW/iWdpIXlZ923777edhS1zROoQvCJ+7ONCnOwCjAj3dh5N/t78V1tal/Z4/i3baYlyN
mO5vIwz3/HAPY6n95mlM+h278SbcxRMtPCgc4u6WdEepaLS05HgqP8IO4UGlaX3VdRf+5B8n3un+
sK4wUbGR7ui2/bbSJa+h/G7bo+LX8GBrPyjsu8pn8So90zfGlYfz2pnCRoNRurMO3mScKd0HGZWy
6R6tuOgp3a3FHbY44TC0HyTOLPiCdGqdxoicT20602BBOrb9TxqLbb4tz7V8IdqGzktKNCmNrr6Z
OLZN8jsapsPOO++c7gHceOON07133AmW3wdG2FrXmpf4tovnmS9w/zhjclwtHeBv+m/69WiMDnFn
crrfT/QyrkYjfurzeSce01xgu+22S22LcLmLwnK6nzcuJAg77rhj/jn9HoK7jRiF+jTHLI2vNlzp
Wdh09Te2z2f8rxn3yW9V9YNqL6qbvOzTtH1hVtMP5vkv9d8qox1HSzQrXDypJM3J7dz4xS9+cYiL
Usbm4ApPWi1jcYmG5f5upd5xXqqXuPg83d0XDTAh7rxKd2SWwtEHcsd5XHATiGPlavpO7pUmDeY6
3ImsdEmLewHjzuQ0Pitt7vplbhh3NaU7K7m71uKu/LhDOZ6akO6MVtzcnzavPL0hv7nbM+5ISmUo
hY8K2iR75d9EK3NX5nu77LJLHmT0Oy6kTPjwAlzBRE5yNXfLM8505afwQ3zRFg0I6b5y23cwbzz0
0EPH8omL4JMsF4+4DXEnaPGOx6jQDXvttVexjofQZMMoP95xdzr8iFwALyFPc8cvY72cysPvoTxI
enEHYdLlRONciLvoldzIR64mPeovLtoak6vVRrr4mTlGXHwwr52J1iF8MSLEPDDXibtdk84rLrA2
X+Y/KuxQnrFt8fTTTw9xU0tKFH0a5Y3K5HT3tG2/83Ptf8O8pgV38UQLDwoH7ivljlI5Swv8a/FU
foQdwoNK0/qq6y78yT8avgJ5dYWJp12mObHtt5UueQ3ld1tnil/Dg639oLDvKp/Fq/RM38idzHk7
U9hoSE59K7zJM7JG7rgrnLqNhpA0L44LKFIQ4TC0HyTSLPgip2/Ib40ROZ/auNNgQTq2/U8ai22+
Lc+1fCHahs5LSjQpja6+mTi2TfKb9rn77rsnuZr2wr3y3C0+i/vNW/MS33bxPHI18zR4JZ4OFOBv
+m/mWNEYnWRtZFc5xtV4Yt1Ijyoe01yAO5/hrZJcHU+BCXEnePoeNxYqyTF/CO42ArTts88+aQ7a
1e5tePssbLr6G9vn14775LOq+kG1F9WNLTPP07R9YVbTD+b5L/XfKqMdR0s0K1w8qSTEhYdj87e4
yC3de255S+FJq2UsLtHg7xYIgdj4B7nluDsgdgxpVUdUHI3uei2VQzso4kRpdK+zwum4z6hgG6Wh
dGOVjFZRdT2X0lR+peOSla/8afNSOkP9/Fgnyn344YfPsXNVZYwK2tHuE5uuaOWo4HwXpA3Hsz22
Rel2+ex4yOPX/hZtJV7QqjGVy+6y5Fi9rry0So4dsvmx111xut6zqz9OSEYYl7CIk48RLSpPKVz+
zvKgduFxFEsXLaX34lmblsLpm20j+oYvWofwhY2nZ9VPVKBPpFlhVZdKo8/XanrKxi426l/H9PfV
f1+a+bda3KflwT4cREuOZy0P5mXkt+q6C3+745R7MUtpaDegbatKN+ft0u8Sjyr+UB6cph/sw75U
3vwd9VMqg8LpVIWu9kY4cKZfAh92wCiucLDY6lsX3bPgC+VR43fxqU1jGixIR33XkLHY5tvy3IVv
V1qircQLpXlJKR2l0ccrxGMXG/mU2hPv+Mbq2FIete9a8hLf9rVf8Qt9D+XWLvquGinuAgAAQABJ
REFUMtn32lGrOmJXu673qS0f4YfirrQVvlTXCtPlC5uuPpd4wqZ23F+V/aDqIh+nhMM0bV+Y1fSD
yne5+H1ltGXoC6c6sLyl8Lb9dD238LOlbbk8DxKiV0gg7aSIiqPRjvNS0bSDgh0X1KN1UUmUxpqo
YBuloXS7eMm+L6Wp/ErHJdu8eZ42rzy9Sb/t0eCUg3I//OEPn2PnqsoVlWjFZEQrRwWzC6zPPeIR
jxilp3S7fK65mNaJthIvaNexygXtUSGY6OP0tC4XlfIpDDtk82Ovu+J0vecIeO4L7cKA9xxhL6fy
9IXXN8uD2oWXXz2gdLt88axNS2H1zbYRfcMXrUP4wsbTs+qH/nySU1jV5aTwfI8L3xLulI1dbNS/
junvq/8haStMLe7T8mAfDqIlx7OWB1U266uuu/C3O065crDktBvQtlWlK57u80s8qvhDeXCafrAP
+1J583fUT6kMCic9UFd7Ixw4a+c+VzHICQeLrb510T0LvlAeNX4Xn9o0psGCdNR3DRmLbb4tz134
dqUl2kq8UJqXlNJRGn28Qjz0ieTT1a74xtVRs3AteYlv+9qv+IW+h3LbI9y7yqX36AxwqiN2teuU
opYyD8VdaSt8qa4VpssXNl19LvGETe24vyr7QdVFPk4Jh2navjCr6QeV73Lx+8poy9AXTnVgeUvh
1Xb6/BZ+trT583QI+I7zyJ2sYmJ3Umm3j3ZXRAXbaNd6ZPCglYavfOUr046mOCGPKc13rCxjlRWr
veX68lMY+dPmpXSG+NC1//77h3iXU9rtzYpa6JeL96WFKOyP7T7RN/wSVva7fY5HHqUV2vEY1bTr
i7xLDty23XbbqXZzk24fbdrZFJWDo1XE8Z6XEO8ZTSuaWUFu6090qm6icrBzd6jCTvLjZCJEJUGI
Rqq04itOqlOUKHAGdv3gbD7Km/c1PCjcbVlJY5Lr49loYEirElmZGI+7H1tZRbp92E/Kl++qn66d
ZzYNhc13Wtsw+TNlu/Od75x2K4ILO7xZjc5ORXbG2J0yedyhv1twn4YHhUOpnrt28tbyYKnsqutS
voS3WLNbad99952XjHh7ln2u6LJpzsv4f19A4zT9oLCv4UFLy6Qd5zrpIhrG0w6WDTbYwEZPz7YM
tt304SC687qbBV/MI3DAiy4+tVGnwYJ0wKlr7Lf5zOJZ+A7liz7a+urR0qo0+nacE54TXxh/ohCf
dv4RD8fqY8Z93JC2kwJO+NeSl8rLavd4xOu8nWpxGjx2ksUhhxySToNhLsNJIpwME49tK1LGKvmd
dtoprYJXHU1b1qG4iyCFL81BFabLFzZ5u7XhW8YfaFqV/aDqwvZftkzTtH1hVqpn5duHJ3Qw76HN
sONw8803t6Qtiee+MloC+8KVsND4TBo1c0+b50p7trvwVlrZ8vJoZ0RUjg3ecZ7v9imlQRj6YVy8
GijtaOqSq5mTs9vLymX0V4wP7CTL88vLMG1eeXp9v6GLE8QYW+PxrOkkMytXcwLYYYcd1rlTtIRV
V36cFsaJK/EY1cBOX/IuOXBjTjAt3/bRpp1NUTk42kmPLBuN+wmDeC3OWP2JTtVNVA5OrEfF6fKZ
uyJLs0OUnd6cxISLC9XC2WefnZ5tPsqbDzU8KNxtWVPiE/718Syn7XHyTzzWs3fH+aR22EWC6icq
0Md2SJfCK2y+07oUVu8oG/Id6YMLMvVuu+2W2jUnAc1Crm7BfRoeFA6leu7ayVvLg8LP+mpnpXwJ
Z7FmvnSb29zGRk/P4m3LL3pHgBp+V+Kiy6apb7kPjdP0g8K+hgctDZN2nMOnnHTBSRTIPV1ytcpg
200fDqI7r7tZ8IUt39DnLj618afBgnT6+jWbzyyehe9Qvuijra8eLa1Ko2/HOeGRdRl/4nWkaSyL
htyUTFx0kewJ/BjSdlKkCf9a8lJ50d1+JJ7mk5+silxtT7JgJyxthLkM8wtOeeuTqxm/2F2uOpq2
rENxF1QKP2ROqDjyhU3ebvUdv2X8gSb1IS3zQWE5lN8tvTwrvu2/bJhp2r4wK9Wz8u3DEzqY99Bm
mJtuscUWlrQl8dxXRktgX7gSFtOOxTZvf15gBIba3ZfLyn9LZ+wA0kqvSbut+nb7lNJgZRc7KWLV
zEXjT+curNhZj90vLNr68lMY+dPmpXSG+Cor5frBD34wVi67CzcqFMe+KW3Fn4Q34XWvG/ePRmVx
MT3Csdux77vynuT30VbaVaN3UcExdu+jzafvHnsbbsgzO8LIi9WHeXjtwLW7d1r5wtJc2iVPPccB
ee6kk05Ku+ZESx/P6i7urnrvw17p9/mqiygQzsMmj6ew0VhSDNt1f2w8wmveqtBZ7TaHxhbcVZYW
HlTcUlvV7sMcz1oezLHnt+q6lK/Cs5uTPoYTFvK2bXfaW35q5XflKbpsmvqW+wrb2g8K+1oeFB3U
g23rei9fu42hz55Coe/4WjVKmHg84qgtqGwlHER3Xnez4AtL29DnLj618afBgnT6+jWbzyyehe9Q
vuijra8eLa1Ko1TfCkcYdmfHI0vntUfCiJeikXGOu2wVr8VvzUvlhZ9Z3Z3nHY+hHPXf8YjatFtc
9zPH43HnhbfxmWPotx0H7EkN+o7PSRns7IvKtVE8+53nIbjbOArf1+5tePssbPJ2a8O0jD9Kd1X1
g2ov+Tilck3T9lW2UrtQvn14cuczuOivxJOic1X5fWW0NPWFK2Ex7Vhs814pz0Pl6JUQLi6cSHw/
abdV326fUhrsSmUnBW2KNt/looJ47H5hhevLT2HkT5uX0hniq6yUi1NMrLO7cKNC0X4aPSv+JLyJ
oLvjuX+U+xm7XFRM9n7vipe/76OttKtG75Bp7L2PNt2+e+xtuCHP7AgjL8bX3GkHrt2908oXlubS
Lnnqmbn6aaedlnbtiZY+no2GjN521oe90u/zVRf0/5OcwkZjSTFo1/2xzJU0RsqPi+uLabS8bMFd
ZWnhQcUttVXtPszxrOXBEg6q61K+Cq9THDlhIW/78J9Oe7D9SCu/K0/RZdPUt9xX2NZ+UNjX8qDo
oB5sW9d7+dHQMeJVewqFvuPHhYSjMHFR7uiTylbCQXTndTcLvhgRUPHQxac2iWmwIJ2+fs3mM4tn
4TuUL/po66tHS6vSKNW3whGG3dlx49y89kgY8VI0Ms5xX/s0rjUvlZc2+Za3vGUeCeiO1G8jY8fF
HqP7meN1rvPC2xdxkdropx0H7EkNowDxgZMyjj/++Dl0tF1uCO42rsL3tXsb3j4Lm7zd2jAt44/S
XVX9oNpLPk6pXNO0fZWt1C6Ubx+e2NPEb108KTpXld9XRktTX7gSFtOOxTZvf15YBLiHY5BbTgoO
Ol4Epfe///2pEaLw5R3H15bKEXdcJMUxSsu4MmwszMUXXzxKA8ZWfCn1mXwz4GDw0be4E2bu8Y9/
fIqXK0KhgQkXnYLyE21d9LXmJXqG+jR0aIK2uNs1KdFRlMddt3PxLsP0nm9Pf/rTx8pLGPDmuFO+
W7wpE99yGqSsIzyGNPJWGOLEXW6jo1b7FJiKM8n/wAc+MKLN1iPx4grk9M2WC6E+7uhM78GEY9mV
B/X11Kc+NX2D/lkYWCX0cCQ+Ewvlha8JVs5LLXwhIzx0k1e8y3uUF5OkuDMvlQu+pl2IDupER99i
+GFRCN9QcIlnVO+K08IXxCUe+fGHYVXH2jD5Il99Uz7Wl+EDmr785S8nGjGMYEzR8eslY+Pll18+
d5Ob3GRUp7M+urkF92l4kGMYqWPL0+AEnly9wDfwtNi18CDxVR+0c4xNype89M0ayFVHhOPoPvpL
vsddCHNHHXXUqA7gJ9tWW/i9hQdb+0FhqfIN5UHL05SX+iEuY1FpbGCsOfjgg0c4vepVrxrrj+Fv
sOWPo63tkdO1/SBlauUL4VHr017hJcun4CJesmPtNFiQXu1YXFsWG76WL1rmJeRneUZpqG8WhnZM
5ll9O23MGpJJjz4EXiIN2pMtU+1za152vgAtZ5xxRjoGj/pDESt+Z8zWgjAZ/RT+sssuG9FOG487
zkbxUApQFuiL96ul97TB9773vaO2RV4I9srroosuGqVH3FrciaOxjrSpg752b7G29Tikz20Zfxa7
HxQWlI3xYNK4P03bb+kHLf4ai8QLtA3bz9qwi/0MH8LHQ+WfLhkHuu3c2JZD5a+Vf2waK+l5kBC9
zANhHEMRyVUb8D0KX95xfG3J0T5RHKO0pE1bh9yhNOIOnNEnKfXhK/gXg48cYxmLoIiXK0KhgTm8
vv30pz8d0dZFX2teomeoT18GvdDGHACjFopy5rsyZvHtzDPPHCsvYcCb4075bvGmTHzLHX02Yflj
3kbecsS58MILR0et9ikwFWeS/9nPfnZEm61H4sXTKNI3Wy7avI46BhOOZZeDl5D1RT8LuKd1Orqe
I/GZ11gX71hPeeW81MIXMsJDO3mx8UCOsT3uzEt5wde0CznqREffYvhhUQiO+Y54RvWuOC18QVzi
kR9/8CByA/RisCBffVM+1pfhA5q04IHFF8ybdPx6ydgYdyPO7bnnnqM6nfXRzS24T8ODXHUDZlxh
Y/sm8OTqBeFpsWvhQeKrPmjn6ISUL3npG89yqiPCxbvrk/6G78x74y7jUR3AT7attvB7Cw+29oN5
+YbyoOVpykv9ELdrbKA+48kfI5zQGdk6hr/Blj+OtsaIKFfbDxKvlS+UZ61Pe4WXLJ+Ci3jJlnUa
LEivdiyuLYsNL74fyhct8xLy01yH8ikN9c3C0I7JPKtvp42Bv3WMi/ASadCepnGtedn5ArScc845
SedG/b3uda8b8bu9NkVGP4X/y1/+MiKdNn7uueeO4qFTxkHfrrvumt5TT+jTxW/kdfLJJ4/ifPKT
nxylx0Mt7sTRWEfamoN2tXvCy9l6HNLntow/i90PCgvKxngwadyfpu239IPCHl9jEbyltmH7WRt2
sZ/hQ/h4qPzTJeNAt50b23Ko/LXyj03DnxcegRVnOM8VrGqA8jHSMuhJaaPdVPqOL8OalEP2m3bv
MeDIsMp3GJ3dKyg+bXh2VUphq9VJ9nv+XDLCtuSl8tX44HLXu951jP6cPvsboykDkzU42u/2GeEs
p0XGPYWLx0uNDLd6h88Anset+a3dVjZNFgNAu5Tk+mYNplI86hth41FjY/hQ5wyENfSUwso4pbzA
4rjjjhsZe3l/5JFHjvFuK1+wKEL54MO79jfPT37yk+cpgo899th54fJ4/J6WL0rtrpRP6R5alCO2
XcogZON3nRIRjyobla/2LthSnebvWnCv5UEU5nl7BA/6IGs8ER7WsNrCgxdccMEIM6VZ8m27op+x
C3FK4e079R21/N7aN7X0g7aua3jQGhJtmUvPlidLWNA32fEHzNkdKNpa+8EWvlCetf4QfopXaIzK
RPotWLSOxbXlseFr+KJ1XjJp/mP5SjuqMWrk/STjGuOP7UsxUNvytDy35jW0XBgBRReGTLvAhLKj
5GXBmMWB8Y/FO4qH4G6/82zbFb85KYeyKM5Q+ogr3Imr0zfy/OxvFBXKB39IGyG+7XOJVzv+LGY/
CH0t435L22/tB20d5H3iUjGcT+LDXP7JsaAtsOCwNDfWPAIcSrhPkn8sfivteeFF9VWbA/Vt+6T8
mfYgRSiUarGvDSfDmpRD9hvGRRyylAyrfIcf2b2CstWGZ1elFLannHLK2DcbTs8lI2xLXonIyn/g
cq973WsijaKVNpwbHPUt95nT507GPYU98MADR4ZbvcPnpLBpXGkOxWIAaJeSXPlZg6kUj/pG2Fxm
oc6tUbCVThmnlBdYcJqajL28f+QjHznGu618oYWRyqskV8ejWccMbpQrXkk0iDem5YtSuxOt1i/d
Q4vRx7ZLGYRsvK5TIrRIjbC1d8EOqfcW3Gt5EIW5XQBAWcCDPsgaT4SHNay28KA1TinNkm/bFf2M
XYhTCm/fqe+o5ffWvqmlH7T1X8OD1pBoy1x6tjxZwoK+yY4/YM5CbrnWfrCFL5RnrT+En9gQY10L
Fq1jsc239rmGL1rnJZPmP5avtKMaQ2XeTzKuMf7YvhT99rSuNa+h5cIIKIch0y4woews1GHBmMWB
8Y/FjnJsBLHfebbtit+clENZ5IbSR1zhTtxcPsvz5TeL4q0b0kaIZ/tc4teOP4vZD0Jfy7jf0vZb
+0FolMv7RBaVLAXD+SQ+zOWfHAvaAgsOS3NjzSPAoIT7JPlH2Lm/eAisOMN5yThkO00Y2ipt8k6P
sDKs5UollKfaxUoa7GxiELTp6xmDFIY4uwtFO7cUpuR3Kadr87JlrHmmcedGLRp9vI8srRKzCmSM
zzR0lMiUpSQoqoyELdHBCvhcaU8c8kHIzE8AKKUx6R0TQtGhtBFCS4Y1u9CBdMm/NAhDH4polMuT
8h/yXbyWG/JFNxNSLcCw6bXyBcp7HWWrPPBRKCAA2zz0zE6mo48+egxLDPwoYCzdpD0NX+i0BktX
6ZlV1CX82aFBPdo48CYY2varcsnXkfMoiLVrUd9m5bfgXsODCHR52TEUsatZKygtLrY/bOHBUv9p
09czmLLiUzhSb8997nPH6oiw7Di3x/VQb7bvqOH3aXiwth9UueQP5cHSQgdhlvv5ccC0R3vyhQ0P
r/Nd9OC39oMtfGHzrXkewk+Mo3matVhMMxbnedf8HsoXJRyGzEsmzX/EI7QrxkBop89Q/50vDCP8
LMe61rygFVow/PFsd9BQFoz8CDd5XdDPMKdSua0f7+9O15KwoCGPR1olQy74sKjBzuuI24I78YaM
dfnJICXesOXSc97nkl/t+LNY/eBQLChbPu7Xtv3WfhAa9YfSRTjDfyxw07dV6U/iQzveQ2fOf7R1
5huluTHzfMYrla9mLFacleovnsi+anIqGYfE//hcvWWddoHZMDKs5UollKf0M3Icdc2R1jaunjFI
YYizyjTt3FKYkt+lnK7NSzTW+vB9btSi3zj//PPTrmurQOYKEIzGKJEpC+FKZeIdYUuOfj5X2hOe
fJh3Mxef1rFD2tJF2oybJcOaXehAviw6y5Wkoo/T5lAuz8KJ13JDvuh+1rOeNVqAYfNr5QtkrHgn
+Rgu5IVhgXlLybGTifmLaMLHwM9R7ZZu0p6GL3Rag82n9MyYUMKfa+SoRxsH3gRD237zMurIeRTE
pWPs8/Atv1twr+FBdubmZcdQxK5m5o8WE55tf9jCg6X+M8+D32B65ZVXjiCj3s4777x59DBnov9V
GtQbi1zkavh9Gh6s7QdFn/yhPFha6KCy535+RDXt0Z58YcPD63y3rrUfbOELm2/N8xB+4hSF3NVi
Mc1YnOdd83soX5RwGDIvmTT/EY/QrhgDcfQZ6r/zhWGEZ7yc1VjXmhe0QguLpXi28gBlwb6BHi13
9DN2R7rKj3/AAQekzYf5DnvSIK2SIRd8WNRg53WEb8GdeEPGOjbkWFfiDVsuPed9LmnUjj+L1Q9C
2xAsKFs+7te2/dZ+EBrlOIlAOMN/LHBbCm4SH9rxHnpzzGnrzDdKc2Pm+YxXcjVjseK4v7gIrEF2
kVEnuiuuuGJimNU1QFx1GuJ9HmHjjTcOcQALm2yySVh//fUXBI7FyisqhkMUCsI666wTNt9887D2
2msvSHmUaDymM6y55pohDshhvfXWSxjq21Lwo3AS4kQg0QgWUcEY1lhjjZmRFjvUxEOxgw1x8hDi
oJV4KR6zErbYYouESV9mrXxBPYM7eW6wwQaJh/vy4Vvs2BNt8Di8vlQddFKutdZaayKd4BxXt4V4
1EyIx5OGuFNxQYvVgvtS58EWwOBb2hW8NKSelEcrvyv+UH/afrCGB4fSlIejn44GwtFr+utZjj/T
9k0jwhbhYaGxmFURFoMvamgVPVe96lUD9U37ipP51CZnPda15BVXroe44yfEnb0h3i+dxizKR789
ZG7COBCF9rDhhhumskWhrGqsYx6EA5+V4GrHH+8H59e65mnw1BAenJ/CynizWGPxUkZrpfQLSwlj
+Aq9g+TqTTfddKbzGlvWxcoLOVdyNXLdQvcbjHlWrgbDpeSQaahj5v5ggfw7a7ma9K9xjWskWTDu
ZhvJ1VtuueUgubqFB6XPYIxgfICHJznmRcy5mLsvtXqytEMn8y7qbBKdhIsLCUI8xSfE40lD3Klo
k5r5cwvuS50HW0DSmCy5elI9KY/l0g/W8KDKVuvTTzPvlaO/nrVcPU3fJLoWw19oLGZVhsXgixpa
RQ86GeRq9LqSq2c91rXkFe+zDvEO9qT7jAvzm+TquMh2JFejD64Z6yRXg89KcLXjz7TzQdX5kLG4
Fd/FbvvMmZinbbTRRgs+P27FZDHiLdZYvBhlWWl5uOF8pdWol8cRcASqEYir4kM8JSLEXXrJeK4J
XXVCHsERcAQcAUdgpgjEHXJh9913T310PHZ3psr1mRLqiTkCjsBqh4Abzle7KvcCOwKOwAQE4h3o
Ie5ADHGXXvjOd76TNmJMiOKfHQFHwBFwBBYBgXhaRthmm21CPMknxCtqXa5eBMw9C0fAEVjeCLjh
fHnXn1PvCDgCDQiwEv7ss88O8ejRtFryzW9+c2D1Hy4eoRXivXdpxVtD0h7FEXAEHAFHYEYIxGNn
w7nnnhvitS4pxSOPPDKtROZ0n8c+9rEh3uU9o5w8GUfAEXAE6hFww3k9Zh7DEXAEVhYCyNXPfOYz
Q7w+JcnVGGM49QB36qmnhhNOOMHl6pVV5V4aR8ARWIYIXHzxxeF5z3teiEekJ+rReXLqC3J1vM4q
bL311suwVE6yI+AIOAILi4AbzhcWX0/dEXAEliACHJkU79UZGcstiRzjG+8KXTHH8tqy+bMj4Ag4
AssJgXg/YzqevUTzRRddFPbaa6/SJ3/nCDgCjsCiIOCG80WB2TNxBByBJYwAcjW7y2Ust6QiV7PD
caUcy2vL5s+OgCPgCCwnBI444ohw/vnnF0nmao199tmn+M1fOgKOgCOwOiPghvPVufa97I7AaozA
ZZddlu5r534Y61h1yfFFs7xrz6bvz46AI+AIOALDEOAOyp/97GfF+65Q0i70PbHDqPRQjoAjsLoi
4Ibz1bXmvdyOgCNgEWCu9oc//GHevIx52rbbbutytQXLnx0BR8ARWAUIIFezkKl0LeV22203r/9e
BSR6lo6AI+AILDkE3HC+5KrECXIEHAFHwBFwBBwBR8ARcAQcAUfAEVjKCLjhfCnXjtPmCDgCjoAj
4Ag4Ao6AI+AIOAKOgCPgCLQh4IbzNtw8liPgCDgCjoAj4Ag4Ao6AI+AIOAKOwGqKgBvOV9OK92I7
Ao6AI+AIOAKOgCPgCDgCjoAj4AisaATccL6iq9cL5wg4Ao6AI+AIOAKOgCPgCDgCjoAjMGsE3HA+
a0Q9PUfAEXAEHAFHwBFwBBwBR8ARcAQcAUdg1SPghvNVXwdOgSPgCDgCjoAj4Ag4Ao6AI+AIOAKO
wDJCwA3ny6iynFRHwBFwBBwBR8ARcAQcAUfAEXAEHAFHYCACbjgfCJQHcwQcAUfAEXAEHAFHwBFw
BBwBR8ARcARAwA3nzgeOgCPgCDgCjoAj4Ag4Ao6AI+AIOAKOwMpDwA3nK69OiyW68sorwzve8Y6w
6aabhoMOOiistdZaxXD+cmkg8NnPfjZ873vfCze/+c3D9ttvvzSIWkZUOL8vo8pyUh0BR8ARcAQc
AUfAEViGCLjhfBlW2gxIRs5405veFDbbbLNwt7vdzeXqGWC6kEl88pOfDN/+9rfDrW51q7DDDjss
ZFYrMm3n9xVZrV4oR8ARcAQcAUfAEXAEHIEJCLjhfAJAK+UzRvPDDz88XO1qVwsYZRH03S1NBP72
t7+F/fffP3z3u98NT3va08IxxxxTRejLXvaycOGFF4ZNNtkkXHrppeEFL3jBaqckcH6vYpllHdj5
fVlX30Ti//Wvf4UnPOEJ4bLLLgsbbrhhoH8877zzwsYbbzwxbk2A73znO2lx2Re/+MUUbc011wx7
7LFH6n/Jd6U6tR/Ke5vb3CY8/OEPX6lF9XJVIkDbO+GEE8Ivf/nL1PaIfvnll4ezzjpr2c4pnN8r
mcCDT0TADecTIVqRAd785jeH+9znPuHqV796YP7gfLB0q5l5I/O5b33rW+G///u/w2Mf+9gqYl/8
4hePNh/89Kc/DYwjO+20U1Uayz2w8/tyr8Hh9Du/D8dqOYZkbv+oRz0q/OxnPwsbbbRR+Otf/xpe
+9rXzlyupr994xvfGD73uc8lmJAzb3azm6X+dyXL1Wo/lPfAAw8Mj3nMY5YjmzjNC4AAbe8Rj3hE
+PnPf57aHln84he/COeee+6ynVM4vy8Ao3iSSxIBN5wvyWqZPVGstL7LXe4yyHA+NzcXzjnnnNSR
P/nJTw7rr7/+7AnyFDsRYFC95z3vGT7xiU+E5zznOeGII47oDFv68JCHPCS8/e1vH3360Ic+FG58
4xuPfi+Hh2l5sIbflwMeTmM3AiuB37tLtzS+TNsepynFn//857RD6Mc//nFKZiEWf6EExUBYchdd
dFHYa6+9Sp+W7DtOK3n6058ejjzyyIRdH6G2/dzhDncIr3rVq3znXB9gPd9qcO9JZsl8ytueCFtq
c4r3v//9STn3lKc8JfzXf/2XyCz6q4LfVxpfFIFdjV+6wXT1rPyPfvSjYb/99htkOGcOdeaZZ6YF
gM985jNdrl5klkGuPuCAA8JHPvKR8MIXvrB6QfrBBx+cxhiR/fnPfz7c9KY31c9l4U/LgzX8viwA
cSI7EVgJ/N5ZuCXyYdr2OE0xmNvvuuuu4Uc/+lFKZiEWf2FMw0BYcujo9tlnn9KnJfuOxXEnn3xy
WnDA5qY+Z9sPuve3ve1tLlf3AdbzrQb3nmSWzKe87YmwpTaneM973hNe/epXB+ar17ve9URm0V8V
/L7S+KIIrL9ccgi44XzJVcnCEMTu5dNPPz1svvnmqRPcYIMNOjOiU7/d7W4Xfve73/nu9E6UFu6D
jFQf+9jH0u4/dgHWOOrv97//fbjf/e4XvvnNb4alpuQeUpZpebCG34fQ42GWLgIrgd+XLrr/Q9m0
7XHa8tGfsesVQXvWhnOVjT7jAQ94QHjYwx6WBFwUCv/4xz/SavHltjKenUGUY8jCq7/85S/h4x//
eDjkkEPC3e9+9/DSl740sEreXT0CNbjXp75qYvzmN79Ju1G43ueBD3xg+NKXvrSk5hTMl9jNgYA/
ZK6zKvh9JfLFquHGpZmrG86XZr0sNFUc+/3EJz4xbLnlluF5z3temCRXswCP/tR3py90zcxPX0aq
D3/4w+HYY48Nt7/97ecH6nnDPPGKK64Id7rTncLXvva1sNSU3D2kjz5Rhml4sIbfR5n6w7JEYCXw
+1IHftr2OG356M/Y9brzzjsPWvxVk5/Kxo5zFqs++tGPTnL1D37wg/D3v/89beRabnI1O/IPPfTQ
QQuvkDMYazCa3/e+9w2ve93rXK6uYSATtgZ3E21JP/76178O8Mjaa68d7nGPe6T5xFKaUzBfYuPF
+eefP2iusyr4fSXyxZJmWicuIeCGc2eEeQhwpBkrs3/1q1+54XweOsvnxYknnpiONB6iTF5qpXIe
XGo1svTpWc78vtTRXQrt8Z///Gc6SnzW4xIGcnYOsaL2M5/5TFh33XWXenVMpE9XVQwxnJMYR4/u
vvvugR3nGCDdcD4R4mKAWtyLiSzhl0u1j62la7H5faXzxRJm2UUhzQ3niwLzss6EORRH1LIA0A3n
y7cqMQBx/dlSUnIPRdN5cChSHk4ILGd+VxmWqr8U2iNyNfLvrMclDOTbb799uP71rx9YcLMS5Gpd
VTH0xBJOydtmm22S8ZxTQF2ubmuJtbi35bLqYi3VPraWrsXm95XOF6uOIz3nPgRWpOEcgeYNb3hD
0F2lDFy3utWt0t1WTBK434pVPrn7whe+EF7/+teP4rHD5q53vWvaicUut5JjlxoryTjCCkde7NZm
Bfr73ve+dOT2LW5xi8AxYYTjHhlW4nGsxbWuda0U593vfnf4yU9+kiYW0Mfqo6222ip94x/KfGhb
b7310ko9Vgzzx25i6OVIb2hlZRv3kxIOR56vec1rUpw11lgjkPY1r3nNlD6/S+7f//53oo87Wdhx
TrkoO6uP5Cx2HEHJMZnKk5WEO+64Y8KA/LnbhlWNTJrIH3zueMc7KqlmfyjuNgNo49hdjh/BWMIk
5trXvnbaZYfBwE7sqI93vetdqVxXucpVEv/QSROXcrDzkVXrXXzRwoOszGSForD805/+FO5973uH
61znOrYY856Z8GIcB2fqlYnqrW9963DGGWekXRAlwzl18973vje1E+4Oxm2xxRZplzo8b7HgWysP
EvfLX/5ywv3rX/96Ov6fd7vsskvaEclK19zV8qDit/A7cWv4glV1HGWMg07aHHc3velNb0p3v267
7bZp9xvlK7kf/vCHAT6iTuAjMN93333T8wc/+MHw8pe/PFzjGtcoRa1+V4M77ZujpLhnh7qH99RH
QSs0o+xbZ5110tFb7Ey1jvZCX0T7krv5zW8eHvSgB6X+QO9m4bfw+29/+9t0PyEYs4uYHcwIi1yJ
QF/a5T796U+HV77ylanshKFe6b9oa4wv7HTkaGDSo3+nb4QPDz/88HQUJ7wFLvi0Tf4OO+yw1MZt
v/+HP/whCa4cGQ623OlN30uaX/3qV9MpIaz+zAWvGtzVhikHffR1r3vdtLsY/mX8YFU09aX+h3C4
1vZIXMoFX7EyFH7H0UbAgD6qy8FrHOXGeAk/gjt9BWMjd7J99rOfDZtttllX9EHv6ffgCyb7D37w
g1NfTjuW23rrrVPZOcIudygF3vKWt6R2DB3/+c9/Eh/BT9ttt91YcOqIcYO2AwaMwYSDj+GNCy+8
ML3HcP34xz9+bOwfS6jiB/3I8ccfn45r56g8eBIHnXnfznv6pT333DPc//73D0cffXTiefEFK+yp
LzvuE0euhgcVp8anndEONV7f+c53Tr9pF/AHfegtb3nLmeNOntQx8yzmAOTPPIE+nzxLrhZ30qgZ
f2yeCz0HsnnpucZA3TIHUj5Dffom6oV2w8p42tnee+894nfSKfFtK7/TjuiXPxKP+6UPUp/GqUBc
qWPn7bYMLXxh4096bhl/bJqt85KFbvuWxqX8vDoYzpk/MBeC73GMcxxXyryedvCiF72o2NYI/4pX
vGIUj7kGcg1jbmlsJW0U7bQZ5ms48mLehbzFvInTtJg/0B4JxzjAnJUTMRi3ccw7kPOYzzDnI45k
br4jN1MmriLDgIFMxx+7iSnnxRdfnOZF97rXvZKsp3kReTJP05yOtEmX+XKfXA19pM+O86985Sup
7F1yNfMfyqlr0qDvRje6UcKA/FncxtxFZQMf5LZp3VDcbT7ggKwM3t///vcTZsyJmU8yVtr5xiWX
XJLGVMq1ySabJP5hbohRARyRhU466aROvmjhQfgTXYywvPLKK9M8h/lvn0MWQp4BZ+oVIxC6ndNO
Oy08+9nPLhrOqZt3vvOdiX+Yp+LgWfgSnrdY8K2VB4mLToi84CXJ8FzJxr3Fu+22G0HGHGNlDQ8q
cgu/E7eGL5CrOekIR360uU996lNJf0U93OAGN0gyEXPkkoPv0HVRz/ARmDMm0y+h50B+Zd49C1eD
O+0bXST1Q1uF99RHQSs0M7+EL5iv3+c+9xkjkfZC30n7kmOuy2lS9AezdC38Tl+GzATG4I7OELmf
vpa+rstxwtVLXvKSVHbCwLf0XzrlEvn3enEhM3I25ZdcjX6Tdgxv8V59MO2T+RcY236feRE7qjky
nP7o1FNPTWMKYwYnJ3FKyCMf+ch5cnUN7mrDlIM6Qf+GYRX+ZaxDdqK+NH4QDtfaHolLueArygHu
ONoIGNz2trdNv0v/0DEyd6W9QQ/tiT/iMJebxYKuSy+9NLCblrGXPo8x3uqF0GdS9pKeC30y4wFt
gzkV8ip8BD9RPuuoI+qatgMGjMGEg4/hDRar8h49zymnnDI29tt0ap65gxoe5MoV2it9Fa5LrqZf
gm7mOscdd1ziefEFu/Cpr5J8Qpo1PEj4Wod8z6mmyE+MhehWaJfI28ynsGEwv5s17uSBXot5FnMA
8meeQJ9PniVXiztp1Iw/Ns+FngPZvPRcY6BumQMpn6G+5Gr6Rub18Ak2NPE76ZT4tpXfSZe5Pn/o
/dSnYYeCBjtvt2Vo4Qsbf9Jzy/hj02ydlyx027c0+nMDAnFiN8jFCc3ccviLd3Jj4e38ixPquTig
j5UlDrRzcTLbGYf04sR7LA5YxN1cvXGIRxjCRiFqjrxFW5ywpfdxUjf2nu9x0jDKKwptc1EAGMXj
e7y7dC4O3GPvlK6NGwWqeWGiUnEuTmpG6ds6jfdDzguvdK0fO9FR/Ljyel6cHXbYIeWRl5k09M3m
W/tcg7vSjoPNXJyIz6NV5aJuCKPwpXIprHzixIneKI7itvAgcePkeh59cSCZl77ywY8Cwbw4ok9+
NHyOpREVCake9D33KVc0uo7iTMODUTDspS8qTEb5UJ4WHhQetfxOvFq+iJPe3vIIS9sORd9b3/rW
iXFL8RS/xq/FvdRWowAzF5WB82iGP2wfGhdozAsjHPDpr+ChGvq7wrbwezRO9tJ3t7vdbe7HP/7x
GH1R+JuLgnZvPMqmtpXzhd7DXxYLYUe/39cf2Th6jkLyGI01uJfasNK1fjQMzsUd3aN8pmmPUZky
VnabD8/gDt/ZumYsjobb3njC0MarfQaPeFRnbz7QGI9hHaOPeLzLy2J/g1lUKI3iRSXKWPi4MCLN
J2wcPdNWasui8PTrYKO0uvxotB+jj/jRyNkbD5pL84YaHhSdtT55d5XFvo/G0zEaW3GnL5jEG/Qp
Ksc0uNeOP8pzMeZAysv6mqOof7Pf7HPrHMimMek5Gg0G8YXm2ja9Vn4/6qijOvOMiyvm4AXlMw1f
KI2hfu34Y9NtnZcsRtu3dC7l50FC9DIO9IxnPKOT7+mDo3I88b0tYjT2zsXFfr3xmO/mLu+3bR+v
Z8LgoiEw5a330RiT3kfF79h7vseFUOkb/6Kiey4q5cZoQ6buml/auFGpNRaPtKNScS4q/0bp24d4
P+S88KLX+sgvctEwPy/ODW94w5RHXmbS0DfFb/FrcFf6Uck8Fw1F82hVueALwsiVyqWw8onDHDR3
LTxIGtGQPI++aDTIkx/7HRdOzIsj+uQzhljHXJZ60Pfcp1zITXLT8GA0CnXmQ76Mz9a18KDi1/I7
8Wr54hvf+EZveYQl41zuPvCBD0yMa9tvHr/mdy3upbbKvCUaU+fRnPeh55xzzrwwwgGf/goemoVr
4fe4sKeXvrgIYC4aeMfIi5uG5uJ1WL3xKJvaVs4Xeg9/WSyEHf1+X39k4+gZ3a51NbiX2rDStX40
DM7FRRyjbKZpj9FQP1Z2mw/P4A7fWcdYHA23vfGEoY1X+wwe8SqL3nygETnXOuLxLi+L/Q1m0aA3
inbBBReMhUdfw3zCxtHzWWedNYpX+0C/DjZKq8uPRvsx+sgH/XBXeN5Dc2neUMODteVR+CH6LWhE
n2FpbMU9bqKYyBv0KXLT4F47/ijPxZgDKS/ra46i/s1+s8+tcyCbxqTnuGC0l2fFz3Gh27ykWvk9
LhzozBO5Op4QN8prGr4YJTLwoXb8scm2zksWo+1bOv25HgF2Eg9yS1lpIdoQSqQ4jiua5i6//PIk
gDHZjisBU8MsKd3VadEhMHjHVXlJoY/woXh8o1NTXuedd96ooZNm3FmdvsfdqCMaiCPDOfGgI+7Y
SfHy93HX2ehbrpSMK1LnMEIorjou/Lh7Pinh4yrUOToYSyN5khZpxxXqKV+U0Fapr/LgtxhJwByD
jmgiffBTunH12shAFFdrz8XdB6NvClPjt+Bu+QI6Ed55F3fZjNFueQPlOQpFa9yCNzAo2/LmSlmb
Vw0PgkFcnTSHYMbkT4r7nBcsVlYJEVdkpXLBf/CC6gPfpoHBTjwNv5DGJVERRHkxlCoe5Y6rpEd1
1cqDcVVsShMjWVw1nXBHaQEvkBeGOmuQaeFBi0kNv9u6gpYhfIFChzxEP/EQBGnb1Jv4BeOUNRbz
fNBBB6UyU8a4ujeVG1ztoh1bV7Zctc+1uJM+ygX6Cls2yke7gK/Ah2fLG7wnjHCgfcNjcTfo2EKQ
3OhbWx7Ct/C7nbzQRuLK54Q9uMfV5yPaLR9SV1a4jyvhU91i5HrWs541ikOZVV+0FRa5CDu9h274
QrjaPoa+JK5aHqVH+7MLHggL/XGHSwpjDZ4tuNMvxxWao/xo/6SDwvbkk08evbcLo1rbY9yVMUrv
Jje5ScKdyW/cqT0Xd+uMvqFYVzvBf+hDHzr6xljCuPr//t//GxtTLYYtfKQ48BOGMGuoZ5HaCSec
kJQMcUV46rMUHp/xVvxOnwa/Uy586kff7PhOW4fvLPYKF08sSH2+DJJxpfyoz7X5DnmexlDHvEE0
gS+GYfjC8id9nKWjhQdt/KHP9NOPe9zjRvRBJzSyuA3eYDGeaKfulG4L7rafJs24UyHNZxgfacc2
L7XxVtxbxh/KtlhzIOFoffGpym6/6dmWq3YOpDSG+EMMvtRhPkcj7RZ+Jx7tlTQR9GkPzJ3gC/iR
98wRRXsrXyh+jd8y/pC+5feaeclitf0aDFZl2EFC9DINBK5SHDOHj7tBkhGAOdSuu+6a+L6kdLd9
NkYe5oUo9Gl7ikebQdkmZ+c/pMm8ie9xZ9mIBuLIcE48lFtPfepTEx32PfTF3U2jb+RrHW0GI4Ti
kq7+4i6b1K7322+/JFdbGkmDtEibhb/EQQltlfo2nxYjCZhj0BE9pA9+csyjZCCKO/Hn4k5BfWry
W3C3fAGdzNV4R59iabe8gfKcOa1oJx5GDcYMG0cLIFQYm1cNDxIf+TKe5JbkGxl1cl5QPviUQ7jH
E+nSb/gPXtB7fJsGBjvxNPNq0oi7lZLh0C7wotxxt+cou1YejCerJFowksUdpAn3eALNHLwAbRjq
rLGjhQdHRMaHGn63dQUtQ/gCoyJ5iH7iMf+mDTPOil8wTmFkk+OZeTjhKeMf//jHVG5wtYt2bF0p
botfizt5IHfRV9iyQS/tAr4CH54tb/CeMMKB9g2PMQ+1+src6NtSphZ+R94RfbSRuEswYQ/uVr6z
fEhdWfku7jBNdYuR6/nPf/4oPdJVfdFW0BcJO72nnOgrhKvtY+hLrDxL+7MLHggL/Vr4Zw2eLbjT
L0u/Cu20f9K5JM4Nn/a0p43KZRdGtbZHdITCPZ4QlnCPpxgkna7d7BN3aY7aCbjHU8dG8RhLGFeZ
w4GF0rMYtvCR4qB7Yn5sDfUsUnvSk540F08TSfI2fZZ1jLeigz4Nfqdc+NSPvtnxnbYO31nsFS6e
WJD6fLWVeHKYza7qeRpDnTUkgi+GYfjC8ifzF+taeNDGH/pMP50vcIZG9CLwhl0ERt3JteBu+2nq
CD0a7Yb5AP27zUttvBX3lvGHsi3WHEg4Wl98qrLbb3q25aqdAymNIb7Vmao9lfx8jkbaLfxOPNor
ebD5gfbA3Am+UP9kF7608gX51LqW8Yc8LL/XzEsWq+3X4uDhxxFYUYZz7e5DicUEk45GfxjRMUZi
9EHRrfdMZtQpMAnVe/nEQ/FPGCn5SVsGMpT7doce8ZgI6rtVoPNNnXP+3n7rUkoqLrSQPh2M6MTP
6bDfKAcG0z7DOeERMikfCmJwpCy8I2392XT1LIVqvmNRaUFzV7mUxiS/FXcZyJjQMjDl+Vgjj1V8
CjNozw0amvhiYENRoDRbeFBxra+67sKMAUrKWoSRvO4pB3TnuCtd4qLYtXnybNtDydip+KQ7lAe1
UINdvCxWYFcpRkPSgA4EHUtHKw/aNFR3ffzeyhfkI35HQLD1j/FU2Nh+hsFeRpdSnWoCy2TBlmOa
51rclZfKRjngLepL36gbPTPx1SIMJj56b30ZGuAVhGr7rea5hd8pvxaRxOO6xvp95W2FLpQivEeo
o+z8lfppu5M6r0thl78nXb7l/K72hNGCMPAShnryjkfgpXdqkzLuT4O70sr7QvLVwg5Wkgof/Jb2
KBwYc2mLNj2eVW7KqT7ZTtjZ+WXj0HdoMVGOoQ3X8qy+goUV5NOVBmOh+CJv98QBQwlA0AjP2rSE
PWmAf7ziZOy7bWc2Xs0zdQUdMq6KfzV2x+Phx/JU2tQBdEG3PW3EtiEMhAo/DQ8qjRrfYseYa7Gi
vPYUgHgE44hO8rBxJ+GOQKo6xuib00g/rvmgneu04N4y/iz2HCgvv9p1qX9T2FnNgZRenw9fU/9S
yIpHZ83vOQ3qE1GCkb8WqqmPVvgWvlDcFr+vfkrjT8u8ZLHbfgsOix1nXKxeWb807qHEQtFpHUZ0
jJEYfVB0y9Eu1I/SJnNHPBT/hJGSn7RlIEO5b3foEZ8+X9+tAp1vMozk7+23LqWk4kIL6TMHsC6n
w36jHBhM+wznhMeIye5LFMTgSFl4R9r6s+nqWfOJfMciWEnZ3FUupTHJb8VdBjLGVOY6ubNGHhZO
yAkz8M4NGixy4j39OcpHuRYeVFzrq667MGPckLIWY1Ne95QD+vizaShd4iL35c62h5KxU/FJdygP
aqEGu3gZg9hViixNGtBBH2hdKw/aNFR3ffzeyhfkI35HgW7rH+OpsLH9DAtx+tqBduhhgJ+Vq8Vd
+apslAPeor7k7CIHuwiDOWLJydAAr9iFGKWwfe9a+J3yaxFJPJZ9rN9XXlpQRFlZiI1jXs5v/kr9
tN1JbdsWcYVd/l7fcn5Xe0JPh4OXMNSTN/I7Tm1Sxv1pcFdaeV9oDSjIE9a1tEfhwJhLW8ydyk05
1SfbRQ6cLGAdfYcWE+UY2nAtz+orWFhBPl2OsVB8kbd74oChFuFBIzxrnbAnDfBH/rDOtjP7vuaZ
uoIO6S3Evxq747HgxeSoA+iCbvpmOduG7GkY0/Cg0q7xLXYsVLJYUV6rR0Z3a52NOwl3q1NDxs4d
/bjmg3au04J7y/iz2HOgvPxq16X+TWFnNQdSen0+fE39a8GNeHTW/J7TQH1TFxjOyV8L1dRHK3wL
Xyhui99XP3zL+86Weclit/0WHDzO/yCwogznKIFksKYjZycZiuPnPve5aTctR1DkxpsLzHEvTLJY
bYXhQH8YTGV8kVJMikHyiPd0zFOuIrDIuMKOKKvEUX5SaJe+dSklFRcjEIOWjTvpWcquPkOi0lDY
GgMFO8s1+bHHb0twGZKv8u/yW3BHoIz3tibaZJwqpa+dhKpjwlgcUFjbeKLFhud7Cw/adPWsuu7i
BQYy8KaOUFAonnyMQTe72c1SGJuGFKvEZVWh+Bw/3hE6truzj0eH8iC0nRJ37Yk3cr+Lxyz2TDhV
rqG+4nfx3TR8AQ3C0e7O5b0U0Xm5bH5ggPGHVZf0TWCPEY2J0dDyTQrXirstG8ZBGd9L+THJU33S
xnJ+ou8UTjkepfT63rXwuzUysdK3lD71IoOxFs3I6BjvjSwafUlHCrR8oYPKa9uc8uVbjoPaud0V
qTQYr4grnOlrqA/9Bvta3BW31C5U7lK7V3vK6VfZrK+w0Icxmp30tp+BL6xAJqyUP7RhcLJp8sxC
MdIcQkMet+83bZYFIJPSZXW78s+N4kqfvkpzEBnx9E3YM29ASaT3C+GLr0p1WcpPtNlTDRTu9NNP
T+W2aSl8Cw8q3Rpf+VFHJewZ72TQZveCTVtxh+COQoQycaUNChqbjp61OKrEL0Nxt+NBzbxE846a
uWdrXiqv9dU3qc3ab3qe1RxI6Q3xh9Bl0xFPDOV3xUWBLyM9fJL/lfpV4g7lC+XT6vfhwLecZy1v
UJYh8xJhR/ja8ae1XEs93kpWKKAEksGafufYY49Nhg/Ga3bzIfvlxhsW/altMLdhYQmGA/1hMJXx
RUoxKQbJg9NCSk7GFeaa1ik/KbRL3+DbklNcjEAo7GqclF19hkSlp7C5kk3fSz47y4Ujfa4ccgPv
h+SrOF1+C+4oNeO9rYkGGadK6WsnoeqYMBYHlKTWiRYbnu8tPGjT1bPquosX2B0MrtQRc9DcYQy6
xS1ukcLYNKRYJS67hsTn+JzeA7+SJt/7eHQoD0JbfvoVaeuvi8cs9vSptU7xu/huGr6AFuHIYkfr
pIjOy2Xzo+wYf9i9TN8E9syXMMzNyrXiTv4qG8ZBGd9LdMnYRnloYzk/0XcqrRyPUnp971r43RqZ
PvrRjxaTp150EoB2C8roGO9MLhp9SUhXZeS7cFVe2+aUMd9yHNTO7a5IpcF4hRPO9DXUh3634K64
pXahcpfavdpTTr/KZn2FhT6M0Yy9tp+BL8Ca7/wJK+UPbRiccsdCMcIPoSGP2/ebNsuisknpsoFH
+edGcaVPX6U5iIx4+ibsJRPp/UL44qtSXZbyE232VAOFO/vss1O5bVoKDx4L3fahQ/lRRyXsGe9k
0EZvY53iDsFd8g9X2uSL0ZSmFkeV+GUo7nY8qJmXaN5RM/dszUvltb76JrVZ+03Ps5oDKb0h/hC6
bDriiaH8rricliMjPbyf/5X6VeIO5Qvl0+r34cC3nGctb1CWIfMSYbdYbb8VC483N7eiDOcMrnYH
Yd74+J3vPFSHXgqbv9P94HRufMMogIBfo9RRflYJrfj61qWU1HdrZFHcSb6MGV2KPRtfYXMlmw1T
etbuUimdMSKQBljJCFSKN/RdC+4yZE6igckLYVAcyljYh4NokTHLlqGWB21cPauuu3hBx1azi7lk
ZCKdkhK1T+lL+e0fx0yJHvmiawgPWiMS6cILHI1873vfe5RPF4/1YS9a+nzF7+L3afiCfEvY8l75
lsqFEK/2YHHWM98QCvrKNeTbNLjbsuWLAvK81QZEf59fwiNPr+93C7/LyNSXN4YD7fCWwU08bvuC
Ptrsty6+IEzJcKG87HiQpyGc1dfodx/e+paXXXGVlqW9RIu+9/G1wsgnrE5XEB19vgzM6ps4fUFp
Wb+GBhtv0vPQdK1hX2NEnrY1GnKMoP0u7DHWwXf226yf++qylJdoG8oXCt9Xr/qW82Ap/0nvlF8f
dmo3ti2R7pC4hLNGxL7xTcYbFkjk87+huLeOPypLzdyzNa9SnQjjrnmJ4sxiDqS0hvhD6VJawnEo
vxPP7pqAt/fdd9+0OFcnYfCulB5xh/KF6Gv1+3DgW6kt1s5LhJ3ad59fyq+1bEs53kpXJtgdhKX6
znceSqFVCpu/0/3gUhxhFOA40Bqn/KwSWvH1Db4tOX23RpZSuNI7GTO6FHs2jsLmSjYbpvSs3aVS
OtMOSAMcZQQqxRv6rgV3GTIn0aB+D8WhjIV9OIgWGbNsGWp50MbVs+q6ixd0bDW7mEtGJtIpKVH7
lL45v7NIP3eiawgPUv8yIpE2vMAiZ20Q0DvC5a4P+zxs6bfid/H7NHxBfiVsea98S20Ho4faQ461
sMBAPK2bBnfyVtnyRQE5XWoDpbLk70p45On1/W7hdxmZ+vLGcKAd3jK4icdtX9BHm/0m7Ertlm85
LcrLjgd5GsJZfY1+5xiXfuf5Ka7SsrSXaNH3Pr5WGPmE1ekKJZrydzIwq29iE1PJ1dBQit/1bmi6
1rCvMSJP0xoNuQbQOmGPsQ6+W0jXV5elfEXbUL5Q+LwuS79zHizlP+md8uvDTu3GtiXSHRKXcNaI
2De+sQmRcjK25fO/obi3jj8qS83cszUvMMmdMC71bzbsLOZANr1Jz0PpUjrCcSi/E8+eREL9c10i
i3N1EgbvSukRdyhfEHYa14cD30ptsXZeIuxKbT1/V8pvmvJ53DoE1iB4rJSJLq7EnhhmKQSIxzgF
/uJxoyEqNUPstEMcwEO84yrEI2sSiVGxGo444oj0HDuiECdyISp4QlwVHNZcc83OYmy11VZh6623
DvHIkhBXYaU4pLnZZpt1xsk/xKN0wuGHHx4sDU9lKc0AAEAASURBVAoTDTch3iUSolIy3PjGN9br
kd8XdxSo4yEewRIOOOCAsP3224e4+6+3nAobV6AlzIaWLx5RFnbfffdEQdyVFeL9NCEewxeisjtE
o0Nvnh1kj71uwR32Bu+4OjPEHdXhHve4x1ia+iE+iIrPxAdrrbVW6MNBtBA+KonHylbLg6LB+qrr
Ll6IJxqEQw89NMRd5SEefRPWXnttG50FMSF26CHu9hzjp3jkUcIhKnsTr1HGkltjjTXCtttuO4+3
RVeJf/N0FJa2FQe4EFefjoLEiVGI9x6FKIwWeawP+1EiPQ+K38Xv0/AF2Z544omJp/P6Ub6lthOP
cwqUOwrxIe4IT/xFWnF1dYgCLI+hxE/pQ8W/aXAnm66y5STEgT5EhWl6HY8AC9GYk/rbPBy/40rO
EFeaB/iqxbXwezwaM8RJWIg7z0NczRriDvJi1moT4mnh11IXXdgxDsW77EOcGI/xu/JS3hCYp5H3
NXEXUjPueVp2vCvRIsD6+Fph5Mdj2UK86z3EVaSpj+E5rlzW5zF/3XXXDTvttFNYZ511QrxrNESD
ZYg7MhIGYwHjD6Xb1Wfk4Yf+Hlq2OMFP5YoG0xB3n4cNNthgXhaktf/++6ey531DH/bzEpryheoS
PA877LCJqfXRprQsjy5m24d40TdkvLN02rhD2nNcoBPiPekhXssT4o6uYn+lsjOu5fM/YTUJ99bx
h76sdu7ZmhdzoNzlfVP+Xb9nMQdSWkN80RUXaIbddtttYhTxU4knVIc5H2mciDupQlRCBuQBuSgk
h7gTsXP8VpqT+ELptfrCIe97usYf8qmdl4j/ibvQ4z55LAd31atedTmQ2Uwj7Zm5K/OXuDBzJFfH
RW9pLCThqFgNxxxzTMqD+X40roWo4Alxx2Qo9SUihnnjda5znTQnZo5IHGTHGkzj8dch3o06RoPS
jzu7wvHHH59ojwvn9Xrk98UdBep4YLxnTNpxxx1D3P03JgfmURQ2XpdSVT76/G222SYlxzw2Hjud
ZNqo7A7R6NCbZ05D6TeySC3ujCngHXc5hrijOhx88MGlpJPcBx9ExeeID/pwEC2ERya389NaHiwR
pLqGj0u8gJ6A/p2+PC6UKsrV6IviNWZj/ATfo7+Jyt4QT+gZyXY5Dcg/yKQ5b4su24byuPqtsLST
iy66aExXRBuNGxdCXNhZ5LE+7JV+n6/4Xfw+DV+Qb1wAEOJdzWPY8l75ltoO41fcBR3iztVUZvR9
uGhgS7oZnkv8xPsaNw3u5NNVtpwG+j5kItxb3/rWEI05nXL1JptskvqeVrm6hd/RBdN2GAeQ8eg7
Sk5tQjwt/Frqogs75jXoF6OReIzflZfyhr48jbyvYV7Tinuelu23SrQIrz6+Vhj5yL977bVX0h/R
x8R733vl6p133jnJ1cwJ4/HVIZ5slWRspSdf6Xb1GQpX6w8tG30x5YoG06QL65Kr99hjj1T2vO/u
w76W5knhVZfRADyyIfTF6aNNaVkeXcy2D92ib8h4Z+m0cYe053iSRIgLOJI9IJ4IUpSrVfbS/E9Y
TcK9dfyhL1vMOVDOM3nflH/X71nMgZTWEF90xQWaIZ7oNzGK+KnEE6rDnI80TjCfjCcpJT2yMkI3
vssuu3SO30pzEl8ovVZfOOR9T9f4Qz618xLxP3EXetwnD3dTIBA7mkGO1ZZL/U93WXIfSolW7YiO
CrHRd91pyc4IVoiU4vGO42zYmcaz8omwz2mXYh6Pe7NZicKR7fabVmBbGvjODjYdCR+VXmNxFL8r
rr73+dpV17UD18bVDqUuTNjhzLEuNo6ehTHY6G/SzlXFneS34q5dOBy9XLrjFWx0zKvusYcWYQYO
cWAdK2/sQFP5cjxFYw0Plsqtuu7iBeUPxqxCy9PQscJ8t2noXlV2SXXVIWlFZU3xu+jK+TfPn9/a
QRoHnXn06T7jErbEnYYHia+6y+vH0tnKF6ShuBZbm29eLuhhFy48WMJdq26jIr/zBAFLe9/zNLj3
lS3Pk/6ScnbxoMLT5ux973pf47fwuzCHvhIPkr/aK2GiMizxqe6r5V2+a1g0c/cOK7k5Uk7v8MUX
+f3VcUKZsMr5otSelIZ4S2UXL0+De56Wpb1Ei77XtEc7lvUdQ03a9DPKQ/mDEce36b18rj2hTnIM
9b3VV18xKV3GdPLnj+PnS/mpHROGo8dsmD7sbbhZPAvLuBBvjAalnd/l3keb0rJ9/jQ8KBpqfNEH
ruxgyePq+HS+c7Sl/a64aj/2W/6ssnJkm73r3YbTHCcuoOi8+mcI7mrnNfMS21/VzD1b8rJl1rPS
Ud+k99YXjdPOgWyak5415pXmQsTluFabRh9PiAcsv6v/g7+iUDuWFunqqp8uHlOaQ/jC0ln7rPoZ
Ov5ojKyZlyx226/FYFWEHyREL9NAl8RrweB7ToIpOe2Ijgqx0WedzhCVoL1HJUelfdpNSkTloz5+
lJh5YB5Fv8KpH9Z17TxhB5uOhKfNl1xX3FLY/J121XXtwLXhtUOpCxN2OHcdYyqMwUZ/9LOzcK24
axdOVDjPRSXhPFLARse86h57AgkzcKCtWheNV6l8OZ6isYYHbbp6Vl138YLyB2PGuNzpWGG+2zR0
ryq7pLrqkLQ45rr0XXTZNpTnrd/aQcqR37nTfcYlbAk7DQ8SX3WX1w/f5Fr5gviKa7HlvfLNy8V7
duHCgyVc44K1xE9Rkd95ggDpD3HT4E76XWXL82auQjm7eFDhaXPRkKKfTX4Lvwtz6CvxIISovRIm
GjcSbbqvlnf5rmERj64wLnJK+la9wxd2nI5jHbpIsMr5otSelIZ4S2UXL0+De56WpbFEi77XtEc7
lvUdQ03acdOAshjtygQj9DC54xoJ6iTHMA9X+7urzebpMKaTP38cP19yaseE4Vhn6/qwt+Fm8ay6
5PqykmM+Y10fbUrL9vnT8KDNd+iz6ANXjvrPnY5P5zsytnWKq/Zjv+XPKityNbr0ktMchx3nXVf/
DMFd7bxmXmL7K52QkdNYmnu25JWny2+lo76pFEY0TjsHKqXd9U5jXmkuRJy4OGYsah9PiAcsv6v/
g7+wCeQOHQffunhMaQ7hizztmt+qn6Hjj8bImnnJYrf9mvJ72HEEVtRR7XQ6NDL+aHDWQIWiWEcq
dinEUITSMKR4weBDh4EyjDR1VDvfpTzlPXcqoYDiPYYAHenKt/zYWR05jJJe95wSh8ki4fljgika
8KGDsui+cO6H5TfKPP5KxmDiUWaFiTtskuEOw5x9L7ptfva+UPLCEMIElSM1dF81irZSXCtYUhaO
ViW+TX+a5xbcpcSBHu5dYuIlGjjCCxqFvTXyMwjAEyVDDkfPEwc86fCUXgsPEhd8VVfUrYxE8AL1
q2/Khzxl7IcO+Ir64D3KY5UH3/KTpY+jqCmj0iQPju7SMcu2nbTwoO4xjjtORwZGJk0c1yP6SthC
TwsPWr4ewu+tfEH96Hhviy10gyf45eWiboQrym1rMCSesJqF4Vxp1eIOftDJEbTiG8t7peOlpahn
QszE24ahv0CwJi3wyBefiO+G+K38Tt8sXsOIe9lll434HaM47ZvvHH0s+sCAO69FN4ufVC76DttX
xx0fo/Qohww4jDXqZ+gTqQulZ43Ctk9XHsJUvKU2a/sahanFXQtWbFrCX/fLwT+iRd9q26MMRZT5
jDPOGMOdNqL7vfiOQEY+MrgJJ2ilrdFWdKenvlkMRWOtrz6XerJt1vYjNk0wiTurRvyEwsHihDEd
+viz4x75wFMcSc83sLd58M3mM4tnLf6g3ckADI4YlQ866KBEhzX+d41n0GL5wtLWyoM2jaHPagPC
F57CgEfdxRN0RrjTnnV8egvu9AHqE8BOczTopM7iqQijvOLu4Xn1VoN76/izmHMgyq25B3wq3uma
lxDe1tXQefhQPugKJ0yY30Ev4eAN5uLUZ74Qopbf7WIgxjSN33H35xzjivhSbTuns4Yv8rg1v2vH
H+q0ZV6ymG2/pvyrKuy4WL2yfjFei79RKloDFYpiHanYpRBDEUpfLYfBhz4CZRjp6qh2vkt5yvt4
QtjIqI7B0S5Ky4+d1ZHDKP858hNHnJNPPnlEO7KdddBBWTS34H5YfqPM469kDCY+ZVYYxn8Mdxjm
7HsUZ7mz94WSF4YQjOXIKrqvGkVbKS59muoAv3SHZJ5fze8W3O0Rm3G3UJLZlCf9CjSKZmvkZ04H
T1BXlMs6jp4nDnhapWwLD5Iu+KquqFsZieAF6lffRAN5ytgPHfAV9cF7dEEqD77lJ0sffTBllCOP
Cy+8cHTMsm0nLTyoe4zjjtM0JyEf+j07/yxhS7gWHrR8PYTfW/mC+tHx3hZb6AZP2lleLimoqQ+U
27R5684888wRP3UdvW/D9z234g5+0MkRtOIby3tx19q8bKWoZ97CIjgbhv5Ccw7woO5bXSu/0zer
LWDEtYYujOK0b75z9LHoAwPuvOY9dDO3VrmQL21fzcYP62TAYawhLA4jMG1A6dm+xPbpykOYirfU
Zm1fozC1uGvBik1L9MdTeRKN8KJo0bfa9ihDEWU+55xzxnCnjZx77rkpL75j9MTJ4CacoJW2Rlux
uuq8bYnGWl99LvWkNktd2X7Epgkm8VS0Ed3IqBYnjOnQzp8d98gHnuJIer4NGYNtvi3PyD3CEVkR
B47oMJA9+GaN/13jGfEsX/BbrpUHFb/GVxuAbv7gKXRt1F08QSe94z3tOZ5mkpJuwZ0+QH0CfKY5
GgnCF+iaRQP64dzV4N46/izmHIjyae4BD4t3uuYlhLd1NXQeTrxpnDBhfge9OHiDuTj1ST+pdsC3
Wn63i4EY0zR+o6dlXBFPqG2Th3U1fGHj1T7Xjj/UKX0f9NOeVS7l2zUvWcy2L1rcr0dgxRrOYVga
NQqeo48+etQAeZ/vBJMxQY0UowkKMP2Wj8KMAYA/FGcyruh7PCJyLA6KVxQEioOfG5YVN/fJH2Xd
kPDW6KO8rPIyTzv/XdpViXCXh7O/dY+58rN+PBpoFLeUtg1b+9yKuzoqlYG6yuuLXUOiR4pOhcdn
QOe7lLT2m8qZ4z6UB6WItGmWnu29y1bxXgrLOylFrSFHu6MUB4FOhj29w2fiRHlbeXAIfcpP/C78
8Wt4MMdd6ZZ81RV51PKFNe4pbeqEtKxiT9+0KxChTnWhbyzIOe6440aGGt5jBLIYtDy34M4uOtHV
5VseEl1M5mRoIh78Trno+2w68TjLMeOp4tf4Q8oljEUrwqQ1dkJTqe3rnm3RY09sUDnyMmEcp14V
B18KXMXp8hEU8jZP+vRvRx111Ag7BBnb/gjDRLUF91K/9alPfSpNhPOxjDFFBkiVr6Y9MnbluCMc
xCP+RmUDG/gFQUd5yEjbhRvvVQ8lw6XSGeLTbvvy4RuKCptWCXf4STQRB+wwFBAPIcMucOrKD4HJ
5jPtM3xk26Xahc1fu3NzvqBOMLZDe84XpKnFJyUsFqrtD+3fMYhOizuKSosTGORzBcpJ35LXUw3u
xK0df4izWHMg8rrgggvGsLC42GfbFvO6GjoHyrGs+Y0S1tJj2yPv+c0iSdJs5Xcpzm0+Xc920SF5
1vJFTdlt2Jrxh3it85LFbPu2fEv1uV70Xj4xqGvL57RnFDzMXe17FqpYJ2OCwmA0QQGm3/JRmMmh
YJJxRd/z8RPFKzRZBx8rfJ9P/ijrhoS3Rh/llWPRl1dpV+Wk/lT3mCs/69tFW6W0bdja51bc8/ka
dZXXFzKQnBSdFjcMvjgpae03lTPHfSgPShFp0yw923uXreK9FJZ3UopaQw7ltOHjVWQjw559zymH
uFYeHEKf8hO/pwz/918ND+a4K92Sr7oim1q+sMY9pc0CBJzdbapv2hWIMl91oW8syDnppJNGhhre
o8uY1rXgnusWRaP1LQ+JRuaWMjQRFn6nXPR9Nm48YnnMeKr4Nf6Qcglj0Yrh1Ro7oanU9nXPtuix
sqzKkZcJ47iMNIrHwhOF7/ORUfM2T/r0b5w6p7icLocxV78Jw9yiBfdSv8WCSozi+VhWukO5pj0y
duW4Y9SKV+aNykKZ4BcWWMjJSKvylnzVQ8lwqXSG+Fq8WcpD79iMYF0Jd/hJNBEP7DDq4uyCA6VZ
8u2CLZtf6zN8ZNul2oXNW7tzc76gTtDdlPiCNLX4pITFQrX9of07BlHcNLizKdHiRNvI5wqUk74l
dzW4E7d2/CHOYs2ByMsugLGY5M+2LeZ1NXQORH6tTvfOiy7bHnnHbxZJ4lr5XZsElUefT/9uXS1f
2Lg1zzXjD+m2zksWs+3XlN/DjiOwogzn1qiVKzppjBgItbstV8CgKD7kkEPGOnY14GOPPTatLs7j
MIhrpbjC4tOhYZxEWZbH4TeThlyxh+LRKuZkILXHIpaU3+SHMjs3clgsLG35M7Si6MzpZGXxaaed
Ng8PdtqinEOpnsfRb62GpQx2R56+T+u34h7vuR8dh29xKPFFyZAoQ7J20SoN6hLhg3JZ3Gt4ME9T
aec+k3+LKccH64h/hYUeBuZ4d8io/jiC3u78ZyAo8RNx2c2BgKN6auVB4sf770Y0iD4MaEyibJnF
78oTv4YHLe7Kp+SX+L2GL8Alb7s6Bry02EI8A8/KCFXiC9Lk1ABbtxaL2uda3HVlBZiV6ON9zkOi
ib4HRUUJbwzYtCXLe4rX4rfyO4qWvN6gN947PoeQW6KFiWpu3BY+LJLoKhPGbosF+cIH5KX3TBZz
Aw79OLta7cIjVvaTjwQM29fX4s4xwcofH7ro+0vG3dJCh5r2CJ6Et7uBbd7xHvC0EKk0RmLQzeuK
PppxUziQ1rSLTGz/Y2mzzyh6c97Idx7b8KecckqqQ8VhIqyTbuh7bFj7zAIGxZmVj9KKerT5QAM0
ahc6eeU4gD39XIkvKAuCkmis5UHFq/VljGWc4NkqwSgTRhzaq9KdFnfKX1IAgc2kfnoo7qK1ZvxR
nMWYA5FXaUyz/KRn+jPRZsfi0lhSmm8p7jQ+Y17eb5A/wjYKK6Xdyu9d/R/9OPM/u/jQ4qF8a/lC
8Wr9oeMP6U4zL1mstl9b/lURflysXlm/rFHLjr9q+xgItbstLznt7kEPetDYGKR4zHPoK3LHLkh7
UpDC089jnERZVnIsnskVeygerWKOPh3jA3yvsCXlN3mizNYuK+VnsRBdJR9aGY9yx046TkvJ47DT
FpkMxXSX0w4cymB35HWFr33fijtzch2Hb8tV4ouSIVGGZOkNlAb1I+OPxb2GB/M0lXbuMyZYTDmW
NS8T9HDC1GMf+9hR/XEEPfwkx6LsEj8Rl12w9qjkVh4kr3e/+90jGlQWDGjI6rbM4nfRh1/DgxZ3
5VPyS/xewxcsIlB7VPrUCa602EI8A8/KOFniC9JEX2XrNiXa+K8Wd7vYu0QfZc15SKTR95R0cMTB
gE1bsryneC1+K79zylxeb9CHroAFtiXH3Dw3bhMHfFgk0VUmjN2E0x/5wgfkpXecKJEbcOjH2dVq
Fx4xVyQfnS5h+/pa3DkmWPnjQxd9f8nIWFroUNMewZPw6BNsnno+4IAD0skTpTESg25eV/TRjJvC
gXRIexpn+x/Rlfva9W/zyXce2zjo2fkuh3FVJ93Q99iw9pmr9GbtWIBLPdp8oAEame/I5TiAPf1c
iS8oC7tU5Wp5UPFqffiUcrBwjGcrG1Em9Hq0V7lpcaf82r1r8QObSf30UNxFa834oziLMQcir9KY
ZvHQM/2ZnB2LS2NJab6luNP4jHl5v0H+LPhB1pJr5feu/o9+nPmfThUBE4uH8q3lC8Wr9YeOP6Q7
zbxksdp+bfk9/P8hsAaPkSEnuiuuuGJimKUQIBoZwkYbbRQ22GCDEFdwhTjYhtjZp99XvepVJ5IY
74YJcQAL66+/PosKwiabbBLWXnvt3njx2KUQlWph4403DjxvueWWYY011uiNEydtIXY6KQx5rLfe
er3hV9XHOMgnHMECTMGlz8WjnUMUHFOQaAwIO+64Y1/wqb614E6G8HJcEZTqaMMNNwybb775VHTk
kaflwTy9Ib/Bnfqhvobwn9KMx9mGNddcM8TBK/EgvDhrB01ggqON1OZRy4Ot9C80X8QBMdDu6YdU
JvqatdZaK0SF/8Q+o7Zc0+Jemx/9Lf0ndRwnDqmeJ/UXtXkofAu/gz38jg+/b7rppoN4kXqjPOus
s07Kfsg4Ahb0McTZbLPNZl63wgF/MXEnP/Hu0DEBvKPwFehroTUKZIlHSKvLEScablO4eDTYzPvo
rnxr3mv8URzGkYXid+XR4qvfoZ+p7XuH5rfQPBgFqBCVOyGeTBJe/epXpzEL2uCNSfOzoWUohYt3
SIaohEr5kU9NP12Le8v4Ix6smXtSzpa8Svh0vVsVcyDRwhhE30TfCy6zdtQrf8ybWtp8LV+00F8z
/oie1nnJQrf9lvIvdpwhc4LFpmmW+TFvoi1JrmZuI7l6iPxEf2PlauZek/pt+jb6EfVtQ/pe5g3I
4jjyWMpyNboJ+inmRZPmDdHIGuJJNqlccaHnSMZOL2b8rwV3SECfwXiJ7gMdzBZbbDFTyqblwRZi
wF1y9RD+Ux7Md61cDS/O2jEPBxMcbaQ2D+LX8GAr/QvNF4xfkhFUJsnVUeE/c9lrWtxrcWR8pf+k
jpFDqedJ/UVtHgrfwu+S7/D5Q94dwovUG/UkuXrIOAIW9DHEYcydpGdVuVr8xcQd+sS7Q8cEsEZG
llyNbAeP9DnioDshHG1m1n10X95Dv2n8UXhoXCh+Vx4tvvod5Ooh/N6Sx0LzYFwwE+L1MCGeTBLi
hoVFlavp08COeWBNP12Le8v4Ix6knfA8dOxvyauGL1bFHEj0UV/0Teuuu+7EfkZxanzqFdkdnmhp
87V8UUObwtaMP6KHcU19e828ZKHbvsrkfj0CK85wXg+Bx5glAs9+9rMDf3FHWDj11FNnmbSn5Qg4
Ao6AI+AIOAKrGQJxp1bYfffdQzzBIsRdhAuqMFvNoPXiOgKOwJQIrHTD+ZTwePQpEUCWjjsmQ9wR
luTrKZPz6I6AI+AIOAKOgCOwGiMQT/wL22yzTYgnWIR4ZYrL1asxL3jRHQFHYBgCbjgfhpOH6kCA
1f3xiJq0aozVsPFI5BSSXYXxaLkQj7/3wbgDO3/tCDgCjoAj4Ag4At0IxONPw7nnnhviUbYpUDya
cTTfiMemjnbidafgXxwBR8ARWDgE3HC+cNiujimz0z5eqTIa584777wEA3J1PMY+xOPvXa5eHRnD
y+wIOAKOgCPgCEyJwMUXXxziFbEhXo+QUopXRozmG/Fav7D11ltPmYNHdwQcAUdg5SHghvOVV6eL
WqLvfve7Ye+99y7mGe/QDvH+nHT0RjGAv3QEHAFHwBFwBBwBR6ADAU6v4Xj2kot3joa99tqr9Mnf
OQKOgCOwKAi44XxRYF5tMol3VXcex85VaF/72tdcrl5tuMEL6gg4Ao6AI+AIzA6BI444Ipx//vnF
BD/5yU+GffbZp/jNXzoCjoAjsDoj4Ibz1bn2Z1B27sy55JJL0t1G9r4h7hBmdbyvWpsByJ6EI+AI
OAKOgCOwGiLAnYY/+9nP0mr4vPjXv/71i+/zcP7bEXAEHIGFQsAN5wuF7OqZLnL1D3/4w3lyNe+5
T/Xa17726gmMl9oRcAQcAUfAEXAEpkIAuZqj2tdZZ5156Wy33XYuV89DxV84Ao6AIxCCG86dCxwB
R8ARcAQcAUfAEXAEHAFHwBFwBByBCgTccF4Blgd1BBwBR8ARcAQcAUfAEXAEHAFHwBFwBJYJAm44
XyYV5WQ6Ao6AI+AIOAKOgCPgCDgCjoAj4AgsDQTccL406sGpcAQcAUfAEXAEHAFHwBFwBBwBR8AR
cARmiYAbzmeJpqflCDgCjoAj4Ag4Ao6AI+AIOAKOgCOw4hFww/mKr2IvoCPgCDgCjoAj4Ag4Ao6A
I+AIOAKOwGqIgBvOV8NK9yI7Ao6AI+AIOAKOgCPgCDgCjoAj4Ai0I+CG83bsPKYj4Ag4Ao6AI+AI
OAKOgCPgCDgCjoAjsFQRcMP5Uq0Zp8sRcAQcAUfAEXAEHAFHwBFwBBwBR2BJIuCG8yVZLU6UI+AI
OAKOgCPgCDgCjoAj4Ag4Ao6AIzAVAm44nwo+j7wcEZibmwvvec97wp/+9Kdw4IEHBld6LcdaXN40
Ow8u7/pz6h0BR8ARcAQcAUfAEXAZwnlgdUcAmebtb397uPLKK8Od73znsPnmm6/ukHj5FxkB58FF
BtyzcwQcAUfAEXAEHAFHYDVBwA3nq0lFezH/D4Ef/ehH4aY3vWl68b73vS/sueee//dxFT3961//
CieccEL45S9/GTbccMNExeWXXx7OOuussMMOO6wiqiZn+7KXvSxceOGFYZNNNgmXXnppeMELXjCR
3s9+9rPh1FNPDVtttVWK8+hHPzopWibntnJCLEUeXDnoekkcAUfAEXAEHAFHwBFYeATccL7wGHsO
SxuBH/zgB2H77bdPRH76058ON7/5zVc5wcjVj3jEI8LPf/7zsNFGGyV6fvGLX4Rzzz037LTTTquc
vi4CXvziF4d3vOMdYdNNNw0//elPA3L2JHo/+clPhic84Qlh6623TnEe//jHh3vc4x5dWazI90uR
B1ck0F4oR8ARcAQcAUfAEXAEVjMEVozh/LLLLgtf+cpXwtprrz2vChGebnGLW4TNNtts3jde9MVV
BIyZpLHmmmvqVfJ/85vfhDe/+c3hwx/+cPjd734Xrn/964f99tsvfO973wv//Oc/w5Of/OSw/vrr
p7Cf//znw29/+9uwxhprjKXBjw022CAJPMQvfZ8XoeLFV7/61UTjd7/73WTgvO51rxtudatbhW99
61tpt/X97ne/medZQd6iB8UgLSH0Qx/6ULjxjW+86DTkGf75z39OdfLjH/947NNC0Icg/vWvf31e
W9l7770Tf4wRMOHHQx7ykLTLQMGG0PumN70pHHXUUYoSnvOc54Qjjjhi9Ht1eFiKPLg64O5ldAQc
AUfAEXAEHAFHYFYIrFTDOYthv/CFL8yTFcANufrWt75154ldfXGFO8ZM0sjl6l//+tfhta99bWBh
MzI2BtkDDjggfPvb3w7/+Mc/wjOf+cyRXP2Zz3wmEL4kNyO3X+c61wnbbbdd8bvoaPG/9KUvJRqR
ozFwbrPNNuE2t7lNkq3Ybf3ABz5w5nm20LlYcVj0zWJoHLoOLU5frPxL+SBX77rrroGFytYtBH3I
7iUd1L777lstVx988MHhjW9844jkIfS+5jWvCQ94wANGcV74wheGY445ZvR7dXhYijy4OuDuZXQE
HAFHwBFwBBwBR2ClI7BiDOcIDY961KM66+uiiy4Ke+21V/H7pLiK9MMf/nBMSfD+978/YHTucle7
2tUCu2sx2CPA3eQmN0kCfld43hMHwyLC3rTu73//e1qB/MpXvrIzKUtjZ6AV9uGPf/xjeNKTnpQU
MihgWEiwFBwKor/+9a9hrbXWSkoXFDNDDNG1tMOz8G7uwOT444/PX/f+hq9///vfp3bwzW9+cxC9
KL44Jh+D+XnnnbdaGs6XKg/2VrZ/dAQcAUfAEXAEHAFHwBEYIbBSDecXXHBBYHFsl2OX6z777FP8
PCmuIrGY3B7rzTVaHPXd5a5+9auH73znO0kWR/5gsfmvfvWrruDpPXHQAcxikTRyNbqGl7zkJZ15
Who7A62wD8g0xx13XNJxPO95z0sLCZZCEVlU8Ze//CUt/mAHNkboIYboWtrhWXg3d6effno4+eST
89e9v+HrK664ItzpTncKX/va1wbRi1zNMflPfepT08lvq6PhfKnyYG9l+0dHwBFwBBwBR8ARcAQc
gSWPwIoxnP/kJz8JH/vYx5Jw9LrXvS584hOfCI973OOS8MbOb4SaLuUGBvFPfepTgfuR1llnnaD4
rJhmJ+zf/va3gCB8+9vffrQyHmPhzW52syQkssoXQfpa17pW+NnPfhae+MQnhosvvjgZwWU4hxPY
lc5OU6XPqmJW2+NY1c9xXLirXOUqiR6O3Gp17Aa45z3vmXAgjTPOOCNhwMp+cDryyCNT0quj4bwV
08WMd+KJJyaj8kIYzjkNAb5EyOREBDn4lyP24L9a10Lve9/73nDooYeulobzWnw9vCPgCDgCjoAj
4Ag4Ao7A0kKgS7ZcWlTWU3PJJZekxbDIxS9/+cvDRz7ykSQzsIMbQx0ypjV62xy+//3vh49+9KNJ
rl533XVH8TnCm52wLBK+5jWvmYyD2nGOsXDHHXdMhnAM9hw3fe1rXzuwmxej7Ac+8IEki8twTn4s
Aub4bdF32GGHhdvd7naJFHajc+w1DrmGxb3sQG91yNXsfAcH3DnnnJMwgH5ktfvf//7p/epoOE8F
X+L/uBaM68QWwnAOT6J3+sMf/pCuXRMU8C+nErTI1S30vvOd7wx3u9vdwupoOBfm7jsCjoAj4Ag4
Ao6AI+AIOAKzRGDFGM4tKDLiYSDeeeed7adBz4qPMR0hvuRk9MN4/q53vWvsKDtrVC8ZPrvSx4B/
0EEHJWP8tMdXcz/W4YcfnkjnDur8vjFWRqNgwFiKsGePsUfwQxmB0oEjvVl4wC5ojJwoBtZbb70R
JCw2eNvb3pYUF7zkCHhWS6OsYBHBFltskXYsUK6SY/U+OwGgh+PUUEAgaN797ncPd7jDHQIKFzlW
jb/qVa9KP//973+Hu9zlLuFzn/tc2qHPgoRtt902POYxjwm77LKLooz5lAlljtKkXChndJT+WGDz
A2Myu/YRjHGkf8c73jGtCP/iF7+Y8vyv//ovEyOEL3/5y6lc4IdSR/Ee9rCHDeJJ8UiJf8YymuIH
/M2CEo6S4/h2lFOcdnDb2962M1WOQoMmFFwcjchuDxZ/sDCDXQYleqk3FE06Lm/LLbdMeXCsHYtH
LK9bfqKe2JlOGPiUtLkWgXpAkcfddfCJdfAu/Mgxj9QvDr6A17VIxYbnmXZHuqRPHHgWTHj+4Ac/
mBRy17jGNcaiwbfwE20fnqJ90NfsvvvuKQ5HNpZ26tTwIIuBSJ/2htKFtgWdtBVoY6fPsccemxbo
jBH3vz9Q8lHH3/jGN8J//vOfhCHl4h44FurQ1jheEl525wg4Ao6AI+AIOAKOgCNQh8BKNZxbFGTE
Y96+22672U+DnhUf4/UNb3jDYhwZ/bgWDZnBXr1mjeolw6fSZ757oxvdaJQ+8/Nb3vKWyRg/rTGR
+fd97nOflPbHP/7xlO4oo/jw9re/Pd0rjQzLTmHLF+gFmLsjb4MhCw+QG5ATkNVzufoNb3hDukaO
9JEnkIXOPvvsgFzAgvejjz46GUht/npGPkF2QBaSfIKMet/73jfJzZKBCY989tKXvjRFRWa4173u
leQGTuJDdr3BDW6QTq5Dtik5yoRMJvqRTaBtklwNfuzahx9wnAZw17veNV15x8Ju7uu+3vWul77p
H3ILPAJ+XLGHIx4bF4bwpHikxD/KY1ofvROyJnWGTI3ci74IfUaXA2f0ILrKj6sJWPxx2mmnhWc/
+9lFQz/1xkIS6hfHYg3yACN2qlteR64WP1FP7EznKgE2Z3AdAnVNPcAXnDonHhe98C7xWZwC3+Lg
CzaWdOkLoIt0SZ848CyYwB/gQVti4Yx18C389Ja3vCXxFO0Dvttjjz1SnAMPPDDxlo3Dcw0PshiI
9OHPTTbZJOy///5JX0DbhU5k5JNOOinhmefDb9oIdQwPIlfT1sGAqxDRmSFXs7AIXnbnCDgCjoAj
4Ag4Ao6AI7AyEFjRhvOSEW9ItQ0xWjLJRuBlt/nzn//8eckykWeHOcdmbbzxxmPf+9J/0YtelI4R
t8bEscgDfiCYYAzjqG9W7JNf7thtvOeeeybDJ8K1hFx217OiXsJsHo+FAgiuGC5xGMmHrOBH+NMu
d6XJzmeODUe4LDkELYR/BDQcwnnXsYA2PoIaZbMOTBCIEG7kJu22RzBFiLR3jSmu9XM+06IKG8Y+
wzvQ0uf6eKQv3tBvCNIoa6hLFFTUBUZ9BG8WJyCw5g7BGYVIn8uxQIjnpIY+Z3kdfsqvNMAIzkIQ
8rcurz+ULX1GYK3C515FOcrOrpk+l/MTvIRQTH5droRjLQ8OuUICDDguk8UI1rHAAeVHVztW2B12
2CEp8kr1rTDuOwKOgCPgCDgCjoAj4AjMR8AaSOd/XRlvpjU6DonPwl2Muw996ENHxlyLHrIT83EW
6uZydV/6GJyR5awx0aY75Jn5OwZ9jK5PecpTkmyfx0OuxujJH4turVyN7IwxveRIl1PqrFydl68U
j93Tj3zkI8c+ISdjONVC5bGP8QcGVk4C0KYAZIQhGwxYhLv33nuPJQcmGDbZUS03abc9cvVRRx0V
Xv3qVytK0c+N21pUUQwcXyJ7Ypjtc3080hdv6DfkauQuDLPoX7797W+nDQcs8kfPUpKzkLcxYve5
HAtkz3wzRB7f8jpydX6lAXjS3rQZQfHz+kO+ZOFJl6O8XMtg5Wp4Hz1Sn2NDgi0DvIQRm/y6XAnH
Wh4ccoUEGLAAB/naOhY4INt3tWOFZWEQYUr1rTDuOwKOgCPgCDgCjoAj4AgsHwTccF6oqyFGSwQD
BHwcQjw7XzfddNOxFfKFpNOrvvRPOeWUdJSYNSZ2pdP1nt3DWh3et2ue1bHs0EXAYZUsToZz0uBe
LoQEdqMjlLK6GJcbEtnB+vrXvz6cddZZ6TuGz2c84xlptT0G87e+9a1pt6s9BtzuyicSx9Tvt99+
6Vg/VqI/+MEPTmlZ4ygrfdnBzb3k4I9j4QI7j1lBjTCOER5DKCvZ2RFtHTuLf/7zn6dV1RJUEUDt
bnuFRwBm97qEewylHC9IHWNstYsRcmMxq8DZJY2hFszY/cD95eAJ3SWjqvKV38cjCjONz2p9ds6z
oh8+YDfHTjvtlJJESGeXtnVaKMI7dn8//elPT0qec889NxleFdZigTFegjE7pk899dTArgfw4W5z
uZzXWdwAPfCT6pmw8ALvEJTZjYCgjpC9wQYbJCURVyvgxH8Ir6wgR4lBeByLN571rGcl3qCO2YnO
iQwowlDWbbjhhmlnCnzLKQM4WyZ+oxBhNwA4sKiCfFgpDy33vve9CdJZxzU8iBKOvFD4wdc4cEcp
9tWvfnXURtjpTznkaMOcJEBcHMfxb7XVVkmJg6JNDtxZaDDNlRBKy31HwBFwBBwBR8ARcARWNwTc
cD65xocYLVl0rNPJOAYdGRv5zO4878qpL30WkCOnW2NiVzpd75mDc0ITLt/VbuOwoxz5lnJYuRrD
ObtdmcNjAIRn2GV8yCGHpOi5IRH56RWveEWSpQnAYvDnPve56UQsZClk7vwYcLsrnzjIJ8gqyDoY
5iWfWOMocjW7Z5GBwB/HpoDHPvaxST+AjI0RnkXuLGLO5Wp2Fl966aVJrtYiZIz3pTYBHchg559/
fsqH3e3kQ1jkQupQLjcWI6ch+2CoRRbfdddd0+l8nLoF3SWjqtKS38cjCjONDw5sJMBIjdH8d7/7
XZK9SJP6ZEGFdVoowjvqEvmWxRPIdOgZ5CwWYCtZHbkaOQ6+ZLOGle9yXocedrSjm1E9kz68gByP
XM0iDBZswN/I1eh2RLP4D9yRd7lykJ3+OOKxgQTeoI65S57F7uhqqCvkak4FhG/RzeBsmfR7r732
SjhQ1+gnyIdFHuw0x3XVcQ0PIldzUiH6Ii0uAXd0eMjMaiPQKZ0XeSNXs+EBunHgiOwMVvQtcuCO
vmjIhhLFcd8RcAQcAUfAEXAEHAFHYGkj4IbzQv0MMVrmxiklg5GUY6UwXLH6WYKzvuMrfXuUPAY+
DNIPetCDUtBJR2bb9PJnjHMIORj2MJxzHFWLgybKiSMNjIn85YZOviOIcZQ7xksM5Votbw3k1oiP
kIUQheDHzvzcUItAI0MoigaM43LCDyGYhQYS5GXQxBgMtqJB8azPSQAoAboM56wWxpCPK5WXeNrd
nBtWicMRXtQ9q+sR/hAc2QXMsXJ2MQBhS05lLKVdCl/7jgUB4GexVZ4oUFBGyGH0Z0fEr3/962Rc
Rhi2iiydkkB40Uv5WZyAAEx9oCBCQJdDiYPSBFfCl/eih2eM2tCq4wA5qt+u5lZYdrezgl47N4iL
E3/yjOALv7EKH6UShnrRzXc5dqk87WlPS21IuzP4xhFz2p0PjraNsyCBdo+gj/JDvKk0rT+JBwmL
MoP02BWCEg3FgRzKDo6UQ7Fl89KiHviMXQXsKpdjkYQUk7b/0Xf3HQFHwBFwBBwBR8ARcASGIVAy
Eg6LuXxCTWt0HBI/N04JHYx1GJ4xyDG3tnNuhVH6GIF1bDcy7Lvf/e6RrIEcwMLlFodxjtPPMHAy
H59GruZ+dxwLsZEDkIVzQyfftcuaBcgYliXTWgM5tOjoe2QpFgkjV3ONmIyepIWzhtAzzzwzLcr9
ny8hyYMYXllkoMXFfENewqCJMZgFu6JB8ayPHMaO3i7DOVeYsbAZVyqv3d2cG1aJY+VqeIXF0yyG
hza7GICwJSceKaVdCl/7jg0AyKoYYo877rgUXXkiN4OPHPI0O/1/9atfJf0GMpyVq0mDRQU40Uv5
WZyAUZoyo1Ox14jBIzrhrYQvaYkentGrkE+XXK2wLFhgx3wuV4s/SUsLA5Cr4RdOIRDdfJcDBzYR
WL7lG/oYdEjIuCzUt22cBQno1fhW2hShtPEn8SBhkKvRL/1/9s4DTJqiatutiIAJPkQFUcGAYsaE
ioiv6VNQMWclKAqKWUyAgn7mgIoBM2bMOYERc845Y8asYA771136zH+2trpnpmdm39mZp65rt3q6
K5x66lQ451RAz8PCei344Bu6KTZNUI8xL/oOZGf4jEUNWrxAHBbLcJUaLvY/+YX/GQEjYASMgBEw
AkbACGx4BJbOcI7BjeOWWMXeJgDKCFczpsUaxyiK4SwKQ/E7Agx3Qum4Nn1T+tGwHnfWlsehK96o
/qSGc1a+I9wgDNRczdCpO9UR/uLuV1Yfa+e28OQdK5URlEojbcwPIfSII45Ys3tX+JWGPxlCWeXd
ZhBX+qSBINgWTsZR7qpCmC8FRtJBQYBgGxcE8J5V3fAFCpGa29yGc4RGHeXPUfgY8zHwsoCBumPB
RTwdAMMyR/RBN2XlDvDoSE9Hl6uOVRfE5V5vLYKI8boWYhBO9YzwDp9EQTqmgwJF1wtA+1Of+tS8
YEFhqLsf//jH+QoE3onGyIe8xwCNIoP2St/A7nhWjUfFBOFYuc9CAhwKOhRx3NUGfbvssks+Nh1D
exu9OWL6N4wHCaeyoVxBCRGVddrRX55gwK4U7saLiyKUJz5tmxXywiF+87MRMAJGwAgYASNgBIzA
aAgsu+EcuZpFo9tvv32rXC0jXM2YFlFGrmZHMuFrDiMe8lkpVyv9aFjH2CVXHoeu96P6kxrOOUkN
OSbuJI551wydlJMd1uXuV2QX7dwWnrxjpzg6h9JIG/M54YQTssG03L0r/ErDnwyhLKBuM4grfdLg
Sq22cDKOsgCBnbo1ufp5z3tevhKs3NVP/vAFclPNbW7DOXIwPEZ9UMdsXkCuZkMECz7K0wGQI1nw
AN0YkcvrtkhPR5erjlUXGKVZBI2uqHRdCzEIq3pmgQR80ianInuSPsZlaGeBPPnLcR/6aaedNlh8
IRojHxIWnuQERNorCzrYHY+cXN5vTn2zyxzH4gp0CpyUBn0sEkD/wMaUNnpzxPRvGA8STmVjMwPt
OsrV2tFftg8Wk7BQPS6KUJ74tG0W2guH+M3PRsAIGAEjYASMgBEwAhsbgaUznMvYxASXI6RqTga7
UQ1LKA04/okVxKx+RthFQMQh8GpnrfJS+votHyMcO31Z1VoTKBVumK8yIqRgXEZIGdUhdHM0tBzH
V6EU4oh07qvGdRnOa99UXuEZjarsPNbuAOUpHww5AgyDJsZACUxlegofjYxtBnGFJY0uw7kWApR5
K36bzw57FkToaG2EPVYzY0yHL3Cb23Aed9O3lSOeeKBj2rvuwy7rJPIgOx9KpQD5ahd4jWf4rjTL
BRJ8i456R8GAkX4UF68agE4EZNpuzVFX5a5tFAM6eaEWh3fs+njIQx4y4NlauGE8SJwuntYCGQzn
2vkObVqoEssZ8xfuao/xm5+NgBEwAkbACBgBI2AERkNg2Q3nMjaxaFW7ZEvkZLAb1bCEXM1VYiwa
Zcfpq171qmwUJl1kQx1xrnyUvn7LxwiHwYursyaRq1VG5Gp2XuvYduXT5XM61GGHHTYIwhH0LDLA
SI0BFNdlOK99U3mFZzSqInNpZ/cg0/8+IOMffPDB2aCJfkJydZme4kUjY5tBXGFJo8twroUAGFNj
3orf5rPDnsXXOlobYzNHx2NMl65lcxvO4276tnIge+nEAx3TjvEcmTyeoKb4ZZ1EHkT+Qz4tnXaB
13iGsEqzXCBRpkO9s8s73l9fhom/41UD0Hmd61wnt90YRs/UFYsL4q5tZFdOXmDRd5vjhMGuRfTE
G8aDhOniaS2QQS+gne/QpoUqsZykJSfc1R713r4RMAJGwAgYASNgBIzAxkdg6QznMja1GeuoUhns
ugxLrL590YtelHfp1u7I1m5aVvWSXnRKH8GJ451YWYzj2LFpuGi8LXeAd6WPMCEDJPcic78TSgI5
7ktD+K9hJ0Nz7ZvKKzwRQhDcETRYQc5q7JqTwbbcUVump7jQz85jFC3TMpxHo6Ty6fKFAwIt9csR
g3IsrmA3xKg74rkHXJgpjWn4rEiHL1iwUCp/UFCxQCJiLkMrq8/ZoR6Pk4Me6lMnCIjeH/3oR3mV
OfzDfWLlrm3ioUThyPMaz/C9rZ75Fl1ciHH00Ufn49c5orHmWCWPsC4FGsfoUy8oBxCY4SEcq9/h
d1yNB4gDn3E9AD6OdxynLiO8sMgfK/8oX9fiDaJ08bT6spI+HZ1f63tqdVUhLb9iBxE4wsttp3O0
xfV7I2AEjIARMAJGwAgsOgLLbjiXsanNWEf9y2DXZVhiNyd3myOD1DDVblqMZ+WJXkofeYXFy9OW
q6PxttwB3sXfzOFlgOReZBaDR7maRa+c9FXDTobm2jeVV3gyt2d3OkdPc//57W9/+ypZMtiWO2rL
9BQZ+pH92J07LcN5NEoqny5fOGBw5dovTkmTQ+7iRLRRd8RzHL0wUxrT8JHn0PuwYIGT6qJDHmaB
RMRchlZ2qWNErsnVOkFA9LIgH5kd/mHRd7lrmzxZSMCR5zWe4XtbPfMturgQ43GPe1w+pa5Lrua0
tihXs+iFDRfwjK4mYMEJ/I6r8QBxuAsdnQH8huMduhDJ2cIif6z8o3xdizeI0sXT6stK+ri6jU0l
tb6HtlfWVYW0/IrT78ARnYjl6jaU/N4IGAEjYASMgBEwAvOFgA3nlfoYxWDHblKMvhx7VhNQZUBl
Es8q2uiUftdu6xh+3Gcm8RjNoA+jF0dl13adc98Zhj/uY+cObhniyI9vrIiXI02Ee+6srhk6Vd7a
N5U3GhL1DgGTI+ExaEaHYANd0MdK33jnmuLG9IhLnGkZzrkrTPXKEXscEVY6Vh6/853vzMfecUQ4
TnxRq3d2AUAfdTKKYX8WhnMtqkAoZid3adDmxAQEYBzCK/UT+YLFDPvss0/+rn/x6HLVCXWhRRgI
mvHOdOKh7GARAbvEazxDmLZ65lt03PvGyQjwUS2vGJZ8dSybaGRnC0fQl4oLLRiIiwhIS+9rWES+
FRYx//hM+aZhOKfsLOLRzhGUMLqzDQWa7rwjb35zrx2ujT7aOu2N49xxKGk4xp974e2MgBEwAkbA
CBgBI2AE/oNAzci7aNh0GdxkbGoz1oFFV3xhxSlwLPx8+ctfvurKL32XARX5FiNldEq/a7d1DD/u
M/NijN7QhwEXQ2i58Jg0MWgiOzEHR64WNnzDuBuvuiJNFo4jP9ewU3lr31TeaEjUO45Cx2hZk6uR
34hDWbjPmePEcYob0+M9Ms20DOfoDzhqH4cRNS4szy/TP+RtZCuMlDvvvHN+Lb6o1TtYQ9/m3HGu
RRVnnnlmLldp0GYRMsed45B5qZ/IF8hiLPaILh5drjqhLrQIo3YcvxYRsBC8xjOk31bPMW+ekauv
f/3rZ6N+La8YHuP2tttum1+Jxn/+85/5CPpSrtaCgbiIgIh6X8OCNMW3wiLmH58p3zQM55wKcdJJ
Jw3kaq5TRH+De8c73jHgY37TXx144IE8ti7KoK2zY57TLnHI1fRVu+22W/7tf0bACBgBI2AEjIAR
MALzi8BCGc65G43jro488sh8/zRGTYQMrTznGwLFDW5wgzXGOuIysSUMR4BhVFR83jP5j0dpyaiH
EZQJP8dYy7EqGKEZP+6ohg6MdGX6vJ/WbnPRwJFmulcaGqGDlc0IQ6zkZdW5jsRiBfeee+6ZhXrC
sGOW+8UxXCNUI+AhhOlINO5Ovte97jUQuMlT95GX3xCeOLaa+8DBk5XhuHhcOEfoYTyFThz0sXP4
TW96U/4dj+omPXbCg3lMj4AoJRDG2NGNoU9CN99Y4Ss+oC7hEYQfwqH0oo5xqgcENYQk7h6DLgQj
MAIP8OHoPXZH4IQfz9rtC49xvDwGdYzVCIMsAMCRXkkf7zFm4+AzyoiSQTwo2kVfDtjjH+mxAIJ6
gAdQ7ERHuREYMUJTbygqwA5lB4sYcNQ1xmSwYAEAhlu5WCcI2zK+coIBpwywwppFGWABtriSZ2iL
GIFr7YTw0CxlD79xWrjBM3ne6U53arbZZht+Zr6Argc+8IH5NwIwuwIoq4z77HyHJ2RUJ6DqsjSc
Ky8EXzCEL+RQkMCDtP3SMD0uD5ImPI3hG94oeQbFE/RDH+1rq622ymTQRqCBusERhmPzUALE4+xL
+nLg9C/yvt61LW7Qd/tGwAgYASNgBIyAEVg2BBbZcC65msWv3D+NPIahUjIJ8gpGWubBpbEuytXI
EMxhFb8mV8uoVzvKGZkWmQw/7qiGDuTqMn3eTyovlXyM7CJDFzRioGNujVzNomOOk+dYeNzHPvax
Zq+99sryIouR2TFLeHQDyC/MxZFVODod97SnPS3LKFG20X3kyJrgr2/M8TnlS/XByXW4eFw4u8+p
D+jE/fznP8/GaLDDxaO6SQ95i93q1I/SIxzy7qZNm7IsgqFPBmC+lTINNCK3c2IACwRqcjW8g/wP
XYQFI8oFPpyExq58nPDjWbt9991333zEO7I9xmpkb2Q9HOmV9PE+ytWUEflNPCgenpRPMPSzAALc
oKkmV0M7i5rZSMECb7AjPIZgHCecIbeBBWXHaC0X64S4Mr6CFacAagc61xeALa7kJ8nVtXZC+Jpc
rYUbfOckCGR4ydXwBQu/Dz30UD7nxSLc6478KOM+PIp8H+VqeJnrHCgr8aVXU16UBQzhCzl2acOD
tP3ScD4uD5ImtF/jGtdoWOhQ8gx6DuiHPuT7KFdDA3WDoy9Cz8Mpc/E4+5K+HDj9Axfxvt6V/aXe
2zcCRsAIGAEjYASMgBGYLwQWxnCuXaCjwhsNQTImtsVltzFCXdwlrJ3FirP//vtnYyRGZgyLOAyk
isOR0NH4qHjyIz16N6nPjvbyfvUyTYxyGNURHBFydYR6Ga72G8Mbx15rZ7jC7Lrrrlm4QDjZY489
9Dr7KA3YSY1hFGNfvA9Pd51jEJTjzjyOwMLp+G99w+cOclbN1+ofwyeCcjSQxri1Z8XhW9xJrbDU
KeWSi/jxLi4IUJg2H4On7qaWMbYtrN6Pc/S+4uCjIEBwl/Fb3+Ju/hoN1CVCOwIrQmOXY/EIyiDV
MavfyTMaa9viq62gzCF+l1P62mFNWBRX7EpAMSXHggwM2Shx5BDKTz311IZyoVBB8I30sQiAXSQI
9Bi/cezmjjSVONE/IESjyEGIxpE+AraUDH14MJ56kBNN/zgikjat4/b1Hj+ejMAOANqWFp/EcHru
MpxrQYHC9uXXLcbnAABAAElEQVQ7xbdvBIyAETACRsAIGIFFQ2BRDefaBTpqfUVDkIyJbXHZbVwe
/62dxYrDXJedphz3jBEZh4FUR4YjV0fjo+LJj/To3aQ+8/J4ilMtPWR9ZBHJ1TpCvRa2fIfhDUO7
dtjq+8UudrF8hRRHWZc73ZFzMdojE2FMZ2G7nO46j7Ifcq7CIOeU6d397nfPck+t/pFxDjjggFUG
UuXV5isO3+NOaoWnTnUUN+8ifvyOCwL43eUweMJ7YCFjbFd4vo1z9H5MC7mazQYyfutb3M1fo4G6
RM+Bvkj1o7ilzx3oGGZVx8h2e++99ypjbRlHv9VWMA4jo3Y5pV/K1QcddFDzile8YhAVXsaQzYkL
csjVyO6UC7maRTTRmMxifE4so02gS8CxkJs85Uqc6B/222+/vBECnRFObSDK1TLSK502XzwYTz1Q
WDaFsOiADTHlSRbxZAQ2QdButPhE8aPfZTgvae3LdzE/PxsBI2AEjIARMAJGwAjMHoGFMZzXjExd
8CFcMpnHjRKX3dsYzDRhZ1U5u47bHAZdwuy00045CCu6EUCYtNdcaZyrhenzDiGFFc7sro4OQyWr
uDFsahU73xEM2O2t3eW8QyjijisEPFZVy3DM8dYI3BgbtbuV8GBFfgj4MobzHscuZv7kELZYQc0O
5+g4towdwFGoxAjKe+VPeHYoUL5aHSKYcRw4RsvSuB/zis8IVwjecuz4xXgvwU3vKRe7sUk/Cpp8
52j8KBDyDiMu/IAhk0USOHiEXenEr9GfAxX/It8Wnzp/1gzLRGAnuHZiiwYZwPke+R5eYkdBrCv4
CCUMK+lZkY7DGM9uc8p1xhln5B0EZVvBEMvOfxRlOAzNGLRZeCD8wTguosgB07+Yvt7hs/ADgze7
9UuHIZidCSgPtPodpRuGc3a+1/KibAjR1F1sI8KJdrH11luv4kfyRakEj6vt864PD4JpNNiTjnia
o9TFR7yH1pNPPjnjyG85FIynnXZas91222V82BEAP1OuNsM5cVGU3P/+98/J0AbpD1DC2BkBI2AE
jIARMAJGwAj8B4FFNZzXjExddc68EbkGN0pcdn2yC11yNXNOFkK3ORZRs9tWV2MhV9/mNrfJsnkt
Tmmcq4Xp846d58h/yBvRMUdGVmQhfZQZWFTL0ePaXU4c5AfkP+bkyCEyHGNY5oosdhxrdyvhwQoZ
iZ3jyEvRIQNzDLQchtIjjjgiy2V6h4+8Cn7kKfeTn/wk77BV/rzXkei1Onz729+e5WlkmtK4rzRL
n53sUZZBhocO7huPDlmDciCvl3I1Gxx4Hx1GXE7Oo551gh5Gfy3Or9Ef4+s58q3ejeIjV5eGZeKx
E1wnD4gGGcD5HvleJ7Ah78nBR5xyh6zJznEcxnjkZsnV6GnKtoIeCbkamnAYmtGxsGhi038XvoNx
XESRA6Z/MX29w0euxuCNYbl0yNNstmChQ5SrMZwjy9fyomwsaKHdxjYinGgX9AeRH8kXuR8+V9vn
XR8ejEeukwZOPA3viY94D61cyQeO0bEoAH2ITivkBD/4mQXtbYZz4rNJRfoJ2iD5ltflxXz8bASM
gBEwAkbACBgBIzAfCCyM4Xy94cSgyipojl5CUPnNb36TjYQIAkyE4/3g601bLT/oZQcw9LEKHoGg
yxEew+KWW26Zy0IZZ+lQLHBsFvRxZNi84Qd2CGnggRumKOP4MDDEcTy5hMr8YoP/Y5cIgi1l3GGH
HVYJv21FY0EGSgaOVJTBuS3spO/JA6EbPuJ4OvKjDmqOeiU89Ul5CP+Xv/wlHx+HMToK9jE+yivu
seO7eAMlHvXclleMv7meUYJwVD9Kii7DOfSBAzsqFol3NxfuztcIGAEjYASMgBFYPASGyQOLV+LZ
lAiDKoYndtQic/JbcisLUeP94LOhYLxUoY8dwMgBzPuHGcEIL7massxarubaMhYvQx9y/7zhR90i
Z0iuHib3I6OBIQ68da/2eLU2n6GRKSVXd8mekXr0JpKrkdNYyD0rh5zMZgjJ1V2yLvWKPEx9Umfs
Qpdcje6pTa7mugPaueRq4pAO9TzvcjWbSthc02U4p24oE5gsEu/OiuecrhEwAkbACBgBI2AE5gUB
G87npSZMhxEwAkZgygggoLNDAQUdCgju0WNnAe7Tn/503tky5SydnBEwAkbACBgBI2AElgIBG86X
oppdSCNgBIxANnxHuZor99h5j+Pqt0te8pJGyQgYASNgBIyAETACRmCBELDhfIEq00UxAkbACAgB
jsrT8Xx6J792T7y+2TcCRsAIGAEjYASMgBEYjoAN58MxcggjYASMwEZHgJMmOYK+5mr3xNfC+Z0R
MAJGwAgYASNgBIzAxkLAhvONVV+m1ggYASMwEgLsKL/xjW+8Jiz3r3NX/VZbbbXmm18YASNgBIyA
ETACRsAIjIaADeej4eRQRsAIGIGNjMDHP/7x5lrXutaaInA/OvfaW65eA41fGAEjYASMgBEwAkZg
wyNgw/mGr0IXwAgYASNQR+DXv/51wz143G3O/XfcLzfLe/DqVPitETACRsAIGAEjYAQWDwEbzhev
Tl0iI2AEjEANgV/96lfNb3/724FcveOOO1qurgHld0bACBgBI2AEjIARWBAEbDhfkIp0MYyAETAC
RsAIGAEjYASMgBEwAkZgfRCw4Xx9cHYuRsAIGAEjYASMgBEwAkbACBgBI2AE1hMBG87XE23nZQSM
gBEwAkbACBgBI2AEjIARMAIbHgEbzjd8FboARsAIGAEjYASMgBEwAkbACBgBI2AE1iBgw/kaSPzC
CBgBI2AEjIARMAJGwAgYASNgBIxAOwI2nLdj4y9GwAgYASNgBIyAETACRsAIGAEjYAQ2KgI2nG/U
mjPdRsAIGAEjYASMgBEwAkbACBgBI7BZELDhfLPA7kyNgBEwAkbACBgBI2AEjIARMAJGwAjMFAEb
zmcKrxM3AkbACBgBI2AEjIARMAJGwAgYgUVDwIbzRatRl8cIGAEjYASMgBEwAkbACBgBI2AEjEDT
2HBuLjACRsAIGAEjYASMgBEwAkbACBgBIzAGAjacjwGWgxoBI2AEjIARMAJGwAgYASNgBIyAEdgg
CNhwvkEqymQaASNgBIyAETACRsAIGAEjYASMwHwgYMP5fNSDqTACRsAIGAEjYASMgBEwAkbACBgB
IzBNBGw4nyaaTssIGAEjYASMgBEwAkbACBgBI2AEFh4BG84XvopdQCNgBIyAETACRsAIGAEjYASM
gBFYQgRsOF/CSneRjYARMAJGwAgYASNgBIyAETACRqA/Ajac98fOMY2AETACRsAIGAEjYASMgBEw
AkbACMwrAjacz2vNmC4jYASMgBEwAkbACBgBI2AEjIARmEsEbDify2oxUUbACBgBI2AEjIARMAJG
wAgYASNgBCZCwIbzieBzZCNgBIyAETACRsAIGAEjYASMgBFYNgRsOF+2Gnd5jYARMAJGwAgYASNg
BIyAETACRmAZELDhfBlq2WU0AkbACBgBI2AEjIARMAJGwAgYgakhYMP51KB0QkbACBgBI2AEjIAR
MAJGwAgYASNgBOYGARvO56YqTIgRMAJGwAgYASNgBIyAETACRsAIbAQEbDjfCLVkGo2AETACRsAI
GAEjYASMgBEwAkbACIyHgA3n4+Hl0EbACBgBI2AEjIARMAJGwAgYASOw5AjYcL7kDODiGwEjYASM
gBEwAkbACBgBI2AEjMBCImDD+UJWqwtlBIyAETACRsAIGAEjYASMgBEwArNCwIbzWSHrdI2AETAC
RsAIGAEjYASMgBEwAkbACGw+BGw433zYO2cjYASMgBEwAkbACBgBI2AEjIAR2IAI2HC+ASvNJBsB
I2AEjIARMAJGwAgYASNgBIyAERiCgA3nQwDyZyNgBIyAETACRsAIGAEjYASMgBEwAhEBG84jGn42
AkbACBgBI2AEjIARMAJGwAgYASOwGAjYcL4Y9ehSGAEjYASMgBEwAkbACBgBI2AEjMA6IWDD+ToB
7WyMgBEwAkbACBgBI2AEjIARMAJGwAisIwI2nK8j2M7KCBgBI2AEjIARMAJGwAgYASNgBDY+Ajac
b/w6dAmMgBEwAkbACBgBI2AEjIARMAJGwAiUCNhwXiLi30bACBgBI2AEjIARMAJGwAgYASNgBDoQ
sOG8Axx/MgJGwAgYASNgBIyAETACRsAIGAEjsEERsOF8g1acyTYCRsAIGAEjYASMgBEwAkbACBiB
zYOADeebB3fnagSMgBEwAkbACBgBI2AEjIARMAJGYJYI2HA+S3SdthEwAkbACBgBI2AEjIARMAJG
wAgsHAI2nC9clbpARsAIGAEjYASMgBEwAkbACBgBI2AEGhvOzQRGwAgYASNgBIyAETACRsAIGAEj
YATGQMCG8zHAclAjYASMgBEwAkbACBgBI2AEjIARMAIbBAEbzjdIRZlMI2AEjIARMAJGwAgYASNg
BIyAEZgPBGw4n496MBVGwAgYASNgBIyAETACRsAIGAEjYASmiYAN59NE02kZASNgBIyAETACRsAI
GAEjYASMwMIjYMP5wlexC2gEjIARMAJGwAgYASNgBIyAETACS4iADedLWOkushEwAkbACBgBI2AE
jIARMAJGwAj0R8CG8/7YOaYRMAJGwAgYASNgBIyAETACRsAIGIF5RcCG83mtGdNlBIyAETACRsAI
GAEjYASMgBEwAnOJgA3nc1ktJsoIGAEjYASMgBEwAkbACBgBI2AEjMBECNhwPhF8jmwEjIARMAJG
wAgYASNgBIyAETACy4aADefLVuMurxEwAkbACBgBI2AEjIARMAJGwAgsAwI2nC9DLbuMRsAIGAEj
YASMgBEwAkbACBgBIzA1BGw4nxqUTsgIGAEjYASMgBEwAkbACBgBI2AEjMDcIGDD+dxUhQkxAkbA
CBgBI2AEjIARMAJGwAgYgY2AgA3nG6GWTKMRMAJGwAgYASNgBIyAETACRsAIGIHxELDhfDy8HNoI
GAEjYASMgBEwAkbACBgBI2AElhwBG86XnAFcfCNgBIyAETACRsAIGAEjYASMgBFYSARsOF/IanWh
jIARMAL/QeCMM85o3vrWtzbbbrtts99++zVbbLGFoTECRsAIbFgETjvttObUU09tdtttt+aa17zm
hi3HMhDu8Wfz1LJxXz/cbThfP6ydkxEwAkZgcyPA+Pr617++2W677Zqb3/zmlqs3d4U4fyNgBCZC
4Ac/+EHzvve9r9l9992ba1/72hOl5cizRcDjz2zxbUvduLchszzvl95w/tGPfrQ59thjm/Of//zN
BS5wgeaJT3xis9VWWy0PB2zwkv75z39u3vve9zbvec97mt/85je5NAgyhxxySLPnnnuua+n++c9/
NkcccUTzhz/8ofnFL37RHHXUUc3ee++9rjQ4s8VHAD572MMe1vz0pz9tznGOczR//etfmxe84AXN
uc51rmrhMZoffPDBzfnOd77mU5/6VBb0qwH90ggYASOwARB4+MMfnvs8jOZve9vblkZpybzinve8
Z3Pe8543zzFe9KIXNTvvvPNc19g8jj+Mnfe6170yjmc5y1nyGAqIXePoXINcIW4eca+QuRCvbDhf
XY0f+tCHmoc+9KHNjjvu2Oy0007N8ccfb7l6NURz/Qu5+l3velceW3/9619nWuHxww8/vNlrr73W
lXbknXvf+97N73//++ZnP/tZ89jHPrbZtGnTutLgzBYfAfjsvve9b/PjH/+4Oec5z9n85S9/aV79
6le3ytVveMMbmtve9rZZd/jNb36z8Riw+DziEhqBRUbgfve7X/OsZz0rG80/+MEPLo1c/fOf/7y5
053ulHWkzDFe85rXNBe60IXmuqrncfz5yU9+0tz1rnfNOCJXM4biusbRuQa5Qtw84l4h069miMBC
Gc4//OEPNwh8NNguxwQZ4Y+JLitGDz300BzchqUu1ObvG4byG97whs0Pf/jDNcRd6lKXalgUMenu
2pWVleY5z3lOw8D6yEc+stl6663X5KUXf/rTn/KEQ/Q8+clPzgZ8fZ83/2tf+1rm/69//evNWc96
1uaiF71o3r33xz/+MQuPD3zgAzvLO2/lET1f+tKXGga3b33rW815znOeZpdddsn1Qjlp83e4wx2G
9hFKax79ks+G9Vsf+9jHmpvd7GZzZziHzx73uMc1tFUM+8P67XmsC9GEIeaLX/xic7aznU2vBj7j
zbWuda2hCxZIg/Ho05/+dFYyo3Rm1e/vfve7bCTD0MNCCRxpUq9MTCNuxLniFa84yDs+0C7ox2L4
+F3PpH3Zy1622XXXXfVqbL/PWDx2Jo6wtAg84xnPaB7zmMc0N77xjZtXvOIVE4/zGwXIb3/72801
rnGNAbmnnHJKc9WrXnXwex4f5nH8KXEEt2Hj6Dxi20XTPOLeRe9G/rbIRpMPfOADDXPOUeYN++yz
T7P99ts3r3rVq5q73OUuuUpZlG7D0sbhbgzlV7/61Zvvf//7a4i+zGUu03z5y1+eeLxFrn7a056W
F/8+4QlP6JQz4b0rXOEKA3qe/exnZwP+GuLm5AX4wP9f+cpXslx98YtfvKFdsKAe3cCRRx7ZWd45
KcYaMj7/+c9nBThyNKeXoS+43vWul8tJmz/ggAOG9hFrEp2jFyWfDeu3OPGIBRzDwq13EZGr2bRB
Wz3ssMM2dJ1giPnsZz/bKldf5zrXGbpggYUQtMePf/zjud2xkAu+/e1vf5sX4qDninI19VrqkS94
wQs2V77ylatVSbtAdh9lfKQfu9jFLlZNZ5SXfcbiUdJ1GCMAAmwcfMQjHpH1hW9+85snHuc3CqrM
Ty996UsPyP3kJz+Z50CDF3P4MI/jT4kjsM3b+DhpVc4j7pOWyfHHQ2BhDOelMWkYDDJq/v3vf88C
GYb0RVOcDcNgo3/HOMruq3Of+9zNM5/5zCxc/+pXv2o4xvWSl7xks8cee0xcRPjqBje4QZ5kj7Jb
F6Hl6U9/eqZHPDYxEVNOAKXFU5/61AaFRZvbiG3hb3/7W96J/fKXv7ytWAvTxtl9we7DUfotFhBg
oEa5QZ1vs802rfis5wcZLxbB+IVgzm6FNseJGF0nYGD8u//9798WPb9///vf31zpSlfKz9Rp7Yhq
+kIUDbTf6DiV4LrXvW5eTBLftz3/3//9X2/lZN+xuI0WvzcCJQLvfOc7m5e97GWZpze6crAs27Df
v/zlL/PqeBR2sU8YFm9zfZ/H8edf//pXA47MhZizjTKObi78+uY7j7j3Lcu8x1tUw3lpTBpWDzJq
Ild/97vfzQvwFk1xNgyDjf6d3UF3vvOds1zNiSYYjE4//fSGY1xRLl/lKleZuIjwFfNhjPSjLKrA
6Izs8qQnPakRj01MxJQTYCxhN/yjHvWo1pQ3YltArka2eeELX7hQ5aoVhkXK7Di83OUuN1Th/41v
fCMbqHfYYYes75kXuVrGCxbLb3Tj14knntjc7W53q1VVfsfiQOZubY7+6x73uEfb5/z+M5/5zGDx
KXXKgoPSIVczntF+o0Oupj9kMckoDr3bgx/84FGCrgnTdyxek5BfGIEWBN7ylrfkU7f+93//N+uj
hi0GaUlmQ75mjkOfSX8Q+4R5Lcw8jj/I1eDIXAgd9Sjj6Lzi20bXPOLeRqvfzwaBhTGcM4Fh9zE7
/pgosYOWVYAYjNiBp3fsQkYwjEZNxUWRRofJLlW7+UdAx7ViKL3pTW86E4Ijb4xiOIeId7/73Vnx
EHlsJsT1SJQBjSMUX/ziF+fYHPnNSnFW3GJw40g8Fh9sNMM5u2Rvdatb5VMGKNhTnvKUzBP0A+x+
lfC00crVVcX/+Mc/8spp+q1RebMrvfX+9r3vfa+52tWu1tziFrdoEHCpq43qWKwDnzH+nHTSSZkP
H/KQh+RdGdQT/VObcv25z31uc/TRR+eiw6fsLGdHBxO0+9znPnmXCh+jkQx+54hqFNSMZ4xrcqTH
qQql+8hHPpKVlAjvtHHRRxq4LbfcMiuNGDMn6bvUZ/YZi0ua/dsIGIG1CGjuE/uEtaH8ZhQE1F9t
1HF0lDI6zGwRaBvbZ5vr7FOnbbD7mLEc4xlzNHbwMV/BoKp3HOv50pe+dJVRU3FZ4Pmd73zHcvXs
q2sqOei41je96U3NLW95y6mkWSYSeWMUwznxme9yl/Q8Gs6Rq5mrM/fGHXPMMXlRP3I1u9cOPPDA
vFBroxnOkTPQq3H1Ao7T95Cz6QeYe3C8LW6jlSsT3fIPeY1TfOi3RuXNlqQ2y2v6WjaO3O52t8uy
6EaWq1msA58hmzK+wIec/HiJS1wiy77wIhsCao4NLA960IPyJ9omO8u5xvGrX/1qPuFOJ2pEIxn8
zoYcZGKM9uJ7EmGhLrqy0jH2cXoji82ZQ4o+Fpzgzn72szfsnGfMnKTvUp/ZZywuafZvI2AE1iKg
uU/sE9aG8ptREFB/tVHH0VHK6DDLicDCGc459peVsayU+tGPfpR3HTO50ruaUZMGjnDAatPXvva1
+W4v7s1mAr1p06a8845VpTWHwYT7MNhRKMdRmghKu+++u1719pm4v+9978uCCsfwIshSNlb1vPGN
b8wTSujknkuEytIxAFCmz33uc/kTx2tx/C8rJImHEYWJWOkwolIuxePI8/3337+54x3vuGY3Yxl3
nN9MLsGOHWRMZJnkc7cIxjR2ojLpjI4JLTtVCXfcccc1CPcc2cqucI5X4p56hFiOVppUYGD1FKs8
b3SjG+Ud5xzRgeGV9OVq2OluSYxPrF593vOel5VN3EvK7jhobXOzxp1joMEVhyDACrvoMNZxrHSb
gbkPv3OkPpjAx9QfK9EQTGmXXbtwI13DnoU54bibLx5nyzv4i7tX4AuMjAhQcuPyoOKxApk2iGBH
ev/+979zeSgXgl108Ca7imm7/CGgYSQFD1Z5ohSiTXOM2BFHHLHmWDD6AR3NTZu4/OUvn1fz0R+g
yCwN56TPLmjKRn609dh/RNp4pl7f/va35yPCWV1NH4EACW7EZVX3Ax7wgGrbJy/axoeSUAsdhMdx
HNohhxySy5RfFP840pD+lZ3TtON4rQI0x98xah8e7NsPxnxHfZZRC0M6Ky67nBYPEKZmrEZxoB0+
COjlMezwHH0lPE3/TzuA9+AVlA2lo26oF8Y6+gIdUadwGjNrtCjMMF/j6Thj8d3vfvc83nB8nvp8
aGUBAIoRdk8yJm+11VY5e77d5ja3ybz/iU98YjBusECB3xxLzzH29Ll77733mvaoMsC7zAkYI1lo
hyMO+TLeiRaFH8en7bGoAVrJhz8wp3+iLaF0ZMEIu0Jwz3/+83N7iHmw04rjuFG+cvQnadEu2BFG
fOFBHMZFwuod+TMHYbwh79e97nW53ikT6TAX2HfffWN2Yz1DE+MV+ZEXfTl/KJGYO8CT0MoYw7gn
usiENgzu7JpG0YdjzKFPhF7af+kYR6gn8XXMswwbf/dt+7MciyNvMMegPmnL9Bko35hjsLuPsbi2
k0l9DGMHi2DgHeqUY2HZ0RKPnWO8ZTEPdaGxgDZF+2H+wvGPzAdVP/i3v/3tB7/BnbGBeRpjFOkw
PjDn5E5w7sTDuBYd/DbO+BPj0n5ZDMmYh2Osg0/ps5iPcjLHRS5ykUEU8uoz/igB9VfTNpyjMGBc
g1/BHaUrcwbaDfMB5qcsHGMuFPmduqdP4FoN2uqZZ56Z64O5C3MNxmWwIV0WOtL/y42DO/0d44Xa
E/xz4QtfOLdX+h3aMHSJNr4z32COguuLO7zPvIL+SPwE/+y333554fIZZ5yRF3XBh9Aw7phQ7goT
NrP0F91wjhzDWAYv/DAdN83YwRipdzWjphRn1B/1Da8x9jHnRd6mn6LPrznmPcgn9DtyjOOcMMY1
MpM6xijGH9og7Yr+jrLRZikT7Q466WfoJ0tHG6aPYr6LY87FiT4aozGg1mRDwlMuxaMvJf2DDjpo
zW7GMs9xftPGwI5+hPGVfCgLxjTG43JeQ1mR/cDj8Y9/fG53LD6m36WvQnagX0I2n4ZcTZ+GTMGO
c644os0Ok6vp97hTGuMTYwLXtTCPgIcYE7rmMrPGnWOgGatxyITIgNFhrIPmNgNzH34HO652go+p
P9oZci/tsmsXbqRr2LMwJxwLb2mD0TH/YEyAL5DnYj84Lg8qXeaxtMGTTz45p8e8iPJQLgzC0cGb
zKE1TjEmYSQFD8YX6GccZa6CQZPxNjrmPR9KcivpMN5wSiF/17/+9TNvMc7GMpH+S17ykoFcTT6x
/4hp80y9wg9c8ceGHPoIygZuxOUIf45Gro1Z5IXOhD/kOcLj0EdRRvKtuS984QtZf8AcDZmJti8H
TvG33uP34cG+/WDMd9RnGbXoL0o5uExDiwd4XzNWI3dLR8OcsjyGHZ6DB+AN+hzaGbxHO9Z8KebJ
3Ih5HG0QWbWUqzVm1miJ6XQ9azwdZyxmfsg4RV+h+T18hH4aOZc+n7FZV1DyDVmEfhVZhL6eqw5p
47R/sEKuRh8OL5ftUfTDu8wJyBv9FI5+mjkw4105/ijeKD79CosawJw/8qL/ZX6BXMS1f+CMrIhD
Dil1rshElBsZFX6i3LQLTjcgvrAiPn3AO97xjgFG1ANzEMYb8n7lK1/ZICMRh3TgK3QHfR000a6o
E/Ki7+OP/hU8dff4rW9966xHiLTShsEdPYPkJ3Ti9BfQS/svHbxBuqqTmGcZNv7u2/ZnORZH3mCO
QX3SlpGbmNsxx0AntynpHWtytfoYwiObHH/88blO4XOuv4j6PORR5nLwDbhS97QL9DLM/dDFUGdq
W9QT/K/6AnfGBuZpjFGkg24OGYx8GWc0pxDu8Ns444/i4dN+sYMx98VxeiV8Sp9FnbCJbtdwPSN5
9Rl/cuLpn/qraRvOwQp9BvwK7uiM6HNpN+hS6LNoL8iUkd+pe+n5qAPkTOqDuQFzDfoJsCFdFlzR
78uNgzuLpJh7qD3BF+DKnJB+h7YGXaKN78xtNJ73xR3eZ75PfyR+Yr6GXhidCifrcRoSZYeGcccE
+hG7/yKQmGkklxrXyjz/pcF5JSnqV5ISaSUxRKY1KUyxcK4kQ+HgXWo4+V0yDAzKk45mWkkDYX5P
+PIvMfRKMuoOwguHJFiuCRvjpmO7VtKAuiae4o/ipwnAII808RjQkRSlg/fkmYxPK0mBuiqvJCis
ChNp4zmmJ1pSg1tJnUlnvCSMrMpHccf108C7kjqU1rygjzAx3dQBtIZX+ZLhbyVNjFfFi2mM8pw6
mKH5kF+aXK7JJ03qOuOmY+XXxFkP3OHFpJzMtKVOfNAmSjzSTtRcL2nyvIrOPvyeFJ+dWKROfeWH
P/zhqnxKeob9ThOclST45HzSbvpqWuQBP6XBdIX2rjT78CA4pklUZ7ngH/VD5FXyLbSkCVPus8S3
8mNbhi/SDuTOvGrtOAkDa+LEdFV++cn4sSa86JFPPkmpMcBOcQ899NDWuLTFpEwcxEnGiZV0DFRr
eOU1zT63Tz+osvXxk3I3ly9NvgflbksnKfxyWPgSbMpw8Fqa3K6UOCpcMhjl+Ixx8DhjIBi25a2x
jrpUu0vC8wp4J2FrJQnGOX5aPb+GFuU5zO8zFhNHdR/9ZKzLdNT4k2+M9zF82zP9Qjk+wpfCqxYP
jJISqjcOmn/U0m57Rx0IX9VVW1h4hr5P4WsYUT7KDb6UJ6alb4o/jg9fJiFvVXrMd9K9paveKb8k
mAzorPVNCoefdmYMwkaakkCwJu04j4th9dyn7a/HWMy4E8vc9kydJYFwDR7qY9riJWP4IE5SKq3J
S3OkWj2SpuZPtJG2PPQ+HZ87yEu41+q4a/whXhI4V5JhZ2h+Zd82zvgj+qKvdgbWtXl+DDvOczlH
F16ln5R6A7xJv9ZWk7J9JRn31mBT0jwO7lG2EE3qE8r5ir6rP4bOPrhDX9ecn3xUpr5jwjh1NK2w
IwnRGzBQUj6uJEV9bpdpIXEuAXNA6ikZYFf0Limh8zt4Si4p2FfSna5reFa8lIxtud9QePlpV2tr
HOIyxiRlqIL38qOMloxWAzrKMSYZn1aSImtVHsmw3ElfTE8RkxJxJSn4OuMxRk7DMZ9L9+i25gV9
hIkuGRBbw6u+GDMYLyZx6bj1ofmQH/1E6ZLxqjNuUgqXUVbWA3d4ETkWupMCdNAmSmKYi1AvSYG5
6lMffk+GnE4sktJ3JSlpV+Uz7o+k0F1JhuacD/JszaUFVivwU1Lwr9De5frwIDgyhxS/1Xz4R30O
eZV8Cy3J2Jn7rDJ+bMvwRdqB3JlXrR0nw9SaODFdlV9+MnKsCV/SRT7IfqVLRpzWuLTFtMh5ECUZ
EFducpObtIZXntPsc/v0gwOCezyk001y+ZCrhrlkBMph4UuwKR28lgyPWa6OOCocch+YMcbRjhgD
+d2Wt8Y66pI2gUOOAO9k1FlJCyZz/LRRSVmM7fcZi4mjuo9+WoiR86/xJ99GmYeTHv1COT4ybxNe
MU89gxHz7L5O8w+lN4pPHciprtriwTP0fXI1jCgf5QZfyhPT0jfFH8eHL9PCmFXpMd854YQTVr1T
fszT5Wp9k8Lhp5MEFXSVnxbxrEk7zuNWBf7vjz5tfz3GYsadWOa2Z+osGbXXFE19TFu8tJh+ECct
olmTl+ZItXokTc2f2mSbmC/6nNLV6rhr/CF+Miav3OUud1lDa8yL57JvG2f8Kenkt9oZWCNnTcuV
c/SyHPqdFooM8CbvWltNi0xW0oa6NdiUNI+De5QtRIv6hHK+ou/qj6GzD+7Q1zXnJx+Vqe+YAG12
/0GAFTgjuWkpGGaVjpTUGBCkII/vZMTSu7RiZaDsk+JMTIyBEMENQUzv0gryQXjKkHaPDr7RKaUV
O9kgl3a6rUSlZjpeaFW8ccvPJAFDNcomKZRIAyUjhjd9iwsG+M7EhPDQT1lRsDM5R4mqRQIxPdEV
Bw6EGBo6nTzKSsUjTXBUnD5+pI/0mJzwDoUtmAn3kkbwAF+EHhmBCctEmXcYGdOO3VXG0T70Tctw
nlahZuzAHQUptGKkKo3S64E7fC5DEYqucXDpw+9ptfOgHikzSlfKnVZ1rRx77LGDb7HNjkOTwkZl
MTjrfemn3S65Lagv6MuDCD/iTxQmtH2EL3wWJOhbNOrQ9tLqvUF7VRj8tEt2Je1MW9FkFF5ggsVf
2ok7SI82nlayraQTDAZtm/hlG1G5abOUWRONso9QOHyMqNAQldq0fwTI2B5riz5k/GXAB38GcZSA
6n9IR3mBAwa/WP7ac81w3ocHYx2P0w+K3j6++v/SwFOmRXvUgo9yfIlh6WvT1QoDQ3f8JgUB33mv
fgslbQynZ4111A0GubQqeUWCE/Qi7MNjaSdwNb7S6fI1xsZ2Hd+p/emdxuKy/TC2KSz8GQ09CJJp
x2QeM1joE3mIsiF00E7U3/GdcUF0CwfeI+ww/sC35IORSunRHshH8cb1WVgV+336xEc/+tGD9FlE
QptRvxHbl2iEPhSGtEVoTDtsBvGjQRpej22V9s74LZpZFKH2DU3grW99fPrxtNtpJa3yH9Aj3Ogj
qb+04jXjS10rD/XX1BO4I+yi2EirfHM6vE87RgbhFQ/eZM5Dnho/Yh+rcPL7tv31GIuhEd4QXvJp
t2kV+woLPfSO+i8XcKiPIQzPLLhAma76hZ8YP8gnrfjOY6/aAvjGBYnwCLxCWnwDY8XVWMc4R33z
njaSTvsZ0NdWB+OMP6QbhXsWC8Hb0PnEJz5xkBc0lv3qOOOPeCP6ameUHZ6J3yZ5BvfYl6g+6aOp
42gIT7tUVi2CQSHG2K2+Q3GhkXGQdsNzrX8aFXf6tUgfvKdFbozTCPO0X/JmnGLOGPvCcXFHjhAP
kiY8nnZBrLD4K/JzrIc+Y8IkddY37khC9AYMJCU1BgQpyOM7GbH0jr5DTooz8S4GQsavyHO0g+jS
jolBW0+7hfL8hHToc2K/zNgyiYO/6V9QNkmhRHooGTG86RsGBJWR7/AH4SkTZUXBjmGGvlGLBGJ6
xMHFOQqKcPocFFiMi4pHmuA4iYv0kR5zOd7Rv4KZ6qKkETzAN+1+HRiBCXvMMcfkd+mEnLygjbqY
xE3LcJ52VmfsUF6jIIVWjFSlUXo9cAcTGYoY08dxffidPlH1SJnppyk3fTOL2PQtttlxaFJY2qrS
Auc2Rx9OW1A76cuDyEDKD8M/sknaFZZ9FiToWzTq0PaY+6i9Kgx+2iW7wnw7nUyQ48ILGDT4Sztx
B+nRxhlrGVfVtolfthGVnzZLmSU3lX2EwuFjRIWGqNRm7sQ8I7bH2qIPyXaMk+CfdjhmWUE0ko4c
OGDwi+WvPdcM5314MNbxOP2g6O3jq/8H/y5He9SCj3J8ifHoa9nYIUN3/Ea/B358x6nfSjt3Y7DB
M3nSj1M3GOSY+zEPIw3oxWgIj6Hf7Os0xsZ2Hd+p/emdxmLaUWw/tBWFpezR0JN2Iq6k0xfymFEu
OqZszDtpJ+rvKB8LneWEA++RWxh/4FsWH2Ck4j1/tAfy6euQIWO/T5+IHKL0WURCm1G5Y/sSjdCH
vE1bhEb0EIofDdLwemyrtHfGbzkWRah9QxN4T+Lox9HNRD2B6KKPpP7SjumML3Utp/6aegJ35GX0
/kceeWQuF++xjZQO3mTOQ54aP2IfW4bv2/bXYyyGVukXhBk+7Tbt7h7ox3hH/VP30amP4TvP6CWQ
T1S/8BPjBy7t8M1jr9oC+MYFifAIvEJafANjxdVYxzhHffOeNoLOivD8tdXBOOMP6UYdMouF0DdB
Z9rVPsiL/Mp+dZzxJ2KoZ7Uzyg7PTMuBe+xLhBd9NHUcDeHppIBVi2DQdTB2q+9QXGhkHKTd8Fzr
n0bFnX4t0gfvaXEW4zQyNu2XvBmnmDPGvnBc3JEjxIOkiX4BOyQ6o8jPsR76jAnTqr9FSGdhDOcI
fgwQ7PKgkfIHo8NIKPClgEchi5KGSYXCSXFGWAZIvceXgjYaf2J4mDyG17OUSjXFlsKM6jP4YbSO
CiXF1bfSKKYdTcRB6aDw+MRBYQ9tNGh9iwNOiYPiydCDkk3KVcUfxxeuDF7UUxmXlV3UB38R+xgu
Ha2Rv0djQ/w+6TOTDLBD2QeODDa8g9f0V8tDE9FyRyC8Rzr8MeFR3PXCnUmCFOul8lm01Pw+/E57
k9KVxQORz5SHDLrU8biGfKWBr3aOsbXk9RiufO7Dg/CA+BJDcdkG+K3Bqqxn8ld7VRpMXiJdCFz6
HRceYCjUe3wWzmjnNvlQt/F7fFaeZR8Rw/CscNCGwBm/S3DEuFGWWeHUXpjAE0ane0QDqsLia1cb
39We5JNWDNuHB4nfpx+M+fZ5lhFgWBuLhgQmT+PmBa/TniOfqd/kHbxaphlxFA/KH0ZvmVbbb+qw
71gs+qGp7BM00Y/jOTTE/hP+RGAUbfBhPB1CCwI0doCTjEWKU6Y56eI38QOGTdJWvTH2KW/R02aE
pF8gnvo3Ta5r4ZWf2pXKRVwZrqZV16Qt2qkz+BGFhfLEhx/i7/hMP0bfxfgAb2pRzTD6VOe18iv9
Pm1f6VKWWc+BoFPzRPJDsSba8ekf4U++Uafxm+q4nH+yOI3wtT5X85LYX5AmbSQdL5fjRTzb3osO
FlqRF0opvav5Gle6xh+UCqTFX6RB6bFYQt/beGPc8Udpq08El65xVOHH8Sm75szMT8q2EZV1KC3L
tFXPlB0FSOzbyjGyjDsK7sRRHmX9UP9S/HT1gaPiHhc+lbwOHTrRqKyHPmNCicWsfy+CMqBWBhQ9
nD7DXF1OinkU+FLAwwPMe2nHclKcwbsoe6OTgjYaf2J45uY1p3Gvptiqhe96h9Fbxg74Izp9K41i
mv+jhCoNLsRBYQ9tGPzkmA+r7ypxIAzxZOhBySblquKP4wtX5hZRqa40kEFFCwb8mktH3uYw0dhQ
C9f3HQswtIsTHOnTeAev6a+WtnaclzsC4T3S4Y+5htx64Q7vSLGOLDqq68PvtDcpXVk8EPlM+cqg
Sz2Pa8hXGvhq5xhbS16P4crnPjwID4gvMRSXbYDfMryU9Uz+aq9Kg4XE0aFsl4sLDxhzo2PhjHZu
k0/ZL8SwyrPsI2IYnhUO2lDsR4fuiveM7WWZFY62Af4Y9wiDXEScaEBVWHyMA/qu9iRfi58Uvg8P
ErdPP6g8+/rSqwxrY9GQwHx+XAfWtOfIZ+o3eQevli7iCPbxbxi9ZVptv6nDvmOx6Ieusk+grYhf
NJ5DQ+w/WcSGgVUOPkQvq3JqQYDGDnCSsUhx8GOayFeTOPEDhk2c6o2xT3mLnjYjJP0CYxF/OOkE
a+GVH+2OupAjXxmuplXXpC3awRh+RFaOLtIQ3/NMP0bfxfgAb2pRzTD6VD+18iuPPm1f6VKWWc+B
oFPzRPLDUBod/SP8yTfqNDrVcTn/ZHEa4Wt9ruYlsb8gTdrIQQcdlONFPNveiw7pfVlg2uU0rnSN
P+i7oJu/SIPSZbGEvrfxxrjjj9JWnwguXeOowo/jU3bNmZmflG0D+57KhZ6idKpnwrCILvZt5RhZ
xh0Fd+Ioj7J+qH9tEujqA0fFXXodylLyOnToRKOyHvqMCaRnt7KyMHecJ6ZZ49Jgnu80SkrEfO5/
291cqdHkO9eS0JXv2OMuIrm0mjXfCU0aaaVdvodC6RImKRzz3SFpAFaUfAdO6mjz/Y9JCZTvj4h3
Kg8CjvgQ6UuT/lX3M+vbbrvtlu96UhnTwJnvoUzK8iZNJJrUUPO9dNy7kBpQvqeQezviPR9poM73
u0BWMpTl+8JTIx9Qyd0+SZjOd0lEPAYBRnxIDa9JnUq+6ymtjsn3tNSiptWN+b7ntrxEb1K05ruU
a2lM+k74whsl9m1pi64kFOV7tRUOLLlTIykN850r3DGCU3ieZ4l75NukfM53nJAn9ZGU9E2aNPNz
4FLHne9MS4rlwd1go/I7fJgE/Ab+434g7hwpHfly7zh4pEl4vq+TPJMhJt8/UoaPv6mXNIlpkiGo
UbmSYjrfdRTbb4wTn/vyYFImDO6Ap41zp03p0iQ831VD2dMkcYAd4cRPaYdKkwSWfHdUGV+/06Ca
73RMCu3c7sq7yagX7twZ1scoz7KPUD7yFa7WD1Ju7s+rtUXubeWOXcpTc9DPPXTqmxRG9db2XeHw
FZbnUXmQPrdPP0gekzjdPxzbmNKjjSXBO/fh3IPEXZ/wQhJmV92fpPBdPvcPpUlZviM+GWAGQZPi
J6eZVrXmu3MGH9KD6jgJlvk+MO46ThP1fBcvdx1zv98snOoP/klK+DW8EPMUfsmImu9/AifaFL+T
knRV30k8pU07qLXJJGDmMZr7tIWJ8iA+43ocv7l7iDhpxX3Ob9LxRXmJH1QHcUzRGFDmRb/MmJAE
HEhd48rwBEhCanOVq1wlh01K1HyPIj/SauYmLWjIdyLX2mOO0OOfaOeOP+4C3HbbbTtTAWvGhHR0
XB4faoGFVe0b71TntfIrTp+2r7KQxizHYtEo3tD4p/fyaZvcv5sWJOR7vJnL4RSv7DeSsXMw1pbz
FfEd/U3aJZLv8SIt7i2kH6qNI0l4z/fjEY770OAr6pe5IDRx71VS6vC51SnfrvFHYx33A9KGa/dI
JgEx34ucVsw3u++++yC/vuOPEhB9sT3q26S+0gbzpPDOfXWZJnyWjMZ5js69vXGcVD2nRXr5frL4
rUyn/K28u3AnjsZ2niO29Jdpx/sa3iMcbhzcmW+lRSK578c/5phj/pNI+M/8+PDDD8/z7KQMzXKL
PguHUccExVsvP96Du155bq58ksIl323K/JvxpY0n4T/qKy36yvdsx3k5fJaUuXkOn3Z6ZLla6VKu
pHDMd/ORhhyy64fSnbPpNJnWu6IVdhQ/0pd2YKy6y1jf6GeYW6mMjCnJ2N6kBTaZP5PBK99pCm3c
A859iZe+9KVXydX0bbovEZmQcFGuJi5lomxgKjxGKUMMQxvjTs+0yCWPXbSZmkuLcLOs1ZaX6E2K
1twea2lM+k74whsl9m1piy50EIcccsggGFimE1ayHJ2Uv/muYT4qPM+zxD3ybcyf+kiKzKpczd2T
Sdk7uCN4VH5HBkRvAP/RR3JHdunIlzuJmcukhSlNOokv38WLPoV7Lrsc9cLdufCwypUU01meiO23
LY2+PJiMMYM74NPisjwXKfNIhuNct5SdeTHyqJz4iTtl0y7hPGfSt9JnTsM9zshOPJdyddoBmO9s
R0/WxZvKs+wjyvwUrtYPkj5Y19oi4zJ8i8xSc9Af+yaFUb21fVc4fIXleVQeZKzr0w+SxySOORD9
ZGxjSg+5mnpDnkVeZNyBF5LhfOh96EpDflqk2aTTLLP+FDkFnsbR1kgzbSrIejyFx1cdI3s95jGP
yfeHo9eCF9PCv4E8FuNM41n1N2wsJi/hx7jLWANOtCn4VzofZDg5pU07qLVJZGTSoj6EifIgDcYx
cJGTXP3gBz845zfp+KK8xA+qgzimaAwo86JfRvcMDjVXhicMMifyCQ75lPuocbTRdCJL7k9q7TEH
6vFPtNPPwZPDbAjI1clImGU7+siaE1a1b7xTndfKrzh92r7KQhqzHItFo3hD45/ey6dtoidDdqWP
kFyteGW/kTaC5XvtiV+OCeI7+gZ0GuhYcNiO6Idq4whztIMPPjiHY7wlHPXLXBCadtpppwGv5UCV
f8q3a/zRWIethzZck6vRC6WTevP3tEFzkFPf8UcJiL7YHvVtUl9pgzk6kHRc/Zokad9poVHDHP0F
L3jBYA5PQNVzWqSX58qa369JpPJCeXfhTjSN7Twj/6fFNTzm/nLPPfdcw3v5Y/o3Du6MTWkTa9a9
p8UiTTqdT8kMfObHjO3oVSKvE0A4jDomDBJd9ocE/EiOFSMb7S8NEnnVSVLWD3ac18rQteNEux3i
bgylm3hnsKql7TkpIyfexdJFn75F+lTGuKO3Rl+5EziuXKmFj++G3VcpGmp+3Gn5wQ9+sJWv0uCd
8WV1jk4MiOmJ3qQ8b00jhu/zLHzHqccuurS7J028BjQrfMS37XkS3FUW0o75Ux9t+bGDrQ+/x91+
aRI3KGusA3Y0cSQreXN0Dd+gJSnkW+mJdOoeZuXFStPySNuYX3zuy4NpAM601dqb0o9lYAWY3uOr
Dth9Vh7XH8PxzCp0ysuRWeW3mNYw3lSeXTQPS088UPalSfBYVVdJuMzXJWg3PPSXcVSWtjT1PfoK
G+u/7bnEY9x+MObb57nWxpWOeBXejTyYJrjVOla80o9tpw2H8vhf0hAvwH+s0uRdmkzlOmQlcJnP
tH6r/tp4IeYjeigXu2f4pmsMajystOPx1DE9nlUnGivUttqwi+/Vz5RpjvpbeavPVR1EPtUYIPpI
m914kQ7KnoStFcZtvY/hIz3aycx4kZQieQ5CfsTrGnNjGqM+i/YkEA/ln5Jv6bMZ39OCssHuamgU
Vm00qM7byq9447Z9lUX4dvmTjMWiT7zBLhC9i77aQuQVviteiVONt2J6Oh2A9Ng5QH3oypta/aXF
X4NTANqwGNZ3iaZa2xVtwr1trqdwpT/J+KO0RF+Jsb5P4ivtrvFedULfyO7JmJ/quY0/YtjyWXl3
4U6c2CbZ7ad3aYFa7i9qbawP7iqL5nolvV2/1Q7gwVHGhK60ZvFtJCF6QQIlxU7mi6SsH+w4rxWt
a8dJUtDmNJJxZ5CG0m3rZ+L7pIzMfFrLd9R3XfTpW6RP6cJ/kZbyudwJrB1JZbja72H3VYqGmh93
WnItS5tTX8suwrjDUOFFL/L3rJzwHaceu+jS7h7mBXIKX8O5fDcJ7ioLacb8qY8yH/1OSszBjm69
6/KFU9ztRz9Wc0lRmu9vJj0dVQ0t7FrsykPfdA+z8mKOhgw/iuvLgxoDa+1N+cYycBRpdKoDdp+V
x/XHcDzrmHZkippTWsK8FoZ3CtdFcwxXS099XtmXxp2C1Esy0q1wXYJ2w/OujCM629LU9+grrOq+
yy/pH7cfjPn2ea61caUjXoV3Iw9yZO44LradNizK439JX7wA/yXDYs4yGdFze+PkqFk51V8bL8R8
RQ/lQm7A6RqDGg8r7Xg8dUyPZ9WJxgq1rTbs4nv1M2Wao/5W3upzVQeRTzUGiD7SjsdhQw9lP+yw
w1YYt0VfDB/p0U5mxgt2fNMHkx/xusbcmMaoz6J9lJNfSr6lz0bHwcmwog8ahVUbDarztvIr3rht
X2URvl3+JGOx6BNvIDfUnNpC5BXCKV6JU423YrppkVrmAdLjRArqg+vNKGet/jilIBkrB/xWw2NY
3yWaam1XtAn3trmewpX+JOOP0hJ9Jcb6PomvtLvGe9UJfWO5i1z13MYfXbQp7y7ciR/bJMen610y
Yud6r7WxPrirLJrr5YxG/Kd2AP+NMiaMmOzCB2M13UhuFsqGWadJ5wdDDFPWS8FUU5zV0pDxg7Q5
6om7i0855ZTqH5MmFFOTlLWLPgY66K4pxzDMcTQkd9JwrE5aCZnvK0urmwYddlSKcX8NZSI9DKZt
ZeK9jpjtU66oqOOYoLY0RE9NoUgcKQBiGdrS6vu+C/u2NLvokvIwKrxVzlnjTll0VG9aaTTAnfpg
gE2rJbN/3eteN/MBhqi0Wmxw3PU4/I6gLQM4d5C1YSUDluqQSYeONiW/rj/oJd2YV035X8u7Lw/S
1qGJsnE3TS3tiHOsZ8KOw08yfkmZXeYlw2ut34phlWetj6iFq6VX6weJq/rTHbgxPZRDYNXW/yrN
YXSR5iR97rj9YCxDn+daG1c6KjP8HnlwFAyUBn40JIA98eOf2g19dYwnXijrOK3czEf1x7DTfFa5
23ihzEu8T3jGOPUlNQOS0mZcw0hcpgXOpRFIfMsCD9JsG+s4Nov+pUxznN8lP9TqoBwzCKO+moUz
5SIbCf/qN0t6In/QZzFJhyfo02uL0Mr44/wuae+Kq7qCFuYlsb5iPZX9Zpmm0mkrv8KP2/bXaywW
feINxl+9i776vbK9Kl6JU423Ynp81/gKdizsoi4w7GIkj2F5xpCbdlpkoYqxlTkkf2mFeo5H3JK2
Mg3R1NXHiYdG7R+Uh9pxn/FHaYi+YeVQ+HF8pY0iq23OrMV4lL3NcF7W8yg0KO8u3JWOjvgXH0iA
BxP6X4WT3wd3xRnWZpVH6Y8zJpRxZ/17JCF6QQJJuTpMWS8FU01xVktDxg/6FI5XRG6g/6v9cdwm
iqlJXBd9jEvQXVOOYZhj0SF3InLcOVcM0CdGRWhUinFvImUiPebEtfLonY6Y7VOuqKjT3by1dERP
TaFIeClbYxlq6Uzyrgv7tnS76JLykHmBnMo5a9wpi47qRVaToz7oVzk2FD+d6pL5AENU2h04OO56
HH6nH5MBnPtX25wMWKrDtEtqcLQp+XX96W7kmFdN+V/Luy8P0tahibLF+z5jHhHnWM+EGYefZPyS
MjvmwbMMr7V+K4ZVnrU+ohaull6tHySu6k934Mb0mEeAVVv/qzSH0UWak/S54/aDsQx9nmttXOmo
zPB75MFRMFAa+NGQAPbEj39qN/TX0YkXyjpG/uBo31k5lbuNF8p8xfuEZ4xTX1IzICltxjWMxKUD
59IIJL5lgQdpalwrfa5LoH+ZxJX8UKuDcswgjPpqFs6Ui2yQSalj9ZslfZE/6LMkt9Cn1xahlfHH
+V3S3hVXdQXtzEtifcV6KvvNMk2l01Z+hR+37a/XWCz6xBtc8VVz6vfK9qp4JU413orp8l1Hh4Md
C7uoCwy7GMlLhyEXfQf5MLYyh+QvnQ6T4xG3pK1MQzR19XHioVH7B+Whdtxn/FEaom9YORR+HF9p
I1e3zZm1GI+ytxnOy3oehQbl3YW70pEOXHyALkV1S/9buj64K86wNlvmpd/jjAmKs+z+UhjOhymO
pGCqKc5oWDB6TINOl7C81+6HmmIGoyONuvZtnHdd9Okuh0gfaUtxzr1Qtbyk5RqYJQAAQABJREFU
hIpKLKVF2ShjLR7vUBpAU9v3Ud5L8cuuSHAq45C+FLxt96lr0hLLUKYz6e9onKxhgqIzKv/Jr4su
lTsqQtcT92PT3YHwLX/lbmhhdeihh+bv6TjFXC99+J36k+EnGumVB754FFrS0TVreCCG7XpmAiKl
LLzbtuuciS4GJ+20VV2Mw4M6gQKa23baacAmDHlG2rvacgzHs/iIMtWU7jKe8b3LuKc8yz6izE/h
aunV+kG1DcqJorNMjxXFfGvLV2lqV2wZP/YLfXiQ9MRj4/SDJR3j/hZfxTauNFRm9Vky1IFTOs5q
DYbES0firqSj8Fcwbisd7UZORy4P3ukbviZD9J3xfVcdx3DTfla523ihzE/1Bi76azP6Km3Cseqy
TEuLXfiOUMl39YMYzsv+O8bHmNj1PYZtey75oVYHauvii1gm6j+mTX+nXcIKH7/rWWO88MOvLTxQ
+L5+SXtXOgpLn1saCdmFqAUStbYT0xU+XeUXD43T9tdzLKY84o3aQizqOR3Tnvm/XBSieCVONd6K
uPH82te+dtCmxBttC87IB+EUQ1WZjvCtjRcxrGjqavuRprZ5CXd7IiSyGJT0Jx1/RKPoG1YOhR/H
V9rgnI4hX7OINi76qy2Qa6vnUWhQ3l24Kx36OC2oRcnFQltortHUF3f1R/B6uRAIOuB3lEiPeMQj
qvKF+E08i982Jqhc6+UvkyJBytVhiiMpmGqKs1oaLJolLPVKv9bmMDrW7nZuC9/2vos+nahQllGK
cxaz1ZzmXVGJpbQoG2Vsc+xUhKZJnBS/7IoEp9KRvhS8bfepS9kay1CmM+nvaJysYYKiMyr/ya+L
LpWbeYHceuKue73h3XI3tOhBDuZ7OrYzv+rD79SfDD/RSK888MWj5IVM0ddhcJFSFt5lrKo5DPgY
nLTTVnUxDg/qBApobttppx1khCkXDXS15ZJm8RFlqindZTzjO+NHm1OeZR9Rhle4Wnq1flBtg3Ky
cLd0nNjCt7Z8laZ2xZbxY7/QhwdJTzw2Tj9Y0jHub/FVbONKQ2VWnyVDHTjV7lQmHguIOZGKuYic
dCrpyGW9WuWnK2Yy9vSd0XXVcQw37WeVu40XyvxUb+Civzajr9Im3Bvf+MYyqazbUhrI2Dj1gxjO
y/47JoAxset7DNv2XPJDrQ7U1sUXsUzUf3T0d9olrPDxu541xqvs+MxNp+1K2rvSV1j63NJIiJyt
BRK1thPTFT5d5RcPjdP213MspjzijdpCLOo5XRGa+b9cFKJ4JU413oq48Yx8GnmC53QlXhks/yYf
5GpktNIJ39p4EcOKpq62H2lqm5egE3rQgx6U9eKkP+n4IxpF37ByKPw4vtIG43T1w5pFtIzb4vna
Arm2eh6FBuXdhbvSoY/Tgtp0PcDgFMkaTX1xV39EecuFQNABv2OrYHEvtJdO/BZ5t21MKOMu6++F
NJzLsMsuMpiBnRy8Q+FTU6SwCgQjH4qz0kDFsaZKg0mm4kuhRefHpAKlj76xWwOhhnjTUMZFRRWG
EhmUUC6QvuiTQRA66Ph5zx8T7aj8J5yOUo6K55gPyi1WCapM5El+KOFIc9JjSjWQkhaTFQQh5YWS
FoWY6C+V/dBPedJdbTkMSr7TTz891y9liPWkNPv6pCsDPvkw2WIiQh1rEo0RgAFQeUS69A4fmjlq
l3IxoOnbeuKOgCqegQ54V3TgYygSb0SlfB9+P/744wd1yEARd2ijHJeRhF1OXYbfSF/bczRoUz6E
b9okdUWbJn/xE6v/SacPD0ZjBukhZMe2zwClfEqlLvUMn/MdGqFL/RLfyrJFRTHhEaLhIepIR2zF
tGL8mK76t9gPkl/kWeIyaaZORFtMr9YP0hbSXX25PPR32rGIYijirXxjejzH8mkBEm2X9q6FEExw
FK8PD/bpB5XfuD6YQ39s4/SbYC28ZcRVvyvjhniGNqN2QpvAkKBvRx11VMYCnNNdRPk9/UhpgIRH
WGkr3gADykK4Nv4bt6yjhgcTyjjqWBzT1YRQ5S/HAYWNdUxYVu6y0IKyIrgofjTYxDgcDw3vKz3q
CsWLFv6orvR9HJ+6UBtRn686p51pMZYMyowxpA89fId2FleQDvXHYibtnucb4WP/E2mjf1HZ8cv+
KIbt8wxvQ5eO0YcWfovfNU+JaUe+pC3wjTaT7hIc4A2twirGVbrgp53SZZ7krzixjudxDgSd6tMo
M/MMxiT6a3ZkSInDN/oBlYsyxj5G7/Hhm7a5rMLFOQ1pdx0jrn6Y6wEQvJUGvhTZ8Gk5fo87/qhN
QA/pwSfia9oxgj3f+NP4Pcn4Q1sSP5E+efI3bEyO5R/lOZYL2lnIxMI+6hiFruZAfNNCRdJVv8nV
J3yjPcSxRNiUNIyLe4wfF/yRJ3/Mc2MYnvviHsd7+ImjLZU2CwzTfeo5T2Qq8NG36I86JsQ46/G8
DAoEGXaRC+ENdnLwDoVPzcGjGPlQnNHWoqPulQa7YeWk0IIHmDOg9JGDJzSvnIYyLiqqMJTIoMS4
QfqiTwZB6KB/5T1/LNKLyn/C6SjlqHiO+aDcYsyXI0/yQwlHmpMeU6qTIkiL3UL09XL0RSjERH+p
7Id+ysMpeoRhcSa7JaGfv1hPSrOvT7oy4JMPu/VQ+FPH6Z7GnD9GgKjoE13s8o8OmjlqF5qZI8qt
J+6MJ+IZ6IB3o8NQJN6gvuX68Dun9KkOn/CEJ6zaoc0YLYUxu5zo+yZx0aBN+ZADaZPUFUZn8hct
7K7C9eHBaMwgPRa4xraPPK98SqUu9Qyf8x0aoUv9Et9KFxXFhGeuBQ9RRzr9RWmV/VZMV/1b7AfJ
L/IseTNfo07Iq0yv1g/SFjZt2pTLQ3+nHYvIhRFv5dtVPi1Aou3S3rUQgsWkcn14sE8/qPzG9cEc
+mMbp98Ea+HN/IE6U78r44Z4hjajkwxoE1FPgwyB+/3vf79yhStcIadDP1IaIOGRj370owM+AwMc
4dr4LweYwT8woYyjjsWRhGP+a/wXNuU4oLCxjgn7nOc8J8tqlJXTHhU/GmxiHGQHeF+OusJ4pIU/
qit9H8enLtRG1OerzmlnyJQ4GZQ1ZkAP36GdxbqkQ/2hs9Lueb4RPvY/kTbasMqOX/ZHMWyfZ3gb
uqTjY3zkt/hd85SYduRL2gKONnPqqacO8IZWYRXjKl3wY/wgXJkn+cvFOp7HORB0qk+jLMwzGJPo
r9O903lexHv+6AfkKGPsY/QeH75pm8sqXJzTkHbXMeLqh7keAH1edB/4wAcybfBpOX6PO/6oTUAP
6cEn4mvacbqPfcDLGr8nGX9oS+In0idP/oaNybH8ozzHclE2FjKhg6COkaM1B+IbC+3l1G9y9Qnf
aA9xLBE2Ci9/XNwVD196EvLTH/Pc0vXFPc5n4Cc22sih29h3331zvshU4FNzx4w4JtTiLuO7hTOc
R2WpmDT6KMlhHilTasoiOlO+R6Wm0tAOUgaPqPSCKTEqo3xTWHx2ccgQojz7+NxvFNNte5axs8QB
+ihPPGKTNFQe0YRxLqaNgQbDV3zHc20nitIY1WdyEtO94hWvuMJffMeu1ZheWa4YVs8Ysum0Y7xJ
npngKe2arx2zpZKUsKIlKg2VRtxJv564I/yKBnwwhy9kMNe3eOdxH35nsqEdc0qzVscxn0nqiUUA
yqfNp4xMfJVPHx6sYUG5YtvHGCGjGHmVCt8afbVdf1qEUQuvd8pX8UdpI4qr3X1xx5++yVijnWJ6
j694TLDj+67n0gBJP6yFOMSjjyrjxx3VNdyH9bklFqP2g+KPUf3aOFKWJf6OWGBIUR3GMPGZ74Rj
Z398r2fKCa30QTL46hs+O9a1ozC+17PGjVHLO0q4EnvlJb8ci8s0WUAVw2KwKcPwe1g+SoN+L8bX
iQj6zmRaxhu9w9eVEDHuKM+18YCd4uV7FHeRfxhvUcTuv//+g/JHemrPbfX38Ic/fJCG2uwotA8L
UxrlazTVFkQh3AzjdaVFOBlkTzzxxEE59L3mRyNwyRejtv31HItrc8yyXCig4AfqpDaPQEnAt8hD
SqPtJJfYj3TdOS3DudKjjXCcnE484H2cx0BHibvi1vzIkzrWLIYreaUcv/uOP6PgDh1lnzGsXZTf
y7YeyxafGecVN9ZNDBOfa4tg+uKufJkXxbGjq3/ui3s8YYXy1MZ8drK09fWjjgkq03r5i648YO4V
+a98pp+ISqeaskg7SaNSU+mg4MEhM0SlF/yBURnlm8Lis4tDhpBJsI/jY0y/fKZt4UocoI/yxCM2
iavyiDbG+JgmBhoMX/EdzxjKJnWlzMCCLC3+Vn70+dGV5VK46GPInuaxw8PGdO2YLZWk0CRaotJQ
tMad9OuJu4ygogPMy3up+RbvPO7D7yj4tWMu5lXWccwn1vW4z1r0qrxqPosCUJjL9eHBGhaUKbZ9
jBEyipFXqfCt0YYcWzotwqiF1zvlq/ijtBHF1e4+FrzpnXwZa2o6AcXTzmfF6fJLAyT9sBbiEK82
xsYd1TXch/W5JRaj9oNlPQz7XRtHRsUC2UF12BaH74Qr5/wKTzlx9EEy+OobPjvWtaMwvtezxo1h
5Rzne4m98pJfjsVl2sxJFbbr7uNh+SgN+r3oGFv0Df9GN7rRwHgT33O6Vx9XGw9YZFy+x0ga+Yfx
FsPerW9961X0RZrK57b6e/SjHz1IQ222T1nKOKVRvqSH37UFUcxzh/G60iIc4XFaWKBvbX40Apd8
MWrbX8+xuDbHLMuG8Rp+wNXmEVpcFHlIabSd5BL7ka47p2U4V3q0EU7aiovl4zwGGkvcFbfmR56s
6WpKXinH777jzyi4Q2/ZZ1C+cVzZ1msY8I5xXi7WTVv42iKYvrgrX+ZFcezo6p/74l7q72tjPhtc
MM7X3KhjQi3uMr5bOMN5TbEYGwmT1ahMKRmOsNr9WBqMZLxQfI74obOL6esZxRYKsDYFkNIY1Wcn
SWn0RonJ5EO7D8lbisiIQ2mMJhxxteOrpAEDzR3veMdquRAEWaVTxun7m9VV2pEn7Lroi+WK4eMz
xjSEgb40lfEw8HHMRcyDZwwb7EyUkZ7OpxReUfRCS43ukhfXE3cGg5KfVD46XY4yhuciFn35nQlE
qQAnrwMOOCCv9Ix5TPrMzvOb3vSma+qK/BFy4qIZ5TUuDxIPbOLkWdjhI8yX2LGqOYapPbM7VjRF
n/6oxI/2y668yG+KX+O1Wn7UM4IBedWU9TIY6vQMpQEt2onW1jboOwkTDZFMCmK5eEZojTtolQfX
BdSMgePyYMRi3H6wpLXrd20cUVlqfokF5WpbHMWER4uvtGM9pkl90HdAX60PIizKGu1SjXH1rHGj
q4zjfovYK5/ol/1fmT4LTxQ+7sYsw8HDhMPQw7OOxOQdPI5Sm/6ujMdvVsBHY5HyA1NwR+ioxRvl
Xa0u6PPYOapFDNDH4rUo3FAO5g21tkF4TiVg5XDsE9rw0Q69LiPYKGUpw1A3yr+GHzjGHf4xPgrd
Mg5pYViBT1UHMf6o7Ys4rG4mv8h/47b99RqLZcBlxz3jJIvwVH76TuYXEbtYJoWjjglTM5y3Xf+g
I+kjxjEfPWsOHOeYyhefsU59k+LUaIxx9BzHH8WlnQoThcOn/ihfOZ/uO/6UY1rMKz63tSvRO8yn
DwA7FnTA9+ymVLshH9olCwZiOqoblTvSo2cWK5RYTIK78o+LRLvm+X1xJx/GmtqcH6VRbcwXbfij
jgkxzno8L7ryoKZYFC/iIy9EVzMYUbe40mAk44Xic9xgTd4iHxRbKMDaFEBKY1SfnSSl0RslJid/
aPch+UoRGXGIc29hQVzt+CppYDw/8MADB/274uBjwKf9TsshB2lHXsynjb5Yrhg+PmNMizvPJqUV
Ax+nA8U8eMawwbxMRnqUpNqdrrAoeqGlRnfJi+uJO7J+2zye8Y6jjOG56PryOwvFSwU4+DA2MCZP
07Hz/Ja3vOWauiJ/5NO4aEb5jsuDxAMbFhWrnqPP2FliVy58j+H1jBxbc/RHJX60D+bWkd8Uv8Zr
yiP61DPzGFxNWS+Doebmigst2onW1jboOwmjXWTE5dS70jHmxR20ygPZqGYMHJcHIxbj9oMlrV2/
a+OIylLzSywoV9viKHb0avEVfXaZHvVB34Gr9UGER2bRLtUyPr81bnSVcdxvEftanmX/V6bPwhPF
i7sxy3DwMOEwrvMc58zwOLpv+ruaY44XjUXKD0zBHRmtr6vVBX0eO0e1iAH6WLwWDdFaJFBrG4Tn
VAKuw4t9Qhs+OvmhywjWp3zUjfKv4QeOcYd/zINFpWUc0mLxbzyxI8YftX0RR9fjRP4bt+2v11gs
Ay477hknWYQnHqTvZH4RXSyTwlHHuJrhvO36B51iGjGO+ehZc+A4x1S++Ix16psUp0ZjjKPnOP4o
Lu1UmCgcPvVH+cr5dN/xpxzTYl7xua1did5hvgznLOiA79GJqd2QD+0SnVp0qhuVO9KjZxYrlFhM
grvyj4tEu+b5fXEnH8aa2pyfk6dqY75owx91TIhxlvn5LBQ+Mc1Q97vf/W5omGUNkDq4Jh3z05zr
XOdq0vEozXnOc55m6623ngkcaSKY8yB98ulySbHWnPOc52y22WabBhqT0NEkYTP//p//+Z+uqPkb
ZUodVC4LbEJ+Zzvb2YbG6xMA/korc5qznOUszTnOcY5m++2375PMTOMkQT7jCBZgOqs6Xk/c4adk
+G+SMrdJR4JlHj7vec/biWMffk+DUZN2zTX4aXBott1226H820nEkI/wPmWDn2gDaVAdEqNp+vBg
mqw3SYk8SBu+nQVfgBv1RB+TVknOXfsAa/7OetazZtrGxQCeAkviU1/D+plxeHDSfnBQuevwAIbw
E30MGMK3w7BYB7I2SxZJgdYkAaJJxqUmnaaQ23KNkKRIapKiq0k7tZu0OCbzEOFoJ6NiR98E79E3
bbXVVjPtm2pl6HoH/9I2ttxyy9y2Ri1TMtA3SZDOSScDYLP77rt3ZbPu39JkfcDnsxrvJ237sx6L
06r2JilsmqTEba50pSvlOqCvp/2PWs/jVhztIu2+aNIOgCbtDGvSqTCtSTDnAQP6IehiDskclzSY
J9BWZuHoB8kHnscNm69OOv7MogykCV70S0lx0SThddCvgB9zky222GJWWfdKlzpORpLm7Gc/e5OU
P0PTmAR32iZ9Lnkyn2ZuM8yNOiYMS2fa34fx57TzW4b0mOMxJ5dcjcww7rxyVJzgY8m65NPlmCtA
k+Rq5FbJ1aOMY5RJedHPk9+s+vpkJGiSwnsgBw2T7brKPatvjDH0k2CB7D+rOl5P3OEn5jeMm4yf
SZnd7LDDDp0Q9uF3+k7GFnz+tttuu8xPnRlN8BHeR0/A2EUbuMAFLjA0tT48yHyX8UEOvp0FX4AZ
82TKojmN8pwHHz6Cf5gn9MEAnmIexThLGYf1M+Pw4KT94HriC47QSx9Dvw3fDsNiPelbz7zSorQm
LXhtknGpSacptMrVzAPTyR5ZVkiLY3rJ1fRNUa4eNrauJw7wg+Rq2tao/EC/nhbCZlLTEe8DGXs9
ae/KKy3WHcjVsxrvJ237sx6LDz/88CadfJBlrnQtVIaLvn7WcvWmTZuatBC6STudm3QqTGs1MecB
A/oh6GIOKbmaecIs5WrmnpKrh81XJx1/WgGY8APzxb322iuP3fRTsoXNs1ydTsDI9ZpOIR5a+klw
p21KrmY+zbg/zI06JgxLZ1m+23C+LDXtchoBI2AEjIAR2AAIyOiLwjGtGm523XXXVqrT6vVmjz32
aNIpL52KgNYEFvRD2t3U8Jd2mTRpF8KClnJjFyvthmnSvZpN2t3bXO5yl1uXwqSV17mt0KYwnkuI
XpfMlywTDGrpdJhs3EinGGTD0JJBMLXijjMmTC3TEROy4XxEoBzMCBgBI2AEjIARWHcEZPRFrk47
HzsXR6a7l5uLXvSiTTrlpUkngbUa2Ne9EJs5Q2TpdNpkk3bgZ/l6M5Pj7CsIoPN41rOelXk8nVZW
CTH9V+k0yOaGN7xhblMYSS1XTx9jpYhczYIIZMK0I9xytYDp4Y8zJvRIfiGj2HC+kNXqQhkBI2AE
jIAR2DgIsKodox4nDqRj/rNRD+rTUf4NO3N32WWXNYVJR8I16f72Jh29lb+lI9vyynFW7z74wQ8e
rAxfE3EBX3BSATv0WTlP+dPR37mUKEnSsWNNun7Fyo85qXd2AT796U9v0vHjeSfMPvvs06QjvfPO
O05PuPOd7zw1SlmFTV7sRGAFcjq+PedJBunIuCYdT5bb3NQydEIZgXQsYd71kO71zr/TFULNTjvt
lOuYtpiuazBSQxDoMyYMSXImn204nwmsTtQIGAEjYASMgBHoiUC67qnBqIdczalH7IjFpaP8m3S0
cjaOl0mn473zKW/pGOf8CRlBcuXRRx/d7LzzzmWUhf3NyRfs0Ff5WeiMQ65OR0Q36foVy9VzUvvI
1emKvQaZi9MOWLScjkPPMle6Bq1J1xVOjVLkavQq6VrOLFezuIQ8cSyuOOKIIyxXTw3t/5/Qd7/7
3ea4447Lp+XxNl0hlPV87EKnLabrGv5/YD9VEegzJlQTWtKXNpwvacW72EbACBgBI2AE5gEBjtDC
mHTKKadUyXnPe97T7Lnnnmu+sbKY49lrri1OLewivEt3ujUIhzWX7hRv0t2Nc3c0dI3WZXin6wVq
ZZ12XSFQprvMBsbymKd2ntjwF1GZznO6W69hIU/NHXXUUXlhT+2b3/0Hgb5jwubAz+1nc6DuPI2A
ETACRsAIGIEaAsyhuJYp3WVd+5yN6Bx5XLpDDjkkXyFVvuc3hvdanFrYRXj3jW98o/U4dq5CS/ei
W66ek4rW9QI1cqZdV8jVXGclY3nME7maExuGHYUe4/h5NAROOumkvJmmFvqxj31sg2xt145A3zGh
PcXl+2LD+fLVuUtsBIyAETACRmCuEGBlN/fzlPf+cu84x0rX7jhkhfGPf/zjvBq8LAxCzaj3lpVx
N+Jv7sri2Cp87qCUAz8EuWXaJaCyz7OP8Vx3colO6goj3Ch3hyrOKP5Pf/rThnuzyrZF++A4xsgv
o6TnMMMRoG5ZHc99Y9HRPi90oQvlNhnf+3ktAn3GhLWpzP6NDeezx9g5GAEjYASMgBEwAqMjgEx9
+umnr5GFmYde/OIXb5WrMfzVjpvmjt5lk6uR1Uq5mt/c2c5c3m5+EMB4XsrV1BX3ve+4445TJRTd
0x/+8Ic17YH2QduyXD1VuHNi1O23v/3tNXI17zmVEl2XXTcCfcaE7hSX66sN58tV3y6tETACRsAI
GAEjYASMgBEwAkbACEyIgA3nEwLo6EbACBgBI2AEjIARMAJGwAgYASNgBOYQARvO57BSTJIRMAJG
wAgYASNgBIyAETACRsAIzC8CNpzPb92YMiNgBIyAETACRsAIGAEjYASMgBEwAn0RsOG8L3KOZwSM
gBEwAkbACBgBI2AEjIARMAJLiYAN50tZ7S60ETACRsAIGAEjYASMgBEwAkbACCw4AjacL3gFu3hG
wAgYASNgBIyAETACRsAIGAEjMF0EbDifLp5OzQgYASNgBIyAETACRsAIGAEjYASMwDwgYMP5PNSC
aTACRsAIGAEjYASMgBEwAkbACBiBDYOADecbpqpMqBEwAkbACBgBI2AEjIARMAJGwAgYgZERWGjD
+RlnnNG89a1vbbbddttmv/32a7bYYouRgXFAI2AEjIARMAJGYPERWFlZad75znc2Z555ZnOjG92o
WRRDiOdAi8+7815C8+C815DpmxSBRRkvRsGB9vz617++2W677Zqb3/zmlqtHAc1hjIARMAJGwAgs
EQLI1W95y1sa5gw3velNm+23334hSu850EJU44YuhHlwQ1efid/ACCy04Ryj+cEHH9yc73znaz71
qU9lQX8D15VJNwITI/CSl7ykede73tWc9axnba53ves1hx122MRpTjuBf/7zn80RRxzR/OIXv2jO
cY5z5ORPP/305rjjjmsudalLjZUd7f7YY49tdtppp+YnP/lJc7/73S9P4MdKJATGuHbiiSc2Zzvb
2ZrLXOYyzdFHH52xDEGW5pE6OfTQQ7OR8ac//Wlz73vfu7nFLW6xNOWPBRXP/uEPf8h8e9RRRzV7
7713DOLndULgz3/+c/Pe9763ec973tP85je/ybmi5D/kkEOaPffcs0rF97///eaqV71q/nbyySc3
V7va1arhNtrLZZ0DuT3OD6cuKw/OTw2YklkjsEyG8ze84Q3NbW972+b85z9/881vfnNhFpnNmkec
/uIicMIJJ+RNGsjVLLy8//3vP3eFZU6EjPazn/2sOec5z5np+/nPf948//nPby596UuPRe/HPvax
5mEPe1iz8847Nz/60Y+ahz70oc0tb3nLsdKIgTGuPe95z8ty9eUvf/nmcY973NLK1eg97nznOzfn
Pe95mx//+MfNAx/4wOZ2t7tdhGtpnsWzv//97zPfPvaxj202bdq0NOWfp4IiV6M7fNvb3tb8+te/
zqQx7zn88MObvfbaq0rqd7/73Wa33XbL3z7xiU8017jGNarhNtrLZZ0DuT3OD6cuKw/OTw2YkmVF
YKEN50zub3azm9lwvoDczQD+oQ99qHn3u9+dhYsdd9wxT9AwZn7mM59prn3tazfXuta1FrDkkxXp
bne7W14BSio3vvGNm1e84hVzt2PkT3/6U66/H/7wh6sK+/73v7+50pWutOrdsB/sjMG4K/fkJz85
G9D0e1z/0Y9+dPPMZz4zR5tX/FSmb3/72w2C5j3ucY+Mp95Pyyf9KAhNiu206Noc6ZQ8u8xYbA78
lSeG8hve8IZN2XfwnUU3H/3oR6v9HYtApDzs088o/3nzF20OdMoppzSve93rmkc96lHNRS5ykVa4
3R5boVn3D4vGg+sO4JgZznrcH5OcqQRn59JznvOcBkPPIx/5yGbrrbeeSrrTSmSZDOennnpqNl7Y
cD4t7pmfdJCrWXSIceS0005rLnjBC+Z50xWucIXm4x//eF5sfZ3rXGd+CJ4TSm5/+9vneQnkoHN6
85vfXJ1nbk5ymRNRjywSjQ59iRaNxvddz6961auau9zlLoMgz372s7MBbfBizIeHP/zhzZOe9KQc
a17xU5FYLHTkkUc2973vfZvrXve6ej01n/Qli5DopNhOjbDNkFDJs8uMxWaAf5AlhvKrX/3qa/oO
AqBz/fKXv1zt71gEwqYVXJ9+Jkecw3+LNgdiQ9ArX/nK5glPeEKz6667tiLu9tgKzbp/WDQeXHcA
x8xw1uP+mORMJThy9dOe9rSGjW+0/XmTq6dSyBkkstCG829961t55SrHw8AU22yzzQwgdJLrjQCN
/A53uEPzta99rTXreTdqthI+4w+sGv3IRz7S3PGOd8y7g1/0ohfN5cpuJup/+ctf8mT8gAMOaD7/
+c83fQxaf//73/PxyxgyX/CCFzSTGjT/9a9/5cUa0MTu6nnFDzZiReI973nPicvcxZK/+tWvmm98
4xsZi0mx7cpnI3z74x//2Dz96U/PCyuWHYvNVV/i+XOf+9y5HlAUwqMogS95yUs2e+yxR5U06o7T
I+h3mCvssssu1XAb7eUizYGY5LOTCwF/lLHA7XE+uHWReHA+EO2mQn3gIo1BKOxucIMbNL/97W/n
8vSwZTKcM9/jRJ0ddtghj7GWq7vb40b5yolcN7nJTbIRpI3meTdqttE96/fI1R/4wAey0ZzdwSed
dNJcytXMhaGVE9PYIY4xq49BC7mao2JZSP6sZz1rYuMucjWLNW51q1vl3dXzih989OpXvzrvCJ+l
EfeXv/xl89WvfrW5/vWvPzG2s+b9WafPKW7IZCysmCXmsy7HRk5fPI9cjc7ryle+csNi8x/84Ad5
kcdVrnKVavGQwTgxgX6HDScXvehFq+E22stFmgMhV7O55sUvfvFIY4Hb43xw6yLx4Hwg2k2F+sBF
GoOQqzmFE72nTw/rrv/4daEN57Ggfl4MBJis7bPPPnkixiTuhS98YW74CHEIW0984hNzQefdqLk5
a4Oj1TAgsbgAIwTHy82zYzU6Ru9RjCVt5eBkAo4/m4YyeaPgpyNyp1HmNlx5r2OuZ51PFw3z8m2a
fDYvZdpIdKivePnLXz7RlQwbqczLRKvqd9SxwO1xmbjDZQWB9Rr31xPtv/71r/kkEQwK83jt1jIZ
ztez3p3X+iDAzsArXvGKDe0LuRpZmuN3MXy87GUva4455phMyDwbhdcHqfZcOOUIwxCLCzh6fN7l
aq4tw+jdx3AuFDB23/zmN5+KQXOj4KcjcmetQNcx17POR3U5z/40+WyeyzmvtKmveNOb3jTRlQzz
Wr5lp0v1O+pY4Pa47ByzfOVfr3F/PZFFruYkEeb/NpyPjvzCGc45aoxjpP72t781ZznLWZp//OMf
Dcd4s7qW322OI17f/va353tRMc5uscUW+Xhj7nDCaIeAAYNFRx4cHUq873znOznO5S53uWyUfN/7
3pePNeNobBx0IYyyi5ZVHhztxTFouHe84x15R9zZz372TC+06nibHOC//9g195rXvCbTqPcclXzg
gQc2u+++u16t8hkIX/va1zaf+9zn8nsEO44x//rXv57zeupTn5pXH6+KNMc/pDgHO7AXhiIZAZ+6
qhnOwQ9FOruXqS/c+c53vrzajt0skT9YhcdxaxwNSb2ceeaZgzpDaU8nSkez5ZZbVu92ZlUe8Vml
BA/iLn7xizd3vetdm2kedTcOD2Yi0r/vfe97+Q7fO93pTs297nWvBiPTpz/96cy/GJehkRXpNYcw
98Y3vjEbsbk3+N///ndeuMBK8Utc4hKDKNxJBb+TDrx/8MEH52NAoBceVvsEc/LbaqutBnHLB9X5
KMYSVtNzhL+Oo2NXDKu2v/jFL+b6m4ZxV/hxVB07jMGO0w8YhLbddtvcvtqOOwILeJA2yckJOO4y
4wSF/fffP/NaWf6+v1/60pc2D3rQg/Jx7dxtR9446gyerjn4lnb1yU9+svnKV76SeZe+EL6AX2r1
JDyELXVA+eB79cEXvvCFs0Ip5jkOFqTJtQI4diegnAJ3juKnv6ZtsRuV+/EmcRxTyVG3wgf6URae
5zznGSTLzhL6T2FBGHiBY26i0YIjzLi3j3vqqOPDDjss75obJBQe5hGLQF5+5I4y+gr6PRxY77vv
vs3vfve7PL6Af3l8NuMqmDAeskuFfoFjIekvyvvG6Z8ZS8EV5S3jFP0sx4jBSyhyH/CAB+Q+OxPw
33+kS52hqDzuuOMahPvHPOYxGWv45gIXuEBDf85YUSoz4XXGAtU3+TBmDzuyCIUyfMAuLeqfY+CZ
H8A/jBnkRz8P3/fpBycZf+ClceZAtPXPfvazGU3mEey2Z1eBxgT4nzmG+D1iz/OoWEzSNmnz1B13
abIyHp645jWvOejToKM2ZvVtj6QHJoxVmjvRD9JHc1oL84ZJXJzz0eciuLzkJS/J8xbuDuUYNvjm
S1/6Ut5tw46AyLvUMWEY6zAkao5xvetdL19FEuePjLWahzD3pC9nDPjwhz+cDSXwGkeDcrVN3D0q
GvnOYkX6WPJEwc1Yt2s60o/3jLGlG5cH+7Z95bsePEhe48y36JPoX9RuiEv7Yq4JPlw5QN9J30P9
MTenP5XrI5MQt8+4Dz2jzEsYa5n/Me8Fc9olfTunCjzlKU/JfMTOMO7ChBeZE1zsYhdTkXr55AHf
cncwO87hQdoffClXa/t8G2f8UVp9/EU3nMMf9E+atzPmMp4ixzL+tTl2MsAvjOuMi/Sh8AXj4vHH
H5/TLK/UIg/6d+Ix1yAOC33Z1QaPwgfILTjogt+Rq5HROAkKmR2H/IUcQPuDXubYpbxIOHbNYRyG
Rrm99947n9Z02cteVq9W+YyZzIXoe3HIPhzbrDnzc5/73Op4tCqROfohxfmFLnShPPcXhiKRcZf2
XTOcgx+KdOYLmhsy57rPfe6T+7PIH7RZyT7UCwveVWcnn3xynrcgS9EnIrvc9ra3FQnZZ/5IfOqc
OsVxktAhhxyS5bz8Ygr/xuFBZcc8EloOOuigvMuSRf0cbw//MqeExrZ+irGCMRoM6EsYn5nvwrOk
Kcd4Aa9KrkamYK4KvbxX+wRz8tPYo/jRV52PYixhHs3cVnoTrmlg4T1zJE4pmIZxV/jd/e53z/eu
gx1HQNO20TXQb7SNJfQD8CBtEnkLxxgBb93mNrcZzO9j+fs+cyc8uHPEKTxK3rguuRq+pU/jqih0
EfCu+ALdSK2ehIewpQ4oH3MF6pc0dk1zMGSp6MbBgjSZ6+OId+tb3zrzLPID/TW8x3y07aSumG/X
M/MBdkiqnNCPzIy+RI65EvUt2Ysw8AK/o9ECOeIZz3hG1plSx8idcd6k9PDnEYtIH8+cAElfoRM0
uY4QOUOn64A/9Rwd4yq6D8ZD+ICw6ILpL8r7xumfGUvBET0G4xR9DYt7iMsc/hGPeERDm46Ob9QZ
csfjH//4LAsxBoA1fINenf6cMSPKJqQBrzMWqL7hWcZs1W3MJz4zp6QPRB6g/tGhMBaTHvoy8mP+
jIzapx+cZPyBl8aZA9HWmSfgmEfQd9GWNSag9+RESGEUceB5VCwmaZuSqxmrmbMgE6J3oaxytTGr
b3skTeZM1J3mTvSD9NGMmyUPioZR/Tjno8/92c9+1pxwwgl53nLsscdmWYW5AzYATkCg3JF3KTfy
DH9cMUYbwDHnJGycPzLWnnjiibk/Zu7JGM8YgJ4aeR5ewx60adOmVXK1aOQ7umn6WPJDj4pcDZ/w
vqZjGJcH+7Z94b0ePEhe48y36FfQTagvATPaF/0S+LAZELmPdkX9MTenP5XrI5MQt8+4Dz2jzEvg
F/pk5r3og2iX9O2MCbRL+Aj+RZ8FL9KPRHuLyjaOTx7wLeMFmDAvof3Bl3K1ts+3ccYfpbVQfgJp
JJcG5pWN8Jcqn1pf9ZcUrCvpqJhW+pOwuyp8GZ/fSRm0Kn5SIK0kRXlnvCRYDPJNk/mV1BEOwqdO
O6eXOvZV78krTRxW5QXuacIyiFujL91lvJI6i1Xx0l2AnXGgJykWVsWZ5zqO9ZQmjVW6kyI5lzkJ
+qu+1/gi4piO6V0VvqwvwqaObSUpitZgWuKYOrw1YWJeaYX2CulPivW4PKj8kqDcSV9adDDgW8WB
t9LxjJ3x0r2zK6lDzeVKk8NVYdNkIr9PE8lV70vslF/00+Qyx1Ea8Vt8ToLXqrQj5npOityJcR+G
H3nBf2WfA/8mA1srjWDxhS98YSL6yIN0VN42Pwnbg7oShvRFaQLSGpf+Dp5T+P/H3pmA2XNUdbuS
sINJSFASWQKiIQgkomyiREAgEoMCBgExATQaMC4Q9vAh++YGEqKiATcUBUQExIAYQAVRQRQXEKIB
RBCVRYOgqMxXb+t7PVNT3be77yx35l/1PDPVt7uWU786darqnFr0xUNsa22Nckc8pmJR8lNfuWqy
UzqX+fB4Vs5sKX8e1C7KXAuTjbwbedDbhckD6S3xI63K/UjLOmIR6cvG4Y2sMB0sF2Us22c2Og7G
QQ5mI9wC27zgaTA8ecDbWcm4iAOd2aC/NF6sI8sGL5ftcYw8GiNnoBV5WfKtGC2Tg6v0P7X21zcG
qvFz5FefGcvk3WibcAfHKViI+1Q/TzyW1i901trWnPaYFYYbWeE6mGdWHGzBYmy5kLNZETaYvrjr
58n+pvzOPffc3vjwOjJFekpeM83Sh/ezsqeLN4XGrMxd5GWeU3iQOHPbPnF3gwfJZ+p4q1Ym+8Fa
+/YbeVF/Zf2Uv+OchPBz+/0p/U9W8C6lK9IJn2eF5xb+oIxj/hhTxvT6nrPCb0t6U/ufMfT0hRk1
id7HgbICbks9ZAXrRlYM9ZYKHu+rL9/TRqLLiq6NbEgfjJcXTS7yzYqfjazsWYSHP3HZ2LbpPfkx
TijdRRddtIgrTdHPxrGNrAzdFC0bEQbjQA98sl9crCfmrjWXFc1dmWmP0dX4IuL3jGc8IwbfKOuL
sPTv2YiwBdMSR/qmmHb5nI3sXfqbMpzxYyoPmgXj0pKm+JsxdNle4C10NzFc+ZyPqd7ISs4um3x8
96awzL1w2cC16X2JXReo+Jfv6O7imEbxefFzzPghK3IX4ec+LMMPXOC/EkP4NxvYNpU/YggW6LlW
ceRBOjHd2nM2XC7qyvyQRfnKqN64yDt4rnTiIba1tka5Ix5TsSj5qVYm3jGPmevg8azs31L+vNBm
kWQtDONY5ic49H19tPFeub9IMD+sIxaRvrwYcCMvHhgsF2Ur22c2Gg3GQQ5mo+Eiq2zsHQxPHvA2
87vo8uaApfFiHRkXXi7b4xh5NEbOQCvysuRbMVomB1fpf2rtr28MVONnaC//GMvkRQVCt/CnYLGI
NPHhTW960xZ6Svr4nRfWbEl5TnvMBs6NvAB8ME/0d3MdcjYbnQfTL8vHPD66vJisNz68nk8bXQQv
ea1M29/wfl4Q1MWbQmPeALLIy4cpPEicuW2fuLvBg+QzdbxVK5P9YK19+4286BOslz4/zklW6fen
9D/Ylvroqb2Hz/PiJYo0yzGmrKVbvkOPU7qp/U8Z/yD8ZnXBKNenMFjH9yin8wrHjbzypGMODIEa
9Gr05l3XXTgU+XmFRzdYQ6Gfd68tmEujkPExpsBkeQXSQtmIwhVBLPNFwznxGHzm3bPd95ge76HX
byrXzSvvtFykyUArr9TaQLGZdyNtaFQkz6hcZaKgIi3vXOqUfgyMyEvj2BgjgTSsg59Xmnc4oIzL
KxK3KMqgkYF2Xi27ZfGBilzKjOCl08u7ZDbyiuEuTd7nFb6b0kTRQr3kFY4L/MGZsNQJ6fAclYN5
BfYibL4HaOOSSy7pOtu8U7tbfCFvMICA1lVwncOD5McgUzqgHwUj+IgF3+CTSJtthG+0E3iQQQQ+
RljTk69RlkKf2EWeZnAkruS/bPGGPB7TiLTxHDt5BjgovBjcGbekr4w/5XfEj3QpA7xAO8ureRdY
POpRj1pgGI3S0Ed4BkHImdhpRl6aQpNhV1GgSyP00bFixIdGBs7iVzNMiweLe6Ajr25ehM8r/TYY
AEKXNJoPaY7FAtlF/ctPxEUWwqfQBG68gxdXaVeURfmYV7tvsBDHvkPDIWWJZUQWmGc01OWd1R3N
0Cjd9BdRdq0zFtQX5YqTe+oTvGlv+VqMRT2DfWyfeXfK4htlRg5SbvrXvHJy8S32kbQFeMW6JE0m
yfAhfRu/+SsNpCiYaOf5LrWN008/fREur9Tv3uWV7hu0RbCWB/Wp77yKcwOFMe14mTyyH4EOeBe5
mFeEbpxxxhmLfHnP2AO5toocnNP/WC7qYuwYCAVJXk27iX54mrJecMEFi/elcWoqFtI21YcnrPsh
v+QL8pnaHomjQpm84D/wYRIEpsoGvsE7U8tieHg69rf0AYxbLB98SBvKJyd078qFTnmXTfeeiT7y
BTlNuySedJsXPnVn2vqMQfLK/26Rl+/gXRdvIecYw/gNn4VFKCnp5+P72kLGKTw4t+3vFg+C4dTx
Fu0/yi3mIfCS9ZJPMljIOvoHxlJ+c7w1dk4yt9+f2v/klfGbxivQB//FMSCLUOFd5XgpNyzjGH+u
4XxO/zOGnr4woybR+zwQ8i7vjtvIO9W6to8hUINerWj0i8gIFPn0gyiTUejnU3gWskOjkPExphAn
72JbKBtRuCLblDfRcE48lOj5ruXue0yPsQb0+g36o8s7fxZp5t1CG3knS2dwRxbFPiAqV6l/DWh5
h3qn9EPxTV4ax8YYCSIde/2cd/N1OKCMyzuMquRQd4yTysUH9DvUC2XOJ2hsoANhgZHjBt6zYDY6
ZCD1kncILfA3DeqEdIgXlYPMza3/29zmNht5N9hG3q3ejc3jAqW8K2zLQoeY95jnOTxIuho6LQsK
RvARC97Dq9HZRvhGO4EHKRc+RljLLF+jLIU+sYs8Td2I6xgelMdjGpE2nqNxgLFB3r3XjeWNW9JX
xp/yO+JHuvIU7exud7vbAgv6F100SkMfvJN35XdyJi64jLxk3Cn+Kgp0aYQ+xqiMC6ARfYH4le0K
2sSDxT24uEAw7wzv+thoyDEf0hyLBbKL+pefiIssRJ7Rr4Mb7+BFZMBcR1mUj/n0uw0W4th3aDgE
41hGZIF5RkNd3lnd0Uxbkm76iyi71hkLMKRc6Besf+oTvGlv+SSWxXu+x/bJGNE4lBk5SLnpX1lI
6bfYR+YdjB2vWJeEQbcNH0Z9dbn4AH0H7TzvRu90fqadT/Xs3uXT3zZoi2BdOuo7n8jW6cZpx8vk
EXLS9OFd5CJzk3z66qb3jD3og1eRg3P6H8tHXYwdAzG21gZB2SgXPE1Zn/a0py3KxRwmuqlYxLhT
nuMYWexrfskX5DG1PRLn0Y9+9KLM6GfBB0MnmCobyB/emevg6djf0gcwbrFc8CFtyI2I5UIndEaE
ZeMT8gU5TbskHu9pN9HF+ad5MAZBPxjnLtQ9tOGQ2YxhDI/PwiJ0APTz8X1tIeMUHpzb9neLB8Fj
6niL9h/lFvMQeEmHrUVZR//AWErneGvsnGRuvz+1/8k77rsFpNY99MF/cQzIIlR417KVcsMyjvHn
Gs7n9D9j6NlvYQ6k4VzlBhM4FJ1DhnMMA/kI4k5YafQzPr5KWzqP+D4f397FQfGvYcXvKrEwOGhQ
8ZvK0VpefosGiKjYQqibTvRVokajm4ZEFKkoAmJ4cLn73e/eKbYQ4vHbOj+rBB+qzzH0s4OSToyy
g68nB0TcYzrR+MpgF+WA3+MuWt4ZFnzB2XD61jECkg7Q93P8uTxIvuQPb6gkJ3/4OB+L1H1DUSVN
cfKMor7kaX47kSZNBj7GFY8atnwjPHVh+Jo/lAbhoVuDGW2AjjKmE42ctXYXw455Fj8whB80qBo3
7iBggsh7653yIh8Mqx8HYHEBjN+n+PAkdSJ/WGbo5A/l97L0CIPcUHY4oDStGF88mLhFIztKlpJX
iLcKFvJCyYcaNaj/VWWaC6YYqEAvZfCkCSZNvEORR13m43I21b8yqtydb/iyfaw7Fp7gAa/X6j6e
rmEbj3KExQO1+ogTShS38pN9NvkxcfY9voO9Wr9qOPGsGVEN0+fTjy6TR/a1lIvJRUzLyRgLBehj
4jf5VozKb0P5Gld5M9T/xHR5Fs9lfabyhwle7JfgfWUrbTumPxeLmMbYZ+QWtKhssn9aJtOmtkdx
AGsmZyV94KkxedXFb/IqE2zyoXwsTCFvDdHSExeYRJqQ9choeJH4Li6shbe+SJ9FFTEdFLfwIN/g
N79JI+9dGOU38nVBUBx7+l1/LA8ajrzGtn3LNLU9StsU3/506pjf9ks8+NU8wc8TL6JcoB7nzEnm
9PvWL3U/dlxiGyCOY718fHrHO/R7ltFyx7JZ9im+PA5W5Ml4lHe2ffMzzVX6H9OY6u+3if8q9LJD
BEXnkOEcw0A+erPjCY1+MU+VtigLo5MfUfxrWPG7Siz6AA0qflM5WsvLb/RruqjYYiFfzTnmRVHl
7g7nQihSUUpGBy752OpOsYXxc784leBD9TmmLOygpN1QdvD15ICIe0zHOSPyHmMaCyR0cRct7wwL
vuBcOuuYtFZRvJPuXB4kX/KHN1SSkx58nI9r7b5FAynjOMLzh6K+5Gl+a2wgTeScTjxq2PKN8NTF
kBtKg3jQzcIo6KMNMCeMLho5a+0uhh3zLH7kBz9oUDUuxhbx4oQvnPVOeZlnlI5xkXHiApgy3Jjf
8CR1In9YZujkD+X3MkcYFg+5I9hFxKYV44sHC0OikZ0TfkpeId4qWMgLJR9q1KD+V5VpLpjK19t1
xaQMnjTBJiAc/Tp1mY8v3lT/yqhyd77hy/ax7lh4gge8Wav7eLqGbTzKERYP1OrDRW2ky4JFnX02
79GHRcdcmfe1ftVw4lkzohqmz6cfXSaP7GspF8bK6DwVhoUC9DHRybdiVH4byte4lH1Z/xPT5Vk8
l/WZyh/m1bFfgveVrbTt6OZiEdMY+4zcghbKDw72T8tk2tT2KA7kwdy9dOCpMXnVxW/yKvoiHOVj
YQp5a4iWnrjAJNKErGd8By8S38WFtfDWF+mjH4yORRrwIN/gN5008t6FUX4jXxcExbGn3/XH8qDh
yGts27dMU9ujtE3x7U+njvltv8SDX3Xg54kXUS5Qj3PmJHP6feuXuh87LrENEMexHvYZ6o1+zzJa
7lg2yz7Fp1yMQ8CKPBmP8s62b36muUr/YxoHxT/QhnONzsuUxgxcYE7+UFyyQj3fodMJNAQmu4hL
RQor/YxzyimnbCBoGBAyCGHwwsAHBU4Z72f/9yjfmhHCb1HRROMwH5Rp7ARDge0fCkYVVCiVNEKi
ZECZSVw6bXbdkSflQlnBMS2sUizpW+ff4rOsPmtlQCgw6BMTMY1+xD2mIb4Y62p1alj5jTQxnoCz
9YRPXUWjal9+prfMn8uD8lS5i438MBZCf+RP84mK0pI2+E5sNWoQRuxqZeVb5NkyTX8PpUEYeF0F
NJN540XfgUAsV/w+5Vn8+min03MxBivcSNsygG3ZhvOdvd0uHNIrsZ9CVxnW9jKlzMg7F09AS/lX
S0s8YliMDCU9/l4FC+OWu9jkgb46Me8xvouONIqrLKV8XungYE+jl+mKeWm4RW5ogIxtwfKQ9lS+
MO5OYqGxCCwwmFjO6KvQYmUu7zEIKQvYdRPD+oxxSDyQib5XhlKPpON7fOulZhQ0nPjX+NQwfT54
DvEP7dq2EWWc6UWDkv2w36yrWPfx21C+xl3W/5he9MVzWZ9pG66FkwcipqtgEemb+iwWNRxrackP
Y9uj4WmPTLw5GaTsw+WBIT6s0VK+M69Im+VjfEZ466U01qLQdBFBlLs+1+rRtGN7izRpdKfteiqG
NPaVVcM++dr+Y5o8j+VBw41t+7vNg46DKOuUMT87y60Xd8yAi0c+1+pqzpxE3K2z2F79VvryBPSN
7X9iPSnn5NNYFtMe21ZL2uLvWp7xe3xepf+J6Ux5PigKgTHl0Oi8TGksH8JbKC7hR/oSFoYyZmEx
YelYvGFbYYEShiVOQ2HuBh9x5CUKnNKpyK0ZIfwGj+o0SpEXyjR2gqHA9g8FowoqlErwAo4dUigz
ice8ml135Em52N1EW9fIbl7r7ovPsvqslQNjN/NcMbHuoh9xj2mIL8a6Wp0aVn4jTYwn4Gw94VNX
LnYlTF9+prfMn8uD8lS5i4380A1BW+RP84mK0pI2+E5sNWoQRuxqZeVb5NkyTX8PpUEYeF0FNGPv
mhsy/NbCD70Tvz7aUeS6GANdCs4ygG3ZhjlJjz6N9Ersh+hY9s32EutyWRzknYsnoKX8q6UlHjEs
884+twoWxmU8F5080FcnMeyyZ+fRGsXjwhGvdNDgoNHLNMW8NNwiNzRAxrZgecBuKl8YdyexUH8A
FhhMao6NB9DvKRUYhJQFLFSsOYxD4hF3xypDqUfSic56qRkFDSf+NT41TJ8PnkP8Q7u2bUQZZ3rR
oGQ/7DfrKtZ9/DaUr3GX9T+mF33xXNZn2oZr4eSBiOkqWET6pj6LRQ3HWlryw9j2aHj4mfkuc82y
D5cHhviwRkv5zrwibZaP8RnOeimNtZxC6yKCKHd9rtWjacf2FmnS6E7b9VQMaewrq4b92P5jmjyP
5UHDjW37u82DjoMo65QxPzvLrRfmBjpsXLyv1dWcOYnpWmexvfqt9OUJ6Bjb/8R6Us7Jp7Espj22
rZa0xd+1POP3+LxK/xPTOQjPzXCeJyYoWjR02RBLn8khzOwfin863DJc/I2xrjS02nBrSi2/RUUT
jSOmOfRcKt/jrr5avL7dgJZx3XwV+Bhxphj9qSt3coEDCg92LXKPKZiJTcQ9ll0FYGmgimF4Rrmn
Adc0h/ya8aVMc+j3XB6Up0plPHnJg5E/xeQGAG0AAEAASURBVD0qRUu64kINd+USRuxq2PKt5Nky
3WVp8F2Dmqs6a2k4SI3lqoUb8078ho4Ft9zmN2TkKHmEY5zG0LEsTK0uh+JE5RM0Ud8PechDNpAT
0mh5YjriYRjjYtiI4XxeBQtxLflpimJdOvp8DaCUgyPrGPhYNrCgXN4xXNIxhHmN9nXHwvIgL8u+
rA8/2+NQ244y2cUlpDdUj/JZTW5Ji/TW+NQwff4yeTRmcQY7YGvlrtW9dCzL17jL+h/Ti754Dslu
wg9hW8N0FSwifVOfxaJsd33p1Gg3bC0tw9veh/y+e+NNf5lvXpFXS5pq9RJPgYC+U089tVsYySk3
0ltrI6bdx0cawSP/SmM07sdyyV/k21cnhlnGg4aL+ZtXDYfd5sG54y3K4M54eIb+A4Mz5QQ3F0lY
Vvw5cxLjW2eRr/xW+nP6n1o91epHfuvji5KWod+1PPvCr9L/9KW57P1BUAaMLYPKlqjMqcVF0aKh
S7lU+hhBo0PxH4+4LMPz+0n5qNjS0Dqk1PIbPKpTIVVLv3xXKt/jrr4yLL/7dgOa97r5zo0w4kwx
+lNX7uSi3My/kCecxAJmYhNxj2VXAVgaqGIYnuE3DbimOeTXjC9lmkO/5/KgPFUq48lLHoxKV3Ef
akdxoYa7cklP7GrY8q3kWeKUbigNwmpQo17ps2pOQ2csVy3cmHfiN3QsuDSb35CRo+QRrj/ZDler
y6F03WktPdT3Qx/60E5O+M7yxHTEwzD4xMWwUXOrYCGuJT8p68fwU42m+E4DKOVAf+cpcfxGZlIu
Fgfzu6RjCPMa7euOheXhWPyyL4uYxWfb41BdRJns4hLSGKpH+awmt8xfemt8apg+n/oZonnM4gx0
6bU0anUvHcvyNe6y/sf0oi+eQ7Kb8EPY1jBdBYtI39RnsSjbXV86NdoNW0vL8LTtZX9998ab/jLf
vCKvljTV6iWeAgGNXEvGwkhOuZHmWhsx7T4+0gge+Vcao3E/lkv+It++OjHMMh40XMzfvGo47DYP
zh1vUQY3xMEz9B/M0ygnuLlIwrLiz5mTGN86i3zlt9Kf0//U6qlWP/JbH1+UtAz9ruXZF36V/qcv
zf36vhnOc0PjuB+OfkLBg4KQeyX5Y5e2ArOmzEO5xc4fBsbG4S5VFWLELZVGQ0otdyPHOCqBSIsj
mhhssqu29seEEeWeSh52DbFakVW3pA2N3FcTFwksU66xGggBVDtu13x2y48K45qysY8OBIz1CBbR
oAdeHosZcY9pjVUAqsglL3amQm+tnnjHt74dnDHvZc9zeFA8asr1Gn86wWEnWt+CBRSbLhqIOPZh
5w7cWrsqy9yXhuFU+DPBR7j7Pvoa/5fxe4zT9yx+8VjSGBaewtAIH5ifCmqMGxgu+viCIyzdxRXT
nPNsXfYZPWKasf6e+MQnLnYcGsbJv+XxPb54cGwvO4zdbQwGyNYYludVsOjjhSmK9ZKe2m93UrA7
yuMSqU94jLpjZWR5XznpiHkNpxrt646F5anJihpuvIN/5QH6x75wlj1iNVSP8tkQLdIb0+zLv3xP
/QzJI2SWxkkG0WV8ZLHHCZdtuFb3xB8jB/vilvnXfovnMqPlELY1TFfBokbn2HdiMbb/r9FuXqYV
+yt2mNPO4YNLLrmkV04jAxgbmdYcv0ZbSVOtXmw37CxhYU/M213RtTZi2jXeJQ3HmrENSCOLRGM+
PscxD5j4PvpjedBwMX/TqeGwFzw4Z7xFGRyjwFuMp5h881w79Yfwc+ckxLXOxvT78tKUcUmtnmr1
I7/F9mV9TvVrefalsUr/05fmsvf7VQEwh26VLcsUdhz7x1gY3kBByFUP/D3iEY9YzMdqyjyOD2Tn
D3M14zCfUiFGuyHN6IaUWi4IjXFUApEW17ExTkH+1f44bhPlno5dQ1zFwoJKTtuBRubWcZHAMuUa
82l2zNSO2zWf3fKjwrimbOyjQ6UeGIJFNOiBl8diRtxjWmMVgCpyyYedqdBbqyfe8a1vB2fMe9nz
HB4Uj5pyvcaf8BxlYida34IF2pqLBiKOfdi5A7fWrsoy96VhOBX+zHnYHVxzGv+X8XstbvlO/OKx
pDEMPGV/ZX4qqDFu0Mf28QV3cyLDt8NZl31Gj5hHrD9OmHHHoWGQcfCA5fE9vnhwbC87jN1tjLEV
2Vq6VbDo4wVl/Rh+Kump/fYebo7NR89A2fmDx6g7jmsu7ysnHTGv4VSjfd2xsDw1WVHDjXfwrzxA
/9jnLHvEaqge5bMhWqQ3ptmXf/me+hniH2SWxkmP0o5pYOzyOOGyDdfqnrhj5GBf3Jh337N4LhsD
DWFbw3QVLPpoHfNeLMb2/zXazce0Yn/1spe9rGvn8AFz1D45zfva0damPcav0VbSVKsX2433X8e8
3BVdayOmXeNd0nCsGduANLJItObimAdMam4sDxou5m96NRz2ggfnjLcog2MU+hDGU859a6f+EH7u
nIS41tmYfl9emjIuqdVTrX7kt9i+oG+Oq+XZl84q/U9fmvv1fTOc58EICh4GbkyQYY74p8KrVOY5
YYhHLxoPJY/3YJZKIxt2qdhHCegRoDEOQpe8EQy1vMyT+6eicVu6MfoYJvrugCnpMAwKj9JgREP1
+174UUmL0RKca3RwfyfHwFAGvos5O9VLQx7HBWrkibjHdMcqAGMdlkc4x/R4RgFbvpv6ey4PUo/w
U82YIlaRL7iqgPD8lScvSLO0ECYay8SuVKrHO59LI5Np6ptGX/3ABxrta7hr0IK2WC7Tn+qLXx8e
Gi/47lHVGmJRUMeFG2Xe0Dr0vQw/9Nu69HjxMmy8hzmWCYVeDEs78ljtGn7GVVHPAh7Kzl95Fznp
roJFHy9MUazHsvU9x0U6lINdNChYLZfvyvhiXsOpRvu6Y+HxzZQ3niQRy81RVAwUWaTF+9geqf8Y
1mf7J9JlcYLvh+pRPqvJLeMP4W+YPp/6Kfv5MqwrXAkHn/sdxaIL7WppWPdz5KBx++SfNNR88RzC
jHhD2PZhOheLGp1j36k47RsLUQ8xrT7aCVPD9TWveU3XxqnDvkVYxEV2gm3Ma+pzjbaSprJe4hgI
eVTmya4q2lStvk27tgAOGX+/+92vixsXhEkj42NoKfN7/vOf38Xhe99CgrE8aLha+ylxkI7d5EHH
ODXeg/a+Mb+0Ouamfvzr2/1PXU2dk5iPdTam35/T/9TqqVY/8tscuWVZ9OX7vnbJuN5xE/Q5Hpza
/5jfVH+/KgDm0K2yZZnSGAUPPEx9lE6FV6nMcwcrPFM68vUeTPgtOpVapWIfJaBHgMY49BPkTTus
5WXa3EkcjdvSjdGn5pRHJR2GxfhXGoxQju2li0pajJbgXHOM/+gfXUQg5uxULw15tEeNPBH3mO5Y
BWCsw/II55gezyhgV3VzeVAlZ61diFXkC+bA9gPlyQuWQVoIF41lYlcq1cEdvi7blelF3zT66gc+
0Ghfw12DFrTFcsU8pjyLH+nV8NB4wXePqtYQi4I6Ltwo84XWoe9l+KHf1qXHi5dh4z3MsUzoh6Kj
HXmsdg0/46qoRz9J2fljIaPt0DRXwaKPF5T1Y/hJOob8uEiHcnCfMZsFLJfvyjTEvIZTjfZ1x8Lj
mylvPEkilpux4fnnn9/NNXgf2yP1X3P2T6TL4gTdUD3KZzW5Zfwh/A3T51M/y/iHU2SgmXDwuY6r
QFxoV0vDup8jB43bJ/+koeaL5xBmxBvCtg/TuVjU6Bz7TkNf31iIeoiuj3bC1HBVn0Yd9i3CIi6y
E2xXcTXaSprKeoljIORR6TgVEf6s1bdp1xbAIaPPOuusLm5cECaNjI+hpXRc30l+fO9bSDCWBw1X
az8lDtKxmzzoGKfGe9DeN+aXVsfc4OUf+sWao66mzklMxzob0+/P6X9q9VSrH/ltjtyyLPryfV+7
ZFzvuAn6HA9O7X/M76D4B85wjkITJQt/7CJHgcLum/ieiXxUjKiM5RheBjHxm426VOapnKIRsjMp
xmGA32eMjTuauAedeBjLGCDZ6BlUxfRUQJEX93lpECYMA1GYmLiRRhqV6SH0VSoRByzcOVcz8BBG
5Zhp4PeFjbTu9LMrdKGH+mKFHHmycIA7Nt09DlbUP99YCUZ48GG3D+/ovDFqqmDje4m7ynGOQvU7
+chfsR4st3xBeHYixB3aCEHvOuO7tBh3qm9eU3mQ3XrkT7soDQ3eqxTvQY1KdeJRB7HsGNN5z1+5
g8q2Bb8x8aeMtA92JxOeOqkp3MUYPtRoS/1E/CNecZEHiimM8fA8PHHzm998QR/lirTHNMY+i59l
xnjA6Q7QbOfKt2igiO2RndjwgvkRjxWZ8uJ2tTONnmD8rne9q8sPWcPuEDF1IQT0EA66kVFghxIm
tim+lfgRDmMg3yLdnlLAe+qDdqAMmosF8b1yoWyr0A9+ffwk1mN96sT6oAwMZMFOjHhHXZfp1doP
YaCdY++JF2lfdyxiP0DZkaW2H9pz7LdiP6hBjfKymCXKQRSw9o/s2o8LZ6hHvtXq0XZXk1vIajCO
+HOih3KklHPUSZQlfKd+zDeOF2IdR+UVZaMtX3DBBZv4gjRimYg/Rw7O6X/IK9I+dgyk8qqGbcTU
uiefuVhEPKc+a3xE4UjdEh8+5EQR+Ia+UFnHt0h7zKuvPcZ2T3ooZIwHvzC5wyhN3a96VLt3XEeZ
6lhPGaF8sF7i4jzGfcgk6GPnOe0MuvgjPHwg7fimzXeMvCgz4A92Y6nA5RuKWuM5xuA92NKnsLCK
RTLwPe/5ox1E3pjDg3Pa/m7yoFhMHW+JZVT8g1k5VjIcvvJiypzE+FP6ffnLOqQOTIe2UBuXINvK
vtZ05NNYBnnZdOf48foU2gvtgPEJ8x+VPCyMdW43t/+ZQxtxDrpDoYmShT/aOQoUdt/E9yhWolMZ
yzG8yKnoLr300k5ulMo8x8+0MRagRocCsc8YG3c0cQ86DmNZlFEYIqJTAUVejGGjIQq5qDyNNNI+
lHkchatSiXTBwp1zNQMPYVSOmQZ+X1jC75aL1xFRX8h4HAsHkPXuHgcr6h+H/gL6wYfF0jgU7Bg1
VbDxvcRd5ThHofqdfOSvWA9dovmffEH4iy66aNMObfryF77whYt6kRbjTvXNayoPoouAPtpFaWjg
tEC+cUKBLirV+UYdxLJjPOY9f+UOKtsW/IZsxNE+2J1MeOoE+V06MYYP7fOpn4h/jBMXeTBeQdbB
84w3Tj755AV9lCvSHtMY+yx+lpk5Fzu0oVkdDt+igSK2R/pMeEFHPDZRyIvb1c7oz8SYvhCHrGHO
K6Ya/qGHuiA8/TLYoYwGP9sU30r8CMfYk2+Rbnibd/xRH5xUoAyaiwXxvXKhbKvQD359/CTWY33q
xPqgDNxDz2IXMeJdbedmrf2QJ7Rz7D3xIu3rjkXsByg7stT2Q3uO/VbsBzWoUV4Ws8STKtBd2z+y
az+OS6hHvtXq0XZXk1vIajAWf05v4UQP5Ugp56iTKEv4Tv2QL/IpjhcIq2PcRpn841QFriyMfMFz
LBNx58jBOf0PeUXax46BmFtRphq2Ylq2/blYQONcp/GR3dbULQ4+ZLEwfENfqKzjW6Sd37q+9hjb
PemxKF0HvzB/wCgNVqse1e4d1/CqbcqxnjJC+WC9xMV5jPuQ5zj0VrQz+ZLw8EF0pk0YjLzMSeCP
9773vRvgaVx0rTrHGHwDW/oU5jTMm+F749CnWQbizuHBOW1/N3lQLKaOt8SScY544ZdjJcPhKy+m
zEmMP6Xfl7+gZ+y4BNlW9rWmI5/GMsjL0jfHj9en0F5oB4xPmP88+9nP7nBlYaxzu7n9zxza1jnO
gTKcq7yJjajvOe6eU0llWCZ0rHLTuMR7dhwiDGFu/lSiGQfjHPdhPOhBD1o0YhSv0WBAvFJ5ZvzS
RwGFICUOjYe0DIOAQXmLgt53+OwUMr8SC+KgOHVXnPHi7mDLho/gjIYjwrujNIbbi2d20kh/n0/n
Z33R4ZdY9cXT6FHuLq2Fryk+qTN3bhmHyRQKUH/jUx90sKvgN4cHNTxIC3RgaGCQFA3MfI/8W+PB
U045ZROuGMHKXXoqtMyvz49G17JcfXEiP6rM7Qsb31vHc7BHaUta4BbTLJ/57sIY83E3oGGRMy4g
8B0+pyUYZxUfZWWUG2V7Ji93z9FWNEpHWvqeMSDFXcOEi3VYk3NRpk3FosyL/DDWgI87ASOt8d7s
uRjGtsICAjCyT4CHIq8jL8v2gyKfdlWjPfYn645FPEFBjEt5ysIYBrBizWC9lIPIC/5MA//1r3/9
Io4Gn/hdI16sC7/bh5d9nd+jb11IX61/i+Hjc8lL7DSP7SqG5bkmX6bKwbn9zxgspFf8atjC77U+
obyeYA4W1sEcX2W9ZSj5kN8YU1dpjy4iMA/aNbLL3/oYrueUgTjRiE160I28Pvfccxf5YCCIclS+
8uhh6Rjyo0wu86zFYyyMQdJyjemLaQvxlJI5PDi37UPnbvFgicXYMb9Y4j/ucY9b1K/tL373ec6c
xLhT+n3iTOl/anXLOCzyKTICBVDkt8iH0jnVx4BQ41nfeX886c7pf6bSE8Ov8yR/VdpU3ojzkB93
z6mkMvxpp53WXRWmcYn37DiMikGVaMbBOEebibyE4jUaDChfqTwzfumjgEI5hFOhaBjG7Chvo7Ke
b+wUMr8SC+KgOHVXnGnF3cFdZv/7DwVUNBwR3h2lMdxePLOTRvr7fJTI1hf8X2LVF0+jR9m31sLX
FJ/UmTu3jINSGgWov/GpD5R+q7g5PKjhQVqggzkpisloYOZ75N8aD7KoLeKKEYyFndFhEDavIT8a
Xcty9cWL/Egdl/zaF886jnSOfXZMA2596fOe7y6MMW13AxoPOeMCAt/hc1rCdjiMKtShadfwcfcc
bUWjtOGHfPrXuGuYsLEOa3IuyrSpWJR5kR9jD5ybhiK98d7suVjGtsICAjCyT4CHIq9HA7N0oMin
XdVoj/3JumMRx0yWLbZ73rEwRkMmeGOYLOUg8sLTjkyHMbFOg4/f8DXixbrwu3142df5PfrWhXnV
+rcYPj6XvMS8LbarGJbnmnyZKgfn9j9jsJBe8athC7/X+oTyeoI5WFgHc3xkqvSLdfmbOfUq7dFF
BKZLv4js8rc+uvu5LhqxSQ+eQV5z8pTpc8Ihizj8LV95HaXvh/wok8s8a/EYC8dTecb0xbQF7Am6
OTw4t+2T527xYInF2DG/uOA/5SlPWdSn7S9+93nOnMS4U/p94kzpf2p1yzgs8ikygoUTkd8iH0rn
VL/Ua5T86/3xpDun/5lKz34If6AM5zUDRckE/GbwzQBVxYeK49LwYdwn5WNkNEgbR0UfaZXKW+Kd
ffbZW+6fNC4rKss4KJ+cPBAfo5CGc+Kxo5X7yaUp+hhwUbTH8BGL0lhBXIx2y3Y8Q5P5MDBjBZVl
2GufQX3NeEG5mLSU9DGQLA2H1AErg+OOadIEa49spfw1/HiP8Stibp4Y2C6++OIFdmKIf+c737lT
lKDcNPxcfw4PejqBNIEBA3iMJOXgG2MYgyXpQxkaOyjTwKeN8N2w0ccAEMOSJ8Zh2ojvGbQYx3L5
rc+PcYhLvUXDg/Hg40iDdWx+U/y4swEFsTsdzQsfJZ+768u0GeiXfEgcMGEFOXVRxlnlN3zPgppI
HzKL+oo7M8kDRY8nNhiesOzewmAFjb7HsIbhOL5joCCtUf4Ypzy2fQoW4BLzIk2PYa3xy3YsPmAH
NfnAL8p/Biq8i4sAKDPtpNZ+UIzVsGBSJVb4644FA7uovLZOkY0sXKjJQcrF5LisN+LW+seasdh6
rMktFx7V8JU+fRaaURdiXqsvw5Y+ZTCePmlh9GfhCXRjBDNNyktbMqx+lEHkQbg+OTi3/xmDBXnH
MVC5EA26GB/V+oS4OM9yzcHCuHN8dqmUPAUf0jbF3bqIdUl/NrY9Ihsf8IAHLORdTIcFkqz2nUO7
cRxzmi4yhv4zGlZZ3Uu7Uq7YbzG+4E5d4+qTJm0iLsaKfaTtl5N24GkMjcYlDos7pE/fSRV9KONF
dwUQjzrgBB124hsefw4Pzm375rsbPGg/M2fML53uYi136PtdX/6YMicxLv6Ufp/wY/ufWt3CpyhZ
5CX4FJ6Ii4Xi2CDSOeW5j+9Z8EdeyKsyvSn9Txl3yu/9MNmfS2PNQGFdR592wThBp+K4NBwahx0N
GqSNo6KPtEojAvGYczEWqznGqGUclE9RIYpRSMM5abCjtSZLyQsDLor2GD5ioVy2PPgY7ZbteI5z
Q3Yo0VbWxXESQM14QbkYE5SOdl8aDqmDN+VTzeKOadIEa49sBasafrzH+BUxN08MbIyXIt4+3+1u
d+vm8e4UM84cfw4PKtelBwwwcsYdPX7DGIYBQocylIVFfo8+baTc4WY8DAAxLHkybqSN+J7T4XSW
y299foxDXOotGh6MBx9HGqxj85viv+QlL1nQjILYnY7mhY/CGBlfc4y/Sz4kDpiwAxEF9HY6+J4F
NZE+ZBb1xRg0OvqRuLucOISl38RgBY2mw+kOGI7jO/owXZQ/xmFu5GIWwk3BAh6NeZEm6eFq/LId
iw9ciA2/KP8dZ8ZFANBAO/GoXstL+0GBX8OCq2eiW3csGLdGQ4hlRDai46zJQcrHyaNlvRG31j/W
jMXWY01uufCohq/06TMfoC50tfoybOlThtKRFroldLjQjRHMNCkvbal0UQaRB+H65ODc/mcMFuQd
x0DlQjToYnxU6xPi4jzLNwcL487xmReWPAUf0jbF3bqIdTmlPSIb4+bCmA5zX+YXqzjHnKaLjKH/
jHpr9Ae0K+WK/RYylFNijatPmrSJuBgr9pG2X07agacxNBqXOMytSqexmPEp40Xmg8ahDtAzsxM/
ujk8OLftm+9u8KD9zJwxv3R6KgDj+9gX+l1f/pgyJzEu/pR+n/Bj+59a3cKn6LHkC/gUnoCffBfH
BuQ3x/XxPQv+yAt5Vbop/U8Z9yD8PoxC5EpY6j75yU8uDbNfA2TGSPm4oJQFVsoCNWVBm/IRMymv
EErHHntsuupVr1otWh7gpuOOOy4ddthhKU8uFnGOPPLIdK1rXasax5fkkzuj7ifh+/IwvH4eaHa0
kj40EvdqV7uanzf5WemarnnNa6arX/3qiXiUKwvC7ve1r33tTWH7fuSOsotDPuvoqANovNKVrpSO
Ouqo7m+ITsLD8mB2zDHHDAVd+Rt1nAfG6RrXuEaHf+4YlvLF1ExX4cGpeRk+C++UlZj+7HDs40ED
wX955Wy68pWvnI4++uiuzfhtu33acu4MurYM5sto2478yRO+onzL2j755V196fDDD+/opO3vdPtC
PsGPRxxxxNK8kBvUMWWhjdC2dtLtNhZTypIXCyV46HrXu14Xjb4iL4pIN7jBDTo+npLWmLDrjAX0
28/BG7gx/Qh8R7nwaZfI6Z3m9464Xf6HDMiG5S7XvLq6yh+7KQd3ufibshuDxaYIM35MlbkzsujG
Wowv6EOQ7/DtTsvDsXTSFvmjH0FOL+vn8nUmKStrU1ZKpVvd6lZdNrRJytVXpqy8S/kKg5QV++mc
c85ZkMbYuC/OItAeP+wED64y3soGspSV+x0qWTmYTjrppF6E5s5JygSn9PvEXff+BxrBBjkK3zK3
Wcb3u9H/jOkHof1QctQTeoPrXve6Xd/P+N959XWuc53eOW9WFqXjjz9+Ma9G/iJvGDcsG1tT185N
CD9lXg2tzquJ28dXtBHCOa+mXM6rx84pKRP4kM86OuqANoaMZ77G35AjPO0RzNCZ7KSjjrMBdTGv
pk9exhdT6VmFB6fmZXjmXMy9dODYx4OGoY6uuOKKbq6GDEIXtVOO9uG8GsyX0bYddJAnfHWVq1xl
VB2jb4nz6p1uX/SvyCbm1cvyQm44r6Zud3r8tNtYTKnvvPO2G0szj8YhC7NRIp1wwgmj5pRT8iLs
OmMBffARfYLz6jH9CHKQcuHzh4xexoPktd8cMsCxMvqY2lhrN+XgXuI3BotV6Zsqc+fkRx5xXg3f
7rQ8HEsnbZG5IzJ9TB983nnnpbwwOOWFhSmfLNtlQ3scmle/4hWvSPnEnJQX+yfi6/bDvHoneHCV
8RZz8ryJrYOQfsU5tphGf+6cJKbB85R+n/Dr3v9AI9hgI4RvsVktG98dKv0P2JSuGc5LRNrvhkBD
oCHQEGgINAQaAgMIoARTMc9A+jnPeU7Kd2qnvOMy5V0VnWJ9IPqB+tSwWP/qzCv6Uz4hJeXd8ukW
t7jFKILz6UjpgQ98YMo7zlM+InJUnL0KtO48iHzgL+/eS09+8pP3CqaW7w4gUFPm7kA2LcmGQEOg
IdAQaAg0BBoCBxKBchyfT0dM+dSIlHdcpnwiwyE9rz6UsVhXZmc+d+GFF6a8Wz7lk+9GkZlP40n5
eoqUd5xvWpA+KvIuB1r39shcOp8okPJJKd38epfhadkdggg0w/khWOmtyA2BhkBDoCHQEGgIzEMg
Hy3ZGcBqsfeDkbFG99x3DYu5yO1OPHak5SPVUz7+tNtRfOqpp6Z8BHi3ujgfV9cZxktKWHVMveYj
6dI73vGOlI9lT2eeeWa3Y5SdLUxSXTRSxt2L3+vIg+x8zUe3djsp2Gmbj1XroOEEk3y0XMpXAezo
DsG9qIdDNc9mOD9Ua76VuyHQEGgINAQaAg2BVRF48YtfnPJxy9Vk9oORsUr4zJcNi5nA7VI05tX5
es1EPbGjOF8Tm/IR4N28Ol+D1p3UVpLCvJpT3/h7+9vf3p1ynK/H7ObVzCFYGLFO8+p15EFO5QEn
TihgXs1mABzz6nytaMpXAbR5dcl47fe2ItAM59sKZ0usIdAQaAg0BBoCDYGDjEC+NzVdcMEFm4rI
wB2jeb5PfdP7g/6jYbHeNZzvZ0sYyGvupje9acp3A3fH0sXvTEjvcIc7pA984APxdfcMn7O6fp2M
hevIg1zpgQKl5vpwr4Vt79YfgXVqC+uPVqOwIdAQaAg0BBoCDYGGwP8hwPz54Q9/+P+9yE/MNy6+
+OKU71Pf9P6g/2hYrHcNv//9708nnnhilUiOC3/3u99dnVezaD3f9b4lHnzOfHvMNQ1bIu/Qi3Xk
wfe85z29x7H34b5D8LRkD1EEmuH8EK34VuyGQEOgIdAQaAg0BOYhwN1KrDrGccem97LOS21/x2pY
rHf9YTzn/rR4Byr3lWLw4w7imuNObu4z46636LiH8cY3vnF8tRbP68aD3AF2+eWXd/dPlrijJLne
9a63Frg1IlZHoBnOV8ewpdAQaAg0BBoCDYGGwKGLAPcdc/UZjnEy9xfH8fOhhEzDYr1rG+N5Oa9m
3sfd6Mcdd1yVeOapnEZW3unOvPomN7lJNc5evlw3HgRf9Bn4US7w+6ijjkrXv/719xKulvchgEAz
nB8CldyK2BBoCDQEGgINgYZAQ6Ah0BBoCDQEGgLbh0AznG8fli2lhkBDoCHQEGgINAQaAg2BhkBD
oCHQEGgIrAsCzXC+LjXR6GgINAQaAg2BhkBDoCHQEGgINAQaAg2BfYFAM5zvi2pqRDYEGgINgYZA
Q6Ah0BBoCDQEGgINgYZAQ2ASAs1wPgmuFrgh0BBoCDQEGgINgYZAQ6Ah0BBoCDQEDnUEmuH8UOeA
Vv6GQEOgIdAQaAg0BBoCDYGGQEOgIdAQOIgINMP5QazVVqaGQEOgIdAQaAg0BBoCDYGGQEOgIdAQ
2DEEmuF8x6BtCTcEGgINgYZAQ6Ah0BBoCDQEGgINgYZAQ2DPEGiG8z2DvmXcEGgINAQaAg2BhkBD
oCHQEGgINAQaAvsRgWY434+11mhuCDQEGgINgYZAQ6Ah0BBoCDQEGgINgYbAMALNcD6MT/u6Swhs
bGyk3/zN30yf/vSn02mnnZZ2UhG1m3ntEny7ns0HP/jB9Ja3vCV92Zd9Wfrqr/7qXc+/ZdgQaAg0
BBoCwwhcccUV6Td+4zfSUUcdlU4//fR0xBFHDEfYJ19b/7NPKiqT2Xhw/9RVo3QeAjs5X5lHUYvV
EEiJue6rXvWqTgafccYZ6ZhjjtkxWHYzrx0rxB4nfPnll6c3vvGN6aSTTkp3vOMd95ialn1DoCHQ
EGgIlAgwp3n5y1+ejj766PTN3/zNB2Ze3fqfsqbX93fjwfWtm0bZwUagGc4Pdv3um9L97d/+bbr1
rW/d0fv6178+3eY2txlF+2c+85n027/92+mSSy5JH//4x7s4DGbOOeecdNvb3raaxty8qontw5d/
//d/nx72sIelY489Nh122GHp3//937tS/PRP/3S61rWuNapEj3vc4xLhMZq/+tWvPjADx1GFb4Ea
Ag2BtULgJ37iJ9Kll16ajjzyyI6uD3/4w+n7v//7E8riQ9lhNH/IQx6SvvALvzD94R/+YTfRPwh4
7Gb/8w//8A/pt37rt7pxxn/913918H3xF39xOv/889MNb3jDgwDnjpah8eCOwtsSXwMEmuF8DSqh
kbAFgcsuu6xb3MyHP/iDP0i3v/3tt4SpvWBe/brXva6b2/3zP/9zFwQeP++889Id7nCHWpQ0N69q
YvvwJWPOs846qxtrMa/+7Gc/25Xil3/5l0fPqxmzXnjhhZ3R/E1velObV+9DPmgkNwQOCgLPfe5z
E/pYFl7jPvShD6XHPOYx6d73vvdBKeKscrziFa9I973vfdMXfdEXpfe+9707utFrFoEzI+1m//PR
j360W9TPOMN59fWvf/10wQUXpBvd6EYzS3DoRGs8eOjUdSvpeiHQDOfrVR+HLDUf+9jH0s1udrOu
/L/zO7+TbnWrWy3FAkP53e52t/SBD3xgS9ib3vSm6fd///erE885eW3JYB+/eN/73rdFgTLVsPK8
5z0vPfWpT03f8A3fkH7xF3+xivM+hqiRPhGBN7zhDellL3tZ+sEf/MFmTJqIXQu+OgLf8R3f0e2s
iin90A/9ULeAKr7bb8/s4rrooosSk8wnPvGJ6WpXu9qkIrz1rW9N97znPQ+c4Xy3+p93vvOd3Rij
BvoTnvCE9MhHPrL26UC9azxYr87d4sF67uvxtvX7/1MPzXC+HvzYqNiMAIu+jj/++O7lH//xHy8W
p28OtfkXhvLb3e52iQXmpfvyL//y9O53v7s635uTV5n+fv6NAUUdhuWYalh59rOfnR7/+Md3Y7Zf
//Vfr+Js2s0/+AhwCuNLXvKS9KxnPasZkw5+da9dCe93v/t1ep1I2Ate8IJuAVV8t9+emdP86I/+
aGITEW1r6rya0zbvdKc7HTjD+W71P3/0R3/UjTFqfPP0pz89Mbc+6K7xYL2Gd4sH67mvx9vW769H
PfRR0Qznfci097uKwL/+67+m//f//l9i0s5A5oQTTliaPyuuvvu7vzt9wRd8QfrxH//xdPLJJ6d/
+qd/ShzjeuKJJ6av+IqvqKYxJ69qQvv05X//93+nf/zHf+yO8QMLdhBMNZwj2H/+538+3fnOd04P
fehDu53r+xSORvaKCDAA/IEf+IFugj920cuKWbboDYFNCCDH+Lvyla+cXvziF6cf/uEfTgfBcP5v
//Zv6a53vWv6xCc+MWvH+F//9V+nZzzjGd0RrfSrV7/61Tfhtl9/7Eb/g1xjd8WLXvSi9JVf+ZUL
HFG2sPju1FNPXRgl9iuOY+huPFhHaTd4sJ7zerxt/f7/1UMznP8fFu1pfRBgTPSIRzyimxczR77x
jW+8lDh2SD/wgQ/s5tUXX3xx1/fR33GMK4bhr/qqr6qmMSevakL79CXzanBCLn7qU59Kt7jFLSYb
VjhWn5Pc7n73u3dzKnauN3doIgAffdd3fVc3/hy76OXQRKqVeqcQQKYjy65ylaskTnV72tOelg6C
4Zw5DSeSom+es2P8Pe95T2fcvc51rtPpng/KvHo3+h/k2vd+7/d2/MTJspxqAI5/93d/120Q+Pqv
//rEiW4H3TUerNfwbvBgPef1eNv6/fWohyEqmuF8CJ32ba0R8LjWX/iFXzjkj+SdW1Ec086ufQzp
B+ko37l4tHjzELAtNsP5PPxarO1DgGO1UfweBMN5k8/bxxdTU/rP//zPzjj+kY98JLHD4EaH6PFx
jQencs6hE771+/9T181wfujw/EEvqce1vvKVrzzkj+SdW9f0mezaZxf+HMPM3HxbvIOFgG2xGc4P
Vr3ux9JwJSP3eR8Ew3mTz3vHgcyr2dSGofxP//RP05d8yZfsHTF7mHPjwT0Ef82zbv3+elfQgTGc
syrupS99abrSla7U3ZfBvZ4cv/If//Ef6Vd+5Vc6n9W7/HEP1VWvetVNNcOx3695zWu6u7JZNXzE
EUd090xd73rX61YAc+8UE6HSsbuZ9LljW8c9Yg960IPSSSed5KuVfcrBsYjQ+P73v7+jjxXNdEBv
fOMb013ucpfEcbU4JmtMetl9R3nPPvvs7v6xt7/97Ym7yw4//PDuDnHuFO9b0fyOd7yjKxdHleLA
45u+6ZvSAx7wgG53cvey+MfqvZe//OWJI8boHLlD+453vGOXF8YM8Pi2b/u2TXlSJsrDikYc8ShH
39E5n/vc5xJHjVOGH/uxH+vKyZHh7MqjbNe97nW7Fd+sWCNMdFPzMi53w2GcZwKMu+Utb5nucY97
pE9+8pMJfNhtu8pdp6997Wu7XfKsNGIX201ucpNOUc8R9HSuN8oKe96zKq/muFvu137t1xJGS+53
//znP9+tprzPfe6TvvRLv7QWZfGO9Mcazmkjv/qrv9rxFQnAk6za7LtL3kzG8gXhaUvsroz8cP/7
37/bMcnuSe6zt+3CK2eeeWa3qt+8xvrQzs4K0mDlH4Y2cPvd3/3dxW58dld8zdd8TXWXJnfyYEx5
85vf3C04IB0c7fCcc87ZshMR3uRIe2UQ8VlNDj+zwo5JCXKHYxUf9ahHdbs8LMu//Mu/dG2f9vvn
f/7nHc20R2imPYlHLBPp88eRSNwh9PCHP7wLyw4S2ifuhS98YbpTPm6qdFPaPrssaGfuzGQXHvfe
k7cOmVxzhEEuwFPs4sQhM6hvZI08YFzKD22UN/LeX/7lX3Z849UMHE3NKQjiQnwUD+SjPGPnDbLp
r/7qrzo8f+RHfqTrO8xrFX9OXpSHPgT8OCITTLnv6V73uld3HUKJxSr0ERfM4HXqj3vBOXWCeoJX
6DfAjmPaIoZT+EL6kBnccUwfBa/TT9PvIJuWyQ3TmOp7p/IYw/lc3JFFjDeQATj4iT4IGc2dcJQP
2RHdu971rq6OacMcvY6jL+HUFPry0lE3yKbTTjutk4nkxckg9BO6WtuiXf3SL/3SYsyDbDruuOM6
JXhff096U7BQnhEPOmlzyBr6f+QYfRj9IuXbLjel/wEj5Jw409bB8id/8ie7CTtyhnHG6aefvoU8
eJS7/Lij9GEPe1iiH+YaCsYW8DCn4dBv0j5LN4XfxXBsn8BYlH6e9slOEHCnXcGLnLBAf/Wc5zyn
a8P0Q/B/qZRgvIrM/ZM/+ZNu3AX98BR9Efxb8sdu8yD0MN6inMgoThNCFnIlDDxGvenEj9/ryIPS
iT+nT4jxlz2vwu+kPaXtEx685/b7xD9o7qAazpnjcLKU82rGVc6reQ/fKL8Y98bxAnXM2J+2zLwV
Wcy4Fdl0gxvcID3/+c/vTocp+0nisbuZ9Imn+9qv/dqur7z5zW/uq5V96GfMBY3M76CPOTW7qpGT
9L30ATjop89nLEaZkZnIXsad9C20B8ZR6AlKOSqhLE6mXPg48mMO8+AHP7h3HsMpavTnjF/pf5DX
nPTFOJt5A3gQP+ZJmSiP9cEYgHIMzavZRUcZnvnMZ3bjafoU5rnIWcYPyBj6PMJENzUv4/7e7/1e
+pmf+ZlOzvOO69kY93u6zmMf+9hu7mv4qT79P2Np6GYXG6fQ0V/+zd/8Tdd/0zfyHjxrDj0Dc0TG
c7Rv5ofUL/MT0hpyU5TitBH0C47xiUs+/A25sXxBGqRPPvIDfISOiv6UeqcO5Q2+MbdkvDPV0Z5+
9md/tptTffrTn+7GWOCGbgK9FHXBWPdOed5Z26XJ2JU64o9rhqAFRztkl2K5ExHeZE6rDCI+4YjH
mI1TCWm3jJ246ogdjjrGeZSb9osBhzi0R8aF6A/FKpaJdkQeb3vb27p5DQvHCIsxkfaJo60ylird
lLZv/+rOTOZqjGHJW1cb+/ONMMgF6hzjFA4eRw+IrJHPug/5H+Vnbk39R97jSgbSeNOb3tTh8i3f
8i2dHkFciE88wijP0Dchm9RTsEu5j07zH+vPyYu6ow9BFqg3RVf3rd/6rd14ssRiLC194cDs0ksv
7eqAe8G/7uu+ris/Oh7yAjvqIWI4hS/MV50afRR8i8xE74xsWiY3TGOq753KYwznc3FHFv3cz/1c
1/6hD36iD4J/0ZNSPjCNDr0E/E4bVo9EX/J93/d96ZRTTolBu2faFrIJnMCReFypgWzS1XiWdsVp
dpQNeQPuyCP0JLHvNQ39KVgoz4hLfrQ5ZA0yBTlGv0O/2HeaqnlO8af0P2AU9XWM5cCSXePMLakn
xhkssCgdY0nm0pSRNkDfjL4JnSdYokNhzl3TpU/hdzEc2ycwFqWfp32ia4U/aFfMP5Ff9FdPfvKT
O3lPPwT/l3p1xqvwIDoQ7QT0n8hv+Lfkj93mQeqC8RbjV2QUOj/Gccyp4bFoWxA/4qwjD0KXbk6f
YNwx/ir8TvpT2j7hV+n3id/cLiGQGWOUyx3zxjr/5c6FXm/xlwfqHb25YS3e8T0L9o0ssDeVJQ/y
NoWJ6ficFZKb4oBFnlgOxst3dWxkReqWeFNxzIrojTwZH8wrKxY38kSqyysbxAbDWqY8uN/Ik8hN
9OXOeSN3aoPx8wBqUxzKk40Vg3HIM9JIHMqV7yLfFK9WPxGvrFTdFN6yRD8rW7eUa05eH/7whzfy
AHtpfvJapHPsc97NtpEN40vzoHx5grIJd3gr3wUzGDffOb2RBx2b4kXayD8rXqrtIobjOd+1tSWv
rJzvTZs4U/giT/K2pE+5s0GxyyMvXtny3W8lrct+l3Ih8k98hh/zxHJLGc8999wttBgP/kOmRBpK
viXdPKHbwv+kkRVii7Zs/Zh26SMX4G3yysr5XprKeP7OA70FnVPbfh4ojsovHxG5yENMwKds+9KE
Dz7Z0LiIB6/nQfqm/JCv+Z6qTe9MIyu7FnGzwqQaxrDLZI40j/Hn5AUvDskA6CPMmPyXhaGO88Rm
EA9xsW+YyhfSkBfBDOaTJ1cbeSK1LeUyT/ysuOvyXSab5uJOumLU55d554nvYJysWNmEA3K7L+34
PivUNsWj/FkRsCVulCkRK5+nYlGOtyJN8Tm2Q/Oa60/pf/r6kkgbz7VxXZ4Yb8GvjIfscrxleaby
+9Q+Yey4TlqRKVmRtOCPGl8YFj9flbMIS5l2mweRBfmI2kHswVi8150HpXNOn2Dcsf4q/D617a/S
748tz34LN2oSvQ8D/cVf/MWm9sgYE5cV3JveZ8Vz1y5jEcfwJGP60l100UWb0o4yimfGfNkYV0ab
/Dsrazey0X4wr6xY3MjKwy7tWv9T0sbvrCjt5v2RoGyQ2siG9sG86CtLl40wg3HIL9JIfMqV7yLf
FK9WPzGvvIB0U/hauZjXMA6Pbk5eeZHBxrd/+7cvzU9ei/mNfc4K+I1sGF+aB+XMmww2JQtvMbeo
YeC7fO3NRlZybooXf5B/vjpuYxnuxGHsZ7r6jEGG3BS+yIaNLemTTzZMd1lkY9CW734boqH2rZQL
lqf0wSUr8LckkXdabaHFuPBfXtC4KU7Jt6SbF7Nv4X/SyIbnRVu2fky79JEL8DYuL6DopamM5++8
oGZB59S2nw3Vo/LLCwYWefiAzC3bvjThgw/6Tx28no1Bm/JDvuYFppvemQZjVl1eYFMNY9gxvG9a
y/w5ecGLQzIA+gizHY46zpsTBvEQF2XoVL6QzmxAHsznvve970ZeFGLwbfPzougu32WyaS7uY+Zd
Zd7L9IvoZqNDblsPQz5zpdJl4+iWuFGmlOH5PRWLcrzVRyNzn+1yU/qfvr6kpLM2rlMvU4aNv5Fd
jrcs31R+n9onjB3XSScyJRuXJW+jxheGxc9X5S3C8rDbPJgXA2x84zd+4xbejTSCsW7deVA65/QJ
xh3rr8LvU9v+Kv3+2PK0cNuDAKusRrl1V2SgIMyrVDcwBiMQojGTCWle2dR9qxlJ8m7DLg6K/LzK
qJscosTLO5oXwqZUhOfdo4tvTALzqsENjFx/9md/tpF3kC2+5dVzC0XfXAwpF2XKq9sWRjyMGRiw
FX7RKJ1X9m7kFVSLb4ZBEZpXu2/kFXKLb3nl1MLwBn15ld7iG5NHOiEG4+CJgdW0mNRanlIBTKfJ
dwyDeZfAIg40lkZcwjH4ySu8OmNZrX7MB59JDPjme9s28m6xRdp5FV73DqNQ3rHb1UWMx/OUvBjc
xsl9Xgm/AR+hZHz2s5+9yBc8Iq+VeY75jREx36G6KU2MhHk1/kZppGHwapryLTTAu/AgE0v8vONx
kV7Ju8bH1zC7DHfCwnPUKXWVV+B16Q+lPYcvStrhcXmGNhkH10zuomEglmvMM0Yn+Vkf5RZtJO+g
Xnxjwh6NuKSdd1N235noM4hl8AR/gCNp0XYiDfko/E4+UZ7SSHrGGWd0yhsHArRB+I/41g80MOCC
DvJi0izN5GtelEkZiLzIO/Q3nvKUpyzCYpiAXvkjGrWntn0UTtIw5Mc8YpmIQ7lQ3FAm6jfKrdLw
g2yG9/Iq/y350hbAFnlDmsonlATWSV5t2ck66gIMlGdjeF98h/w5ecU44AEWvMNoTd8hrttFo3xL
uvm0go28onaLkpA2AD6WdSpfEA++k3b4kAUueUVy178qO/ge+y3zW9V3gjYkm+binu+fXJSLOsm7
WjpeYzwgn1GuMu+8SruLh5xGhpI/i1ZsqyUOqxgtwY8+iTGPk8J8csFCjpb4zsGCNkQe0k+Z6S/h
G+SRMg45oywr8536e2r/A77nn3/+or7oY+HD2MfAm/BlpAXFa9511I0nLAd1y7iCcQdjDPqhWK45
/D61T6D8UT7CS1GWUwcYv6FFuuPCCg3nlAU5w8QOBa8Y8T7vyllgsZs8CJZxPPekJz2pG3vSJ8BP
cZGV4639wIOxbe10/zOH3yN98M+Y/mduvx/b2EF7HjWJ3oeBUBDCVxiD4Q/GVTrG93kXS/etZiRh
bEEcFPmM0zHSoND/qZ/6qYVMLhXheWfg4hsyOO/e2cDIhRyI4xDGeqs6ygV9eRf1woiHMQN5w3v+
olE67x7ZqC0aYVyed6xv5JPsFvHyzrCF4Q06H/3oRy++YZhiXI9SDjwxsJof81tdqQCmbfKd/inv
2F3EgcbSiEs4jKss+qVuavVjPvjIUvB9/OMf380lpQc5zDuMQvQt1EXppuQFD3znd37ngva826nr
w+iL8gkEi/fkH3mtzHPMb+bCeYfxpjQxEtKHxnkkeTGv0Mm3vId34cErrrii8/OOx0V6Je8aH1/D
7DLcCQvPUafUFQv5yHco7Tl8QRki7fC4PINi3TEzebNAPxoGoHGKc5xBWv7lnXddG4ljCuZp9D/R
occhDvNvFPh5l2LHH+DIe3Ry0eUd4J18ojylkfTe9753NxZ63vOe18WlDcJ/OOsHGpifQgd50UdL
czQSUyZlIPKCMSRjfMNimIBeMUZ3o5va9uNY0vRrfswjlomwlIu5CWVC5ka5VRp+kM3wXtQTmB9t
AWyRN6SpfKL/tk6Yz7DIgLpgjq48G8P7YjTkz8krxqEsYME7xpn0HZZvu2iUb0k3n/7R6ZDKRf20
AfDRTeUL4sF30g4fssAlnz7V9a/KDr7Hfsv8VvXHGM7n4h4XllMnzF3hNcYD8hnlKuViPjGiwwM5
jQwlf+Y0ttUSh1WMluBHn8SYR2MzG6uUoyW+c7CgDZGH9FNmxkHwDXM9ZRxyRllW5jv199T+B3wv
uOCCBR/Sx8KHsY+BN+HL6PIpZ93cmfGE5aBuGVc4xqAfiuWaw+9T+wTKH+UjvBRlOXWA8RtapDsu
rEB3SRjKgpxhns5mJjHiPYvsdbvJg2CJngD6+MN2wdiTPh9+iousHG/tBx6MbWun+585/B7pA/cx
/c/cfl++av7uIXBgDOcwKn8arVWu+d5vKAcZJPuegRQGBJi7VHYTRiURg1TjaMwiDgMm30dfA0Vp
/Ilhxj6rrK8ZnjG6UiaU1lGRi+DWGItymI4g5hcnCO5kjhMeBpcxPM8xTYwr5Bfxq+XDhFyFaGkc
KNMHs7J+yjDxt4Ot0jAXw/Q9L8uLQRj128cXTLT9XuO1vnz73lsW0uQkgxgOpZEGCvkJRYP5Y7yN
dU9cfqtoAlMGoTFNn+XlKbgTV16ptRnzt11N5Yt89NKibAyMpRVf5UqtLcRwY59tp2DJYD3GY+IM
LnxDrsRvPjMgon4YPIG5BrI+XqcNabAlXcpjWvgseom/4zPfyIs/3jtZK+tAGcgqQsIRHr5h4utO
ePnNuNYnNI1t+6RN+6bcKsOYZPueb7XymDfYSg9x/Iu01BYeGR9aKVcp28jXtFjoQjjyEje/URcs
JCANlGy+n+vPyUsjMnXDwLXMO7aFcjFGGXbZb7AGC/5YHBLD8w0c+BblaayLsXzBQhcXTOVj2avY
atAlv7KNR7rmPKsElLdraczB3XYEzRiiI5+RBzJZDGt5uwCIk0xYGMEEi4UwpFeTv8oWjIZ8J33e
ka9/tbLFd8qbIcP5HCzMQ1lT9kEu9tuutmV++vJlDWfD4CsrSj5kDAimYM8EMsaJz5ZvKMyq/G4d
QQt/Q30CYRnXQbt9ej7Cv4vH6SPypHT3jU3gQTBA7jEG8ESjMvxu8SCTX8vP2DTWAc8s3nQ8S99q
OflmWdeRB+f0CWXZp/yeyu9z2z74T+33p5Rjv4XdvSn73uTkXELlWqSCbygHqTMdCjsMCLTpUtlN
GJVEGDF1GrOIA1/WnGPe0vhTC7vsnW2lZnhG3lAmxrVRkYuBSGMsymHkaHRRjrmTmbmBso3xceli
mhhXyC/iV8sH5aYK0dI4UKYPZmX9lGHib3fxlYa5GKbveVleKM/FosYXGPD8XuO1vnz73lsW0uQk
g+hQHmugkJ8Yk5k/xttY98TltwYvMEUO1py8PAV30pFXatjwfRW+YFGcZWNBXXQvetGLum+1thDD
jX22nZIfhqboMPyDC9+QHTXHrkPqB8MvZdZA1sfrtCENtqRLeaJj0Uuf4xvGZXfp2ieWdaAMZLyF
gz74hrkb4yic/GZc6xOaxrZ90qF9U+7v+Z7v6XDSiM97/mrlMW+wlR7S0kVamMuVzvjQSrlK2Ua+
OvVP5AUO0VEXLCQgDRacrOrm5KURORr7Ix2xLWDgXsXRV4AZfyygio5v4MC3KE9jXYzlCwy0LpjK
x7JXsdWgS35lG490zXkeYzifg7vtCJoxREc+g05kshjariL9Gq45yYQxKYZQ5jakV5O/yBbaOkZD
vpM+72xbZf4xL5+VN0OG8zlYmL6ypuyDXOy3XW3L/PTlyxrOhsFXVpR8yBgQTME+LhKJcXm2fOju
+tyq/G4dQQt/Q30CYRnXQbt9uroZTh+RJ6S7b2wCD4IBco8xgCcaleF3iwejHYOxaelYvOl4lr7V
chLOsq4jD87pE8qyT/k9ld/ntn3wn9rvTylHC7s9CBzyhnOEHJ2EwpWdxay8ZJUqEy0G7BgvCOcf
QtDwGAfZbcYOUP8wSqjMqynETWesz2ou88t3tnQGs3ynSGfgYKDEZFOlvGlqECVen2HCCSBGd+L/
7P8ecUscVkWxwt0y4VMuDSIaBhkYuhuopvCEHhS8hDEfaSx9MJuCl/QuU56X+fB7WV4uVih35Me0
XFE6pFSP4YeeLYu4lmE1FFA35CdPRAV6GYfBo4YcDZplGPlkCu6kYRvow35VvrD9RGMA5YFOMCgV
/GW5xv7aGaFgAABAAElEQVQ2nz6jpIZwcIw7ExnAaiyGnvKvz1Al3oRnIDeGTtqv7a7Mh99lHVgm
MTLPWMfym3H9TXpj236kvcwzfiufDUtepewEE3YkWc/SF9OQVoxhDPTjt/IZPrQNMIlmtyhpIt9R
2nI8ziqnFsT8pubFJM/FJezEiGnFZ0+W6JMNMezQs0rdvnTk9Yi5WE/hi2hgdvFGSRdld0GVbY8J
C/3aU5/61ME/VvKiSCrT9Lc0x3L4DX8u7hrB4COOmYxp+uyCKnjYd/goap6Ud2+BY+0vts0Yr9Z2
4/dlz8bvk0dzsTBf23Lc2cw35X9fuYw/11/W/5iuvBAXg/CNcjMeoS6Uk8aJvuUbCjOX383HOoKW
ZX2CYSOuYhHruEY3CiKUd8rDGh/WylnLU9rH+MaP9JXxHINzpQByoPzObxdjxLLz3rKuIw9O7RNq
5Z7ybgq/r9r2I/Y1vplC934Puz3T8fVNRSUasqZ0fKspqOVF5Aw7i+mPmVexGJK2Sp8YHfNEZRJG
d3abMaf0D6OEdNTyi2mNeY4LCVmUg8GM6zCQkfAzfbxKedPTIAqdfYYJr2ZgfkB8DQ7EoR9inGWZ
8CmXBhENgyg03Q1UU3hCD3KSMOYjjaXfVz9lOH9L7zLlueGjvywvFyuUO/JjGh4TPaRUj+GHni2L
uJZhNRRQN+QnT0QFehkHWaUhR4NmGUY+mcqntoE+7FflC9tPNAZQHugEg1r7Lss25rf5lDvEjash
HBzjzkR2d2kshp7yr89QJd6E5zqXMY72a7sr8+F3WQeWSYzMM9ax/GZcf5Pe2LYfaS/zjN/KZ8OS
Vyk7wYS5tvUsfTENacUYxoKFIQcf2gaYD3EiBWki39m9+c53vnOlUwti3lPziotL0GX0OU+W6JMN
ffHK9xqn+tKR1yPmYj2FL6KB2cUbJS2U3QVVtj2MMfRrbMgZ+nva057WnfJUpulvaY7l8Bv+XNw1
gsFH6NhqzgVV8HB0LOwtTwAFU/9i24zxam03fl/2bPw+eTQXC/O1LaP3jU7531euGHbO87L+xzTl
hbgYhG+UW72octI40bd8Q2Hm8rv5WEfwwrI+wbARV7GIdVyjm4Ua6BKVh/Je9GvlrOUp7WN840f6
yniOwblSIBrFYzgXY8Sy892yriMPTu0TYnnnPE/h91XbfsS+xjdz6G9xtheBZjjPkwYUn+64icIu
PiMYVe7AzPHb0HOp5DONKT4KLlb9DOXDCt9oPFdZWTuK1LydxGpIUcgO5eM370w1H96zsti05/go
QKfgJb19BpIhGpblZdrLjP1DeUz5Zn6lgt80Is4odTTsDymjo9K2r25Mdwru0GQb6MPedOfyRVwo
wOIQ8vQo86Eyi9dYv0/pbnzpiPg4UbItnHrqqZ1BNt7PSpuK7dH0xGWoXRoWP14XQX6U/SEPecgG
RmPzL+vAMqnMNs9YBvnNuP42zSHfth/pLPOM38pnB9ZDefiNyVwZX1r72koZPu5uNt3ol7tRy/hT
fk/JS+MitGDA78uHiSphVpVFygwN1WV+8ro8wXexjnj1PcsXGpgjv5V50aexSI20UGDwPcqrvjx8
X+ML85DmWA6/mY+Lvabgrswb23bNMy5ggn5wOffcczfOPPPMRRvuw6rWdk13jG/8Ppm5Kg/2tXvz
7SvXGNqHwlgXfXVs3CFe6KPduPhjwszld/MRqzF8ZdiIq1jEPqekO7Y3eBAlFfLk7LPPXixS4r19
hrTh1/KM35c9G7+PB6MBd0imqzwrF7GVZZUe841Y+W07fHFfxoNT+oRV6ZrC76u2fWjtw37Vcuy3
+Ns7LV+/1FSiwfOl41updCMMik933Nhvlz5GFp2KyjJM7XctP9MZ66PgikdH1/JhsVs0nqusrB1F
ar7uTtGQotKtln75zjtTzYfvXP+2iuurn740pbfPQNIXj/fL8jJtjp+NuA6luco38ysV/KYZcYa3
1YkMKaOj0ravbkx3Kp/aBvqwN925fBEXCtDX4zzKfKjM4jXWV16USnfjS0fEJ55GQPm4rg6DbLyf
lTZV4xtxGWqX5o0fr4sgL8r+0Ic+dAOjMb/5K+vAMikDzTOWQX4zrr9Nc8i37Uc6yzzjt/J5aMFB
mS+LsUsnrX1tpQwfdzeX6fO73I1axp/ye0peGhehAQN+n3OstKosUmZoqC7zk9flCb6LdQ238p18
oYE58luZF30ai9RIg41OuCivyrTL3zW+MA9pjuXwm/m42GsK7sq8sW3XPBkjRmMluHDqlJsRKFsf
VrW2a7pjfOP3ycxVebCv3ZtvX7nG0D4Uxrroq2PjDvFCH+3GxR8TZi6/m49YjeErw0ZcxSL2OSXd
sb3Bb8yr0W9yIi9p2b7sM6QNv5Zn/L7s2fh9PBgNuEMynQWi0FkuYivLKj3mG7Hy23b44r6MB6f0
CavSNYXfV2370NqH/arlaPG3B4FDxnCOEYsdbjUlGqvWODqViQSKO3e8sTtRwRfjqSjlG8ecsxPm
DW94Q/WPFckoBldVBGHcZ2UQA37p485N6JLGqPRUaYggZxV1LX8NKRrO2WFOWqTJXaB9ZeK9aUbl
W8y/lt+ydyjhIs7LwjvwXaa4rKWzLC/TjsroWjrb9c78WCBRSzPiDP7uvkKJ3LdjFh7QQNRXN/LJ
FNyhj4EAvNKHfaS3L+9aOeM7j1GnDuhM3SlX7iyLcaY+q/ilY6zFta1HfDT8srKX44hiPE8C6OOb
KXjH+mMXS9zxTp5O/ss6sEziXstTfjPunLYfy22eQ4ZIw4sfCw2oyz45w3GeGB2Np1/S7vs+H9zY
TcJqZYzGyE/uVIqLpcShL42x76fkFY1ZQztNrRvl9FhaynDuhuYUjdquzho/mfeUPiEaiumzSjr8
LR+IPTtiPY7ZPq3PZ6eW6ZT+Mv6Yi7syL8qCMu/ab+khHotuYhj6dWR0X5q1thvjL3s2/pDR0gUM
c3jQdq+skR7z7SuX4eb61oW805eO2NfC9dEe0xoTZi6/m88UrGphxSL2OSXdhqE9IQdj+4+G67Ie
obGWp7SP8Y3fx4Ok4akaXgFUS7fWFxOuLKtxzXeveXBKnyDtc/0p/D5XDkbaxH5Mvx/jHbTn7ZmO
r28qfYocjFiMg2tKNI6jhMeQPSju3O32iEc8YjFnjfFUlCKjOOacsQNtvvbHcc8oBld1HNnKLldk
ovRx52af0lOlIfPq2nHI0KMhRcM59xtSJtJkflArj+9MMyrfwG8VR91FnJelNaQkXBZ3WV6mHZXR
y9Jc5bv5sUCi5iLO1IG7r1Ai993zDQ9oIOqrG/lkCu7Qt0xpHOnty7tWzvjOY9SpA8YBGp/6jNwx
7thn5UW8Oz7Gta1HfDT8cscsOo3oPAmgj2+m4B3rj8X4ccc7eSILaK+l4t4yiXstT/nNuHPafiy3
eQ4ZIg0vfiw0oC6VKaXPXb30v6UraS+/l7/BjePc2d3O6YvIT+bWcbGUOJRxp/6eklc0Zg3tNLVu
lNNTaTK8Czo5RaO2q7PGT+Y9pU+gzmyr9Fl9Tj4Qe3bEehwzfD3013e6CXkt44+5uCvzoizoK1t8
Lz3EY9FNdCzaQ0b3pVlruzH+smfjDxktXcAwhwdt98oa6THfvnIZbq5vXcg7femIfS1cH+0xrTFh
5vK7+UzBqhZWLGKfU9JtGNoUcjC2/2i4LusRGmt5SvsY3/h9PEganqrhFUC1dGt9MeHKshrXfPea
B6f0CdI+15/C73PlYKRN7Mf0+zFee94dBA6s4RxjTFTOcCwcCrSaEg3lDxNhJuMxDs/uwovxEDT8
Rli6G7aMx2/u92UiXPs25Z0T8VpeKAc1NkSlp0pDaDzvvPO2GO+jsldjrUf5UjbK2Ecjg2XS57t3
bpJP345IFIes3KeT7UuT99RDxHkoLN+GlITL4i7Ly2OLKVffbm2OYGKQilFuWX7LvlsW+JBOtgzv
3d4uhIh3H8fTEGI8+YYy9Bmw5JMpuJMHNJJuzSDB9+3gC9se+fh3n/vcp7qTO5Z7yrOK39oCBJR+
97vf/bq8PTI+LghAuVfmpQGgz0gwBW8xpuyXXXbZprygzaOuyzqwTMqDWp7ym3HntP1Ydo2gNRlF
OIyihvcOOQzn0YDjd32MirXvJe2Gr/nyENdS1L67OEMcamHGvpuTl3WFMbt2Hzx1p3wfMiqNoRE5
ZTtCkciCMePRX/otYjGHL6DZBTusADeP6IsVedbusY9hpz6P4Y85uEea3SVf0oZcZtCLwtBvto0a
Ft712id/lTd9fTJ1WGsj5m3b75NHhJuDhekbV1nje/PtK5fh5vrKxsirtbSGeKGP9pjOmDCr8vsU
rGphxSLWcUm3OCBnYrunrIyNXZRW1iPfd4MHpY/xDXfLxTrwWVld9tVlWQ1fw8pv2+GL+xAPKjN2
o/+hTOJYo6mGk+/m9j/KtjH9/nZgvq5p7M50fe9yUZGDESY6ZAkKtJoSjTi0Z9ph6dyFF+MxRuQ3
YwLkUJ/jft/tuDvXneG1vFAOamygnetUGkLjIx/5yC3Ge/hT44bGWk+oomyUsc9xPybp47xzk3z6
dkSiOOSYWtr8kKMeIs5DYfk2pCRcFndZXh5bTLn6dmuzmPb888/fcsfysrxr3y0LfIiSu3QsFoQW
vqOroS/kN3/xNIQYT74hTJ8BSz6Zgjt5qIivGST4vh18YduznPj3v//9qzu5yXOOU17UFiCgWD7r
rLM6jD0yPi4IYExcOg0AfUaCKXiLMeVmQ0100OZR12UdWCblQS1P+c24c9p+pEcjaE1GEQ6jqM57
VTGcRwOO3/UxKta+l7QbvubLQyzorzkXZ4hDLczYd3Pysq4wZtfug6fulO9DRqUxNKIPtS1xNDwL
xnT0l36LWMzhC2h2wQ4625oTK/Ks3WNfizP23Rj+mIN7pNld8iVNyGXG0CxS0Nk2aliwOAQM+uSv
8qavT6YOa23EvG37ffKIcHOwMH3jKmt8b7595TLcXF/ZGHm1ltYQL/TRHtMZE2ZVfp+CVS2sWMQ6
LukWB+RMbPeUlbGxY8GyHvm+GzwofYxvsPnUnLK67KvLshq3hpXftsMX9yEeVGbsRv9DmcSxRlMN
J9/N7X+UbWP6/e3AvKUxDYEDZzhXkYNRhkkNE1lWq971rnftOlIUue6WVgljHI7sZTLne3wnSaUC
WIUTAok7yjBkGY/Vb3TmdNxlPMNM8ZkYkxZ5sRM8xqUsNaWnSkPi8YfRBYUkO+u579o4fPOObhWk
vOM7gz7zwqhDI0Y5y3eP5eV7NNAiMBDQvEdJwEQZDIiDMSUqbUmTPPkjLEdQWz8MRv0mDfp8w1jg
XWjsIsVQa3jSMqz+1LwiftCEIcQ6hq+Y2FMm/so6Mc8pvnVMetQzhnuMpRi7uNPXvFicAB38adTl
G6tapY98MaYbpzQ2UwdiRVko3xjcjQM2LCYgfbCnLvwWjThz+SLiZqduWbZztzn52I5JHwMlExra
CANvJ9B8Y8cM4Zloe984bRzjLu/ZeR6PfWT3H3waywJG4E16Y/BmAEE4wrPzF2ypO9prPI6KOrDu
CSN9tD3yl5dJywUx8htxCQNtGjuntH3Lp1EDzEiL95SVUy1ID57WIMIgkjLxBz9TTtMhLquxpSUa
AGjDlM8j+0ve47vp6Me8UL5E/qR+PF4/5mPcqf6cvJxAgwXYgZn5spCLtitW28H73r9JmvADPMvE
wDzwIxZz+cKFPqRHHvFUDGSH/Q/HU9tfWO45vv0F9evilZI/Yt3PxV0+p1yUkbYFvcgBT3DhGzhb
DujgHWMQF1lRZmQK7/lTHhhHPy5AIh3kDzKAMQaL0YiL0Us6iCcW1B2yjLakPOIdfzH8XCzA093q
yhrppk2Tb1+5DDfFj7SP6X9IO/KCMpL30M54A/xK2vlOfYJRDMO4QhpiWoSfy++kN6VPgG9KXJU7
1LFjH8e0ls3TJqgPTquBZsK+9rWvXcjaPix2gwcplzIBGlGQQSN/8PNTnvKURVuJx7mvOw9aN2C7
0/0PWE3l97lt37pRHo7p941zEP1p0+79F1pFDkYZ5AEOQ+M97nGPrl2iyEWWRWccjuxFnkZ36aWX
LuLBDzoVTowXWcyHIUtHX+YYezsUxyrDyIud4NFRtprSU6Uh7Zk/jC7ILvoDxuXG4Rt9PU4FKe/4
zhhch1EHGeEYzGN5+a7ugXguvOE9xjLGgmDAN4wpUWlLmuTJH2E5gpqwlAnjvN9IKzq+YSzgFD3S
5ehhDLWGj0Y6403NK+IHTch56xi+inPdsk7Mc4pvHVMe6pn+kDEUfQrX/fCeP/pL6OBPoy7v2UUm
feSLMd04pbGZOhArykL5xuBuHLBB/0T6YE9d+C0acebyRcTNsaNlYYHXdjrbMeljoGS8Sht573vf
u8GOcvNFT4Hj5ArvG6eNY9zFMW/AGGl4dv/Bp9GBEXgTZgzejBkIR3j0LGBL3TGHf/CDH7zIi13U
1j1hpI+2h5OXSYuxFE5+Iy4O2jR2Tmn7XeT8T/0HmJEWjrKiWyE9eBr5g9PgQLngZ8qpI+7rXve6
BS3RAEAbpnwe2V/yHt9LF/PC2Bn5k/rxeP2YT5nG2N9z8oLf5BmwAzMd43rart+3g/fVSZAm/ADP
otswD/yIxVy+cKEP6ZFHPBUD2WH/w/HUsV+17FN9+wvq18UrJX/Eup+Lu3xOuSgjbQuHHIh6RHDW
QQfhGYMgz3GUOeo+qYtyXEK4uACJdJA/yADGGN6ZjtFLOogjFtQdsox2rTziHX8x/FwswNPd6soa
8sfRpsm3r1z/E2ra/0j7mP6H1CMvKCN5D+2MN6iXkna+U59gFMMwrpCGmBbh5/I76U3pE+CbElfl
DnXs2McxrWXztAnqg81pOMK+5S1vWcjaPix2gwcplzIBGjmWXQc/o+uDPv7ice7rzoPWDXTvdP8D
XlP5fW7bt26Uh2P6feM0f/cQOHCGc4/AURj0+dE4oJLRsNytxHFy7ujkfbnbj4aroo/vDGAxKqP0
Mx18dqpGowGCbOqfRi7TvfnNb97d/fSgBz1okRe0xHwYHBLOOH0+xudIjzvgDE8aKGT9rY/R0HgM
IuxQ/F7LmyNrjAN9GseM0+cjtIwXFZF94TEk0GkaZ25eHrsd8ynrF8MbAzPzmuuXdRzz9Jk6jjuP
azx4yimnbOJBDFMaS6UtGotNu+bH4zfH0Eca8Z7WOXwhjfoYD6Wt70QDw87xx2CBfIgLPhywS9eQ
r5yxIxwKGw0ClAX8NEwNxfMbxpGy3SHDSlnAooA4GaF9o0ya0/bF3AGktJTthN/xRA8V/IZH5rq4
yXf4HsntUX3xW/lcM8KW8gI5TZ3HazhIp+9EBss3xp+bF0qWWBbaMH/xHXiNoWFZGHjqCU94wqa0
Yz48y7OmNYcvmODFhT2kWysXi7jMZ65f4l6Wx9/yufnMwR0DQNnGyrqC16HJfKJxSlr6/JJG0kDh
0hee9yxiA2/CjsWCePEklalYuJM20oV8hoYoW/we+3BxmeJP7X+QeZ7UIA2OkWq0x8VlY/LimpxI
/xx+n9on1OqWPiPKRmQgSqTYr9GeUa6WMllcSp9whI/l2w0ejKdeQBPtrGxbjLHl9Vo9rhMPgl9Z
ZzvV/6zC71PbfuSLqf1+jHuQnndvyr43OWF0KeVE7Xc0DpRzwtNOO627IicuSC13+9G2VfSRPu0F
ozJKv5gfO1Wj0WAOKhq5TPfkk0/eeNzjHrdJdkJLzAelL+GM0+djfI7OHXCGJw0Usv7Wx2ioQ4kc
F2gTppY3i5900KehzjT7/Li7Lyoi+8JjSEDZq5ubV+yvzKusXwxvKL9XdWUdm1/0qWPmP7oaDzKW
iDRimNJYarxoLI7pl8/x+M0x9BE/3tM6hy+kUZ/+Qrr6TjQw7Bx/DBbIh7jgw6uipGvIV8486X8X
jw6FjQYBygJ+GqaG4vmNPq5sd8iwUhawKCAuaqB9Y5Cb0/bF3PtnpSXyIO/4TV3qVPAbHpnr4ibf
4XskN7qr+L72XDPClvICOU2dx2s4SItFoau6uXm5scYy0YbLOQF4bYeDp1wgbX6lL8+a3xy+wKAV
F/aQR61cXBG6qitxL8vjb/nc/ObgjkG1bGNlXcHr0KSLxilp6fNLGklj2TyPRWzgjRuLBfljfNZN
xeLyyy/f0h7RP+KibLGcsQ83zyn+1P4HmedJDdLgGKlGe1xcNiYvrsmJbg6/T+0TanVLn8FCQ8uI
DMTQHPs12jNzmFImG6f0CUf46HaDB+OpF9BEOyvbFmNseb1Wj+vEg+BX1tlO9T+r8PvUth/5Ymq/
H+O2551H4MAZzhFMF1100ULgIShQBGKAOfvssxfvGaSruHHXRKkQV/AhiKNR2ngcQc5duYaLPopY
jnJmQmb4ub7HhiMcaspPylXetcxgmvKgSGUQxSq6GBcFI4bhGk3sDH3AAx5QLdfDH/7wbiVZLR4Y
xzzEA3wRBDFOTdFn+NJncGDcmrK0DB+Vq8SbmxdxEdBRCW1eKHQxEGxH/ZKPHSiKcHaEuQOB/MD0
uc99bvUo53I3lvThw7d8Fzt9T0OIYWvPnkRAPHmwFi6+wzjBgMO88KfwRYzHM0Z/04/0lOHm/rZu
UT7BZxihzA9DLgtxyrQxPnKXl+H04XMG89EArJxZNqkijYsvvnhLXhgw4u5ywiEH2OHIhD62NxY6
lAMiZAM7sb3Pm7gYiaPyKi5ImNv2wYiFMZEeaKWdMMAsDTGERxlbWzxDGqwshkaxhw9MuxaHvOA9
ZLJx8KO8KI0wxMFg7w7MGG/O8yp5sQPLkwKgy7/tpC+WCWw5pQLDNSemYBB20VlpOCfeXL6gTVlv
lgm/1mdF+qY8R9xjHuUzi99KeT0HdxSmrkqPedC2WOAAliX9tI0YlmeUb0xqojyObdE0+uQNi2qo
s7hIbCwW0BqN++Q1BQv4p6xXj6Kv9RUugLFMU/1amiWe/Lb/oY6UeYbjRCFkoavqfY+PEVuaxuSF
PDd89Kfw+9Q+oVa3rMiPi8soP2W0LVM2Fy0wDixlJ3XILrq4S6MmR3eLB+GrciErZYBOTl2BDvFe
dx6EzlhnO9n/rMLv0Dml7Yu//tR+33gHyd/5qfre58CVKlFmogjEAEO/6nvGFDoXBpUKccPSh0aj
tPE4grw2viYeilgW8mGQWtWx+5g06Qtryk/Kxbw/Oo1lKFKRu4zDY1xkF3Kp5hgDx8Xu4oCPwR5Z
UXNgHPMwHvgy3o2upugzfOkz7tPVlKVl+KhcJd7cvIiLcToqoc2L+QsGgu2oX/JRWY8inHkP4yvz
AtMXvvCF1aOcy91YxsGHb/leOk9DiGFrz55EQHx5sBYuvsM4UV5PMIUvSlrpL0w/0lOGm/vbumXn
HXyGEcr8MOQy9ysdxkfuyTacPnzOTtBoAFbOlIu+jBN9xp6lo++Ju8sJjxxgPIWuKrY3FjqUxiJk
Azuxvc+buBiJoyE6LkiY2/ahG91EpAdaaSfojChH6VgQW1s8QxrsKkc/o4MPTLsWh7zgPWRydFFe
lDoH4mCwdwdmjDfneZW8uDrLkwKgy7/tpC+WifrnlArG2iwExSDsorPScE68uXxBm7LeLBN+rc+K
9E15jrjHPMpnFr+V8noO7uzUjSd3mQ9tizkMWJaOtmE4fXZpoi+K8ph+uaSxT96wqIY6i4vExmIB
reiMo5uCBfxT1iv6AVytr3ABTMxvynMtTXGMvv0PdaTM8zsnCiEL0Xv4Tp9rGXVj8mJTUs1N4fep
fUKtbpnTYDewHJSfMtqWec9cH8c4sJSd1CH62HhCTU2O7hYPwlflQlbKAJ3oCqBDt+48CJ2xznay
/1mF36FzStsnfHRT+/0Ytz3vLAKHkXxuQEvdJz/5yaVh1ilAnpCnvGI5XfnKV05HH310Ouyww3rJ
yx1k+tSnPpWyEEm5c015UpRyg0l5NWw69thj01WvetXeuHwgL+Jf61rX6uIdeeSR6WpXu9pgnKkf
8wA3HXfccV058iB2QR95kW/pKEPevZbyBDVlBXkiHI4ygcURRxxRRtnymzLlyXFXFtiENK50pStt
CRdfgB95XuMa1+hwOeaYY5biF+Ov67OYw0+4a1/72ttKalYWpHwsbMpGq3TOOecs0qa+lmFO4Nyp
p6xUXsQD9+3mwUXiMx7m8gV4ZEVFygqPlBcVDLbjGWSlfARiypPllK8hSLe61a26JKAVfl+GOzzB
3+GHH552Gu9s8OvqGP4jr2W0zcEixpnT9o1PXPCD1ppsMpx+3s3fYZgHb52sUFb5fVUf7K55zWum
q1/96p1MQjbm1ZXd7+1ux6vmRT9Lv4WMRoZS17vlshIx5YVgW2RQzH8OX9CeqGN86vioo45a9Ecx
7b18noO7Mhce5/k617nOoHxinAF/4Igzlc+Jz1iDtgUv75R8n4PFXtbduuW97vzOWBIegn+mypfd
4sFsJEhZUdb1C/R12XA+2LbWjQciPav2CTGtnX5epe1P7fd3uiy7mf52jyN2k/YpedH/0DYZ21Hm
ZfNq+Om6171u1/czrnFeTV85Zl5NfPpK4jFu2O4+LytH0/HHH9+Vg7E8813mXORVG7sydrzDHe6Q
8uKklO9dXfThU+bVlCnOq8lr2XiePiUvkFvMq8foJabU616FFXPn1VP7o2V053t+UzakpGy0Sued
d94i+JR5tWM2IoP7dvPggqgZD3P5Ii9MSXlhfcoGpZQXFQy24xlkdVhnY1ene8oLFrskoHXsvJq+
BB3VTuPNvISxO/xHXsva4RwsYpw5bd/4xAW/q1zlKlXZZDh99HDoJpxXI2e204EdMtJ5NfLdefV2
t+NV88oLDLp+i/4KXQB1vVsuG4NT3lSxRQbF/OfwBe2JOsbnDz33dtdxpHHO8xzcaY/IXHiL52Vj
f+Yk8AeOOFMxID79Om0LnctOyfc5WMzB/KDGWXd+ZyzpvHqqfNktHmTsjqyhb6Wvw+Y1NIZfZ15a
tU/YzbKt0van9vu7Wa5DNa8Dazg/VCvUcjOAzbsVu4FV3i3YDQj81vz1QyAfs50e+MAHdsbhfBTT
+hG4BxShnMor+VJexZnyyvV0oxvdaNupyDs9Ur6bOOU7a9ItbnGLbU+/JdgQWEcEmIREJVZeIZ/y
8Zgdqfnkg5RPTFlHshtNDYGGQEOgIdAQWCsEDhXD+VqBvgfEMK/GEMjcJO96afPqPaiDKVnmHV8p
n+zTGYfjgvQpaRy0sCycyycRdvPqfMpByjvhtr2I+fShdOGFFybSzyetbHv6LcGGwDoiUM6r8+7/
dOqpp3ak5pMPUj4xZR3JbjQ1BBoCDYGGQEOgITACgWY4HwHSfguSj/9JrPbNR1t2pOejy7tV9ayq
y0ewp3yE6X4r0oGlF+PVS17ykpSPHkv5WI9udeWZZ57Z7bBgBWk+pmfpzoyDBM6rXvWqlO8E7lYF
52PPU74HqitePq682x1+wgknbEtxWXmXj79P+bj9brUqk5t8tUG38jQfy9YtYtiWjFoiDYE1Q4Dd
HPnYw5SPFtxCGQq1fAVAt3p9y8f2oiHQEGgINAQaAg2BTQg0w/kmOA7kj8suuyzlo0RTvruwK18+
urwzQDKvzkewp3yE6YEs934sFPNqThLjL1+H0+2sYg7JyQW0VXZbLzvxYD+Wu4/mfBxryldSdfNq
TiDM1/R1QfNx5SkfaZxufOMb90Wd9J55db5mq9M9sRuWzRv5qoZuXp2vQetO1ZuUYAvcENgnCLAz
MF+3lvLRzVsozld7pHwFwLafVLklo/aiIdAQaAg0BBoCDYEdQ6AZzncM2r1LON8HkvJdN1UCnvCE
J6RHPvKR1W/t5e4jwESeo//y/TBbMmenNSu2DxWlHMoOFnbku6G2YMGLSy65JN32tretfpv6Mt+Z
ljCQ11y+B7YzHo65zqAWv71rCKwzAhyDhpLX482klQVWz3jGM7pFVr5rfkOgIdAQaAg0BBoC/Qgc
KmP0fgQO/hd2DGJ8rbmnP/3pibl1c+uBAPNqFkKziaB0zKuZb2/3cdJlPuvym3n1Pe95z5TvmK2S
hBEdHcR2OK4vOPHEE6tJcXocxsM2r67C017ucwSYT3NqIQtGomOBFZs0WJTeXEOgIdAQaAg0BBoC
+xeBZjjfv3XXSzn3d7E6nvuNouMYIVY+MnFsbn0Q4Ng/7x2JVHHv1natBI/prvMzRj0mIOXkmnu6
OKp9O+8fwnju3YRiQj4oQbmXsbmGwEFFgLslaWve9cido1Pv3D6o2LRyNQQaAg2BhkBDYCwCzXA+
Fqn9G46x0vve974t82recxJWm1evV91yJPnHP/7xLfdWM6++yU1usl7E7jA1zKk/9rGPbcECnRBY
bOe8GuN5Oa8mH+59Pe6443a4pC35hsDeIcC8GsO582ru55565/beUd9ybgg0BBoCDYGGQENgCIFm
OB9Cp31rCDQEGgINgYZAQ6Ah0BBoCDQEGgINgYZAgUAznBeAtJ8NgYZAQ6Ah0BBoCDQEGgINgYZA
Q6Ah0BA4AAiMNpxfunHpAShuK0JDoCHQEGgINAQaAg2B9UXgE++6064Qd8yt3rwr+bRMGgINgYbA
QUXgLofdZV7RPv+8efFarIZAQ6Ah0BBoCDQEGgINgVEI/NjhPzAqXAvUEGgINATWHYHzP//j607i
avQd/vDV4u9Q7GY43yFgW7INgYZAQ6Ah0BBoCDQEpiLQDOdTEWvhGwINgYbA3iDQDOd7g3vLtSHQ
EGgINAQaAg2BhsAyBJrhfBlC7XtDoCGwXxBohvO9qalmON8b3FuuDYGGQEOgIdAQaAg0BLYg0Azn
WyBpLxoCDYGGwFoi0Azna1ktjaiGQEOgIdAQaAg0BBoCqRnOGxM0BBoCBwWBZjjfm5pshvO9wb3l
2hBoCDQEGgINgYZAQ2ALAs1wvgWS9qIh0BBoCKwlAs1wvpbV0ohqCDQEGgINgYZAQ6Ah0AznjQca
Ag2BA4NAM5zvTVU2w/ne4N5ybQhsOwIfvfyj6U/e+CfpBifdMJ18x1tue/otwYbATiCwsbGRfv9V
b02fveIz6fZn3D4decyRO5FNS7MhsG8QaIbz9amqP3/rX6QPveeDuU89Od3gpjdYH8IaJQ2BhsBa
INAM52tRDY2IhsC2I3D5Bz6e3vjG96WTTvqidMevvcm2p98SbAjsBALMq1/1G3+errjiP9IZZ9w8
HXPta+xENi3NhsC+QaDtON83VdUIbQg0BJYg0AznSwDaoc/NcL5DwLZkU0Lh/DOP+5n0hde7TvrY
hz6W7vfo+6c73vtrGzQ7hMALvv8F6ddf8OvpllnB/6OX/kg64ogjdiin9Uz2T9/8Z+mnH/vCdPyN
j+8I/OwVn00n3fakdNYPnpUOO+yw9SS6UZX+/rK/T2efeHaHxIVve0H68tvfrKHSEFgZgVf/5KvT
2179tnTNo67Z9T+PedFj0g1vdsOV060lsN15NcN5DeXdf/e5f/9ceuitH5o++FcfTOf+8LnpWx/5
rbtPRMtxEgLve+f70rt/993pM3khFv3+DW92Qvq6M0+tpvHh9304vfv33p0+/pGPd2FPvPVN01fd
7SsHx07/+bn/TO+69E/T+3M+n//859PRX3R0uvXdb70Yd1Qzyi+h59KXXpo+8Q+f6ILc7vTbp5ve
+sS+4IfM+4MwT2iG80OGXfe8oG992+XpsY97TbreFx+VPvR3n0yPefRd0r3vdfKe03VQCfj+H3hl
uvAFv5fueMcvSW/6nfNy33D4QS1qtVxvfstl6TGPfXW68Y2O7b5f8en/SLe77QnpB5949zavriK2
Hi8v+5t/Sl924jM7Yv7gbQ9Pt7/dCetBWKNiXyPwkz/11vQbr/6LdNSRV+v6nxe/6AHpZiddd0fK
tN15zTGc//d//Vd65feclz77qU+lf/nIR9LpT39ausmd7rQj5W2J7hwC//LRj6Zf/vaz0jWPPTZ9
7jOfScff8pbp9Gc+o/VhOwf5vk953dt+M5zvDYs1w/mKuL/9N/8w/c4vvTF95zO/Mx13o+NWTO1g
RX9jxuVZZz1rUajvu/D70r3Ou9fi90F++NB7P5Re9IQXpXt9773Tre78FbtS1Jc++6Xp4gsuTl99
z69OT3nlUwaVv//2r/+WXvyEF6cTvvz/s3cV8FEcXfyV4lpcilPcrVC0uLu7U9yd4sXdKcHdtbhL
cAka3DW4e79v/nN9m9nN3uXuSAKEnd8v2d3xefNmdm/+TxJRmWZlgsXHg5HfQHRnaBEkkxOEjUDS
/PgOL3r3+p3dVj9++Egps6agWAlj6fKg7NKRS+nh7YfUeHBjCh02tC49MB4AJFSJV0VWPenQZAtM
CAwif4d1Dqg+gHYu2amNPDB5K6DbYuAc63Ht3FH05MFtqtFqEIUOE1YbT0DcRMvsS5+AqC+41fHp
4yfqXLQLndjpRcHl++XBrQd07vB5ChkqpJwugMvZi2fz871wbPtxevvqrZ9vA+QPEz4MxYwfg37+
5WddOvj1yOajhPeLfwG0zZg/A0WKGkmX1eemj/im3kZn9p+R75/ocaJTpoKZ6cXj5xLgrtS+EoUN
73cdPH3wlIbVH0YHNxzU1QdBwlE7RlKIEL6Ax9vXb2lSu0m0bto6XV48xE0alyYemEhRYkTxk4a+
dSjQge5euesnrc2ENlSuRTk/8YhA31AOAhhq6DC1A5VqXEqN0t2DRke2HKV/P/0r4/GcLENS2Udd
xm/4wfjd9i2uMws4D1gGXLf+LM2bd4QGDy5NiRNFC9jKv/Ha5i84SrXrzNNGMWF8JWrZ4vsQSD93
/j716LGOWrfOSwV+T67RIDBvhgzdRt17/ENlyqSllcsbOgTOn794Sz17rqM0aeJQsz9y6d6NgdnH
wKzbyG9oyxlaBGafvkTd+LbZsfMivX79wW7zHz58oqxZE1DCBFF1eVB25KiddPv2M7GnlaKwYULp
0gPj4d795xQ3Xh9Z9eFDHSib6JcVLAp8LgWqVZ9NS5Z6adUEJm8FdFsMnGM97ho5kp7dFkD44EEU
Kqzf3xM8wPevXtGIDBnp0ZUrMqrihPGUu2VLTg6069l16+jYvPmyf9ESJw60dr6Xiu+fO0fDUqfR
hpumTBlqsHIFhfjOFMw0AgTSzdvnz2l9zz8pTprU9FuzZl/dN1BwWvsWcB5ITOxPtRZw7g+BHCVj
AY5qMorWz1hPgXko76gPX3MaNHOg9Tun3xypCf0tHoi5S99tC7bToNoDg/SwHeau13usExpTWali
24oOX1gA9hukaRCsgOX3797T0/tPKZT4UQpg4M+yPen3qr9TzwU9dYfm7s7pt1Luzas3VDtZbXrq
89RhlxsOaEi1etbS5UHZljla0rOHz2iW9yw/oIYucwA9QIhjcvvJ9PThU2o5pqW/mnsB1KxVTTCn
AHj55ZOX1KN0D7py8kqgvqMDui0Gzt++eUXd6+akF08f0pjlZyliZP2B3OdOoQWcO6YgvvEgSOQl
BJEqiHdqdqFZ/K2HkY1Hym9WdRwrH67UucgAP5eOVFrNYnqfWlgHGbxusPaegLsYvHucDUYLIwCy
RzUd5bC42bc22m31WyvtnQcQO03ONBLgBwBuBMG3Cc3vQbUGynYqCOHGgjUL0Z3LtzVBT3w39Jjf
QydMAO3yToU7SyEKaJn3WtybYsWPSeunraeFQxfKuoZvHUFZBMivBpSD8IWXEERAub7L+9EJwU8z
e8+U2Yw0UMuq1lg4PrhZPggOvxMs4Jy58/Ov2HObNF1C02ccoMA8lP/8nn6ZGt4LoSSYX+7Xb5PU
hP6egPMFC49RrdpzKSjHDHPXUz32U9EiKaltm3wOf1cD2E+dZkiwApbfvf9I9++/oDBhQtLhwzeo
TNlpVLVKJlq4oM539bv61ev3lDTZAPLxeelw4f81oCT17FFElwdlf80xih4+fEXnvLtT1J8C32w6
hDjat19FDx6+pLFjKmgWA3Qdsx4sCrhIAfDykyevqVTpqXTy5N1AfUcHdFsMnAMMH/NrDnr18CF1
OedNEaI6/l395tkz2jZ4CO0YOpSCAjiXvzubNKWD06dTu8OHKEG2b/93p4tsFijZXz1+TJd37qTZ
lSpTpqpVqdbCBd/VOyxQiGqolAUUvlbBhOC09i3g3MB8QfRoAeefSWg2j212mPeZVQeb4vvW7Kde
5f8MUhD5SxNv17Ld1L9qv692zLcu3qJ6KesFW2D53rV7VCtpLSkY0H9l/+/q4whaaTBR/fzRcwoZ
OiQ9vPWQZvSaQcmzJBcWEMrTJyEVTz8QZSuSjWIn0pvYgmniljlbSnOyQQWcf+m1arUfvCkQlO/o
gGqLgfP3795Sj3q/0dNH9yzgPHizaZCNblzLcbR68mrhOqcaFa9fnD59+kSJ0yb2AwicPeAtNLyF
wEaLMfT+zXtqO6ktRfwpkjRPfnrPKVo8YrHsc8HqBanb3G4SZOZ3zw3vG/KdgwxtJ7alH0MJtzH/
sw0Rgm1eQoN/06xNOmGWZaOX0eSOk2UmWCaq3L4yRfgpAl09fY2GNxymaXkbv7Wh3d4mTxs6L4Tl
Ygoge/y+8fJqa838P2s5NxvRjKp0sFk7QU7P1fuod4VeEuCefmo6/RTzJ62CO5fvUJ3kdSh8pPA0
/fR0ipXA11rL7L6zaU7/OVSnVx2q36++VgY3V09dpcYZG8u4GadtVn5wMDa+1Xg5D6Bf93nd7X6j
XDtzTaZtmbuFFgxZ8NV+U+oG7cbDt/w7wQLO3ZhwB0XYPLYFnNsn0pq1p6lc+elBCiLb703QpCxb
foKqVJ311Y754qUHlCLloGALLF+7/piSJB0gBQNWrWho950VNNwQtK18FL+r16w9Q48evaLQoX+k
W7ee0Z+91lOWLPGpdau8BG1zYYyHiggBi0QJ9VYy3r77QDlyjqZ7914EGXAetNSxWvveKBCU7+iA
aouB8w9v39LYHEIg/d49p4BzzO3pNWtoZrnyQQKco72VbdrS3vHjLeAcxAjA8PjaNRqYJClJYHfV
yu/qHRaAZLRb1YOLF2lIipRfrWBCcFr7FnBulw0DNSFYAefQOtm7ci+FCh2KoMUQPV4MKli9AD26
+4g2z95Mnms86aOQnk2ZNSXV7VNXpNt8NjGFzx70pi0in/chbxkVQviyylcpHxWrX4yixtJLpOGw
EaYf+fBr9K4xlCFvesLBIYcfQ/r6mEb8xlkb5QHkm5dvqGjdohRD+P5G2CP6fPfKHWGGNbTsNw7S
1L6d2nuavA+clWYrAWylyZWW0ok/aNFtnrNZHkLKvlbMRxXbVZTj37F4pzC3/EDWn6VgFnot2lw+
Zhndv35fHgaWaVaWcpfLJdPN/rlCCy4P85dHtxyj2wKURYB2Tfbi2en8kQvUU2j9BaTGObRUD286
Qj5iPAABE6VJTOnzpCOYzpfjFoe0WQpnoV8y/ULoF7SCYGIUf5gLAIjgEZjy3bN8j+QRzEftP+tQ
quwpeUj08ulLUecBOi3m4NKJS5J/QOsSDUpQsQbF5JxpmZWbtX+vpTHNxxAfzDJfQPsI/KmGA+sP
0g3v6/JgmecW6RePXRS+NI9r854hf0Zd35AHmsHgAa5T5Q+k2wuXjl+iP7L+If2hD9s8VKdZBXra
848On6DbFmyjw5sPU+SokeUheprf0oh1VpDip4ivNffiyQu55rAGMHaYg4fZb2iFYy1+ED8kMRdo
q2Tjkn7oiHHtXr6bDvxzQM4NaJ65QGaKmSAmrRy/kjpN70zpc6fT2jPesGAATLWbAefcP9SLfoAX
oJVWSGieoc+HNx+hq2J9salyHPYXqVvETz+N7X6NzyxEgDmCFp2ku0lHsae9ffmWWuduLflq6vGp
cg0z4IEi6p5mUoVLUVirN85d12gKAKRs87Iazc0qA/8cFOX2rNgjyt4QZpZC0C8Zf6HkWZPT4Y2H
pa9Z1PE5AaAG75/Yk+Gblvdr7DnbFmwlgBkQSqjcvgr9XiW/rjnsGTsW76BNszfJ/QKJCVIkoBKN
SlKWQnptRC6Ice1d6SndfuB9hXGlz52efhN7tPf+s/T6+Wuq07uOH9o4ux7Vdwz6B5++a6askYIz
9frUo6Nbj8r+Ys+B1j/2x8tel7X959WzV7Z9dPp6aSb4j+HNpDb3/EHzxLvJm6C12WBAA+lPnMeE
qyu0wPsbezHWXPjI4SmTcHGxXVju2Lt6r6RjBmFyuUb3Gn7exdwe6AYegMAI9pX4yROId0Bmmtt/
Li0atkgH0nEZ7E0QMgEoBTPMCADLitQpSvkq59X2Vc7PV3fa4rLOXAGc/4v1+OYl9WyQR2qcDxfa
VlGixiLwJ4cfQ9rMbfMzX58LDfUDW5fRMc8Nwmz2e3r5/AmlSJeDcherRikz+r73A0LjHPOGPX3/
P/u5ecm7pZqWkoCsFilu8F0B0JX3VcxTkdpFKGyEsLRl3hY5d/wdBNc3eSvm1Yo7+y7GWto0U6w9
sZ/gD3N8Vqwhz9WeVKNrDSreoDitmrCKdizZIevuMa8nZRXfCmoA2Hl402Gtn9gD8G4wChqhDH9f
4B5t4Zvx9L4zgne3yXcX1n61LtXktwjyGIO7PGisx9lnFu7wz0w46gP9mmdvLgWp5l+ZrzORDhPi
XYt1ke8Io5CV+s6BxRdjYJCUQXB+XyOf2Xcig9ZIn3JkihQCwz3C0a3HqEvRzrIfkw9P1gHathx+
/8N0OgB5mIpXTbjjuwDjhSl2oyY4W+nBd62RFjweM9cw2Hs8unlIN0UYGwceM+ozgvScR71yG2b0
UfO5c481jH0QwgcYJ0K02NGobMtylKPEr7pvhs/l96D8neAOLdwpU/CHgu4UI/p3jHvlgrDU1WuP
aOVKsWcLsOj9+08UT/jWrl4tM92994xmzz4i/J2ekvEwBdynTzGKF1fv4uDgoesi32HCFeHHH3+g
ypUyUf36v1KsmBF1I/kkXBKECPEDtWq9nCZN9qTdu1pR3jzJCKAVh5DK72rEz5p9iN68+Ugvhe/l
unWzS9/fyLty1Um6cuWR1JRFv6tXz6zr217PK3TgwHUKGzYkvX37kXLlSkK5fktMJ0/doTlzDguz
zJdkXytVzEjt2uWn0EL4Z/ESL2Fu2WbJqWDB5LLN0aN30fUbTyimGEvzZrmpXFn7v0tcoQWP97UQ
Wtqy5QJdvGj7PR8rVkQqXjw1HTlyQ2j9eQQoiAwt1U2bztH160/EmidpcjxPnqS0bt1ZOW58ehQu
nIIyZfyZ0K9p0w7IvQF5P378l1q1zEPvBYC4RNAJIPfdu8/p55+jUK8/i1L2bAl5SPT02RtZ5969
V8jrxG3JP+CLhg1yUAPxF0Z8W5uFv6fuo2bNl9LIEeWoQ/vfNb74V3Qs9H+uR7jc+g1nydv7vvhe
Im1ukXbs+C3avv2iNu/58yfT9Q15HgpwFDwAnkdQ+UNG2Pl33OsWZck6UvpD37K5Of0oeJkDfnfZ
849+4aIPLVhwjDZtPkdRo4YXv6v/J3gxieDZTJQiua+A1pOnr+VaChkyhKR3s2a5pNlvaIXPFuvg
3TsbeIu2GjfO6YeOGNdyMS9r/zkj5wY0L1ggOSUQpsXHjd9N8FecW6wDe4EFA2Cq3Qw45/5hnOAJ
rLsYMSJQzRpZCOt285ZzUksVaw4BWuxYs/bm214/voZ4FiLAXrhgfh3dO1LtH/a0l6/eU67cY6TG
udfxTmLfi6T7jlf3NLWsO/dwc3Hu3H1JW5QHoN+8eW6H5uHBP1jj4I1z533kvpcpY3xhdj4+bdjo
TcWKppJ7mzv94TL43cL7J+YdVjN4vwbfz59/lM6cvSfXHNZ2lcqZuKi8Ys9YvPi43O/BVwgpkseU
fF6oYAr5bPyHceHdNW/+EY3f8+ROSuXKpaP9+6/T8+dvqHfvYn5o4+x6VN8xT5++pTt3nhH8csMi
Q9++xWnr1guyv8eO3ZJa/9gfvU7c0fafZ8/eCtP/Yh+dfoCSJo1OI4aXk9rcAwdtke8mCGQMEBYM
4E9cDa7QAu/v5ctPyv0usqinQIFf5F4DSxqgY768yah798J+3sXcHt7zGzeeEwIjr+WaTi5ojndA
//6baOiw7aYa5yxkMmfuYbp50/a+xPuxbp3sVLlyBj979ee0xWWduQI4x+/qdy9f0vhcuaXGeQev
4xQplv+/q08sW0ZzqlSVwDn8Y+8aM5aeXr9OEWLGpLxt21DqEiVMu/Do6lU6K0D3G4cOk48wF44Q
MXZsyt2qpSxjPI9D/34Q2MKKVq1p36RJ1HL3LkqaN6/4benr/sre737TDvgT+Vr4bvcWZuGv7vWk
O15e9On9e/pBmC//tWED+rVBAwoZJoxWA9aw1+LFwsT9bRn3S8GC9F7QctfoMRotcjVvRunK+bqs
Qpkjc+ZIWnNdaCNrvXoUUfgbv+/tLdsP+Z+5fKRlrlWLIgsafW64smcP3Tx8mP4nzt3DRolCiXPn
JrQzONkvdoFznwsX6PiChXR+0yYKJywRoGziXL9RpurVKVYK833m47t3dGrlSjoqTOu/EL7UQb8k
efIIOpSla/v309vnL6ho717SJcDZ9evJR4wZHyaJc+WSfxjnrWPH6NL27bJ/H4VgR9L8+Slh9uyE
ug/NnEn/fvgglJ4+0L+CD67u209nVq+mgt26UfYG9clzwkQ5L6in1vx5lKJwYdzqwvWDB+nI7Dl0
Q1wR0MeMlStRtvr1Jf9zZvh/PzhtmnxEW+krVaJr+/bRsfkL5NhiChoU6NqFfs6k35+5/K3jx2l0
lqyURPBssy2bZTucBl43M42PMcI1wanlK+QaQd9Qf/ysWch7w0ZKVawo5WrenKtx+xrc1r4FnLvN
Cp9VMFgB5wCmhzccrhEE5haLNyxB3Yp31eL4pvnI5lKjBc84aJ3QeoKpv0POP2TjUM1Mp9fOE9Sx
YAdOsnvt6NGRSgqwBAGmL1XzyXxoCaCzRuIamolJ5FUP7PDS6V6yuzzERRoCwFj4eIQmkDGgbJL0
iZ0ys9l6nPA5LgASNbhKCy6LA/HWwlSmoxBQB37OtIV+sClqaD81SNtA6xoOKmFmc1zLsX58TsIf
5sjtI8QPB3FI9J/2LQQUzEJaAdyO2j5S8xUK36HNsjXTzaVZOVXDyDi/KtBr9Jur8izXyxpS/Iyr
PTrjgL53hd5SEEDNb7yH1pbHCQ/N/CrS0c8FgxZoWmTGMnhuPKixBAhwEA1gsVH6Rlo2PiDnw2dO
wFwYD91Bx+oJq3MW06sZ76oZ+VBapaeabuwf0qBJNv/qfDlu45pDutGcLeK+heAfLTCGhUMW0rQe
to8lR2MCmJ4sYzJHWZxKAyDTNHNT3foz4wW1MpTpULAjnfE8rUbr7s2AC10GJx6MezWKDFj9F+1e
tksCrGoVxj6fEn1rl7etmkV3n1+A7J1ndKZwEcJp8QCZOhXupGlUagnKjbEdV9YjhMUapmvosH6l
KXnbZ2lfAWLvpu2LthuT7D7DVy/eaxxcpcXGmeL93cj3/c31qFfQwQxkAvA9pN4QNaufe96DOAH7
TFfxbWD0O8zpaGvC/gl+XAe40xbX6ex1RpuDNH9CD3+zA0xPnCKjLt+xvetpcNsyujj14bfClalZ
r6kUPmIU+lzgfPWk1TSu1Ti1et09vlWgOYwfTMZ3HWfEvPwUMwrVTFKTo+Q1UZpE8j3k6ruY9ztd
Zf48zD43Wyf4xeCyWmziwUl+BNeQbvYuUcvx/TjP8ZRWCJmpwV0eVOtw9Z7HZu87Qa2Pv4Ee33vs
5z2NfdKeWw+eA3yDs6sUr10naIRY3zPOzBCCT3ulqXT+1gWwDIAZ31Sjd4zyI6AF3ulftb/wn35E
p+3N8RCyw/dH9a7VpVAQ+C1a3Gh2D7PVMar3LFCIte/h5UHR4kTTkiEsU/XnqvIZAH2KrLZDFPRh
aP2h8t1g9o3GGv5/LuxFBar9rtUH2uJ7EfuPcW/SMik3gWXFiIUclKZ0qOAeVAAAQABJREFUtw3/
Ei5devi6dPkcfnfm290ZvtR18Ct4CM7AOYDpBg0XalQGKNCoUQ4qVvxvLY5vRo0sR+3b/S4fAVq0
br2CPKb5ClRxPr5u2viHMIGdSj7u3HWJChScyEl2r9M8qlGjhjllutF8ssfUqtS40W8EDc9Eifvr
zCrv39eOcuZIJMthzZYoNVWCxNwQwNjw4UNR8xbLOEq7omz69HEpYiS/Zwlapv9uxo+rKABkX4Ev
RLtKC64TQHvO3/z+zud0XAPKbLkzbaE9NkXtLcC5NGl9v7kA6C9ZXI9atFxGZ8/eR1Yt5M2blHZs
aymBY9a+hZlfs5A7dxLasb0lhfpPQOKWEFTImm2kbi7NygHAnD+vthSEMs6vCvQa/eaqPMv1rl5z
mspXmM6P8mqPzgCJylecIYFHXQHDQ/z4P9HJE511ZrrRz0GDt0rNZUN27XHwoNLUpXMBOS4Ai+nS
D9XS2CIDm4jnBMyF0SQ46JggYT/OYno14101o3/AubF/KBspUhi6drW3GHc4P2sO6Y8eDqRoQljg
Wwv+0QLjGTJ0G3Xv8Y+/Q/M63pkyZojnbz7/MnwQvJgp83Dd+jPjBbUelMG+6+l5VY3W3QeET3vj
Xo0G1qxuTEuFv+y5847o2jP22XPfVcqT1/7vjCqVM9LMmTUpQvjQWj0QbChUeJIUntIiDTfGdlxZ
jxAQSptuqMP6Dc3RsqX1admyE7RICAA4G5o0/o2m/m377kQZV2kxc9ZBathokcPmQIfTp7pSzBgR
dfkwL3XrzdfFGR94D+J47DPFik/R8SCn4Yq2DuxvR0kS6xXX3GlLrdeZ+1LD3tD67v7/ru4owPR4
GfW/qxk4t9dOFY+plLNxY10yazfrIpWHEgP/osI9fPsDM+KTCvgvhFl1mgflaOR7vqpU6dIta9/e
PXnStByA5hY7tguLYTZlL5i57h4xkmleNbLC+HGUp5UND7BXprXnXgkaAxRe3FA/Fk5T63Tl/pkA
rz2KlyB740JdRlPtWPtbBw2ijX/2sttUycGDqECXLjpha8zxlEKF6dEVc5wAlUUUghlwCRD+J/G7
skRJCcojXtV6n1utOnktWYJoGcqOGkn527cn1uDmeGeuXc+f00B+gNIrW7ehAx4edos22STA6aJF
Zfq9M2doeLr0dvNyQut9npT4t9/kI4Q6ZpavIAUgON3sGiV+fOp48oTONQKEAcDz1zw9zYrIuIAw
+75tyJBgt/Yt4NwuywRqQrACzqEVdEVoCt0T2hOD6wzWEa56l+qUrVh28hTa3SsnrKS+y/pq2kxT
u0zVzE7ioLdgjYJS4+2G900a0Xi41OxGZbPPi8PV5PE1DRddAyYPDI5zEg6ccMAHs47q4RAOzp4/
fiG0+47JNOMhGrQD74gxHd9mS+f6cIUZzLjJ4kng6+LRCzT5yGTZR2giQuNxweAFMntKoUXdYnRL
ihI9svQ5DkAEACkOMQEYcnCVFiingqGoq+nQphQnSVyhGXpA0prrVsfMca5e1UM+tNVkSBOprQZt
MlgbQEB8tzndKUO+9BIEBWB8UWhYQ5torBA2gDYRhzwV8ggt13Li8PsqTWo/iap1qkZNhjaRB658
aHzv6j2pTQlQLlLUSHRIaDUOrPmXrIIPfvHgDnCOctD2OSM01MCzKtCLg9ob525Kc6lIM6MfBB3O
Co1PaAIDUMQBtFk+tAM6tC/QwSHwiHxmwPmayWtorBA0QAD416B/A2kx4eHthxo/IY3bfvfmndTo
miN4/eCGg7qDYfQXfVkoePP80fN+DuS5LbTTUvAsDsChcQuehRa/2o58MPnHB/cqPdVs0DCHJYRR
TUfKg2sclI/eOZoSprJpRYD24AdYJEAaBC0y5svg8kG82uaXuvePFuhXUAPnaBP9eiDMyENzu2+l
Pojywwsy8r9/8FvfMkcLyZ/wq5skfRIp9HRi10lNOCoggHM0B2GbZ0JzGTwK/uUAXmg/pYPUxBzf
ehyFixhOArlhwoUh1R8t77fJMiSV1hW2C5+649uMl9XADHGrca0kLzH4xOAtTP1CYxWWKTbO2Kjt
n2h3lrevz3leI6jQmfWIPQZWN/h9AEEAWBKACw0E1P/XmoF0avdJ+rvL39KCRKvxraQGN79L8W4E
sAXfwLyH4j0K6WfUg30DJowjRI7gFi1gReTcofM0utkorX4AUbnL5xbWNy5Rvyp9ZV+N79WdS3fR
gGr9ZRr60EyUCSm0j1aMWyH9EcsE8U99r/LeDqEovC86TuskXBdklXNyQtCgVzkbXeImjavNL+px
py1u35Wru8D5pdOHqHs924+Z6LHjU/vBCynhL+npzesXtGfdfJo3vpvsRtZ84jB2xAqKkW2PK93S
5d27ypP6VOwt42CBBVrV0Mh+cv+J9AuO7ywECGHkq2QDEqDVf1RoKo9oPEKmgb7ga8zXlE5TaOmo
pTIeQocZhYWVn3/5WT7zfDn7Lr584jJN7zFdrl3wRB/BpycFcDu161RZX85SOeW3w/yB8+V7xchT
sHiCb0ms6/kD50lhM5V/ZCX//cO77JKwzjC7zyxtrwA9qnSsQi+FpYbBdQZJfjZa/OAxucqDatvu
3LsDnL8Q36ezzs3SaZzDQsCQukNMNc75nQM6w8Q7LOLsEoJHcwfMpTkX5tC71+/owtGLlDaX8EMu
aNwufzup7dx1Vldp3cNsXKgT+8CvJbLLPQZ5jPsn9rGnPk9lcdwPFQKvsDrkTMC3VL/K/eRcm71H
cLDCALncMzw6Cf6MJ/domJ1HUAF1PKMMW6UyCp2pafZ4C3VwCGzgHPRqPb6NtJz1g9CUXDF2hXxf
IB4m5tlPvLv8HpS/E5hmQXUNzsD5C6HJferUXbp69RHVrjNPR9KuXQpSsWKppFbf+Al7aPmyBlSx
QgaZp0vXNTR8xA55D1C6Ro3MFDlyOKkF3KjxQql5isQL53tQ8l9i0tZt56lI0Skyv6N/DI5zHoB1
0Kjr03eDDkQ+632PHj8Wvxu2X5JpxgP+O3efiTE9pm3bLsp0rg/XSRMrU7Jk0WnwkG109OhNOnqk
o+wjNBGhPQ+wEyF79gQ0ZnRFih49vNAw3CgBEQCkZ890o0gRw8g8+OcqLVBGBUMBPg4bWoaSJIku
AVrQmoM9QJfTnbmy9izyoq2hQ8pQhAihadWqU0Jz/5SsAvFz59SmfPmSSvAXgPFxr9tSQxLCBtDu
51ChfHpq0SI3nTlzn9q1X0mdOxWQdUKgiYFz0B4gPEA5aFlDq7FGzTmyClXIwR3gHJVA03LfvmuS
Z1XgHBqU5875CO3Q5zLNjH4QdDhwQFiVEr+rASh27bZWx1s8TlxBh9/9AR6Rzww4h3YqBA0QAP5B
uxQa+rdvP9P4CWncxzdvP9Dp03cFv26kDRu8ddqeBw5el30Bb4JnjcA5t4V2xgif13HjRKbnQut3
0aJjUotfbQf3ZsE/sPi9EG4+cuQWNWm6SAJnAMl27WxFqVLatAdB+3btVtESAZYiDYIW0HgFX3xr
wT9aYDxBDZyjTfTr1q2nQnM7JFWsNANRfnhBRv7377CwXPFrjtGSP9eva0rp08WVgj67hCATC0cF
BHCO5iBsA1P34FHwLwfwwt9TqkrteFgbiSj2TgC54cKGokuXH1DyFINkVt5vM2QQfXz3kRYKweHW
bVbINGhzjxtbUfISQHr4lGcBnt69ilKlShmlJYcZMw4S759oV10nvEZQoTPrEXsMrG7w+wCCAPiu
gwsNBNS/dk0T2r37MnXuskZaapkwoZLc6/hdincjhIVq1pqr7aF4j8KqBOrBvnHmdFeKHCmsW7SA
FZFDQgDrj2ZLtfohLFRe7NHQhK9cZZbsq/G9unSZF1WtNlumoQ8oE0pYXRk7bjftFNZYOKjvVd7b
IRSF98X0adWl6wKsb9CgbLlpshi063l+EeFOW9y+K9eAAs4T5cxJAIdDhQtHazt3oXMbNhBAwS5n
z1DYSL7AMkBVmAUHcFphwnipOQ5t8j1jx9G2QYNkfOczpylijBhyGBe2bqW/i9gATEfjMgPpHeW3
l8bA+WOhFV/irwESyIWW9fmNG2lejZqyWJv9+wjj5QCNbGguo/8ICYRWdPkxoym80B7f3LcfHV+0
yA8tfM6f19JQBkAttKKhZPX2+XM6tWIFLWrQEElUY85soQldWdJWRrj4j31Y3z97VpYs3KsXJcmd
i/C8pkNHrTYjcL5v8mRa3qKlTM9YpQoVH9Cfovz8s9Su53EhUfVxb2yrSO/elKFSRamlfmjGTGlq
H2UYOI8gaAsLBNDgXlC7jg44B9j/QFgkeHbnjkxT27lz4gStEwIfzGf1ly+jy7t20T9dbIKcqUuV
otJDh9DWvwZK+qv8sVbk2TncppBSduQIylSjBoWLHFlq+i9u1FgTLuh2Qbg6S55cWjaA5YGNvfvI
9tD/Xxs2pPwdO9DbZ89k3yAkkFlo4NdaMF/utwDOJ/1ewCH4jXrMgPMbwiLA2F9zyLQm69cRrDkA
7L8kxudRrDiK2ei0coWptrrM4MS/gALOv6a1bwHnTkx8IGQJVsA508cIrg7dPIzS5EjNyRJsgTlQ
BDWvqlXOmaHlyP4TVcADh0chhDkqPhRjABXxCGYmuRHvyNwip9k7RON01IMD5zHCPDybe0cc2lZN
KXP+1DlT0/DNwyXIg3wAkOunri8PGNnnIuLdoQU+EvtW6ivNoKJP44VWVdTYvmbt2Zwn6mdQFffu
BtZMwpiGrB8ifG5G1Kpi7TcclBsPeZGJzY6yBnknAZaUEBYJOABMZZPnHMdXpMHPJ0KEKBEkWDy7
n14AAmlswn/7wh00qPZAbcz+8QXT3gzo5TT/6OdsPvSTtfDlAfHyfojyDeI3rGqqHdpmVeLZ/IDC
LyqEFdQfuuABj64eUvgEh6yqRigf0pvxNNJgLlcFBFEXtE5xEG02XjbL2mN+TyokBFzsBT64N6On
WoYPo4399q8fah1f+72ztDCaaofGXZSYUSTAymNU9xeOC4gr1jUshqi8YKx3mzDbjTVlNqcstJKr
dC7q4NFBx5/Gelx5Zv5FmXJCwKbZqGaaaXnQS10nnBdgUb8V/TRLFNwe78d4ZiEs1UrKmN1jpbsJ
zo8r72ngT6aNu+uR24dmZo1uNeQPfGhxQphrsNhLfxVuNXgPkfuCGMODmw+oVtJa0qXDyG3CEoc4
SGQ3FOzPl/dVVSvVHVpgvFwX9mhVuA1pAMIntptIJRuW1OYYJpdh2QJgGean5Vih1fSfphLKAIgF
IIug7kFMC9DVzLwz0wHlGPh1ty3U4WowM9U+YuFx4R4jppw3rk812YZvjv7NCtOZo7soefqc1HvS
JgF0+r4fUebwrjU0rEMFWbz/tJ2Uu6Hte4Xrc/aqgr4w9Q/XN8bA72p8F+CdAICUg/pdAI3WTMIN
B3xLYx6N885l+Orsu5h5cJQQiILQEwQz/sjyBz178EzTWmY+MHvXcHucR+UfTlOv3J7xHckCP6AD
9lQI2yBwva7woNqeu/fcT0dj5rp5niGwUL9ffSmkCPpvX7RDE8BTv4u5HL9z+Jmv6j7GcSr4bQSX
OY+9K/ePv+mQL6kQVlKfwXuJ0ya2V4WMx/uev+URgXlCPcaA/alYmGLGaPncbnI7KvNHGV2aOjYz
/uG5MEvTVSQe+FvFmXkzlnX2GWbU4UYHgizYRzsV6Szn2ax/3Hdn+B17U1D+TnB2vAGVLzgD50wj
I7gKU9Q5fk3EyRJsYZPLal5Vq5wzQ8sxd56xdPjwTWnemwEPgJAw88ym2hlARTyCmUluxDvy981p
6gE/ynDgdDzjQH/3rtaauXfEoW3VlDLnz5kzEYEGESPY3mswU50q9WCpGQ2gI03qOChO7tAC+1HF
yjNp9erTsk/7PNtS7Fi+B/Jbtp6nosVs3zUMqsrG3PzXrftaaXYXY9qw/g/6KYrtHYXqJk3eSy1b
LZcAzvlz3Sl8ONvZCTeFucyWfaQmCDF9WjVhct33oB1gqtGMOpdFGszsI8AccT9h/rdvv40aUMz5
2IT/wkXHqVbtuVq6f3zBtFeBc66T0/yjn7P5UC9r4aO9FQL8UgN+M6um2u/df05x49kEhrt0LkhD
BpfW/W4BDwCwh/AJADhVI9SRz1+kLV5yXAcIoi5oncJ6hNl4WWgFJsdrVM+idlt37wxYjALsi97Y
b//6oWvsK39wlhZGU+0nvDpLzV7QgoO6v3BcQFyxrmfOOqTjBWO9CwT4jDVltkZYaKVM6XQEYFU9
9zHW48oz8y/KtBBm5EeNKq+Z6we91HXCeUuVSkMrVzTULFFwe7wf45mFsFQrKXt2tyaYZ1cD72kq
cO7ueuT2YRmiW9dC8vdZlaqzaPmKk2IvbUrFi6XW3gEsgHBTCDYkSTpAunTYvrWFfL+wGwqA/P36
liDeV+/de6HNnzu0wLi5LgDaqnAb0uCioW27ldKKC8/xg4cvpWULH5+Xcn7GCkEblUdHjd5JHTut
RnGd8A7TAnQ9crgDJYjvexaMvLyX4h7a93CD4m5bqMPVYGaqveMJL4oozK2r61H9Xc1tsMa5UQv7
5cOHNDxtOpmt0+lTFEnUZRZgAvuDAARDCu3tEELZYErhIhJobHf4ECXIlk0rAhAS5qzZVDsD12yq
HabDQ4bWv4O1wp9x81GYSP/w5o2sIVyUKLSpX38BdvfVAcVcPft7B4j4hzDHHSai7Zzh1ZMnNCxV
anrp40MQCIiTJg0XoQeXLtGQ5CnkM5uf58SDM2bQEgHiqhrYnObqdc/YsbSqXXsKIwQYWuzcQfGz
+L7PAFr/LegO4Fdt6/m9e9QvbjzZFDTKSw0ZrNvrwBv/dO0mAWiA4DzPh2fN0gD/Vnt2S/Psan89
han9FS1b6YBzpLNAhdoHLsdpKnCONPZ533LXTkqaL58UOBiVOQu9fPBA0jpqggTE88JluS6UV7XK
8YwAbe/xufNIc/a5hYWACuPGauPm9oz0YKA7etKkhLXDc2+rkSQgPyxNWknf+iuWc7S84v1hNNV+
bMECml+rtm4+uNDTW7dodNZslLZMGYIwwOe+f4ym2r/1tW8B58wpQXsNlsA5H9pBK2Tc3nFSM9Ee
WfkwCunw7RotTnQJenP+UEJqc6Xwh3lip5cEbACImIElZgdLXId65fbMDr84zV5dnG4GGqtt8D3n
N2pT4SUwqskoWj9jvQ5M4Pwo7ywt5MFljpZSa3e8MGurCihwP+b0m0NmIDOnO3sF+Ny5aBc5Fyyo
oJbFoSaEHODHnUEmNV09ZDWazVTzqfcnhT/WWX1m6TQX1XSzeUQ609JeuloH7plnzUBBTvOvLmfz
qe2pplSNfeLnq6evUuMMjaVmmQqKczqu9nyD8uGqGU8jzQicoy4VTIT2bapfU0kBCWgmx00aj6IL
DXTWRER+s8C0MKOnml/lCdUkqfehc9QqZ0tTbTq1/Ldw7ywtMBamhwqCBsUY7fGC2jbzIeKSZ0lO
ucrkspnjFdpx4Iuowjd1orSJdGaU1PLu3DP/AhxoPLix3bqZbgBsILjTRlgCefvqrdYk3iPYlyZ3
nCzjsB5SCL/svA/DIgoEUowBgMOwBsPotLAmAVAJ7zSmA0AoV9Yj70nq+4DHx36DjbwC38L1UtaT
vtDZ5LKxHh478wwA0pZi7bhCi5TZbD+o1LqgmQrtdQ6sscigPt7DLAAEWqhakVwG7wQ276/uQTxu
5Ou3or/key6Dj/OP4gcFAHcAubzvutsW1+vKFcA5wvt3b6mH0CB/+ugejVl+liJG1h9EyEz//Xv9
8jl1qZmV7t++Qv08dlCaLPnUZHmPd//wjhUlgF6v/UiqOzKTnzzORDCfIG+x+sUoV9ncOhqC308I
lzbQOjcDS1HOzOWNo/eyq+9inmOed5W3+PuAeZnnGP0yBs7D9RjT+ZnbM4K/DJ5Ci53bRRnOj3tn
eRB5Pzdwu47GzG0wzVQgmtNwbTSwEWFvVIVVEM/8gX0a7oBCCUFVaO7DcozRDYzahpF2qMtR4HaQ
B3vjsC3DKbX4XlBN4OMbp8f8HrrvdmOdqsUVFpQx5sGzKoiTtUg2SiHGt3DoQpkVfG507QAt9nb5
bNr0ZvzDc2GWZmyf+dCZeTOWdfSMPsJ0/sxeMzRLH8b8Zv3jvhvnzIzfOQ6WVQL7d4Kx70Hx/D0A
5wwUQZPMc29bqZloj7YMnCEdh+5xhHYr/DZzgO9oaP1Bc43BBDOwxB7YzfXwldszAwU5zV5dnG4G
GnP96pXzGzX08G5t0nQJTZ9xQAcmcH7U4Swt3gptStaYhFlbVUCB+2IPZOZ0Z68An4sIEB5zwYIK
alkWcoDfc1U7k/OoWoaLFtalalUzc5Ld6569l6l3n406zUU1s9k8Ip1paS9drQP3zLNmoCCn+VeX
s/nU9uDOYOGCOnZ/LyDv6TN3KX2GYX5AcaRxgDBGtuyjpKaoOjcMoJnxNNKMwDnqU8HEShUzUA7h
tuAnYT4daxECI3HjRqZfkpmDPtwfpoUZPTkPripPDPyrFPUQPpQRDh2+QTlyjpZjNuMlmekb+ecs
LTAcpocKggbFMO3xgto28yHismSJT2XLpBO8EEnw7g+SL2IKf+xp08R2yMtqfc7cM/9CYGTwoFJ2
62a6AfCF1jMsgbwS/uI5gHevC5PsHTr6grhZxRh4H4ZFlCGD9cKMKIvf1fUbLJRmz2EmH9ZBmA5G
YQ9uC1ez9ch7kvo+4PHBUkmWzPH97EOXhXWOFCkHSV/ovE8Y6+GxM8+ECxdKrh1XaJEtawLZfbWu
ixd6Su11HhdbNlHfwywABFqcOd2NYkT3/R2OcngnsHl/dQ/icSMPhBzevrUJReFZ/KwWFgX+FYD7
Kilcxvuuu22hTlcDgHME1rR+IQBTmNCGJrB/gYFzVZsXZcBLsypWkj6njSA4NGdPCm1qmP+2Z8rb
WIb7wcClvXTO97lX+AGHdjHMxJsFBmHVNHu0wDfQ0iZN6eD06WTWbx6TFD4QoDYEFFSw3ayM2q5/
92gfZt8BaJv1G+VZq18Fre+ePk0j0meQADeD4sa20M+x2bLLeYQwQ8IcObSxFujalUoLsN0YwBuL
6jeQAhIdhPl/tkbA5tfVPnBZTjP2n2nHNDLjYZ4XLsvPqLv82DEUKU4cqQ3Pbf0YOrTQip8g5172
RdHq5vaMbgtYy/6VEBgxWzvcf6NGP7dpvDLtEQ8hhzRly1LkuHEIlhkAzkOoJXbatHbfEcb6/Hs2
o5t/ZZiOX9vat4Bz/2YucNKDNXBuNI1pRkI+jDJLM8ap/q85jQ+PzA6WOI965fbMDr84zV5dnK4C
H2rdxnvOb9aWWb85v7Ees2emxe2Lt6lBmgby0HLupbnCV+lPfrKzZpVZP/xkdhDBh2/GA2i1iCPN
VT6ghdlRo4l6tQ6+Z81KfsYBLEy1XzpxibyFuXEEe2NiWtpL5zr5ygfAZkAvwKs6yevYbctYhzNt
OmqP6+Mra/o6AtkxN00yNpEHr6q2lhmfcb1IMwPOoRnYvVQPTaON86tXmJrOJUzn2wuujI/5Ewff
6DssJvSp2EdaUXB2rdnrx9cQ7woteI0wCAp+D4pgjxfUtvFRDDcXMPdrL9TtXZfq9HZ8YGWvrFk8
868RHDDmBd3YX60xzeyZBX+4fkcmio3l3V2PZnsSt8/vHCOvMHCu7kvGeow8A+DcHVpgnMa6VP4z
9g1mvth0uuoP20gv4xiRzn6HjXnNnv8Y/gdV7VjV7bbM6vQvzh3g/Pa1c9SuUlqKEi2WXZAda2hk
l6p0cPsKatVvFlXoZTtY8a8/xnSeC2O82bM94Bx52YoA8sB6DN7LqmAi1+fOu9g472a8ZeRlbk+9
ch5eI2qaem9sj9PM2kWaOzzIdX7OlfvpzHeC2ve+y/oJADyU8Gk/VppVRx+W3F4iBNmi++kO84f6
De65ep8w7T6YFlxbIL+juBB/1wFU9e+9zmX4CpcqTTM3lQIuRv/izgq/zR80n2b8aTNpymud61ev
qhWKvsJKT17h5gcBQoNdi3eVNIGrn6bDmqrFNAEJI//gUIW1sI1pugr+e2A+dGbezMqbxWE/YKsj
SIfwwe9VfheHFj+Q5xpPSVfEm/WP+ciYpvIMC4qw0BPqD+zfCehvUIfvCTiHL2lopjrS/mAQwJl5
UP1fc34+gFcP5TnN7Mrt8WG8mofT7NXF6SrwoZY33nN+s7bM+s35jfWYPTMtAMqlTjNEmru9fEm4
wTH4nkVZ1u4z64dZ3fbi2Kzxw4fCVY53d50Pbi7jSHOVQZnHj9/4MVHP5dUra1ZyHEDmaNHCk9eJ
28I8+nUZbW9MTEt76VwnXx2Bm5evPKRfkg801cDm8rhyHc60yXn9A5ZRL2v6OgLZMTcZMg6TwDk0
lTOkt2nFmfEZ6kRAmhlwDpPNJUtNdejLGqamy5ROa6vI5L8r42P+BPiGvsNiQgVhOhxWFJxdayZd
+GqiXKEFrxEGQaP+5OseMTAHZI8X1DbxDQArD/0HbFajdfd9ehcjaELjN1dABOZf/3y7g25Zs43U
TK771zYLl3D9s2fVpLp1svtXTKa7ux7N9iRun985Rl5h4FzdJ4z1GHkGwLk7tMDgjHWp/GfsG+aY
TaenEQITJ726iN9kfufdOEa007LVMmGhxL6vYuThMGJ4WerYoYDbbXE9rlwDAjhnUFJtl0FGBjWR
Js+rqlSlU8ttWrfQgAaYCEDw9OrVUisb+dQyeOZgVienBdR1/99/07JmzbXq0L9w0aIRTHVfP3BA
xpuNl4FEszRH/VY1oJtt20rJCxYUZuttGuLOAq1aZ01uGNSFWXajVjtn5z6ooDVrPTvqA+oekSGj
BM6hqRwvQwZNC7zG7FmUra5fq3vcpvHK4LLaB87z8PJlGvxLcj/Av5GuZgCwcV74met2dE2SN6/0
Z88a4cb2uKxZu5yGq6Oxqfn4HutkkzDxv6V/f47ycy3apw8V6d0rQN4//vXfT+MigunoLL8H1dq3
gHOz2Qr8uGANnKuH/fZIyQfvOLjtJzTPQph8IHDZGPGiU6wEsfhRXvnwiDX2dIkmD44Ov5aNXiY1
Eo0HUVyNo7KcR706ys/9VttyhxZ8mIgDMZgfjhYnmtoFec9Az+ce+OGgsVe5XtIHJZsWVhsD4No6
V2uyB6ybHeip5dV75GXwB1pV0JrCGDmwf097Y2LaOwu88kGzGTh9Wvg/bys06e21xX3iOvzLh/yc
16w9ro+vqqlZo8ldzqPSS+UpMz5DGT40PrP/jE4LD2kwgf1K+Ia9e+We8B17kV49fYVo4ev9ES0b
s0zeOwJjkIHH58wegL6zj1XQLkPeDNQkUxOdz2bZqJ1/MOGM/gLkixw9sp1cXy7aVVpAW/hrBM5B
QdAZPpS9D3nTk3tPJFER94/HPw4P+d2lvj3+Ndangj+wXJCjRA56L0wam4XQwt9v4nSJpTlcBs+c
WbNcl7vrkfcktS3j+Iy84g5wDssQLf+zQuIKLTA+R3u0sW/4gc9CL/C9PnrHKD+ar/iAZdcP6r7E
dIdZffTxndgDzALAgfjJf5Zr2922zOr1L84d4Pzl8yfUrfavUuN87ApvipfIpsVvbGvakFa0aelk
atRlPNUc4mtKzZjP0TMDYcgDEBFWFrCnm4WIwmpAglQJ/AAtqKP97+21dYuyZpYd1HeLK+9iI2+b
8ZbZmjCOgfOo/GPMg2dje5zHrF2kucODXOfnXLmf6j5grz6173P+swABoLht3rbSyhDer/3E/NvT
OFffv9Bsfnr/KcVMEFPHC1ijDN468z2i9pX7B434kWL9Z8qfUUu+dPwS/ZFVmB0W3/YM4GqJ4gbt
zuo9i+YJTXgEI/AuI5V//B0WP0V8ad1CHTPvyZIeBqtUPM9GerPrgLtX7kprIskyJlNa83vLfGis
x29O52N4T0WJfuL3z2+lc2pzaW/v5NqZj4zrgudE/YYIyt8J3L+gvH5PwLl62G+PxnzwDtBs5YpG
4uBdqJvZCfHiRfZj0pUP5Vljz05RLdoIOmgJ4mb0mJ1SI5FBDDUN947KGvP6l5/7rbblDi3YpC20
+2F+OE5sv78rGOhxBtA1GwfH4b1dVvjSXbfurGZamNNwBeD6W64xZA9YdwTKqPXgXgXCBg0sRa1a
5dX5gp83/yjVqTvPLpjNc+Us8MqgkBk4vW//NekuwD/6cR3+5cP4OK9Ze0hXA/uWNvr7VfOo9FJ5
yozPUA5zCRP/+/df8yMEARPYz56/lSC8l9ctevrUZhHrzp1nYo3sks1ivdoTnkAGHp8zewD6ni//
eOmOAbSDUEjGTMN1Pptlo3b+wYTzs2dvKGrU8BQ9ml7j1U6RII12lRbQtP8agXMQDXxxX7gOOHTo
pujjc0lH0H6qx36pHYwIlf9khs/4Z49/jVWyUA98lcNyQYkSqcTvanP3UtA+Tyf8s4cSLmYYwHVm
zXKb7q5H3pPUtozjM/KKO8A5fNazFRJXaIHxOdqjjX3D72oWeoHv9Z3bW+rMtKM+fBuy6weVL5ju
MKuPPr59a34Ggt/VyZPHkEJa7raFfrgaghI4ZwARfawvNHnTlC4tNazxDPqxZrR/wHn7o0d05sZR
PiACAESYwQbIXGLQQMojTHWzRjTqPzpvHi2oU9cPgIs0V4FElOHwT7futGPoUGmau+r0aTQ+5282
MFpoZMfL6Pv7jfO7csWYJubLL02PMzBvLH9f+BEfljqNzjS4an68szC3D9/1xqDSi+dsuTDDvk+Y
YzcDVI3l1WfmDTOgHv7PYT7dWKcRyDYDgI3z4rV0Kc2tWk1q0jcQPPiDsNJoL0SOJ6x2CnPvHIzt
cbxZu5yGq6OxqfnU+zfCd/qL+/fp5qFDBCsQCG+ePacDU6f6K2Ci1uPMvX/9N6vDSFc1jxmdmAbI
F5hr3wLO1ZkIuvtgDZw7cwjntesEdSzQQR6uQdvUDPjFdMD3Hz4oQocNrZsdPhQbvnUEZSno10QZ
DgvZnzoK2jv8wg+eToU7S5PgxoMobtBeWU43Xh3lNzv0cocWOCRjgJl956r9YDAb2kQBceAHjdM5
/efI+Rq9YzQlTJ1QNgc6T+8+XQKr9g5KzQ701L6q9+qB4soHK3WAKD56WCPZ3piY9gBlavWopVYt
78FPYcOH1eK5PfWgmRMXDVtE0KS31xbn4zr8y4f8nFdaDvjPdzHXg6vq7/32pdtUN4VNms6eRhiD
Sig7+9xswuEyAvOZ0TwnhBsapmso8xgPtVFm0+xN0k+9UZuND2DtzbGsUPzj8TmzB6DMgfUHqWfp
HlxcXjt6dKSSjUrq4owP0KKDb14O/vnn5XxBeXWFFgwAY37M9kMINZCwuKmCBgExFsy5mfUBtW7m
MbO9FmubhR/s7Z9qXc7eM//6V6e6f5vtg2p7APojRLEdBKl+oKHVrgrnoAz2GvgTviPWIEBFvH/c
XY+8J6n7g3F8Rl5h4FxdR8Z6jPsqxsbvMldogfEa6zLTOFf7wv1FWTO+YLP2SFfnkPdUAOf9V/a3
y894f2GfBr+72xbadjUwcP72jbC+UTcnvXj6kODj/KcYcXRVwWcTeAQmz2DWvWvt7HTrylkqX7cz
1Wo7RJcXDz53rlHLMjaAruOwpVSyk19BNz+FTCIAikG4CKbszejORfAe+fj+o+bXm+NVHm4zoQ2l
zJ5KCFu0kMnQ2m08xNctgkp3V97FRt424y0jL3P/1CvnUflHTed7Y3scb9Yu0tzhQa7zc67cT3Uf
sFefvb6fEq4j2gnwHKHH/J5UqEZBXRU8Z+pa1WUwPLDQJqKHbBxK2Yv6+vzjrM8fiYPdjYekYFus
hDYBVnbPc/7weeo2pxsVqV2EswuhOwGcC5/2Zt8KWDMsUIMC3WaLsnVsZcGzzx48o+hCUFbVqmUN
dleBcxYcNe41DMTHTRpXutyApQ5HgfnQmXlzVI+axnXKMRmsPeAbAEJ0APbNeJ/5yJhmxjOIC8rf
CeoYg+L+ewLOnQEFd+2+RL8XmChNMkPb1Az4xby8fvNe/K7+gcIKSxZq4AP4bVubU8ECfgXA3ol3
CvtTRzkz8ALx+C4rVGSyNAmuHvAjjYO9spxuvDrKbwRMUNYdWqiAKfvOVfvBYDYAJRWwUfO4cg+N
U5h+B3C6c0crSp0qtiwOOnfv/o8EVu2Bqo5AGWMfGKRB/MMHf+kAUezJrJFsb0xMe9X8t9oG+En1
wc7tmQG9w4Zvlz7E7bXF9XId/uVDfs4LkJh9F3M9uKr+3i9dfkDJUwySyfY0vRlUQib4l0+R3Pbe
Yz4zmvF/+OgVpU1n++4zAuAoA3PtqCdunCiyXf7Hghr25pjz8fic2QNQZv2Gs1SqtAcXl9dpHtWk
P2VdpOFh9ZrTVL7CdC3W6JdZS/iCN67QggFgCJ+Y7YcQagD/q36kA2JomHMz6wNq3cxjZnutKvxg
b/9U63L2nvnXvzrV/dtsH1TbA/gfJbLtTA0WMoYO2y5NzbMpdjUvaL1o8XG6dOkhde5cQL5/3F2P
vCep+4NxfEZeYeBcXUfGeoz7KsbG7zJXaIFxG+sy0zhX+8L9RVkzvmCz9khX55D3VADnq4Spdnv8
jPdXeKFBj3R320LbrgYGzlkzGeamoT0cWZiwVoP6u5rjXQXPOH/MFCmoy9kzOt/O8Is+LkdOCRgz
CMvt8JVBWXsAMMzAhwzj+DcD12V2VcG9fg8fUMTovpbDsD5mVqgozc8bAVzUxWMzSzMDEtX2WeNb
jctcvTrVnD8vQDSKlzRuIk3Fq+bguS2MiwUWVNBa9b/ecM1q6VOby/CV/Yfjuev5cxRLzCsLAcCk
uGqKncugveOLFtFD4d+9QOfOFCqsbX9i2ptpnO8YNkz6UzfS1khXMwDYOC+Xd+2iSb8XkMC5GZ9z
P9+/fi0tIXD/EG9sj/OatctpuPLYoMHefPs2eTalpn98/55CChPxHJiuZnyOtlgQwt464XqcvQan
tW8B587OesDmC1bAOUCdTx8+iQOzy0LzuJX0Sf7nwj/lBynIBhOgRuCbgSIAuzjAGvTPIEqYygbG
4gDtysmrtGTEYtq5ZCexeXLVlCgDH/mr5KfOMzpTuAjh6InPEzq29TjN7D1DHsBN9ZpKcZPElTPH
B4Q4zBuxZYT0v47D+UVDF9GCwQtkntG7xojDwfTyHv/QD4D2qyauokntJ0nNmAqtK4iDcpuWXMhQ
ISmU0GI0hjWT19DYlmNl/krtKmmHgPAVPr71eIL5U7Utd2kBrZ25f9nMJ0MjrEyzMhIAunXhFv1V
8y/p6xZ9azaiGVVuX1nrh7G/zjzDNGfVn6tqWUs0KEFxksSRvlRxiI9gdlCKscHncOU4lWX65MOT
JRiOFxsC5k0N0CJulL6RBAZ6LepNeSsKs5xCaeLW+Vu0WPDDplmbZHZ7Y2IgFn1hv5eY5/OHL9Aq
4ffVc7WnziypqsH315qBUvMH87R7+R76q8YAu21hXAjgSdAbYAY0p1T+gOCGEehkABplGfgAP908
d5PWTV1HqyevJjY7ChoNrT+UtszdguxSMyl3uVzaPO5bu19YAvhTpsE0a/d53bUPIBYswaFxp+md
KGqsqORz04fGNBtDBzcclHMBaw3QWOTAZVLnTE29Fvai2IlshzhIP77DizoV6mg6xxKkET6NQYvL
QgMNPsohiODfHoB61QN4PKM/zpjz58NjlEEwE3ywpQTtf5UWl06I/fC3VgSt3KEbbYcqZjyBHqp0
AB9VbFtR7p8+131o19Jd5NHdQwpFAFQ37qWujJD7hzLgzUntJtGelXvI0brkQ36Ay4M3DKF0uXxN
CoKnOggBKHuH/K70DXlZUKq7EKbw2n5c7pOpc6SS9EE6wFQVVEEc9w/3AAOLNyhODIZgP9m7ci+N
bjYayTTx4CRKlT0lqesQ/N5jbg+KlyyezIP1jP0e6wRjnn91PkWOFlnOhzvrcfnY5dr7g98HzL/8
HmDAC3zce0lv27tU8A4/g294nNj7qnSoogO7/z76N8X4OYaWBwNxlhbICzq1Eu29efmGjPvCxWMX
Jfii9gV7FvsQRvlei3vbXDiIvfq05xnqXLgTomXgMeKBx4n7kg1LUqPBjTQ3I9hTT+4+RX93niK1
ahmocrcttOFqYOD848cP9GfDvHT5zGGCT/KSNdtAmoIe3L1O+7cuo/njxSGo0CwHqB46TFjavnom
Te7fWDZXq9UgKlmjjVintnfb9YsnhX/zSlIjPXrs+DRikRclzH/C1a5p+Zl3wJt9lvWlrIWzaGsC
6xDCT3CrYHwfg6/b5msr360VWlWgVuNayTrPHvSW+xQeyrcsL01eY/248y7Gu7Nz0S5SEJHnXQX0
WCjIyMtoG9+RyIsAft++aLswMT7Ezx6gfjOgvb9q/CXe17t131SoA/3H3gQgUuVpd3gQ9X1u4Hlj
vrZXH+jw/OFzapzRxk/Ym1WLS/zti/kdu2essMxgE5YDLc4fueDnG9zs+5vb5rlhX+qdpnWiggKM
x/xDw/3QxsM0qNZAmb3hACGM2NNXGJGBafSDhSmxf/ev0l/unWbCgfxtjAqxn7Sf0p7evX4nTdHv
EIJKf3f52w9YrO7Vf4rvkgLVfpf9UU21g2/Bz+q74eHth1QtQTWZt+eCP6lg9QKEb0HsWxhvnV51
qH6/+jLd0T/mVf/mzVEdxjQWgADtBq4dJN9J2Oe8D56jsS3GyP0PZXgNcXl3+D0ofydwP4PqGpyB
c4A68Gnq5XVHah4DhIQv6/9+OkltciPwzUARgF1o1K77pwmlSmn7jgd4CD+twwVwuWSpl9RE3bGt
pagnhDZdDHxUqZyRZs6sSRHChyafBy9p69YL1Kv3enog7gFAJUlsO+xVtbq3bmkh/a/jcH7o0G00
aPBWWe/uXa0obx6b0Bgi0I8QQvNt4iRPatd+JY0aWY5aCw3od/9pNIYKJQTlxW9rY5g8xZNatFwm
87drm19b6/AV3rrNCpry9z5S23KXFr37rKcBf9l+c0E7u1mzXFI7+8LFB1Sj5hxJQ/Rt5Ihy1L6d
bz+M/XXm+e69ZxTv575a1oYNclCSJNGFH/rdmsapGaiKscHncOw4vSTofuRwB4ou/OEyb2De1AAt
4nTph8o6Fy+qRxUrpJf0O3/BR/DDDgnsIr+9MTEQi74ANMb8Y54PC9/Z4yfskWbAVRCa/feizrVr
GlPpUmkJ87R8xUmqXmMOok3bwrgQYCnhwoUHUlPayB9hhIarERhiABplGXCC8MG5cz40deo+aca4
c6cCNGxoWfkdX6/+Apo77wiyS5/A5cqm0/hp7T9nqGy5aTIN7hHmz6ut/a5mwRIAVDOm16BYMSPS
zVtP6I9mS2nDBm85F7DWEP9nX9d5XCZnzkRy/SZK6Cs0uWPnRSpYaJIsZwTcsU7gmxi0wLqF5rQz
ewA6jn0jd56xUuscz/BTffZMN52VAcQbAwOPHG8m+MBpQXlVaXHixB3K+dsYglbupo3NZDfMeAIJ
Kh3AR23b5JNr5PqNx7R06QnqJoRTUqSIKfc0417qyvi4fygTMmQIatduJa1YeZIcrUsGbGHdYuOG
ZpTrt8Rak+ApCEBdET65VYBUy+DiDQtKQZhi+/aLcp/MkSOR5C9UBTBV/XZCHPcP9xMnVKIGYm8K
F9Z23on9ZKUYH/ge4dDB9pQ9W0JS1yH4fd7c2pQsaQyZ58JFH7Hfr5LrBGO+drU3RRNWDXDO5c56
HDtut/b+4PcB8y+/BxgcBh8vXVJfvEtvS97hZwiB8Tix93Vo/7sO7D52tBP9HC+KlgcDcZYWyAs6
gVdfvnxHxn3h2PFb0gS82hfsWXnzjdPW7ZLF9eSax9x4el6hQoUno1oZeIx44HHivlHDnDR4cCnN
zQj21N27L1Onzqul6X0WNHC3LbThamDg/NOHD1Kr9+bhw1R21EjK21YIAYv5f3z9Op0UWrrrhFY0
AG+AjQwmHpk7lxbWrUdlR46g/B06aE1/+viRVrZuQ/unTNGZB7/q6UkT8uSVoGWjf9ZSwuzZCWD3
jYMHaVnzFlLTG5XYMynOoGzGKlWo+swZFDpCBHrh40MXt26ljb1608sHD2T/oidJovXFlZsXovyI
dOmlRm+dxYsofcWKcu35nD9PO4ePkH7CUR/Gm699e9263Dd5Mi1v0VLSLl+7dlqaPVoY+wXT3Jv7
9dOijX60tQQ3bs6uX0/TS5WWJUG7ksL3eNSECeU4tw8dRnvHjZNpAK3rLV0ihQ+w9hfWq09HxRwj
QEs4Xbly2rjOrF1LM8qWk2kqyK8KASTKmZNqzptLMZLZvjF9Llyg1e3a07kNGwhm+nteu0oRhBl8
BNZ6x33DtWsorbBGANqdFGb951WvgWgd3ZH2d5Gi0hc584sKYDMozsA58yiDxLAqAHC/0bp/KHaq
VLJ+ANh3T56Uc+21ZAmpptrR3lzRD7gZ4PZkIfEPfDNZgPEQOoE1hJ/i2373c7pKEwbDwfc+QtN/
/1QPqaH/uxAiKDNsqCzCfQaNmm7cQIlz5eKq6MnNm7KtR1eu2HVpoGV28iY4rf2BidY4OepvNFuI
dl9lx4MNcK4CPo4obearljVJuFzSDEklWLdfAIJqMDvgunrqqnawiLw4gGIAl5/RJmvOPrj1gKon
rK5Wa3qPwzxowsE8tX/5AfJ5nPDQ/EbiEJK1L7ly1mqBmeNaSX0PHZGugp3u0EI13cnt2buCPkYN
Y3t57cXf8L5BPcr0kCCZWR5jG6ylbpaX44wm1fEiZfOhnMfR1ah1g4NRaDsBQECAD14IZ6iBAWvE
Ocu/6tj4IFWt0+zeDATG+HDQD4EQBIAfr1+8lvf8T9WWZ0CLx4P8PwsTxuBn5ne0M+nQJJ3VhoMb
DlGPUt25SrtX9TCYgXPOnL1YdkqeOTld974uBQ4QbzygBs+zRhOXM7uq9DOmH916jLoU7SyjnfU5
bewrr1sIunypYAQhzPqB/aBGtxpUqnEpP8kbZ22k4Q2H+4nnCDMggtOcuTo7V6hLnQcjv2Ofhkn0
F49fSFPtyM/7HAPWiHM1qHxgr6y6Z3IeSMcPazBMEzBBPASqAOp7H/DmbHKt4Z2AviLsXLKLBlTv
r0s3rkUIJFXvWl07OHN1PTJYxo1gHcD08qxes2jF+BUyusvMLpRZWE2pkcj24Q7NcWjHq2HayWl0
9+o9TVCmUM1CUiAGptkZ9MJemDzLLy7TgoWN1PZYm5VBOjUN4Cd4gE0yq2nGe95/1XlTwTPkxz6D
dQtBBTWwIBPi3G1Lrc+ZewbOkXfn2tk0sW9Du8VSZ85LfaZslZK9+MEzqV8j2r3eZn4ahZKkyiLL
Xj13TKtj4CxPSpE+J0XLvFOLc/XGjAd/LfEree300t4JqBMCO8M3D5N+k1UhB6ThPTLl6BS5Ftjf
M+IReK+G73NX3sVj94wTAoNjNH5EXbnL5ZYCVNCgZT7Fd8hNIQjXq/yfyKIJPUGIZ6UQbvMvQGiv
g0cH8rnh4+ebCsIYHad11FwJqHWpe5o7PKjW5c497wXqO9dYj713iPp+M37jIK3tpLZUPYH59y3P
p2pFQm337tW7UmiGvyfUNL5HHSyIyHHoq/F7l9NwNYK+RuFLNa96b7SSg2+miW0n6ngD+w+sL3Cf
VWs7al3shglxKMM8iPGwEIea3+ye33+O5s2snKM4fLvXT11f67+jvDx/eCcYf0M4w+9B/TvB0VgC
Oi24Aucq4OOIZma+ag8JMBMgG4cMGeJSokTRaO3aMxwlr/Cd269vCV3cqdN3pW9njgRQ6uPzkh8l
wOd1vJOmOXvr9lNKkND3IFbLaLhhAO7O3ef+5gfId/JEZ83nt6p9ydWyme37919QkqQ2AWdOU8FO
d2jx5OlrypN3nFP+fc1Abe6Hs1fvc/epdBkPCZKZlTG2wVrqZnk5zmhSHXtolaqzJHDNeRxdjWAd
QPLMWUZofYQPXghnqIEBa8Q5y7/q2BjAUus0uzcDgTE+APIQCEEAMPfixTtdcVVbngEtAJOcP3ny
mHTr1lON39HO4UPtdVYbNmz0lv7KdRWbPDA4hSQGzjlbsWKpKEvmn+ms930pcID4Vi3z0LixNgAF
z+B5Z/wqq/RDOTVs3XaeihSdIqOc9Tlt7Cuv2y/5u5q1diE8YC9gP+jerRA1bvSbnyzQ9m/QcKGf
eI6wZ6WA0/27OjtXqEedByO/Y58uWSINPX78WppqR37e5xiwRpyrQeUDe2XVPZPz4Hd1/QYLNQET
xEOg6qZYIwcO+J6pYa3hnZA0iQ0gxxqsVn02V2O6FiGQ1LVLQe13tavrkQFybgTr4OKFntSr13oa
N36PjJ41swYVLJicEiay/caPEiWscEHwlovI66mTXejq1ceaoEzNGlloxowa0jQ78xv2QqxXV2nB
wkZqgwvm16Ea1bMIgQ2bZr6aBoG0DOnj0XHhziFL1pFqkp973n/VeWPBMs6MfQZWZSDQowYWZEKc
u22p9Tlzz8A58h6eNYsWNbD/u5o1Zv8Vv6nHCu1wgIwcAKrDpPez27dpYJKkHC2vuYXJ8wrjxtLr
p09pWKrUmqlpXSbDQ8RYsajLOW+KEDWqlnL31CnpU5sjkOeljw8/SkAeWs5R4trOkbQEJ2/wrpqt
+GD3rxg0fuOkS6dpAHN+ALKgBUxtG2mhgsycH9dnd+9S/3g/y6hfGzakKh5TtTWo5nPnHuNirXJn
yjNoD0CYzcajHIDcmMmT09NbtzS6RxEgMeigWigA6Dy3mu9vXpR79+KFrmmYwi/Ytas2RhW81WU0
PGDOMccexUvo+C+tAPXrLFqo48uugn8g9DCzXHlZC2uz3zpyRObjquMK3+xREyWis0IYQA1Fevem
4v36kgp8c3qORo2o6jQPYu1wjsfV6N8d9Af4D7ogmNJj4F9UuEcPmc7AuXwQ/9C/1CVL0uvHj6Wp
dsQzj5mZ0OdyrlyDy9rvF9tGY1fG/k3ltYDzwJ0uaED0rtBb+r82AwG5dfhoTpw2MT9qVxzaze0/
V2pJaZH/3dToWoMKCC0Rez4ID6w7KMw+DtMdPiXPklz6xcaBrfGgEFoefSv10eUHcPuvkOwf03yM
bBUHUe2n2vx/sklUPvw39g8AjGrmFxojMJV7RrTDAdqMo3eOpsd3H1PNJDU5Wl7r9alHdfvYTHEj
wh1aAOiZ+edMDYThBmDuGhqlAJQQjH3lfK5eMd/wK/nuzTv637//E5rMP0lNWByg3r9+XwfOLx21
lKZ0sv1ws9cOawKp6Tjom9xxsqZdjjTwVovRLYRmTirqVKSTNodmfAWAf0TTkbp5QHmYbs9fNb9m
hYDbBAg9vNEIOrrFJoGO+IqtK1JWYba0pxAUQFDpZwY0yUyGfyiDw9lwEcPpUszGhwxos7AwW5oy
WwpdfmhxrZ64mqZ2naqLx0OTwU2ofOvyOvPznAmahzz/iMMBbKdpnWn/mn20bto6mU01s8ogmXrA
zHXhirYqtKmgafMizr/Dc+RBUOlni/H9z64KHOXxzW27Y40tPGFuhwqAKE2O1MZsQfrsLC1UQFDt
ID58lo5cKrXu1Ph8lfJR8YYlpGYprFy4G5ztH+pXTd8zv4POocOF1tYe9wNCAPX61pMmdjnOnSvz
AcpiH4emszFAcKPl2JbahzCng3Y7Fu+kgcLShjFkLZKNitUvRjlL5aAIwu+zGgCkTGg3UWrIqvEA
3qt1ru5nLSKPK+uR1xTXDR4HCL5kxBKCYBECtCjzV8knwSuYPo4aO6r0J89lcAUw5HPzAXUWex8C
9ooWY1rQtO7TpOlpxDGg7SotzAQWmEdn9RFWTQbYpIHRhgTQ9k2Q6xnPMP09sukoHf2Qp9vs7nI/
xTsAwThvp/aeFlYARvkRakLZmt1rCksjeXVatqjD3bZQ1tmgAueg49q5o2ju2C664jkKVqRC5RtR
+hyFhHaJTQODMxzcvpI8BregZ499ONUUpB8AABiASURBVEpeC1VoTFX/6EPRYsaTz58DnKMCvPeX
j1lOmB9jgJAC9ovMBTPJdQLhsA4FO+reh3Ie90+gOInjCA3XsdIKDtej7sNm7yp772JodY9uPlpY
dznPVUkBodYTWlPHQp1k+ygLDeow4cNogokMhM/pN0fHa1olhhu4TmgypAlBoxhCWwyeIhvSmg5t
auoChHmaq3OHB7msO1engHOTb0i0ZVw/bAUCafhmbTy0MbXP397PekK6Op94NgvgpwWDFtDCoX4P
mPHdVbppad17n+sAiA8rNrAOoAZoUWO/VYMz7x/wpSrwyuXx3Ql+h0a6GiA0+Neav+iXTL+o0do9
1jDGNaPXDC0Obaia+lqCnZvAAM7RFL5T+1bpq5sz9A2WljAfbE2I5w/Aubv8HtS/E+yQMsCjgytw
Du3c8hVnSP/XZiAgE/L0qa6UNk0cftSuV689on79NtPsOYe0OL7p1rUQVReH9xkz2N5FHM/XdevP
Cj+qCzUAEfFZssSXWuHlyqXTAG3O77nvKlWsNEOXH8Dtp0//o2bNbe9/aMFN/buK1F6Hv2WA8Xz4
z/XwFWCRauYXmnGFCk8SGndXOQtBm3HXzlZ0VwDxiZPogfO+fYpTn97FtLzu0OKF0BD88891GgjD
lcHcNTRKAaIgGPvK+Vy9Yr4PH7lJb4TJ83/F7+pYsSJJTVj4qr5+/YnO//Wo0TupY6fVDptYuKAu
AVRRAwQCOnRYrWmXIw28NWZ0ecqePREVLjJJm0MzvgLA36TpYt08oHzPHkWoatVMxFYIuE0IVcAf
75Ytvt8DbVrnpaJFU0lBAeRT6WcGNHFd6hVlADJFjBBGjSaz8SED2qxTJztly+rrRxTx0MKdOHEv
demqP8hG2pDBpam1KKean0c8AtYUzz+eAdpNn1ad1qw5Qx7T9iOK5s6pTbVrZZX3DJIBGGUwTib8
9w9ttRGa0Co4aiYsopbhe5V+HMdXdlXgKA/n5SvWMoRGEDC3WzY3pxy/JuLkL3J1lhYqIKh2FN8A
I0ftpM5d1qjRVKliBmrUKCcVLpxC+ufWJbrw4Gz/UKVq+p75HXQOJzS+VQEl5G3S+Dfq27cYxYsb
BY9uB+YDVIB9/NixW37qguDG2DEVTH9XL17iJS1tGAsVKZKSGtT/lWB9IXKksLrkk6fuUFuhdb9z
5yVdPID3Ll0K+VmLyOTKeuQ1xZWDxwGCjxixk/r03SCjYZ0F7eXMNUZqcMeOHUn4k9cDa3CfcPPm
U7H3TZZlsFeMGV2Buvf4R5qcRyQD2uAjV2hhJrDAPIo+9h+wWbaJf9hD9u9rqwkfwHx9k6ZLdPRD
njmza8n9FPyMYJy3vUIr/Y9mS/wINaFsj+5FqGLF9JQgvi9IjDrcbQtlnQ0qcA467ho5ktZ21v+u
Tl+pEuVo1JBSFC5MP4YKRaq5aG4ndalS1GDVSnomQFUjWFy0b18q1qe3zHrf25tmV66iaZcjEmBo
XaHh/VaAq6zFbM/U99l16yQIrALm8bNkoTytW1EaAZ6qQDv3zZXrqydPaG2Hjpp2OcoC6Cw3RrhB
FRryUwoX0UBjgOMxfvmFJhcqTNeENj0HaFq32LWTngswfGDiJBwtryot1ITn9+5Rv7i27z7UGydt
WjX5s+8xtwenTaOlTf/Q1ZWnTRuhSV6WpogxIGCsbQ7spzhp0shnmCz3nDiR/unSVT6r/0oJzfU8
rVtT6PDh1Wh5f0cIVaxq205qhKuJ0Hgv0KUzJciWTY2W9wDkAfBf2GKzKoRI9C9l0SI0vXQZmQd8
0Vr0Dxr0sI7AIWcTcQY+YTxNLlhIzgXG0e7IYdm3AQkSymyqQMKjq1dpS7/+dHi2ryAR11WwWzfK
XL2a5l8e/RqdNZs278hXoEsXKj10CKna/FyeNeb5GVczvkI8xpetTm0dPbhOjAHAuMrrKIOxFu3b
h6IIH+wBFYLL2rdMtQcUR7hWT7DROHdt2PZz44D2vfghEwqmgIQVb2jdGc1c2yuNsliQMJtuBCmN
ZaQZTOGzEQFtwCTo1xbcoYWkgfjBjfEBHPocc86u0gNtQ3sG4XO12mUl//2DZt0HIXkNsDBy9MhO
8wPXgUNdHLjCVCnm2r/w/PFzmR/moP3jI//qciYdABwOkyHNjfb843cIZsCEKwfQxL95RhtvXrwR
H6I/SkESozkurgtXmPF++eSlBO7AR29f2voHGkaOIdoKhLWCutsLc7oQNlH9nar9snfPfQwbweYL
2V6+by0e8wD3BtjTwIv+zXFQjA8WOKLFjSZNKGFdYa/G3GFdBcVacXaM4Imn959KYA4mgMNHDu9U
/7DXYB2ivLPr35316Ow4AiKfu7Rwp21ok8LaAHj3p5g/aaa2/KsL7lVAd2g3YH9xZp92ty3/+oJ0
FTjn/B8/vCf4PIdJudBhhfCIMM3uKMBP27MnPkIg75MYl1gjkX6i8BH1h1+fC5xz+9jfsWdjDeJd
Ir9pwgb8N83nvou5v1/j1R0edGcczgDn7tQbkGWwt8PPON49WM8Q4vHvuwTtQ+gT3wvIGztxbFOQ
PSD6iW9NvIsgtBkuUjhpocrRNw23CeFIvK/wXgUQ7YpllMACzrlvcjxybwktv3M5PjCuX/J3QmCM
J7gC5wFFK4CJb958oLDidzXWNPy1Gs1c22sLZUURCh36Rz8gpbEMzMo/EpqSCNDsU/2gG/N+qWd3
aIEyALIhBBA5chg/PuEDcyxoO1XqwbIJoxnvz2kX2p3v3n2kUOI3YfRo4Z3mB24T2ucfP8KEeAjN
tzGnmV0fP3kt84cPH8pfPjIr72ocALi3b4U7AKFtGTFCaH/HB8EM+MDmED16eH/nGW1Aox00jPpT
OIffuzDj/eTJG4othCGwTl4KE/tv336QNIkRI0KgrBUIYvxecKIUcgDYVqe2XwCBx2u8ch8jiPly
dq8w1vE1PmMe4N4Aexp48XNMswfU+O7cfSasd0SW/IN1hb0aawt7qFEwJKDadKce8MR9nxeCbqHp
tTD9HVm8R5zpH/YarEPsn86uf3fWoztjcreMu7Rwpz248ggnlBXeCzcmMcVe4cy3LtqBexXQHe+u
MGFCOrVPu9uWM+NSgXPOD5PV717997tagKJsmp3TA+L67M4d+d0TUvi4Vn2JO1s3gEhsGPANHSZi
RGeLOZ0P2tafhDntEEJQIILwdf5jyJBOl3Un4+b+/WlTn75CQKGR1DZ3lp9cbQtA+Buh+Q+6hxDn
7+Gi6M8/7NUH0+LwQ88BNHGGL0DHH8Q50v/EmQsAdmfm6pXQrIZVA2fzc5/cuYKPPr55I+mB73DQ
IzDnGvSH4AloAlrYawvrI7KwnAA+ePv8uTjXfSNpgv45Q0N3aIEy3/rat4Bzd2f+88pZwPnn0c8q
/QUpAMCIQVQctM7uM5vgxxcHktAAd+VQ8gsOw2r6K6AAa7uCdyB08Tka1V/BcKwuWBSwKPANU8AM
OA+M4QQUcB4YfbPqDBwKMHBudE8TOK1ZtQYUBQIbOA+ofn6P9VjA+fc468FzzACMWOAAIFqfPhtp
zNhdAWKuOXhSzBqVPQqwtis0cSF0EUoItFnBooBFAYsCX4ICZsD5l+jH99wmm2mHhjHMkMcQWtVW
sChgUcB1CljAues0C4gSFnAeEFS06ghyCmyYsYFGNB5h2q51IGxKFitSoQC0vhYMXkAPbz2UWsHb
Fm7TTO3CdUGVTlUoXAS9aXuluHVrUcCigEWBQKOABZwHGmm/64ohZT6qyShaP2O99LWdMFVC6e6m
5/yeTlnE+K6J9wUGD83s0c1Gy5Z3Ld0lrwHp4/wLDClYNmkB58FyWr+7Qc2YeYAaNV5sOm6jv3LT
TFbkd00BaJgPHrJN+miHVvCChUc1099wXdCpUwGKIOKtYFHAooBFgaCmgAWcBzXFbe3B3/XFrdso
dIQIdEOYHGdT79nr16civXtR9CR6E+9fppdWqxYFvi0KWMD5l5kvCzj/MnS3Wv1MCkCzfFL7Sbpa
4Le0o0cn+l34D7eCRQFHFHjz6g3VTlZbA8vVvOCj+VfnU+RokdVo696igEUBiwJBQgELOA8SMn+X
jayZvIbGthyrjR3+uT1OeEgXKlqkdfNVUODxvcfUJFMT3XdK11ldqWjdol9F/6xO2ChgAecWJwQH
Cowdt5vatV+pGwp8H0/zqE5Vq2TSxVsPFgWMFHglzGcnTTZAA8vVdPDRtau9KVpUvz5i1XzWvUUB
iwIWBQKDAhZwHhhUdVwnhLWnlylL3sJfu1lo7bmXEufKZZZkxVkUsCjggAIWcO6AOIGYZAHngUhc
q+rApQB8MsJEOwLAzujxojvteydwe2bV/i1QwOemD7169kr6Q1X7C/+o8ZLFs3hJJYp1b1HAokCQ
UcACzoOM1FZDFgUsClgU+CwKWMD5Z5HPKvwVUQD+jp8/fyt7FClSWIoX1+b7+CvqotWVr5gCN289
oWfP3gq/5CF0vcRzsqQxrN/VOqpYDxYFLAoEFQUs4DyoKK1vB76/X96/TyEMvtPhCzx6smRO+Q/X
12g9WRSwKGAB51+GByzg/MvQ3WrVooBFAYsCFgUsClgUsCjghwIWcO6HJFaERQGLAhYFvkoKWMD5
VzktVqcsClgUsChgUcCigEUBiwJkAecWE1gUsCgQXChgAedfZiYt4PzL0N1q1aKARQGLAhYFLApY
FLAoYFHAooBFAYsCFgW+UQq4C5yPov99oyO2um1RwKKARQGLAhYFLApYFLAoYFHAokBgUSDYA6SB
RTir3m+bAiHafZX9t4Dzr3JarE5ZFLAoYFHAooBFAYsCFgUsClgUsChgUcCiwNdKAQs4/1pnxuqX
RQGLAhYFLApYFLAoYFHAooBFgW+PAhZw/u3NmdXjAKCABZwHABGtKiwKWBSwKGBRwKKARQGLAhYF
LApYFLAoYFHAosAXpoAFnH/hCbCatyhgUcCigEUBiwIWBSwKWBSwKBCMKGAB58FoMq2hOE8BCzh3
nlZWTosCFgUsClgUsChgUcCigEUBiwIWBSwKWBSwKPC1UsACzr/WmbH6ZVHAooBFAYsCFgUsClgU
sChgUeDbo4AFnH97c2b1OAAoYAHnAUBEqwqLAt8JBU55nqYb3tcpQ94MlCBlgu9k1NYwLQp83xT4
3//+R3tXedKbF68pZ+mcFDla5O+bINbog5wCFg8GOcmtBgOIAnev3qVjW49RglQJxbdT+gCq1arG
ooBjCljAuWP6fAupj65epYtbt1KsVKkoad6830KXrT5aFLAoYFHAooA/FMBvmlOrVtH7Fy8odenS
FCFaNH9KWMkWBSwKWBT4OihgAeeO5+HFy3e0dOlx+umn8FSubDr68ccQjgtYqd8GBSzg/NuYp6+9
l58+faL71+6T98FzFDpsKMpb0fkf+DhUPL79OP2fvWsPiuo64z9FHsISsMBGHmoEI4E2iAar1iRC
iCSlIQM0UkfQxCCRugq1nZC625lqjQKJa2QgYZKgpbasjrbsQOtmpkRAk6ygkRAVISlBQRR5CLvI
CmGQ9p5Dd2ef10Wz7MN7/2DP8zvf9zvnnj17ft859LT3wMnZCZ4/8kT8pni4uLoYNftyfTPO//tL
jI2OgT+Xj9jUWLi5uxktyyUCd8fuomBLAYaUQ+i7cQuv734dkdGLJg3N6MgoMqMy0X65HZvf3YyU
36VMWgZXwTERuNV1C/IKOeo/qcf42Dg10jfQF+uE6zD7sdl2Y3RvZy9yN+TB288L06ZNw/fD31Pd
RWUizOTNtBs7fmhFr7dex4aFG6jYQnkRwpeH/dBNWFxeR0sH9mWI4ceMS9Kvwr8J4e7pbvF2rdlA
ZXEl5JVyeHh5oLujGzkHczA3bK41Vbrvth1hDN638VxFu0agKKsI0iIpnmQcDsXV+5gf0E52bQ+n
vH0gwBHn9tFPbFpKs7LxeWEh5jOk+Zaaakw3c+5oO30alyr/ifa6Org98ghceTyExf8cUa++Ste2
bG3aQp6yqwtl61LB8/OD8sYNrD96BN5BQbagGqeDmQjY0hiUFxfjUkUlpk2fjideiMMz2dlmWsEV
4xAwH4ErX3yBf731e3gHBmKgowPROW8iIinJqIDe1lbkPb6Q5mWdkWPe8uVGy3GJHAIcAraBwN2x
MZRvEWBYoaDrkvi3dyMkOto2lNPSQtHZCcn6DXT9RPYyR4eHaW6apIyuBbWKsgaJvdJtWVBcuwZX
Dw8qRy2DI85ZocPf//E11qSUgs/noaV5B2YxBDr3OAACHHE+tZ1IiJmWc99ghvMM2jCZ0Ja+GGWw
kUbI5NbG7zTltLWc4TIDj87hM6dX5pj8AUzI0i+rzuMMs2ne09EDH38fBIUGITgiBE3yS4h8bjEi
V02Qp5frmqHoVRiV5eruCv4cPwQuCDSaf3vgNg7vPIzywnKNiuZuDhIdS/9YCkmuRFOXBLz53iht
LoXnLE+ddBKRHZRBzJAf2o9fkB8+bPgQXr5e2sk6YbLp3nbxigZPguGS2MUGuOtUcpDIsGoYGYsy
0NXWRS3aVrgNiYLESVtH+uvNuBx8XdsIc2TUnajHybJPkb433SbJU0KkHRQdROLWJCyOiZw0HlyF
CQSaz7Zg63KBUTiIk0aqKNVoni0mkjGxMXyjjmps85FOQRuPPMh477/ZjzUBa6iFH5wtRmjUxI99
GzdZR706WT1ELwlpmqP0qY6BRiK71+5G7bFaTY699h0xwBHGoKYjuIAOAqpBFQ6JDmFe+DwkZCYY
XWvqVJjiCDkZdFx8HH3X+7ApdxPjHGrcqdOUWkfyjqBEWIIVCSuwq3zXQ7HuNIUFlz51CHDE+dRh
bamWTublQbZDiPCEBGyUlt+TOCdz1Z+TktFUUWGgkqunJ0RXr1jtZOPI4CBkoj9gdngYVmRmss7z
3S0teCcsXGNDVt0ZzFu2TBPnAraLwFSNQTJGZEIRntm2FQtiYlgB+euv1qLx2DFaxtx3iVWgBTOJ
08j5w4fx3anTtBWvgAA8tvJnmDlrFr6t+hSxwh2UmLWgChYRPcCQLw1lZbgqPwNnNzd4+vvj8edi
cKe/n5JQq7Zvh4u7fZML5xn7JGnrNfglFxVipcD4/sjgzZvY5R9Ay/7m3FnMiYrS1LNmgLy/p8Ri
KK/fQHzuXtpX1tTnQdoevXMHrbW1+O/4xIEObVnjDCnoHxEB3+Bg7WSDMCEPv62qQhPjiDbQ3g7y
PvqFLqR1yVgmYzhk1SpNvc6GBvQz5ZycnTVpTi4uWPj885jOOO7oP/1Xr6Lzq690yuuXUcd5vr4P
5GDRdfEiiMOGtm5q2dqfBJtHw8LADw3VTn7ow6MqFfZFLMKttjaKBdv7bU2w9NdPRBcen4+clmZ4
MN8j5j769mrL4IhzdhRPnW5FdMz7HHHODpP95XLE+dT2mXiTGLJDMp1GpX1Sg6tv9Te8dSr8P0I2
/9+rec/gBBkh54UMQdB2YWJiN1ZXvYFHThGnhaRB0aMwVkyTRtrK/yQfCxYv0KSRwGfln2HnKzt1
0qJToiGSiIwuENQFR+6MIOeFt9DEXP1NnrU5a7Ey8WnwvD3opqSxU6qX5E3IfjqLlk/fk05P7+S/
lkcJYbU9pk7y6OP+sBAnFCzmj0qpog4KR985ahbpra6n/anePG6saURSdjKWxple5JOy+zP207Fu
q2TNSUk19qbtuW88tLF5WMOknwu3FqKiuAKhS0Px6/1b4M04sPRc60U/cwp9SewS+AT42A085OYM
RbcCxK4hxRDSn0xndeSxG8MYRR9kvBNiq3h7MRR9CggOCOA/39+eTNfo2tHMOEb8eKPD9KnGMBMB
4jQ1NDCkWQ/Y6lxsQn2dZEcZgzpGcRGKgNph6V7rOGvBRd4jwTIBlH1Kk06dbLqRf3Mh+/gEnlr9
FJKZtRNxmOUeDgFLI8AR55ZG2PLyyVW+dR99jNC41fSU7L3mDu0N05fF+yjhTk5H9TNXvrt5eTFy
4qw2/6h1M5e4HOzuxqGEl3Ht3DnYErFk+V637xbU/UyssOQYbJBIUJaaBnPIC0Kg/ae6mo6nyJQU
pB6RsO5RWasHLkil+EvyL1mbt8d3oa6kBMcz3nA4u/QNGhsdxQhz9XrVrj/Rm0LYxiZxJKrY/lsM
9fYiseAAfObP1xdnlTghyw78dBlUfX2TJtqsojBLozebmvDuT0z/e6QXmRPDq0UikxLIyd2SX7yE
rgsXTJbR/j4j2O0JDsFQT49BecGpWgQ/+6xB+vHNmcx3/EcG6cYSJnvzjL4MbQci/Tz9OG2rtsYm
50l9XacyPqxU4mRuHmry88367plK3dRtjTN7mbeZ9RPZyxxh1n/kHdAmvdXlzPlUDQzgNnPrj74M
jjhnR6+5pRsi0Qn4+vJQUJCEmcxtzNzjAAjYKHH+PwAAAP//iu1IMgAAQABJREFU7F0FmBTHEq4E
1+Auwd0hOMEluLtDgrv7QXB3gh/u7u7udljwBHfXvP57qaF3bnZvd+/gwdH9wc5Me1dXy/VfVf3D
f8KRC27Lf1tciPX1RBnVdBQtH7+cKrevTEXrFKX379/Tz6l+ph9++MGuktfOXqMjm47QzD9n0qM7
j6h+3/oUJXYUGefS8Uu0cPhC+R4zYUyacnIKhQgVQn4/uPWAGqZvKNOEDheaus7pRqlypKQXT17Q
eu/15N3LW8bLWymvCOtKP/74Ix3ccIge3LwvwjfQ8W3HqFDNQpSxQEYZz2efD62YsEK+I78pp6ZQ
tLjR5Dd+3r97T//+/S9FjB5R5PGA6qaqS2reRkTTC+oxo/cM6Tt8+whKmzuNKYb9J9hhcP3BtH76
eirTtAw1G9VM0gx0qpuyrow88ehESpQukX3Cj19PHz6l21du06uXr6llrhYUIVoEmu4zncJFDGcZ
PzB67lmxl7qX6UbNRzeXNPzcbRzTYgwtHbOUxh0YT8kyJ/3cxbmd//ZFO6h3Ja8vRg+3K/gNJHj3
9h39nuF3unv9LmH8YT4KLO7NqzfUNFtTwpwaGOYKze9Ega1PXR1rX/tc7Go7dLzASYEbF25Q7WS1
Xdo7/j8o8L3OG/8PWusyA44C+X/I71Fmw8ilP789ylsn+rwUOL5oEc2oWInytGpFpYcP+7yFuZn7
3QsXaEDSZJS+UiWqPneOPH/wK4ulLVrSrtGjqdXBAxQ3c2a/ouvwr4ACX4oHuZxyY0ZTzqZN/Wz5
gytXqG+ChJSyZEmqu2ypS/znZ6YBGOHYwoU0s1JlmWO6ihWpSG8vCh8zJj24fJnm1q5DN0+ckGHf
2ljYPnw4rWjTVtY9Z7NmlKd1KwoVIQLdPnWK5tWtR/cvXfom2yUr7eDn1IoVNK10GXKVNx1k83/x
fvvqFY3Mmo2e3rpFHc76UJiIEf8v9QiIQl89eUKnRV/89+EDXdy6jQ5Ony7XnxTFf6N3r19Tgty5
KXry5JZFPRHtH5ouPT27c4dChAtHNcSaFT9HDnot8jzk7U3re/aS6czr2cWtW+nhtWt04/ARuXZx
5r/Uq0cVJ030Ne9gXfx7+3Y6MnsO/b1tG6UpX55Slyop6yfTCnzg/Zs3tMGrNyXOm9fltZPLVZ9Y
T0GDomJuCR0pEr1+9kzm+/blS8Pv4fXrtK5bd7fWabWM7+H9WxrfATGe3799S8MzZ7GbE9p8GPk9
dLVuo6aAPQV+bGX//ZV8/RBYgXM+wG4zsQ0Vb1DcKbkBqjfK1IiePnhK089Op5ChQxrxzx48R02z
NpHfEw5NoCQZk8h3zj9qnKg0Zu8YA2znhBM7TKT5Q+ZbHlByWgDxAPPZ4VCzZe6WEox3Brry4Wf2
ktmp99LevjYHnN99AdJXil1Jfg7eNIQy5s/AQQ6fqkCA9zlvipMkjhGX691oSCOq2Kai4W/1AqCv
cZbGnwUMgxDBYSHscGTTYTq15xS9e/NOViFL4SxUplkZihwrsl2VXr14RWsmr5ECABCcQHrEe/vm
LW1bsI12Lt5JoBUEJmp0q0nJsySzS39i50mRfjVdOX1F+idJn4Syl8pBTx48prP7z1KVjlUoxs8x
jDQqcJYgTUJaMnIx3b56myJEjUBlW5SjrMV+MeKqL5dPXqaD6w9S8JDBpfeLpy+oQLUCFD1+dDWa
8Q6+hUDG6GajpZAIC0agfeyCBA3Cr3ZPxNmzYg9tnLmR7ly/I8NQv0I1C1OeCrkpWPBgdvH545rP
NVo3fR0d2XxEesVOHJuyFM0i2haR9q3aS3mr5KP0v6bj6PK58q+VNKLxCGK+4fp9EBtsczn71uyn
az5XCeeJKXOkotTiP9yFIxfo6JajkjY4XE8rylD76eblm7Rr6S6ZH/o1cqwolF/UBf26QQiq7F6x
W/JJskzJqFbPWnY84gkt3rx+Q/tX76edS3YShEp+DPIjJU6XmJJkSkIH1x2kzIUzU6nGpWTd/fPD
gigvBQ8PrD2Abl66Sf1W96fIMSMJ/n1HMRPEoDcv31C0eJ+EbLi8x/ce0/aF2+nAugOy7U8ePKGU
WVPKPmK6clwIzGydv43u/XOXgocITuC9wrUKyzFxcP0h2jxnk+T/oMGDUoXWFSlvxV85qb+f7oIl
N87fEPXZLASRDlL4iOEJfJQye0rR3/kpTtJP85VasUd3H9Hm2Ztp64Ktkhbg9fR501MKkW6vGAeY
h4vUKWInWPXs0TPat3ofndp1ii4evyjToZ+L1S1GReoWkXRSy+B3d/id0+wTvHTt7FUjT8yf4B+e
Czie+ekOLU6KdvjsOyOziC/aG0sIXywbs4xO7z0t+bdQjUJU/PfiRh3MZbnzzX2KNXXyiclS4OPM
/jP0/NFzChYimOivVA6FfDyhu6fj0ZOxDzpgXsE4f3L/CZGQxYuTJC5lLJiBZvaeSfMGzfO3ENNO
MZfdvPSvnAchXBc7aWyx3h0VwnP/SKGEmAljCaG7DHJNUfvFP/OgOzyIeQ9lYa6Aw5yL8Ye19+jW
Y3Th8HmDdxGG9TF3udxGVZEW6885sb/C/AkXKXokKtW0tFwfzQKOnNDV9Qd57lu1z6gD+BE8j7UX
fb5x1kbZd6g/6hc7cRzKUSo7F+PWE7ywZe4W21omeKF4w+J049wNOrnrJL16/op++PEHIVSZmlJk
TW43v/h3X+LO2OcGXTx6kf7I9AelyZ2WBm0YSEGCKPsDUXe7b04knmf2+9BGsY76HPCRvpgH85TP
I+fMiNGsD/vcnXOxn3n17BU1z9mcsHZBQAyClyq2aLWfQdwNMzYYewn0tbp3UJph94o5Y+/KfbR7
2S7Cnhptih4vOv1aMS9lL5nNyA+JuK/wDv5B20/tOU1bxDqE/o+bNC5V7lCZEqdPjCjafWcUyP9D
4AfOr+7bR4dmzKRr+/fL3o2SODElypeXbp48RR/EYV+5cWMpSNCgMuzE0qX0ACCN2FcmLlCAoiVN
Suc3baL7f/9NOFyMnDCh9A8XNaolp9wXANYh7xl0ZuVKI/znXLko++8NKUYq298ERsDHFxzOnxTl
Hp41m57evEk/iLktgUiTunQpurJ3L7168pQK9+hOwUJ++vv+2b17dHjGDAoS3LaOvRN1+1kc2OO/
I3frzBn68O4dnV27llZ36kwpihenEoMGysN35B1SAFWhxf9goUKJ5v8naDaDnotygoawCd3jYD5T
7doUNnJkuu3jQz6rV1PQj3VCWIbq1Sl8dOu/+RzVyex/4+hRGp4xkwQrGm3cIGnBcbC2/qjO+x8D
GDhvtHkTPb19m3aNGi1BhKii7wp07UIxU6fmLOye7wUtAJiANx4LIAAujOjXzLVqUtoKFSjoR9ra
JXLj4/nDh3RYgCc/Ct4C3bM3aiT7EP19UPi/F0+xsMq1NWuDBgaduQj08cnFi+n0ylUGXyTOn58i
xo1DO0UbK0+dQgly5uToxtMTHjQSu/ly5/x5OjpnLp1bv55CCfAM4NPPObJT+ipV5NgxZ+cOD5rT
evK996+/aFGjxlRq6BD6tU0bsQbazlxQT6v+ZcGNLHXqSPB236TJdHXPHsmHv9SrS+gnnivM9fnc
dAc/DE6VWoJ0+Tp0oN/697M7QwMAOCp7DrotxrkVcP7i0SM6Pn++AMUE74nxCocxkrVBfUoi5jpH
7tLOnXR07jz6V4DyIcOHF/vCHylVyRISvAsbxaas4yitK/5Mc8S1ApHvibm3f2Lb+WXrw4coTsaM
dtm6y4NIDFqeEEIIPmvXSVq8ePCA4mfLRhmqVPY1h2IuPCbo9viff+QYffX0qZgjalGE2LHprOB7
gJm3T5+Wc3GeNq0pvRBoUN2bFy/o/MaNdO/CBekdNlo0Sla0KF0/dIimFC9h2eYzYm69c/asMScA
lMrRuLHdGsBlIP/9kyfLT8wzAFWvCJ5FvbCeoI/zdexAsdOn5yR2T/DtGTEPXjtwUJaJwLBiHs/Z
rCmlKFbMbu+PsA9ivwswdXSOnHJ9aHPsKIUTbQKd2DkaI57woKfzINfFnSeDnQCvs4mx7pfjteen
OHGoxb69kifUNCs7dKRtgwc7BJi3DhpEqzp2IgjBHBf8CPC9/amTFDFePDUb453LQxzzfoKBS4D8
rgqdGRkrLygD/N718iUKHjo0cb4YI53OnZV+LGDEAgEXt2yhf48dM/YDWOOSCx5HHY11EGu3WO+w
V0kkwP2YadLQgWnT5B7sleAnCA1I4YXNmyX4Cn6KIdZuCAJgT2LlPvecy2V6woOq0Bbaun3ESHp0
9arcY+Ru2UKOLc5ffYJ2p8X+8dTSZYS5EXse8EPaShXFvFvSbt26JeYd7OcwJ4ePFYvSV64sxysE
Oo7OmSPnJMz1EUT6dGJP48i5C5xjHYcAx1sx92B/GEvMLfg/oUBBeijayMI0AQGc7z9wlby9DxKe
cEGC/EAVyqenOnV+oWhRwxpNeiHOk2fMOEhv334Am9GrV+8oQ4bYVCB/Ujp56iatX3+WQoa07fPf
vHlPVapkoFgxfzLSX75yn1asOE0HRDlnz9mwhejRw1GzprmoWNEUxjx46/YTmjPnCAUPHoQeP34l
lFv/o7XrztDp07do3NiKlDp1DOrltY6WLz9FRYokpzGjy1HiRJ/+Xngn/g6fOm0/vX79XtYTdYkV
6yeqXCm9UYZRKfGCei1eLNZeUffw4UNSvnyJZfnLlp8kpM2TOxF17lzQjhZq+kePX9L8+UdpuvcB
GR9hSZNEpQYNsknaqHH1ewBRQAPnAURIF7NhkNcZAM1Z8SG/lcYjA8CXTlyi0QIgT5k1Bd29cZeq
xKsik/dfM4B+EcCh2fEBZc3uNamOVx27YK6blYbwouGLaHzb8U61c10FzleMX0Ejm46kbMWzUc9F
PaVgwH8f/qPwkcMbB8p2FRMfrFlu1rBHPAaEAdh7LfFyeMiKuM5oinD/uLEtx9KS0Usss7DS1sdh
OzT02eEwtvv8HjRK0ObqGdsiwmE4UB66ZYhsGw5LhzcaTptmbeJgy6e5H5lOlpGFpyNhDuYLNd3Y
/ePsAGIOO7btOLXN34Y/HT7bTmpLv9X/zS4c/NuxaEdfbedIoA+EQWImsNdqXjZ2GY1uPpqjWT55
vKGMRpkbSSEQy4gfPQG2dJ7VWf7hig1e5986S+EBBKuCIX2q9JFCDpxX46GNBYD7aQMDMH9wvcEc
LAVWitYrRp1EO81OTesJLTAntMnflk7vPmXO2vh2ZYwYkZ28mNtlFTV+yvg06fgku/EIEKxryS5W
0aXfrwL4bjuxLYX5KYz8fvn8JdVIVMOuv/os/5N2LNouhSvUjALaioSrcwX4Y06/OTS1+1S1Onbv
Dfo1kAAGBErYAchrV8Amhc9+5qe5v7hOmPetXKqcqWnYlqEUNJhtA+kJv3O+4CdYE1DnIr9o7C4t
zGOLyzY/JR0Wi7ndgcCNOb6jb7/oh3RYlzp6d6TwkcIb2fiVzkx3JPR0PHoy9lEehI0GCCEWZ868
JjiLaw4DDeqlrieFZMxh5u9eoq9yl81leJvnC1ilcWUedIcHreYKVGDkrlFS0KlTsU7GHM4VU+eo
W1duUfWE1TnI17Pen/Woehff4e6sP+umifVAWM5RHdcB9DXPdRzmCDhW8zG/b5q9ifrX7G/29vWd
tVhW6jSzk8Hvnu5L3B37AHp7lO0hhYB8VUrxgBAo1hHVOhDA5THNx9BqITjoyA1YN5CyCEEx1bk7
584dMJcmd7EdWqr5mN+trB3tXr5HtK+7XVTeh9h5Kh/Y53Yp0cXhGMP8O3zbcIqX3HbwBqHJ+mnq
KzlYv47aPZpSCWEs7b4vCgR24HxT//60tktXh50KEIMP+XB4CGCKtRsdJhIBtZcsprRly9pF2T1u
HC1p2szOT/0AeJendWu7wzEcQOOw0VmZah05v1PLl9O0MvblW4FOHP/N8+fUN2EiCbqxn9Wz+e5d
EjhC/M5hfVtb43AceM+vZz+vcJhVvs78AGaiLQDinTmAE21PHPel3chggqO0rQ4dpLiZMtkFP7px
gyYWKSpBRruAjx+gOYCQyAkSWAW75IdD7cGpP1nKYzDztgDEBqX4NNda9S/q1yeuNXjChZcdPYpy
Ce1c1XnCg2p6V9+xlm/q109qHTpKA2AXAC//TeMuDzrK1y9/0G54psx+8noGAe5Xmz3LqB/yVUFc
q3IkUDRnti8Bji9B9z3jx9PiJk0J46DD6VMSxDbX8cyaNRKMbXv8GMVKm9YIvrx7N43J9UkA1Aj4
+ALgrsq0qRQ8jO3vangDiJ9VrbrTcVl/1UpKKQRw/ONWCSGerQMH0s9CCKTJtq2+BBPAa97CQsb5
DRuovWh3xLhxZXGe8CASApSeUqKkwyqDFgBOQ/1kA1Ws+LbeiuUC6FxEh2fOtMvHPJavCmGtUdmc
C7aa520AlUPTZ7Cbm8z5qoWa5xk1TH1vvmc3/Zzdvi4MgKrx1Pdiff+kgl0+ncdsHjCA1nT+9K3G
Vd/bCjA9Vjp7RRRPeNDTeVCtizvvKtjpl4UKtW4N1q6hFAIoNjsWBCvUowcV9eplF4zxNSxDRimE
0MHnDK0WIPv+KVMsBSk4Ia91TF9eOzPVrEFpy5WjgclTUHgh0NFk6xZfcxTn4ddzsdjDnBBWadR9
kdm6APMNLHPUEXshjCcIT6mu6J99qFDXrmTFnwhLKwQ81HVQTau+g/cbbdoogXbV/0vMuShP7We1
fPXdai1mXlLjqe9WwhnYG0CYxtF+ELRosn2bYQEBlgFgkQNOnSMOz55Nc2rUNIqD1QRnPOEqcA5Q
f7UY/zuEhRBHTq2Hf4Dz10LBqnnzJTRp8l5HRdH6dX9Q4ULJZfjpM7codZqBdnHTpo1Jx460p0aN
F9LESfb57N7VknJk/1nGv3L1ASVI2McurfrR98/i1EWA03Bz5x2hatXt5301rvk9YcLIdOpkRwoV
0qbUZ1VW7twJaevmpuIs/NP5L+czbfp+qld/Hn9aPqNFCyvLiBrlkyABIu7ec5ly5R5lmQaeFSuk
o2nTqlGY0DYBXIcRdYB7FNDAuXv08m9sBiH9OkBDOXxYbwbOAZziABZgoQrIQiu2qzh0A7iMgzyE
mR02o9BmwQFcymwp7IK5blaH66yp7qzergDnKH9Yw2G0ZuoaWXYKUQeYg2fntaQ35SqTkz+NJx/m
WpmBdxZmZPDxxRFNzfE8+Z7UaZLU6oMZftaKvSrAcRyewty+CowifxwcXxCaVtDeHdlkhN1haS4B
OpRqXFpo016mca3HUeV2lanhwIayWir9oGFUoU1Fcagclg5vPExjWo4xqm7uRxU4B92bj2ohTPwH
J/Tt/rX7CQfUU09P9cU30Jy6JLTOcR3A7L6z5EG3OW8uFBr3HQq350+HTzNIz/0CQBB823ZyO8pc
KJM8hDq+4wR1L91N5mUWnNg8Zwv1q9FXhoGnO0zrKLT0Ygm6XRXCBcMMwJX51lMgEZqIp4UmF4AI
FTiHVte1s9fp/r/3ZBiXww2HhjRod0ukN4MYVTpUocxFstBuocUJk/a9FvWS2o+e0oKtUKAf+wvt
7wRpEhAAhuPbTxhAvRmI5Xq6+4QAzupJqylshLBSWxoa56B/iYYlhMTyB3otrkRImC4hFan9SVva
58BZaiZMn8Ohjt3mdaeEoo4vn76UmpYYP3DmOmJ8PxYatHP7z5F8KiOJH5TXekIbCVCObj6KQoUN
ZXdtBcfz9Mn9YJ5/zfmxIBD8AfzX7V1XasTf++cezfCaQVvmbZFJVN7gOYvzaj+lPaXOlZru/Xtf
psGVGXAqr+Gb63Tr8i2q26euDAegdEBoGfet9iei0Og9QpDq49zuKb/LjMQP5vS7N4RWktDo71W+
p/R2ZrbeE1pgDMFqA48PjP+O3p2ElmQiKRw0rcc0Wa4VOMX1dPXJ9GPBA5T1+8DfKYYQxjkqrFXA
GgscLATA8goLIHA6V+mOPDwZj1yOu/PgNmHBoU/l3ihWjq1GQoAHdV8yaom8fkUGiB9H8zaH+/WE
FZBeFXpJjWyOm0XMYYWEFYinwnKEKsCkCu95Mg9y/u7wIOYhgJ0AVNG3PRb2pAz50ktaYCz8LdYX
7JHgMB6z/pbVEMRi4BzzSvPRLeT1MdDKXjJyCc0Rcw/8p56aSj9F+STF7O76g7X+6JZj5FWxl6wD
9jNNhjcRljoiy29ce9OhSAe5FwCg3XhYY4qbzHaQKCO48QONdVjl4LWTk0KIB/y9e/luQ/hI5XdP
9iXQFnR37KOc1vnaOBX0Qp2tgHPejyIcFmPyV81PocOHFlZhrtOQBoOJx7dqnciTOdc/wDnW3jNi
bwthHwizYX1T1wDUXXXgjTop6hh7FghRZiqYUWr6HNt63OAZ8CHPwaDhxWN/k3fP6cbaCMsjFdtW
pGePn4s5tZ/kJQgCdpndxQ7UU8vW74GTAoEZOIem0yBxkAwzqvVWrqDkRYpIjae7Qkt2VtVq0qyx
esiHHoYJUu/yFej6wYNGhycT6TLXrkUvhcbVkmbNDX/1sPzksmU0vWw5GQbNqXwd2lPE+PGlBvT2
ocMMc6y1Fi2kdOLAGA6AzIhfshoACQ7X05YvJ7WuDkydZqQx1xFpcYAJTXpoM18RoBi01swADOKx
wwH7FgF6vHn+gqA5tm/iRBkELWhoCkP7GYenBTp3oggCmIO7c+4cbejlRUfn2Q7tGq5fR0kLFpRA
Iw79Ty5ZYhzaVp3hLTWaHGmGyQwd/KBu4/Lmk+1wEEV6uwKc52reXGpKPhMaV2ziGQBpdQF2sjUY
PiSGWWto+FWaMpmSFiokwy/t2EFTS5WW5cG6ADT7PGkTMoBp25vC1DTM9UIrjIFzhKHvoB26qV9/
Ya73sAFSIAyOQVKAeKVHDJfmuEHzY6IvoEENZ+5vT3hQZuTBD9cPSVHHon16008CsIFWrsozah09
4UEPqiaBjoAAzjHuoNUPrUlonm8WggJwZm3PL0V3AFp7hHAOa8+7Spu7Fy/SgCRJZfS4WYR1Q8FP
MQWo/laM+WNz59LS5i1kGEyklx01Uo4DnMNNE/PZaSGgA1d8QH/KJLSsQwhgHUDYggYNjXlL5WsZ
2Y0fjMWxeX6V821V7+lSk9sqOQQabhw5IrU0ofUO5wkPXjtwQJoYR3rMJ7Xmz6MYQhv0tdAiPzJr
lpxHESZN9S9dYoCPsLDx4v59OV4xltmBRyr8NUFq5S4Va0OIsGGNOUMVkME8A+sekYQgjs/qNcbc
jnzUMcL5or2PhQAILIpML2dbLxjI5Dj8xLiCtu+6Hj3lPAN/rEG/tm1Drx4/lgAagDjzPIh4DICi
HWXFdQYJBcAG7dWdI0dJfoc/hBXYsoCnwLknPIj6cR+7Mw8inaeOwU6rPjHnyUIqWCegdR9S9LHZ
YRxBexga+bBooDofwUeTfysu1qtmVE4IQcEUO9ZBZ+sOA+fYz2AsvxJWJJDHr8LSAYB+WIcIEiyY
r7LUcp29Yzxi7oSlGeY3Xi9Vs/wcL3WZMvSbEK7AvglzCfYhcACSMwvrNKDJO6HxfENYVxid0yYo
D2GqX9u1JVjt+ff4cSkkotYJ9EicL68IO0Ebe9vOLDB+IAzEgmxfas5FvTzlQeYl5IG+B02wl1jZ
voMcp1IA6sxpg2/U/SrS1Fwwn5KI/RasH8G0/4wKFeFtB5A/vXuX/hFWepY0bmITwPh4bQKsUGAP
izkeYbjCxpkVAqs+loUpP+Bl7H+xBsFBiCxzndpyXlzRtp0hqIY5g3nHP8B5h44raPCQrbKsoUNK
U9WqGYTGdSjy8blN9RvMpRMnbsqw8+e6UJLEUenN23d0+LAQOPxzA61da8OMli6pR2VKp6Gbtx5T
rNi9ZPxixVJIEDxTpri+wGwA0GNGlycA2RD4GzlyO/Xrv4ngf/pUJ4oSOYwsZ/36c1SqtE1gHuBz
z55F6U9R7jyh2Q0HoL1gwaRUtdoMunTpPh072p7SpY0lw/Bz6PB1oRH/lu7ff0Flyk6hShXT09w5
Ne2E+Djyk6evpBb8H40WyrzgP2xoaSpTJg0dOXKDKlScLqNOmliJGtT/JBh18e+7lCSpbc+SJUtc
GjG8HEGQ4PXrdzR37hFq3mKJTAeN+lEjyxn7Y+mpf/xHAQ2c+49+7qZmcNrZARrnaT5Ej50ktgyC
eWh2AKpa/9VafjIwagUuc3xnT66bClDg8BWmRXFYDqcehksP5ccV4BzRuRxOigNuHKyz6zK7KxUQ
B6Gq4wNqM5CEOK6Wi7hMU7/AMMT11EnTnsIUKrTooTm7f+0BeVhvBgQ5f2jVwXw8H/a2E6BxMaGV
zA59wKbD2WIAwqx46KQ4oG0lzOrDmUES5g+zdiSAcWgSwgEsgrloR47vSTfnrcbHYS7Mi7Kpdgby
4A9nZQqd88Wh8PiD4yla3GhqlsSgBjx7LuwlTJLmpudPntMfGf+QB8Pg+S6zuthppKKPW4j77AGm
qLRiU/Jb5m6VoDuHOasfyuU6WPEgh3FeiK86Docf+H3ghkHSSgTHwSE7mxf2hBbIx9kYYQA1R4kc
1GZSmwBdRHk8m6944LbhiT5vV7C9BPEgtDF4w2AJdKtxVA09Nu+vhnM58CsthEoaDWtk0Ax96olW
ppq/+d2VuQI8VjGWbcMLgZmGAxra0Rab0UkdJ0lAFrwNGgF4g9bp+unrJShkvlIDfOhV0UsCW47m
DNQV8wLM4cNhngFI7+3lbcfrCPOU35FWdQB+oDnMoI0ahndPaMFzDY8PjI3xh8YbV3GAfj3L9ZS0
6Dqnm7zmwFyuO9/cp5hrIYQzWmhiRowe0chC1UjlecYI/PjiKt09GY+ejH2YnobWKYSzMC6ajhSS
rYpm/sJhC2lCuwmy9s7mbXM7HX1zHRHeYkwLKt3EdhCNb8zJfav2lSCeWcgJ4dzPePdrHkQcs/OL
BxFfLUO9xgZhLMyAuk07M81YVxGmOggnvn39VgLuoGW7Qu0l+KnSz9P1B+XwXCbHt2JJAXk2z9Fc
WnlQy1Lr5s479hZYA2F6HgC0ea7ZK/Z23Up1lVmarQS4sy/xz9hH4QxqMz3s2ijMsqlzu9q/Vlrl
apvLNC1DzUbZtPY8nXPlfk4x1T7p2CT6KepPfppqV9vAdXa0P0BcXKUA/jbPgZzPPxf/oVpJa8lP
vl6Gw5ifzGuQyu+oN4TLtPt+KBCYgXMGLnCQ1/nCeTsNTWj1ARi6IwARHMgC8GDH5lrxXW7sGMrZ
pAkHSS3MmVWqyoNPPuAWGzoJxgCILdyrFxXp2cOIzy+sVclpcICqags127lDmmfn+HiyRpV6EKmG
8zuDH64c9iMNx7cCUjhPfqqAR9Md2yWwwmH7p06lBfUbBOh90ACoBqVMJfOEJpvq/DLVbqY9zBXj
sN4MgnH/gq7QRmcNVi6L6YNvVdCBw919MthhBTAiDGZx+aAZeWNPC21+8IdVn+LqgL8KFZbCABmr
VpXV4YNvd3nQ3bYgPszAesW0HQIDBAGoykIJCEf9AaDARDFo3E4IH5ivNmAau8KDyNNdB3PSAACP
CjBndvUaBh0BMsL5Zaod9VYtDuDvU1iGgHnaFnv3GMDUl6I7aIo7zKHhbMUTzujD/IerGeoKMBjA
mup4PMCv03mxD0ySxADx4AeQLlWJEng1HIR+xuXLL8EZ1jp1ZJ7bSGTxogoPsRatRTRfXp7wYBhx
xQT3IYCsPzZusJv3UYhqycM83yGcaYn3HGJdKD1MWG/7eJUFeI6vkgC/APCG4AHm/GZC21u9xuKc
MN0+sbAQ5BLOr/7E2nFQWPhQ5wiZ0PTDdTOPyWsCQBspBLRQD/Nap2YBsA1AW1DBHxDImlCwkBRm
Ms9bZlPtyDOsAEHBo+zMvMB1c4cHPZkHuXxPnwx2+tUnyJ/jsrlytqzhStloG6wo4CoO5jN1Lmm6
fRslzJPHV1ZMR3OAK/U1p3H0DUE5CG7kF3M7eJvrpQLnmEehdYx+B0CO+Z/jYQ0qPXwY5WnVyiji
HyHYAe16q70M740Q2bwPwn4AwgQQfoRQHAR71HLMaz4XyHmq+y0Oc+fpHx5k/pCWNIQFAJ53+coN
1ENdG9lsP4QEcCUF5mHVqXsxVXiKTemr/cPpOMwv8/1MU6s8OC9V6AiCkplrftJox9wxo1JlaZ1E
7WNPgXNVK1vVKue6vBVnoDlzjaSDB69LU+oq8AtN9fIVptHq1Wck4L12zR/CtPlhGjpsG2XLFp82
bmhMYcOE4Kx8PWHyHeBysGBBKGjQH6lgofG0e7e4jvZAG8oswHY4Lv/q1YeGpvex4/9QhoxDKGfO
BLRtS1ORNgi1aLmERo/ZaZdWLRD5ZM4ylJIni+4QOOfyEA/CAosX1aVyZT9Zkxk1ege1bLWU6tfL
RgDPeS/GZRcvnpIgQBBMOfNDnitWnqLSZabI6rDwgfzQP/6ngAbO/U9Dd3LgAy5nB2icn3rIz37m
Jw7Z+q7qJ7WjGBj1L3AODTLeJEATmZ0ZcGV/froCYJvb1EloFhaqWUje1Tiu1TipKaZq1HDerE1v
1TY+ULQCNDk9P7l8HPQ6AoA4rrtP3O0J7bTl421SvOb0VnVHHK4TwJxuc7tTvsp5zUmNbwZjVA0x
I/Djy8oJ4u5uocFuBjKZP8za3vgjoFf5XhKc8uuwnvPwKx6qwrzuTlyk8xJWB0ATdlgo3omDMIA/
AId47LD5fowBtNXqPm0WJOg0Q/CZuCtZddwWzk8Ns3p3xt8c5igvDkddRwnTwdAGd+SYbgh3lRaI
e/nUZWqQtgFeKUnGJJSjZA6KJO4ch9Yk7h6OKAQi4qeKb4xtGTEAfri+zvpZBZmGCVOz6fJ82hhw
FbCJZZDUbJ0BcbgcgAMN+jcI8HZwPfjJ49LZXME0Z1CcgWDOA09oEkIwBgIcECJJkOZnapq1qQTH
/lzRl7KXsJdURhqAoW2ENmaqbKmo9cTWdm09sfMkTe853U6TGGnYOeJBd/md8+Mn6I+72B3Nm57Q
gjXjeXxYzZE856ntgnDB2qlr6cWTTwJXXE/1iT6EVY54KeJJb+5TzLV8xYkaH+8sgADNTQiZ8Fro
Lt2ZHsjT1fHIPI40ro59Bh3Bg2aNaOQDIJGvcHA2RhHXFcd85Eiog0FC5GVeg7ifXZkHreriFw8i
DeYRtsryW73fDEEhdX7hfYdaBoSXdi7ZRdO6T5VjVQ3jd5V+/ll/oFleM4ntD9PBm4ZQxvwZZBGL
Ry6WFmasxgHXwZ2nyu9WwkjIa3qP6TTzz5kEWqlzjZrWr30J87o78yCPfdSB+cKVdjP/IV3TEU0p
UozIUjAL33DBhHWMpWOWyfmReVS2xR9zLtPC2VpgK936l9unzmFqTPAmA/uwCFC1kw0wUePgnbX6
uV0sUMDzhir0ivi4vgBrDYQjHc3biKdd4KRAYAbOAcoMSZtOmr3EYWTW+vUpSuJEUosvXIwYUkM2
eooUvjSK+cDTDLgyBzDoh29on0IrcEDSZDIYdyOnEneT4x5Pdgj/e9t2qWXIh4q4S3xhw9+ladZ8
HTtSCQE+mh3+7ppXp64ELxxptCENm5d29fCc4ztqn7kefFivmlJWtaPMwIo5vTvfXDd3wAiunxl4
Uw+oVdCJ46NedQSQqPYVhCBw7z1rULlKU2dt5PKs6IQwM3COvFShCtxZHD/rLxRK8Ax4CWBAuJgx
KWrixEaxTDd4uMqDYYSlAU8ctOiHpEnrEBRHnuCPkZmzyLGnAs1cHtfXVR7kdO4+eSy72o9cLwD6
ZjPuO0aMoOWt29gBnRwf9fqcdFcBZnNbcPc4NET5wBx1wXkI7tUNLfoYZpYBZkHDsfy4sdLSBeLA
gZ9wJ+2KNm3lN/Mo8x9M/DbestmX+XREZkCW5zTwE8yg4451tS4yY+UH4CzuKcf92QzYoH7m8ask
8fXqCQ9GT5lSgnfQvnYETGKfxZr2pQQo/qu4WkN1PJYBTpvvmFfjqf0FAYz4WbOqwfJ9vVdvYZ2h
lx0/+YokPBzNEea4XDczHbkuqhYxp4XlkhPCcsi6bt0dmodmnuA0eHK/OQPaOD7HdZcHkZ75EO+u
zIOI5x/n13zxWNwZjzETVghhcFx31iquG5v/xtiB8BauBQCwCoGjXaNHS+sA5vkHabmPC3bvLub/
RNK6xtqu3eTVAq7cyc7lu/Pk/nOlr1kTHO2CQEV4sc9Sx5SVeXJuk9V4Qz3Nmv2oh7v7LU/XOpTv
KQ8yf5jbrArV8NgCjVhYDvNKgU42zX2UrzrWflfXTWf9w2EBAZwfmTNHCqFJfre4ruSRsDbTJ05c
O+EIT4HzRYuPU8VK02XTR44oSzFihBd/w38SzMH94gCkt227SCVLpqKli+vZmTkHeN6gwTyaNfuw
QT6A5gDRI/zkWzgc8ZcsOUHduq8xtLqNhB9fVOD8lVCayJptON269ZTO+nSmiBFC04WLdylpsn52
2uMMXqtp1Xw5H7+Ac46H8i6c70rhw4U0sjl77jalSDnAjg4cH0B7nDgRxN3rFej580+YCeh39eoD
atPWhkU5qp9RiH5xjwIaOHePXv6NzQdcjg7Q1PzVwzr1QBwaMPeFSV9oMsIMMGt27Vq6W2rQAlTF
ARpMa7vjuG7mNDj0r9qpGuUsnUNqYJnD+ZsPB50B2AA82Dyn+fBPBZjUA2rkzwfN5jQIOyVMaLcU
WlVWYQhXnUrTgDxIVDXBUV56cRCeKE1CAqi/b/U+WQVHdOE6PX3w1NJUulp/PjQ2gzpqHEfvnNaK
97jvzXQ358V5+BUP6VzNE3FHNR3lUOAA4ar7Y/AfVKltJeOwHZp0Vibm1TRW79wWK3pYxXfG38yf
jvLitK6YTPWEFqgvNmfevbxpZh/H97PU6lGLavawNhlj1WZX/FzpZwaZrIRiuAzUv3el3rRj8Q7q
OL2jvO6Aw/DkcszggBonIN95XDoDSxjUdQb4ALxomK6hBOOg9Yf5uakwWQ/wFt8J0yZ0udor/xJC
MY1HGPFRLky1Xzx+0bjywhEPusvvRiEfX0B/Z8C5J7TgtvP4sJojreqt0tRcT/M3zxfw5z51Ntey
RrW6nnhCd0/Goydjn820O7sPm8eOK/O2mX7mb+4PswAWx2Mag7/N5XE/uzIPcn7q0y8e5Li8HgOg
xzofOVZkQ7DIag5S5x7kgXR5K+aVQke7V+w2zGer7eG2eLr+QLsYWsZpcqeloZuHSKs7bKrbrCnP
7XL3yX3hLr+jHFfScn38M/aRB9PSavxzGfxk/uNvZ09J2y1DhKnN9x7PucifaeFsLXBWD26fo7mZ
Ae6rZ66Ss76HxY/B9QaTef/naHz7t97O2qTDvn4KBGbgHNRXNQitesNK89DRgSen58NIAAE4+Awp
Dr35IJfjOHqqIBMfGDszUewoH9WfwTszoKbGUd85vjx8XbbUEPxT46jvqqBAo82bKEn+/MKU70ha
1qq1NNfpzASomo8r7+7WDXkyHfkQmsvhfjIf+LPJa47n7FlyyGDK29YGKjqL5yzMUf2QBmFWwDnM
sk8SJnhhht+Rwz3LqcQds3BMN0dxVX+VB1V/V9/tDtDnzrHkH1VoBQCKet82yuH6usqDrtbNHI/H
ckCMDau8uB3mcq2+/Ut35iO1LdiXTir2m6/7hVE+7hEG78L0MsBsVxyEHOIJkJdBHDPoo+Zx8+RJ
KZgEQQ4I9sBqB6dT41m98527EFrh6ypUfrZKo/p5woMAPHGnsrN+kH+TfdQEtpqXuQ/M4LRaN7yz
tRMIbHX++6IviwuIw5r+an/C3+wczRFW8QC6ujoPqm1FXqgrQDFYasC6CS1fOHN+8HM0tyLM7BDX
XR5ks+buzoPmst39thrjnAfaMThVauMOcczbsGYRNWlSKfThzpUee//6y7hyg/NXn+gLCOVFjGcT
6OcwM/8BhIUQ0y/16vp7neIyzE93+5oFdYoJE+4Fu3Qh1lT266oVR2OK9x88bl8IISFP9lvmdrn6
7SkPOuMl7kceWyzcgnka2uYQLLJyDOLjKgbMzVDacNY/HBYQwDnvm4r160sFO3f2VT0uS91vBQRw
7qsgk4ej+8GfPX9N4cJ3kubJASBv3NCIChawCbiqWWAeBEi/WADncOHChRDgdwZB2x9o+YqTdOfO
M+mvgssMTFsB5wDylwkNb/TN5wDOGaiXlRI/DNir5aJ+mTIPpTNnbnM0p8+9e1pRtqzxncbRgW5Q
QAPnbhArAKLyAZejAzS1CL8OvVRNMxwO375ym/7I9IfMwtnhm1qG+s51gzn2DPnTS001hIcK41uC
R03H73w46NfhJ5dTs1tNqtO7Dien5+JOxlIRS8lv9YAaHs6ANz5MxGF851mdLf/Q40L8oinHc/fJ
gAfuOG46vKk8qOc8WBvLEV3cqRMfGjvKi8u0enJaK97jPjHT3ZwP5+FXPKTjPF3hRaZftuLZqN6f
9ei1onGu1gGSznHElQUAC5nfrIAQNY2jd26LIwDInI7LswJJWXjDirbIh9O60m+e0ILrijH08PZD
8jngQw9vPZTe8Fs1aZUl+MPp/PPkfnbGE6pQjPdZbwkeW5XJbbeioyvlWOXpqZ8r41I1hQvtWith
JeTTKHMjw/xyvBRxDY1zZzQz11vNp37f+lSmWRkJ8HG8jbM20oBaAwyLDOzPT3f5ndPxE/R3Bpx7
QotkmW138zkbH1xvlSegHdwqTyu7u7a5nuanqtXPfYq7yqecElYqTFdCIC2DgBirXku8JOjG/ecu
3d0dj8z/7syDDPTDIszwrcPszLSjPfjDgbVZ3eE3pLVy3B81u4v126uOrygqCGjW6nfWz74ysvDw
iwc5CQ4c+GoInt95/jCbuUYarhfevYTFE1iBYHP3jujHaTxdf1TN/LH7x9GV05clKOrKPgb1dMV5
wu+sxcxpXQGL/TP20Q6mpdXaam4nC4qA7ugrXAvjyEURAhMY4ypPejIG3KGFVV24feocpsYDj7HQ
mDPtfm47z03cV8zb5ra5Wm9cTQBh3OAhg0uT/mrd9Pu3S4HADpy/EnfX4uAT9z0+EJqGMNH8Rtw9
fW79BgOUNAMXfOCJO8eLevXy1bnqISe0CQGcA5CBqy3Mi+OOcJRj5XA/b7TkyaVGJh9Emsu3SufM
j8E7V/Ph+O6Almz6FGlwJ/jobNmlhqKjw25n9XUWxnVzR4vPfAjN+Vsd5CKM6Q6zwbifFfGsHP6W
jCzMpfpHWw35Oqofa55d3bvXlxlmmEN+Ke4nBs/CzC3usoV7/O9NaSIX7wwkoH4M1MHfHR5EfHcd
axo7M4MLmjJYxuCAWg73szs8qKZ39Z3HsjMAWM3LWb04L3WcfUm6M98CqJOWLj6aXL9++DA9+fdf
+lF8w7LF1oEDpXZ5m6NHKLi4EoKBaQBZyYWW93tx57CVA7AcM3VqqfnKmo3qvefmNNx2lQ/Xinu2
N/XpY47q65vnVuxr2GS1O2PeEx6MlCiRYQWh47mzFE3Q0coxndV+5niOxjKH85PBPgCgMH8PzVuz
Y/Dfqhw1Lsq0Eq5R4+DdUd0czYPM60gLyxsphTl+NrGOfmEhCKvx6yhP5GV26nrpDg8iH3fnQXPZ
7n5bjXHOg9vMICTu5x6eMZMMdgZ2cnp+wnw2rhDBniR12bLSND6H4XlRXAcBoQUrvrDqY2jBA7SH
FZvP4bjdKiDqrBzWEMe8AIGaFULA7tiCBQ614rlNDdauoRRFi/rK2jzPPLt926P9lq+MXfTwlAed
8RK3mceWOg/WmDeXMlSubFm7YwsX0kxhEl2um2LM4moIZ/2DO9CHpE5DifPm9fcd57wH5LnbXEEe
56plC0+B84WLjlGlyt7S1PrSJfWFNrm4j82BixUrPMWNY289B/Ts5bWOevfZYKQCIL5/X2tKkTy6
4YcXBp7xDpPmJYRpc5hZh0M+9erPo+neB+zMrX/twPnzF2/ol6zDJHCO+9aLFUtOb968l20y/0D7
PHXqmL5MuZvj6W83KKCBczeIFQBR+YDL0QGaWoRfh14Xj12UdzzzwW1QYaKSTQDjEH3IxsHyIEzN
E+8nd52iZ4+eUbbiWe1MLnHdXAE6zXnimw8H/Tr8hFbsjN4zpGlQ9b5l1Zyz+cBdPfhUTY6qB+TO
Dhy5vn7RlOO581TrNkjc3ZypoL00GZvXdEQXd+rEJutRP0faqjApvGfZbqrQpgJFiR3FaAoDHla8
x31vPng1En984Tz8iofoDAKppmjV/NR7vfl+TwBGvZf2NkALNT7ewSMhQ4eU4SrwYKWhjPjQ+F89
cTVlF9YS0ogxoTpuC4D66l2qq0HyHYfJKIsd87cV+M31t6It0nNaRzzAZeDJeblDC6RjAM2K3uCx
Vr/agEZX+g75uepc4R2Uz+AjTK3/PvB3X9mr/Wl1v7Qr5fjK1B8eroxLviYCxfRZ/qcwj5/dV4nc
LwiA0ECMBDGMe4fNmoOc+MXTF7Ri3AqKED0CFa1j+2ODeQhxlt5dSuEjh+focgPIZu4d8aC7/G5k
/vEF9HcGnHtCC2jfw3HbrMYH19tRuz5Wz6UH9ym0oa34EHN5i5wtpDUANpnMdUMB7tCd+92d8ejJ
2FfrZ1UWC26h/gEx9rk/oJWt3keP/OFgQn9IgyFSqMMsnMB1tepnW2rnv37xoJr68KYj1KFwe8Je
qP3kdnL+eyPutzLXCWm4TeBHWC9hQBJhMHMNCxG4akGlnzpfebL+IG/WOsc7u4C0qKHye8U2FQnW
F1Qzm6pAk1kQgtO6Apz7Z+yj3cwXrH3PQgtMk7dv3hr30R/bfpzaimsssO/FHihSjEgcze6J9RtS
4QCD1XvP3ZlzOUPe44EXrMqEFSgSlubM9eb03D5ncxivb+DByScmG+3lPNAfvIbz3e3cl5xW5U+k
c6UP1b5DGvM96fDT7tukQGAGzhm8gFnTYr29fHUQHwSaD6j5wBOgh9Vdk3y3t9QKO31KAk1D06WX
h92ske2rMOHxTgBWAK34PnUunzU2Q4ryVIdDO9w3eu/iRcrXvj0FC/npbw01HgMg5naocdR3ju8O
UMW0VPOxMmethnvyznVzZCIaNAwqAD7VmQ+hOczRgTLfJSrv2xUa9wwWcTp+QuAiWOjQDsM5nl9P
rp/ZZLMjU/LID2mgXQaA7ydhll113BcqYIk7nz3hQTVfV9/Vu1YdaQmzNi3ytAIpuZ/d4UFX66fG
47HM2o9qGN5xN2tw0cfsnNWL81LH2Zek+9/bt8v7flFXK21o+J9euZKmlipNfActzr/4Xm9nJoCR
FoIaMBkNx23FHAeLAZET+L46Tp2/AOS7o3ErC/n4w2AQPhuuX0fJCxdWg+X7s/v36dy6dZRQmI6H
Fq4nPIh0LMwBU+slBg7wVQ6PLQTUWrSQ0olrElTHY5kBLzVMfcfcw2VZ0R1zy6jsOaQlAJWf1Dz4
HWV+DuCc+xiCGB3OnDbuZ0e5mJtGCRP/MGtv1VYVJGOT3FxfPAE2Yv3C3OopDyIfd+dBpPGPY5pY
9QmvJwycvxMCeCyUgmtMGm3aaLlGX961i14IwaeUQlAL+/EbR49KwN3RGnd+0yb6q1BheSWHeVy5
yn/+oYE5LbfbVeBcFQzgvKBt3kHslSA4aHbcJitBLPDQ3Np16PDMmcRXxQCY/VJrHerqKQ864yVu
szq22A/jsd3JE772OeiHsXl+lQIXqkCTs/7hNcOvddZZHtxf3B7sO3C9QMS4cTlIPg/PmkVzatay
E+jzFDjfvuMi5c03VgLnx4+1pxjRffMNCsV95NAMDxkimF1devZaK0FzmCnfsrkJDRu2jSb8tUdq
k+/e1ZLSCKCYHZuFT5o0Kp051cnO5Pu9+8+lSfZLl+67DJxXqpjeuK/8S2qcq+Vizi0g7maHKfv+
/UpQp44FuLm+no+fvKKfwlv/beErsvZwjQIaOHeNTgEViw+4nB2gcVl8zy0O68YfHC+BEhwE4kDw
8qkrNFLcYw3TjmyqHdqOuwRg2rNcD5lFimwpqMvMLhQrUSzCweM/F/6hBUMX0Prp6+Wh9uzLsyl8
pPDyUPHD+w/UuUQXOrZFLPrbR1CKrMmlvyva5nxAiTu+G6ZvKE2md5vbTW6sgocI7uswkbXHUUkV
bJrdbzZN7TbV4YEoA+5oL8D9sBHC0rYF26lPld6yPdPPCpOsMSMz+SyfrhwkWiZ04qmC9zh8rti2
IoUJH0Zq8GyYsYEmd5ksUwNwBV1UMBYHsq+ev6IKMSrIdnM/Y0MBZ6Y/1x/ADw6Oey32otQ5UskN
28M7D+Ud63P6z5FpR4q7tBHGbuNMoZFaewA1GtKIcIjODubzRzcfTTBHrAolIBwHwigTDn2JqwGg
1aryCMLM9YQfgwLQwm8/tb2Mgzoe2XSUpvWYSo/vPqaJxyZSzAQxjYNzpMNdq/X71ye+Lxo0OrHj
JP3VfoLkd3XscBlI106AIwWqFZAH5QDY963aL68uQBg0Rat1roZXw7EQAug4Zu8YWQ+kO3fwPC0b
s1Te+a7yp8q3rMUK2u1YvJP+rGqTwgZtK7SuYIAToB/MxF489jc1z9HMbmygIgBocLCvOj5kh587
tGDwB4BW/7UD7Pr+zvU78s5sM/ijluvuO2gVLHgweScv807yX5IRaAIHPueDfXwzoIZ3gJLlWpYz
NLTBzz3EvIX6wfTxpOOTpFUBxOX5xWp+Qri5HPh56lR+x7jkO+MdjUuM04F1BhLGFpyX0IDElRbc
7j0r91L30t1kmKpJyqAqAiq3q0xVO1eV7YUwydkD58irYi9pIUA1v431oH6a+tK/+7welLtcLiIh
qHnj3A2aP2S+nNeRn5kH4QfnLr9jzQDgBAdAaFyrcbRz6U5jLTLPUZ7SAvn7HDhLzQQ4iTmyx4Ie
cq6BP5w6b6ljyxbq3i+Awpa5W8p5BCkBEpVvVZ7CRQpH189el/MjeBHO+5ywjJAkjrxv3hO6ezIe
PRn7Zu377vN72AQ4BG+c2n2a2hdsJ9uDH/P8bgS48cLtQhLMNV3FmpYyawq5Tqybtk7M7dNkbpi7
WDDOk3kQmbjLg7Lgjz/qWsn+GGu/D/qdP43nyd2nqJXgC6wFfVf2o+RZkhHo6rP/rLHPQmQz/fyz
/iC/uzfuUpV4VfAqnTpHsJ9/nmYaAHCFQF2Yn8LQdTFv9K/Zz7jPXb2P3t19iX/GPtqnCiGw8Afo
jzEJwbfl45fLeRJ9xyA27337repH8ZLbTB6CXy6duEwLxHy4bcE2mxn8LUPkOuvJnMu0V4H3xkMb
y7ULbb5z9Q5tX7idJnW2XcEBUJ3Xc9QTDms8742RtmzzspK3EKbuj/l6Afhjz4R9TsRoNkn7+zfv
04S2E+T+C+GqcAXW2z+r/imvODHzp/o3BPbMWFvNTh3PCMMYCMhrjMzl6e8vR4HADJwzCAZqAmjK
UK2aPMjHNwCzGUJzx0fcyWs+JOcDQsQDcAQNIJgvhlnhg9Om0brutr+fcWc6NFmxl+NDT8SvvXgR
JS1Y0Njj3RPgwyHvGbSxd2+7Q0UVpIFp2mqzZlIUoRUJd+f8eVouNLXOrl0r69D1ymUKE+mTABCA
C7gfxNxxV8TFQTLuCM3VvDm9F/fWwgUJEcJoL74BOkMTHuZAAepAa6mmMLVtONEOFUQ0/D++rO/l
RRu8PgkgBLS2OYpRacJCCLiH987Zs7R34iTaM24c5RVCBCUHDZS1ev/uHS1t3oL2TphATXdsl8Da
x+oStK3G580n73+GAAQsAcCpfIE+LCbuFA0X1Tbvga5/79hBK9u1dwnU4rKcPVmDFUB95alTKJw4
eH54/Tot+qOR7F8cRKv1Q16cBnwB/osU/5MZzYtbt9L4/AXseAlpPOFBpHPXYV1jMANpoa2aunRp
g98ZvEWYWbjCvzyIPN1xqvYjBBcAALMFip2jx9BpYZJaBf9vHDlijI3aCxdQUDGG2B0S4M3cWrWp
1NAh9GubNuz9xeiOcyQAao3U+TUAAEAASURBVBe3bJFlY97K9vvvUnAHHhgLuEIBvKvOaep8Vm7s
GPqlbl0D5MYYObV0qeRF5NHywH6KlyWL3R314E+AgrgzHQ5z5+6xY2lVh47y21VtfhnZ4odBG1x9
AQeLFhmrVpV1fP7woQTMZ1ezKS7A/Hyhrl3l2aEnPMhCTygHgHaeli0NWuCu+Olly0mw2GxWGm2G
CfPJxUtI+mOuwZrwQWgPw0HAhv+mlx7iR9W+h3nj7I0aEYSjMF/PqlpN3juPuOCnPOIudU6PMcL5
/iiAZ1yJcVLcQw6wKoy4W1s0XhYRPEwY+cQP+n5mlap0cvFil+fBy+IaiDG5cst5pP6qlbLfMdde
27+fFjVuYpj3N8+rsjxFaxrrTm5BR9TrwdWrdEJoxa7u1NlmwlwIXUDgyxMeRDmezINI564DzdG/
x4SgGsA/81qK/F4LHoCllbiZMxvau3ynN8LVNRz53btwgbYNGSoFoLAvwBoO4HhNl660bfBgX/2O
PCBw8FRom/eOFRuf1GDNakohrETAYZxY8Z/KBzJiAP0wH74WayLMwcMxD8I6hSOBM8TzEfuWyeKq
EXaOBH0QzusW3uOKuafCXxMooljvnou5CXut44Kf4KqLe7UxL8BxGnf2WzKhBz+e8qCj9cLRnoUF
KlDFdBUrUlkxv2OvAAerAivbtJWClPhW914sxIJ9HQTE8rZrJ0H364cOSX6B9QK51xP7CHV/B17D
nhbOqo/N84y6N8OaUH/lCootTMq/FeMCgj0Lf7dZM1b3M54C56rGdMKEkWn1qoaEe8Dh3ogzR5he
Hzx4Cy1YeIxUU+24q3zo0G3UtdtqGffvi10pYYIocr0oWHg8bdlyQYLn27Y2o4wZbPvB3XsuU67c
oyRIv2plQ8qSOR4hn/37r1LjJgsNc+c7tjej3Lls+/OHj17INPfuPafDh9pSnNgRDM11mExfuKAO
hYCiarNFNG78blLTAuz/OIXT69fvKHeeUZQoURSaN7eW4Q8Ne1UY4O49ociafQQ9e/baKE82UPwc
OXpDmmVXy0UYCwTgfeyY8lS3blYKFdImYID8li49QX80so2tA/tby3YjrnYBQAENnAcAEd3IwlXg
XD2Q9Sv70XvGUEoBkrNjAJq/rZ4Arqp0rCIPpp2ZvFVBSqt8VKDeKtzRIZyz9pmBXc4Xmk8A5h/d
sZk1Q9787igNp+UnHyS7okXFaVx5mu/AdZaGacqCAM7isplZNY6qQcj+Ki3gB23lbvO6SbCa28yA
EMKh1YSD8nv/3KPqCW1/tMAfTtVmYn61hTj+tdLiunzyMjVI18BIZK4jvnEAzMIOrJnPCbIUySI1
xvav3c9e8smgNT4A3oJ/1bYlyZiELhy5YKRBOSN3jpQgmOH5Me0fGf8wgAOAlDiMVx0f4sNPPTxX
45jfUR4OnkOFDWVoFpvjqN/qITj7e0IL8wE47o/OWiwr4X5bmGqHU4VsuCxPnuayrPKo0bUG1e1T
1wjCAT9MRjPIjAD0FZzaX+p8xlqjMpKDn4AEm1zld9UqB8CJZtmbGXwEMDG2uE4AoBjPTwAsxh0Y
Z2hH4nDqr3Z/0cLhto0Nmob+UvkYfgDxYBkEDmnYnK/08OPHrH2IseIqv2POYAsBfhRjdx+9J7Sw
Wgumnpoqadg4S2M7mnh6nzTawNcpoH+g0e/MqdZLPKW7eYy4Oh49Gfsq6OaoXTy/+Xe8mNtlVR7m
mXHC/DisIrg6b5rnQU95UK0Pm91nP/AV6GB2EKjg+8XNYeZvnt9xXYh/1h/OF9Z3sBeAc2RFhuO6
+7Ra+63y6OTdiQrVLCSDPN2XeDL2uS4YYwB/AXbDWY1R1TIMC9rIyOIHYyt6/Oi0VwgqqU7Vovdk
zlXz4iuBVD/1XdWWd2WMIK15Pls5YSWNEAKx7KzWx5ZjW1KpxqVkFFXggNNAYKXt5LaGBRr2x9PK
MoK5ruDvGednSOFPNa1+//Yo8L0A5+gZHLJmqVOHAEbsGD7c6CyzRqx6yG9EMr1AO6qFAJnCAsgQ
DgAUmy/HN8rCgTebXYUfnNRM27jBAGtgwnRm5U+CUUj3WpiXVx1Al/wdOxpXjLlSP6SXWl5CkxBg
DQ7dWQNSzVt9R9lW96pyHBze8oG+escmhwfEE3PwLAEAgS5wlvQQh8O4O1U9yOWyGVRXNZ45TNUg
ZVPUHJasSBEJnEBQQXX1xOFwKmHC2D/ODCI4yksFO/mwnuOifjikxuE4wF44VesM357yINK666zK
iirM2j+6ccO4Gxn8B406NlMdEDzobj0Bkg/LkFGCoUgbPWVKAxDkvFhAgzWo2R+8B21aCFwMz5zF
ADoRrmpHWtHClbHP5bjzhCYwNMgZZEYdswggHPf+wvQ3u5JDBht3HgNwn1enrtTa5HAAM4+E8MbV
ffvYS441mFaOIuY2uKsCQB0lgEJ2MdOmlWAZhAvYQZOx2uxZTkE0juvsef/yZVkW36ttFReADAs/
INyK7n7xIEArmCCHBis7vk9YbRfueud7tlkDmONbPc0CIogD0H+sAKYxZv1yaFuHsz7StL5f8zTn
xWCk1TwIgaBKkycZ96hzGjw5Heo3KHkKY7yqcczvXD/12gq+b9kcl79VjWpPedCTeZDLd/VpRT9n
aVUz2Yi3qV8/Wtu1m7MkUkgjY/Xq9Gc8339bqusSA8JqZujLSAkTOCxDXTfUdP55NwuzmPNyZCWH
42GcjRNCa1eEcIa6D+Fw9WnVZjUc7zmaNKGyo0YaVhGsxv7nmnPd5UEr2vH1Go//+Yf6JrDNr9xG
dR3fIwQAFwuhFXZWc1P5cWMpR+PGHEU+V3fuQlsG+LagYRdJfFhpuJvjmL/VawhYGMAcR/3GXIF5
HAJVC+rZBDzVcFffDxy8JrW9OX7atDEpfvxItHLlafaSzx7dC5NXr2K0Zu0ZKl5ikl1Y926FqLfX
b8Qa7GrgmNHlqWmTXAQQPHmK/sZd5moc83u0aGEliJ/ll09/PyDOpImVqEiR5BQvfm+ZBJru5852
pk6dVtHoMTulH8orXDgZJU3WT3779QNN+7RpYlm2a87smlS1Skbq1HklDRxkE6Tj/Dgd5tw6defS
zFmHOIgqVkhH1288on37PuEYMGF/7Gg7KWBgRNQv/qOABs79Rz93UzMww+Cpo/QzvMRhqpftMNUq
Dh/CF61X1BcgiPhHtx6joQ2HGGAO5wEwsm6fesR3ywLM8qroJbVrOY767DqnG+Wvkk/1sntnLUY7
T+UDB+g4EMdBqOrwB/TCYQuFFvFfqjc1GSYW0BZljUMEu0DxAa3f1nlbG4AUwnGgWrVTVYdp1Dz4
IDmggXPZnqGiPR3s21OlQxUq8XsJqdHNAHCnGeKQukYh2f4J7Sao1fP17oj+OKSe1WcWLRWa0arD
QWutHrUpW4msBj3QZjbxyXHZDDjAPTNwXrtnbarVs5aMOr3ndJrZ59MfIZze/HRk3nPf6v0CLB1k
11+oI+5nzlk6p6FVzPnhGoHhjYb5ArBxmAuN8dzlcvu6lxiaadBKG9NyDGcjn+C5hgMaUoHqBRwe
Al/zuUZDfh9Kp4XGITukg+n2Xyv9KrXQ2R9P0Gtw/SF0eOOnxapc83KUqXBm6lqyi4zKPA8LED3K
9qB9q/dZAgGcr6rpx354uksLHouof/BQwe1ojvyKNyhOtXvVpsji3lf/Oi7LWT7QroOGsNntXLJT
ggMMKnO4Vf3YLC/igG9UgJ3TQdCj6cimBr+zvydPV/nd3GfQil8+djlN7DjRV7EN+zekMs3L2Fma
4Eh7V+0TZq0H++orzBulm5SmaPFsEqkcHwDf+LbjCVZD2KG/mwxvIrRkk1O7Qu2MvMx1RHxX+d1q
zuDyzM9ei3rJccn+7tLCLOiFsQ5Blxg/fzJpz3nD7PbgDYMMSwXs78pTFTgCzRoNbSTG8WGpMcrp
sT5CqCxxhsTsJZ+e0J3HiCfj0d2xj0rC5PLQ34fR8W3HjLqDlp28O8v5CustnH/HCwNtEOpKlC4x
LR29hDbN2iTzRnl1e9elInWKGKamscfwZB70Dw/KyogfVVjEL4EBjI1ewtKDKjyF9sC6AwQt2HIE
z+/oVzj/rD9IP3fAXGmVRtXQh39AON7vQHhq0PpBdHjTYZrVd5YxR6DMcq3KUYLUCYziwCee7kvc
HftGoeLFaowhHOtrQQHq856V09y8fJNm9p5J670/zYUcVrVjVcon9q2J0iViL+Pp7pzLCR3t8fKU
z0NF6xWTV/QEDRZURuexz2kdPcFLEJaAkB2784fP0wSxL1bHMcIwN9URYwvWENhhPwIBJ3UtxV4M
V6FY1UEVOuQ8oM3eqVgnQ0AJlnuKifZo9+1TIDAD5+qBOA4gVWAEPQcwsmif3lLTTu1JBqZx8Bcr
XTraNWo0wQwlHA4FkQYAvNlkOO5T3zFiBK0X9/yaHYCVX+rXo8T58/vah0LTcVnLVuJ+4m12yQBu
5evQXmq4qQGsRav6Wb3jcBvAH0zD4zCXzXxaxYUf2gbgzGwanOPDLLVXzFjyEwB7jFSpOChAnwB0
oF0FYEZ1uVq0oMw1axj0UPuX47FZZCvg3GwGGiZ0FwqtbzOwBToU7NKZUpcr58scKZfj7vOgt7cE
LzkdyoBm7ZkVK2nfJNthb7WZMyhTjRoyCoO4ACsZJOW0eBYf0J9yC3qYzWN7yoNq3q6+mzWP1XSo
H6wfqBpuAcGDahmuvt/28aEFDX+XIA6nAeBcsGsXSieAXzZDvq5nL2kVguOgjwAahIse3biTmMNg
PaD2ooWGaeYvSXdoBYOfYLHAymGc/NqmtZ2VAuxNoBUITWezS1qokADf60hT0mZTyhCE2Nx/gLT0
oKYDbaARma7CJ+t5argn76Dh5n79LQGgMiOGS+16M7+7y4NcrxNCgxsAlRmoz9awIRXu1ZN+imWb
5xCfzR3j3WodgT/ArzIjR/ia29Gmtd26izVkFKIZDqA2BLgg0ADHQGQQcU+9X/M0ZwLLJmnFHIU+
AtiutoVN0VutFaowEMaGd4WKdnMg+rbW/HmEusPsv1o/9ToR8NT2oUNpZfsOXCX5TFO+PGUVax2s
rqA97DzhQU/nQS7TlafVOuIsnVVfwwrIggYNDQEdTo89RjFhJQFa6gB7YQHFvN6o6xLPQegD7s/C
PXtS5EQJpbUL1Z/LYEEI/g6IJ+aY8UJAB8C3lTMLAJrjALQDHyM9XxthjsPfDJw33S7udhcCQDtG
jKTLO21gY3IhfJireTND657T4Pml5lx3edBqneNrYR6LsWoGzgv36kVFetqsGKFd1w8fllZDzPtB
R/tVpME8iHlGFQhF/AKdO0ntfN5DYD8YS+wp4JjX5IeTH/Ne74KweIJ1hPkTSVFWoe7daHnrNtKU
PPxqCGtGMyvdxqvH7vKV++TltYG8ZxzwlQfMj1cR4HG6tLa5etPmc1SosD1e0q9vcercqSAdPXaD
MmYaKrXK79x5JvOaO6cWVamcQb77nL1NFSpOM7TL4QmQfP682vT06WsqVXqyjAft9+XL6lOatIPk
N/9AWzxPnoQUK3YvI57PmU60efMF+q34ROnnPb2aiJOIEiTsw8kcPgFmQ5M9SeKoZNWulSsaiLvY
UxGbpOeMUOe9e1oaIDjm3PkLjlHVajM4ivEsVCgZ1a3zCxUvnpLChwtp+OuXAKCABs4DgIhuZOEq
cO5Glk6j3v/3vjR1DFO7MG2O/1+TAwD88NZDaXIYmsfqvb2O6glznDDpjEPKH4P8KAEWR3HN/jCf
iTtsAxo453JwUP/80XNZL7SFzXZyeEA/UR7ubQ0SLIjMGqb3v0aHQ3FM8jDtrR4SO6orTLrjWgJs
0GDOFKZl/XIAMJ7ceyLzxztMvbN5LL/Sgo4AeGBW1ZWynjx4IuPDTLgr7fGrfGfh7tAC4z1SzEiy
3cwbaBfa9Lnr6awN5jCYbsZhP66IwH/MS67Q3ZzP1/bNPMj1cmUOkLS4/YhChA4hzIW9pnCRw9mZ
Kue81Cfmzbev38o5EGU4ultXTaO+u8vvalpX3z2hhat5B2Q8d2jhLt39Ox7dGftMEwBhENrBOunO
HMjp/XoycG4W/pPzp9hnfG0OfXbvxj2KmzyuSwIX6DOsVVi7XdmPcHuZ3zHPurr+oK8qxa4ks3Ck
Dc/5e/JU9zuqFjH6Ctc8qHe5e5K/ozRMCw53ZR7kuADfAfhj/Qct/ZrbsLfAHigYzJT9R3Id8SuN
J3Mu1w/jCtd4gEew/n+uPR72GC+fvpRrecgwId3iRa6rO8/nj8XVK+Iuuc/VHnfqouMGDAUCM3AO
CuGwOqQAjgG44HDx9bNn4mqkt/JbNX2uUpOBc7MmF7SonJkn5TxQzgsB/jJgjXuDHd1PzmnwRF1h
LvY/sfcF4Mh3oatx/p/vG4Sp+fUCXFRN1H/O+oCOOIQGTUALV2jvSX1gGlfSXfwtCdPcfM+zJ3k5
S4P24LAfYFLoiBGd/u0JM7ngofACtIVJVfAtaPFB8GDYKFHsTIhblekpD1rl5ZcfQBYAHuxgTtoV
fuf4X+oJ7XOM4R/F3/Cfs489Gfue0AB0h2lszBW4sgHXMADkdzZOpCno27elaXGY2AVQ7so8A759
KfgR5QDwhQlhV89O3G0b+umZmAvleZCYt/1qE/L3hAfZLDbmW7yHihDhs/EFhIHQPygLNP/axsfj
f/+V9A4qzKqzFRVX+w1zFUw9iwwkL/rVNnd40L/zoKttCKh4oCPmXozBkIKfQov/36NjKw0sEKIK
XJjpwRrdqjY0eATj39lcxvl87rXu/8WDzx88kNaHMM8GE9cyuDIuMXe+eflSzi+fa40D3dE/EKTE
2oE11VHdPDXVzn3LT2iFv3z5lkKKv+HBF7iTO+hnOEv69+ZjTGOinKAUOZLfmALX72t/vhdn6Lfv
PKXQoYPTixdvKLygX9gwIb72an+79dPA+ZftOwbOrUxwf9mafJ+l4UAWGjq4N17f4/h98oButaaA
poCmgKaAZxTgu6L1HsYz+qmp2Cw6awmrYQHxDjP5uO4AgoKzL822tHoREOXoPDQFNAW+PgoEduDc
E4qztrJ/7+71pOyvNQ2baYemrmrO+Wutr66XpoCmgKaApoCmgKbAl6WAqm1eb8VySlWypNMKsMa5
em+30wQ68JuhQEAB599Mg3VFNQVAAQ2cfzk+gCTNsIbDaM3UNfJOxnjJ49Hrl6+p6+yuX5U26Jej
yJcradvC7bRuqu1+s4PrDxJMsGrg/MvRX5ekKaApoCmgKfDtUgD7lzVT1tBasY767PORa2iBqgWk
djDu+67Zs6aflhK+3dYHTM0hsOfd01tI2geRdFs1aZXMGGbfcd1EkdriLlYhgR4QDqb7Fw1bRCsm
rJDZ5a2Ul2DVB9rShWoXpjTi2gPtNAU0BQIvBTRw/qlvsX7tnzKFDkyZKu/+hVnUjNWqSU3fUEJD
GOY0oZH8vTjcM35h02YKLrSdrh08aJhthZn6Qj26Gyauvxd66HZqCmgKaApoCmgKaArYU+DG0aO0
d/wEuVd4KjSRj86bJyPEzZKFivfvR0kKFLBPIL5gxQJXMxyYOlWa/cY1NjAj/kZYL4ifPRv9Utd2
jYGvhNrjm6GABs6/ma7SFQ1ICmjgPCCp6XdeK8avoJFNRxoRo8aJSpOOT/J117MRQb8ECAUWDV8k
7wbmzMz3lLK/fmoKaApoCmgKaApoCthTANZa6qWuJ69JsQ8hAvA7+/Js+lqvCjHX9//1jXvU66ay
PjCInzK+3AsGlPn0zXO3UL/qfS2bWq9PParetbplmPbUFNAUCBwU0MD5p36EKezBqVL7uqcUMaBp
3fXKZXJk3v1TLoHjDUIEU0qWIp/Vqy0b1Hz3Lvo5Rw7LMO2pKaApoCmgKaApoCnwfVDg4PTpNK9u
PcvGFhV3vBfq2tVX2N0LF2hA0mS+/OERPWVKanfiuLxWwzKC9vwmKKCB82+im3QlA5oCGjgPaIrq
/DQFNAU0BTQFNAU0BTQFAhcFcCf3k/tPpMa02rKgwYJSrESxVC/9bkEB3K198++b4g6xD/KOcY6C
7zA/hSEIUgaUwz3mN87fEPe72muwwz96/OhS2CGgytL5aApoCnx9FNDAuX2fwCT5i/v35T2+agju
pY6SKJHqFejfcef6M3EfMu40Vh3u6Y0saOHXXbZqGv2uKaApoCmgKaApoCkQ+CiAe8YfXL5MPwQJ
Yte4D+L+6/CxY1MYYbHHygE8RxxhRs0Ixv4idOTIFD5GDMNPv3ybFNDA+bfZb7rW/qSABs79SUCd
XFNAU0BTQFNAU0BTQFNAU0BTQFNAU0BTQFPgK6CABs6/gk7QVdAU0BTQFNAU0BTQFNAU0BTQFAgk
FNDAeSDpSN0M9yiggXP36KVjawpoCmgKaApoCmgKaApoCmgKaApoCmgKaAp8jRTwFDinDyO+xubo
OmkKaApoCmgKaApoCmgKaApoCmgKaApoCmgKfFkKaOD8y9Jbl6YpoCmgKaApoCmgKaApoCmgKaAp
oCmgKaAp8DkooIHzz0FVnaemgKaApoCmgKaApoCmgKaApoCmgKaApsB3QwENnH83Xa0bqimgKaAp
oCmgKaApoCmgKaApoCmgKaApEIgpoIHzQNy5ummaApoCmgKaApoCmgKaApoCmgKaApoCmgKfnwIa
OP/8NNYlaApoCmgKaApoCmgKaApoCmgKaApoCmgKaAp8bgpo4PxzU1jnrymgKaApoCmgKaApoCmg
KaApoCmgKaApEKgpoIHzQN29unGaApoCmgKaApoCmgKaApoCmgKaApoCmgLfCQU0cP6ddLRupqaA
poCmwDdAgf/++4+WLT9JT5++phIlUlGkiKG/gVrrKmoKaAr4lwJ67PuXgjq9fymgedC/FNTpSQPn
mgk0BTQFNAU0BTQFNAU0BTQFNAU0BTQFNAU0Bb59Cmjg/NvvQ7Tg8JHrtGPH3wJsekM//ECUIkV0
qlA+na/GvX//gY4e+4f2779KDx68oFChglHevIkpc6a4vuKqHm/evqMtWy7Q4cM36MOH/yhatLBU
uHAySvBzZDWar/enz17T3LmH6datZzLst99S+FmWr0wCocfuPZepY6eVFDvWT3Tt+kPq0D4/lS2T
NhC2NGCb9OLlG7pw4R7t23eFMmaMQ1kyx3O5gMtX7ksevnr1AQULFpQiRQpNDRpkoxDBg/rKA4fn
q1afoYMHr8qwzKKcEsVT0o8//ugrrvawUeDmrcdUrfosiholDP178wnNm1uL4sSO4DZ5Lv59l5Ik
7SfT7d3TirJlje92HjpB4KQAeGz58lO0Zq0PvXv3QTYSPNalS0H6OX6kb6bR27ZfpA4dVxjrJ9bJ
rL/Epx7dC4v1Wyzg36kLDGP/7Lnb1KDhfLm2v3z1lmbPqknhwoYItD367t17at5iCV2/8YjChA5O
aPOc2TUpbJhvs82BgQcDLbN9Kw3TwPm30lO6npoCmgKaApoCmgKaApoCmgKaApoCmgKaApoCjinw
vQDnN/55JECwawIwCyKJgcPpokWSU5Ag9kDYlq3n6fnztxJ8VqmG+KFDB6M4cSJQ4kRR7A63cegN
UDlIEL8PvIMHD0IF8if1Ve71Gw9p9uwjtGfvZQoZIijFjBme8ot4Dx48p3//fUKtW/9KoUMFV6sk
3+/ee0a168yhtQJIUF3u3Alp25amdkAfaFCk6AQ6c+a2GlW+N2+Wm4YNLU1Bg9roo0ZA3fLmG0uX
Lt1XveX72DHlqUnjXL784YG65c03xld5kyZWogb1s1umgefDRy9o+/a/RV1sfQOAJF++JPRT+JAO
03xrAbPnHKYaNWcZ1R4zujw1bWJNRyOSGy9Hjt6gf/55bPBxlChhLQHI/Qeu0p07z4x4ahHg94QJ
ozgFpHBovnHTeVqx4hRdvfaQYsX8iZIli0pp08aiPUI4IH/+JPRrnsQC5LLFg+CG2WFshQkTnBIn
juIQaD156iZ177FGgmacHvzaulVe/nT4RNk9e62jfv032cWB8MdZn84UMYK9RjPi16s/j2bOOmQX
v17drPTXhIqWY4QjmunpiO4cPzA9ARilSDnAaNK+va0kGGh4uPhy6/YTihmrp4x98EAbPwVtVq85
Q7NEX/XvX8Ipr7pYfIBHA126dFlNzZvnpnx5kwR4/t9LhgfE+p0123DL5v7Z5zfq2qWQZdjX6Gme
/1HHkiVT0dLF9XztDb7G+jurk3/Go7tj31k9/l9ha9aeoeIlJsniHa0x/6+6fY5yn794Q2nTDTL2
h996mwMDD36OftZ5ukEBDZy7QSwdVVNAU0BTQFNAU0BTQFNAU0BTQFNAU0BTQFPgK6XA9wKcQwNo
ytR9dr1w/15fOzPAOAAMG66jXRyrj2zZ4tOa1b8bgNuixcepYqXpVlF9+VkdKk6espca/r7AV1zV
wwpAggZttuwjJPCJuACxs2X7WQL8AOyiRA6jZiG1oJgGw4eVoTx5EtGqVWcEqLhWxrMCtD98+EAF
Co2nbdsuSi3zBfNrS+GByZP30YCBm2W6zZsaU/58Se3KQrpCRSZIgQK0eYkABLZuvSjBT0R0pkm6
cNExqlTZ2y4/Z/HtIn4jH9DghylqL6/1NHrMTgpI4PzV67eUKfNQO4GFlCmj04ljHexAGcSL/3Nv
g38cka5ihXQ0cWJlivBTKLsoEMQoXmIinThx085f/WAw6PyFu5Qy1SdQVY2jvqOsMWMqULSoYVVv
suIJV2gGDfXCgg93774s8+vYIT+VEZr9ESKEpJAhg1kCrSNH7aBWrZfK+PPn1ZZCBcyPo0eVo2ZN
c9vVjT9Az1SpBxoAAvwhwLJ1c1M7unP8wPi8fecplSw1SQgpXSerOcuVNj95+koICi2TgjcjR5Q1
tHKt0sIyAOZOzGuelmeVb0D6zZl7hKrXmBmgYzwg6/ct5IV+btZ8MY0bv5uyZIlLw4eVpSjCssF1
Ya3j5s2nVKBAEim08y20BXV8/eYd3b79lEIIITkI9JUsNZkqVUxPc+fUtBN2+1baw/X073h0Z+xz
mV/j0+fsbbneWe33vsb6+rdOEHaEgGfqNAPlPtFKIM2/ZXyp9IGFB78UvXQ5FhTQwLkFUbSXpoCm
gKaApoCmgKaApoCmgKaApoCmgKaApsA3RoHvBThv2myRPHSHSew6dX4haL6mShnDTnMcXbdPmDD/
99/H1LjJQnr58i2NH1dRgGyhpHnynTv/psFDtsoerlI5A82aWUMCYjg0XL3ahzZvPk/TvQ/Ig8NB
A0vSmzfvDW6Apvl074MCzLxlp+U6fMQ2atN2uYzXrGkuqVkeQWjAnhIatnXrzTVAODMo9FZoxebM
NVICVNCC37unpUNtXa5E5SretGDhMdqxvRnlzpWIvalT55U0cNAWCfJt2dTETqP270v3KHGSvhQu
XAg6faojxY0T0UjXy2sdefVeL83LevUqZvjjBRrC0EKCQ7qUKWKQCn6AfrNn1bAECQAqQyse1gDq
N5jrLxBOVuAr/lmx8hSVLjMlQEE1FTif4V1dmjSH9riVWf2t2y5IoYjefTZIKk2ZXFn0E8m+WrPG
h5YuOyn9GzbILrWt2YwwtLLSpR8sQXfwxtw5tShHjp/pyZNX5O19yBDGYDDorbAasHTpSbonrBD0
+XODTAct0bhxI9ArYdoVppdhghkuZ84EtFVYSwimWD/AYfYdAcrGixdRxgOQ7QpwzjyKfM18Dz+z
QzkZMg6R4w5tAp/CMXCPsXbmdCeHpnchzPLs2Rs6ffoWVa02I1CAYWYa+fXdouUSKQxinrP8Sudp
+Jcuz916smCVK/zqbt7fS3ysd+kzDBZA+SM6drQdJUwQJdA0/Yq4OiJBwj5S43zZknqWa+K31Niv
fTx+CVpiDYZ1hFu3ntrt975E2f+vMjBGM2cZ+l21+f9Fa13uV04BDZx/5R2kq6cpoCmgKaApoCmg
KaApoCmgKaApoCmgKaAp4AIFvhfgnA9zrbSqzWRSDwAvX+puZyJ946ZzUoPVSpOIQVBHZaAO8xcc
NQ5SL1y8S0mT2e7ytQJVGLRG/Q4faksZM8Qxqrpp8zkqVHiCBOkPHWxjB2gbkUwv0IJ6IbTqM2W0
v8/84KFr9EvW4VRc3OG8eFFduzuf2fwy2mumBbeXtYpVs/eDBm+Rd3hDGGD0qPJGTbjNyO/UyY7i
PmR7zWIj4scX7rfPAcIB5Fyx4jQdEObKz567I0uMHj2c0CjORcWKprATqkDcxYtPCC3loBRemIzP
ly8xzZlzhJYtPykFJPLkTkSdOxf0pSnN7YHm88aN58X93HelF9pfVJRxSNAeZl2t+p/TuvvkQ3to
gh872p7SCbPpzhwDNwCJcTcpg+NIA01eWGsw8zv3C4BkmOTGXe2qw/29EDJh4JzvBuex9eDBSzp3
trPd2IKJ3xIlbSZunfW3q0Ak7kOOFbuXrJaVVQS1vvy+fcdFeS1BwoSRJX+GElrpcCpNXQHgmaYY
GwENhj16/FII6pyhXbsu0bHj/0j+wzURMCVfV/w339kO3oXQAoR3IMwTS/QV+hr0gZDD8hU2Hs6c
KS717FnEl+buzl1/06RJ++i0EPqBy5A+DpUqlUpcI/GC9gtBo44dC9hp7jNvgOa3bz+jUaN3yHKT
JolKXbsWotSpYsp8zD/o/7NijoIWLtzbt++pceOc4uoKWx+Y40P46ccffzA0kblfYGqfndXVEwgD
DefPPyoFnVjACfXDnfe4SsORc5cWyOeviXuoUeOFNHRIaWrTOq+8tgD+H4SESvBgtrbiG/WG4NXL
l++E8MVrqlUrizGuli47IYU5QBvUt0qVDHb9tGv3Jdq376qcn169eieEWBJQjuw/04mT/9KMGQdp
q7AYAh4pXy4dtWr1qx2PoNwVK0/TjJkHJTCNukQVFh9q1cxCFSqktasjwuDu3X8u5sPjtHLVaaHx
/UTmnV9cpxE3bkTZ31OnVKWcog7+dRBKu3LlgVi33lKt2rMlDWDtBVeZgA4JEkSSAm7xRLlmd/7C
HTlHr99wliJGDC2F33JkTyBol56SJolmFx3zM6yoYO4T/+T96VgH3ggeXLDgGGHOQTtjx/6Juncr
TFkyx7NL758PXhNdnSvAg3PnHpV9i7UIY6BkiVRUvnw6X1ZmuF64NmX27MNy/wG6oX/z5U1M2QWP
4JqNVKliUJ3av9jN/e6sjyjHP+PR3bHP7XK1jyG0N1/04z/CSgocrhDBGBs+fLu8YgT0aNwoJ5Uu
lZqz9teT1wuscydPdJDjav/+K/To0Ss5v4HumG+tnLt0Rx6wYIA1AWMSexmM9fTp4lCmTHFo7Tof
KlI4uWyfuTxPxj7yOONzSwrcYVxiTkqfPpb4H4cKFBxLV68+NPa45vJc/eb5DkJ8sCaRNOn/2DsP
+K+mPo4fQlQUyZb1FEJZSYPHzsiKzKxkFNmVXY9QdvZeT0Zkh4ykPOKxMzIjIxJlFZXCcz+n53ud
3/3f3/z///3X+7xe//9dZ933Offe3zmfc75nBTc6WhLm00+nRwPt5kdLyDT155O/H8vzHiymDj70
8Dtu8uQZ8bcqfCdrMOIbb0zx72Ldr66tueZyruverePbf/2Nr6Ln7t3o+/2NX1JHF/Rd1XIeuX6v
Ffr90e92WZPS71U5MdMzrt+1KvO7onfBjOgdbt8TLZOzx+4VU/d9gnX9H8J5Xa8B3D8EIAABCEAA
AhCAAAQgAAEI1AYCdU04L0SgtE7PtNlCMue+RbvLo5mzv5bpHDRBLxTOL79irO9gu+rKru6gg4e5
Mc9/Eoezmd6aYav1yJMijzp7ZQL+mWc/ypjtbecffOgdN/jCLk7mp7+JOvXV4b/ySstkdH4XUkdN
2JFZ6eSM81B8lEBvorvyoLXVtQ502lrTNsN/+L2Huv33WzBrV3kRWzMjnksctXybCFeIXwtTyNaE
zWx+Lzh/N3dmJISbu/2OV/y613acts02GEDrXsukfi5XSL3MFT68ZvVXwnkh3ELhJrnGrnEKhXOZ
aF+9+b98kqOePNrt3Hn9MHm//9aEKW7TzS4rY43A8pb2bIXLAuTKtz1n+Zhdf8N41/u4B+IBIT/8
8GsknjnXtGmDrGKszSyXaKZnNhxEYHU6X7oCEDKtSOHc+GUzj582W19irKxXmNNghiOPbOc673yj
nYq34bMsMfGYY+73neyxh5SdZFnZM5vi1Z8K3yPmx2YUy9KEubDO2Tnbjh03yW273bV2mHV7y837
uyN7bJlxffxLk12nra7KOBceaLmA228/yDVssER8ulgWekb0nvvuu1lxHGk7oeUNfVvWXmdQHMa+
Iyrz5JIK4dIVehfvsttN7umnP4yTkEgvKxO9ej8Qn7OdMKzy2XnnGzKWdTB/2qoMNDAmtFYRPv+h
33A/15IGob98+8m6m+Y/uQyFeFw4eLQ7+5wn07z7c/pu9uu7bTy720xrWwDdt5Yl0fsjrJO6XtHL
LxT6rpA1DP2GkECazT0+8ii3266tMi5LyNtu++syziUPkoPf7L2f9GfHye9jeZ7HYp995aHYMi50
GZ6Kqrf53tO6Bw1UlEWY5aJBHeaK5a5w4qd3oS1HYnGF22T56lopz74E+jPOeNxdMXRcGH3Gfq73
dobHLAdil1zyJIvXaAmgI9ze0dIrcuV5DxZTB5Pvacvb+BdP9IOVdt71xox3sa6H7ygbcGrhktu0
QX7Ffn/Sfq9aHubMjQYeBN+ZZP6S+eG4BAII5yVAIwgEIAABCEAAAhCAAAQgAAEIQKCaEUA4L1sg
1umZNitWMzUOOfSuMjNwFYsJeupUljA1PzJPffrpI93PkflqiWcTI1Fo6tSf/YxGddRt/c+rvRny
O+84yM/uK5uTBQLcm29Ocbvssr5bZuklvRcT761DXx2VJtBo/+mnjo1mG62aFl2Zc6HAkyYIqjPS
BHKZ5L7l5gOcZqdcffV//OxIRZgUwhTG1qNNzngOryUFtzKZi06YCFeI37Tw2c5ZB7V46b4lhmhW
9JVXjvOii85PfO/0eAafRAvNTD/m2BGx+XyJjHvttZFT+ezb7Q6flIldlq7N2Nex+MmE/1prNfXi
h9Y2N5fG3q4Vu7X6W4pwHoq8mqV4xhlP+FnnLVs2cxMjCwEa3PHkqPf9LHnN+lL5Lt2ofpksqpw1
G3WFFZZ2W7ZbI75ueUsTzu1avnzbc5aLmdK3ta+V+JZbruFn5FpGHo6ex7323MgO462tR50sR3mw
a7nStYgKFcPMf6FbYzR58g9Opu4liGg27VNPfehNwyueUBjV8cxoZuW77071A3i6H3KXTsVOg246
d17Pz0hXfZTFCc2MS/Lbp2trd+qp20ZpLeUtJ+i5NJd8Nu2Z1fU+x2/ljj++kzffa0tPpFk2kF8x
mzLlp2hm/GKu6z636VQ8yMgfBP/M4kZwKnU3WY6TPv3etWi5wMqH1soeekVX17r1ym5uJCbcG61F
3ueEBfcVDpwohUX4Xk3N2P9PhsK5TmlWvyxbDBg4KsMKhWZ4aob/mDGT/LUk82+i74rqxHPPfRIv
k2DpXnftvm6ddZq6wUOei2ZCfuWtl7T4R7MMKwp6N916ywFuxx3X9YNFXnjhU7fHnrf4KJLWF2xA
igYYDI3WoNdgrV9mznXDh7/pZ9YrUCHPiOUv11YDcGTtoEmTJf2M4c8+m+G/vUcf1d7PcNbs/DZt
VnGHRbPzbZCL5U/xKo+DoudEM8W//vpnN3DgU254ZGlALsyjZmG+NeFr9+OPv/nBBkrH3N7RO753
747R8gvT3EknP+z6nratu2jI7nF65q/UbSHvCtXBvaNnwpazGDK4S2SRYHPXsGG0hEq0LETPo4bH
An9YN5IDAm679QDXqdPafjmagf962s8aVr6Ts92L/T6W+jwas2KefYUppYw1O/3OaLkcDaqQs+df
A6msXuRbisMHLOCfvadtgFP47deSPrbkj76rsrxjy5IUy11ZMYtByrusMWy0YfQ+iwTucdHgIhsc
lRTOw/wV+uyrDtrvOqWrAVha9mjGjN/cqac9kvEbtLxrnH815Ue3z763+9/HSktO3yk953oPKh/m
wsF7pbwHLZ5i6uBnk6e7IUPGuJtvedn/rntgxOGRFaIWvhz17n/nnW/8byTFrffMrruuHw8+st9P
ejcdFw3Qax1ZBPr++1nRu+URNypasiZZVqV8f2SpY8yYT+LfpSqroUP3it7VCywDyZrVTp1v8L9l
1ba44vK93LrRrH5cBRFAOK8gkEQDAQhAAAIQgAAEIAABCEAAAhCoQgII52XhW6eihIjz/rVL1Dm9
hDe3eG8kDNisnlBYsRhM0LNj2yY7wnQ+FL+T4rKFy7a1/FmnrPxJ/AmP1RmrNdxzOYnBW219lQ8n
cUTm4Js0XqpMEIn8S9Q/rcx5nbjh+m7umKM7ZFwL7y3sxDdPJqylXTM/ti3Gr4UpdqvZPBLOFl+8
XiQML+p22PF6X87J/ImD1vAUZxMYLS2Zoz7xpIf97FaJdRJxNIO6a9T5K7FDfF8af6JbMRKSzZnZ
fx2HIo5dL3Ub1o/kPaTFacKNrqkeSRyXgGmDMXQ+nMlo9Txphl3+8jnLm4TzTz4+Kx4Morp41VX/
ceec+6TviJ74Xv+syw9Y+vmYWd2xPEkgmBkJfOZklv7AAza1Q7/NNau80HQVkTFNClIZiZXz4Pd5
871Zb0XTODLZ/K/znnZa0z0bFxNl5F8snn2ml2u3xd+DGiS2mJl3sxggv2nxhbO2k3XMuA8csLMb
cG5nReHdSy9/7jp2urKMMLDgauZ/WeO4/Y5Xswrn8i2xU8tDmJhjAwZ0Xi5pCl3nLG+a7anBEyZY
6ZpcOBvw44/OdBKYS2VhpqvvHf6WO7j7sJhjrvyFeUjjbvlLMveZT+Rf75wXxvWJzb3Lj9I2yyYW
lwYJpS33EdYXCUMy8y4Rp8eRw/2gqbT8mYCa9mxZHkvdWtnl+rZ9O+0Xt/IqA3wS/fpu5yQwm6Cu
k8p//2gwm4RL3XdyuZDwHS//t96yf7QEwt8WC/TMheb15ae8rpB3hS0hobRGPtbTddltg4xk9c3d
drtrvNCod85D0QAYPRtWVmlLaqgu7BtZtNH3Ke03iiVQ6PdR8RX7PFoa4Tbfs1+eMrY6r4FUev81
igYeyEloXG/9wf6bp29Pq/Vz/3YK85u2b985/VZI+/aHVgDs2UrGUyh3G9CV9q2xATy7d9nQ2e8S
pWMcinn2X33tS79uu8Jrpvwh3TfXrnfK63773+kHBCrO8grnitTyqP1rr9nH9e7VSbve6ffCAQf+
2wvN4qvn2JZVkYcwbL734IIYM//nq4PyHb4fk0sp2WAGpf3B+6eXeWfot6EGaoqbzKirjfHNNz9H
M8HPLzMot9Tvj/Jo70x7J9i7X/zadxjqB9tk+5YoPK5EAgjnJYIjGAQgAAEIQAACEIAABCAAAQhA
oBoRQDgvWxhhp2fZq85deMFuftaZdUKZHxPWJChKmPnzz7+8ieQ0gTFMo1jh3Drala4EsNHP9nZb
tG2eYXpTaUq8CNcdt3xqK5FMM3rM7GuuzmKZmz/1tEd9cM1I3GzT1dyQi57zx+okTZryVdwS5F97
7atUU+HWmVdIh10xfn2GCvynPD4Umbo/OzLnG84uDIMn82dllhR9FcZmlocCRDiAQIxCkdLSySd2
mr9itpZPddon7yEtnrA+pV3XubDzOazn995zSGzuOFvY8HyYN80g0/q8cpppZe7cc3Zy/xq4ix2W
2Vr6acKdeQ7T0Tnr6FdH9UknPeJniqV18J874Ek36PxnY5HT4tO2kHTNvzFNEzPMT6lbrXN67oCn
4tmiyXiycbE86Z0hs7KamZjNmRiTnBEZ+r/hxvF+dm5SyLRnNvle07rYG2w4xEeRT1hRHPfd/1ZB
Aoyll6+uh3VCQqJmYv/66+/xLWkN+C+++MGdcuqCd53FVx4WiryYepPPv8VleYsz//8duy5hcNST
x6QOhLIwxk3HGkQgAceclv2YN+/PeCZpWKdC8+myRNAusijRpMlSkaWAev49ofXH/7FOM4uqwraW
32z3roTemzjVbdT64lRR3DIikXTztpf7974NtrBrYR1JLjNifip6a89lrneFMU9bTsXyY2Kdvddk
uUHLysgyTZrYrnCyKrLNtte49luu5W66sVv8Li/l+2j5KKSczG/aVuFzPfvlKWN7PpKWKMJZvWH9
0mCA225/xf3yy98DrtLyrGdnn31au/XXW9FfDutRvm9/jyPaeVFbQmop3I2HEt40+m2mtapXXnlp
/23Vd7tZs6WjQZQrxmUrf1ZG2i/02bf3YLbfll9Hwu9qqw8sI/wqjVKclVX4myqMJxSuk98gC1vI
ezCM0/bz1UH5C+uMlgOxgQk6b9Yh7HeHxautvoO33vpfd3pk8j7N2fO7bJMFJvyNeynfYs0s/0eL
C3wyoQn4K696wVvPSGubpOWJc0USQDgvEhjeIQABCEAAAhCAAAQgAAEIQAAC1ZAAwnnZQrFOTwmk
mllcv/5iTjNRJQTLffP1wNjkYRjaOuvCTtljjr3f/feVz92br5+WIWKHoupjj/Z0u3fJnEEWxpvc
17rjG29yqZ8dFa5JLH82KyjZ+RbGEc4O0vkxz/V2227TIvQS74edk+F6khIftDaumMh07cUX7RGH
0Y51zIad0DofzsJOXtP1pMsWT9JfMcfq2NTa8VojXk5C4n7dNvEdzY8+9m480zqZv7BeJIW/NPHD
xHTF/+mks12z5RuVyabNjAqFqTKeijxh+SxWOE92UGt2peI47PC7vfhyVM/27sYbujmbQauOXImj
4UyvfFkN85b0K7PVffps7dcJTV4Lj+05y8VMgsc2/1/3NXlfoXCWLONHHn3X7d31tlTh3KwK5ErX
8plWH+xaebY33vRSbA5b8ajje7nlGrgJb38dm6LPlj/LUzZT6WG+jHEo6oTXc+1ne2at7NPM9Cfj
K0S4sDDZ0rPrtlX6Wnfclriw89m2JqqWh4XitvDZyiWZfi7/di1Zby0Oux5+g+xacmvWFZLn044v
vWQPd+op2/pLmq24a7SmullfSfNf7DctLY7kuULK2USmXIKQvr2t21zshfO3J/R1rTdaJU7K6qiW
aXl/4umpy1DEnitox57LbMK5vlc2czxXub773lR/XxJL9V5efPFF/QxhvcOT95kr66V+Hy3OQsrJ
/KZt8z375Sljez7SnsW0fId1JS2v4bnwGSmkHtm3375PGkRWyu8SlZcsjZw36JkwOxn7svyhAWkS
5+VKefYtjAaOnnH6Dhnx68DuuZD3e5nAKSesrLLVeUsv7XdOvrApyWWcylcHzbPNBtdvPP0mXGXl
xhmDd5K/E8PfHopDv9P1PZ4+/Ve/FIydC8PZvZTyLVZ8mj1/0cVj/HJEY0b39ku3mHWF5Ex5+cdV
AAGE8wqASBQQgAAEIAABCEAAAhCAAAQgAIEqJoBwXrYArEMunFmsDq9OW13lRRd1dMoUarYZ52Gn
rMLJDPhKKy6TkVDYOZ2rkz8j0P8PLH/qMBz7/HHun1v/I/ZmHXnZhHOJHjvseF08CCCXaK5IX3p5
gXlliaS2xrXOy9kMN+v4DWe3WydryEJhlP4mm17qRYvkjFRdT7q0zuykn2KPTahQOM226hJZB7Cy
DEWKpDhl3NM6hi3OUPywQQfqVJXZ52QdUPomAiQ56VqpzvKZ1qGcFqflPVs9tNmOVs7vvPuN23Sz
y3xUxXa8Wt60DILEHK09rJmt9eot4pasv3ha9sqcs47kfMys7pxz9o7Rkgu7xvH8/Msc12TZM/xx
soxHPDDBm5wNy1EeVS8OO/weN+yu1/3Msp5Hto/jS9sxpsl40vwWek7sTPiVeHF8tH54uL78XXe/
4Q459K5U0V9pFJMnY1xK/o17kq2Vfdrzk2RQqHChcJZevroYDla64Pzd3C67rOeX4EimrWPNnt4w
mpEvU+7lYaG4LHw2AUh+Qmf+0+r3FUPH+hnxSbYWPldY82Nbe0fLOop4zJkzzy5lbGXqvEWL5Z3N
gJQJej1DstQxIVqD/Kef5nj/MjV8xdBxfj/b9ycj4iIPrJyz3buis2+SxOOk+WZLLnyOknEVU0ct
vvJuC3kubU3vtCViLH0bqGXswxnnyfu0MGlby4+uFfN9tLisnPI9j+Y/uc337JenjHM9H5bvkFVo
PSeZz+RxOKvf6pG+c9mWHbFvv31XP5s8w7Vc90IfbbHc9TxOi5YpePXVr9y33/7i4/j559nupptf
Th0IWMqzbwJsNosw9n6VCBwKv0lOhR5bWeVLTwOhkrP6LWzaO7SQ9PPVQYtDA0G3j5b2GTt2Uvy7
wOrRZZfu6U45eRvz6reWLz2jT406xm2y8WrxdTOfnuRnYUr5Fity+x2q/VdfOdlNnPitt4Qlwf7u
u7rHgyl0HVdBBBDOKwgk0UAAAhCAAAQgAAEIQAACEIAABKqQAMJ5WfjW6ZkUeMJ1fdPWcLUOrkI7
60ykUw6efuoYt9OO65XJzIwffnVPPfWhny3SfPVl/XWtw6q1gjXbe9i/u7vuB28Wh9PMUwnT1nlu
Yoc8yETkP7e52ov/EnPHPn+823STBR136rSbPXtexhrcCmMz2IsVzq1TWKLMI5E4bcL0Sy8vEOJz
CRtK15x1Qoad2Xat1K2Vk+7p/fdOz7AEIEbttrzCi0LJNLPVC+XDxIZQfJZ/EzoHX9jFnd5/+4ws
W0epOn4LrTMZEWQ5sHxWlHB+8y0vu6OPuT9eB3dONBDETAB37LhWtFRAr1TR+8Xxn0Wi2my3266t
4nWGLW/hoJQst5H1tJVfPmaahSdT+KEZVUUaDt5IdriH4pOEN7MSYGbGte77Rx+e4Vq2WCFr/nTB
6kOpnd1pkVucujb9+/Nd0+Uaxt4k7Jt52GxcLHxYR+MIEjtPjnrf7dblZn8222xVmYx/5JH33Cmn
bJOxjna2ZzYs+3zCSqHChTJoIlBoija8HYlfWrs9FDnSnscwjIQorRsvVx4WCm/1VeL0mWeUnakp
CyANllpCXr0z/8lyDPOffDflC2vXw+3Fl4zx630n39GhH+3reWmw1OLxO1xlo8E0eg5WXqlxhncT
adK+PxkeSzjIVq/CqCZ9+r1r0XKB+Jht1rvN9FW45LNcTB0N0y3PfiHPpdUJfbf1PK61ZtMySZqw
ad/WxRZbNP6dkG226sxZc911173oVlxxaXf4YVv4OC2tYr+PlqFCn0fzn9zme/bLU8Z2b8lnS3ko
pH4l85rt2OqRvsH9+m7nLhqye4ZXicwdOg71Fl3sXWR5K5a71ee095/ysfU/r/a/FcN3RinPvuVP
z/brr53iVl9twe9RuzEbuFVRz76lpzqvQRgt/pG5/MNtt//XHdnzPm8xKDk4wcKmlbPlN9c2Xx0M
w45+7iO34043OP0WuvWWAzxv/ZZO5klh7NlIqxP2WzvJr7zfH6Vr7wbtmytk4Kr5ZVskAYTzIoHh
HQIQgAAEIAABCEAAAhCAAAQgUA0JIJxnFopm00kkkylXuWQHoXVAqXPrxf+cEHfmyTT0tdeN9+sG
ynx6n2g26Nzf/4gEm3qx4JCZ0t+mLdW5KnfrLfu7Aw/czJu+1kx1CeYHHTzMXzt/0K7urDN39Pv6
Z8K08iEBXGtrSoDZt9sdfr3o5FqoobCm8Ddc383tueeGfo1fdbAffsS9kaD+bZmZQiaEKEy45qvy
Z6ba02bB2XqXCnfvPYd6c5QSYLT2ue432ywi+Q9dRXZmW7w2AELsHh95lGu7eXO/tugrr3wRrdk8
Ijbl/MK4491WndaxYH492C3bD3WzIrFBHbmrrdokvvbmW1O8SC6hdMT9h3uhThdtzWzta5bwscd2
8LOEP/7ke3fgQf/2LHRNs5NOPumfscCsc6W6sNM+7CzPFl+Yd5VxpMFG+XDRff7uxo2b5Gc1O0g0
AABAAElEQVRgK6zq9FVXdvXRmElzHWgd0buGdXfrrL28k3n3Tz6Z7i699HkvrqnT+/PJ57rllm3g
r2l26katL/Jx6Nlq2rShN5FfyGxziQ16nobfN8HPrA6fs4YN/hYefeTRPxPBdRyKaBcOHu3OOvsJ
P7hEIlRoCUDPcYf/D0pRvb5y6N6+TI7v86C77vrxLm0AiaUXbk0Mq0jhXOsRb7jRRX4G4X3DD3Nd
997I5+2jj79zl1yygLfykKxLeqdpsM2ECd+49h2G+gEQVs7ynzbbP6xDek4eerCHN6Gv2cfffT/L
XXnlOCeOclovvUP7Nf2++PU54SF3w40vubTnR+spa0Zd8vlRvZHlATm9j0466WH30MPv+Pev6ojq
pFxaOds7udu+bdzttx/k/SiPo0d/7M4590n3fbRvYqMJKorr2mv2cUdE6wvbUgPi+3CU5jHHjtBl
PztP74ZSWfhIon8mfIijBmpI9NS78LXXvnRXX/Mf9+ij72XUTxtQJf+jn+3t16KX/4suei5mnmQr
fotGZZP2DVI+ZLZ7icUXsyz5rdVRHWhwyeDBu8UDRfSsvfDCp+60vo/692EoQJn4o+de9WiN5svF
8T4/9hO33fbXpQ7cij0VuaN7lwWAk09+JK5XW2yxhps/f0F9kaiveikXWobQsWbu7rnHhvH1kY9P
dHvseYsu+W9SOONS96w171dc6Ryff3s/5ap7PqIS/ll917On76EGa+ldke251PfW1mUP64WS1nf/
2mtfdP36j/Q5CS0bmKiqC1pS5Yxo4IYG02kwyauvfuF/L2gwUKtoDex3JvTzg8hK/T76xKN/xTyP
CmMstF/Is1+eMraZ+/p2nHTi39/bXO8t5atYp/IyC0UKK6H0pJO2jpbVaOg+/PA7d+hhd8Xfflmj
kShcKnd7p+lb+9SoY+N3sdL9asqP0Rr215YZCFjKsx/+FlQdHPnYUdHAy1Wj+jfP3XffW35wndLU
teT7XeeLdXZfCqd707PRrt0akWWM+dF7/lX/bte1cGBcKe9BxVFsHVQYc+H3wc6lLV+ka2YxZJdd
1o9mqO/vB5wlf+sn+YXx61qh32LLi7ZTvv7Jrd78X/EpZpvHKCpnB+G8crgSKwQgAAEIQAACEIAA
BCAAAQhAYGESQDj/m3bYQfX3Wec7tDVrWutDqhPfTI3Ljzq7JXhKLEhz+YSzyZ/PcBJj1Xmdzamz
zAQX86O82kwiOxduk8LKc2M+jky0Xx96KbOvdJIzQdVJfWIkYkngMde69cqROdCZcZ6Ts/bMn3US
6lhhbICA0kkKlhYmua0M4VwdlbbGYzK95LExefnlz+MZuObHrA6YUGDntdX9ae3cZAd66Ce5b2mF
VgKSfgo5DutxLuG8GDO0aWVmAnSuPGk2Xf9+27kvvvzRrbX2oKxec+VTgaweZIsg2yzqtLKxONJM
qeqaCRjaV4f9zJlztetd8rmy88mtCRP5nv9kuFzHehbDNXBz+dU1MW3TZpV41mku/2mzz96bODUa
5LBgAJGFVT0I31WarSwRX4J2KKyYfxMQQgHPrj0w4nC3T9c2Xpg2ywx2Ldv2zjsOcoce0jbjsq3t
bCeTedTxhLdO87OjNWtbg4Rkct+cBPevpvwUrxGv8yp3hVl7reW9t2JZWNzaJr8ZEimT66yHs0WT
IkcYV7hvdeubqb9kiCKhH9tfbbUm7p23+8bm1u28CYl23Lnzen4gy6hRH9gpvw3NUJtwbh4URgLa
+x9M84MAdD5tMJX5L2YbimfZwp191o5u0Hl/L8WgARD6psqUvJzKskWLZm5KVMZWd8XjtVdPjgfN
mHWKbGnofChI5/KX75rez4XUd9Xb8Hv8SiR0677M6ZsqSy5vvjnFTjm9BzUYwCy86J1xWt/H3OVX
jI39hN9iO6kBZLIMIlfK9zH8ZhXzPBbKQvkKn/1iyzjt95LNzJ82bWaZb1N5hMWXXl5gVSf57dA9
JJ3E4P3328SfLpV78hlR+e66Syv3ww+/eVPtitzu1QYJ6Vwpz77em4cedreCZ3X2/i3v85K8r7QE
dV8yPy7rK4W8N9Peg6XWwTA/NpDVzmm2eav1V7LDeGtLKcUncuzY+13tjvJ8fyyJ8wY94wYMHOUP
7fepXWNbwQQQzisYKNFBAAIQgAAEIAABCEAAAhCAAASqgADC+d/QJSRuv8N1bvz4yX+fjPZs5qk6
sORshq72NdulV68OfjZYmiCi6zfd2C3nOoIyl3rhhc+6IdGMwqQbesXe7uij28ezIsPrEmSOiUxo
D49m+4Qu7AS384UI9NlM9mo21tArX3B9+z1m0fmtOiElqGzcZtWM83agTnuJq2ef86Sd8rORwpn6
8YUsOyaY5hNWswTPevqDD6dFs+1uzxCw1OErEVBCqc1KVMesRMVXXvncm+MMIzQxSZ2R6pQ0p3he
funEWHRT+Z4dzXC+6uq/Bx/I7y037+9n2EnIk7O0wnWr/YUi/6kjWDMYNVAhF7ds9T1Mrm3b1aOl
ADZ33btv7meNh9e0rxmmPY+6Lxap7LrENFlJ2Hyz1f2pb6P1Vzt2uqqMP12UwKCBIWkdzRZfkrGd
t23yGbXzqoMSjSQehe6Ky/dyJ/TZKutz+fgTE93ueyyYmWrh0p4ru5bcVoZwrjQkrpxyyqN+Nr+l
KX5Dr9jLtW27RjQ45rpYHJSp+XWj5Qj26nqbe+KJ98sMArDw2srvBq3KdvRLoBoU1e1w4Iz8b7rp
am7AuZ1dl0g4t/dimnBuZojThHNbniJN1FIaae7BB46IZtq3LnPpiSffdz2OvDe+d3lQHmUlQZY1
QmFPdeK++yd4iw/JiHbccV13xOFbOL0Ll1l6gal281MMCwtjW71vjjr6voxvi8pNVkT2229jPwvd
/GqrwRtd97kt434kRP3xx1/u2F4LZsTbt0Wz69tsfIn3m/YNUny53i1aUuGYY+/PeBcqjN5jZ56x
o+vadaMMs8w2GCVNgFW4IYO7uBNO2Dr1m6XrxTibrZ8rjGYPn3zSNhlekrOww4vKX5/o2Q/N4+sd
ceppj4beyuyb5ZQyF4o8UWh9TysziYODo2+qrF+ETmUlqwD77tMmnl0fXtf77MiewzPqk65rUFPv
3p2cLQNjYYr9Pia/WYU+j4WyUL6Sz34xZZz2rZPFhHFjj3dTo4Ena66VOahr4ICd/fvNeBSzDUVO
PeOqn88885Eb8cDbcTT6Pg6+cLeMNa51sRTu9oworaUi6ws2OMQSO6pnezdwYGe3ysqZyyroerHP
vsKMef7j6N05LCMd3c85Z+/kTj7lYW8WXv7K+7yYcK73XpvoN+ZVV73gZA5eTvV90Hm7uMOjd7VZ
0tBvjFLeg+Wpgz4z0b9wcFS+QRd6NrrsvmAZFAuvwVvnRfdz771vxr8l7f1u39fyfH+UjtoXZ5z5
eMYMfUufbQUTQDivYKBEBwEIQAACEIAABCAAAQhAAAIQqAICCOdVAD1Lkup8k1lhCTtLRWverhh1
DtrMsSxB/GmJ4jKrLTOna665XIUIFmnpSbT75ptforWC//Ii3BrNl03tpE+GVWe/zOrKDK7EgHDW
U9Jv8thmN+YSgJNhijn+ZurP3gz0kksulrFmdDFxFOpX/MRO4tcyy9RPXRe80Lhy+VNHcCHCea44
ir0mjr9Fpo5VX5s0Wco1abxUsVFUqn91OstKgiw6r7zyMgWVtcprRrRsg8pL5sKXj/4KdZUlnFv6
up+50Vrziy9eL7qXBgW9JyxsKVu9m7Ruq9KTk+n96uhUZtHr05v2btSwfs4syoT9tO9mugbRbHnV
3WWiNc3zhVGE5WGhsHoX1qu3aLyGerZMKn8zolmjco0bLxkv/5DNf3nPS4BfdNFF/Duqfv3FsuZP
Zo1//HF29H1aOno2/nSzovf6nDnz/H0tv3zDSs9nMfcpwVRLA5hr2rRBpb13LY2FsdVgrB9//M3X
I333V2jWKO+3OFnf9U6rv0Sm+f5k3sv7fSzmeUymXehxTSnjYp79YrnL/8orLePrgL2f9J7Re6OQ
d1qhz76VierSt9FM/UaN6kfP/R8FfU8tbKFbE87DZSIUVukV8ru40HQqyp++ybJqsV60bFK+37h6
h37//YL3khg2jr49hTor32K+xVO//dmtsupAn0S22fCFpo+/AgggnBcACS8QgAAEIAABCEAAAhCA
AAQgAIFqTqCuCeflNR9ZzYuz1mWvsmac1zpQwQ2FwnmaCe7AK7uVRGDSp9+7Fi0vzFjmoZKSIloI
QAACEIBArSJgVkr4zV7+YrWlKPr13c5dNGT38kdIDLkJIJzn5sNVCEAAAhCAAAQgAAEIQAACEIBA
TSBQF4RzzeA+6uj73a23/devtb3euiu62dEMOa1RXchsnJpQjrUpj1ojtVfvEW7VVRq7+0dM8LdW
WTPOaxM3u5dfo9mzW7S73Jtelqn1FaKZoW03b+7OPWenvLMSLQ62xRPQe+bsaFmCTz753r0RrTus
NZa1TunDD/bwM0OLj5EQEIAABCAAgbpDQN9R/Va/9bZX3H//+4U3y37QgZt5qxbLLruUGxCZ0c9n
KaHu0Eq/0+mRpZwBA0Z5K1Rz5syP17qXOf+rruzqDju0Lb8F09FVzFmE84rhSCwQgAAEIAABCEAA
AhCAAAQgAIGqJFAXhHPxvf6G8a73cQ/EqLU+9ztv981Y+za+yE6VEtD6vp22uiojD9nWYM7wxIEn
oI7nww6/xw276/WYSL51N2OP7JRMQCZkd+x8gxs7dlIcR3Kd0vgCOxCAAAQgAAEIZBCQxZwNNrzI
DzzLuBAdSPj9fPK51XapkGR+q+r4gw+nuVYbDElNvlWrFd07E/oxmC+VTgWdRDivIJBEAwEIQAAC
EIAABCAAAQhAAAIQqEICdUU4r0LEJA0BCEAAAhCAAAQgAAEI5CGgNblnzPjNz5gOvWpd73XWXj48
xX4KAa1B/+ln090ff/wVzSz/24OOte79aqs2+fskexVPAOG84pkSIwQgAAEIQAACEIAABCAAAQhA
YGETQDhf2MRJDwIQgAAEIAABCEAAAhCAAARqFQGE81pVnNwMBCAAAQhAAAIQgAAEIAABCNRRAgjn
dbTguW0IQAACEIAABCAAAQhAAAIQqBgCCOcVw5FYIAABCEAAAhCAAAQgAAEIQAACVUkA4bwq6ZM2
BCAAAQhAAAIQgAAEIAABCNR4AgjnNb4IuQEIQAACEIAABCAAAQhAAAIQgIBDOKcSQAACEIAABCAA
AQhAAAIQgAAEykEA4bwc8AgKAQhAAAIQgAAEIAABCEAAAhCoJgQQzqtJQZANCEAAAhCAAAQgAAEI
QAACEKiZBBDOa2a5kWsIQAACEIAABCAAAQhAAAIQgEBIAOE8pMF+ZRCYOWuuGzHiLdekSQO35x4b
unr1Fq2MZIgTAhCAAAQgAAEIQAACEIBA1RBAOK8a7qQKAQhAAAIQgAAEIAABCEAAAhCoSAII5xVJ
k7jSCDzw4Nuu2353uBVWaOQ+/OAMt2wkoOMgAAEIQAACEIAABCAAAQjUGgII57WmKLkRCEAAAhCA
AAQgAAEIQAACEKjDBBDOq77wf5k5x5111hOuVauV3LHHdHCLLLJI1WcqyMFff/3lLrt8rPv665/d
4MG7uSXrLx5czb877oVJbpttr0U4z48KHxCAAAQgAAEIQAACEIBATSSAcF4TS408QwACEIAABCAA
AQhAAAIQgAAEMgkgnGfyqIqjDz+a5tZvNcTtvvsG7uEHe1Q7U+a//va726Ld5W769F9LmjH+wYfT
/MCA5Zdv5K68cm+31JLFCe9VUSakCQEIQAACEIAABCAAAQhAoGACCOcFo8IjBCAAAQhAAAIQgAAE
IAABCECg2hJAOK/6ovlk0veu5boXuv26bezuvecQt+ii1WsN8Dlz57l2W17hvv12ZknCedUTJgcQ
gAAEIAABCEAAAhCAAAQqkQDCeSXCJWoIQAACEIAABCAAAQhAAAIQgMBCIlBbhfOp3/7s7r33LbfE
EvW86fOjjtrSffTR9+7FFz9zv/76eyROL+I6dFjLtduieYZpdJklv+/+CZFZ8p9c/fqLuZkz57pD
D23rVl2lsXv6mQ/d3Xe/4Sa+/62P95STt3Hd9t04o6Q+/uQ7d889b3q/yy7bwP3551+uQ/u13AEH
bOxatlghw68dvDVhitt0s8vcVlut7Z59pperF+XNnMy216uXLqRP/nyGu/PO19zIxyead9ep41ru
6KM7uA0is+9p7vvps/w93Hf/W+733/9wzZo1cttu8w/Xvv2a7rHH3nMbbLCSO/ywLWImf/zxp5sV
8erQcaifcT7hrdPcCs2WduJkbrHF6tluvJ0//w932+2vuLlz/4jicj6tVSKG+++3cRx37DnYmfv7
fDdy5ET38MPvOA0o0L03X31Zt18UTjPyl1h8sdj3b7N/d7fc8l9/PH/+n26ffVq7l1763N19zxtu
6tRfIt7NXP/+27uN26wah2EHAhCAAAQgAAEIQAACEIBAhRNAOK9wpEQIAQhAAAIQgAAEIAABCEAA
AhBY6ARqq3Au8bT7IXfl5bnLLuu7u4Z1d8tFIreczJKvvc4g9913s+Kwjz3a040YMcENu+v1+Jx2
VlihUTwDW0LyhYNHu7PPeTLDT3gw+MIurl/fbf2McgnLe3W9zT3xxPuhlzL7q63WxL3zdl+3bJMF
+TMP113/ojvu+AftsMz2skv3dCef9M8Mkfr5sZ+47ba/rozf8ERoLn7IRc+5M858PLycuj/hrb6u
TetVMq59/sUPbq21B2Wc08CA5587LutAAJms363Lze6zz2ZkhLMD8R439ni33ror+lMawLDhRhfZ
5azbl8af6NpvuWbW61yAAAQgAAEIQAACEIAABCBQLgII5+XCR2AIQAACEIAABCAAAQhAAAIQgEC1
IFBbhfPf5813Tz/9kdtjz1syOEu8btmymXvkkXdjIVzH773b3y3+/5nTWpN7xoxfvRA+atQHcXgJ
tzfesJ+bN+8Pd3yfB12jRvV9OK3Zff0N413v4x7wfrvt28YNGrSrW3XVxtHM9Z/dwIFPueH3veWv
XXP1Pu643p2chPNttrvWjR8/OY4/bSdNOH/k0Xfd3pHoLtfjiHauX7/t3BprLOumTZvpLrtsrLv6
mv/4aw+MONzt07WN39c9tdpgiN/Xv9tuPcB16rS2++abKH//etqNHTvJX5Nw/shDPby4Xx7hXJG9
/sZXbs6ceRHL39xee9+a0xT9jz/95tZbf3A8YOH++w5zO+zQMprZ7tzzz3/i9u12h89fOFhBDCe8
/Y07d8AoZ+UkHqeeuo37+ec5fuCERPgD9t/E3XP3IRmDCHxk/IMABCAAAQhAAAIQgAAEIFARBBDO
K4IicUAAAhCAAAQgAAEIQAACEIAABKqWQG0VzkV1XiSsdux0pXvtta+cBOj/vnySN7luxB9/YqLb
fY8FwvpDDx7h9t6rtV3y2xNOfCgWoXv36uguv3wvV3+JBabCZcLcTKh/O+0Xt/IqA3yYfn23c0MG
d8kQaTUbvf/pI90llz7vZ6lLpG+2fKM4LRO1JVo/9MAR8XntJE2123rj77wz1Q0csLMbcG7nDP86
OP2Mke6ii8e4tddu6oX9JSOT8z2OHO7uuPPVVA4SoPfd7w736KPveXPoDz/YI763pKn2tyf09XnP
Z6o9zJTKYfO2l/mZ4tnWcL/4kjGe0dJL13dvvH6qa/GPZmEUbtKn37sWLS/05zSbXmbyzVk5Jdm/
9vqXbot2V3gOynejhvUtCFsIQAACEIAABCAAAQhAAAIVRwDhvOJYEhMEIAABCEAAAhCAAAQgAAEI
QKCqCNRm4TwUmV8Yd7zbqtM6ZTCfO+BJN+j8Z92RPbZ0N93Yzc+0Nk+hIDv4wt0yrpkfbd+bONVt
1PriVFHc/GlG9eZtL/dmyF9+6SS3Zbs17JJfy7vluhfmnJFtnrXut/zKaS3yPffcMJrVPd8u+7XX
NXtcs85tdvYSkdi/RbvL3fvvT3MjH+vpuuy2QezfdrT2+TbbXhOZNF+rDAfj+O23M2PT9BaukK2F
l4n1NOFcIrwJ+7IIcHq0Lnmas1n9oTl5+bNySpqMl9l93ff06b+WlO+0PHAOAhCAAAQgAAEIQAAC
EIBAGQII52WQcAICEIAABCAAAQhAAAIQgAAEIFDjCNQF4fyHH2a79yee7paOTKsn3WMj33N77nVr
mZnW8pdNkE3Gcc+9b7qDuw/LKXxLxG3d5mIvnGv2c+uN/l4T3MTw0Ex6Mg07Nr92nGtrwvlSSy3u
2m15hdMs9WTaucLbNRO+K0s4N4Fbwr5mm2+6yWqWdMZWM+aP6HGvN09/8037xQMZrJxee/UUt/lm
q8dhypvvOCJ2IAABCEAAAhCAAAQgAAEI5CKAcJ6LDtcgAAEIQAACEIAABCAAAQhAAAI1g0BdEM4n
T/7BTXyvv1t9tWXLFIqJ3slZzPKYTZBNRhKaBJcZdq15nnQScTfb/DI/6zsp8JoYvl+3jVNnZIdx
ffjRNLd+qwVrlcu8vEzQ//lntBB4iltmmSUj8+gruN9mz4tnnCfTTglW5lR5BWgLn2vGebfIVPyD
D73jht97qNt/v03K5EEnRjwwwe23/51lBjlkKydLN5/gL3P0n3/xg09zrTWXiwX51ExwEgIQgAAE
IAABCEAAAhCAQJIAwnmSCMcQgAAEIAABCEAAAhCAAAQgAIGaR6AuCOeaaX3qKdu4Sy7eI2Pt8dB8
+rnn7OT+NXCXjALMJshmeIoOwvW3H3u0p9u9S1lT6DazXWE/+vAM17LFCnE0JpxvtdXabszo3m6x
xerF17Tz+7z5bonFF6ytrvXU22x8ifvuu1nuudG93HbbtszwawcK8/vvf/h1vcO13nsc0c6Fs7XN
/8xZc911173oVlxxaW8C3s5razPCZfJcM9ZXWnGZ8LKT8Cxz68l8mycTsLMJ5/JnrFu2bObefadf
fL9hHFv/82q/Xv3xx3VyV13ZNS5LC5scFGDp5hLOdW/bbneNj1dpKf033zjNNWywhCXNFgIQgAAE
IAABCEAAAhCAQG4CCOe5+XAVAhCAAAQgAAEIQAACEIAABCBQEwjUFeFcZSHB9ZRIQG/ceCn30Uff
ue6H3OVNp+uaZopv0Gol7UYztH+PZh0v4nbrcrMbM+YTp/XR20Vrks+b96e/3iAyfb7IIov4ff2T
aHzY4fe4YXe97s89/FAPt+ceG8Z+Rj4+0e2x5y3+2gH7b+Luvqt7xqxmzXZea+1B/rqJ4XN/n+8+
/PA7d9NNL7nrrh/v+p62rbv4oj28HxOKl166vnvwgSPcDtu3jNP6bPJ0d+edr7nzBj0Tr3G+bJMG
LhTuFdcZZ+zgdF7pvPrqF27fbnd4Mb5VqxXdOxP6uXr1FvVp6V8ovF9+2Z7uxBO2ju7ZuS++/MGN
GPG2O/2Mx73gLFF9yfoLZtuLofzIzZ0732219VVunXWW9zPK7Xy9eovE/t+aMMVtutll3n+3fdu4
a67Z163QrJE/nvrtz1G5PeqG3/eWPw7XMp8//w93wIH/9rPVk+vY27rtEvxlAn61VZv48OE/G7QQ
nksK8OE19iEAAQhAAAIQgAAEIAABCJQhgHBeBgknIAABCEAAAhCAAAQgAAEIQAACNY5AXRLOsxXO
v+882B3SfXN/efRzH7kdd7ohm1d/Pk38lki7ZfuhsRAvUbtFi2ZuypSfvCCtgDKr/tqrJ5eZsS3h
XeLv/SMm+PgVdubMuX7f/l1w/m7uzEjslktLa5ed13djx02K05K/jh3Xcs8+08ubjlcap/V9zF1+
xVhd8q5165X9uud2rO3jI49yu+3aKjzl92198TIX/n8inC2fJkZnCxeuuX7DjeNdr94PxF433XTB
WudvvjklPnfdtfu6Xsd29MfhgAPzcGSPLd0tN++fMVDArt15x0Hu0EPa2qHfpuU1FOYzPHMAAQhA
AAIQgAAEIAABCEAgjQDCeRoVzkEAAhCAAAQgAAEIQAACEIAABGoWgbognP/ww2z3zNPHutGjP3bn
X/BMLC5LZD3ppK3dhhusHBfauBcmuW22vdYfS7gNRVvzpJnrVw7dO2PWuK5plvW1177o+vUfaV7j
7ZDBXVyfPlu5BkulmwCX2XjNqpZAHboTojCHRGLv5putHp52Mq0+dOg4d+6AURnndSBh/8gj20Vm
3FuUyePjT0x0R/YcHjOwwP37bed69+7kmq9edh14+ZHwftnlY13ffo9ZEL/dp2vrKK0t3Q47tHSL
/9/EfJqgnRHo/wcaIKCZ4C3+0Sy+/MabX3mBf+zYSfE57XTuvJ4bdN4uru3mzePzU77+ya8bL7P1
5vr13c5dNGR39+So973FADuv7cjHerouu2Wa0deM+z59HnI33/Ky99rn+K2cZtVnMzsfxsc+BCAA
AQhAAAIQgAAEIAABTwDhnIoAAQhAAAIQgAAEIAABCEAAAhCo+QRqs3Cu9as7dBzqtMb1Jx+f5ZZZ
eklfYDLvLVProTnyiixJibEyD26uadMGsUlyO5dtK/F9zpz53lR8o4ZL5BVw5f/HH2e7Ro3qR+Hm
RWbol8ybltYkn/bdTNcgWsf7t4hR06YNXf0lFqyhni1fdl5rp//66wIz7A0aLJ43LQtX7PaHH3+L
Zt3P8eXUMOLQdLmGxUZRlP9forRknr9Rw/pFhcMzBCAAAQhAAAIQgAAEIAABh3BOJYAABCAAAQhA
AAIQgAAEIAABCNR8ArVZONfa3Ju3vcwL55M/OyfrbO+aX4rcAQQgAAEIQAACEIAABCAAAQhUGQGE
8ypDT8IQgAAEIAABCEAAAhCAAAQgAIEKI1BbhfNJn37vLr98nLv+hvGe1X7dNnarrNLYz5Y+7LC2
rmOHtSqMIRFBAAIQgAAEIAABCEAAAhCAQB0mgHBehwufW4cABCAAAQhAAAIQgAAEIACBWkOgtgrn
9w5/0x108LDUcjp/0K7urDN3TL3GSQhAAAIQgAAEIAABCEAAAhCAQFEEEM6LwoVnCEAAAhCAAAQg
AAEIQAACEIBAtSRQW4VzrWP+8Sff+3WrQ/Dz5//p1lhjObd0tCY4DgIQgAAEIAABCEAAAhCAAAQg
UG4CCOflRkgEEIAABCAAAQhAAAIQgAAEIACBKidQW4XzKgdLBiAAAQhAAAIQgAAEIAABCECgbhCo
6cL5jz/+WDcKiruEAAQgAAEIQAACEIAABCAAAQjkILDsssvmuMolCEAAAhCAAAQgAAEIQAACEIAA
BGoigUX+ilwhGUc4L4QSfiAAAQhAAAIQgAAEIAABCECgthNAOK/tJcz9QQACEIAABCAAAQhAAAIQ
gEBdJIBwXhdLnXuGAAQgAAEIQAACEIAABCAAgZIJIJyXjI6AEIAABCAAAQhAAAIQgAAEIACBaksA
4bzaFg0ZgwAEIAABCEAAAhCAAAQgAIHqSADhvDqWCnmCAAQgAAEIQAACEIAABCAAAQiUjwDCefn4
ERoCEIAABCAAAQhAAAIQgAAE6hgBhPM6VuDcLgQgAAEIQAACEIAABCAAAQjUCQII53WimLlJCEAA
AhCAAAQgAAEIQAACEKgoAgjnFUWSeCAAAQhAAAIQgAAEIAABCEAAAtWHAMJ59SkLcgIBCEAAAhCA
AAQgAAEIQAACNYAAwnkNKCSyCAEIQAACEIAABCAAAQhAAAIQKJIAwnmRwPAOAQhAAAIQgAAEIAAB
CEAAAnWbAMJ53S5/7h4CEIAABCAAAQhAAAIQgAAEaicBhPPaWa7cFQQgAAEIQAACEIAABCAAAQhU
EgGE80oCS7QQgAAEIAABCEAAAhCAAAQgAIEqJIBwXoXwSRoCEIAABCAAAQhAAAIQgAAEah4BhPOa
V2bkGAIQgAAEIAABCEAAAhCAAAQgkI8Awnk+QlyHAAQgAAEIQAACEIAABCAAAQgEBBDOAxjsQgAC
EIAABCAAAQhAAAIQgAAEagkBhPNaUpDcBgQgAAEIQAACEIAABCAAAQgsHAII5wuHM6lAAAIQgAAE
IAABCEAAAhCAAAQWJgGE84VJm7QgAAEIQAACEIAABCAAAQhAoMYTQDiv8UXIDUAAAhCAAAQgAAEI
QAACEIAABMoQQDgvg4QTEIAABCAAAQhAAAIQgAAEIACB7AQQzrOz4QoEIAABCEAAAhCAAAQgAAEI
QKCmEkA4r6klR74hAAEIQAACEIAABCAAAQhAoEoIIJxXCXYShQAEIAABCEAAAhCAAAQgAAEIVCoB
hPNKxUvkEIAABCAAAQhAAAIQgAAEIFDbCCCc17YS5X4gAAEIQAACEIAABCAAAQhAAALOIZxTCyAA
AQhAAAIQgAAEIAABCEAAAkUQQDgvAhZeIQABCEAAAhCAAAQgAAEIQAACNYQAwnkNKSiyCQEIQAAC
EIAABCAAAQhAAALVgwDCefUoB3IBAQhAAAIQgAAEIAABCEAAAhCoSAII5xVJk7ggAAEIQAACEIAA
BCAAAQhAoNYTQDiv9UXMDUIAAhCAAAQgAAEIQAACEIBAHSSAcF4HC51bhgAEIAABCEAAAhCAAAQg
AIHSCSCcl86OkBCAAAQgAAEIQAACEIAABCAAgepKAOG8upYM+YIABCAAAQhAAAIQgAAEIACBakkA
4bxaFguZggAEIAABCEAAAhCAAAQgAAEIlIsAwnm58BEYAhCAAAQgAAEIQAACEIAABOoaAYTzulbi
3C8EIAABCEAAAhCAAAQgAAEI1AUCCOd1oZS5RwhAAAIQgAAEIAABCEAAAhCoMAII5xWGkoggAAEI
QAACEIAABCAAAQhAAALVhgDCebUpCjICAQhAAAIQgAAEIAABCEAAAjWBAMJ5TSgl8ggBCEAAAhCA
AAQgAAEIQAACECiOAMJ5cbzwDQEIQAACEIAABCAAAQhAAAJ1nADCeR2vANw+BCAAAQhAAAIQgAAE
IAABCNRKAgjntbJYuSkIQAACEIAABCAAAQhAAAIQqCwCCOeVRZZ4IQABCEAAAhCAAAQgAAEIQAAC
VUcA4bzq2JMyBCAAAQhAAAIQgAAEIAABCNRAAgjnNbDQyDIEIAABCEAAAhCAAAQgAAEIQCAPAYTz
PIC4DAEIQAACEIAABCAAAQhAAAIQCAkgnIc02IcABCAAAQhAAAIQgAAEIAABCNQOAgjntaMcuQsI
QAACEIAABCAAAQhAAAIQWEgEEM4XEmiSgQAEIAABCEAAAhCAAAQgAAEILEQCCOcLETZJQQACEIAA
BCAAAQhAAAIQgEDNJ4BwXvPLkDuAAAQgAAEIQAACEIAABCAAAQgkCSCcJ4lwXOsJ/PXXX+6JJ55w
s2bNcp07d3Z0ehVf5F988YUbN26ca9GihWvfvn3xERACAhCAAAQgAAEIQAACNZgAbYgaXHhkvUII
qF39yCOPuJkzZ7ouXbq45ZZbrkLirUuRTJ482Y0ePdqtt956bquttqpLt869QgACEIAABCAAAQhA
oNoSKFo4l2A2Z84ct8gii6Te1OKLL+7WWmut1GuchEB1IPDZZ5+5zTff3Gfl6aefdm3bti04W/Pn
z3f9+/d3X3/9tWvQoIF/Fm666SbXqFGjguOoDR5PP/10p/uWaP7YY4+5evXq1Ybb4h4gAAEIQAAC
EIAABCBQEIHyCucSzPK1q9dZZ52C8oInCFQFgUmTJvmB1Er75ZdfdltuuWXB2VC7uk+fPu6rr75y
DRs2dLNnz3b33HNPnWtXn3DCCe7qq6/2ovnzzz9Pu7rgGoRHCEAAAhCAAAQgAAEIVB6BooRzNew7
dOjgPv/886w5qolCmkTQCRMmuMUWWyzrfUkk7dixo1t00UW9HzX0xo8f7xt44SCClVZaybVp06ZM
PD/99JN79dVXnUZlK6xGFFtHyG+//ebj+vPPP+NwGoDwz3/+0zecik0rjqQcO7/88ot7/PHH3dix
Y532V155ZS8wN27c2L399tuue/furnnz5uVIoeqCTps2za2//vo+A88995zbZJNNCs7Mr7/+6hu1
9gw0a9bMvfLKK65JkyYFx1EdPKpML7jgArfuuuu6I444IutAmGx5HTp0qDvvvPPczjvv7IYNG0YD
PxsozkMAAhCAAAQgAAEI1EoC5RHO1a7eYIMNnAb0ZnOafVrThLQpU6a4119/PWe7WiKp2rlhu1qW
rNQmDtvVq6yyitt0003L4Pnxxx/dSy+9FLerxVFWsOQUh9qvYbt6iSWWcNtvv33cri4mrTKJl3BC
7a6HHnrIPfvss+7nn392q666qh98rPbjG2+84Y488ki35pprlhBz1Qf59ttvfT+BcvLaa6/Fg9ML
yZna1a1bt46fgRVWWMF9+OGHNc4anMr3rLPOcq1atXLHHntsRh0uhMOQIUPcGWec4XbffXf38MMP
064uBBp+IAABCEAAAhCAAAQgUMkEihLOv/zyS7fxxhv7LO25555xo0CzbTVz9/vvv6+RQtrdd9/t
RzvnY/3pp5/GDbmPPvoo1UT10ksv7TsLJKiGLplGKLiqgagBCUln6RWbVjKeYo8lBO+yyy45g118
8cWuZ8+eOf1U14tq3J599tlu+vTpbvDgwW6NNdYoKqsaBKFOApVZWI5FRVLFnj/++GM/I6BU4Vum
7u+880637bbbltRBUMW3T/IQgAAEIAABCEAAAhAoF4HyCOcahGtW2rp16xa3q9WWHDlypPvuu+9q
pJB2++23ux49euTlOmPGjNis9wcffOBFx2QgsdCMZgmqoUumEQquEydOdBtuuGHo3e9besWmVSai
Ik9ooH2nTp1yhrrmmmvccccdl9NPdb2odvXJJ5/s+4GuvPLKuE4Xml8Ngvjmm298mYXlWGj46uBP
fTkalF+q8C1T97LkttNOO7kTTzwxfhdUh3sjDxCAAAQgAAEIQAACEKirBIoSzjWC+/DDD3f77ruv
22+//TKYjRo1yh188MFODaZDDjkk41p1P5BAbaPWNdP73nvvdS+++KIfMS1xWDMC1JBTYyYcGS8T
1b///rs3KSb/5q677jp3wAEH2KHfala7/EhA14ztJZdc0h1zzDHulFNO8TO6NbtbfC+55BLv/8IL
L3R77bVXPDK+mLQyEi7yIBTNNcJf+Vl77bXd1KlT3UUXXeQeffRRH2NNFs6LRJLqfd68eW677bbz
nVo1cca56rxM1KuO3XLLLXG9Tr1ZTkIAAhCAAAQgAAEIQAACGQTKI5yr3ac29UEHHeQteYURq92n
Qeo333xzjRuo/MknnzjN6JaVNc30vuOOO/wMcJnwljgsc9yy0LbbbrvF7Q9ZV3vggQd8u1qi+Nho
xrg5DdQ99NBD7dBvZdpbfm677TY/Y3uppZbyguOZZ57p29Wa3a3ZzLKOJSdLWeq70NJSxablIyjx
Xyiaq92lPoJ//OMffsmvf/3rX27EiBE+5posnJeIJiOY2tVaRk0D02vijHPV+ZYtW/o6pn4k6y/K
uEkOIAABCEAAAhCAAAQgAIEaRaAo4TzbnckUmgQ4CcMy0WUmyLP5r+7nbf1miekyqZ7LhfeuDg4J
y2oQq6EsET7pLG6d1yj6MWPGxLxMjJX5bHWUhKbq5L/YtBSmGKcOBs1A1kh9ladGPofm6zWAYMcd
d/TX0wZIaCS/7n/06NG+40Mzs9UI7tq1q9tiiy0ysvLf//7Xz8zXSTHWrG8JuDJnr04NdW4cdthh
rn79+hnhdDB37lz3zDPP+NkYaqjKv2YWyBqC0pagnTbTQWHkX504cuItfxrEkMupAW9m+RV2o402
8untvffefk22NOFcZvhkak3rtCkdOT0XGlQi04ShU8eS/GpwguKfNWuW23///Z3ME8qUvDqSlAfV
p969e/uysfDq/FHn1Nio80j5sLTEQIM+ZGI/zb3zzjtum2228VYT1LkUrlGuehceW3iV73333RfX
a5WDyjVZtubftsXUiy+++MKXq8pdz4dMVOr+NcNd96ZZ/ieddJKf6W/xh1u9f5RHmT2U00wexfH+
++/78JdeemlGnQ7Dsg8BCEAAAhCAAAQgAIFCCZRHOM+Whtp7Miuu3/ayEGUmyLP5r+7nbf1mtS9l
yjqXC+9ds/AlLEuQfO+99+L2Rxje4tY5tRv0+994qd2gdqjSVHssrV1tnAtJK0y3kH21q9VuUZtL
7VoNnk+2q9u1a+evpw2QkGU03b8mJ2ig/g8//OCthWlwftJSnfpg1LaWk9l6DXqXGK++DLXp1P48
+uijs7ar1c568MEHfXtT/tWm3myzzXzanTt3dr169Spzywqj9qm11cVb/vK1q9UmU93WwBGFVVr6
U1moHZgmnKtPQe07DcIQCznVC7V1FS50alfLryYtKP6ZM2f6gRcyjy8LiSoH1UW1uTWBQWVvTu1q
9SXoT21/S0sMjj/+eN82N7/h9q233vJLCqjNKXP8YTs6W7ta5fvvf/877pewJRGTZRumo/1i6sXk
yZN9uapMlllmGW8pTs+CZrjr3rbeemtvIj5p0cHSVJ1SHtXHIKc+Llmbe/fdd327WgNBwjpt4dhC
AAIQgAAEIAABCECgNhCoEOHcZq+q8SfTcjX9B7SJ24Wsf62Gg4RQCc433HCDU8NKptWzhbW4rfJI
VJZArZHJJkyrwZ82C7jYtCyNQrdqJKphr44HNbTVwEw6zQI49dRTfUM+bKhKlE7Osg/DalCBxHY1
2tSgVSNVgwZyOTFVYy2sT2qU77HHHnEDLi18mvlxhVPjUGVjLp+ZdQnDmqlw/fXXW5Ay27Q41LjM
ZepeLNSZofX95NSxotn9WurAnBq1GoSghn/okulpPbQbb7wx9BLvJ8tRnQFam15llctJsFcHTHLd
9ieffLLMjJh8lgeKqRfKU3JJg7R8ioE6M5ZffvmMy1dccYUbNGhQxrnwIMkuvMY+BCAAAQhAAAIQ
gAAEiiFQGcK5zV7t2LGjFxjDdlAxeasufk3cLmT96wkTJrhNNtnEm7weNmyYF4gltGYLa3Hbvaot
qraEtavVN6EB2mmzgItNy9IodCvBe9ddd/Xtagm1q6++epmg6juQ2Cy/ar+akyjdpUsXOyyzVTta
Ynvjxo19u1rtTonCuZzMiGuwdFif1D6WEKp2VTaXZn5c4SR2q2zM5TOzrna12q1qr2VzaXEob7lM
3YuF+ifCdrUGDmipA3Oy4KBBCKpToUumJzPpV111Vegl3le7OixHtas10UBllcutttpqfnBE8l2h
dr7Chy6f5YFi6oXiTS5pEKZl+2KggSlqJ4dOy9nJgkM2l2SXzR/nIQABCEAAAhCAAAQgUFMJVIhw
rkaffljnE9FqCiQTt7OJ3+F9yHy5/m699VanGcgyBSex9aijjvLnQ7/at7jVeFOD5M0333Qy067R
xfmE82LTSqad71gm4yRuS1zVNjkyX+E14lsjqWVubs011/RRanS/ZqLLSXSV2Tyt86WZ07rPgQMH
+muhoC1TbP/5z3+8uXpdVGNUo5Y1m/v+++93MlUv98ILL2SsUydeO+ywg09H/jSLQA1xNapl7lAu
TMef+P8/DfDQGmoaYW4m/9Jmi8u7xP1+/fr5ctWxGrYypajR/uecc04scifF2M8++8zPblAYieG6
D+VRo7o1kr9///665OvHkCFDYsYS9LXG2+WXX+5HuXtP0T/Fr3PqoFBYdQroXmWSUM7KTB1H6izS
DHPNTlEZSog///zz/Sx1+VUDX50fNmpc59JcNuFcnF9//XXf4aI4VK65nvlS6oXWyVMZawbA59Ha
j3K6B5lz1BIHh0dLRcglLR6oXqpzTPeszjHNuFf91bqIehbV0ZEsKx8R/yAAAQhAAAIQgAAEIFAC
gaQYVkIUZYLoN66sK+UT0coErKYnTNzOJn6H2VbbQm2b4cOHe+tbaitJbNVs36uvvjr06vct7qee
esq3z5SGLHFpsLTa1bmE82LTKpN4nhNq86vtfuSRR6ZaklNwtf00MLl9+/Z+lrjOyfqa8i0n0VWD
qNU+1szpu+66K25LhoK2rJZpQLraf3JqV2vwucRthVHbVU6DBdq0aeP39U+8ZDlM6SgfSkftPTHU
ZAC5MB1/4v//NMBjypQpvl2tiQByabPFdV7tapWh2vpyGqivNp2skmlAvoncSTFW7TizIKC+B/Wz
tG7d2udR7b0+ffr4+BS3BG/ru9A69opb7XANSjCn+DXgXO1qhWnUqJEXja1dbWWmPgD1FWgSgeJS
P4DyqDa51nOXU7ta1ttyDTqQv2zCuThrRrcGMigOtfNzPfOl1Au1qxVOywOqj0JO96D7UXvb+k6S
Fg9ULzXgRPesSTGqC2KrPoYDDzzQDwRIlpWPnH8QgAAEIAABCEAAAhCoRQTKLZyb2CthSj/MZcKp
pjsTt/MJ52qMqMGkGcNq8GgGrAmnEukk+q644ooZOCxuzeiWeKyGpgRoNZxknk4CdNqM81LSyki4
gIO+fft6oTgpSuYKGpqPlzk8jWRXIzR04UxljZRW54Dcl19+6Rv0atyHJuvVuJZJOYXTzHtrjCuM
zHbL1JzEcXUEhGuIySSbBFM17rIJ/4pDTp0ymtWdTTgPRV/NOJfpdHMyLScT75pNnRRjrXx32mkn
P6o9aa5fjfeDDz7YR6XOiuSyBhZeHtTRItHYTOD98ccfGabfLD/a6prqodhpVr+sByjP2QYRSKhX
Oei6OlZCp4ZxaGIuvGb7VnbZhPPy1At1Zqgc9U7RuobqsDGnzg51oCUHd6ghr7UTVR7iKgbmFJ/q
k/zomUzWT/PHFgIQgAAEIAABCEAAAoUSqGjh3MRemffWb3WZo67pzsRt/T5XWzGbU1tXs8018Npm
wJpwKpFOA2i1NnroLG75l3isdrRmG0vsVFskm3BeSlphuoXsaz13CcVJUTJXWOXZzMerXaPB6sl2
SzhTWe0amQeX04BjLVGldnVosl5tQw3uVziJzaGFOLWF1S5VW0vmu8N2tURxmWvXNd2DidJp+Vf7
VbObswnnoeirdqfaZebUrpaQrj6CpBhr5asB1FrWLNmu1kxyWXKTUzvPRHaL28LrWMudSTQupl2t
8tCsfrXflYdsgwhU3zRQXtfVFxK6QtrVVnbZhPPy1Au1g/Xc6Z2iQfxhv4oGG2iWfXJwh8pRkyBU
HhogkWxXqz7pnvVMJutneO/sQwACEIAABCAAAQhAoCYTKLdwbjOA1TCtDWbaVZgmXuYTzs20uQRI
NUTNqWEl0U+N5bBxmoxbo8BNIJY4q1G/MkWmhkrSVHspaVl+Ct3afRcjnJugrwafzZxPphcK4eEM
aDPxr1HPyfs1gTwpzKqRJtOFchoxL+FXnShq6GuddA1e0AjpsOGfzI+Oda9qgGcTzi195U2dBUkh
WTPXta56KJyHg0g0a1vraaszwJwa+1999ZU7++yz/am0+mVloIb+ueeem/c+1KEkMVkWD9JcGlv5
y8U+LZ7kOQufLB/zV556YRw1yj0pgptAnhwQoEED6jhSPVSHkYR1dR7JuoAa/ZqJr85Hm1Fg+WQL
AQhAAAIQgAAEIACBUghUtHCu372aAVxbzLSLqYmX+YRziZMyba7f82pTqv0op9njEv00mNYshvkL
0b8wbom8JhBLnJWlMM1OVntN7fSwbVhKWpZmoVvLWzHCuQn6GohvM+eT6YVCeDgD2kz8S4RO3q8J
5ElhVgMONMtcTpbStBya2kxipQEIaudqzfSQXTI/Ota9amZ8NuHc0lfetJ9sV2vwu2Zmh8J5OIhE
19SvovaeObXxtCa6rJTJpdUvKwPNIJelv3z3oXam+kFsZrylZds0trqWi72FzbW18MnysTDlqRfG
URM2kiK4CeTJAQHirGdH9VDtagnrmhwj5up30Ux89VfRrrYSYgsBCEAAAhCAAAQgUBsJlFs4N1PR
2QS0mgjNxMs0YdPuR43WI444wmmkczanBoZmooejo5NxmxAsoVWdBD179nTNmzfPEJJLTStbvtLO
Kw2NONYsbjUyZb6uEGdCZiggJ8OF+Q8HE5j4KhE0OXtco+LFN1mvFJfM3ul8NidTZ5o9n6txnE84
t9n3Mm1nJtnC9EJx18R3ndM6ceE66mGY5L7WopPZudBZ/UiaqA/92L46kWTxwJw6ltS5Ia62jnka
W/nPxd7iy7W18MnysTDlqRdpbC1eSzftvkLLBuY/3GaziBD6YR8CEIAABCAAAQhAAAKFEKho4Vzt
ALVzsgloheSpuvkx8TJN2LS8qn2ntao1Izab0wBYCb1huzoZtwnBElolPGsAuwbShkJyqWlly1fa
eaWhpaI0sFmircq0EGdCZiggJ8OF+Q8HE5j4KhE0OXtcA8LFN1mvFJfa/FpmLpsbMGBA3sHcKodc
wrnNvpfpdFkOS7pQ3DXxXec0GCJcRz0ZLjx++eWXvfWx8JzVj6SJ+tCP7b/11lt+8IAdy/qZxGNx
tXXM09jKfy72Fl+urYVPlo+FKU+9SGNr8Vq6afcVWjYw/+E2m0WE0A/7EIAABCAAAQhAAAIQqMkE
yiWca11hNSo0y1OmxzXTN5+TSWmZeZbTDOFc4ma+uCrruomXuYRzM1WtPMhEWNJ8mRqschIwQ7N0
aXHb4AON8pYYqpno4QzsUtPyGSji3x133OFHbecSwZPRhXUgl6l+E6JDoTWXCJpNOFf6GnWt2ciy
dqCtnVPngda4lstVdrqucsg149zKRJ0d8pt0Gomttda15rkJ53ZOwrlmleu61jZPcxqxrZHaYeeP
/KXVj7TwOmdMVf/UEaEZAuZsQEaawCw/xj7bjHSLJ9vWwoflGfotT70oVTjX2n/6U8eHZiDIrN3s
2bP9MgAqI7ls+Q3zzj4EIAABCEAAAhCAAATyEahI4VzrCqvNqFmeslwm08/5nNrVaofLSSCuju1q
Ey9zCee6B+VfTgJvsl19//33+2ta2szW/9aJtLjVlpJQvc8++/g2gZiGwnmpafkMFPFPFsGOPfbY
jFnU+YKHdSCXqX4TokOhNZcImk04V35+/vlnN23aNL/knmYl27mbbropbmfnKjv5zyecW5nImpra
2EmnNrQsLUyfPj2etW7nJJxfcMEFbpdddsnZrpZlgWS7Oq1+JNO2Y2Oq+qe11DWpwZwNyEgTmOXH
2GebkW7xZNta+LA8Q7/lqRelCudqU6vPRWWvd5K1qzXw39Z1z5bfMO/sQwACEIAABCAAAQhAoKYS
KJdwrnW3tI6yZlZLOF9sscVyclADSCKfBE85hXv++eddw4YNc4Zb2BcLES9NZJZAaibCwnyqwa4/
jTYPR5mnxT1jxgzXoUOHWPRNipmlphXmp5B9myUsv9lmWs+fP98PBpBIq3Xo1BizWdZqnGrUetKF
wr/uRQME5Ex8Td6vrmUTzm2NcA1M0Azr0CkvXbp08fWrvMK5pa9BBFp/XSbJQqcOHHWGhIMM1KDU
vbz44ot+ZP5JJ50UBsnYV0M0XC/MLqbVD7sWbkORXmuphTPP5e+2225zp512ms9POAjD4jD2WmZA
95p8diX4S9zP5ix8NiG6PPVCYbVGoQZF2KAEy4elm6wzVsc0mCBtJoMNhMiWX4ufLQQgAAEIQAAC
EIAABAohUJHCuSwnabkvzayWcJ78bZ7Mj9oCaoNJ2JJTOLWxq1u7uhDx0kRmCaRnnnlm8lZ9+1K/
5Y8//nh39dVXx9fT4pb4KgtcNrg6KWaWmlacaIE7NktY3rPNtFa7WrOZ1c6UwK82kM2yzjZTPRT+
JYhrgICcia/J+9W1bMK5rRGudrMmQ4ROeVFbW/WrvMK5pa+Z9K+//rpbffXVw6S85TktXxfOtA/X
9ZaZdbWRszmJ/1qLPOnS6kfSj45DkV79Wxr8Hjotqac10tPYyp+x1zID6jdIPrv52tUWPpsQXZ56
obAabKJBETab3+7N0k3el9Ux9QelWSNQWah/K1t+LX62+aEJxgAAQABJREFUEIAABCAAAQhAAAIQ
qMkEShbOZdrLTJUXKkaZ6BUCyydwhn4rc19rUeuetOaWzLrJVLYasmq86rwaQLYel0RPW8dcfjRC
2q4pj2oEv/HGG35ktIRVdYSss846Ph6Jmbfffnsct4mTWu9LnQHyrzTNdHmpaZXKyoRbhe/Tp4+T
+KtOITUo3377bXfqqad6U+TrrruuF4h132beXWE0kvyYY46J17xSx48awmqAaeS2ROUmTZrIq2ck
gVSzosWkfv36/rz+ydxbr169nNZE19ZmHpigrfW2RowY4dlbIK2PppHgSitZr9RgnTdvnveqslSn
jEzjq3Gr+1MZy1lnkwmxOqcyUfloTXXVE4n2JorrWiisW/4U7pJLLvHr69n6X+rIUX0x0+9at17r
yckpXs0SSdY9y3ODBg1iBvIfivTqWFFjXkL81KlTPTtr5IqthHOFD114fzYIYe7cub7hr5n7Mi2o
8g9nBagOyKnM9Syrc0Dlc/TRRzuFlVMZWmdBqfVCnHbaaSdf50K2il91UJ2EyToTvlu0HMC+++4b
50Nse/To4Qd8FPquUlo4CEAAAhCAAAQgAAEIZCNQUcK52iFmqrxQMcpErzBv+QTO0G9l7oftarWZ
9XtebWsJeMl2tURPW8dcfjSYPNmu1kDaTp06eWFVbckWLVr4eNT+ueGGG+K4rV2tgdrqp5AQqzTV
1lE7q9S0SmVlwq3Ca3Cv2tnLLbecb+Oor0BtXM2olnUBWZ3TfWvws9aUlpNgrKXUrC0pP1rHXTOA
ZY5ex1YHZflN96q2sNrIYbt62LBhfn34yy67zLdDrV1tgrba1U899ZRn7xOO/n311Vd+YLbSStar
ZLta7WIN5JYo3rRp0zLtarXNzaKAymTkyJG+Dax6oja/2pJyuiYuujc5y5/2r732Wl+mxkJW5mQ9
Tv0Ocrp/WwLN2tXJuperXb399tu7sWPH+r4M9XeoXf3NN9+4f//73/GgbLEdPnx4mXZ1eH82CEFt
YwnVmrmvtqnKX+1Qc2G7WpMX1M+gNevV/k5rV5daL8RJZtVnzZqVwVb50EAb9Tsl60z4blG/wEEH
HZTRrpbQrj6NQt9Vds9sIQABCEAAAhCAAAQgUJMIlCycS6TcaKON/L0WaqY9FLcMUiFrOZvfytrq
h7/E3WzORq2r0a41srp27VrGqxqUEsc1qtdmYIeeNFJZjQsJyaEzIU/hbLa0zaYVm1LSklCaFi5M
N9t+KDJm86PzasjayHQNFFAjTw1fc2r8yUnoNBeu6W0zgO2atqpHYqh4Q04S3LVumRr1oTCtMCob
ie8yYaaGndyaa67pTYhZwzpbmXjPiX/hGuwm3ie8ZBxKOFeD9Morr/R1SIK2TL2FLGRlQc+LOhPM
6V609p7yqkZ6vvLSdTW8QxOMZonA4sy1tXpmftRppU4ZdSTJKT8yyRa60JpCknvoL9wPy6qUemFW
LMI4b775Zj+bIq3O/Oc//4nXdbfOEoXV/Rx44IG+A0rPnrlcywmYH7YQgAAEIAABCEAAAhDIR8BE
y3z+8l2fMmVKPAtXbaBCzLSH4pbFX8hazua3srZqW0jczea0brTNfpVIqnZc0klIlDiuNpzNwA79
qM0nEVjCcehMyFM4my1ts2kl3peSlsy8a2BzKU7tahMZc4VXG1mDhuXUftKAX4nd5mygtVnt0/lw
TW+bAWz+tVU9EkPNZA85SZSWWK+2UihMK4zKZtddd/VLkandKbf22mv7teXDdnVamXjPiX8qp0MP
PdSfNfE+4SXjUMK5LAWo7dezZ08/UPzwww/PYKEBJhL1ZbbfnO5FdV951cD0tHI2v9qqPO++++6M
drVZIgj9Zdu3embX1a5WnLakQFq7OrSmkORu8SS3YVmVUi/MikUYryYDqI2cVmfUb2PrusuChTnd
j8pBg+OvuOIKO+0nU4T+4gvsQAACEIAABCAAAQhAoBYQKFk4NyGtUDPtYqXRs/379/cjd3Ws0cWa
sWozVHWuKlyaWJfMhxqdumetHZ003yXxVGuZa832UAAP49BoZY2UtrWW7VoockvU00xamc+W6TQ1
XkpJSw38zp07WxJFb9X4UxyaAZ90KjONfA/X0zY/Gj2uGfW2zridV4NZ5R6G0Yhqlb05MVTjrnnz
5n6mftgxoNHzGsWuBruVlRpwSy65ZEFpZSsTSzvcqoGvUdfmNHhB5vbDe5Kwr1HjZ511VrzsQFiO
4qcR8GrwJ50GVWjUthr0Zqpd64RZmhpwEA42sPDKg2YdhMK50lGd0iz/0Kl8DjvsMKeZ6Oo8kNNs
DHXchE7rkEscVwM6dBq5L78yxW/OuNtxtq0GAohZo0aNYi/F1Iu0QQRWn4cMGZIxUl91Rh1NSjOc
QZ/GUGUmKwPW8RRnjh0IQAACEIAABCAAAQiUQKCihHMT0go1066sql2tgcsSGeW0r/ZVVber08Q6
n8Hgn2bASsjW2tGy3BY6iacSRTVDORTAQz9qF0o4t7WW7VoocmtAdseOHb2FLC0Np7ZlKWmpHaPB
7aU6tdfUvtQM+KRTmUnADNfTNj+6R81IN5Pzdl5twoHR0mhhGJmCV7vUnBhqZr7aSGKgAf7mdKx2
ndrVVlZqV+u4kLSylYnFH24ffPDBjMHhKnOJtmE66rOwJeIsn2E5ip8GpCtc0qk9La6aWW7tag1M
32abbbxXtfvCPgULrz4ODXpPtqtVp9TGD536MNT/oTBaMk5OgwC6d+8eevOD+LV8nwa2h05WBzRB
Q31J5oy7HWfbaiCA+gXCdnUx9SJtEIHV5wEDBmSYYVed0WAMpRnOoE9jqDIbNGhQPMM/W/45DwEI
QAACEIAABCAAgZpMoGTh/I8//vCjkdXICn/MFwJD5sfVUCk2XCFx13Q/1YmNzLDJRJlmUS+++OLe
tJyZMs/GWfVCIrO2Cqf1xqwhmy1MsedljnyllVbypsvFSw14jcJWOpVRp3Qv06ZN83ErHZnYK8Qp
nDoGZCZdMw7UKVEZ+RMDqzfKmwYUFOOUN3W+6ZlU+VZGh9vCqBcy8a78652ke5IJPJnk03FFdWwW
wxW/EIAABCAAAQhAAAK1l0BF/b7U7+QZM2b4NkOxbQVrAxQbrvaWyt93Vp3YqF0tywLWrl5++eXj
JcL+znHmnrUltdWfljtLW8s7M1RxR2rra3C7zLeL1+zZs327WulURp3SfcjigOJWu1qm3QtxCqf2
uLWrK6vdLwYaXC6z+cpbKe1q9U1YX1dltavVx1CZ9UL9OSoja1fL1Lu1qwvtCymkXPEDAQhAAAIQ
gAAEIACB6kqgZOG8ut4Q+YIABCAAAQhAAAIQgAAEIAABCFQmgYoSziszj8QNAQhAAAIQgAAEIAAB
CEAAAhCAQHEEEM6L44VvCEAAAhCAAAQgAAEIQAACEKjjBBDO63gF4PYhAAEIQAACEIAABCAAAQhA
oFYSQDivlcXKTUEAAhCAAAQgAAEIQAACEIBAZRFAOK8sssQLAQhAAAIQgAAEIAABCEAAAhCoOgII
51XHnpQhAAEIQAACEIAABCAAAQhAoAYSQDivgYVGliEAAQhAAAIQgAAEIAABCEAAAnkIIJznAcRl
CEAAAhCAAAQgAAEIQAACEIBASADhPKTBPgQgAAEIQAACEIAABCAAAQhAoHYQQDivHeXIXUAAAhCA
AAQgAAEIQAACEIDAQiKAcL6QQJMMBCAAAQhAAAIQgAAEIAABCEBgIRJAOF+IsEkKAhCAAAQgAAEI
QAACEIAABGo+AYTzml+G3AEEIAABCEAAAhCAAAQgAAEIQCBJAOE8SYRjCEAAAhCAAAQgAAEIQAAC
EIBADgII5zngcAkCEIAABCAAAQhAAAIQgAAEIFBDCSCc19CCI9sQgAAEIAABCEAAAhCAAAQgUDUE
EM6rhjupQgACEIAABCAAAQhAAAIQgAAEKpMAwnll0iVuCEAAAhCAAAQgAAEIQAACEKh1BBDOa12R
ckMQgAAEIAABCEAAAhCAAAQgAAGHcE4lgAAEIAABCEAAAhCAAAQgAAEIFEEA4bwIWHiFAAQgAAEI
QAACEIAABCAAAQjUEAII5zWkoMgmBCAAAQhAAAIQgAAEIAABCFQPAgjn1aMcyAUEIAABCEAAAhCA
AAQgAAEIQKAiCSCcVyRN4oIABCAAAQhAAAIQgAAEIACBWk8A4bzWFzE3CAEIQAACEIAABCAAAQhA
AAJ1kADCeR0sdG4ZAhCAAAQgAAEIQAACEIAABEongHBeOjtCQgACEIAABCAAAQhAAAIQgAAEqisB
hPPqWjLkCwIQgAAEIAABCEAAAhCAAASqJQGE82pZLGQKAhCAAAQgAAEIQAACEIAABCBQLgII5+XC
R2AIQAACEIAABCAAAQhAAAIQqGsEEM7rWolzvxCAAAQgAAEIQAACEIAABCBQFwggnNeFUuYeIQAB
CEAAAhCAAAQgAAEIQKDCCCCcVxhKIoIABCAAAQhAAAIQgAAEIAABCFQbAgjn1aYoyAgEIAABCEAA
AhCAAAQgAAEI1AQCCOc1oZTIIwQgAAEIQAACEIAABCAAAQhAoDgCCOfF8cI3BCAAAQhAAAIQgAAE
IAABCNRxAgjndbwCcPsQgAAEIAABCEAAAhCAAAQgUCsJIJzXymLlpiAAAQhAAAIQgAAEIAABCECg
sgggnFcWWeKFAAQgAAEIQAACEIAABCAAAQhUHQGE86pjT8oQgAAEIAABCEAAAhCAAAQgUAMJIJzX
wEIjyxCAAAQgAAEIQAACEIAABCAAgTwEEM7zAOIyBCAAAQhAAAIQgAAEIAABCEAgJIBwHtJgHwIQ
gAAEIAABCEAAAhCAAAQgUDsIIJzXjnLkLiAAAQhAAAIQgAAEIAABCEBgIRFAOF9IoEkGAhCAAAQg
AAEIQAACEIAABCCwEAkgnC9E2CQFAQhAAAIQgAAEIAABCEAAAjWfAMJ5zS9D7gACEIAABCAAAQhA
AAIQgAAEIJAkgHCeJMIxBCAAAQhAAAIQgAAEIAABCEAgBwGE8xxwuAQBCEAAAhCAAAQgAAEIQAAC
EKihBBDOa2jBkW0IQAACEIAABCAAAQhAAAIQqBoCCOdVw51UIQABCEAAAhCAAAQgAAEIQAAClUkA
4bwy6RI3BCAAAQhAAAIQgAAEIAABCNQ6Agjnta5IuSEIQAACEIAABCAAAQhAAAIQgIBDOKcSQAAC
EIAABCAAAQhAAAIQgAAEiiCAcF4ELLxCAAIQgAAEIAABCEAAAhCAAARqCAGE8xpSUGQTAhCAAAQg
AAEIQAACEIAABKoHAYTz6lEO5AICEIAABCAAAQhAAAIQgAAEIFCRBBDOK5ImcUEAAhCAAAQgAAEI
QAACEIBArSeAcF7ri5gbhAAEIAABCEAAAhCAAAQgAIE6SADhvA4WOrcMAQhAAAIQgAAEIAABCEAA
AqUTQDgvnR0hIQABCEAAAhCAAAQgAAEIQAAC1ZUAwnl1LRnyBQEIQAACEIAABCAAAQhAAALVkgDC
ebUsFjIFAQhAAAIQgAAEIAABCEAAAhAoFwGE83LhIzAEIAABCEAAAhCAAAQgAAEI1DUCCOd1rcS5
XwhAAAIQgAAEIAABCEAAAhCoCwQQzutCKXOPEIAABCAAAQhAAAIQgAAEIFBhBBDOKwwlEUEAAhCA
AAQgAAEIQAACEIAABKoNAYTzalMUZAQCEIAABCAAAQhAAAIQgAAEagIBhPOaUErkEQIQgAAEIAAB
CEAAAhCAAAQgUBwBhPPieGX1/cUXX7hx48a5Fi1auPbt22f1xwUI1FUCM2fOdI8++qhr3Lix23XX
XV29evXqKgruu4oIUAerCDzJQgACNZ7AK6+84j7++GO35ZZb+t+6Nf6GuIEMAn/99Zd74okn3KxZ
s1znzp0dgnAGnqwHcMqKplwXJk+e7EaPHu3WW289t9VWW5UrLgJDoDYSUJtmxIgRrkmTJm7PPfek
XV0bC7ma3xN1sJoXENmDAASqLYHx48e7Dz74wP/GXXfddattPslYaQTUrn7kkUecvpNdunRxyy23
XGkREapaEKjzwvmLL77oBg4c6FZYYQW34ooruiFDhrj69esXXTinn366u+mmm7xo/thjj1Xbxos6
PnW/K6+8spsyZYo74YQT/INc9A0ToNoSuO2229yTTz7plllmGV/GV199tavoj/Fvv/3mnn32WffU
U0+5GTNmeBZquPfs2dNtscUWqWwkmh9xxBGuWbNmTvVQ/nEQWJgEqmMd/Prrr12vXr1c06ZN3SKL
LOLmzJnjkeh70qhRo4WJp+C05s+f7/r37++U9wYNGvg8F5Jfvj8FIy7j8dtvv3WjRo3y713xl1tl
lVXcKaec4po3b17GPycgkI+A6tSxxx7rBdLZs2e7Vq1auXPOOce/h5Jh9V7adttt3UcffeQGDRrk
jjvuuKQXjiuRQKnv3GKy9Nlnn7nNN9/cB3n66add27ZtiwleZ/0inGcW/dixY12/fv3cSiut5Nua
V111VUntarVP1X6RaP78889X23a1Oj71e2jVVVd1X375pb/3vffeOxMKRzWawPXXXx8P/FYZq529
/vrrV+g9qV2ttrv6kKZPn+7j1rtF39oOHTqkpvXAAw+4bt26+T6sDz/8kMFOqZQ4WZkEqmMdVP/m
IYcc4vub1K7W71u5e+65p1q3q/v06eO++uor17BhQ5/nQvLL96f02j116lT/Xtd719rVq622mjvz
zDPdmmuuWXrEhKyzBFSnunfv7vv09E3faKON3IUXXpi1Xb3ZZpu5999/31166aXu1FNPrbPcquLG
9cyX8s4tJq+TJk2KJxq8/PLLfuJBMeHxW70I1Crh/IUXXnB6SelHUi6nB0WNEDVINFL3mGOO8d7L
I+gNHTrUnXfeeW7nnXd2w4YNq7YN/PB+ddMXX3yxFztz8eJa8QQ0K+v88893Rx111EKfKdGjRw8/
usly/dxzz7lNNtnEDsu9lVC+4447us8//7xMXBLoNRglbTa5ftzvvvvuCOdlqHFiYRGojnXQZnCG
DMrzLQrjqaz9X3/91b/X7B1QaH75/pRWIm+88YZ/56aFPuuss+pMY+uZZ55x999/vzv33HMZLJBW
GYo8l3z35Pr9qt/NXbt29d93fjcWCboCvJf6zi0m6WnTpsViUEX/biwmHzXNb20WzseMGeNU9wpp
V2+99dZ+NsXd/2PvPOCsSaq6fclZEFBB5ANBTCAgiAgILHFFERF2SRIFWRQUliDBsCyIgJJhlSUI
RsAARhBFEFFEsmJAASNiQElGRJ2vnv547vefmuq+3X1nZuedt+v3m+m+3VWnTp06dc6pc6qqf/In
O8ch/cii9LkBPRayP/axj+3mDa961aua84qjwCvZXvB53vOetywsOoCOgY8IaODoZBHXYaa73vWu
ne1hnW9729vWi4x8ts2VQPkNb3jDFYuX6sSCtj/4gz9o8j8nHZ5yyilbjbO6vuX3QoEpFDiKPIis
qBe2bKOLptBjbl707LWvfe21DBiL76J/5lH8rW99aydzW6Xx3zK3PhkSp0z9xE/8xOrJT37yslhg
Hzq8lj34vfvsV+bV+NNZbLrYjftA/Ikg5srcKdWwQYHNqqT9thun4LHk3R8KHJvAee1U2kQeHX//
9V//1RkpBNLHOv9bsFE8P/qjP9pN5tjBs8nJ0IJxGM9oL8cw0n52CEqHw6j7ZKqDFbgPfOADzxP6
MhY+9rGPre52t7ut/uiP/mi13w5Q23apS11q9exnP7sz9D/84Q+v+FzBF37hF66ue93rNruanWpP
etKTOscaBtrFLnaxZr7l4UKBg6LAUeTB//mf/1n94z/+44rjfD7xiU90i7q20UUHRbsaLjIGg3CK
7lz0T03Fzb/hC3bvvfjFL15d73rXW8tQdvsT6CJYoVG+GdqJmwM6PPShD+0m+Put005cqmyP+Uc/
+tEuGH6f+9xndcc73nH1ohe9aHX+859/D2Dof84556xYoIqNe8tb3nJPnuXBwVJgjsydghH657u/
+7u73Y7YaFe5ylWmFD9p8x7XwHntVNrUwTr+0PPssrjmNa+5VUCP4w2Zp972trftZP9RnldzDOPZ
Z5/d7ZCXDpvotbyfRgF2X37TN33TeeJgZiygK7/u676uC2LvtwPUtjGvRgdj62Hf8bkCAoDsSmsl
jnglwHP5y1++m48v8+oWlZZnB0mBo8iDzKsZP9it2E3Xuta1ttJFB0m/hI2M+dCHPjQJX/Tton+S
ipvv4YuHPOQhqx/6oR/qTlZ65jOf2clQdvuzY/hWt7pVd6LbZkgndg7owAYv/Av7rdNObMpsh/1H
PvKRLhh+5zvfeXWXu9xl9bKXvax3Xv30pz99xQLVhz3sYZ2tu13NS+mpFJgjc6fUwbz6zDPPXBEn
IWby+Z//+VOKL3mPGAWOTeCcYyRZtXPBC16wUwI4/nAsE6i7znWus37GblgmKBkwtizBCxQHR1wf
98SRr0xAkw7Hvc2H2T6PhD4v6evnA/Y7yCDcH/uxH1uO+T9MplrqOvYUSF10InzO4FOf+lQXQEN3
TsF30T/jWRkaExzHmcLOjquexMfHqXv2W6eN743jmZOjZ1nwxo5zdh60AufHs+UnXqvmytwTr6Un
DsbHNXCOPcIuWObV7PJFLuBYZnEFgT2fcYz6S1/60l0BTcuyuO5973vfSTGv5ohtvjO9BM4PZux6
JPR5SV8/H7DfQQbhvvKVr1wtx/wfDP8sUE9OCqQumnv6yWFSDhuPT+agO6fgu+if8b0EjZnzYM+8
+93vXl3talcbX/iY5VT37LdOO2ZkmtwcTmQkSMqOcxaBLvPqySQ8tAJzZe6hIbhUdGQocOwC5xwV
/cIXvrDb8a0zkOMlfdZy2BusYNXJK17xiu4bU3y/mYF0SjkCi+9LsZq3ThxZTf4LXehC3atPfvKT
3fed+77xbPkPfOADKyaAOH+pg2/b4hjn/nWve13ngOB76/uROLqeI0A8/ot2sJIOQ4Gjx/oCu3yH
4ed+7ue6HcusgEbg41RFAYBvK3HUGEfxciSJ7eLbdHwnEbp/8Rd/8eoe97jHipWgrL7im0Os4gYP
vtVK+uVf/uVu5/KFL3zhDgYTSHbTsXIUfKA1q3eAAa3YQfqDP/iD3Yrspz71qV3fsROKdtWGEEei
gAd9xqIKEm1hZ/Yd7nCHFXWa2D39S7/0S913+Wg/7aDPOFmAtrHLktVh7AxtJZxIfHuW436+7du+
bf3tnP/93//dVU+r7NRnGNfwEvzLjgzaffOb37yjC6ubWkGGKbQAH1a0cqwrfPCMZzxjxeSeTxPc
+ta37j6PAL+ycpF+TOOAejhGirEBbtCO7x7Sr63dI9vS/eMf/3jHfyyOoS7S1a9+9e5bV9CklQ5z
PNI+ePCd73xn50wEH3iIFZ/QskWTFs5jno0dj1kn9OM45Le85S2r97znPR0NOXafRTaM3Ytc5CLr
qpEtfJaCxHhENnD0FTKA8Qrd2SHK931aCZ741V/91W5MIZ/gG74txa5HZE2Ox23qmsqDiStykAUi
TF5JtOV2t7tdN9Y4Ppv21d+Xfte73tW1C/qxctlynEDBqvehpC6aGogeglm/m8uD0ICj7pHb9A20
oD2MZSafrcD5FP2D/EB3QDPgczKKugEZhvwFB3QAMhU+yUS7Xv7yl3e09/lXfdVXrdhJi+5ppTlj
H75ljKAfCAgwPqADk3B0EvqHz2Vsm9glgQ0Dvb/1W791xSSMY8qRtchjdoPCL4yZOmGbsHgLfMgL
LBwx2EK1feLYQg7wx3hBHlGOyR7OGMYzeviRj3xk9x3XbXXxVB5EviAf3HmPHr7RjW601qu0n+DO
fqa3v/3tHT8xzkn0M3bC3e9+9116P/mWfNgK2DV8E5VxgY0BP3zt134tr/ck+In20LfQmXoIVpEf
RwY7SR71qEetLnrRi+4qy45O+oGxcZnLXGaFbUHf0sdf8AVfsCtv/kCmIaPIzyJRygCbQFgrcM63
11gNr+xnXJ522mmrK1/5ygm2u9+WFgDBNqM+dBFygM/MoEvQKyR4gfo5xnJqgren2p5Zx9yxP8cu
od45MjfxHXuPPEOWqXOxneDZmueAp7zgfo7ep9xxS8c9cM5R0djU6Af0EM5A5k0+aznsDVaw8wb5
hj7iO6LoFRa58y3H1vwJuxWbS14EDvMt/oYS/Mtc47WvfW1XB7DRxfAyNjf2A3OP/UiMAXwE1ElC
FiE70RnsSO4L7L7pTW/q5A/HbiN70WnYzexKavkYgM0uFdrFvBXa0S6OKUf/QXd29d/3vvftxiLz
TuwFZPS9733vTlcDA7sKGxsZDgz6jrkac0f6EFojoxjP0IqTytiJh13z+Mc/vuu7U089tWtXrVuQ
qeBBn6HvSOBI/chp+5Hn7J5GZyFXaD/toH7sDPDCD8LR/H2y/dxzz+1OO2GHFvNr6iYdxLwaO5T5
CbYUfH+Na1yjm6Mx78XX0AoyTKEFeNNmduvCB3wDFfsVfwZzDHgMfkWnYuORx0Q9fGMdfQRuwKE/
sZf5Xadt6Y79CP/BX9RF4nS5BzzgAZ0/qa6P34c5HmkfPMj807kadjI7SqFliyYtnMc8Gzses07o
hwxk4w6+N2iInYeOvd/97re2raiffufEARL9jGx485vf3MkAeBK6P/rRj+492Q+eYG7CmKcPqIc5
KrsekTU5HrepayoPdg369D/kID5Z5AwJGw/bGl3BPJL2XbVaIIxspY+hn/47yrF4i81RQ0ldNDUQ
PQSzfjeXB7Gvf7P4aOkL5DPzSP7w0zJPgp9r+4K8Y/UP8kOfJ/CZT6gb0JXoFvoBvkCmnn766bua
Rrs4TRWeMn31V391d6ImuqeV5ox950HoB9oM30IHTtpAJ6F/mAdvm/CT/mWxYaAhdEAvYpcwv2Vc
YtugQ2u/DvXqUwMf8sKv+BjQp7V94thCDvDHeEEeUY65HvYI4/lKV7rS6nu+53u6+dS2ungqDzqv
duc9p4kxfwVX037Pqxnf8BNXEv2MnXDfYsOk3k++JR+2HHYNJwMwLrAx4AcWKrYS/IQMZCE4dKYe
+Jb8zIGJI/DJt3qOg5+bfmBsMO6wLehb+hjZ25eQadgE5L/0pS+9uslNbtLBZu6K3K0D5/gHqcP6
GZf4WFunfG1LC3D+4Ac/2NUH/yMHiMtg0zD+SfQ5ft45sSfKTrU9u0o//W/u2J9jl1DlHJmb+I69
R+cjy6A3ibkIPGufJxzlBc+g51S9n7CW+wOmQBmQo1JREDtH+a9M2HZK0HynONN3inLrcC1CbKeQ
b6dMaNfPigHRPSuB1XV7yk6unWIAdM/JX/+VCclOUa7r/NKhCOQ9eROu+fJaAo57ytT1FWG6p66E
Mfa+OMM21lXjWwyKnXIs3mC5Mrnbg19xigyWsR/KpGOHvipKb52/BHc7ePRDPqeMtChG9jp/Ta/W
72J07xTjeo1nUVIdf7Ty8ox6izN5nf+5z33uxvooU5Tsugx11Pi36iuO7TU/ju3LvnzFOb8Rz+JY
X+MInKm0oEwxNDbWUxYY7JRA1K66yiRnT7ni8NmBD1ptmkN34RRjdk9dSf9iMHW8Z36uhzkeW7RI
/MouniZNEt+x91PGozA3ycESzNkpgZ01jmUyP0hv2+YYth6uJTC/wxg1T31lHJHHMtvU1aL7EA9S
ZzEyd4qjoRc/8a3HVjFCB8sU43ndJtuWV/uA9rd0Tuadc9+ihW3h2uLBMunYKcbeYLta+E7VP7Ve
AJ8ygdkpzsA9ddf1FWfjnjzZrrKAaac4QHfRfs7Yh/8ZBwm7vsfe6JNvU/qsON8H66FebJ66LvRz
jVP+Rg6i58Wllu3QtjhJmvqScVOc14Pwsy7ua108lQeLs2xUfdoRtmvuFX4vDpXBOovTY00/+LZu
c+t3cbavy4gbtBiSg8CpeR0+LkezDtZZHAJ7bIwyWRy0c6kr7WdxLAt+9tRVFmTsaQv5t6EF5Uuw
Zk9dLVqWgEazfnHuu9YyRp4Zsj2FNXfsz7FL5spccZ1ypV3IkaRzzXMJbxtdnHCO0/2oSfQJmKk4
KndK0LyzhYqTtWsBcx54pTgDd3xWHETdM3SWqTifd8r3WnfxVfJYCQZ2Y9j8XrGRMh/3Cdd8eS1B
hD1lahjouf1I2KU17Pp3jW8JSu+UgPpgubJofA96ZQHRYBnqpR+Ko22HviqO53V+5swk+iGfU0Za
YF/VuA/9Louyd4qDb40n8hT+6CtDvdixphLs7c0rDMqUhaMW6XRKjb9581oc22t+XBeeeVMWAWzE
E/9Spqm0oCw6OdvQumdejc7PVAIke8qVgEfHB5nP+zl0t2wJ9u6pK/EsgbaO98zP9TDHY4sWiV85
dTJR2+p+yni0ok1ysARYdkowzew7f/iHfzhIb9uGHq5TWYSxwxg1T31lHJHHtE1dLboP8SB1lgWl
O/e85z178RPfemxt8mcwDx9K9gHtx+7Y79SihW3h2uLBEszfKcf3DtKihe9U/VPrBfBhTnWve91r
T911feXTTHvyZLvKAqadEijcRc45Yx/+Zxwk7PpePbershk/XvKSlwzWQ73oNHRqJvRzjVP+Rg6W
QN66SC3boW1ZINHUl4ybVjwh4df3tS6eyoPllKDB9lhfWcSzbtM2N/B7WZA/WCe+QhN8Kw5DV3zG
dYIWQ3IQeDWvw8f4iYbqKp+v2mNjMHccsnOBhy9RW1lcy4KfPXWVhV++3nXdhhYAKgsV9tTVamfZ
GLOr3rE/ahkzxvYU9tyxP8cumStzxXXKlXbVtnHNcwlvG12ccJb7g6cAq1lHpaPu5MgguY7kfFYH
08uuk7XjzWCFggQnPA7NDNbi0KtpgHMLBzOOsbIquxNMdSA6yzD5KbuIunw4Nsuqqc7pXVb77XLU
1sGYhDH2Po0rJl4YOGXHzk7tBE18Ez9ocdZZZ3UTO5zsKLR0riWOteMdRQbtoU1Z4bUW2LmAAaO/
HLu6h2Y8L6v/1u+sp6wU7YIo9hHOf/IShPYZQR+MNh3RZfVc12fZv9CCSSSKlXal4yAd/LwjsCIs
6kCpElwvK6vWdep4pV8OO3Cek2EWd/C77ADeRXPwlobgOIcWlMNZBu9g6MvDwC4rg7tnBNbKbsQO
fs2j1E+fahi2nPOWmUN3ypbVyOs+KTvndnCsl92aO2VX3g4BC3kEww0+p0zy+0GPR+ozYIRTmr5i
AltOTNgpq3w7/HheVurukTPSZux1zngEtrzBGMFAhNcZJxjO0i+D4Di36NuyU379nkkx45J8jh3G
qDSnHhxptFWY0IJnLLrIsZXO+7l1SbMpPAiuObkvK+G79iBTn/KUp6zxBv8cW9TlwizkE/KPdmEM
S6NNQVX7INtuG/bjOpUHocX973//dZsZu2W19M7zn//8XX1Y4ztH/9A+eBdZIb3kEeAj2+AV7lNW
89x89FtZydzx8u///u/v0nfwljScO/YJGFIX8hbDHXjYAQRSxWFTH4vDpiuT7LIjpZOvjiXajpxF
DiNzcdDn2EqnBTgiB7EzsDG0UcAzcWRs0S7aYD225fa3v32nB8tuqK59TPZob+rNKbqYNk/lwTEL
HMA3dfEm2g69zwktOh8HCE5xxnousMTGEQ5jXDkOLuogeFEbhf6gLywDzLSpym76nbJqfaccx7+L
b+ux9bSnPW3Na9CeOtB1WRc4pG1X11V2sHf2YO0oaOlmdBKOS2S6iypruWebuM6hBeWUndIPpx19
mjwpXXMBV9Y95n6q7SnMOWN/rl0yR+aK55wrvEwfM5eB32qeS5jb6uKEdVzuR02iT8BMGSTXkZzP
dAb6DJvHZLCC8cwf4xl7MnUHDr064dxC96Fftd3rQHSWweGJHKQO7Nayk6hzerNwOh218Pi2CZvd
9mAns3AZHZs6g/eJb+LHO2xI7DyC6ciidK4ljrXjHdsHOkObU045ZY1HLmDA+Va+s969SxzQ/+gW
31lP2enTBVFsE85/YBCE9hlBH3SLjmj0Nyn7F1pgF5bdTF3wIBe7pYOfNmOjCIs6yglmnZ2cNpSO
V+pBd+FwFJ++634FzmmHdbC4g99l59oumvNeGs6lBeWQpfBO2WW/5mFg43vhWTnVrlvMCq3rRP30
qQtNWs55y8yhO2XR/dKi7FDbwbFedsZ1i/JykXvZsbgOoCW/H/R4BEdkCjjCI/QV9in2weMe97j1
c3yC26Y545E6HSeMEewZ5oSME3yQ0taFLOQvu9I63io75dfvmQcwhpEXjh34HVqb0KU5TqAFz5gf
5NhK5/3cuqxzCg+Ca9o1ZUdd1x5k6nOe85x1W6FJji3qcmEW8gn5R7vwnUijTUFV+yDbbhv24zqV
B6FFOTVt3WbGLvNe5rLZhzW+c/QP7YN3kRXSS74DPrINXuE+ZTXPzQf/lZ2THS/jo0t9B2+Z5o59
5gzUhbwtp7F04LADmHOIw6Y+FodN13LaYzd3Rr46lmg7/mNlLsH1HFvoP/EAR+QgdgY2hjYK7xNH
xhbtog3WI4xySl+nB5/1rGd1cJmP0d7Um1N0MW2eyoPpKxCv1jV18SbaDr2njcInHoENRMCVsZ6B
Z2wcE2NcOU5ZdRC8qI1Cf9AXJmCmTYVvF18Q/szk23ps5aJtaE8d6LqsCxzSrqrrKicHdPYgNo1t
5drSzegkFmIh+11UWcs928R1Di0op+yUfvjB6NPkSemaC7goOyVNtT2FPWfsz7VL5shc8ZxzhZfp
Y+Yy8FvNcwlzW12csJb7g6XAsQmcMwFBwLIbSmcMQghhkQFbBhwBQCb45jNYQV6MAJ9z1dmMgzGf
1/c6g9NZWedJ52XL8YjQBQeM47rslN8sEjC4idMRwZ/ly1E4a6Ge+EIT6ucvFxZYFvxxXPIemkJz
jPJyvEj3DMcwwtP8XMkjLums5527MxMHy/ou6cRkiPpx6iGQyIuTGXzYBUhdPHNxgGWFRTmC29bh
1b4DTgZXqE9HOQ4e83NlQkh+AjUZuEAZ8vsFL3hB9962gRt/LABIOHPvaT/tAQcmI7ZdeOkQlw68
m0sL4SaMqYEK6dlyzid889G2sXS3z3HsUz7hJc7ARC7w7LDGY40Lv9nRzASagAfyx12s2Vetcpue
bTMeEzZ8ygSJP56zQALayc+ZV9qX7yTtGgsGGpBBtNMyylQcCfaF77hmsKGWu1PrSrjcy1tDPMjE
nLb2tTd3ELb6y0Va9DGLAXDkYLQDbyggAX7qok356nbN+T2GB3NyhZM466G8gbTEd67+Sdj2MzRD
vkFD37swjt/Si3zwqHnyWo7T72gPH3oKydyxr1xPm8K6XDhV6wTfb3OVHkO2AXR3oVo5ln3XmLNu
Fy9BLyZUPufq2OAdfziz8n3qLvLO0cUJj/sxPEg+9BuyTccbzgif76deTVugtgWpz3ZDn1yExTt1
a0175Ly6OvuPCbi0xmkGjPzzFIUcW+k4q+UtZaGRzgHKaSe58AGZy06DrAfZZHC6xdeZ1za25F4r
31haJF1plzIUmIx9HA/Qql6ElXVOubcdLX3mu7qNc8a+43aKXTJH5k5p+6a8yMvkub78tq3mwz69
3wfnODw/2Gn6eQcdZ84Tn/jEbtGrWCBTGIsZsEUnI3ewnUwGK8iLvM6ksxkH41DSGZzOyjp/Oi9b
jkdlH4GnbRKLBAzQ43REH2bKE3YS37Qnc2GBZcEfx6U0heY47cvRpd0zHMPoyUzkEZd01pPH3ZmJ
g2V9l3TCWUr9OPXQpSTtVXYBUhdJvWJZYVEO+75O9h3tyuAK9ekoxxeRiTkl+dHzGbhg0Qa/lc22
Ddz4YwHAfiTaT3vAASerbRc2Dn/e8ScdeDeXFsJNGFMDFdKz5ZxP+OYD97F0t89x7FO+TrYbmMgF
0mGNxxoXfrOjGX1CwAP54y7W7KtWuU3PthmPCRs+ZVeqO1OdC8vPmVfas6Ayx4KBBmQQ7TQpU7Hx
7Avfcc1gA3ycaWpdWZZ7eWuIBwlYOnZa7c0dhK3+cpEWfYydS6AR2xqYQwEJ8FMXbcpH3m3TGB7M
QCynW2SivIG0xHeu/knY9jM0Q75BQ5ML4/gtvcgHj7aSPiH40FNI5o595XraFNbJXB061DrB99tc
pQd+674E3V2oVo5l3zXmLOPiJejFhq1Mjg3e8ffiF784X+/SXeSdo4t3ASw/xvAgZdBvyBYDii7g
2W+9mrZAbQuCh+2GPrkIi3fqmJr2yHn4gjJp2+WJAiwWqZOnKOTYYo5p/9TylvLQyMA/5bSTXPiA
zC2fdNtVFbLJ4HSLrzOzbWzJvVa+sbRIutIuZSgwGftuEKoXYWWdU+5tR0u++65u45yx77idYpfM
kblT2r4pL/Iyea4vv22r+bBP7/fBWZ4fHAWOTeC85XxhgCIMNzkDdb7jLDJQJDxWkwsjHfa+92pd
LUeceTKoBUyEFqvPEb7s6mTijWPU/HOvGRQAZguORk/ii7ADL45jRTG0yukU07GWdbWC7cDAiGdn
Fe1Nh6gKLnGwTt+l8zL7CaVEXumegTAdepb1N21jRSe09g8jJndPJi5ZX80X7qisFwPU+Cc83+3H
FQOH9tAPTIhqmDiiW8HYubRI+PbN1LZJz+yrhOu9+VrjsUV380MPFm+wo8X+5UrwvbWQ4LDGo+3C
OMMpYpACfOs/edYyU6/bjEfqIphm8K3Gjd+tPpenPOFBnMVFWcHzpDkrQc1bX91VWY+vKXXVMPkt
rwzxoAGS8i3H5iIM4OhAy0AYzxmLZ5XdIi3a8SxpMYTfpnytsmOeTeVBaQG9WvqPCWfdLvud51P0
T+JvP9dBtMzDvfKfuljAVct3xr6wkqbJh5Qdq4tZaU5+/sp39bpgffnmVreThMkzzp/UcTW+c3/b
hiH5gI5StnCsXKsu2u1CtnpRimODtqEXW+V9Zt6kqX2RY6uF91QetE6uLXj5ftt7dRs0YHEcu/xq
XaJ8rGWTZesFZdDcCar9l88IVLbwho/4TAF96k51+Q+6Y1e1ymEbyQc4KZLXW/IbGO7q32Qr20bb
0aqfZ+YbQwvyY/fSpuSnhO2ChuStfD/1Xvxa9PBd3UZpP3bsO0bIP8UumSNzp7Z/KD9jrK8fspxj
cYzez3LH8f7gpuhHDzJyB57e5AzU+Y6ziB2vmRxLddA383BvXS1HnHkzqAVe7I5j0RfjiDkpcwZ0
zrYpgwLAbKVWIEx5wnGsdSBWGDrFdKxlXa1gO+WYo7OzioBCOkQ5WQ46tGjmO3S1KfuJsUmS7hkI
06FnWX9TF7sTobV/fC4md08mLllfzRcuDOvjC/FPeLZjP67uKqYfsHfrhCO6FYydS4uEP7dt0jP7
KuF6b77WeGzR3fz0L4s32A1p/3Il+J476+SLwxqPtosAAHN+gxTgW/+Jm2WmXrcZj9SFjjT4VuPG
7xY/y1PYPpnERVnBu6Q5dmtfcldlPb6m1NWCLa8M8aABkvKd4OYiDOD66cE6kMlYrE97SzomLYbw
25SvVXbMs6k8KC2gVwasrYuFUrQv8bXfeT5F/wiTq/1cB9EyD/fKf+piAVct3xn7wkockw8pO1YX
s+ic/PyxIBs9yiY4/GXY4exCTx1X4zv3t20Ykg/oKGULG7VaiXa7kK1eDOjYoG3oxaFk3qSpfZFj
q4X3VB5MPFrw8v229+o2aMCckNPFal2ifKxlk2XrBWXQ3IX09l8+I8bRSvARnymgT92pLv9Bd4Pi
dVlsI/kA/3vyekt+U95F0LRpiH9to+2o6/a3+cbQgjLYvbQp+UlYXP/i06e1JG/l+6n34teih+/q
Nkr7sWPfMUL+KXbJHJk7tf1D+Rljff2Q5RyLY/R+llvuD48CS+C8CEMdXC1nkbsfNznsEAYM5JYj
Lh1FGDzUQ97WH+8Qyllm6j11ANuVp63yChHxTedq7ezM8q4K1Zkr7aiP1V2Zd9O9DgVxyPy+S+el
dWU/Sfd0+OrQs6zKtUXv+hm7K8SjVZ/vWvX6jqv4t9qW+ebe49AHdxYktAJawK3pwLO5tEg857ZN
em4aS+bLfrb+Ft3Jn0fe1n1a/3a3IjAPYzxSD+OLI7/FhbFJMIVv6aY8kGdt79SrtKOeqeMxnSCU
p5/ud7/77bBrULxb/NziM/AWl+zHDKrWOx+zrRhe1FkvtplSV8LzXpyGeFD+rusWRt81A1bgTrvP
OOOMndNOO21Nv6RFC474bcrXKrvp2RweVF5wGkoLfgvfOfqnhm0/10GZOp/yQP4cutY0nTP2oSFO
h6F6mLDtd/BcegzJB+letzNpljxQf37GvqyPFM/y3ps367IvhnRx1g8Np8rBMXQQxzlXx/5Q//qO
BYapey07VkbalrofhvDOoGofjyFjDZyjA1Lm1qcMWJeB6ew73+XVNg7xIfnNN5YW8i71J02tm4WA
nP4zJLfNO+Y6hJ/v6jZOHfuMkTl2yRyZO6bNY/PAlzmu+8rJvzWdWrKhD8ZxeX54U/bzviYduZuc
gTq4Ws4idz9ucthZV8sRl5Qg8Ec9yub6yjuCotskg4vorD7nqrtqxDedq7WzM3EhMADOOnOlHc84
ZnRK0kEpDlnWd+hqk3VlP0n37GMdepZ1l1pN69ZvFsKaWvX5rlWv77iKf6ttmW/uPUcWgz8LEloB
LeDWdODZXFpQ1jS3bdJz01gyX/azdbfoTv488rbVr/nM3YrAPIzxSD2ML478Fg/GJvqT04BSHsiz
lJmTpB31TB2PbMwQP67004Me9KAddg36vMXPLT4Dd3HJfsygar3zMdurbUNAMwM5U+pKeN6L0xAP
yt913cLou2IjGLCCXrSbBdWedOkz8vUl8Uua9eWd+nwODyovOA2llVr4ztE/NWz7uQ7K1PmUB/Ln
0LWm6ZyxDw3ZSDFUDxsSkmdrnOf8lh5D8kG61+3M+pIHWKyfyb6sjxTPPN6bN+uyL4Z0cdYPDafK
wTF0EMc5V8f+UP/6jgWGqXstO1ZG2pa6H4bwNh4yJL+QscohdEDKXPxUrWRgOvuulc82DvEh5cw3
lhbyLvUnTcWBhYCc/jPUbvOOuQ7h57u6jVPHPmNkjl0yR+aOafPYPPBljuu+cvJvTaeWbOiDsTw/
WAosgfOeAI8OHZgXgb7JoWi+lqNQWFxZAcS3KljBR94nPOEJ3R+CS8Wxqa6E17rXCYryRHC28uiA
TXzd5VkfQZrldXDqWEunbO1Ay3Kte434xMF87hBOmC2HnHRPmtUOPR2RHJeJgmMXZOuP1WEEv8Sh
VZ/vWvX6jqttG1qEkPmn3qvo84j6hIGT14lF0nAuLRK2bWv1W+ar76XnJue3+eSxhNOie/Ig3yni
aMRW//KMdzjhhXkY45G6xJsxzk6MPNGhr6/Ecco1aZH9vgkGNNfJT5DUHY6Wc/Lf6vN6vFmm1Y8Z
OBva1erCkDqQMqUu8cirOA3xoPydMiVh9N1bDr6FzzIfu4Ghb4unM5/4bcqXZcbez+FBjzknWNyq
R35LfOfqn4Tf18+Zh3v1EeOKI+84EaVv7OPYg/+EMXfs05fsEGNMqL/57jg0UIdPGXviM3QdQ49c
uAF+ffDUAfVYnsJ7rbzyV46bGm/zzJWDwhtadNPX7jHPlTv0JacN9fESz1kpnTAd/zVdySPeyRd9
/ZAw63tP/CEw7mcH6jz0jbKc+vjtJ3Y4FaHOz2/HUfZdK59tzHYM5RtLC5xD0BybtaYr8N2hugm/
Fi6tZ7ajhV/L9hTGlLGvbITXp9glc2Su+O3HFV5Ned4Hs8XT5G3Jhj4Yx+X5wU7Tjxb0liO3heGQ
o2csDPO1HIVZJ7utsOuRj+TlMxf8edIHY3CT8zLhte51giKjsB1ayXlZ4usuz/oI0iyvg1PHWjpl
0ZlTkg7KxMHyLo5NmK1+ku5Js9qhpyOS4zKx+dAhrT+OyGScm1r1+a5Vr++42rahRQiZf+q9Cx/y
iPqEgZPXI/SThnNpkbBtW6vfMl99Lz03Ob/NJ48lnBbdkwf5zj1Hbbf6l2e8wwlvOozxSF3izfjG
p5YnOvT1lThOuSYtst83wYDmOvkJkrrD0XL4AsC91ef1eLNMqx8zcDa0q9WFIXUgZUpd4pFXcRri
Qfk7ZUrC6Lu3HHwLn2ViNzD0bfF05hO/TfmyzNj7OTzoiZ8Ei1tJfkt85+qfhN/Xz5mHe/URvMlp
VMwn+8Y+C9LgP9Pcsc/nC/CNMybU39jN0AA8+Jsy9sRn6DqGHuguA6bg15fUAfVYnsJ7rbzyV46b
Gm/zQKM5clB4Q4tu+to95rlyh75kLtfHSzyvP/vi+K/pSr3inXzR1w9DeHriD/3sZwfq/PSNspz6
+O0ndpgPt5LjKPuulc82ZjuG8o2lBX5maI7NWtMV+O723oRfC5fWM9vRwq9lewpjythXNsLrU+yS
OTJX/PbjCq+mPO+D2eJp8rZkQx+M5fnBUuCkCJwPBUlQikOOHgQZA3QTDPO1HHE6h3RocgRwBs58
76Qb52Br1435Nl2tB7xbxyEbxOF94qszESHLN85a9ejU03GLs0KnbN8OTYJwrBZEmCZM60sceM9O
Ko9DTQdtq5+ke/ZP7dDz+DwC5y26ixN0yfet+szbqtd3XG0bhl8+956jmLyfc7V++rDlDNfRzPuk
4VxaJI62re63zNO6l57ZV0P5Ws5b250wkl9a/J510Mf+dpwc9HikPmlGXfXYZveNOwSzr8RzynXu
eJSu8Mv73//+NY2om2Cjxzu3+rweb+Jrf9f9aH5okd9NznLKlHoRj2VrOvXVJUyv5kv+8Z1XjpGC
Dvz17dpn5yYGOkfKWc5AGKvhfebVI5tqWvjeq/htymf+Kdc5PGgZ8GkFtFxQkfjSBgN3rfHYp3+y
LX39nHm4Z2JC3fRVSw6aHz5j4uBvcZw69tXRrbqAKd/W/Gm9c69j6GGboEWLB6nbRQ3keelLX7qm
B+8oz67e7Ms+fFt5lSE5tmq85ae5ctAx1qI/uBLQ6MN5zHOOxYU20ADe6iuD/oYG+d62jZWRaUvV
C5WAi9wlQPDYxz52XZcnIIEjx5Nm/d7Lo+RxAYUBpNZCO+pxkV32nfDyahs38bf5xtICu8uxg52W
eprv18GXtOegA+dpS9RtlK4t3oMXxN9yCaslB5Ou2V5pBw+OlbkJa9t7xuwYGVCPbettyQbfHdfr
wU7TjxZ0nbRDQRIwHnL0jIVhvpYjTqro0OQI4Ayc+d5gKM7B1q4b8226Wg9yqHUcskEc3ie+OhOZ
V7O4rZV06um4zW9T9u3QJAjH8cXIi0zWlzjwnt16HoeKrja1+km6Zx/XDj2/qUzgvEV34UOXfN+q
z7yten3H1bbhMG0lvu26TbJ++hA5XicdzbxPGs6lRcK3bXW/ZZ7WvfTMvhrK13Le2u6EkfzS4ves
w29288xxctDjkbqkGXXVY5t5tgGv7CvKTU1zx6N0hV+wBzIRbPR451af1+PNsvZ33Y/mhxZ8S71O
lDPQUy/isWxNp766WrA37Vxkzgwd+Ovbtc/Gloc//OE72NcmA2Es3q6T362taVHnG9uOutyY33N4
0DLg3QpouaAi20UbDNy1xmOf/sk29PVz5uGeeRR101ctOWh++Oxf/uVf/Dl77KujW3Ul39b8ua54
5s0YeiTdWzxI1S5qgF4/+7M/uwubKbzXyqsMSdlc4y0/zZWDjrEW/WkMiyG2SWwkgTbwVN+iQ+Cj
v6FBJts2VkamLVUvVAIucpe5M5serMsTkMCRT5K0kjxKHhdQ6I9oLbSjHhfZZd+1YNvGTfxtvrG0
wO5S5mOnpZ5m4T0ym/YcdOA8bYm6jdK1xXv0j/hbLmG15GDSN9sr7abI3IS17T1jNuV5H7x6bJuv
JRt8t1wPlwLHMnCuU5NdQQgFnG08YwdIy3HzgQ98YL0bsHZUsbNJGLVTFnj84SgiwEI+dqvgBPRd
HYg1oIDTKZ1l4OVOlxhr0LkAAEAASURBVG0D58B61KMe1eEDTuwgZcIOLnyTVyek+LoLL3es4Tjj
WHbpBf3OPvvsNczcSa1DEXgMeuBQDnphLAOLd7Q9g4a5u8u6oAmGM/n5y6NFgQuMdCgiTMkHzewf
lZllzUM+HMgYIraLfmI1nP2Sjl7yEdDM+iw3xBfkMfhGWRch0DZWAxqE7HN8W8fQlbbqqKVd0BI+
5DmOXZ75Jx2AN5cWlIUH4CG/QwW/EqiV16V/4u24I4/jLMcjz8E7y8yhu85m2sxq1dyNBzy+Qyw9
2JVCfdRrvx/0eHzNa17T1Q8/WD/04lvE4gB+2VdJkyn3c8YjNAI3cICX6GfGKvLCoArv6HPlBTiR
zyPoa9yBWY9XymhEAw/HAUao7WP18p3udKd1X+VR3XPqAu5UHoQvlJHQhL6zzeCa8oldqeKu/L71
rW+9Dqgjswh+0Vb+gFfrGOjsGAI+ecyXuFvP3OscHsxAKzixAIB+QJY961nP6m3XHP1jX0H/m93s
Zh1seIqgt/SxH5IGBnBwTPPttczDDgWPVgd/ddPcsa+coa7se/ChX/drAYztg87gyicT4B/ogdzo
owffdpXXCNalHMRGET+OY5cW1AU8eC95dIj35uriOTwoLbgabEZugDPPwJsTdGjb0KK/hNN3D0zl
MfBYAW9e+JDJHcFl6FQf1e6JPS0Zmf0nvBxbfA6D1f6+I+CNHKEe2oTu5B28zXfP7WMcbMnv2BS+
Q47irKWc9gjvoB3jgnFMUJrPSVgm7SjKpWwivwtl6nEp3l6n0oJyLloQF/r6wQ9+8Bo3nm8K7Fv/
putU2xN4c8a+ZcB9rF2SfDFF5m5qc9/7lK/IFnh1k/6Zq4v7cDjRnx/utP28qU2nJjIRfsbZxjN2
gLQScsndgMjVTMg6YdROWeDxh6OIAAv52K2CE9B3dSDWgALzTwIImZ7+9Kev66qDa5lvzD1zafDh
jx2k8C24IEd1QvKOOt2FRx4DeDjOOJbdBP2Ycwozd1LrUOQd9hRwSNALuxhYvKPt2a7c3WVd0ORx
j3vcuh7Km4Bb9xO2O7DpY/tH57plzUM+5tzIBBP99OpXv3od6ElHL/mgB/hP4Qtgo3eoj7LYICTa
xpzKIGSf47vLvOEfbdVRSz3QEj7kObqfZ/5JB0DOpQVl4QF4iBOTgA2vE6iV16U/eU2OO/I4znI8
8hy8M82hu85m8DrnnHN27cYDHt8hlh7YLCTqPazx6KcD4Qfrh158i1gcwC/7Kmky5X7OeIRGjlNs
MPqZsYq8MKgCfikvwIl8HkFf4w7MerxSBpvOvjj99NM73wzPScwh7na3u63fY2OY5tRF2ak8CF8o
I6EJfaeMxI+U8omNHyZ3Kt7udrdbB9SRWWnrAq+WJdDZMQR88vBHoDpxt5651zk8mIFWcGIBAP2A
LPM0UPqybtcc/UO7aC/0v+Utb9nxADxF0Fv62A9JAwM4zD/wpWce5iPML8VR3TR37CtnqCv7Hnzo
L/WnwbPEc849dAZXPplAG6AHcqOPHpyO6NgiWJe7krFRxI/j2KUFeAEP3pNOm3hvri6ew4NJN4PN
yA1wJoE3vkTaRr+ob7Pc2HtgKo+Bx6J0E3xIvxJchk71Ue2e2IMcSB5kvGT/CS/HFp/DYCOQCV8B
coR6aBO6kwRcvntuH+Onz7qwKXyHHCV4S9Ie4R20Y1yAF34XNi9YJu0oyqVsIr8LZepxSd5MU2lB
2fS3gg99/YhHPGKNG882BfYTh6H7qbYnsOaMfcuA+1i7JPliiswdau/Qu5SvyBZ4dZP+gRem6v0h
HJZ3B0OBYxc4z8CgQiuvBE7T0ZhBJvMZ0NQh73Ou7uBJh1i+r+/ze6HplDUfjsAzzzxz7dDm+Yte
9KJO+aJE5/7p2LaeoWsGFFxsYH4CSNe5znV2CVlwxngXN+jppDrLee+VI6QswzVXb5undcWZ68rS
fE/wPmFAa5z92W8GwnXkWh4DUse0z7i+7GUv63BMR7PvcWqAt857n3Otd6YS8DBIwXud8VmmtXMp
6bPpvlaICdt7600n+lRagMemcUV97CLE2BLvMWXEU/rNpTsBggwoABdHSn6fm2cYS0wwwfGwxyPj
zPYOXXM8Sssp1znjkTIGwIdw8x1OpHTw+xz5Cq4tuZrf8tWZaTlkTC1n4FPbPbeuOTxInXligzjW
/cfOSHhIHMeMR2Eh0wxqpbzyfevKYh3rmnNFJ9RtaNXDs+RBF8r05TU/VxdUzdE/HAk3VAfvUo5J
A5yWKWsZ4+iouq3stjWQPHfs13of/fiwhz1s5z73uc8ad3CxHnGcc63ratGGI+ITNnq5loOtsfXa
1752Xc5Jcwu+z+xX6mqNqbG6eC4P2kYdBOJV9zG/WXxj/jlXT4ewDvqY8epvr36+AKdkLmLjvTzQ
klvJwwZwhQnveu8VZ5mygva0+J0+TlpgC+WOeeR7LoASdt+VCTx1jZVNyH1w3IYW1IeN2IcTz/cr
cJ5241B9Kafr8Thm7M+xS6DDHJlLual/9Jc24hAdeKf+bvH0WL0/Fb8TJf/BTM+PDtQMDLb4hMBp
OhozyGR+A5o65H3OFYcmKR1i+b6+z++FplPWfDgCOalDhzbPmdttm+BHHcDW1XfFSUZ+kosNzEsA
qdYZ4IzjzAQ9c5EmZQ08CYcri28zYdvk+757nLnvfe979+RlnouD33LQmsBL9puBcB255j311FPX
jmmfcWVRFCkdzb7H30Jq2SH1zlQCHtmnrb5o7VzqKhj5LwOQ4lhfrTed6FNpATqbxhX1soswj0Ef
U0Z8pd9cuhMgyIACcAkQ5Pe5eYbdQtCAdNjjkXFme4euOR47RCf+mzMeKaMjfAg332Fbp4Pf58hX
Ukuu5rd8a7sBGVPLGfjUNLeuOTxInS27q+4/dkYavKPMmPEonZBpBrVSXvm+dd32eGpkfN2GVj08
Sx50oUxfXvNzdUHVHP1Tz2da9aUcg+Yk5pIpaxnj6Ki6rey2NZA8d+zXeh8995jHPGbX/ANcrOf/
YTjvf11Xix6cFJoJvVzLwdbY4nNwprPKKast2PnMfqVMa0yN1cVzeVBcWWCXeNV9zG/mCtuk2odP
HzNes17uWZBBYmFDLmLjnTzQklvJw7UfuTWvZuGjsoL6WvxOHyctsIVYXGxCvucCqLot9W/mTqSx
ssnThrahBfVhI9a45O/9CpxPsT2lfT0ex4z9OXYJdJgjcyk3NeUCoqRz61793eLpsXp/Kn5L/u0o
cOwC5y2nTjIrkzOUjH+1gCWvAc06QIpj0t3DrXJZj/c4UJmEUh8CF2cb7+ogEc+AjyMVJ6f4bXPl
+M/cTSROOLlZpeNvcMyjQjFuGbC+97oJPxwT6by1HHREMbfawg60ugz4ucoUGDjlWsYzqwBxklsP
7WD3jKueeK6zj7pZAd9yElI/SpR2i2MriGNQ3R2M1kt5g7GW54oRRbDGfFxR4BhU8lHmn3PP0a0e
a2894IMyyt1aHHmdzvcptACvTeOKuusFFWPKSBMmjNSzDd0ZNyw6kQ55vcUtbtFNPljQIJ0PezzC
DzX/0Vc4FHP1dD0exXfqdep4JKhVB1fgV3axErACV2nKTnTGSz7jnUdEt+Sj48d2vP71r9/Du8Bg
UYu78s07t645PGidTGRagSNkNwsDcjxZphX4YQEHjtOUGwaaKJfPpW/rCs2tZ+51Lg+iE+u+pp+Q
3+mYyUVfU/VP7jht6UdoUssx6UBdOMpbdCNQiVzJ/po79uVrxkVND+q+973v3e0mEa9trtbVapPP
2N3cqgNjfCx+npQgzNY1+7U1pqbo4rk8aDsZY3Xb4Bec+cgw821zRT/f/e53b/ITCyUMLFMHvFTr
eRZsYYu4YzJpWtugLBqrdTj5kRsEAVrtYIFgngCU8LEveF+XQz/mKRGWwUbMU2rgbWXNWNmE3Af+
trQAZ3Q0NhwnOnBF9vMHvhnIrts39fdY21O54XicOvan2iW2Y47MtezYa2uhg3xRX5EpwJ2ri8fi
dCLm224afvRLt5w6yR98AipTK1BnQLMOkOKYRG6TWuWyHu9xoHpELLs5DCinLWJe4CNHcHLuR+L4
z9xNZD3oSD5/4m9wzKNCcSrWC8zJuwk/7KJ03gofOmL3tBL2el0GJ7wnhgCDOT7BTuF5Rb8iF/xN
O9g9w5zRZzr7qBv9ZSDZ91ypH32D/8PUCuIYVHcHozAobzDW8lyZ8xOsMR9XZDLH1stHmX/OPUe3
eqy99YAPOil3a3HktQ5g6plCC/JvGlfUXS+oGFNGmjCHIW1Dd8YNczfpkNfb3OY23dyVBQ2mwx6P
8EPNf/QVC41zp2A9HsV36nXqeESf1cEV+BWbGb8YuEpTPv2FnMhnvMMOI7Xko+PHduATqnkXGCxq
cVe+eefWNYcHrZMAVStwhOxmYUCOJ8u0Aj8s4GBxaMoNZJrl87n0bV2h+bZpLg+iE+u+pp+Q3xk0
ZPyZpuqfXNDf0o/QpJZjWRdHWrfoRqASuSK9KTN37MvXjIuaHtTNvJ/F6PuRrKvVJp/hf24lTrQb
i1+9OUTYec1+bY2pKbp4Lg/aTsZY3Tb4hQXDyLD9SOjn3GSQtGChBL4FE7xU63kWbGGLMEfMstzX
Nihz75YcRG7gb24lFgjmCUBZB/YF7+uEfsxTIiyDjcj49je8zUkjpLGyCbkP/G1pQZ3oaGw4NgVx
xS5zgWQuOCLvNmms7anccDxOHftT7RLbNEfmWnbstbXQQT6or8gU0lxdPBanJd/+UeB8gCoduTF9
9KMf3ZhnybCZAsXoWRWBsfrMz/zMVVlFvCor6FZlkK0ucIELrIozeHW+851vM5CJOcp3HlZFyHT1
FuG0uuhFLzoKQnFMrIqwXZ3//OdfXfCCFxyFH20rhvHq4he/eNe2y172squLXOQig/VRpijmLs9n
fMZnbMw/CGzEy3L8aNcmaAJu1HmQyT6njw+qruKkX13sYhfreOryl7/8aD46bFocJJ2FXfMgPH/J
S17S17uu9s1hjscSXGDBUjcOGR8HmWpajBmPJVCwKsbp6kIXutCK/Iz9g0zolrJSueNZ5MZB02Rq
W+CRYrh29KAsvDKUkOvQkATfHdSYH8Jh07s5PAgvlRMlujaVo6ZG99Nc/bOpDa336FPqg+70GbTv
03dzxz60u8IVrtDxq7wBPairT860cD3oZ/QX8p0ruu7Sl770keLFOTyYNKOfkaPIqYOiO3Vgn8FD
1EUfH5Q8RGZga9Ff6PIxbUJOl8DsmizIzj5+NxNjBLuOfAdpk1jfflyLo2NVHIqrEjhflWPtOrz3
Ay60nmJ7bjP2qStt4yG7xLZRZo7MtfxyPRwKbLIJDgeLk7cW9LA2CfZXcXCu59XFGTx6PjSFgtit
zquH7IwaJvNqyiJ70SVj8FMOOK++3OUut3GeTBl1A7p/0zy8xnPqb2Qb+st5NXUeZLLPoeNB1YW8
d149xT9z2LQ4SDoLu+bBIXvXvsEeOazxWBZ7rOfVjI+DTDUtxoxHbHHn1eQ/KDvSdmPXIGvwKV7i
EpdYHTRNrHfsFR7BtsZ+J22a98NH0JCEbXxQY76rYOa/OTwIL+G/o03osLH9NFf/zGkacwbqA0fm
1dC+b54xd+xDuyte8YrreTW8AT2oa8xcaE675pShv5DvXPm7zGUuc6R4cQ4PJh3oZ+a6F77whQ+M
7tSR82r6+KDkoT5u+gr7aQwvIaf14UEbxmQfv0s7fU/Oq4+ifBJXr2UTw+rGN77xqgTOV+V4+n2d
V0+xPbcZ+/Qrc2Rt4yG7xHZTZo7MtfxyPbkpsATOT+7+X1q/UGChwEKBhQILBRYKLBRYKLBQ4EhQ
AMeFgZ6y02RVdresymr9VTnRYfXMZz7zQAJhR6LhCxInJAWWwPkJ2W0L0gsFFgosFFgosFBgocBC
gYUCCwWONQVyXl12OK9uf/vbr8qpJ6tyosPq3HPPXebVx7r3l8btFwWWwPl+UXKBs1BgocBCgYUC
CwUWCiwUWCiwUGChwGQKsNOhHOO5Kp8uaZYtn/dYXfe6122+Wx4uFDivKLAEzs8ryi/1LhRYKLBQ
YKHAQoGFAgsFFgosFFgoUFOAeXX5XvrqpS99af2q+10+77G6/vWv33y3PFwosFBgNwWWwPlueiy/
FgosFFgosFBgocBCgYUCCwUWCiwUOEQKcMzvne50p1X5hvyuWss37Fflm4Gr8s29Xc+XHwsFjgIF
lsD5UeiFBYeFAgsFFgosFFgosFBgocBCgYUCCwWgAPPq29zmNisWnmdiPv385z9/dYMb3CAfL/cL
BRYKDFBgCZwPEGd5tVBgocBCgYUCCwUWCiwUWCiwUGChwMFTgG9Z8s0zriS+Lzf2u48Hj91Sw0KB
vRRYAud7abI8WSiwUGChwEKBhQILBRYKLBRYKLBQ4LyjAPPpD37wg+t59eUvf/kVf0taKLBQYBoF
lsD5NHotuRcKLBRYKLBQYKHAQoGFAgsFFgosFFgosFDgJKfAEjg/yRlgaf5CgYUCCwUWCiwUWCiw
UGChwEKBhQILBRYKHEsKLIHzY9mtS6MWCiwUWCiwUGChwEKBhQILBRYKLBRYKLBQ4KAosATOD4qy
C9yFAgsFFgosFFgosFBgocBCgYUCCwUWCiwUWChw3lFgCZyfd7Rfal4osFBgocBCgYUCCwUWCiwU
WCiwUGChwEKBE5ACS+D8BOy0BeWFAgsFFgosFFgosFBgocBCgYUCCwUWCiwUWCiwgQJL4HwDgZbX
CwUWCiwUWCiwUGChwEKBhQILBRYKLBRYKLBQICmwBM6TGsv9QoGFAgsFFgosFFgosFBgocBCgYUC
CwUWCiwUOB4UWALnx6Mfl1YsFFgosFBgocBCgYUCCwUWCiwUWCiwUGChwCFRYAmcHxKhl2oWCiwU
WCiwUGChwEKBhQILBRYKLBRYKLBQYKHAIVJgCZwfIrGXqhYKLBRYKHCcKfBXf/VXqze+8Y2ra1zj
Gqsb3ehGx7mpS9uOKAUWHjyiHbOgtVBgocBCgWNIgSVwfgw7dWnSQoGFAgsFjgAF/uIv/mL1ute9
bvXFX/zFq5ve9KZHAKMFhZONAgsPnmw9vrR3ocBCgYUCCwVqCiyB85oiy++FAp+mwH//93+vHvnI
R67+/u//fnXxi1+8e/oP//APq2c84xmrL/qiL1rotFDghKLA7/3e760e//jHr654xSuuPvjBD66+
4zu+Y3X7299+X9vwmMc8ZvWCF7ygC5r/4i/+4uoCF7jAvsI/DGC//du/3dHpsz/7s1ef8zmfs3rK
U56yushFLnIYVS91NCiAHH70ox+9+tu//dtODv/nf/5nx2OXvOQlG7lXq+PAg82GzXz45je/efWa
17xm9fa3v311qUtdanWJS1xidZvb3GZ197vffXW+851vJtT/V+yHfuiHVq9//etXn/EZn9E9OCi5
MhVJeOass85ave997+uKXuta11p993d/9+r85z//VFBHKj/2xxlnnLEiUMd4+LZv+7bVHe94xyOF
43mJzL//+7+vfv3Xf331q7/6q6t//ud/7lC5zGUus3rAAx6w+sqv/MrzErUDrVtb9eMf/3hnr37X
d33X6qu/+qsPtM4F+P+nwBI4//+0WO4WCgxRAFmF3vrQhz7U2SLk/bu/+7vVueeeu/qSL/mSoaLL
u4UCR44Cv/M7v9PNT650pSut/vqv/3r1nd/5natv/MZv3Fc8mas/97nP7YLmb3jDG07IefVv/uZv
drS5whWu0PkgnvOc5yzz6n3lkmnAkMPf/u3fvvqbv/mbTg7/x3/8x+qnfuqnVn3z6uPAg9MoNJz7
t37rt1b4uN7ylrd081/o9rVf+7Wr+9znPlvPq5/5zGeuXvva164ufelLd0gclFwZbuHet/DMox71
qNWf/umfdi+vc53rrJ70pCed8PNqfPzf9E3ftLrc5S7XjYczzzxzdZe73GUvAU7SJ8yrX/3qV3f8
/k//9E8dFZjzPPjBD17d+MY3PrZU0Vb92Mc+1tmr3/d937c65ZRTjm17l4aNo8CxCZzjRHz3u9+9
uuAFL7in5TD/TW5ykxUOtFYaKmt+AqfAqB2vCJGf/dmf7ZzHH/nIR1ZXu9rVuoH1Z3/2Z6tPfepT
q+/5nu9ZXfSiF+3AvO1tb+uceS1n9cUudrEVhjflW+/F47hdP/GJT3SKl0D0/e53vyPV9n/7t3/r
Jip/+Zd/uYvsv/Ebv7H68i//8l3Plh8LBY46BX7mZ36mC7qI5w/8wA90AQV/78f1Wc961uoJT3jC
6mu+5mtWP/7jP35kJvjIY4yeb/mWb9m4Yj/p9Fmf9VkrFhz06Y79oNkCY5gCtRze1CdHlQeHW7n/
b3d2dlb3ute9uglPDZ0AOvbStgGfb/7mb179/M///C7wByFXdlUw4kfNM0dNHo1oQjMLcuyrvuqr
1u+OAq3XyJzHNwTKWRBS22ughX3JgqgTaSEX4/ecc87pgko5j2iRueb3o8YXOF4IMPzv//7vHvSZ
n13zmtdcXfWqV93zjgfbzM8++clPrn7lV36lk1E4iKmD8fM///M/nfxjMc3/+T//p6v3z//8z1d/
/Md/vLrQhS60Bw+eXf7yl1994Rd+4Xo+l5m2laMJ6yjdsxCKBVd98+qb3/zmvTpkqKxtZBEXMOp5
9Yc//OHOiY/zmDk2Jxgxtv/kT/5k9V//9V+rJz/5yet+wHFN/ta8mXn7la985dUXfMEXNN+Lx3G7
Mq9m8cyXfumXrh70oAcdqbYjq6597WuvGG+Z8I98xVd8RT5a7hcKHHkK/ORP/uTqnve85xrP5z3v
eV1AYf1gH25YvP3Yxz529fVf//WrV73qVUfGjnnve9+7etzjHtcFYG9xi1sMtjTpxKJ0yh5XvTlI
iCPyspbDm/rkqPLgYZMTu5yFMb/wC7+wp2rm1cw/LnvZy+55N+XBXe9619VP//RP7ypyEHJlVwUj
ftQ8c9Tk0YgmNLMgi3LR3lGgdRPR8+Ah9vcNb3jDPfYaqGBf/sEf/MGR0UdjyMP4ffrTn97NK3Me
0Spb8/tR4wvm1SxI65tXY2cTU2ylbeZnzKuxQ5BRnPB59atfvVuoz1z+He94RxfTcz7//ve/f/We
97ynOa++8IUvvMKfy9gzTtrC9ag9OzaBc4wyVs/1JXag9O042VRWmB/4wAd2GXq/9mu/trrb3e7m
6z3XdPAzAK93vet1E/w9GeMBZQjcwPAnQ9IRfFQd2ygNVmLicL33ve+9euc737laAucnA2cevzbi
cPzXf/3XFU51doUfhHMdJ/WP/uiPrphEHyWHHYubHvjAB45qM3TCqcdKypThx48jTpwWseKTVcFj
+uSo8uBhU1vdSr0sGjn11FNX7Ehl9ToT/Fve8pZbO9Rx0PNHYOlHfuRHVj/4gz84aowdBi3gGQIq
6G0M8xe96EV7AjSHgcd+10GbCCCx0/wgZPh+43tY8JTx8Pazn/3szoaGVkzsCHhe97rXPSxU9qUe
5gy3vvWtVyzIHbN4i3HIThXaftT4AsfU0M4EgnyPeMQjmnSbOz9jvsYOIHigL2nL40zhBA7mdJsS
cq4+5eG4BgBe8pKXrFgc1ZdYDNHXr5vKCpMFL+loRn8PnYSUDn7GCI6hf/zHfxRc80oZfAAny4Jn
HcFH1bHNmMTpx4IMghAEzZfAeZN1l4dHnALMF//lX/5ldfbZZ3e7wg/Cuc7iVObst73tbVcPfehD
t7bb94uk7FBmp+aYNkMnnOgskksZvl+4LHCmU+CjH/1ot5OSE7k29clR5cHprd6uhLoVKATg0LHM
NTnKnh3ijNHWIr4ptWLLA5PAEqe6PfGJTxw1xqbUMTcvPIO9dac73WkF37zsZS87FvNq2vSHf/iH
q1vd6lZHhtZz+2g/yynjmVfjQyGOxcl38Dt+letf//r7Wd2Bw2LOQCyQ2A5jedPcDZ8ZAfanPvWp
R44v/uiP/qgbg31Ew+/H3LqV5s7POMWR0+yG5lza8syrkY/M6TYlgvCnn376pmxH4v2xCZzjHOPo
FCZiCHJ2l3CkyOd//ud3O7+ZiPcNEBwsHGdKJ+MAtjyrnznikaNhMSpQiK6MR6mxCocJIKtNCdp/
7ud+bnfMB4zKcUp10IUjTRE4wmdVGavtSazqxyFDQkCBDzvQj3uC9je4wQ06R9RRd2x7BLDOtuPe
N0v7jicFOLaZye5Rc64fJLVZHcyJFmPbjMxnhxPGAUaAR1EfJI4L7GEKcIILwV76ZEwgaRja8X8r
z3/rt35rtwL0oFt8FOWK45gdi0fdvpjSPyzswT4dK8+mwD5R82qf/diP/dhg4O1EaZ+8O0XeHcUx
CL1xBBK4ZGU8czOcMQSfmVPhUGcXOIsbWmnO/Iy5HAE55oTMy+AJ4OP0w2HAqSSktOXZbc7uCfGj
HHM5nKA4iVgUZGJxMw42U9/c0vcn6pV2QyPmxS996Uu73Q2cfsAObvoN52kGvbOdOFje+MY3dvNq
HMCWp6854pEFyRzb+3Vf93XreTX9w3d84XkC9hx7/Hmf93ndLi6Oz+QzDLWDn8UOHPUtfE5ZYcEJ
id3oP/zDP9zdM6/G0cQO9OOeoD38znGjR92x7RHAOtuOe98s7TueFODY5m/4hm84cs71g6Q2ixVx
do8JnIMHNg1+UxZBI6OWefVB9s442MyrmUvQJ2MCSeOgHt9c8vzDHvawbqHqQbf0KMoVxzG22lG3
L6b0Dwt78BWMlWdTYJ+oebXPXvnKV+77J0jOC5rIu1Pk3VEcg9COeTW4Ma8m5sgcCJufORW7wm96
05t286kWnefMz5hXM7cilsm8DJ5g8QSLn5///Od3nzWlrrTl2W3+rne9a40f5QjoM69mvLEoyIT/
gk20Rz0dm8B5EloHGk4TVkRNTZYneI1iaCUdVBiBv/RLv7TrKLsMqqdjRjh98HOHxH45RFlVg5OH
YxUwkPiGB4OJYDVtoH33uMc99qyQ+93f/d3Vz/3cz3WOBhwOLBiAoVk9AgwTAwnYOC5IwGZFD84K
jkYkLw4Qdn60Eo6qU8o3I250oxt1gzCP0mRg5W/K4whhkQHfHEYwsHKIPxwiL3/5y9fHcYInO17z
28Tkx3nH6hccz7SJQYwDj7bh3BlK9lurT4fKDb37/d///dWb3vSmDk+EIM4kjri+ylWu0gkUeIlV
jbSZHbMci1VPNlg0QttpmwnnFN/a6eNfeA0DkLbIFze72c26+9e97nWdAOb7zpmgH04q+B2hS98w
vtjJRRmCWq3dKQhNcEOAyidf9mVf1rVnaHxyRCcCmhVf9A27RTgSBH4mcdzmaaed1jnSxJO88COO
WdpFogzONBepmNfrHFpYduqVvmLccXIBNCSxwIYjxFFIuVKVvNAaHmYMMrboM/iXtrHTB+Od8q3k
MS4eichRozh7OaKZRTv7JWNQmq94xSvWR7HkuGzh5RjmHfwJrxPUeutb39rxFIof3s2x24Iz5RkG
xcMf/vBOYfN9RY6UIWFwtMa9QQscubSN7/vgtIXuyCscv9CzlebwYAvOmGdTxv62dEcnEIBgck1i
DN/udrfrghEcz8NOCI+9FXd4gwAu8gFHO/KMSToO974TYChLHexmQx7SP9SFrCAYgl6pA+eHzYPI
amQTxx0xZjkKGlsAHkHGoReRN+C9bRqri60H2iEboTm7YAhOPf7xj+/oz5hiVTx/fB5mP5OB+jFy
Za4uxtDGLkFv8fkExi98BD8RzKmT49jAOX2lveK45xn6AdrQf+zUp/+0LYCZehrckb2svCYxAWMC
QXAJWOxwB0/GGzIYOwN7C77n/X4kdBYwpTX1IKeQT9TBlQARdlAm5B76h7zoVxI2Gicn3eEOd1jL
QtqPTcFuZ+kETPIRKOMbd9BKGc27WhczeaIeZAOJRazoMAKU5H/a0562y27uMk38h0yhv6DxM57x
jK4f+FQIuhSaYMPQFoKg5Mk0lQeVn7Q5ddwY2zPrHXPP+MWO5pQI+oAAJHqetphax2fnGOQYPSaz
2uHYwwYUheF1LF+Yf5urcyd2xjPupibt8KH5GadqYJdCM+R0LkKGhtSLTnf8JA59+LGrEDsNG7g+
Ieu4Bs6TLjrQsB/5tuXUZHnGC7zZSjqo+Czab5YjCJPHM6iejhnhCJ9dQ+xqNGFnu0NivxyiLJjn
JATkGzIIPuOUJeaxtIH673vf++6R98z1cDQz72Ueh0xCRt/5znfeZU/CoymjmVtxWhQnSmDzUR8L
4gjUtRJzLvQT8hY5nfNo9EP+pjyLRZBvHJeIzkS/8Qee2Hx+Vxk8mXMo9ymLLGSegl51XogdiB1P
29Qf5G0l+63Vp638Y54xv2Lc0x7scXQBcwxOJ0DvwEt8m5U2s+kB553fkxU+i0Y4PYu2meAj5uHJ
X77jSvvhCz4xIF/Qd+g75ArzNxaLZIJ+zOmwa7Dd6BtkFzu5KIMOoK/rhE8AXmM8qsuZI9OeofGJ
zQp+0IB+xI7APgJvErqAhdU5/8duhx+ZR9EuEgsz2FiSC4i6F5/+N4cWWX7KPX0FLZhDOj8B/4c8
5CHdHCXtLvJCa3iDMci4xV/Ajlrahh+EY9FZoNNK8BJjivaRyIc+oD9wWO+XjMF3x9hz/OS4bOHl
GOYd/Amvgwt6Ep5C58G7OXZbcKY8O/fcczs/Gz4q5tdj5tXMk7Bp4HnsFfQwdGehOqfOINtaaQ4P
tuCMeTZl7G9Ld3TCC1/4ws6HCW6MYWxxTxp69KMfvbpq9Rkb/brIB2hHXnx+2OfI7b6E7Y1ehYfh
A+QMf4xh9ApjJ22Zw+ZB5tXIJnBhzGInIHPhFWQcehEbFpy3TWN1sfVAO+1kbFDGOvYj8htZwnyU
v/2eVxuoHyNX5upi5lDIQGhP/zOvho/gp9aCVmQR4xj/HfYMfaW9onzhGfqB34xxTkmj/7QtoGvq
aWDiM0EfkfCjABv5Byxsb+adjDfmRthOwAIP3u9HQqbTXmnNOEEGo7+pg7F21TIW8Tdkgi/QP+Rl
vkVCjuELYF6sDKf95GFcSSdg4u9kHg6N4HX4icS7WhdjswADHxgJvwc6DP86eHJCQdrNXaaJ/6gX
XKDx93//93e+ABYO4++DJtgwtIX4SWtePcUeVH7S5tRxY2zPic3q/GLY0fANfYDthP6mLaYW7XIM
4tNj4bV2OH5P6NJKY/miVXbqM/iP+QC6hHE3NWmHD83P/rJ8hgI/DjTD3slFyNDQT1g4fhKHPvyY
V3PaG3zPfIF5RD0/SThH4r40dlQqinnnRPkrxiGjYKc4V2fhPKZ82R3e1VF2mzfrKMHPnbLDcac4
cPa8H4JfVmJ0cItC3lNuKv2LUdrBghZ9f8Xg3ylOgHVdZWDsFEd7b37gFIfqOn9REoN5rbccc7Eu
U3YTbKyDcsXZuVOCfutyJTiyUyahu+qDXsVo3/XMOosRsC5blM1OUXjNfOQvSm6HPEM0Huq3oXJD
74oC7sXJduS1KOJdOBZlNlge+kC3xKE4+QfLUF/SjrLlpISdYqAMlqt5iXJlMj5YpkxWd+EmnkX5
D5aTJiUgvy5fJhGDZYpS2YFfrYPrHFpk+Sn3RUkP4le+t7kLt+c+97mD+aEBfFuM3l3lwKk4dzeW
3Q8ZQ10/8RM/saeuPtitMWxf5hVeQk5MoW+dtxiSHX0SbuueMViMqF11fehDH9opzoc97bJ8LZus
ew4PWnbqdcrY34buxdG2U5ygvbSQJrW+RU/4rnVlPKJvst1lsrRTnISD5eD51AuUP0weHDO2aG/Z
rbirbdnOMfdTdTEwkW/Qp0XvfJZycwwuY/KUnZxdvX1jXxhzdDH8Cz2zDfX9937v9/aO47I4rrNz
0GO1HVAWJe2UQHSnJ9O+QAYpFyif9aFXbU9xHu56l/nyvjh8unost821BBl20bqlW8pijl22HfKQ
Z4lT3sM3JeDStavPrpNvWrrJd7Sr7ErtrYc6W2N4Dj3KopLBeqjL/k34U3mwJT/H2p5Z75h7+Dj7
pe++LAxe86BwHYN9ZUqwek+ZKXxhPdtcxXGTnOirY4wdTv9CA8Z6cbjuaTN8U04h22Ec1fUM4QeP
Axd5oGyg/MmQSkCuazs0m5PGlC/H9XV13P/+929WUZwqO2UByE5xtux5PwS/LKrp4BaHzp5yUx+U
gGwHq2+M8bw4gHaK02wNugRvd4qjfbDcL//yL6/zF+feYF7rRg6bitN0Yx2UK87OjuctV5zkOyU4
u6s+5tRl8fuuZ9bJ2DEV5+pOCdA185G/ONh2yDOUhvptqNzQu+Lw78XJduS1OOV3gTvnnHMGy0Mf
6JapBFMHy1Bf0o6yxUG9UxaJDJareYlym3w72OKtVBYCDNYlTcqi1XXx4tgeLFN2HO/Ar5nm0CLL
T7kvQc5B/MoCiV3g9N3Z1tYVvmX+WSf1SquMz/ZDxlAvvhFheu2D3RrDlskrvISc2CZhG0KfhNu6
ZwyWBYC7qioLoXfKZyh7y9ayycJzeNCyU69Txv42dC/Bvx38xy3a5bNa36In8n19z3gsiwx2NbsE
pHbKiS2D5ejT2pY5TB4cM7ZoK3b3NmmqLqYu5NsYnk+5uQ2OWbZsFOr6rW/sm3eOLoZ/oWfNQ/m7
HFPdO47xC2HnoMdqO4B5F/Omeowgg5QLtV8JO83U8ukkXt6XoGVXj+W2ueJLBa60bumWsphjl22H
POSZ+NRX+AZ/FanPrpNvWrrJd5QvQezeeqi3NYYpNzWVRSKD9VCX/Zuwp/JgzRvAHWt7Zr1j7uHj
um9av/Gl1Mkx2MrPsxKsrot0vrixfLGn8IwH4ijvTgUxxg6nf2kvY70soNhTBXxTguddTKJ+OYQf
PA5c5IGyoS5/lH6z0mJUqp0LR/n3GMfKEP5jyjvBp7MJYJSVSqMDPUPwZd65TiXbVTsUmWBjgJWV
QDtlBd9agKRzGCVXdoav35111lk7DAQc+ARS0+maQZKyynenrDZdlysr3XdwMJUVUTsGhgk0lRU6
nWHGhGRTEBa6toJTZTXMDsGpsuJvXR95+SsryXfKyqCufQh1nWIorQwmoJx4hrO8rKBew9nkzB3q
N+k+9Qoe6XjHiCEwk859JrsGoKGJwSYWZ9h2DHDoTcCv7I7bEVfe00bxyj7GQUufsHACuhKUF172
L2XL7sXuHfUzieEZQS7obZlW4LysQuzeEySD92gv/EIQgXJDZXgPLzGRweGbNJHHCISAS1n9tMbD
dyxaKTv/dli0IY44SKABZebSgrJz/gxuwGfwIEqorKBcjx2eI0eETT8T2M92wx8EN5Jva2d4TkAY
BxgiKK3kCeixrYwRT/iAvmVclp2tHa2HYCNTkufBEV6GPuVEhXVftQID1jnmup+Bc2Q8+GEgyUss
7kg85vBglp9yP2fsz6E7YyQn92UlfKcL4LGnPOUpa1pAk5QZ6ThDZqAPkDXIGXmEMjn+qQuHufQl
OIGeLbsmd8nvlpw+LB50DIMjfIvOgQ8Iwog3z5n0Ieum9GnmTdkE3LG6GN3KGCq7wnbKKuY1Tizi
w3FSTlvoaMzYyPr2434o4CR8aEL/Sauxuhg6WwZdgq5DvqeNwfta7rgABj6DpshO4YAH4whbSfx4
r2yijMExxg7Oat9lPWXH+U5Zrb+GK3z0K7q7nO6xfldWh3eL0Kxv7hXbhnqQS8AoO6jWdTBG0RvZ
x9KBMvAndMcpgI5J3DPQWNMWXS89KMcEzbYSZDFAmX1cdgx07YUvy86n9WKk1hieQwscHeg1eDtt
17JLp3vGIpxHPvKRnV0k/MQP/Mfy4Bzb0zqnXPcrcF5OOOhkMnTX3kIWa4eD0xy+mNKWVt4xcqJV
zmfaMalvfOcV3pc3yV92tuziAfO1rkP4qXdTbwHjZEjOTWtH/ti2jylfdiat+w27n7nJ2EDPEPzy
2bYO7lynkm1ED8hXyg5kUNnFt3PKKaes36VzGOcgOsty2E2MOxz4jM10riVtmRukPVx2Yu3gYCq7
AncMDBNoKrv0OvSg06YgLDi0glPIbuZ15YSaNZ7ii33D/J/2oTtoLwm+z2ACthrP0LM5L9zkzB3q
t66iGf/AIx3vzIGwWdO5j840AA1N6A8SizNsezlBraM3AT90nrjynjaaso9x0NInBBSgK3NO4WX/
Upa5MO+ov+yw6sAR5ILelmkFzsvunO49QTJ4j/bCLwQRKDdUhvfwEnNI5jNJE3mMQAiJ+ah4+I5F
K9gBuXiu7OxeLySYS4uuwhn/sGPAET6DB5kL4Bdw7PAcOWKin5mfZLsJ2GAXJN/WznCdxtTFOMDm
YV6TPMG7bWWMeMIH9C3jUh/GEGxkSvI8OMLL0KecqLDuR+Yw26T9DJwj48EvbVBs5kxzeDDLT7mf
M/bn0J0xknPdcpJHpwvgsec85znrvoKfUmZgk/OMP2QG+gBZg5yRR3iX45+6mPdZjuAEehZbJuV3
S04fFg/CA+IH36Jz4AOCMPncjTZT+jTzpmwC7lhdjG5lDOF31v6kPIv4yukUnQ8PGjM29jsNBZys
a64uhs7SF12CbYF8TxuD97XccQEMfAZNkZ3CgY8YR9hKJt4rmyhjcIyxw0JE32U9Zff8TtmluoYr
fPQrurucoLF+V3aJd8F765t7NXCOXCLlJgnGKHoDv4NJOoAbfIv+KSe5dAtXEvcMNNa0RddLD3ST
8w9glp3l6wBl9jH+VnQ0fMm81MVIrTEsrlOuzNfRa/B22q74oXiGf4mNXrTflPiB+1h7cI7taZ1T
rvsVOC8ne3QyuZxstba3kMXa4eA0hy+mtKWVd4ycaJXzmXZM6hvfeUW+OQ7JTwwtecB8resQfurd
1FstGEfl2RI4LxMOBnz+qRiHHDMIfAJ0MpFXdikSgERo6GRM2NwLPwNDOF8xFIQDk9Xlxv5m4lqO
X+9g4ShjgGdZhKJOxnQAIYytH4dnluGeQWObKQcc8xjYxVmXu+zTSYmTwPxeDfALD5j+5U5483u1
PvDF2dtqo3kN1KDYEAo+95oBLwKTPq+v9tsQX9Rlxvw2GFOO+VvT1B0S5Rt/HT5MBOEtHc7wnzti
cRK36ilHiHT9mc5w+tAFEK12uFOs7qsXvOAFHSz6qeZrA5QE2OC9Ghfzs3MVQcvE1gCG7bEM7ZTH
ytEhu+qinCsUWZCRddk3nJZgMF2YXJNf5IG5tEi4c++hBWODsUJfupCk7hP7HT5HPmR9GgJJd2jt
2KbfMdKyTAZYMviTeba5l5c3wTZfPSbpU/EvRyvuwn0OXsgQYMq/4qWMQe624Ob4wpmSeZQntayY
w4MJd+x94jZl7AN/Kt1x3KgTpF3imTvs5V140MVZtT6wrBMlYOME5HkG23FKmZcr48WTUGqZkfm4
t40tfDOv+abwoDKVdjHZT3ieAIDOBd98N/V+G11sXbavlpW+3++rE74hujt2apqLS0sXp8MSnZBy
n3L81uiHN5j8Cs+xwiKM5FXGKvrEfHmVbi1d57u6jam3WjYX9pTjiMlw1jfnHh0GPJxlyElhM25q
+gBf/Qd9MqBu3bYLOLnQLvvDcWoZHXw1nVy4RV0EG8zPFToxjtFNaSdmnrn3trFeSFbDm8ODCcN6
oNUm2zPLTblHb0E7bDXoyBjgmXqLawueYxB7Iu0gnM/A4S/Hh23h+RS+aNU99pk41mNobHn1rPqm
r5zBUscGV+QOsgAHXZ+MFr+aj3Dw0d/A0S637qMyoT9IPJSxQ46VofrHlMcJQ4Au+4x7HIMEIHH4
62Ss6xI+ssyE8zVtXnTA3ISDuBy/3uGGowz+yYQTUydjOoDShkKv14ldSLaZcsAxGdjFWZe77OE7
gx44TutkgF94wPQvd8LX5awPmuPsbbXRMgZqGFMG033HNQNeBK77kv02l6/64GKf0Y5yXP2apizC
5BmLk0g4n+EtHc7p8ERPtBI2t/Rx1w196AKIVjvcKVb3lfKXfqr5mvkpeBFgg/fqZH52rqLzCXIZ
wLA9lqGd8hiyy7K8p5yLY1mQkXXZN5yWYDBdmFyTX+SBubRIuHPvoQVjg7FCX7qQpO4T+51+RD5k
Qu7zPOkOvRzbjAvmjZkywJLBn8yzzb28vAm2+eoxSZ+KP7botgkZAkz5V7yUMcjdVsrxRcAok/Ik
d53yfg4PJtyx94nblLEP/Kl0ZyEfPMaftEs8c4e9vAsPujir1geWzR3i+JdJGWxn7pGJ8eJJKLXM
yHzc28YWvpnXfFN4UJlKuwg8ZiKICZ3QueC7TdpGF1uv7atlpe/3+zoUcLIux05Nc9+3dDHzX3kQ
nZByn3L81oaGN5hzmBwr+GOTVxmr6JNWkm4tXee7mrdSb7VsrvSTsFh824QOgyYsCqvn7DV9qEv9
B30yoC4etguYudAu+8NxapkXv/jFHQ41nfSDUJeL/CwDnRjH6Ka0E32/zdU21gvJaphzeDBhWA+0
2mR7Zrkp9+gtTuPAVoOOjAGeqbe4tpJjEHsi7SDm5MDhL8eHbeH5FL5o1T32mTjWY2hsefWs+qav
nDEiZQdX5A6y4CXl1Mk+GS1+NR/hY6K/gaNd3lf3UXl+0gXOYXRW9g457cY6ZphU1rvukplwEOK4
1bniVfgcC8pOEHeDWLZ2ellu7DUDgq0AOHBQEDjlmDAZ2GTAgUMGcOs63XmMo41Jmu8ZMJStnU1M
6JyUtRxdDFLK1UcfCrfvan2tAEaWoX4XETAo813eu6MNJzA8ku+8t99a7TDPnGuLBrZPehoAkO6W
gXa0j9WjOND9I8gqvpYBt6QHZekbeLh8s6MrywQQBV23w6M0KFO+n7aDoVu+t9f1N8Y6xpN8lGUx
EM4qq9Qo1/pL3ChH3TyrnwtTB3/yi7QBPkELVi9LB67QgiCn9dt/c2khLlOvKGmUhs5X8cmruAnb
tkGPOghhgCJ5Nsc+fSmcvDpJmeu4Tlj1vXy5Cbb5sh+FVQe5fb7N1fG0CS/rGKK7x7Um3c0/lQet
b8pV2lHXlLFPHZYdS3f7YminLE5RcHGxDXwqj3OsXKttjD0XSLgAwbrArSWDWRxFPX2ywXps46a+
Nt9YWmAYuyAAp4/1eTV4ugk/8w9dt9HFwrV9yae+O4jrpjGW8naKLlb3QFfslhbu2CLyXPZNjkt4
h7/yzbEmDOEm3Wqd5ruat7KeOsAsXJ0QaXP5bupVPGwTV8ZPHxxtAfLVtgIT9TzVoW6bZbFLDdhC
b/oDeLXOQgfZF0yo2PUNTGwMdPMb3vCG9e70PnznPN/Ef8Ccy4OJj/Vssj2zzJx7eWqKPBE37Ubr
hY+Vt9lf9u0cvhD21Ks41nwmHIJ+nBTk7/oqztmOOo+/sf3kRdqYf9CVBZzm9Sp+LEx1fiavUx6e
rhcZHJUJ/UHiMeRYwfnESQZDTruh8ok3jhcX5WR/eY+DEMdtnYTPsePsvHX3reVqp1ddftPvDAi2
AuCURz7ilCPoZnBSfsoAbl2XO49xtMGHpj5nE05cdyyiC+qkAxhnlnjUeVq/ra8VwMj81O8iAhbw
9iV3tOEEhkdayX5rtaOVf+yzFg1sn847AwDS3TLwDO1jJww+FP8IsoqvZcAn6UFZdqrDw+hkyjJX
Y/5XJ+SI/MmCcQJ2nGoDfsg3fFWt/sM+HvI9JW7USd08q5+Ljw7+5BdpA34ELdhBJx24QgsX+JPH
/ptLC3GZeiVQg12h81V65lXchG3boEcdhDBAkTybY5++bCUX5M11XLdg+ky+3ATbfNmPwqiD3D7f
5up42oSXdQzRXTs/6W7+qTxofVOu0o66pox96rDsWLrbF0M7ZVkECy7Me0nwqTz+xje+sXtW/2Ps
uUDCBQjWBW4tGYwfm3r6ZIN12MZNfW2+sbQgWOWCgPpTFtRt8HQTfuI5dN1GFwvX9iWf+u4grpvG
WMrbKbpY3QNdM+iXbcAWkeeyb3Jcwjv84YsaSkm3Wqf5ruatrKcOMFuXgby0uXw39Soetokr46cv
aQuQr7YV+FRhnupQt82y2KUGbKE3/QG8Wmehg+wL5iDs+gYmNga6+R3veMd6d3ofvnOeb+I/YM7l
wcTHejbZnllmzr08NUWeiJt2o/XCx8rb7C/7dg5fCHvqVRxrPhMO/gT8AH1JnLMdfXmx/eRF2ph/
0BX/UJ3Ej4Wqzs/kdcrD061FBjWco/D7pAucG2zi2BUdJfV1imOGskxi2EkLbFY9oUBkJAZaH3zz
eCUgiWLPnSJ12TG/dbgB901vetOe+lsw0qFYO90yv6vLcEblkY8aJC1n2BA9GaTgiXO/dlJnvfW9
9Q3hSpkMJOKwreH4G2EDHkNO7aF2CGfOtUUD2yc97VOdqJaRd4aulhE3+DQdgXVZ3uXxtZSDP1iV
WOfN3wRksw8Rnum0BO4ZZ5zRBS4s18KNd33BHsYGDs0MdkEbd9ELd+iagZU5tJCOU67QjyN0xQsl
Aa9xOkX2Re0Mrvs965QHcuwo34CPEZj5vXciJW/5fD+u4rQJtvkSd+uved/n21ynwhyiu7sw94sH
p7ZL2slLQ9d6fFl2LN2l25BcrPGXB+u6M1+OB5yrvNMRzEQo83o/1Cfm4Wob95sH1SVD7WJH+tD7
xLPvfltdLFzp0Opr8+znVV7po7v0g1+n6OJcUJH6JXHPYG3aPPJMjhEWV9WBr4Q1RDcmp8Cq22g9
wE67KOEqd+mP1sKQzLvpXhyzXcgjA9t1ecdW5u+7r21jF6uR36MS3UGXMjDrzBMlWvX0nUSRMKbe
b+I/4M3lwcTFejbZnllmzr08NUWeiFvNn9Tfsl+34Ys5baLMEI60GZuRxbt9Y6TVjk24sJiLscuO
YxcOwpfoNeRtlhe/mm/pBxyTzPUyP/cnQxpyrBhsYgFyXxoq3yqDk5++ATan0RiopV8IlNVJ+HW/
EZDEaZM7ReqyY37rcAM+n8Mak9KhWDvdsjwBUuDijMojH3U2tZxhthddUCcdwDj3ayd1nTd/W98Q
ruTPQCLjqi85lggk9+Ex1I4+uGOet2hg+6SnfaoT1TI1D7V+W0Zc4NN0BNZleJfH11IO/mARYZ03
f7PwPGmHvEmnJXA5iSf9Ti3cgNkX7GFs4NDMYBe0cRd94tN3n4GVObSQjlOu0I8jdMWJeS86jdMp
si/qMVL3e9YpD+TYUb4Bvy/I5C4zeSthbnsvTptgmy9xt+6a932+zXUqzCG6uwtzv3hwaruknbw0
dK3Hl2XH0l26DcnFGn95sK478+V4YNEgyWPasdlbaahPMr9t3G8eVJcMtQubbeh94tl3v60uFq50
aPW1efbzKq/00V36wa9TdLHz0RxvNd4ZrE2bR57JMcLiKuZXfWmIbiyUBVbdRusBdtpFWYdyl/5o
LQzJvJvuxTHbBX0MbNflHVuZv+++to1drEZ+/L4kFpfzu69P8kSJVj19J1HUeE/5vYn/gDWXBxMP
69lke2aZOffy1BR5Im41f1J/y37dhi/mtIkyQzjSZmxGFu/2jZFWOzbhwmIuxi5xQRcOwpfYYMjb
TOJX8y39gC+Fud6Jkk66wLkOx5ZjSWfIGMcMu+Rw8BActFxedc7UR/qRR/gwEkc+oWz4y/Lb3Kdz
sA7EDcF113V+B7rO3xcUcYLcoqvtbeFif/Q5YOv6/T1Un3m4MhgNWLKzKt/lPd+5ZEAPObWH2pGw
pt5Lgwxw1O2rnaj2Azhz/BInAbDDuPXHhDadg6w+53torJCjv57whCd0fyhrhVriYntwPrIzgt1p
luH7oTgULZd9bBt4zxFJwuEKLI8hzTGE4UJ+Jqit4IarkhO/5He+u0JdLTrwjHe5MGUuLbItY+7t
Y+jEKsQMcNA3Oj2SfsCt+z3rEmbSwiAH9GOilfm9NxDVGqvmmXsVp02wzZe4W6d8swmG+cdchTk2
2DGV7tvw4Bj8M882Y38q3aVbq58Sp7zPBTPIi3yX9wZt7GePQW/pTMpJY+RDyoyEyb1Oe+j3AABA
AElEQVRtFG793t/ma7XNdicMgrYeF4/uFo7XPpnm+ynXbXSx9Qy1zzz7eW3RLOHP1cWecoO9xfew
Eqb3jFcXT6UMzXHMBNv+I8CNo87yeZVuLZvE0yaSLyhrPX16izzKXfitLyiYeAzdiyM7YjnVwQVq
BAJbsB1rtJ+V+336kQBVa2w5NsEdHW19wGrhyeIBdsqg67CVsRf4NpqfJEEP1jRswZnybBP/AWsu
DyYeY+rJ/HPv5alN8i7hD+HWsl+35Yuse+z9EI62uTX2hN9qh++8soCZsdi3QIdPacGDrdO9xA/b
FjsNvcOfsFvXE2XCvw2eQ44VHY4tx5J1DpU3D6fX4OCBxq2kc6Z1pJ/wWRzBUcE48/jbr5TOQeTv
2OSu6/wOdF22Lyiis6lFV9vbwsX+6HPA1vX7e6g+83DNAA07q/qS42zIqT3Ujj64Y55Lgwxw1O2r
naj2A7IBGYL9ir3d+iMIns5Bdj4zt8Reob/4dA9/6GTg8Ze42AaODmU+jq60DPNYHIqWyz62Dbzn
yOdMODI9hjTHEHKM/MjE1q4edx8mfsnvT3rSk7q6WnTgGXjkwpS5tMi2jLm3j6ET/owMcGSgLOkH
3Lrfsy5hJi0MckC/1skBlDcQ1RqrCX/OvThtgm2+xN365JtNMMw/5irMscGOqXTfhgfH4J95thn7
U+ku3Vr9lDjlPePZBTPIi75k0MZ+1hfd0pnAkMbIh5QZNXzbKNz6vb/N12qb7U4YLAryuPjWp1T6
ZJr1Tbluo4utZ6h95tnPa4tmCX+uLvaUG3jKT44kXO4Zry6eShma45hPGNl/BLiZf7aSdGvZJPp1
ky+snwVdfXqLPMpd+K0vKNjCp/VMHNkRy6kOjjcWuLRgO9ZoP77XPv3I5xJaY8uxCe7oaOsDViux
eIATItB12MrYC8yt/SQJerCmYQvOlGeb+A9Yc3kw8RhTT+afe5+82+qTFtwh3Fr267Z80cJh07Mh
HG1za+wJt9UO33nFP8RY7Fugw6e04MHW6V7ih22LnYbe4e9ETEvgvBgjDJ78G+OY0eFUf4tVODpf
WAnsM6/C73PqmG/ulcmb34nu2ymIY5OVzAhZ6xFnBkbrCEPy6UCtndiWbTlDbW86tK0TZcxA6zse
vu8bxEP1Cdur9XPccAsezjrpNbRoQDitdljXnKs0SGdh3T4dijpRMfK5h3buAmvVTXvzswTAIcAA
LTJ4a1mNkNq57/NWXUm/pI1jpDUG/J6x7bF+cLIvcPITjPId34fzu+4Z7CKg5RHKQ0cAAyfhzaWF
+Ey52p/QvQ5sEMAxEJH0A37d71lni29sE3zRooXBPd63xmrCn3MvTptgmy953vqk1SYY5h9zFSZK
u5UfYzSfT6X7XB7MOsfezx37wJ9K91e84hVr513u5E1cOZoaQ5FAGc+TB1tjnzwu8IAP/aayfYRM
aC2a8fuUtcxIXLi3jZv4x3xTeNCJDjjkqRw40ziSmvZswq/Gt/VbWszRxcIbap959vMqzkN0V4dO
0cWe8ABt2WnYwln9RJ5crOE49jvvyD91CDI3daNwpVvqGN8ZuKnbaD3U/+AHP3jXQjXKEoxWxvct
DLGOMVdxdCEQvEjd/DHmcqEc8MQbndrS+9YJfVrvc7xaDzRtnQBgXo6mF25etSFrGmaeOfdj+A+4
c3gw8RlbT5aZc58LhZD5NQzsiLqvhnCz3WljbMsXNU5jfg/h6DhqyWRht9rhO6/W0dpRTh5lCnKo
XoxjWceWMIeuJ+LkfyrOQ44VHY5DTruh8uKiw6n+Fqvvdb4gQ+sk/D6nTp1/6m+PjEX+9e0UxLHJ
EdrwkEmc0eXogVbSrqid2JZt0dX2ogvqZH/0HQ/f9w3iofrqOqyf44Zb8HDW+V3toUUDwmm1o65z
ym9pkM7Cun06FA0aYcdxTx8jJ/sS7c3PEgCHAAO0yOCt5ft2xfm8VVfSL2njGGmNAb9nbHusH5zs
C5z8BOtNyD+CE7Q5g10EtDxCeegIYOAkvLm0EJ8pV/sTuteBDfSjgYikH/Drfs86W3xjm6BRixYG
93jfGqsJf869OG2Cbb7keeuTVptgmH/MVZgsrGil+nunU+k+lwdbuGx6NnfsA3cq3Zkzwyv85U7e
xJFFqQ9/+MO7QBnPkwdbY588LvAArt9Uto+QCa1FMyzYIX8tM4CXyTZu4h/zTeFBfNHikKdysADn
zDPPXL/DBtsmSYs5uth6h9pnnv28ivMQ3dWhU3SxJzxAd476biX1E3lysYbj2O+8I//UIcjc1I3C
lW6pY3zn97HrNloP9T/iEY/YtVCNsvCDMr5vYYh1jLmKowuB4EXq5o8xlwvlgCfe6NSW3rdO6NN6
n+PVeqBpnjAjDPNyImMraUPWNGzlnfJsDP8Bbw4PJh5j68kyc+5zoVBrERx2RN1XQ7jZ7rQxtuWL
Oe0awtFx1JLJ1tVqh++8WgexnXoskEeZghyqF+NY1rElzBPxeqwC5wQ/GAj3u9/9OkGHcZI7unHK
uHupdtpRFkcVeW52s5vtKg/MOtil86Z2oCPIWX2rkzR3ORPQbsHftJthyGHT9y4dyQwIJuzkpS3Q
BbwR1ARRbVs6d3nP8QvChz5nn312V4ZytVPJHXLsLkqnLY697A/hedXJCkyDsuCI0WjgFfzNT38C
06NCqY/f0JC/VmCcXcYqJb5HgQEgPBQjDmDf1zuohEu/+Y3Imq+ENffK7i/qx1FP24GD44VntI/f
1I/Dn34xQCUPYgTyzYmkOzyIogcGZex/4Lgzj/IZSKYe6hMX+SLxoS523fHMP4Jc8ns6ZYXFrjhx
Bg8EJ3WIWx0k4/uBvueKo51gRD6rHavSizyswktnKMYQ32O3PDIA3OfSwnZPubKSlvrpC+unr9kt
aH/wHt5KuOAObSlX04mFN5RJvqGs39LlHUYWNGeM8A1qg0a8o3+SZ7LeKfc5RgiuCjvHJfcJ04UT
Ne7k8dte+4UfMA0AQ0cXBcH7rNx0XGdQjuNY6ZcpdJ/Dg0mTKfdzxj7wp9JduUOfQgv4WJ5BjjKx
5x1/KRfyG6VMaHI8wiPKC3b+KptSF1AXuMI39JNHWIlHPRYOiwdzIgUuBGYe97jHdbSRDuBum6b0
aealvDQC3hRdjA6k31I+SB+u9SKRrHfqvXYT/ZQ2QN/Yn6OL4be73vWuaz7D0SMPgi/jVtpnMBf9
BY9CP/SF+gyZqswlkAyt1bvAY9W48PiWJ89oD7acz2vZlOOEPCzAQ84gR/g0iH3JO+TwVDpnfnDR
Zkg7VtuWOpD7jDnyUpZJnbjDs9BAmPAEOwOlScI0D1cn5sKpbSXzZl3s8BAH3sMv0BwYffUIZ+wV
mNSRegNbW57PvgXmHB6k3Bzbc2wbWvlyASz8xiIFeBjbTkcjgV94z/JJA59xhT4tOzz7ai5fZD1D
99LPBVC0CbzsJ67aO7V9p5yhrWPmZ6mLCcImXiwaxoEAD9YLZcGnNbfgecKo70/Eyf9YnAl+4MB+
0IMe1NGMcZ87unHKuHupdtpRFkcVeW55y1vuKg/MOtil8wYnfjrQwRVZqpM0dzkT0G7BP4jdDOlI
dmEQuNEW6ALe8BVBVNsGr4g37zmW3QR9kIPK1Nqp5A45vlebjioce9kfwvOqkxW4BmXBERvLwCv4
m+hPYGpnUR+/oSF/rcA4cki8Tz/99G63tfAYpziAfU+9mYRLv/mNyJqvMv+ce/U4jnraTtJ5x24t
EvXj8KdfkDEkeZC5Lno26Q4PYs/SLsrQtyTguDOP8jjKM1EfZcBFvuC9+FAXu+4yEeSSb9Ip63fF
2RUnzuCRdhC4IU8zpd4DF/Q5wQj7iGvtWBU/3p1zzjm7nKHIRL7HbnlkAGkuLRLXsfd+OpD2Wj99
zW5B+wP84K1M4A5tW3Ri4Q1lkm8oi01lW9ER0JwxwoJ+g0a8p6+TZ7LeKfc5RgiuArsel9SfyYUT
Ne7kQQ/uJ37AxF8BTOiIHU2C97FFHdcZlMNup1+m0H0OD3aIzPg3Z+xTzVS6K3ekHXwsz2D3Mafk
HX8pF3IOwgKODE7AI8oLdv4qm1IXQHdwhW/oJ0/BEo9aZhwWD6IvbC9XFqbxySjw9Tn3tmlG13ZF
KC+NgDdFF6MD6beUD9KHa71IZC6OlNNuop/SBuC3debYn6OL4bd73etea/riC5MHwYFxK+0zmIv+
gkehH/pCfYZMVeYSSIbW6l3g5YkO+HhJtAFbznpq2ZnjhDwswEPOIEeYR9uXvMPHvE0CF22GtGO1
bakDuc+Yk/bMV8SdeAU0MNFP7MCVJgnTPFzP+vSiEeHUtpJ5sy4+wyAOvIdfoDkw+uoRztgrMKlD
vYHuwdaW/7JvgTmHByk3x/ak3NyUC2BpE4sU4GFsOxa9QkMCv/CeSRpoN/oc+rTs8OyruXxhHZuu
0s8FULWNQH9p79T2nXKGto6Zn6Uu5kSmTCwaxocA/eqFstCpNbdIHk5YR/3+2ATOM1CsABq6ptNO
huvLb8ASgY0y4M+grmU4DhxDBoXvs3Sg47xzJ63v85r4WMc2VxSLE2TryaCZz1BaWY8OWd9Thm+v
+5srTi0GIuUweOp24STGaZuBEMunY5vy4Ak83zOB9N6ru0QJlvis75qBmGyXE1fL0aa6XTj+s0w6
3yzXutaLCBLGpvsW72Eo5yT4tNNO6xz72X84Q3QyihO0g5bwnc+4chylgSsMYx3k5qEMqzrTuf+i
F71okBbg8rCHPWznPve5z7ou+9021xN162td6919aUy18oNz7nbjPoMrlGHixrdUszw0QsGD41xa
2L4pV2RH3S+JV94rNwz25jsca9Trrr18545g6qr7OPPlvXVNaUvmHTtG8tu/LdwxgjHGk8fBM8tl
vVPvCb4mf7fo48Kdli4xqG7AOmmIYQ0+c3hwajvMP2fsz6W7x2hlm2teJhjGeBI/9EM9Hlsyl6Ci
Zbga+Mm66nvrVu4eNg+yuzd5qYVf2grZvin3U3UxsNHHLd5OHJGBOAym4NLKm0G3hF/f17J9ji5u
8Tv8JC9QJ7LCnbm1vQUOBs5bciblIO9rm6ZuE7+zDHSvZVerDPzdouXYZ7VNlXZjyz5K2ruwQbyY
KLGozd9eXSxQ45SLRpggpf7NvDVfwG/ITU9ksB7lZpadel/XJey8ElymTxP2VB5s0Tbr4L7P9sx6
p97jBKnryd+e1NTiP9td8wzlM2C8LV+MaVMLh2xHfZ/jtWUjZ37GXY5F8Kl1ArKChb+50AsYudCz
pR+tJ8dRq71HfaI/F78MFEuLoWs67XDEDuU1YAk9TfWcle8Xo+dTdqQDHeedO2lbdSU+1rHNFcdy
zUMZNBMHFsRm0iHre8rUOganlo4kHFl1u3AS47TNQIjw0rFNveAJPN8jg7336i5R7Daf9V0zEJPt
qu012lS3C8d/pnS+9dXH83oRQcLYdN/iPWR4BgP4PBb8k/2HPtHJKG7QDlrCdz7jynGUBq5wTuog
Nw9l+DxJOvfRrZlqWoDLYx7zmPWpKMCy3y2XDmrr6rsSQM3da/BlX16eg3Pm5z6DK+RhkQTfUk04
0AjHM2kuLWzflCuyo+6XxCvvlRsGe/Md8ztSvTiQPO4Ipq66jxNG3lvXlLZk3povEnbe57d/W7gT
1CdQkDxO+SyX9U69J/ia/N2ijwt3WrrEoLoB62ybO1zn8ODUdph/ztifS/eWTVnzMsEwxpMJ/VCP
x5bMZY6aycBP0re+t27l7mHzIPOL5KUWfmkrZPum3E/VxcBGH7d4O3FEBrIoc9uUQbeEX9/Xsn2O
Lm7xO/wkL1AnsoL5NKm2t8DBwHlLzqQczIBl3Zb8nWWgey27Mq/38Pc2qbap0m5s2UdJexc2iMup
p566w6I2f3t1sUCNJ3M38/SdZESZmi/gN+SmJzIIQ7lZ1zPld12XsPNKcJk+zTSVB1u0zTq477M9
s96p9/X8sK7Tk5pa/Ge7a54BRgaMt+WLMW1q4VC3JX/neG3ZyJmXcZdjEXxqnYCswAeVC72AgR1t
aulH68lxZP4T4XpsAuetIJOd07qy6wElzN+YsgTgDD5S5owzzlgLuxZ8HIsYrdaBgnJnYyt/Hai0
3LZXJmrpXLZunER9znMMunphAOWAw7fACXaLFwo1v1tJPmjF7hJXyVonVwaRZb0SZPAbz5kXGqdj
K48o7gsOENDAeBF2Xv8ve+cBZk9Nvf/QpAoIKF9EBQQRFQVEUbGBfxFB7CiiUkTEgoViBRVRQFAp
ighYsGFD7B0RxIYNsYtYsGAvqGAv+88n+t7f2Wxmbmbu3d27d0+eZ3fmzqS+OTnJKcnwLRYd6W3L
QYGsXcA2fg1dkI+lJZu+5r5kpEOhbJkaOIC5VezJSEpbEc5te3SPkwJeQVbBTX9JwZ87DpCu1Me0
Q1gwWZfoaf/9959F72p7yQCOQZvFq3bEU25JEY+xk51w7GTlCl1K2CgpMsGIcaT22+uuu+6aFDHk
qbr1xULpu14RZnK6BUuER+soIRqm72wbuJdRw2LHc/KRQwD1gi5KPAolJDsHlK/K6toWxRddKL+m
K+XoWGQcYWw86s5EWzJYWacPldn3Cv45r4Kej4ken9qFTt6lNsmobscgbaDuNm1XGuzbFtJ1Hfuj
4M5CuuQ0AA+Bh1keY9uEZywY2f7mvolfkBas8zTwaHa7W6Ws5sxSf+Xl8XucNMh8jtGfujJO4ccI
QNSPuo/DcA4WXeZi4qsOpfbrGfVDSWH7qc99rTEMI11OH13nYurH7ip76o3aw5UxzHu1g/7Rzmbe
2/mlhJGlDfIAd+YMWwb81M5nlneSJ/MqxlP4DJ7LloYpHwcU1a/v1a6BqBvCmfIq9Ud+bDse8Pkc
RD7UFW962q388qvdMdC2a97Wo7TGaFpv5eXV/LZl2b6y9zjZQQ95fl1o0OJewo/yLD3kZfX9zXzC
N+xse7jHUZc1kRwCSjQN/dPuEkb5OnwUuqhpW6kOeZvsb8szavh7Lp+V1tU2f/g0jp227hgSbRx7
z9xHX9j49n4pCPt96lgyMllc8nucHBRq0mKAk/GRdPCrPE/7G8UicrgChgTtbLTxdJ8bKpVu1CtK
UKtcVnmMK9ZlpYCSMHcMIB35MJbtbi8U1Pa7lcQDK3aXIMOoPF355EIeoM8DDzxwTlwwtoot5CC1
pck4gEGDHSWlwGcPdKS36sMVBTKybB5q6IL0lpbyPIb9LhnpUCjbU1nAAcytYk9GUtpa4rvUCycF
TkOyBmZrgLdrVOFR6mPaICyQQ9QHSsMVPmjpXe0uGcAxaDNPaUc86dHj2HqSHmMn/J71CFfkMv6I
X1JkghHjyNZL97vttluSXclToS8WSt/1ylo2p1uw5MQl6yghGtapW2oDVxk1LHY8Jx85BFAv6KLE
o5BF+OSU8lRZXdui+KIL5dd0pRwdi5zPX9Qdua1ksLJOHyqz7xX8c14FPbMGRg5SKLVJRnU7BoW7
TduVBlVmn2vXsT8K7qzPSk4D8BB4WD521R5OmOzCL0gH1nkaeDS73a2TlubMUn+V6HCcNMh8jmxB
XRmn8GM5kVF35rRxhC5zMeWpDqX26xn1Yx0+aqg1hmGky+mj61xMXdl1ivFL7bBXxjDvFegf7Wwm
np1fShhZ2iAPcGfOsGXAT+18ZnmnDJcYT+EznGRoaZjykVlHDXYNRN3QWymU+iM/th39Tz4HkQ91
Zact82tToGzh0bZr3tajtMZoWm81ldv23JaluuVXnOyghzx0oUGLewk/yrT0kJfV9zfzCSfT5m3C
UZc1kRwCSjQN/dPuEkb5OnwUuqhpW6kOeZvsb8szavh7Lp+V1tU2f+YR7BA22NN+bVzumfvoi6UW
VqLCsQFDwzXXXDM0znKKEBXBIRpMQjTEhFVXXTVEpUqIC9iw0korhY033jhssMEGEwNHnFxDXKCF
tdZaK0QlRarb6quvPrR+tCcKRGHllVdObYzK1dS+oQl7RqBuUTGQylt77bVTmT2zak0GLUcvztQW
MJmkvmqteMtLsIvfGQvrrLNOiIJrWHfddcMaa6xRTBEFgwBN3OAGNwhxgkg0ESeIsMoqq4S2Po6T
XFixYkXCjTwoJ3obprIotylQBuOFQDzq1jdEhU+IC4QQDechKlZSnfO8cnqPQlwqN4/H775YlPKq
fQaOsF36Z75pD5qIE1Pqb3Booonauk9DPPU59D4KLbZh0YUG2/Kpeddl7Nfk1xZH43611VZL0eAh
wwJYxN2+iQahxfXWW28o7qSJRqE0buEx8z1OhrWh5j1jjfUAIR6HF9Zff/2aZFVxFnourqrUGCL1
mYtZI7DeUoA25ouvUT/ob80112ycQ6hHVC6kOYl1FnOU+AppWRPCayYpMB5Z1zEeWQuqvm11jMqV
EBUpIToBhOiA1boWZL5nDQdu8CfwicJm+l3DM9rqMe53fWhw3HUYlp/WaawbwHS+6L0PXQyr+2K8
h0dEhXCITg5hk002SfIPsozmn0033XSs1Zo0mh5r4xYwM+gP/hkdnJP8x2/WHPBQ+nHDDTdcwNq0
F6U1iuRq6lYrV8NzmBPQHUTlaisvba/F8LfwX2Q1+D3yF2XOR4hGjYEOBN4/SX3Vt71gR19Jrmbt
2sR7oVOtVeHXzHmSq9v6OBpbEm1D4+RBGvKhrGFyNeODQDzi9w3R2S/svPPOIRrOQ3TaL65Xcnpn
zdBUv75Y9K0/6cBRcvV80x40IbkaHJpoYpT2LLW06nP42ii02NbuLjTYlk/Nuy5jvya/tjga95Kr
a+RdsEDe4Mof8uYw3IkXNzWlcQuPme9x0tbm2neMtW222SZFv+KKK5LesjbtsHjI1Qs5Fw+rz7je
95mLWTNLT0s9oI354mvUD/pj7dQ0h1AH5lDmJWg2fj95IKeSdhLlasajlauHjUfaGB30wjHHHBOi
E0CIpz20rgWZ78FLcjV2DMnVNTyD8hYq9KHBhaqbytE6jXUDtDhf9N6HLlTHSbrCI6JDYohODgEZ
Gh2t1kLIwNHBZZKqO291ccP5vEHrGTsCjsCoCMCopYyKnvchevuHeJJDiDtWQ/Rkal1kjFq2p3cE
HAFHoAkBy5tQfJx00kkhHlUVNt988xB38yThpimtP58uBBBe407qpMjCoRIhbJoCiguEJZyv4vdD
E41PU/u8LY7AKAi44XwU9DytI+AILCQCdu0adwGGvfbaK8QTCEPc4R7id8tdrl7IzvCyHAFHYICA
5U3I1RgV467dEHeehrgj1+XqAVLTf4NcHU+TSobzuLt26uRqNlHFU+qSXB1P5Uo0Pv296i10BJY2
Am44X9r957V3BKYSATzA4jEeIR5hXmxfPGY1bL/99sV3/tARcAQcgflE4Nxzzw3xiLFiEezGjd+h
K77zh9OHQDxSMsQj00P8jE1qXDwaPO0gw1t+3333HZxCsNRaHj9DEOJx1mnneDx+K52iQBviZ3XC
M57xjLDZZpsttSZ5fR2BeUHADefzAqtn6gg4AmNEALk6fu4gxGPFi7nGY1bDjjvuWHznDx0BR8AR
mE8EkKHYeVsK7MY9+OCDS6/82RQi8P3vfz+ccsopaTMCzYtHgycjM3L1AQccEOLnIZZkq+NneUL8
ZEySqzldiU0WhAMPPDDET4WELbbYYkm2yyvtCCwXBNxwvlx62tvpCCwhBDgGLX6jPXzqU5+aVev4
zdRw8sknh/iNl1nP/Ycj4Ag4AguFwFlnnRWOOuqoWcWxGxejOYZTD8sHgfi9wbRTq9Tio48+Ohx5
5JGlVxP9DAU7Rv8LLrigWM+PfvSjYaeddiq+84eOwHJDwA3ny63Hvb2OwNJDALk6fmM24HhuA/I0
a9r4jUr72O8dAUfAEVgwBJCfDzvssFnlIVe/9rWvTYbTWS/8x1Qj8La3vS05aZcaedxxxwVk66UW
kKv5HEr8vnSx6hjROZregyPgCEwuAm44n9y+8Zo5AssaAb4/wnfLuBL45s5S+CbTsu40b7wjsEwQ
4JgtvpFG4LtTfIOV7255WF4I8L01vOP5tpkNfE+Qbz6h+FmKge/d8U21/PvsKN83j58jmK/vgS1F
rLzOyxsBN5wv7/731jsCSwUB5Omrr756IFdvtNFGgT8PjoAj4AgsNgLo/DiinYDsxFHWLlcvdq8s
fPnI1VdeeeUcuZrnnHa2VOVqZGq+Db3qqqvOAhV9wZZbbuly9SxU/IcjMHkIuOF88vrEa+QIOAKO
gCPgCDgCjoAj4Ag4Ao6AIzDBCLjhfII7x6vmCDgCjoAj4Ag4Ao6AI+AIOAKOgCPgCPREwA3nPYHz
ZI6AI+AIOAKOgCPgCDgCjoAj4Ag4AssTATecL89+91Y7Ao6AI+AIOAKOgCPgCDgCjoAj4AhMNwJu
OJ/u/vXWOQKOgCPgCDgCjoAj4Ag4Ao6AI+AIjBkBN5yPGVDPzhFwBBwBR8ARcAQcAUfAEXAEHAFH
wBGYAATccD4BneBVcAQcAUfAEXAEHAFHwBFwBBwBR8ARWDoIuOF86fSV19QRcAQcAUfAEXAEHAFH
wBFwBBwBR8ARqEXADee1SHk8R8ARcAQcAUfAEXAEHAFHwBFwBBwBRyAi4IZzJwNHwBFwBBwBR8AR
cAQcAUfAEXAEHAFHYPoQcMP5EuzTH//4x+GSSy4Jt7jFLcJd7nKXJdgCr7Ij4Ag4Ao6AI+AILGcE
ZmZmwoc+9KFw3XXXhd13390NUMuZGLztjQh84QtfCFdeeWW4853vnNb9jRH9xaIg4IbzRYF9rIVe
ddVV4cILLwzbbLNNuPvd7z7WvD0zR8ARcAQcAUfAEXAE5hsB5Or3vve94dprrw177bVX2GCDDea7
SM/fEVhyCHz2s58N3/nOd9J6/5a3vOWSq79XeHEQcMP54uA+UqnPfvazw6tf/epkNH//+98fVlll
lZHy88TjQQDF5tOe9rSwySabhL/97W/h7LPPDte//vXHk7nn4gg4Ap0Q+Ne//hWe/vSnhz/+8Y/h
l7/8ZTj66KPD3e52t055LFZk6vuEJzwhGRL/+te/hlvf+tbhec97XlhppZVaq3TOOeeED3/4w2Hd
ddcNV199dTj99NODLwhbIRu8vOKKK8L73ve+cNlll6VnK6+8cthxxx3DoYceGtZaa61BPL8ZHwI/
/OEPwx3ucIeU4cc+9rFwxzvecXyZd8wJZcPJJ58cvvzlL4ff//734UlPelJ40IMe1DGXpRW9L59Z
Wq2crNp+7nOfCx/5yEcSnbE+XHvttcNuu+0W9t133yJ/Zy256667hu9+97vhRS96UeJHk9Wi/6vN
cp1/3HD+fzSwVO+e+tSnpvUSRvOLL77Y5eoJ6UjWZQcffHDYdNNNA2vht7zlLS5XT0jfeDWWHwLI
1ayN//CHP4Sf//zn4bjjjgu77LLLkgDiF7/4RXj0ox8dNtxww/CXv/wl3Pa2tw0nnHBCcd1lG3Tm
mWcm2XC99dYLP/nJTwLrnFvd6lY2it83IPDtb387nHfeeeGLX/xiioFcfac73SkceeSRLlc3YDbq
4+9///sDB9tLL700OdyOmmff9MjVxx9/fPj85z8ffve734XDDz88PPzhD++b3ZJI15fPLInGTWgl
P/WpTwXsYdAZ+s911lkn7LnnnuGAAw4o8nfkavR78KeXvexliR9NaNOCzz+T1TNTYzj/2c9+Fr76
1a+GVVddNQ0SdmYweGzgPYpCjA+8W6q7tU877bTwwhe+MNz3vvcNb37zm5ekgP+1r30tMLnkhqB/
/OMfyfB8m9vcJqy55pq2+0a+/9Of/pQmcAxJj3nMY+aUPWoBH//4x8M+++yTsrnhDW8Y2CW0/vrr
j5rtkk//97//Pe0qxAPypz/9adh8883TQu7f//53GrPPfe5zw81udrNFa+d808WiNWwBC/7tb38b
zj///HDRRRclo9PNb37zJEzjTPLPf/4zGX3XWGONBaxRCH/+85+TJ+GPfvSjVO5LXvKSpIBb0Er0
LEy7C5W8ltcfdNBBydNY6T7xiU+EHXbYQT/92oAAihCcLErhox/9aNhpp51Kr6bq2WLwwV/96lcD
BdRi0yp86l73ulf41re+lfp1KfGLvoTYl8/0LW85p0OBtN9++yXHphwHDOjIJyUDLIrqhzzkIeEz
n/lMmHSanI/5B76EMgT8FMBk2223DZtttpkeDa7EYx1CnGGBOHe9610H63QrRzalxYmKNCiAFUr9
pndL+YrzHY5EkqsxKudyNY5mGFCQ5TAsLNXd2ieeeGJ4znOeE+5///uH97znPUtSrv7KV74SoOGS
XI3h+Xa3u928yNU4peLcibNnXvao9I8j6P3ud7+UzY1udKOAIX1ax1sXrJCroVOMUpxCuOWWWybH
YHgaYxJjBbL2YgX49nzSxWK1ayHL/c1vfhPe+ta3BpxKkbE5ZRInO3bJoSt78YtfHBZDroaP4PRK
eOUrXznRzny2v+Ad1uBdy+vR6zHOFL70pS8NHH71zK9zEcDgg5NFKbDbc+eddy69mqpni8EHsXOw
gYuw2LSKXI1z/Ne//vVUn6XEL1KFe/zry2d6FLXskyDvPfjBD06OTTkYyNXof0snLrBOYi795Cc/
OfFz2HzMP/ClT3/603Pk6u222y5sscUWOZQp3gUXXJD0+XNeZg/A9p73vOdgnW7lyCzq4CcbCEhj
5erBywm7mRrD+Rvf+MbkySR8n/GMZyQhWL8R7FG0KDCgMN4uRcMmR5vSXnahzIegKozm6wqje9jD
HpaUW01l0D9veMMbUhub4nR9LiVxrRGqa/7EZ1cQDhluOP8vej/4wQ+S1xcCYFNYbIPJQtBFU9un
4TmT6SMe8YjGpizmWGBxcOqpp4aXv/zlE290yAG85pprkrEEj0l2vr72ta8duqjAWYCdAPQHBsDF
Hlt5mybxN5jd+973Tryb3QiHHHJIUpqjGEI5xRHiy2HH+WLwQcYnjlMoBVEClgxhC0kzKKOPOeaY
dKLPpBspx4VLHz4zrrKXUz4aX7SZXVrwFU5DYQcT612cNkpGJ9bLZ5xxRsCjnvU+8SY1zMf8g+Hg
yU9+8pwm4wCL4I9R1waMSF2cxexJF+xmfcpTnmKzK96zrrXGO3tfTLBEH3Ky2eMf//hB7Tn1Bqdt
BYy0N7nJTfQz0TH4L0U8cOylvfe5z33SyWGlsTho6ATewCf22GOPZGRrqh585l3veldSGDbF6fpc
SuJaI1TX/ImPoRDDvBvO/4ve9773vWQk//Wvf90I52IbTBaCLhobPwUv0PNxzHJTWMyxwLqF9fpJ
J5008UaHHD9Ok8JY8tCHPjTtfH3b295WJVezTsaBBwPgYo+tvE2T+Ju1IA7n7OjEoZITXTgdld3Q
yFnMF8tBrl4MPohczc5u9K7ovkqGsIWkGfobmwwnIC4HwznY9uEzC9kn01KWxhft4cRA+Ao6UD69
hCMv6/nSWp71MvFxsj7ssMNSvEnFBF467vkH+xobSPPAOhvbaC5Xgycb4mqDPeni9a9/fZoDhqXl
RIqSk8OwdAv9fmoM5yheOaZBu8bwtMWjTbuW2Q2JQlyBI1mXqme82rCUr+wgYbc8i1aMQhjSmVzZ
3fCqV71q0DQUhhxhOY6AsoujYGuNUH3K5PgPvJgQaJf7jnMmJjzBUPje+MY3Dm9605vC1ltvnSYA
GCknJxAW27i3EHTRh5aWQhoWKBy7xQIdoyNKZ/qakwXYbcCRl4tpOAdDjsV91KMeteQM59Qdo8r2
22+fThc599xzhwr4pCHocx6LPbb+W5vJ/q/jwlkzMC9d73rXm+wKz1PtnA/+F9ilzC/6kkZfPtO3
vOWYDpkDQfWJT3xi2g04zRiMc/5hjfHBD34webzjBKcTZMAPwzmnU9mAtztjGEcFdl0SOIpvtdVW
G3jXw+PZwY9R3s6R8ECO0mftSnzkE+KxY4bjolnfY7BAGWM945eiodhi1nTPug7ZWbvGUJx885vf
HMjV4MfaSgElFA7dHhYHAWgVB0sc6zkOlb6BZpFFTznllEGlUJrhkDmOgBEXuY7yaoxQfcqkDcgZ
7KRDUTqt460GG3gTjp6MNZxW3v3ud6ddtCgdzzrrrMDJCYTFNu4tBF3U4LUU46Ak32abbZIeCaPj
M5/5zNTXzH0YxDjdcDEN52CKvvWBD3zgkjSEgSPGRIwsOEzZubyNXvQ5j8UeW211nJR3Oi6cNQOO
T8tVrnY++F+KXMr8ou+Y6stn+pa3HNMhn2A/wviNfDjNYZzzD2sMTiz6z3/+k5zgdIIM+GE451QZ
G5CrGcPwcja7ELDVWbl69dVXTzp/5As7R8IDL7nkkiRXMw/w/pPReY2TwfkUJp9gWrFiRXJMq52L
bd0W+n5qDOcAJ+WfQNROAgQNlFU6agcDD15Y1gsFD0p2TqI4/8Y3vpGOI8A7DsHzkY98ZIAgFDgG
C28KOhjBBa9QfkNsEADfz+FbultttZWSJKMwSgaOLcF7hHwhWIyKGFmpI0cIcQSgjP2DxPEGoegd
73hHIlKeY2TGm690hCx5MSA4Cp2AgwBlcmwOBi3qx2Kc7z80BXYSIJiBC4TODg6OAnvnO9+ZknDM
9t57750W7015DHsuBTV9wRGWCjhBsCMHQyse8jhA2F0NDGAGIQMPhQCYEtiJg3JLR9QoP13xFN1l
l13SjnCETftteGjB/laaLnRBGhnOYUrUGxyhF+GI4b5pN0zXsigPOoBuP/CBDwSYE23gZAWMbRde
eGHChL7Og5SL0BR1JEAX7FR9wAMeMJZFrsYjhlNoiaMCFaBRHVuqnX08e/vb35489bTIpm+pE15I
7OZHYNRY5F1OgzBr2gTmBIQj6B+vV+KjQM09qfrQBXmzs4b6cpSzAhMBCimEXgWUvsSlTfQxyh+O
hsaB41nPelaiZRRO8A+8uB/3uMdVC3IqY7GuGsMotaBBi601qks5Dd3RVvgkPIkjaDC0EyxO9BVO
F6WxDB2QBzyAQB+jSNpoo43SbhuOtYWPKshgAZ3hTYdySXyQHXykHWe4/PLLE00wj4gH8y01HLfs
qSd5mcwhpGVe4DhUeDvH8N3+9rdvNJxDS2ALv4GHIaRy3M1LX/rSNMcJd8rim244KxGPP/oCWmNX
NcoDFkUcnQ3mOKBRrg04NUHvGlvwGngFjk2M8VLoMx6Z66AlxhX1oRzGMPyDHWF4LUNvowb4HmUh
3Bx44IGpDZrfyJvymOdQUOUBpQA7t8CXU2voM/oL2rPzPukY++weYYEJXbNAJB59B54cRcpzeDYK
MtYDGITgc3iOM1boN3Zj841jxpW+xQ1NHXXUUXOOz+1Dg335YI5NzW/mLOYry+eZp9qOnew719XU
x8YRv0AogL5ZZ0ArlA+vYg3R5BXbB3eMdQh/0BJ0wDx8j3vcI90zhyNkbLzxxraK6b52/skT9uEz
eR41vxlbYEkb4DHQLQZIaD9ft9IWxjw0z5qP8Q4mjBsw4UhHBOMmPlNTnzwOZTJ/cbwxtEggf3gi
cwI8chwBQw98BByOPfbYZHR9wQtekDChvXjF85ev+1mzsG7Seue6665L652b3vSmc6rF2on5kzUX
YwrMoBnWGOCO7AMfpU3QMXha/t53Pdhl/plT6Y4PoCcd7ckaGh4Cv8RIXwpaf0JvGBPzoLWLnSPz
OHIAwJhu13R5vGk25DE/2h1L8A/WudDc/vvvH3DoIzz2sY8Nr3nNa2aNG2iPMYxBl08RwAegQ3g9
TiSibdLzDVTkYeRq5jrWf8yDrDeYA1nfYZTHSKsALeOEC70zPsiXuZg+hTapI2sueHY+vsgDWRM5
U/MQ8hs0JjpTOVzJy8pLyJuUibIOXgLvQM+AMakpcGQhegnWa7QdeZDjlznpgMA4RDdQ4vdNeebP
paCmL5CHFXCCwJmV5/BYHCDsJ7IoGx7FH7IrfUXgZAxOfNA6XfnpypwHL4FnI5/RvwrwG/tbz7vQ
BWlkOGcXF+tq1u/I/uQDjpzyxtxSCl3LIg/oCrpljQf/pg2sz/gmJnwDTOjrPIAh+ENT1JEAXTBO
kFVFZ3m6Lr81HlmXsia38wE0qmNLtbOPZ9QHWtd4o2+RU1lroAilrVp78S6nQfRi5AHmBNa4jEXp
ylgrWdmPOH3ognTsbMLxg/WAAvo01rrWSQodF8pe2kQfc6okOi4cOJhfoWPWTszv6Jig4aWglKXN
GsPIsaw/LbbwDhnVpZyG7mgrfBKeBL1J32Jxom/Rp5TGMnRAHuBGoI85wQL6ZW1BOmRLBRksoDPk
WzZCiA8+7WlPS2kVdxxXaB1cmEeks2IdgLM+x8s2BeYQcGJeYJ0FptA6+swmwzlyO/Inaw54GDya
NSGnrbDLXrhTJnI16wvi8UdfQGtgzboLnMiP/uDEFni+DYwp6F1jC14DrzgwyqQl2ZO0fcYj4x9+
xriiPpTDHAb/eMUrXpF0UlZvYuvY5Z45jrmGsSn9nNWRUR7r4dIch7MjenLmSNZU9BlzMbRn533q
A5+AtuGpYA1NE4+2gSeyB8+ZFzhFjPUA62n6Hj2c+g2dCXpBxpW+xQ1NIWtDLzb0ocG+fNCWW3sP
H2e+Ep9nXcQ8Jd5eyqfvXFfKq+2Z+AV9A12wVmCOZG5Hv8+GM+ajUuiDOzId6ypoCTqAj0HvYMIc
Tn3QxeShdv7J0/XhM3keNb8Zx+ipaAPtYk3Eehzaz9ettIUxT/+jU2TOZnyh7yMtegY+T9TEZ2rq
k8ehTPg063lokcBYhycyn8AjxxGQj+G14ICcxmkg6HihZ9qLXo6/fN3PmgWa0Ji49tprk42vdNoh
ayd4DG1iTIEZ+lHWGPALZB/4KG2CjpkfLX/vux7sMv+MiiX0pHUVdYeHPP/5z0+6ilLeWn9Cb+jh
86C1i50j8zhyAOBUVHTySy5EwqgKcXDOTPpfFLD5CN7gL05+qc5xoTV4xvt4VPdMJJZBe+KCeyYS
zqw4Np+opJ+JCvxB/KiMaoxr00WlzkxcQKR0caFTlSYy95moZBiUJczjAJ2TPjKJOfGIHyejOXFt
vXQfF4DF9FEIqkofF0PF9KrzsGtUeKRySu0A7yiMp/dxEM8qJx4d2Fi/qBCYiYxxED8aIWbi7pDG
+MIiLrpm4kJvkI66d6WLmjSUR32isnzkssAI2lQbSldoXTSo/gCfeMxlYzpoMC72ZtVPabtcRfOb
b775TBR05uQXFXAz0elkJjLY9K6JbkVn0WA2p856R72iUDLnvcWEdqmPR6ELyoqGydayouPHTBS6
Eg3RfluPYfdReJ2DVRfcFzJudABIbYvOSMU6R4PfTFSQzkQl9qCP6QdhEBUa6TljzT7nfVzczMkT
XqG0Tdecn4jPNMVXHcaBW1yot9YvLljntCkuAFvnH+rNnGPnLOoalUStZZEuKpAH5THeLAbgHYXo
Ii+IisgB34iLuJmoiJmV1ubDfRRCBuUIxy7jUWngTXne+e+meUt51FwZmzXzQlQ0z2oX6XiW18n+
Zr6yfRUVS7Pi05fgZdPoHr4RDT3Fd4qTX+kb2+YuNDgqH7Tl1t4zb+Xzj+XNpXz6znWlvIY9G8Yv
wD8qkWdhTp5dcFcdogPf0L4u8cHa+UflcO3LZ2wetffRIaS1XdG4NBMFsAGGpbk9p3NoJCrWBmlq
61KKl8sEeVnRo3os5bCmyee1vCx+23WM6hsNBXMwjErtYr1KayfWwjyPiqo5+Vi+1nc92HX+Ubv6
XqNyN7WD+VpzWRvfYF0JtnbuZL5jPcacFg2I6X1pfKmO6gM7j+qdvVYJ0Us0UnQSm0U/8cjN1JKo
TJr1PBohZqJCfNDKaMSZibsWZsWxtB+V9DNRETWIH5VRjXFtOubXqJBK6aKxpypNVAzORMewQVm6
YT1m8+ae+boUokFqTtw8Lb/hZaVQGoel9NFoXUpe/SwqVVM9S+0A76gcS++jk+6sPKMyq7F98BLW
8ApR+TwTFZWN8dWuqBBP/ErpuHali5o0lEd9WJ/Z0KcsMII21YbSFVoXDao8eG1UAjamgwaRP0cN
ovlo8JmJxp852THPR+N5mit52US3ojPJcLadekf6E044obFNpKFd8ELCKHRB+njCYGtZ0WF0JhrT
Eg3RflvnYfesuZdKiAbX1LbojFSsclTmz0Sn75mo9E/v6WP6QRgwtxGgf/uc98ydechlFOVjrzk/
EZ+xcey96pCX1ed3NIIO2mbL0D3zcx7QKbTNP6RlzrFzFnmwtle+TVfWFgqMNxsPvKOzQ5EXROei
Ad+IhpaZ6KQ5K63Nh3vWJnnoMh6VtrQ+zMtqmreUR82VsVkzLyDn2kA6nuV1sr+Zr2xf5XIafQle
No3u42krM9HQU3ynOPmVvrGhCw2OygdtubX3zFv5/GN5cymfvnNdKa9hz4bxC/BHHs5DF9yVNhrl
h/Z1iQ/Wzj8qh2tfPmPzqL2PDkyt7Yo7r2eiE9kgu9LcntM5NIIeaBwhlwnysqJjyjiKSWuafF7L
y+K3XceoYOyCedxo5NfrWdfS2om1MM+jQ8KcfCxf67se7Dr/zKpwjx+ve93rUjuYrzWXtfENdDDg
Z+dO5jvWY8xp0TEjvS+NL1VPfWDnUb1bCle8qKuCVRJM6r2UkNErcCZ6B85gDIWpxV1qMxA7ykYU
LU2Gc+IwOWM0hAFEL8LBwLDKFYQflAd28JEvC4+4m3GWUjju3BsouqI3/aw0pGdyRqDGyK78qEdu
uETRg9InetfMRG/aFDc3ENl+gREcccQRgzwxQqOci16NA8U8+EQP0UH9SB896melYSJBUWWNf8oL
ZbYts+u9Fj5N7aDfwCQ3/kZv1vQcQT/uBEl9Rf9IQQnzUl2YEIYZlymjzXBeSxeUCb1ZJwzSIuyx
aBCzoLzozTvLGUPpupSFElV1l7MFdGKNMjl2Kod0lMXECq2jxBbD412TsVu41lytEQwFZPT8Tvi0
pbX0ST1oi4xQ1NEKeChuZZBnTKr/oxdUwpa+hz7UH7y3hvO+dIExmLrxh8GYOoNr3DE+I0Ur72QA
ZyzbsQjO1shCvVjowbdIh+FMbW7DahLeScCn3vDX6OWZFmFtdaNPoodgaqsd+zyPu28H73JltfgB
ZYEZZTPx0h/qe97ZPKmH+AzvovdxMiZTFnMEz0p8sK3+be/EPzEMwa+hN3ixysrHI4sra0RkXoFX
5EKkVf5Tvl0QU39+g0PcmZHaRLv4sxgyHuAZjCnLz4mHAwvzp4RyeBVKSMqyfIt6sbii3uStsUUe
9IWw6ToelS56fqd6g1/0Rkx1YNwj+KpNef8qbdcrmOGEFT2yB3lHj+QZ5ux4HOJM3L2W+tDmq/pR
F+rI2EehnPMtW0fmWObes88+e1CO2sJchmAovsFaAOxsXDCPuytn9RnxxEPof2uE7EKDo8yPFpeu
99AK7WY9w9jlT7y5lFefua6UT80zyy/op7jrPPEa1nZ23DBObX5dcCcd4yue+pNoAmMQdIKTG3Rv
HVXsGCZd1/mHNH35jG1f7b1VWkCb0D5to11au4Kr5YXQL/zH4gvdM3cyj2q8jMvJSYZz6A4+gDEi
nmQymKd5zlxW2+ameIyveCLETNwtP3PAAQcM2oEzGTwmHoE9g3KctVKeB+UzRljbysknpwWbhjmN
coSVHGpYS4hP0y7oVA4IfdeDfeYfW9eu98gacqRlPqVNWr9pnZXnCY8BC7AD37j7Ia0NwAB6o89x
8GjjO+LLbbhT7jQHjWfWd3HHyAzGUAwyzD/IEMiIKFqaDOfEYdyCc9ylMcP6XDRqlSvgmDvbka/W
NlYpjGOLgsay8uQad7ckxRZ8Vc+pB3WwAUUPSh/kJxzyiJsbiGx8eATjWXlihEY5B21JMQ8+8aQY
m2wm7uKYlQaaRVFljX/KC2X2KEEK6qZ2aN2QG3/j6Vepjugi4m701FfwFCkoWYMpYBgYZlwGozbD
eS1dUGZuACct8h9zi9XFxF2Js5wxlK5LWfAX1V3OFtCJNcrk2Kkc0lEWsgm0jhI77sAZ9H2TsVu4
1lyZy0V/rM1xwqf8tmDpk7S0RUaouPtyloyE4lYGecak+h95Btqk75nLZZTkvXjgKHSBMVjtYu1N
nWkXvNrKIDKAM5btWARna2ShXqzL5WTI+FSb27CahHfIwcIC/sq6EGzbAmM2nmiT0tmxT1/F3ZCD
d8yLNogfUB6YUTbrA/pDfc87myfpxWd4F3c8JvmPOjBH8KzEB225Xe7FPzEMwa+hN3ixysrHI4YN
O18wr8ArrBxJHa3yn/pYfQb15zc4xBNLBv1BOosh/QLPYExZfk48HFiYP+Nu/JQeXoWRmGD5FjpC
1mLUm7w1tsiDvlDoOh6VTpuhwA+dGXWANyHTUAZ/ef8qbdcr60t0s6xvlXc8oWOGOTvubk3yNn1o
g+pHfOrI2McpJOdbto7Mscy9pU1lzGVxd/mAb2DkAjsbF8zZ3GP7jHjiIfQ/vFGhCw2OwgdVXp8r
tEK7Wc8wdvkTby7l12euK+VT88zyC/r5oQ99aOI1yLO2D9AJ2NAFd9JB2+hmKAN7DnSCkxt0bx1V
7BgmXdf5hzR9+QxpuwbmMo0naBPap220S2tX3lteCP3Cfyy+8EDmTmsnGJeTE7YE6gDdwTuxRyC7
aZ7mOXPZqIHxFU+ESLpiyWiUizMZPAZ9O7I1a6U8UD5jBNlDTj45Ldg0zJ/SV1OGHGpYS4hP0y7o
FHmf0Hc92Gf+sXXtes96To60zKe0Set6rbPyPOEx4AB26D7jSR5p7gAD6I0+x8Gjje9oPdeGe17u
JP2eKsO5FJ4sNLUbAkJkcYSSRYZrFHZNhimIgIU6f3S8hEmrCOe5FdYxnkEsPOcv35WGwVDvZPSF
8Fig6jlXBjJKHd7BDOw7e6+y8zrZONxrQYyxSDs+eQ7TVDkIxkpnlVMsfCxGtA8cqRuGPRlVlLbP
Vf3V1A7tWM6NRioLBkg/waypjxTXViGruFzBl/rzHgZn/8jLxs3va+nCKiJRArPws3lpUUY9mhR+
tWXJkFiiZxSF9DG0aftKNMG7krJWtNVWP9ueYfdWOCBP/lAs0KcsguOxTrPwIb94LE+KR1wmI1uG
dh3lbRat0C6NXaWDrlGe0h92HOh9F7qw/QtvUB72qjFOeTLsC3cUecSlTzDI0EYZYIR9E/3aMibl
Hjyk0Fb/ckVRj+Ie/mv5iOotPEpjX++sspo+lVEF2mHsKi+uKMH1Ps9TfIY5AFpQOgwT0At/LAb0
fNSr2gtto9SCd2IAAhfKgv+qDBmqGRMXX3zx4DnvSaM2WXqnruRDfhhdciys0d1iqDLBQIYU8mBM
6R1X+I9+iyaJx0JKz3W1cwYLSvGaPuORtPGzKKldeR9SnhzjWOSr/HFchQdGvhI/Uhna6QMWzI9q
q97zWwvCEk1ZLOlvjOFKy9WuIRSXnf/qXyl9UGwTX/XOaYp3XWhQdejCB5VmHFf4ZakNNu8+c51N
3+Ve/IJ+Zh1p00IfWgdZ/q44XXC3xuzSOJURya7R+s4/ffiM2tTlSvvlvJOvO5WPVV7Z+V30DO44
hig+VxQgPM/XMzZO33v6FJ7M2gB8ZZAt9UnfMkinMd1n/VyaE5vqYvk/Rko5AMNzGOM2nfJl/NWu
B0edf2z5tfcoWul/5kHxQ41TyyNtfgjlpMn/hvEam4eUMsNoYZKE+nHXRQpP5BXthkB2ZSyiZBFd
o7BrMkzF4xOTol67YeRAYxXh1FuKN/oM4xkGS4V8VxprKwXJ6aTDSGQDjn4odXjH/NwUVHZepzy+
ZDiMRdrxSRzoRuWgbFOwyinmbosR7QNH6oZhT0YVpe1zVX81tUPrmNxopLJQMqMAw/BLfaS4tgpZ
xeWqXSq8R6Fp//Jd2TYd97V0YRWRKIFZo9qAIhQM+WtS+NWWJZ5YomfmbPqYdbftK9EE75hH8iDa
aqtfnqbtt9YGajNX+Dt9Cl+Mn8Gakxx5R/HRhdmgaqudSAAAQABJREFUXUd5m0UrtMsakUgLXaM8
pT/sOFC+XejC9i+8oRQ0xilPhn3hzvqAQJ9gkKGdMsAI+yb6LZW12M/AQwpt9RlXFPXIWfBfy0dU
X+FRGvt6Z5XV9KmMKtAOY9cGZBK9z/MUn2EOgBYU0KVBL/wxV48rqL3QNrIWvJN1G7hQFvxXQYZq
xgQnkdpAGrXJ0jt1JR/yw+iSY4GhVX1hMVTeYCBDCvEYUzbAfxREk8TD4J4HO2fgBCZe02c8kjYe
+57qnvch5coxjg0d4wzCAyNfiR+pLGhMuDI/qq16z2/pEUs0ZbGkv9E92GDXEIrLzn/1r5wH0M0R
VO+cpnjXhQaJT+jCB/+bYjz/4ZelNtjc+8x1Nn2Xe/EL+pp1pA3Qh9ZBlr8rThfcrTG7NE4lC9s1
Wt/5pw+fUZu6XGm/nHfydafysacn2fld9AzuOIbYgEMrz/P1jI3T954+hSezNgBfGWRLfdK3DNJp
TPdZP5fmxKa6WP6PE6EcgOE5jHEblC/jr3Y9OOr8Y8uvvcc2Sf8zD4ofapxaHmnzk+GcdPZvGK+x
eUhPOm5asGXM5/1UGs5hBiiBbKeiTGJBx+6+kiEW4VAKP5tO97kinw7nHUqYktHFGhTwppMyRooY
6qNn9irjL0rZfDe44qnsvE56r6sUS/kuHRadmqSsQohFGe1pUixJQVLCT2V2uap+Te3Q0fvWaET+
eMnB6NU3+bWpfsKt6X2p7l3pwiq2c8OI8pcASB9I0c67rmXhcaa2x288JSeP+L29tLuDSRSvQ5s/
ZYj+SIenH0pV/bHQZxFJ//O+qV/UjtorSnAZAFVfXSkLA2Gel+qJEluKUgQe1c3SLWlRaKgMJjJ2
kVJ/FjYIBBglZcTOy+pCF4pL/THy5RjSVtXdjiPRuh2LiieDqfLO6T2v76T9xvBw4oknDmhRfasr
TguMC1tv4VGiMb2zfSxDLH3LLhCbl+5RlFAmNKxnXJWfxZ7njA3t+LRl2bRd71FOHXPMMY1YWJqA
D7cZiilbxmJLEzJwkhfl5XVk7mkz/lgexZjP09vfwg5cUU6x+0v8giv0rnmTOsoBqe94RLAX3eBY
wg4KxjDOcPBHnGps/cZxT11xJLB9U8pX/JZ4pTmfNPAo8SEUIjYfjW9oWCeE2Pf2XnHtXKW+EB2r
H/N6d6HBYWXa9/N1Dx/M25CXJeyhjdq5Ls+j9rdwtvRs07KrRjSKkUbvuuJuxz/5sR6Aj0LvjC3W
D6zJlD9X0QXxa+cfW06J35Jvic/YcmvvrYOTvI7ztNRHfNeugy09585v4v9NfZKXMew3yjoccDRW
1Z/2Oq45QXVR3/Vpg2iytk7WeE6b4DmWVlUnrUGIk69lmtaDo84/KrvLVc6I7FqCTqAP7Zah7qW2
CW/4BfMK/Y38h4MUfLqmfOEzDPf5FNIXO28pUsAPJZAdIzhzYRxld1/JEIsCTwo/m073uSJfShmU
MCWjizUosPZQkCKG+pQCawfKRCmb7wZXfJWd10nvdbV46BlXFPySS6E9BXgN7WlSLEnxV8JPeXS5
qn5N7dDR+9ZoRP7sOMFgpL7Jr031E25N70t170oXVrGdG0aUv5wxcLiQop13XcuyuiOcgsmXE4Cg
f/gA8ofNnzJEf2DGzjWUqvrjVAt4K/3P+6Z+IZ8uASW4DIB5X1EWPC4PqidKbClK4YOqm6Vb0mKE
UBnMIZxoQv1xZGSHNzoaGbHzsrrQheLSDox8OYa0VXW340i0Tt8oKJ4Mpso7p3fFn9QrhgdtFMj7
l984LTAubBAeJRrTO9vHMsTSt+gbSwFZhfKgYRuUn8We94wN7fi0Zdm0Xe+RK9t0DJYmhhmKKVvG
YksTMnCSF+XlgbmnzfhjeRRjvi0IO3BFnkPvK37BFXrXvEkd5YDUdzxq/Uh5OJYgBzCGcYaDPyK7
jDtQVxwJbN+UyhC/JV5pzicNPEp8iPWnDRrf0LBOCLHv7b3i2rlKfSE6Vj/m9e5Cg8PKtO/n6x4+
mLchL0vYQxe1c12eR+1v4Wzp2aZFj0g9+OP0ToWuuNvxT16sB+Cj0Dtji/UDazIbRBfEr51/bDkl
fkv+JT5jy629tw5Ol1xySTEZ9RHftetgS8+585v4f1OfFAtqeYiTCvp2jVX1p72Oa05QNdR3fdog
mqytkzWe0yZ4jqVV1UlrEOLka5mm9eCo84/K7nKVLYoj9KET6AM5QP1Vapvwhl8wr9DfyH84SMGn
a4LwqcW9Js+FjDO1hnOMIjIeQATs2sGgUFKcaCeXiAVlNUcpsmNGz3KFIx3Ou7bdI1K62LR6xmKl
pLiRcbpNkayybb6lvLRYKsVTPaxCaJhyUjuCrDK/VG7ts7b6kQdHK4GxVTRq54n65R73uEcykuoo
S8XPDcbkJ9zIr/Q+r3cfupDyF+Vck+ODvPxsu/qUhQIaD01hUbrCGG1bpdgpxc2fcRRKjskov1F2
Isxi4BTDpkwMBrTF5q1xwHt9F1qegk30Z3ey5W3hd9MOuC50obil/PNndgyXaD0fg8q7lj4tXpNw
zwKXXUDwEQwxMgqDC0KJrWMJD73XO8ubhE3buFL6/Kr8avlgnr72tzWa0mb6n6PA995778EYtTSB
wVbHtKPYLZWjcWBpQsfkkhbMS+ly2rJxaniU4gu7nLZLv+130UnfZzzCI+y8XSqHhZrqN46r8LB9
U8pXu56b+A9prMNAbswRDbetGVSu4tp+V1+Ijkv17kqDKo9rqUz7fr7uodVh2PeZ6/rWVzjLQSHP
R7hDm+JRfXGHV9L2Ep3zjHd2l7D6qCm+fS5M+/KZvN01v7WGVNmlNPSlTluxTqXCtZRW7bbjoZR3
zTNbPngh/LIG4YQUyhaG6tuaPGvijNIG0WRtnWijHJpoDydklOrYZz046vxTqkfbM+aENgcH2odh
Pc9DeFt+y5xEfzNe8/il323zqI2/kEL7Qpcl5RJrOIwiMh6AO7t2MCiUFCfayaXxhLKaoxTZMaNn
ucJRSpm23SNSuti0esZ6qRRknG5TJKtsm28pL+FRiqd6QHsKw5ST2hFklflK2+faVj/ykxOaVTRq
54n6hU/WYCTVUZY8J35uMCY/4db0njg29KELKX9RzjU5PmiXj21Xn7JQQNsj/oWJveIca7Focziw
6bjncz/jDCg7cYbAwCnnAcqBt9MWGzQOeM9cQtCuuSb6szvZ8rbwu2kHXBe6UNxS/vkzO4ZLtJ6P
QeVdS58Wr0m4x2jKfA4fwRCj3cPggixkQwkPvdc7y5uETdu4Uvr8qvxq+WCevvY386w1xND/rGes
fsHShN1xip61FDQOLE3omFzmMhmq87Q5bdn3NTxK8YVdTtul3/a76KTvMx7hEXbeLpWDI8w4g/Cw
fVPKX/rQJv5DGuswkBtzRMNtawaVq7i239UXouNSvbvSoMrjWirTvp+ve2h1GPZ95rq+9RXOclDI
8xHu0KZ4VF/c4ZW0vUTnPOOd3SWsPmqKb58L0758Jm93zW+tIVV2KQ19qdNWrFOpcC2lVbvteCjl
XfPMlg9eyFmsQTghhbKFofq2Js+aOKO0QTRZWyfaKIcm2oP9pRT6rAdHnX9K9Wh7xulfdl5V/9gr
dpo8CG/Lb5mT6G/Ga01om0dr0i92nKk0nEu5JAWPjvIrKeZ4JuMFx1/lxk4JXlJWQxj8MdAgMLsj
Vu+4stDVws6mlSKGAWvj675G8aiybb5Kb69StpXiqR7CinQMCBSHDAA80Wxe3EvgHofykvza6sd7
GVftEcBS9OFZhdLG1nFY/YRbm+FD+fWlC9FYE4bkLwMMOGL46lsWeWnnDXTKN7L54xu9TQpg4Yej
AUIFu9pKfwhotcpFYZZfMZ6Cg3ZU5+81UTCGcMrI32uXEThBm1KeNjmdMHbZDYhnNDuuwILvnVhD
XGksdKELjU/GPscN8e3dEn48w+ABH6BdJVrPx6Dq0Ta+GJc4H7DzJ8drMX6DM/3SRCsawywwbP1K
eOi9dstZ3iRsSkYVpWu6tpWV90FTHjXPVQ511HfYlI5xyjxj68+41zH3cg5RfF1Fb5YmJGjWzD0W
Q+UpHmXronf5VXMocXFkaqJ1nudzRp/xKOcL6o3hUjzNfoe8pt55O9p+1+Kh72xD702nV1henmMv
GrZ92VSvUlzRl3hYqd6KA0Y1NGjLV5k186NNN+o9Y7CmT7vOdX3rJQxznqX8rCFafaw0XXHH8x0P
X7yS6VfRO0okCTCWXsQPusw/0EkfPqP2drlaBwJ2BDel1TpEtEy8Ej0rvWjTYqF3Xa/KCwxZK+hE
G/Kx63b1bdf8m+Kr3D5tEH3V1ol2iX50RZmS10390GU9OOr8k9dh2G+dwsVaEt5k/+QwW+IfJbwZ
b+xK0rpsWNm164PFFuTns/xcuaR1u47yKynmeIYBAtrD4TU3doo+paxW/aWUsTti9Y4riisZjmxa
KWJ0PLNNw32N4lFl23zzfPgtPErxVA9oTwH+guIQ+i0d26hdX+NQXg6rH+91IpI9AliKPn0DV3Xn
Oqx+wq3N8KH8+tKFaKwJQ/IXXwJHDF99yyIvlIrMy9Ap38jmj9MumhTAwg9HA5w3mKdLf3ynFJ4z
SkA2BwftqM7z4hhvxh1jCKeMPEgmAydoU8rTJqcTxi67AVmjsOMKLFinWENcaSx0oQuNT+qN3oC1
Qwk/nmHwgA8QSmMxH4OqR9v4YlzifFA6cj7HbyF+gzP90kQrcpDQ8dKqUwkPvdPmDMubhE3JqKJ0
Tde2svI+aMqj5rnKoY44+NiAQZh5xtafca9j7lkvlYLozdKEHG9q5h6LofIXj7J10bv8qjmUuOgt
m2id5/mc0Wc8yvmCemO4FE+z3yGvqXfejrbftXjo5CDoven0CsvLc+xFw7Yvm+pViiv6Eg8r1Vtx
wKiGBm35KrNmfrTpRr1nDNb0ade5rm+9hGHOs5SfNUSrj5WmK+7sfEanjM6GfhW94yAtecjSi/hB
l/kHOunDZ9TeLlfmAc3TrEuagtYhomXilehZ6UWbFgu963pVXmDIWkEn2pCPXberb7vm3xRf5fZp
g+irtk60S/Sja378PfVUP3RZD446/zTh0/Rcp3CxloQ32T85zJb4Rwlvxhv6Xq3LmsrU83GuD5Tn
Ql6n2nAOs0HZKsVYSTHHgNEAYOFMGv2hXNGRklbBx3ubrqSQkpJdTER5ShFTUr5T3j777JPq02QU
sWXndVIZukrZVoqnelhFHDhJwYpCCuyUF0ZqfRe3j+JP+dhrW/3sznIdeWsV1ghXNi/u8eQG7ybF
v/pMjhR5evttX8Ulvy50IRojXWmXD20QjiwgqEPfsqQoKBndrLLc9rEELvpX4yLHgd923JTe1zxT
/5Z2lJNe3zLfaqutioYo7bYFS/2xe8juoFc9FJdvIemZvcoIXxoLwr+GLlhgoaSlPiXcVSa0ZI3b
wsKWn49B1aNEv/AGfeeJspnsiK/yFusqxXv+LWDVR+3Ox4KeWzxIQ99qp5ylW/Uvbbe7FFUOV+iJ
CRnlqX3eVBZx8j6w6breC4u8reSjI5tyBb8W8iV+T5/L+crShOikiQblQMR7i6HaIx6V10Xv7ZVv
+ZAPcaF9+87eo1gjXz1Tf3Udj/QHtI1yTHnpqjxr6q00NddaPMSvwKNp17t4MnFyw6H6zfZlU/1K
cXM6LtW7Dw2qDiqzhg8qzTiu9PmwPhWuJZ4LDlq3lOi9ax2FM3SIkiRPL8c3Oyb64E69caZh/ivN
xWoz6y2dLNF3/unDZ/J21/xWm6D/Eh8kD41j4nBUpPIt0bPeiTZrxo7SNF3Vv+AuXBWXIyvloDcO
WlK+XEdpg+pcUyeOggNb/hCO5fzL7/zTHH3Wg2oH+ZXG47D5x2Iy7J45UKcTlMpivSDHSEtLo+Kt
etWuDxZSaF/oskrKJQwWUoyVFHNSrkAj9JENKFd0pKRV8BHHpisppKRkJ19kbAUpYkrKd8rbb7/9
0nhoMorYsvM6qQxdhUcpnurBGFEAJylYUUjpO++8xwFP38Xto/hTGfbaVj+7s1xH3lqFNevUPLDe
Bu8mxb/6TI4UeXr7bV/F7UoXojHSlXb50AbhqO9d9y1LCkx4bR6sstz28UknnZQwon81LvK0/Lbj
pvS+5pn6lzVHSVHJHAZOW2+9ddEQddVVV6X3xNEfu4fsDnrVQ3HZVFIKMsKXxoLwr6ELfc6A+pRw
V9nQkjVuCwtbfj4GVY8S/YKf/V48az7iL3aQ4j3/FrDqpXbnY0HPLR6koW+1U87SrfoX3O0uRZXD
FXpCjuNEAxuayiJO3gc2Xdd7YZG3lXxwRKHuuYJf6/ESv6fP5XxlaUJ00kSDciDivcVQ7RGPyuui
9/Yq/SZx82OjbTyO6ydfBfVX1/FIf0DbrLHzoDxr6p2nbftdi4f4Fbg27XoXTyZObjhUv9m+bKpX
KW5Ox6V696FB1UFl1vBBpRnHlT4f1qfCtcRzwUHrlhK9d62jcIYOOZkyD5J37Zjogzv1xpmG+a80
F6vNrLd0skTf+acPn8nbXfNbbYL+S3yQPDSOiXP++ecPsi3Rs16KNmvGjtI0XdW/4C5cFRc5W4b/
cdCS8uU6ShtU55o68ek5sOWPzXty/uV3/mmOPutBtYP8SuNx2PxjMRl2zxyo0wlKZbFekGOkpaVR
8Va9xrk+UJ4LeZ0qwznGG4gOZVFJEcmEi7KTP4gQ5QjEym/SsbuOdAxyjnaX0YJ37IJEiSOFCgON
5/rDowmlJmXwfUo9Rwlnd7FLEcN7lL0soJhEWABKmcC7/GhjDK78sfDhCFjiUCfqq3d5m2VIzutO
PI6iJ4/8iGAZSnjHHwbHQw89dNAeno1DeQmO6i/qx2/qhYFeR3JTllUaW6Mak4cM+6SxR6uRBkOO
+kpXq7CVEo4JEyaoCZABTfy+dMGOK51gQP1RHmMEUjkymvMOGhqlLClTWYiwG1Tt5Ap9lxTAlm5R
ptNOpYOO8IRV/XOjpuLVXlU/2ooAaNMxJpiseWdPFLBxuJdgTjz+mnab23ah6LFjAVrQzqRSm7rQ
BXXSGAZ3lHuWL6CYgjapK3wFeiCNaNqOReWjMag2QL/Qi8VCRgXhwLXUFptmIe7VBtpqjxSmbLAQ
DeYKe7uTWd97ZjwfccQRA14jXNQOOT/Qdr5ZBCa8I52MWbxDqFQarjmf0bs2Pqg4Xa70LeXf+973
TicfkJb+h5fznD879/Beu+l4B/8HM/FBjnlXOksT0IYMhbwHS7DgOXxNabjmGDLGmaN4p7owPjSH
5O3lufgBfYkHvOLgHMKii/mA/DC4yhAlWuZ5l/EoPsxnFTiSTWVxlcBjx5V93/WeugoP2jgMD8a5
HNtoFwtnO/YxpvOcP+vgQzn0Dw5gvNP8JMxFx7b+7OBXXPEC8VPNl6TTt9k5aYP0fWhQ5Xblg0rX
9QrdqO20jbXIMOzV9i5zXdd6Kb74BfhTL5Q5GDgYy9q1wzs7b/XBnf7T2IKPaj2jeihP6EXjinfi
uV3mnz58RvXoerXf5WRdZk9nYO2qOSH/1jRrEd6JFmy5nFqTjwf7vss9jlXqW4xvpIUOEYzVH7zP
eWeXMmxc6J2+tm0Q/XMtrVXFm3jPfCDjN3Wy48eWQxprNLeGZK0/aBf0Lb5l+XTtehCs+s4/tr41
96wp1Fesae04ID3YaActBnTw0vMSvy3x2rwemg+Jy6egRAvgTtvzOpB+mgNrdzBg7V1SRLKzB2Un
f+BPoF/4TTp4D+lQpiGryWjBO3ZWWuMfPIDn+jvjjDMS5pTB9yn1HCWc3cUuRQzvUfayjoLGr7ji
ihl2UStdfrQxBlf+UC6y3iAePJ766l3eZhmSiWfrTjyOoicPsLJBhhLVA7nmyCOPHNSL5+NQXlKm
+ov6EagXPFhHclOWVRpboxr8GuMugTQYoVVn0mDIyYNV2EoJxw4U1hNSfGN4I/SlC8aYTjCgPshY
jE+VI6M576ChUcqSMpX5FScgG3CGLimALd2yhqWdCtARu8BV/9yoqXi1V9WPtrKBwAbGhJzk7IkC
Ng73x8Sj5tWvXOmrUrDtwrBqxwK0oJ1JpTZ1oQvK1hgGd9a/dmyhI5OOB74iniuatmNR+WgMqg3Q
L/Rig4wKFotSW2yahbhXG2irPVKYssFCNJgr7O1OZn3vmfF81FFHDfpbuKgdVseCnA4mBNLJmAU+
rCFsEJ+Bh9vQxgdtvNp7+pby99hjj7RWIh39b+UtO/fwnnWS+hT+D2big+jk9M7SBLQhQyHvwRIs
eA5fUxquOYaMceYo3lEX+ATjQ3MIdbKB5+IH9CW6YwWcQ1iXST+GwVWGKNEy5XQZj+LDfFYBOcOG
iy66aFBvjSv7vus9dRUetHEYHoxzObbRLnZ12rGP/MVz/qyDD+XQP1ojan4S5qJjW3/0F+Rj+138
VHRMOn2bnbUgoQ8NqtyufFDpul6hG7UdmmUtMgx7tb3LXNe1XoovfgH+1At5iBMGoDnJN7yz81Yf
3Ok/jS34qNYzqgf9LBrQuOKdeG6X+acPn1E9ul7hzdSbP9Zl9nQG1q6aE/JvTbMW4R2Ya32usjm1
Rljkc6Pi1F7R45IX5eDgSiBPvsmu/uB9zjtr88/jQe/0tW2D6J9raa0q3sR75gMZv6mTHT+2LNJY
o7k1JGv9Qbugb/Ety6dr14Ng1Xf+sfWtuWdNob6CJuw4ID3YnHjiiSkOBnTw0vMSvy3x2pTA/NN8
SFw+BSVaAHfantfBJJ2426kwnCNAWYMkHcIfxm+YMn/W6KL3GDQQrrWjQc/briygyM8qnNriMzmo
Dlyl9GxLw0CzypnXv/71qT1taXin7/+Ch1Vs8Q6FJIKwVY4rP6vkp45W+aY49joOw3kNDhhPWHRY
/DSR2vo03eeGRfpaRh7SMEHmaTmOjfL60IW+yV7KNy/HGhL7lEUdc7pgDPBdugMOOGDQLvW7xVAO
FaoTTAxjn37riqLKput6n9dvu+22mzn22GNnGUcpS2OqlL8YPPFQCOA8UYqXj0f6ABqzRzyTR74L
lLy60AXxmRSl/CdPyoKuUPjzW38ochlzOa0TD+HFGkZREFqPMuLI6E6ZjGmr1KeMpm/wlvCZr2cy
dKrN8FIWdQcddNAAh7wt1MW2VWlLV4xG6nMwy/k8NGXTURa0IMzy+OwyRMAt8UFrCOuDV64ctfXK
79UuaM86aOXx8t8s8KhbTVmiF/F3qyDJ89XvEk1pt7zigCn1129dUWYKt77jMacneBPHyenkF8oa
tZ9URykYVf/SFcFS8bmWxj40CN0pPfOwdudDa/lcrHj2qn6lDC3m7XsUuFZRtPfeeyeDgqVv+GgN
XShf0aDa15UPKl2Xa4mPqT75FQOF8s7nEtpdM9cpfc0VPiNDmcZOXif9hv/btUkf3BFY8nKYR6B3
O7/giGnrX6LBtvmHtH35jC239h5B3TqYgBljJOfVOkmIfK1hXxjLebS0dscAX1ufPB7zqh2vKq90
Lc1deX5tv2vonfUDSm6bT75mKNWNZ1oTleZTneQDL7L0RDo79vusB2voXbSt+ce2r+a+NF/RDtZU
pM/nGGFkFa16puuw/izxXqXlCt8p5TFxkv0YKoSCwxokhQNOWgqlPmKeQoGkHQ1K13alLwlW4dQW
Pz+mWkrPtjQYD6xyRkrjtjS80/d/wcMqtniHQhIFJnNBno9V8tM2q3zL4/J7HIbzGhwwnlxzzTVU
aRCs4rpUN/ssNyzS1zLyEK8k/x5//PGprD50oRMsSvnaenFvDYl9yqKSOV0wBp797GfPkuPU7wMA
440cKlSn3XffPRn79FtXNieMEvL6sb5E12GNo5SlMVUqi3lJ9UFWK+02J10+HukDaMwe8Uw++S5Q
0nahC+JLwa96URZ0hSJez7iiyGXM5bROPIwk1jCK8xhGTKUnDnOHAmPaKvWJx7pjsYMMnao3vBTZ
zOoz8rZQZ9aUStN2xXCoPgeznM/nMgtlQQuE0rzALkM+C1Dig9YQljLo+A8nqLa22HdqF7RnHbRs
nNK9HEdqyhK9iL/nTiil/Es0pd3yik8fUH/91hWHEYW+4zGnJ3gTnzG0m7VG7SfVMZfh1Q57zT+p
Uhr70CB0p3TMwzguEqC1fC5WPHtVv5KmdMwy62a7XkQXgxHHjgf4aA1dqFzRIGUSuvLB/6bq9r/E
x1Sf/GpPlsjnktq5rkvt4DMylGns5HXSb+ZVuzbpgztGvrwc5hHonfxVFvptG0o02Db/kLYvn7Hl
1t5jzLQOJrSDMZLzagybCtawr3bLebS0dscA3zcwr9rxqvJK19Lc1aXcGnpn/cAGPRvyNUOpbjzT
mqg0n+okH3iRpSfS2bHfZz1YQ++ibc0/tn0196X5yq5n8zlGGLXJ/MP6s8R7lS9X+M6wPGratlBx
psZwnjMPlBsQoRQ02gVqO0uGQRRpufGCQcfOGbxoyEvpZIyX0gbFFfd2sU5aBAsIUOXrKoUYQjQT
GLv0lDfGS7wcFVfXklJRaewVpRJCAgNaxxfqPUZodkzIq17PucJAVZauGKmoC8ZgriwwpJyzSjfF
73ot9Qd1ATswReCxzgPKHwUw39ey9ece5Sr9bQ3AKAOUTtdSX5MeI2ZuwC3FbaMLCfhqB4KOXZjy
nAUEDEj10bVrWaQTXVAnS6OUw9/+++8/5zvwKg8PeCk2FZ8r+eBZTF8rbt+r9Va2ZeieMVvCwpaH
0lfxNfbse91bQ2iuoCc9uGt3mdLYawl/0pXognRMyCzEVDd7RVHMTgAZfHPFP+MUT1aUMUqHIwXx
xceIY0+qoEzoSfGJx24a24bFuLfGf9XNXhnL7DIq1Q3hKadb2midY2QYUHp4mzzhbDmMAQwA8C3F
RTkkPBVXnyiw9KJ3JT6ovGqvJacjeACezpbn2XbB06znouoDtnYHOW20Y4Cjw3WsvdKAJ8KQPSUE
QzO0pR2silu65kY6tfvyyy+f2XfffQf0Z9NiwLSGX9JYfLuMR40VaxC2ZbHok+FEdet7tf1hy7D3
CB55/oxdHIBsPN1TP94rDcKYTrug/xQvv9p+LfFNHH7s4hPagG6EF/nJmNiHBlXfrnxQ6WqvpTGZ
Y6HfrI+U7yhznfIYdgVPq/RhjKKQVn10ZX6ED+X5dcWdPETnpTHCWOY0CeqVl9Vl/lHavnxG6bte
6b+cv4NhaV3CfCl8ddX6PB+n5GnX9l3rRXyUC/n6h3xRolkHldI83KW8GnqnXBwEbb55m4VJfkXu
oF9Zr+VYw3dw3GFM01bbXuQQrU8ot896sOv8Y9tXc6+dIbbNtAlMSa85xvJVMGBNadtq0w/rT/EZ
mya/R5bK56CFEtgXshyUU7lyGuUGu/cUtAvUYiTDIH2UGy/oK9a6OIqQl9LJGC+lDYor7u04IC1r
bubUPEghxu4WToFil57yZqci9J2HklJRaewVpRLHQ6NQ1/GFeo8Rmh0TrDv1TFc+g5AHjFTUBVmR
K/K6DHtW6Zanq/1d6g/qA3Zgym4Z6zygfFEAc2qe6q4ra2L6Gwz1DOeSPJT6mvjwp9yAW4rbRhfS
O5Af8TBC2VMEeI4hiDkhD13LIr3ogrIsjar9rKcZ/6XAGkyKTcXnSj6s8enrUYNOXrL523vGbAkL
Wy5rD6XR2LPvdW8NobksRXpw1+4ypbHXEv6kK9EF6dgxX9LvkAZFMU68Mvjmin/GKbua7NqcNRnx
xceIY0+qoEx7QiTx0JMtdrD6RPWTvTKWm2gQnWVOt4wZ6xzDOlc40lZ4mz0pSGUxBjAA2F2bpXlB
nyiw9KI8SnywK74lpyN4APohy/Nsu+Bp9iQ61Qds0fXpN21ER6HA0eE61l5xwBNdqD0lBEMzGJbW
KUqna26kU1mszexGF8Xnin6INY4NFt8u41FjxRqEbVnoVOwOVltm13vbH7YMe4++IA+M3ZK8RTrq
Z3eQYkTUaRf0n83b3lveVuKbOPzYz6pCG9CN8CIvGRP70KDa2JUPKl3ttTQmLQ723n4CZ5S5rrZu
4GkdN+BdON/ZOnHP/AgfykNX3K3jQ2mMMJaxaVCvPHSZf5S2L59R+q5X+i/n7+BXWpfkm16Ip/V5
Pk7J067tu9aL+Mix+fqHfC+OG0itg0ppHu5SXg29Uy6yog15m3Ma1G/kDvoVw3mONXwHxx3GNG21
7UUOsfNqn/Vg1/nHtq/m3p6oqPbSJjAlXPU/J2DLV8GANaVtq9JyHdaf4jM2TX6PLDWuOagGh1Hi
rETi2IChIXoBDY2z1CNERVKIQnBYbbXVwgYbbBBWXXXVxiZFBhPiIjtEI3I499xzw8orr5ziRqG0
NV08sixExUGIC7ewww47pDRxoOHA0JqusSIL+CIKwCEKSqnNUXgOq6yyygKWPruoOMEF/sCdvlpj
jTVmRxjyKw7Q1NekX3vttVux70IXpWKpJ30MXuuuu24pyuBZ17KiABxWrFgRVlpppYRHXDQEaJBy
1llnnUG+TTfROSFhGCeJsPrqqw+tX1M+peeMpSjEhajEDJtsskmICq8QBbBAWeutt17YdNNNS8lm
PYsL6RAXzSEaMUI0qqZ2zopgfoAdfbnmmmsG+jcutENcYKffN7jBDUzM5tsudEEuxI/fLExYgz24
d6XF5trMfRMnt9SmYXQ0N+X8PAHzaFQN0VEnjaGoxA9RyZj6aeONN05js61kxkVcgKQotAkarAnQ
FmVB49xvtNFGrbRRk+e44sRFVQAXAvWr7StoifEB/dTwCtU3KnoSjVPufOMArUOD1JE5i7Y1zZN9
xiNtoIy4UEs8kzEsnrbhhhtW04ewmc+raFBl9JmHlHbc1740qHp05YNKN5/XUee6vnWDR8HToPe1
1lqrlQa74q61AfMTacGd8cX4j0bAoTytz/zTl8/0wQ/sWGNw1bxfyw/7lNc1DTRFv8LPGL/LPfRZ
Dy7k/DOp/VO7vpzU+s9nvaAp5krkaubwpvUCdYhKoxB3dIRoRA7RabBaro6OgiEaeAIyanRsSM2B
5ywFuTo68YSdd945tTk6xy26XM36i/mHvuoqyzC3sF5Drmbt29bXXeiiRJ/Mnci61BV5si10LSsq
XJPMKrmaOZmyKKdGrkbWBQPJ1cPq11b3/B1jKSqiQ1RiJhk6OkcF9HOUBR+KOzPzJHN+R+N0iE6e
IRoaQzSqtq4zwI42S66OO/oGcnXtnNmFLqgs8WkT5UJP4NeVFuc0uuUB/cv6a5z91FLc0FdgDi+L
jtFpDPEbeoce0aUwNtsCvA/5mECbusjVyG3gDp3VrEHb6jHOd/QPOBCoX21fQUvwNOinhleozqwN
oXnKnW8coHUrV9O2Jt7ZZzzSBspAJwNtMIYlV6MzqKUPYTOfV+hO+hPK6TMPzVf9+tKg6tOVDyrd
fF5Hnev61g06hKexRkNv20aDXXHX2oD5ibTokSRXo1uCj7aFPvNPXz7TVo+md2DHGoMrf+uvv341
P2zKc5zPoSnJ1cPmqnGWO6l59VkPLuT8M6m4TWq93HDes2ei53DYfvvtQ9xdOlTwsEVEL8IQvSBD
9LgL2267rX01cfcsYDSZRe/WED1+Q/TMDHHHUDj11FOHTj4T1yCv0JJCAIUsyoHo+RTiTpKw+eab
L6n6e2UdAUfAEXAEHAFHwBFwBKYXATecj6dv487tsMUWWyRZM578UC1jxp1i4fTTTw9xh16Ip3eM
pzLzlIuVq+OOlrDXXnuFuAM/xB1D4eyzz65u8zxVz7OdcgRQyMbPCSW5mvESdwtNeYu9eY6AI+AI
OAKOgCPgCDgCjsBoCLjhvAd+8fiFJODGo9ZSagRevAPx4ItH+SShJM+WHUsYm+MxrMlrMn5LM8Rj
OpMnFDvXH/WoR+VJFu03nkLxyImA4qIULrroouQ0UHrnzxyBURBgl0k8ajN5IMajQUL8DlTKLn5K
IXBaw2abbTZK9p7WEXAEHAFHwBFwBBwBR8ARGAsCbjgfHUZ20XKqVDxSNWUWj8IdyNXPfe5ziydU
IVfHT2eE+EmLtAMnfpIpxONok1wdP4MWHvOYx4xesTHlgFwdjykN8TNkxRzjpw/CjjvuWHznDx2B
URCIR9OGeCRxkqvZyRw/FZCyO/DAA0M8vjQ5q4ySv6d1BBwBR8ARcAQcAUfAEXAEphkBN5z36F28
2zmevRTid3DCTjvtNOeVjnaf8yI+4ChrjrTmGKFJCBz5xU56dsXbgCd//J5PiN8NsY/93hEYCwIo
luJ3lMMFF1xQzK9pbBUj+0NHwBFwBBwBR8ARcAQcAUdgHhFww/no4B588MHpM2alnDD0cZx5HnS0
e/6c35xWxU7uSZKrd9ttt4DjuQ3I0/H7w+nTb/a53zsC40AAuZpPH8TvTBazaxpbxcj+0BFwBBwB
R8ARcAQcAUfAEViGCLjhvEen4+XOEWulb9Bw7FXpOcVgPOc7Wfb7GvouFd+emaTAd0H4TgVXAt+p
8G9VTFIPTWdd+LYR33DKlV2ME45qn8/vnE0not4qR8ARcAQcAUfAEXAEHIH5QMAN56OjilzNUe18
Cz0PW221VaNcjfE8l6v57iPy6ooVK/KsFvU38vTVV189kKv5vix/HhyB+UQAmZpvoee6KcbJlltu
6XL1fILveTsCjoAj4Ag4Ao6AI+AILHkE3HC+5LvQG+AIOAKOgCPgCDgCjoAj4Ag4Ao6AI7CQCLjh
fCHR9rIcAUfAEXAEHAFHwBFwBBwBR8ARcAQcgYVBwA3nC4Ozl+IIOAKOgCPgCDgCjoAj4Ag4Ao6A
IzAlCLjhfEo60pvhCDgCjoAj4Ag4Ao6AI+AIOAKOgCPgCBgE3HBuwPBbR8ARcAQcAUfAEXAEHAFH
wBFwBBwBR2AYAm44H4aQv3cEHAFHwBFwBBwBR8ARcAQcAUfAEXAElh4Cbjhfen3mNXYEHAFHwBFw
BBwBR8ARcAQcAUfAEVhEBNxwvojge9GOgCPgCDgCjoAj4Ag4Ao6AI+AIOAKOwDwh4IbzeQLWs3UE
HAFHwBFwBBwBR8ARcAQcAUfAEZhOBNxwPp396q1yBBwBR8ARcAQcAUfAEXAEHAFHwBFY3gi44Xx5
97+33hFwBBwBR2AIAl/4whfClVdeGe585zuHW9ziFkNi+2tHwBFwBBwBR8ARWA4IuOF8OfSyt9ER
cAQcAUdgXAh89rOfDd/5znfC3e9+93DLW95yXNl6Po6AI+AIOAKOgCPgCIwdATecZ5D+5S9/CT/8
4Q/Dl7/85XC7290u3P72t89iNP/86le/Gj73uc+F6667Lqy00kph6623Dg984AOLCX72s58FFo0/
/vGPU1wWjbvvvnu43vWuV4yvh5dffnm49NJLw5///Oew5pprhrve9a5hhx120OtZ11/96lfh97//
fVhllVVmPbc/ttpqq7DyyivbR8vm/pe//GV4whOeEFB6/fWvfw23vvWtw/Oe97zUH8sGBG+oI7DM
EIBHf+QjH0k8/vrXv35Ye+21w2677Rb23Xff4tj/29/+Fnbdddfw3e9+N7zoRS8Khx566FgRYy54
4hOfGDbccMNUPuURXv3qV4d11lmnU1nnnHNO+PCHPxzWXXfdcPXVV4fTTz/dFRKdEPTIjoAj4Ag4
Ao5APQJuOG/HCrn6e9/7Xvj85z+fZOo73vGO7QnM28suuyx86lOfCtdee21aH93qVrcKe++9t4nx
f7c//elPwyWXXBKuuuqqFBeZbq+99hoqVyPvU4bk6l122SXc4Q53+L+MzR1y429/+9uw6qqrmqez
b5H9l6tc/Ytf/CI8+tGPTutZ+v22t71tOOGEE4pr69mo+S9HwBFYqgjAP9///vcnHo/8iey65557
hgMOOKA49pFzd9xxx/Dtb387vOxlLwtHHnnkWJuO/LvffvuFG97whql8dHyEt771rZ3l6jPPPDO8
733vC+utt174yU9+EpCzmYc8OAKOgCPgCDgCjsDyQWBZGM4/+clPhiOOOCIJxk2GCBZvCHcYHRSO
O+648KQnPUk/G68I0cS78MILZ8W5y13uEj7wgQ/MEqBnZmbCaaedlgwwsyLHHze+8Y3Dxz72sbDp
ppvmr8Lf//738LSnPS2cd955c9498pGPTAvPNdZYY9a7pz71qeHcc8+d9cz+wGj0ta99Lay//vr2
cbrH6H7/+98/nHzyyckbdE6EKXigHaRqyn3ve9/w5je/udXRQHEX+wq94uCx2mqrzakKz+55z3s2
toM+R7mBc0cp/Otf/wo3uclNwnbbbTfnNbR+/vnnh4suuig5Zdz85jcPKJnA8p///GdyPIAOyYNx
9+9//3tOHpS71lprhS222KJI63MSDHmA4RGnlZIii3rgXFKicZstebzzne8MX/ziF8Pqq68eVqxY
kej+mmuuCSjKMGxSZwJ54vSCIGYxJE0JM9IMw5w4BPK+zW1uEzbffPP0u88/BFgUVrZupXwoa+ed
d06OI6X30/YM3osgbXm82ggvhIZKCnBweshDHhI+85nPhJe85CXh4IMPVrKxXHM+RKYI++xyH0a3
eQUOOuig8N73vnfw+BOf+ESjY9Ugkt84Ao6AI+AIOAKOQC8ESuuGXhktoUTIu49//OPT2rZJrv7G
N76RZAKMDgqnnHJKOPzww/Wz8fqb3/wmGV1wcrSB3YnIFtYwzdruxBNPDEcddZSNmu6RZXA255oH
5GrWcyU5+cADDwwYTHK5mvive93r8qwGv1lL4hBfoglkCWSzs846KzljDhJN0c0VV1wxy6iEHuE9
73lPozw6SU2HXr///e8X5Wo2Nfy///f/Gtvxla98JSBHNsldyBE3u9nNipsxoHUMeuh/kLE51Qpn
Xnbj/uMf/wgvfvGLEx2Sx8c//vFGuRonYDZDlGi9K84YHnEoaZKroeMSjdtycGR5y1vekjaUMI42
2WSTcK973SvpDn7+858nPmDlapxectkVvVjTBpZhmKsu4MZGGPQVfQM6DxxrmvpX+VLWPe5xj7DB
Bhvo0VRf4b0PfvCDk2E5byi88Ec/+lERC3CCxuHlr3zlK8fukJ7zIep2oxvdKPB8GN3m7dhnn31m
6V6/9KUvNTpW5Wn9tyPgCDgCjoAj4AhMBwJTbzhH8MBwxuIb4ZmFXClgbMDoYEONkQQB+T73uU9A
8CG89KUvTQsqdoOzg5A/G37wgx8Eedvjlc0uRwygT3nKU1K0JuPty1/+8nDsscemOAjdHBmMIefJ
T35yevbc5z43OQeoLIyYe+yxR0CwQFDBA5SAsgHhDqNMm3Hmd7/7XTKq0S52aG6zzTbKeqquGEbB
Ea/YBz3oQeG1r33tLIXMJDYWQeVhD3tYMl431Q86KwkHNWnJkxMQwMWeVnDBBReERzziEU1FzqIn
dufiODIscCID4wxa7BsQzDV+Snl89KMfDTvttFPpVXqGswROKW3BGiCb2gZvQdGQt8XuWG4rQ+9G
2dWMYI9iEWG1JtTwuJp8lkIca6DGKYoTPv74xz8mD3L6Dj5ZUoowZs4444zkeMUJFcQbZ8C55Ne/
/nWgnD/96U+J77bx5ray6f8//OEPaZx+61vfCpZu29L5O0fAEXAEHAFHwBHojkBprd09l6WT4pvf
/GbaSYyBDifeJrkaZ9SHP/zhsxpWYyRhxzgyLusiAusvfmNk22ijjdKfzZTd7OzyJiDHY/TGACqZ
vsl4e9JJJ4VnP/vZKR1ywN3udrdkyHnMYx6Tnh1//PGzjPHI1egTMJywfmQHIgG5GiMhDrVtxhmM
ojjG0i4w5H4aAyfdYRB76EMfmvr/bW9725KQq9GZYLxuCuhFSgZR1u7D0pInJyB8/etfnyVXf+hD
H0qnIjSVaekJfRZ5DAvoBxhnpO0bXv/61w/GTykPaB3H66aALuVxj3tc0+v03Bogm9oGb2Es522x
O5ZbC/nfy1F2NSNXYXhHV1cTanhcTT5LIY41ULPRBl6LDAoPhz+iH22Sq4mPQ8Jhhx2W4o2zvcjV
bABibFKfbbfdtpU3t5VN/6MrvN/97pfGr6XbtnT+zhFwBBwBR8ARcASmB4GpNpxb4/Gw3eMYLBBq
UQSwIxGBe5hRyebftlvckgtelnjqs6PUGqMxZCN4lQwmCAh4ZmIIQRGB17MC3sd4Q+JljCCjHcgs
FvHsR4DFEGe98zlqaPvtt0+G4te85jWzhDjly/UVr3hFeMELXjAnbxtnGu6FB04L7DywWE1q+zDQ
yhsdOoVGUACx8wOvcwzS1uht28FxiRgREWbwZs/TQzscQyUHD9IieNzpTndKDiI4fGCohuZRFh19
9NHh4osvnkW77ORAIYCiAYEVBwzicZoC76Bb7fwlX474Eu3autbc47zCLms841HQYPB/xjOekXa0
M0Y5qrFJsfmqV70q4HRCQMhnZznCHtjilCIDtDVAMoapL9ixS4DyFMiv5Fzw6U9/Onk6CwvVjzwI
tB0PfBR1w/iOyipdxSvAgvbIUYZ82Q2vZ9SZuo9SVqn8SX7GricUovQxeExiUP+hWO2z41xtghdw
1LulW73zqyPgCDgCjoAj4AiMB4Gm9eV4cp+sXKzxeNjuceRq1jLstGX9hRF9mFHJ5o883rRb3KLC
mpyd6VtuueUswyIyMcZwa3xUOtZayB4YMkmL/KeAbIKRBGM8Bm7JJshGnEyHrgCjj5UVkRU4RYs2
srZukr9Ycz/rWc+ak7fKnpar8MCQxsYEi9WktpE1N7vOkcvYqMCpYi984QuTXI1sjUG6qV+RqZAb
JVfn6aEdjq3HAUQBYxx6IMYIOqdnPvOZSQcFdpzKgJxsaRfZmd370B96HdKh27rpTW+adADQrU53
wMEDuVy0qzJrrxg+kR9I/4Y3vCE5QvApO3RN4MMpXCUnAvI/9dRTBxs5kKNpC6dnMZaQwWSAtgZI
xjCn2ZE3RnscLxTe+MY3hv33318/B1fah15MWKh+4ETglAB2ziPjD+M7g0wLN+IVyNXoPqBldB/k
y254PaM+YDVKWYXiJ/oRfca4wPhNv09iUP9x4kefHedqE6d48vkzS7d651dHwBFwBBwBR8ARmG4E
ptpwLqMyxmiOgOIo5ZogA8swoxILe4QH8sdrsnTEek15xEGQ4JtqJcM53o73vve90zd2893fMvqW
0jWVLWMhC/wHPOABTdHSznQEPUJusG9M1PEFRk+UFuyMZ9cAgbZg4KPN1lOVI7zYFUDAmxSBnKO1
qRuepShN2DmsOqeI2T+UMHwn/j//+U/ahc9OZI4QQ/gZp+GcMtjpjBDOsegE6nXIIYckz9esWr1/
omRiBywCOFjo2LPaDGvT00ePetSjkqKJzw/Y49usUT031LXlb3ew5+lq65/Hk8EQQzoexm3Bnv5Q
GusoDvgGFwGBOD+GHRrilAIUJjgqwDdyBxZbfhsWxNNYLtXF5tN2L8MrJwbgFMP4Ub7wKj1Tf1LW
Yx/72PD2t789OdmgaCBQVxwAUIywwx5eyhH2esc3JlEcMJ5QIqDgxEGB3xxLj8KJ0zZQWoJJKUjZ
+Y53vCPxGuKQhnLhS6pLKW2XZwjK8AscllBm4QH/gugQhIKGNuEowR+nhNjATir4utp93XXXpW9r
oqRqC+xiR7mF8hQcCfAmjonneMO2oP6rNZyjCGDsMP7pa44ipAxOPuGUknGNq7Y6+ztHwBFwBBwB
R2C5IrCcDOcyKmPQ4/M2HL9cE2RgGWZUYp2Gozj54yA8bL3VVjY7VTn22hofFR+5GvmPdV6++1tG
31I6pc+vMhbSTnZaNwUMeWpTbrBvStP1ObILzr3IhKx/CRtvvHFyBsZBP5er2R1MYE1O3dEzcJIX
sivOAxj6cbZvCjgGY0xCJmItjdEWuZp17zgN59AD7YLuODmPsMMOOyTDZS6fNdW15jnrdvQxbDxA
/ukjV9ekpy3IjuCFPsnK1daonhvq2upnd7Dn6WraXoojgyG4D8PZnv5QGuvI3ZIJL7vssjnHsEND
bA4BDwyy6HdyBxZbxzYsiKexXKqLzaftXoZXdvsj1zF+lC/yqp6pPymLzze+6U1vSk4OkiGROTnd
EDkXJwv6Sp+C4B06Fm0EQK7ebLPN0jHojC+wQq7mxI1dd901YVKqM2OYelA2MjoBnRqOB8jt45Kr
4ZuS4dG74GiEPgGnBdqEowR/uVyNToxTHdTua6+9NvC5SdraFtAzoStAbwlWBOiCT2fYzUSlPNR/
tYZz+B76OzZ+0NfMIegjcaLhlJJxjatSXf2ZI+AIOAKOgCPgCEwmAlNrOMe7V9+zZYcsRgQrLLZ1
R43hnPzxnGWB+vznPz8ZbPXdaAz0tWWpHhiuWGiXDG8sThE+8YamHbRLgR3SCDVNR7wrnq7WMINx
EWG6KdBGDNGUUZt/U16l5zLold7xLD9+HgVA29FgyodFud0tzXMWzAhheCc3hXEd1S6jZFM5eN/z
DaxxBNuffXao1qbXpwwYS5xEkAcEQIyMGCbt9w7b8reG53EZ+GQ4r8mPujKe2HWSOwPQPo1xjOYo
knLHGARAjJSMDT6fwNGNKFmayrZYIHjx+QQcPhD6wJedDBjqRz2qHQGPEwP02QE5CFjHEDkVIejy
uQgp8my/6oj70lH4vKPN1HtYYBcFO+ztTg2UXgjx4FUKCPo4VgwTpktp7TOUozjF6FMa9p29V1vt
M9GSfYZSt+l7e8RjDKKYbAooyVCqcCpEKVgaGTaeUSKwe74tNNFiWxp/5wg4Ao6AI+AIOAJ1CCwX
wzlrYn3PFodLOWLWoFRjOCd/5LR3vetd6bvOGGw5iQl5GgN9V7ka4xGGqpLhDbl6l112SSe1sVam
PQrnnHNO+o3cXfN9btZtyBHImTiOtjnp00Ycw/lOem3+qlfNVQa9prictmS/BY9MPMzJmLyQgfLP
b6HzQK5g135TYAf+OI5ql1GyqRzWuuP6jJLtzz47VGvTYxQGH2hPzgu2fchX6DNwhM3latFbXj9r
eB6XgU+G85r8kJswLpacAWibxjjyHbSXy54Y53GGYGywUQKdD0baprIt1hjtkasZh+iAoAnkTvRq
ox7VjpMN40S0LAcB6kk/YeiWUxEyHp+LsH2mftUR96Wj8HmHTuK8885T9MYrekf+rFyNUw56CPAq
BRyBOHGQkzFGCcjVOGnj4N0W1FYbR7Rkn+Hgk+vs7HudHGKf2XvmDPBsk6ubxovNh3tornS6gY3X
RIs2jt87Ao6AI+AIOAKOwHQhMLWGc2uUxRsU4a421BjO7S5w8sXQI+MM9ygJ2nY+kwajGUYpdluz
4CZQNt8ozoMM5Dw/5phjkvcjQgE7Jwm5QT09LPxjgQoWGInbjmlXUhnY+J3vdlecvlf1EXghaCGU
I3ycffbZ6Zh5nlOmvhOPogNj5Ytf/OK0e5RyMeTicIDX6uMf//jkBWx31hIn7yuMeAhBGO10TDfx
xmU4F2YYyfCG5Tt2HK2GsgLDG/izOLcCD+X3CQiN7M6o3aGal1Gbnnoj4BMQ4sGKnQXWQz7Pm99t
+esdwvO4DHwydg7Lj7LZIc3YazpenfpjdEYphHEbgdwGaJY/FGAoE0877bTkkYxSjOd5UHvpK5Rx
eI6j9ABL6os3O57lCPmbx0859AnWSC4as8/0KQI9QwmAoI0SgDq/+93vTsXCv1AqMh45bvODH/xg
2q3CyzPPPDPtCMeznHvoQYExizDP8X7swJFh/OlPf/pAWScc6He+XwfvwoMepSjjHe9zAhggMOce
6yqr5grPoF84rYIdHBz5R8DpCW942sAfx8zljhF4m6OAwDOeYzlR9LTRlU4NIX+M6xzpSZ/iHY8i
GCUwAfo48cQTi0pgYTNsPKOo0fc7+WQCxzWCObzTfjqgrb6pMv7PEXAEHAFHwBFwBHojsFwM59Yo
iyETo1FtqDGcI6tpFzj5YuiRcYZ7jIhtO59Jg9EMwzeyLvI0Aade1ph5kIGc56zJcHrEiVJrtdyg
nqfXb9atGAqHHQwaU58AAEAASURBVNOu+DKw8Tvf7a44fa/qI/DCgIc+gXU862zWpDxn7Y38QWCN
jLGSdTtO3wTWlkceeWTg9CRkbNa2dmctcfK+4phsMGDNfMQRRxAlhXEZzoUZRrJDDz00fXManQtr
d+o9TicE1uG1hja1015r01PvPffcMyU944wzEv0gl9TI1U31U9nIreMy8MnYOSw/ymZTAPGajlen
scibyN6Mt1yuRqeFUzubSfgMIePyOc95TpI/OSY7D2ov4x49hegbmZ16oIdj/HMKG8bePsEayeVI
Y5/JcK5nOOKjX0D+pT20hQD/wrFdcjXyNrIoAScfnMlpD7IzDvQKtAkckPHQf8kwjv5K8YQD/Y5c
jV4C3RByNZtkdLokGMBzRpWrqQ88gFMZ+CwY4QlPeEL6LB4yNfWh3ziNzgZ0YejxKB+5lU0XbXSl
U0PIA+M68jzfm6cM9Bcck0/gkwBs6ig5VwkbaCR3NEmJ//dPjiz8pN58igTM4Z2cgKDQVl/F8asj
4Ag4Ao6AI+AITBcCU2s4l/EbQw6L5two0taNStt2ZDILMX13XHlhIEUgVRhmaGaRhrFXgbpiOGOR
XAosqmlLHjg6i12xNQGjO8KHjH3D0rAzVA4ALHBzj/Nh6WvfY9jCwITAyB+GSHZclgw/Mo4izNEe
LZQRxBBKMLghKMjbl52xGK0RJlD22KPGOBaLslA2YNCWYbG23k3x8PpGOKJdLPA56o1FO57U9POw
3aRN+ebPRYfDDG15Ov2uTU88GZqVlis0zy5p3uHtT5ttsPkjbEhIxhiLsIUih35hrHQZo7YMey/a
KNGNjWedKaCVmh0XNj313yUalskH4y5KKBlO6d/SaQ7CwvII5Tmsvoo37CpDMTu1UTARZCS39I1R
GIM3yiaUXQTVn/t8rMtxx+ZBPDm/cI+CjTx1LB07CxA89T1xxidjUycyNPFmm+cbhnxOgnJrg/LN
HWtq0qvObf0k2uMoeJwWELhtUB48YyxwjGUeRCNt4xnFA32G0pCdKihSrKJNn+Ig77b65mX7b0fA
EXAEHAFHwBHohsByMZzL+I2M2vUYdaXFmIvhsxRY/2AQtDuYMZLY38MMzTijsxZVoK6kbzpdjTUt
Bq084PzI8cg1gVOVWPvK2DcsjT2uHVmh5Cw/LI+a95I/WYuyRkQ+Rl4pGX5kHKUtGMUkVxMXZwYM
buyml1yNMQmjNfIbRiV7EhNHxVMWMoXdkVtT57Y4Vq6GVthhyokE1I1+bjOKteWbvxMdDjO05en0
uzY98WRoVlqu0DzjAN0Ejs0luVqGc4y1Vq7GeIgTA/2CrJnv6Lbl1N6LNkp0Y/OwzhQ1x7rbtNwj
V6Mj4bNYjHNkRBlO6d/SaQ7C2vII5Tusvoo37IpczZhgpzbHqRNkJLf0jWzGcd587kCf5VL9SZOP
dTnu2DyIJ+cX7nFiQaazcjV6E236QL6H/nUiQxNvtnnCi9s+J0G5tUH55o41NelV57Z+Eu1xFDxO
C7lcrTwo78orr0zHqudli0baxjPyNHogZG8248DfrFyNLgNnIkJbffOy/bcj4Ag4Ao6AI+AITAcC
U284ZzceO/Dw4q0NNYZzGaPIEwEFz1EMiPYI4mG7uhFqEQ5YeCLosHDDsMT32MnTBgzjWugiTLCY
5qhe0hJYCA87pkzfomYRWWuoJK4cBNocCVIlOv7DoMxOVgxrakeeRcnwIwNVbvCUMRQPWBmmMd7h
kcqpA031R+jHmJYbBfO61P7GKImhEa/pUqD/VL/S+y7P1D9NhjZojPpwzKEVAlTGsPSKx5W8aBf4
lwIGQwyd+nYVcZQ/Arw1rOMZroCipilPxam9ijZKdMN3rjlaUB79ouucjmrK0g58HEnwelZAuKOt
pV3swgIDLvXk++GcTgDvwCFm2E4aldH1Kl5VQ9/CD6WMjq8X34A/5bgqb2haDgS2fnx/jl0Fdme/
yiAeBmb4gALKOtKIHzaNWcXvclVdwUG78WvTa07I26/06lv6njmHYwEZLwoI+3xvTsqOYfk0jWfy
YxcDdAfm8HGdyKGywI/dBU2OR4rnV0fAEXAEHAFHwBEYDYHlZjhnNx6Gqi7trjGcyxhFbyADs87G
aGuPIB62q5t1F0Y7jLYYOlhLYVjiWS5Xs/5GbiFgcNJ3iUlLwKCu9+lB4Z++Rc33h2sNlawX5SDQ
5khQKG7oI9bTyBSsNdWOPFHJ8CMDVW7wlDEUo6AM08jV6CCQ95rqT98hY+VGwbwutb8pH4d/5IdS
WEjDOTSGPISzd5NcLcO2MCvVmWfkRbvAvxSQKRk7uVwt+rGGdZxzFThBoEkHoTi1V9FGiW6Qq9F7
Ic+CheqV01FNWdSfHfg4kqAbgs4IOBfAb0q72DWWcNbAaI08xOkEOLHg3INebj6CeFUNfQs/HJ7R
N4GT+Ab8KcdVeUPTciCwbUDGIy/SCROVQTwMzOCiILla/LBpzCp+l6vqCg7ajV+bXnNC3n6lV9/S
98w56FXgRwp8r53NLzrhYlg+bYZzvjnPCXFgDh/XiRwqC8w5taTJ8Ujx/OoIOAKOgCPgCDgC04nA
1BrO8eTkeOBRjCRtRhsWYHiUIjxx3BACtwJe6giMXQykHNuOgQkDMjvROWZKgQUbRkcWc3h4H330
0emYb7xgXxCPgWIxWfo2utLrqh2PXTCRMRpjTRseKqP2ikCkb8STBoUGR5vjWU09wZVQMjDJ8Ja/
Y5EN7tboZOuf76JNBcR/2olaY1hUmqYrRkb6So4A0ABGeYzXCAmELnTRVI6el9qsd1x1qgFKDLsj
QHGGpVc8e0VQxjOcPsLbn3bhmEDg+H85ePBb+UO7eQCXQw45JCnG8nd9fzfRBvnhjXznO985HW3G
98fYEQFdd/2UQ067pbqWxqOwQGDmGElOIRDtoaBr+8ZXqYzaZ9ZgPOxEBdWHvDl+DoWFTmwofcpA
ebft4lafiH/wqQQURTVhlO+95/mrrn3GeY3hHKEaeqoJTf0tGrE8LM9Px7Rz9CBOYaVPPgjznEfm
eflvR8ARcAQcAUfAEeiPQBcDcv9SFj8ln+ZB1h3FSNJmtMGxFQdS1j/s8Dv88MMHjWbNjFGui4EU
OR0DEwZk5ErWfgrI1Xe4wx2SQY71EnI8aynkao5qp/zSt9GVXlfteOyCiYzRHLnchofKqL0im+gb
8aRBrsbRALmaNSy4EkoGJhne8nesSXMjsK1/vos2FRD/IQOzQ7fGsKg0TVdkJvpKjgDQADtcMaZL
9uxCF03l6HmpzXrHVacaQJMluW1YepuX7pGrORqfPsJRhDJwTCDQxn333Tfd80/5l3ZZgwubBfg2
+LhCE22QP44Bt7rVrZKzMEd161MLjAv6vjbktFtKVxqPwoINE8hfyNWivUsvvTTJ/KW8Rn1mDcY6
qr0pT9WH98hk6Ih0YkPpUwbKu20Xt/pE/INTPNAF1oRRvvee56+69hnnNYZzHB90NH1edv67qb9F
I22Gcx3TjvGccVWSq4V5ziPzevhvR8ARcAQcAUfAEZg+BKbWcK4jyUvGnmHdKCOJDD2l+CzEtGOV
nZkI5wosujjGuauBVMaOvFyEQ/LHUMkCcsWKFSoqyFCLINu2i9ka+/huG4aumkC+eP+y8M/rVZO+
KY6MWLxn9yde0/Lcpq7aJV4y/Ain/J36xBqdeKYjxmUIzOskg2ofg1qel2iHvmchzpFrChibaafd
Ea93fa+lNtu8VJ8cK8UZll7xEMigG3ZGl05v0Pe+893jyh+DLAoWdr6jsEIosR70KmfUaxNtkK9o
DjrmiGs5bnTlEda4jLOHjjRU3aEzAt/ERtmjICwsffIOJQnHSOZHkCndqFe1u5a+2aWAUE98jv1j
xw3jv7QzX3mjWNMOdVtfO5bFP2Q4J192xYBLKYArx5mX6K0Uf9gz1bUWB5vfsHEEn5QjBm3ink9P
lAJe8iiaSv3dRCM2HzlA1WDeNO7JD0UdtEzgaP/8OMj0wv85Ao6AI+AIOAKOQCMCy8VwriPJS8ae
RnD+90JGEhl6SvFZ/7CuQYZmZ6aOOybu5Zdfnpx/uxpIZezIy0We1tG8OAAjmyjIUMuR0W07hq2x
j5OnMHTVBNaLyIYYgvN61aRviiMjFu/Z/Ynsa+Vq7RIvGX6EU/5OfWKNTjzTEeOsMTEE5kEG1T4G
tTwv0Q59zzfoOc5bAbmaE5jsjni963sttdnmpfrkWCnOsPSKh3MG3zZnZ3SJhyCLsTki3z2u/Nll
zfHl7HyfT7m6iTZoh2gOOsapRo4bXXkEMiaOFgTyyOXq8847L737/Oc/n3hE+hH/CQtLn7xDtmFM
l+QspR3lqnbX0je6CfQkxMdxHCd+xn9pZ77yRu8HH9QYVn3hOxrL4h8ynHNCAac4gkspgOstbnGL
Ir2V4g97prrW4mDzGzaO4JNyxKBNbC5qk6vh56X+bqIRWxc5QNVg3jTuyQ+5GlomQM8uVyco/J8j
4Ag4Ao6AI7DkEZhaw7kMHQjhCJBdjHRKK0NPqZcRUnQEMTsyERIUvvGNbySBv4vhnIXwfvvtl46Y
ystltzJGeq4Yx/sYzmXswwO99ph22sOCUw4Ceb3U3j5XYczOXLxErXen2svis2T4aTKOqq65YRKh
j522JUOTNex1NaCW2i2jIGUi8NrQ5yQCm75039RmxRXOJRyJMyy98lG72HGyzz776PHgqnLydtv8
ETb0LbZBwjHfNNEGxchwKjrWzl3eIcCVlD84OYAdihmOCiOwC4CjwTCQ6oiw9OJ//+RE8LjHPS4J
ynpnsWhzclH8cV3V7lr6Fq+w5eNowzfpcyFQeROXI+MQnm3giHaMyAT4MIpQjPGMDQznjMtcKaD0
KMTYPdD0XvFqr6prLQ42X9F30zji24vkyw5wlFycDNIUaFfTOKihEbWD/EvOQBw5J0eupvqikMDp
g/4hwIf5HAjfjPTgCDgCjoAj4Ag4AnUIlIxedSmXViwZOv4/e+cBJkFRtOFRREAR/DEAIgoCCiqK
GRERc8KcRUUURQQjGMAAggqKCII5Yc5iVlQUc845oKiIOee8f72N31rb2zM7M7t7t7dX/Tx3MzvT
0+Hr6uoKHZAv2MWqi16tb+XoKdUcvZq00RWYUO3PKsfBhMO0i+Mc/Y5zopHf8nxxtKIT4kBnpWof
x7mcfejVbbdpp97IeZogkJerhEvbZ8KYlblMsvd6teqLs67k+KlzjqqsuWPygAMOSA7AkqPJO/a6
OlBLdZVTkIkb6Fc+9NmJwH9fuq+rs+IK5xKOxJn0vdJRvV7xilck+4+e66p88nr79HFc1ukTSmfa
ax1tkK4cp6JjrdzlXd1RB9h4mADBoozLXOYyRK1e8IIXVKxYx0F6xBFHpGf+HzojEwkOOeSQ6pRT
Thm+8lg0TXIZfjCjG9W7LX2LV/jsmWjDzgK5Xq20ifvmN795bKELdIdDmQAfZodK7BrslIHjHL2w
Tm+etV6tsrbFIRX6v/9E33X9CL2aujF54Nhjj609poHk2K1h880398kP79vQiOrBR+jNuT2ILfN3
3XXXlGZdedGr2XmO9wT4MDp26NUJjvgXCAQCgUAgEAisaQSW1nGOQMY20F2c1wg9G220UTofDAGe
rdtIgzPDSoKPz4PZimydy3lVbAONMIuzDYVdAixCIIoSwj2OFQTCTTfdNKXPal7O9SXkzg6EPjmv
UWCIh0KMcoowybZL29nZ6Jy9s8kmmxQJEgcV37Lassv5vmCilZSsOm47o75YCPcQxyETD2gfZuqz
jTg441zmHCZteZxvr842eijs4J2/wzCA4w5nJyujmYVN4Bw7OXtxFrEbAU5QDCY48VDYCGBz6qmn
JhpID3r8AyOtOD3ppJPSecfsCkCb4kglUGdfvh7ZpE9oG2bfciaY6owBD7ogQMu0O85dT1PMiIWm
CNDrnnvume5ZIU3ZWBErmk0v7J8c0rwXresdCiGOVa7MpMZQRaBsKDNKnzpTPpTELgY35dN0pR70
CRRu2hDaYIsvDHEE3mFIgpblOPf9ijjQAtvM04fyNuN4BOgSpVPnmJMHyqs3TkGf0LBom7PWWDUN
5rQRPELtr7Yq8RbKM20AE7BG4cNJDX3DZ6CPSXnK+a8ylFab8847cfl9/PHHp1Uu5PvRj3409VWe
w58+/OEPp60j/TcYRnE06zwxaJqJNPA4eIDaijT6BugQ3kt6KLXgwJECCszAx0Hvg+8jfkzI6crj
KOc66YDDPe95zyE/hjfxrbYe9Ucn+Lx8f1R/UX9WXvBJaFBOb44loU7UA76KA1+BPBmH8uDbQO88
j9CzuAYCgUAgEAgEAoFAPQLrxXHOltH77rtvJ+e19GrOHGZyOKts2VGsTq/2eeAwYXce5KI73/nO
abt1nG3IRtJRkO3uazo3juvDDz88yULSq3HmcWQbIXd2yJnC6nYck0996lOHejUyKfo/Z6MjP9fp
1che7F6F3tnlfF8w0UpKnVFcT13t32ADQN9icgFnRLONODgjFx500EHDLY/z7dXRW9DtcdLl79CT
97Yd9JBh0W00gRjdBjmUwArh4447LjlBmbiO/oA+RQAbnKnI0X3DiSeemPRY9Cpkd3R7dgXA+Yqc
TaDOvnx986JtwAw6o86sBufcbMnh1AM9FxuRpykvx5OGnGyskGZHsZJeLYc0ZRetq9xMcMDuw5W+
IxsG+gz6qdJX+eapV2OvYoEItMGED69Xs1AEWpbj3Pcr6gJWbDNPH8rbjD6Gbo2dQOeYkwfbzOd6
NTQs2maCMqumwRwnPPiCobBoo+MK565X6dWs9GfVOPRN+7TJU85/5Vlabc4778TlN7sSYGOhjeF9
2rYf/kQaTNzx38CTsA1iayBAj+AKL8QOorZKL3v+k15NethawAFbnkIbvVpjQk5X0nVJS8517sGB
nQLFj+FN8N0DDzyQ1+kIPB2dUNcfPY3wjfJSn5fTmx0OqBP1gK9ir1WgvPCHPPg20DvPI/QsroFA
IBAIBAKBQCCw9hBYWse5X+nISrqrXvWqja0jx2BdpNIqRRQEbQNe+i53WqDga1Wi4uPIoXwKOJJw
uCIg++CdMjxHUMYJhxBIYBXsbW9723Sf//Or4/MzqPO4+W9tO8/zWTpWUPw02z/PM/+N8I/ShNOS
8+98AC8UdG1f7N/J0Y9Co63f/fu6e4RitnzqEzxek77H2YVjO2/rSd/xXttpt4lLHN92k2gdBRZH
oi+bVpwrP2gNhxyKAsYjgtqJrbVLq5b1LVdfHv+8z32p7ZvS8c7YH/7wh8mpjAJWF6gXkwrYFq90
xAGKEc5x+AH9WZM+lB4TM8AIGi6FWWKh9EuOUb3jSr9hO3aUwlJgdQlnfRHqeBLvJuVDHELOg8FD
Bk3eM7ubfoBD2QcUcY436Bvq2sSnBy9FMZZBkHeT+oi+99hoYtTrX/96vU6rus8999whn+YF+TGJ
YDubTEBom5fHsA2fYXyAFku7BZTabRq+lyoS/wKBQCAQCAQCgXWGwHpxnCPraqUjTkomPDcFOQbr
4pRWKSKzaRvw0ne50wK5S6sSFR+HIxOmFXAklXZM8k4Z4iKbXelKV6pwdhJ4z2TaUvCr4/MzqEvx
/TNtO8+zWTpWcEzuvPPOw7PMfZ75PY5GJvHjtNQW2YoDXkyy1fbFes5Vjn70am0X7d/X3dc5Cevi
++ceL/+8dI+zixW3ffRqZPF8RXspDz3zbTeJ1tFxcNL5smnFudKD1qB92oXd3QhqJ3gMk9PzttK3
XH15/PM+96W2b0rHO2PRlXEqM4miLlAv+hm6CP01Dxyhh3McflA65xr7BBihu5XCLLFQ+iXHqN5x
pd9gY6vTq3/605+mxRTEpe8Qt0Snk/Lhe0LOg8GD7fIV0J1JHxuJDxyrhu2yb6hrE58evJRJR9pR
gHeT+oi+99hoYhQLfhSYqHPOOecM+TTPyQ8ew2QCQtu8PIZt+Ax2ESYLlHYLKLXbNHwvVST+BQKB
QCAQCAQCgcBCILC0jnMcsygqKBreUVaHOrOliVcXWC3MDM5cyMWZy4re0047beRTZlKyyjMPP//5
zytmT6PE54H0WU3tZ9r6ODjimbGfBwRKzfzO3/GbGcs6a5nZwVqJXYqbP9MKapw8WjGax+n7G6cO
KwW8oxEnJTOUOVtOM8mVN1jTpt7JiXDMLF6/qlzl8U43lHxwyrdQZqYqs9i1ShPhm+3FMD70DThZ
85X5rHRnNQR0IjrzTreueU2i1zw9tudXndp8i6McI4IUQMqulfl52vymLsTRdofQObjS//IwC4x9
mqW29+/z+/xohT/+8Y+pTzJhJQ+sQtlvv/3SDGc/GUfx5FTnjGiUydJEGoxqlJGV8KXAymyMdbMM
kyYusKUbf3WB9mOlD8HTTh5fDlja/2EPe1jqY1ppQjvDz1jpohXl/nuMJqzA9v2f92DKcwxgXXiV
T1v3dW2i91zJD97mj8Bo00f4Fv7DDhbqJ/AZZsBT7zwwqQKehpHIb63YNq+8HeDr8DNWXyhQF3g2
q1eYnU8ojV3Mrqf92SKSwM4qrP7QKq70MP4FAoFAIBAIBAKBQCMC68VxrrO/kT28o6wOHGSjo48+
uu512naZCZwlvRrdDD3aB1ZRl3RdJnoiq/stnPUd6eOgrNOrcWRqlyx9wxU5Tnqhf677s846Kzn2
+I28ve222+rVxKtWUPsVoxM/ahmBo3pYnY9zRwEnJRM60XU0wV554zjHMemdnNoa3K8qV1re6Ya8
i4Md+dEH5GJ0Xq3SRBdA3tdkXB+37T32j9zZhwMN+kLXF53VTZJok88kes3TwDEo3a3Nt+ykxaR3
6QvoTNKX8rT5jQPxmGOOGTpboXO2xqf/5WEWGPs0S23v3+f32FfQAxWgNfok+k0e0LWhGVYO4+DW
ZBzFk1OdSQLocKWJNDj2KSP6fCmwIvwqV7lK6VXvZ9gzmiYuYIuCDuoC7ScbiaedPL4csLQ/dhj6
mOxGtDPb1aMjo+/lAX0Q3un7P3HAlB35mEjdhVfl6fO7rk18XPLDaaz68q5NHyEe/Ae6UT+Bz8C/
tNKeOAro06xCZ1zwenXbvPJ2gK+jM6NDK1AXdGXsOCeccEJ6TBvkYxd6NYt0mBBB4J4dVkKvTnDE
v0AgEAgEAoFAYE0jsLSOc1oFhQRBFscrs1K1vc88WoyVq2yHhHLODMtJeeEERlFluyO+wUHE9nKT
AvHJi9nuG264YRKA22x7zUQCAquB2waEY4RStsCbdG5v2zRL8ZiFi2BMPbbYYotSlJk9Y5stDAXk
Be5e0J5ZJpYQ7cQ2bwTadV75pAxW4B91YTYuuwSgBLA9Gooxig3bpM273VagimlHA+olWkRZWq8K
D0o6iiuGkKaV6XKc57snsPVjW+yYCIPhlJnlbIO41vsKtMo2cfB3dm6A52DsaMPf+9A5xhjGG3gO
ExRkbGiTFuMQ2M+rbG3KEHECgUAgEAgEAoG1isB6cZzTPsiGTLrD8YrTYZKuO02bsnKVSdTIkujx
k/JCnkEewoHBNziI2sg2yE7kxZUttZkI20avZiIBoUv7o1frfHMmy+MYm0f4yU9+MtRl2Gp8ngEZ
FxuD9Oq6s4anLQPto4nztOu88pm2nG2/py44jtmCHHrlNzSMDI/Dcd7t1rac08SjPtQLvZr+i72g
rW44Tb6L+C2TO3DoTlqZLsd5vntCF70a/dPr1Wu9r9Ce6NVM6pdeja2gDX/vQwvYJaVXM0Eh9Oo+
KMY3gUAgEAgEAoHA8iCw1I5zFEdtuc2scmatRmiPAJMNENxx+rDacdrVn+1zjpiBQCCwWghgeGRl
CP3ebyleKo9WtjOLvWmLutK38SwQCAQCgUAgEAgEAoG1jEAXx+laridl5+gZHWvDMUPsAhahPQLI
1HvvvXeSr5mUPu3qz/Y5R8xAIBBYLQS0TTt6td9SvFQerWxn50J2rOvitC2lF88CgUAgEAgEAoFA
IBAIBKZDYKkd50Cjs3TZNp0zkdbrTNeuZMLMVpzmnMvMitPSFvFd04z4gUAgsJgIMLGIrck4g48t
6XUeO1uLs20/K3DywBbzbN/PdnkEtjeDv7Ki5tBDDx1uL5h/F78DgUAgEAgEAoFAIBBYBgTWk+Oc
9tJZumyPi+wYenU7KkavxmnOpHQmmpaO9GmXUsQKBAKBRUfgDW94Q3XGGWckvZqdBXQeO0cUsotj
adv3M888M9nc3va2t6XqsSW49OrHP/7xsYBl0Rs9yhcIBAKBQCAQCAQCS4nA0jvO2f6X881w7jDL
c70ZOPpSLduusRUfZ7xxHnsYRvoiGd8FAouNAFvocXbY+973vmJBTz/99LEz6IjIOYZMRiqFum9K
ceNZIBAIBAKBQCAQCAQCaxGB9aZXolfj/MFpzurIZTiqaSXojq3dwequd71r9epXvzr06pUAPfII
BFYBAfRqFp+8613vKuaOE32PPfYYe8dkmpe85CVjz3lQ900xcjwMBAKBQCAQCAQCgUAgEJgZAkvv
OAcpZnmfddZZ1eUvf/l05s/M0FvihITZTjvtlM4CX+KqRtUCgXWPAGfYcw7dBhtsMIIFBlLOliyd
98gZ9+ecc07R+Mekm5hsMwJl/AgEAoFAIBAIBAKBJUNgvTnOaT50xG9/+9vVLrvsEnp1S3oWZjvv
vPOYrN0yiYgWCAQCawQBdGrO5M51Yc7q3mGHHWr1aiYjbbjhhmO13HHHHcfSGosUDwKBQCAQCAQC
gUAgEAgEZo7AunCczxy1SDAQCAQCgUAgEAgEAoFAIBAIBAKBQGDdIrAeHefrtrGj4oFAIBAIBAKB
QCAQCAQCgUAgEAgEAusGgXCcr5umjooGAoFAIBAIBAKBQCAQCAQCgUAgEAjMAoFwnM8CxUgjEAgE
AoFAIBAIBAKBQCAQCAQCgUAgEFgsBMJxvljtEaUJBAKBQCAQCAQCgUAgEAgEAoFAIBBYcATCcb7g
DRTFCwQCgUAgEAgEAoFAIBAIBAKBQCAQCAR6IBCO8x6gxSeBQCAQCAQCgUAgEAgEAoFAIBAIBALr
F4FwnK/fto+aBwKBQCAQCAQCgUAgEAgEAoFAIBAILC8C4Thf3raNmgUCgUAgEAgEAoFAIBAIBAKB
QCAQCMwBgXCczwHUSDIQCAQCgUAgEAgEAoFAIBAIBAKBQCAQWGUEwnG+yg0Q2QcCgUAgEAgEAoFA
IBAIBAKBQCAQCKwtBMJxvrbaK0obCAQCgUAgEAgEAoFAIBAIBAKBQCAQCLRBIBznbVCKOIFAIBAI
BAKBQCAQCAQCgUAgEAgEAoHAfxEIx3mQQiAQCAQCgUAgEAgEAoFAIBAIBAKBQCCwfAiE43z52jRq
FAgEAoFAIBAIBAKBQCAQCAQCgUAgMEcEwnE+R3Aj6UAgEAgEAoFAIBAIBAKBQCAQCAQCgUBglRAI
x/kqAR/ZBgKBQCAQCAQCgUAgEAgEAoFAIBAIrE0EwnG+NtstSh0IBAKBQCAQCAQCgUAgEAgEAoFA
IBAINCEQjvMmdOJdIBAIBAKBQCAQCAQCgUAgEAgEAoFAIJAhEI7zDJD4GQgEAoFAIBAIBAKBQCAQ
CAQCgUAgEAgsAQLhOF+CRowqBAKBQCAQCAQCgUAgEAgEAoFAIBAIrBwC4ThfOawjp0AgEAgEAoFA
IBAIBAKBQCAQCAQCgUBgpRAIx/lKIR35BAKBQCAQCAQCgUAgEAgEAoFAIBAILAUC4ThfimaMSgQC
gUAgEAgEAoFAIBAIBAKBQCAQCAQCIwiE43wEjvgRCAQCgUAgEAgEAoFAIBAIBAKBQCAQCDQjEI7z
ZnzibSAQCAQCgUAgEAgEAoFAIBAIBAKBQCCwFhEIx/labLUocyAQCAQCgUAgEAgEAoFAIBAIBAKB
wKohEI7zVYM+Mg4EAoFAIBAIBAKBQCAQCAQCgUAgEAgE5oZAOM7nBm0kHAgEAoFAIBAIBAKBQCAQ
CAQCgUAgsIwIhON8GVs16hQIBAKBQCAQCAQCgUAgEAgEAoFAILDeEQjH+XqngKh/IBAIBAKBQCAQ
CAQCgUAgEAgEAoFAJwTCcd4JrogcCAQCgUAgEAgEAoFAIBAIBAKBQCAQCKwJBMJxviaaKQoZCAQC
gUAgEAgEAoFAIBAIBAKBQCCwKAiE43xRWiLKEQgEAoFAIBAIBAKBQCAQCAQCgUAgEAjMDoFwnM8O
y0gpEAgEAoFAIBAIBAKBQCAQCAQCgUBgHSAQjvN10MhRxUAgEAgEAoFAIBAIBAKBQCAQCAQCgXWH
QDjO112TR4UDgUAgEAgEAoFAIBAIBAKBQCAQCASmQSAc59OgF98GAoFAIBAIBAKBQCAQCAQCgUAg
EAgEAouJQDjOF7NdolSBQCAQCAQCgUAgEAgEAoFAIBAIBAILikA4zhe0YaJYgUAgEAgEAoFAIBAI
BAKBQCAQCAQCgcAUCITjfArw4tNAIBAIBAKBQCAQCAQCgUAgEAgEAoH1h0A4ztdfm0eNA4FAIBAI
BAKBQCAQCAQCgUAgEAgElh+BcJwvfxtHDQOBQCAQCAQCgUAgEAgEAoFAIBAIBGaIQDjOZwhmJBUI
BAKBQCAQCAQCgUAgEAgEAoFAIBAILAgC4ThfkIaIYgQCgUAgEAgEAoFAIBAIBAKBQCAQCKwNBMJx
vjbaKUoZCAQCgUAgEAgEAoFAIBAIBAKBQCAQCHRBIBznXdCKuIFAIBAIBAKBQCAQCAQCgUAgEAgE
AusegXCcr3sSCAACgUAgEAgEAoFAIBAIBAKBQCAQCASWEIFwnC9ho0aVAoFAIBAIBAKBQCAQCAQC
gUAgEAgE5odAOM7nh22kHAgEAoFAIBAIBAKBQCAQCAQCgUAgEAisFgLhOF8t5CPfQCAQCAQCgUAg
EAgEAoFAIBAIBAKBNYlAOM7XZLNFoQOBQCAQCAQCgUAgEAgEAoFAIBAIBAKBRgTCcd4IT7wMBAKB
QCAQCAQCgUAgEAgEAoFAIBAIBEYRCMf5KB7xKxAIBAKBQCAQCAQCgUAgEAgEAoFAIBBYBgTCcb4M
rRh1CAQCgUAgEAgEAoFAIBAIBAKBQCAQWDEEwnG+YlBHRoFAIBAIBAKBQCAQCAQCgUAgEAgEAoHA
iiEQjvMVgzoyCgQCgUAgEAgEAoFAIBAIBAKBQCAQWAYEwnG+DK0YdQgEAoFAIBAIBAKBQCAQCAQC
gUAgEAgERhEIx/koHvErEAgEAoFAIBAIBAKBQCAQCAQCgUAgEGhEIBznjfDEy0AgEAgEAoFAIBAI
BAKBQCAQCAQCgUBgTSIQjvM12WxR6EAgEAgEAoFAIBAIBAKBQCAQCAQCgdVCIBznq4V85BsIBAKB
QCAQCAQCgUAgEAgEAoFAIBAIzA+BcJzPD9tIORAIBNYQAoPBoHrXu95V/elPf6pufvObV+vdGPrp
T3+6+s53vlPtvvvu1U477bSGWjKK2gaBZaX3H/7wh9WHP/zhRLPXve5120ARcdYYAivZxsEH1xhx
RHEDgRVGYL3LiisMd2QXCAQCawQB9Iy3vvWt1R//+Mdqn332qbbYYos1UvL5FPPjH/949c1vfrO6
/vWvX13hCleYTyaR6qohsKz0fvbZZ1dnnHFGtfPOOyfaXTWAI+O5IbCSbRx8cG7NGAkHAoHAHBFY
947zj33sY9VRRx1VXfKSl6y23HLL6rjjjqs22mijOUIeSQcCgcBKIPCJT3yies973lN97nOfqy5y
kYtUF77whaub3vSm1T3ucY/qfOc731gRvv/971fXvOY10/P3vve91bWuda2xONM8OPfcc6uDDjqo
utjFLpby/9vf/paSe+ELX1htuummrZP+17/+VT3mMY+pSO9CF7pQRTpd05iUGWne8IY3rL797W9X
xxxzTHXwwQdP+iTeOwRw7KFk/uY3v0ltfbWrXa3aa6+9qg033NDF6nfL5I5TTz21usAFLlBd8YpX
rB7/+MdX5z//+TsnNm9671ygwgc/+9nPUh9+//vfX0H3hEtd6lLVIx/5yOoyl7lM4YuqeuxjH5v6
A07zt7/97dUGG2xQjNf34XOf+9zqgx/8YLXZZpulJH784x9XD33oQ5NRsEuaOGSRPbbeeuuqbxpd
8lumuH3buOuYEHxwZagm5PCVwTlymQ8C4TgfxfVDH/pQ9ehHP7raaqut0vh28sknh149ClH8CgTW
JAIf+chHklz9qU99KsnA6K63utWtqv3226+oV5911lnDidef/OQn00TsWVYc2fne9753dYlLXCLl
/9e//jUl/5rXvKazXv2QhzykOuecc5KtgHS6pjGpXsiT17jGNapvfOMb1TOe8Yzq0EMPnfRJvHcI
4NjDpvPrX/86tTX2mhvf+MYz0auZ3PH85z8/6dW77rpr9ZSnPKWXXj1vendw9L796U9/Wr3tbW+r
3v3udw/16ktf+tLVEUccUW233XbFdNFxTznllOQ0P/PMM2euV5944okVdrfNN9885f+jH/0oyRB3
uMMdiuWpe4hDFvvYNttsU/VNoy7tZX/et427jgnBB1eGkkIOXxmcI5f1hcBSOc5h3n/5y1+Kwrtv
Vgzwe+yxR1pR+sY3vrE68MAD02sEb4zZF73oRX30Vb1HwMbBUXK48OwGN7hBUYBh1uNHP/rRSkpE
qRL//Oc/q912261CYMoDDrPXvva1FYZmHAQ77rhjistKPhyK97vf/dInYAlz/ve//50nkdoBx972
22+fhJixCB0f9MXCZ4OzkTb/zGc+kww5GHaY+fvb3/62wkmDY5MyE/7whz9UKIdgqUB9r3zlK1eX
vexl9Wh4JR4OFTl4hi8KN8S53vWu15vWoHMExP/85z+F1Ecf4STee++9qwte8IKjL5b0F+2AIo1S
kAcc6F/60peKq8l//vOfV7vsskv65AMf+ECFs3OWQau3fZp9eM6f//znRLM/+MEPUlJ90vBlKN1D
n3e84x0rHBpPf/rTqwMOOKAULZ4VEMCxijM7Dzh8UQxR6KYJT3rSk6pnPetZKYlb3OIW1Stf+cri
GDApjy70Tp96znOeU6FwP+EJT6g23njjSclP/f7zn/98muhSSuhxj3tcrdHppJNOqo4++uhqGmxK
eeoZYx9GFh/69BEve5BWnzR8GdbTfdc27jsmLDIffN/73le94Q1vqJ74xCfWTiJZTZpgvHvyk59c
PeABD5i4QsX3hXmMZ9Pi0Ff2hO6WTQ6fFstl/H6ZHefoNMicpcmmvi3hlUwOZEXpq1/96upe97pX
es2k9G9961tFmdt/v5L3X/3qVyscHCW9Gj0JZ0xpwh39GacB+lddQK/GOVaa2MdK05e97GUVtgoc
BJe//OXTZF0mWTLRD/2TAJZMFqzTq5kEjE5e0t3rylX3vC8WPj2cjbQ59gJkQyYD3uhGN0oTR3/y
k59Uj3jEI0b0angiWCpQ36te9arJVqBnuhKPsQ5cJwXSwSbStz/Srtgz2urVTMReT3o1TiwcbnlA
r0YfLa0mx64CPRA++9nPDien52n0/Q1vkd6uNPrwHHjcVa5ylWRvI50+aSj/uiv0Cc1AY89+9rNj
QnodUIXnz3zmM4s6HzyQCRnT8kIm4z7taU9LOd/mNrep3vKWtxTHgELRRh51oXd42wknnJAWQRx7
7LEroldj+7zOda4zUmb9QF5Hty4FFpUdfvjh1TTYlNLVs7vd7W5Jn9Fvrn36iJc9+qbhy7Ce7ru2
MfTbZ0xYZD7IwpRXvepVFf2xbhLJatIE4x0TXJjkxeKmpuD7wjzGs6a827zrK3tCd8smh7fBK+Is
BgJL4zjPnUmT4JWR+h//+EcSlHGkL5rBDuZwl7vcJTlj6+rzve99r6gkgsfVr3716pe//GXdp+l5
7oAgTwRUZlvWBe+QwMHeZjvc293udskxAMZ9wjRYKD8cTA972MP0s3j1DlNmGx9yyCFj8dheC8Wf
FZ8+sMq0i7N1mlXNJSesL0t+7+uVv1u23x4bFAG2Xf/973+fZp+i4GPQKRkBmSiBw/NXv/pVEppK
kyOmwQoj2C9+8YtkMCKvaXjO7373uzTRY5o0mupCf8NRioHvQQ96UMKsKX68Ow8BJrOgWBKY9Ywy
CF/AcIhhCV6J4SnnHed93e4/dMSs+/vc5z7V7W9/++rFL35xr5nxXeid8eQmN7lJMoSuxOQy6I8V
ay95yUvSOMZ4hFGOiU84/DHQyxiXo4bi8/KXvzwpFdBuqa/n33T5DW78YXR/6UtfWh1//PG9nN7I
HhwLgSzCjhGSSbqUZb3G7drGfceEReWDlAtZBgV/Ucf2N73pTdUDH/jAVnQdcvjoRCDadxHl8PXK
bybVu6+jblK6q/0+dyZNKo8M3fRnHNNXutKV5uKAmlSOpvf0rVve8pZpEmNdPFY0lpyA4HG5y10u
yfF13/I8d0CQ51Of+tTihEql4x0SONjZTWhSwD4A5hhF+4RpsFB+yJ9MjmoK3mHKxIH9999/LDr1
/fKXvzwmG7PKFMzbhmlWNZecsE35+no1xVuGdx4bnH3QK3oo7cMkkJvd7GZFWRtZGf0HWxQTfllI
McuAPoROAC1THhY29HUSsICCiR7TpNFUN8oIdkxGevjDH54wa4of785DgAU7LP4gHHnkkUn3he6Q
L1lYxOIXMJ1Wr2aHMhYM3PWud00Lh/rs5NaF3hlPrn3tayebE/1r3nIE9IdNk8n9LIBilffFL37x
tMsCk+KZMMYE/1Jgsjh6Kv0c3WMeejX9l4lIlI+dDiVPlMpT9wzZg2MhWGDACvk+adSlvezPu7Zx
3zFhUfkg5UKWwe60qGM7fol99923FV2HHD46EYj2XUQ5fNn5yrLVb2kc52z9wUxOBCcYHwIPRnYM
7sxk1jNWUMJ4vJFa3+LUgllqC9ZFaGy2mUaJhgFSZsrKzEi2x2LWOQ7p0sx4ZnThXEERwMCPMuCx
4D2CD8LotttuO6wq+SEYEVD+ESI32WSTtEoXIRXlxztr/v73v6dzoTE0sPUU73HGs6qSd8ya18pf
ZjkimJZm+Q8L0HDTFwuS9KtAoQVm9qPsgS2CJE4tgjdCI8S9853vTAoZAqbiEA/HOUYhH4Q5RnpN
PAAT6gvDJiAUigZ9Xj6dNvdMmEDwpS3UXkoX5zD5Uh52DeD5NHm1Kc8ixcExiWGGNlY7LFL5KIvn
OX0dkazAYBIAfKtvGouGy1ovD0o9yhpOX/i0AityGIfomzjXp50dzxZk7BbCJCacZ30UfJWtzXUW
9NomH8WBtnGOM25hNFnEmb+UlTEWJcbLE6pD2+ss0mib13qNtxbGhK5to+3qF3VsF+Zt+4bnMSGH
L64c3pVO10P8eRu8VwtD+iR6G3o1K1yQM5BlmGDKxGw9Y/UHDlFvpNa3rMD77ne/u1B6NfIyq13Q
qzGwszMbu9SgV/OHQ7pOr0aHRd9Fl2ObaI8Fcgt6NbYIP/GW/HbffffUjEyIufvd7570anbVuec9
75lkeO+sQXdmxSOTeHEgIOOjj6Orgys6NfyVwM5l4N9Xr+6LBXmjF3NsDgE9GgcpO/Z97WtfSzoY
Ti2CN0Jjk6BurOpmVZfiEA/HOat+fUCPBXN0de3khD7v9WqO1xMN+rx8Om3uoVN2AaAtbn3rW6dP
lC6y+/Oe97ykV0PrH7JVw9Pk1aY8ixSHiXD0Cxy+tPsiBs9z+joi6cNsAQ7f6pvGImKzlsuEPs0E
ZXZXgl8rMCkd3ZC+Cc8p7fKhuG2u2PiY2MGkEJyIK6FXM76uFK1B29gNGMPZebHLhKQ2+M0qDvwe
27aXJ7qmPYs0uua53uKvhTGha5tou/pFHduFedu+4cfEkMMXVw7vSqcRf/UQWDrHOauBX/SiFyXl
Vc4FnL96VjJSw1hQdFHoXv/61yelFIcvQgaOZc73ZVZeKSC4ve51r6tOP/304WsUZM572nnnnYfP
pr2hLDjJKCNb7Wg78bbplrAofattgBFQUZB8+MIXvpBWHZZW5jeVj23WMBQQZmHkbcrLl1f3cjLz
u2TEZeYqW+sRUJJxcPmAkYSVvQRWlFOf3DHm43usmY2fB9HgNFioTszgZltygtJFuWelK8Eb11EI
cKRjEMK4A46sqrjzne+cDGPM2GVLUowQBK6kg0LCLH6UCBx+++yzT/qNkQODE2d277nnnmnrwPRh
9o/V3hhKmLBCnoQddtghlZtt9WYVUHKZfc62h9AxEwqOsjOEMY5RFyZK8MdEEB9oTwQKbblHGdmO
edJ21NP0ffGctk5v6obDFbwpJ2dwMSuebZJQgmblOKf9oQPRACtioQ8/ucZjxz1GPjB8xzvekXCE
vigbChptAd/S0Q75t11/Y0TDkYrRijqLnsiD7eT9KmQmq0B3zKQmMCudGd70DzCDbikX5/PNKnD2
OOfW+X5J2pSTMn7961+fCQ9U/2c7VIxYjAmkDV1B49QVg0IpdKV3+hS4sXMDZ7aDP2OAJgORxzQz
/X0ZmawE/4TOmfjyAzNksB31lltumfoxxmjqmE88gEczdst4DE0yk5+/pqDJTnzLRDsCdMF4ddvb
3nbIE+rS6OIc1DagMhQjUzDDHwMGfLY0NtXlO+k5Sh91wjBPgPdDE/RvaJGJVbQZOIkv08ZMAsCg
zU4T8CbamG0wMc7nfFNl6MMHyZdV47Qtq4XgGRiQ6IuUnRUDj3rUo0Z4cJ827jsm9OGD4IGjg23H
4TvgDC2BO5PcGJ+RCXGUTLNag/7IWKwdGcCRnSygZYW6/gjuyKp8Ax1qTGcCHpNwNAYqnWmuOBdw
quDwefCDHzwsH/RVykdjYsjhVZJfGEMWWQ6fhjaW7dtld5yzGphxAr7FmMx4whipZyUjNf0Zno7M
AL9hrMThizyOvo2cVLcDGToZu8YgUyqgYzB5O5+wrPd9rvBonGSUkd3TuurVJSxK5UAPYxtgHMV+
QiVxGe+QU0qrZJvKB6boYkqDekwTmvIqpSsnM+9KRlxkVLaTJyCHMNHCB8ZKtSXjI/XJHWM+vsca
PTYPosFpDN6qE/YiHU+ldF/xilcMdW1vXEeXhValV0PfyHaM84zDyNtf+cpXhrIMuhW7RaE/I2cx
BiPXossxIR+skH9Jg61YceSXArIyMh7jLHkSiEu5kStnFZCFJCdDu0woQFZFlkBHZqIEf7l8SHsi
f0mXhL6Q6Sfp1dP0ffGcto5I6oYuiWxOOdFZ+QM/5FrKPwveziQddhhU3ZFvoQ8/uSZvL8nIb37z
m1M5oC/Khq0KWRJ9DDxnEWhfdHX+sDOInsiDCTF+FTI6gdeX0GuxE6CHghk8nXLh+JxV4Oxx0vT9
krTFs+hf0/R7lVP9//73v3/1ghe8IB09Qdr0R2icutY5m7vSO3I8uGFbhBeiBzIGzEOvRqaGf0Ln
8B5kf8Zi7CW0NeM5dcwnHlAu+J7kdfoX5ZU9VLjlV+gJvsm32FoI0AV5Y09Sevl3+t3FOUidsNfT
dgQwRJdhoRW8qjQ2KZ+uV47upE7YngiMb/Bo+je0yIQu6dXYgnhGG2NnQu/B5gtvoo2xke1t/oWc
b6pMffggPAPdk8UU2L3gGchN9EVsuOyGwBgrPkRefdq475jQhw9SRhbkse04fAd6hZbAHb0XOkOO
uO997zsTvVo7MjA2o7u31auRVcEeOgR3+hIT8JiEM4neqWPbAF9iJ0V2LkG/Vvma9OqQw89Ddy3I
4W3pIOKtIgLGwFsFUywHi/xng/PAnOYDMwAObCBIZTVBimW+AxtEh8+M8aZnJvgP62Or2gbGeNNz
4ud/JjQOTNAYxhcONgNyLK7/1gyGAzP2jn2n77tcVUYbMIplmZRWCYvSNyYwpjqZc2ms3NTFVpMP
TPkf4qk0mspHe9jgndI1wWEsXaXR9tqUVykN21Yo5W2Dx8CcAWP5Uy9zkgxs1urABvax9yeffHL6
3gyZAxM+0n1TOwhrT4s2qA7MkTUwYWZgwn9KwxSpsbxK5S89Ux6ejk1QS+n6Z+Z8SM/A3c6fS/ee
RqmzGTgSnZpSMPaed9TDf1N3b4b8gQk4I3UyBa/xWxPoBvTdUh27PCMN2qSubHpuToORvMxpk/iG
3nNtaluVadq+35aGoRdTGBvr1aa8Kvekqxkmx/IyZXoEM58G+NGvPH75Pfw3pwufRpf7Aw88sDav
vP9CE3lZSr/NoFlbvy5lI65tz57yNIf2SJ3NOJOez6qt1P9L9dGzUn/sSu+mZLXC0JSMmWBoSu7E
/Bjnc3oyRXHsO88HS+0Iryct4ZVfaasvfvGLjfUq8dxSXmY8rc1H+U4qbynd0jM7g74xL0+DZgho
jKuy8Y3tXDKGRR8+aAaiNBYq7dLVl1F17NrGfccE8uvKB/nGHEMTsZyWF5qRYGIe4ImsItx0pa2R
QUp48wzMiaP4fa70KdKpy0PPbTJrrQypOPk15PDzdLBFkcP70MeyftNKiV6DkczoOzCn+cAMgAMz
9Kca2I5aqX+bQXD4zJwG6Rnjt4IZ4ge2eriWF9jkt8RrFF9XOyKo9ht4ghkMB2YkVPSpriqjGduL
ZZmUeAmL0jc2cSjVyYzuY6+pC7YCeLYwVqSm8hHXDO8pXeTBaUNTXqW0JevapLqBOQjGolCvO93p
TkmvtsmQY+9tO9RUdvRhM8Sn+6Z2ENaeFpGrzZE1MIfOwCZxpDTQ0fsG5eHp2CbCpXT9M8lY4G4T
y9N7P16hi8CnwcCcj2PveUc9/Dd198jgZhwfqRKyWF18ntvK8AF9d9pAGrRJU168M2frSFbm3Eh8
w3/X1Lb6eNq+35aGoRfbHaGxXm3Kq3JPutrOHGN52WTn2s/Aj37l8cvv4b85XdQmOOGFTQSpzQta
9v0XmsjLUvptO69NyLX9a9vJLeVpDsiROttinvR8Vm2l/l+qj56V+mNXeseGqvSaruhKswjSU5vy
YpzP6clW3Y+V0/PBUtnQu0irLi/aCnt6Uyjx3FL8NvrrpPKW0i09sy2ea+tEXT0N2u4ojXGFDd/Y
xIyx7PrwwbPPPjuNhUq7dPVlVKZd27jvmEB+Xfkg39hCnolYTssLbcHcxDzA0xbCUaSRQFsjg5Tw
5hmYE2eaQJ8inbo89Nwms9bKkIqTX0MOP69lFkUOn4ZO4tuVQYCZT63Cohs85Ejwhkn/LHem24zl
oYFQTiwxFIzBCCxycPLcZpIN44OFnZc9ZGI4SWwG2oB0bBbxiNHVZgOPfNcXR5WxZFBuk2YJi9J3
UobJx1bSDxiMcydF6bum8ukdOK6045y8baZ7aqu8DX09wAdF3mZljrQXjiZ9j6IDHclRWNe2wtpW
PCdHvM1aHuAUAVPSZxAF29JkDF+mpnsJwhhcFE/PvAOGZyg+KBg203GA41jOIsrjDeUYL+Qk5x3O
fhR8yikHvPoI71GMbCbwMD3eHXbYYcPy2IzPYR8BQ/JGAbOzDwc4K5WWbZ0/9QQTJkQcccQRA9sl
YWC7PQzTti3bk4KM4YpJIaWJEbQXTg+c/NSLv6a2mUXfV59oygvsNZEFrGgbW6GZMOc74deUhmij
7dVmSyYsmNQB/ZJHU5/FqU4cnBpyrOHstxnDw/J5nty2HHXxNAkGRZ+JIPAnyio8fH8gDfqszcoc
lkV0CL/GeaOy20z5Id3W5d3muRzkpMu4AHZ2DvYwf/Jsw08n5SUeQz78UX/yYVyzmbjD/Hx/VJpd
6H2lHefgh3EEo5acfNSNevCMSSQowvQN1YcrNAe/og/bLhOp/p4P+rjcq/+BHfwR7KAl+LMMsLyj
DLYSfSQvn1aJ5/r33Hvlnrww/GMYyJ2zTeXN06z7Dd9SX4AWGL/gjfQVTQ7kvedvTHoQHekKT7ZV
VAMmX+gZZfcTCfrwQRRAjT+kS/q2ympguxiM4JGXkfp2beNpxoSufFAT6oQVYyP9DJrUpEHewQsl
i9a1YdPz0047bdgeyqt0zR3nni6ID73zjIlxyDFKo4R7U3nyd7N0nIccfh5fX1R9McCAAABAAElE
QVQ5PG/79fy7lRK9BiPJkeANk/6ZHL16Br9TkBNLvAVjMGOsH18ZY3ywFTtDXoQcgO5EOozL3uiK
fDmLoDKWDMpt0le9/SSC0ndy/JCPHf81sBWAY06K0ndN5dM78GWsmTYovTZYENdWiae2ytvQlwN8
4F+265h/PMDRpO9tpX8y9spRWNe2wtpWESY9En0WWZDykj7yAdjCh/oGOWxsO/1hEnrmHTA8Qx5i
/LRVfslxLGcR5fGGcmRNOcl5h4yLkZZyygGvPsJ7xmZkK6XHO9uiflgeZBPFB0Oc1raCOckVyB16
Zyvnpp5gwoQIOypgYCu1RuQzW/E2OPzww5NuhW6NXJcH2gunB3oh9eKvqW1m0ffb0DDYayILWNE2
tvo2YU4Zhd+k8ub1bfqNzgcWyInQL3k09Vn0VuLg1JBjDWc/uq7K53lyU95t3snuhzzORBD4EzqD
8PD9gfTos9hbVBbRIfwa543Kbitc22Q/MY4c5KTLuAB22EKUP3nmTt+JiRYiiMcoXepPPoxrtkvK
MD/fH5VMF3pfacc5+KE702fl5KNu1INn2M3QZekbPkBz8Cv6sGx2ng/6uNyr/4Ef/BHsoCXbHWPg
J/1SBlspnn8+/F3iucOX/72Bx6qdyIvFXtgYvZzA+6by5mnW/YZvqS9AC4xf8Ebb5W84OZD3nr/h
Q1D5dIUn2w4SA29XoezoYgp9+CDObD9ekD6+CPR1j0deRvLs2sbTjAld+aAm1Ak/xkb6GTSpSYO8
myR/Cdu6q+1YMNZWytNf8Qn54OmCeNA7z7BPeRtoCXefzqT7WTrOQw4/bzLDosrhk2gh3q8+Akvj
OJeR1LaxSIwL5oVwBTPzxkqUDgzWDH7E4c8b0WF2es5VRnjvkPHxETh9fN3LwTPJ8K74k67Ks69h
s4RFKc/SYA+GrEamThi4S9/58nnnM/cSsBEQSo7LUnpNz3xeCBxNcb2hvs+qSAZo0RA0Rl5yltg2
McUV7MKa7/xf37Yr1Q+BAjr2K6hVLu+Aofw4X2lXpaN4lAchRM8Z7G37sFRmnwbvPV3gEMRI4b9j
JwLVFSGdd3IM4YDFgaP4utrWO8NvwEzPp72qrDgpcwfbpLSh8aZ2Eu1R12n6vtJpyssLc/kOEHa2
4tCx3ZTGpPo2vVf7NDnOX/jCF6Y29DxWacqJAr10bQelUXdFAIe3nG2GWNLWTiIlJ73qYVtZJoOb
0oR3gB1tiZFAz6e94rRSX/BX+J/vN9Pk43kM/Vu8SWkyXilv9Ue989dJ9E5cYY3DE7xQWHlGnvrz
ac7qXvyja9uo/+c8zJdLNEF9SmOS0gDDuglSpCdeWpcXTlLbfjy1BbIAhiVfDpRotVNdGj7+pHs5
6amXH4f5Dh4ML6YcTGDyaUleoSwYEf07jH3qJ7QJ78S/iN+FD2LEUH3zfEhXK9jJr2lsV/u0xUzx
+4wJopU6PujHTSYQYXj0+NFHRAMl/uTjtrknPfLUpCrtXKO+iEMhT0dyLDyoNNb6SW5e1s3TafMb
3kD5NDaojZrKR7qepkIOHze60W8WSQ5vQwvrJc7qq/LzKYGMpOz2oSDngjdW0ucx0KJvKHgjOjzK
BxnhvUPGx4dflYIcPJMM76VvS8+UZ1/DZgmLUj7IqRr3/JXVyNQJA3cp+PJ55zP3ODRJC57uV4SW
0mnzzOdFv20K3lDP2No1yBEGDUFjBDlLbHvU4TOfrrD2+HHft+182rpnDIKO/Qpqlcs7YCg/zlfa
VUHxKA9jnQLOKNtGNrWVT4P3fK/64BDEiaHAd16Ox0lPkCMEBywOnDz4nW/AbFZBZcVJmTvYJuUB
jTe1k2gPLKbp+0qnKS8mTQvzfAcIO65o6NhuSmNSfZveq32Qw+qCZE7PYxVXThTkv67toDTqrjif
4S04O0lbO4lQjtwxrXrY0ZRp4obShHeAHRjjWJxV8AuZ1H5c4X++30yTn+cx9G/xJqXJpGflrf6o
d/46id6JC544lHF4ghe2AZ6Rp/58mrO6F/9AT+kS1P9zHubTEE1Qn9KYpDTAsG6CFOmJl9blxYQ9
dqskHWQBdB4f/A5vdWn4+JPu5aSnXn4c5jt4MLyYcjCByQfJK5STCeI+YMNVP6FNCOJfxO/CB2WH
KOVDulrBTn5NY7vapy1mit9nTBCt1PFB+I/GTSYQYfP0gT4iGijxJx+3zT3pkacmVWnnGvVFJsjl
QXIsPKg01vpJbvCOaQK8gfJpbFAbNZWP/DxNhRz+P3mLvqK/RZLDp6GR+HZlEFiaM86tA4wFE2zS
2ZJmrExnfnCWVCmY0JXOXDNlJ52Ts9lmmw2j2czPdF4Kadgs4HR2hdIlEucU3fKWt0znPekjzlnl
nCAzHKazODgPhfNxpgm+jKX0OOfFjJXpzJrS+ZYq8yQsKCNnvdrM5VT+UpltlnRlq/9GXql8nLPL
OUDCmjOTFGw269j5bnrX5aq8aK9JWNhgk9qWcnFmCefKdAk6891mZqZzOk1ISme/6uxcziTTOW1K
V1hzVrqt3EtnZ3GmLOda2czNqWlB+eRXE0QqW2E98axc4Qcm1ItzUgicrcbZg+a0GMNVdeIdtM35
az7Y4J36gRkU0jk/tjp6iLs5E9KZutCoAn3EFMCUP8/MKZHOj9f7aa4qq++zbdPjDBTOqSnRFWko
be6n6ftqgzoaJn1TLNKZjmBpSmPiPTxXMCNPoudSeynONFfRU1PbmEKRzj8mH+gdzLfaaqvhuX3Q
Cef6ih9MUx6+td0K0tljtjtEMSmwsu2URvJTPcyhPTyjkI9tiK3MYZjGhqY6FjOqecgZb5xVaE7L
FIOzECkz54kRbCZwylNnHHNOoSk9w7O5U6Saf/e+973T+eW8Fh3WtT18z5SJRMecu2WKTTHVSfSu
j9rQq+LO6krZGEO7to2wMYfd8JzKvExKm+eM65wNpkDbwM8Y58wh0MhPRVt1eXFu+E1ucpN0fipn
XZbOITXlK51/WpeGytXmSn6cywX9mTJX2aSVdH4dZ2yZ0pzkA87BzM9VEx5mqE3jXJ4XZ8hxDrs5
3dMZ9/AtW2WSorXlg5tvvvmwv9HvjjzyyDybdA7cwQcfnOjWJumlOoxFsgdt2th/p/h9xgS1cR0d
+jbm7FXOhcyDTaBI/RHMTjrppBH+lMdt+1ttVlcupQOfM8NMOo8Y/mOrS/Rq5Gqz+Svb2SHxcMm6
IxE6/hBubena8xgzplQhhy+2HN6RHJY6+izOwV0rAJkxMJ2ljHxh23zW8jL6M2crmlE7nfvo+7NN
hktyI2kgb3MmpNIFBzOYpnM5SUOBMexDdh4xuiljmU1Cm/r8YV/GUnroLMgA22yzTTq7VGXRVWWe
hAXxzfCbZAnKXwq2FWxlq/9GXql8nLPLuCI5mjOOFeDp6KnTBuVFe03CAvmStqVc5jhPsn+X/Bm7
kHue8pSnJP0TvZp8bXJmSobzv22b/5EkhbXtGpXGM86kRl7h3FbKMa8+iB5mW59PPCtX+FEW6mUL
BlL5sSGBVYlmVSfemSMr6d6+0sihthI/2aU4R91WRw9xN2dC0rWRPxToI+gg0ukZR0syp+J3uaqs
vs+2/R49iPNpS3RFGkqb+2n6vtqgjoZJ33a8qPbdd9+EJffwHh+wf4Ftqb18vL73oqemtoEWdt11
15QF9G5HCSbZnf5vDrpEJ9idxA/6lkXfmdOnQj9GVywF6A7Z1uenemCbOOCAA4afIW9i90JHb6rj
8IMWN+agS3qUTaZNsbEl2qr3ChmTYCu4K3NSDs84Nsd/xbno2JkmBcou+6zosK7t4Xu20jXZwOiP
nNldCpPoXd+0oVfFndWVsjEGdW0bYWMOuwodrRSUNu8Y16mfgvTqQw89NNlQm9IRbdXFgedhgzXn
c2WTxRNPVD66Miaa83ki31b8piv5MR5Bf+jVNmklnW8Ov8XehXywyy67jOnVwsMmCI7ZzMkPu5A5
3VOfZhyFb6GfE9ryQWhX/Y0+cNxxx6Xv/T9zuKb0sN2SD3UohTZt7L9T/D5jgtq4jg59G9tCx2qf
ffbxWad7ZDP6I2edYyvy/GkscssHarO6cikZ+JxNdqte9rKXJf6DTFMKtugp2VT6YFRKT7jV9Y38
G89jaK+QwxdbDs/bL34vIALW+VuFtbhywBhfmlFixtLG7TG10sWcEGOrnLQSh22StcWm0rXmHM5Y
qbsvpdkHy6Yykh4r7SlD3XnEKvMkLHzZbBBPZ4+xUputw/wWq/kqQJWvhAOrvPzKaJ9Hn3vlVYet
x8KvOGeLwC75mfNhuF1wqV48Y6Venqaw9qvbWLHBrLSmVXR5Ol1/a9ahGarHypSnpVlrYMhsSlaI
aVVcvs0r35bqlKepFaLkTxt5eqnDT8+1ai5Ps89vlbULrSsf6lBHV8RR2ip307UpnUk0TF5aUch2
fiqfv7ZJw8fvei96MsdMMX/Sg27Y3q0JB2bdind2LYOPb0bTkXz22muvtP2YtpSnDKU2Vz1K/UI0
21RHX4ZJ91q5y+p2c9YNcWOLKWFkhrXhc60Q1rumq+8jokPPY/KyqW6leivuJHpXvHnTmvLxV5W/
a9sIm6Z6q2814a13rOzy5fL3TbRFPLUvvJ8Zyf5b3YsXN5VXcdtcS2eBqy5c850XSFNY1+3Kwqoy
vhVPE8Y+3bp7fePzaTo2pU0dlX9bzBS/xB8m5ac2rqND9Q3qz6qCSenN6r3arK5cysfLQJzlpuf5
1RTx1MbsEDILfi3c2raRcPT0ojKGHP6NwaLJ4WqbuDavzm2lYK+hSFqVZ4bAsfMUfTW00sWcEInn
+HdmwEu8hm2S8+3e68YR/7yUpk+/7X1TGUlDYylbJ5dCWyz8t6xcgtcxprItq99iNV+hqfL5uuue
VV5+ZbTPo8+98qrD1mPhV5yzBW+XwCpLVuepHqUrOkMehLVf3cb5rMhW8KB5hUmrH32+5shL9QJD
VpCyQkyr4vJtXvmuVCefHvdaIcr4TBt5eilh559p1VyeZp/fKuukfl9KmzrU0RXxlbYve919UzqT
aJi8tKKQM4tLoU0ape/aPhM9IZPWBeiG7ZbrMOC5TTwd8s66dNo81+4Pyotdbdi6W1vK87zU5qoH
dJkH0WxTHfNvmn7DDygHq9uxOSj47do5bk1BK4RVp6ar7yOiQ89jlKauqlup3j5OE50q3rxpTfn4
q8rftW2ETVO91bea8NY7W0zkizVy30RbRFT7wvttEvfIt/ohXtxUXsVtcy2dBa66cM13XiBNYc1Y
Xwo2IWQ4XjCGCWOfbt29py/l03RsSin//Jnyb4uZ4pf4Q552/lttXEeH6hvUn23nVyoIy7pyqRxe
BrJFZ3o8dpUezI4yknXHInV4INzatpFw9PSi7EIOXzw5XG0T18VFIFacG1dmRg4rbUurP/1KJVMc
04wmGywqGyTty6qyrZ4qVtQyo6sUbGBPM8i0wrAUp82zpjLyvVb3mBG1uHK3VI88X2Y3s6qRVWXM
mM5n4rIqjxWdrMY15l3d+MY3Hiah8tn2PGll99Zbb51W7ZHGxhtvPIw3ixvlVWov0vdY7LbbbmkV
tin3qez5atSm8miVHW3o68o3rERgBaEZecdWJ5ewBjutXJiWFurKrHqboXpkBnApPhgyg48V4sRn
xh4rFaFlVoP4WWl8rzoxc57Zf/muBsbihqvaSO8e97jHcKUlq9pZdcmqglJg1iazNdvMDi59nz9T
Wc1J0rjTRP4dv5k12LTifFZ9fxINUxbtdlC3UwMzMsHVBO4xGuT7aYPoqY6nKH1WfNAXoSWuBJ4x
IxuaJ0xKI0Wa8O9Rj3pUmsVuhqiK1TnwGAWtfC+1uepR6hdtV20qn6YrYwAz0JlFzEosc+wPo9M/
4K2881jAL+FRkwJ8xhzniTcTVzTe1B+1mr5Ub+U3id4Vrw29Ku6srn3bRtg01Vu0ZJMu0q4X1K8U
4NU77LDDcEVCHqeJtoir9mUMYeXRlltumScx3FmiqbxjHzU8YGcT/mz717T6CLo05amyMxYTn+DT
PC9hnY/rykZ8T+Md/byPDCTc8/yVT9trmzb2aSl+iT/4eKV7tbHvtz6e+DArYOri+PizulebmTO8
ccUfvIedaJCBWAXEjhilAM9iBj0YzXLFeb7TRylvnjXxmFL7iSb5NuRwUPgfhishh5+XY/wHgXmt
dl1EdP0qI3hG3Sof+jPySWn1ZykNVqOiBxBOO+20tOqzTq9GP2Eno2l1qaYyUg6t7jEjanHlbqke
fOcDejU8l5WiJ554YlGvRr9kNRgryeG/CiofKy5Zhc3KNtKbl15d116Ux2NxjWtcI63CtqNm0srd
fDWqyl+6apUdMhG79fnAWGrbQxdX+5awRq+2I2iqbbfddmpa8OXw96q3GaprV1oqPu2F3A+9EB+d
mp24WMHMDm+5Xq06sarcJgYX9WqtaiM9ViFqpSU2GvBr0qvZYW9WerXKak6Sxp0mhIW/soqvacX5
rPq++kuJ56g8yE3sdlC3U4NWOrJLUN0KeaXV5yp6quMpStO2hE60jd5AfQg8Y2Wl9OxJaSitpiur
h1lpzq4K7IaEDUhBK99Lba56lPpF21WbyqfpyhhgE8STXQ/5mh0tFZBt4a3I6B4LdtzafvvtFa32
as6kyhzniTcTSTTe1B+1urdUb2U0id4Vrw29Ku6srn3bRtg01Vu0xCpq+BP1KwXG7Z122qlWbmqi
LdJT+zKGoAew6jsP2lmiqbz5N02/0amxa0FnrDyXXo1dhrGbkOclrPNxXfmI70GH3DOW9ZGBhHue
v/Jpe23Txj4txS/xBx+vdK829v3WxxMfZleBujg+/qzu1WbswMpuH3UB3gPPRAZ63etel3bkK8XF
psKOHWCk3ZVK8do+E275Th913zfxmFL7iSZJL+Tw81AVhishh9e1YzxfIASs87cKa3FVgTHbNJvL
rxYv1aNppUspDWa7sSrGmnHALLRSmjxjxbYZsGrf131Xet5URuJrVpMJlsX8SvXI8/Erk/IV5Yqr
VU756m1fPlZqK/48rj6v0gruHAu/2tMGnWLZbDvltGpfq0GZ1WrbY9W2MSuyzMiQ3ttWLSNptsF6
Hrio3uaUGClPXV46Fxo61l9ptTnfq07EY1ZjniY7HSgNVlGAz5577pmeMXM6j+9/z5peVNZJ/d6X
QffQN327RFfEmVXfn0TD5KX2pDylc5htK7KEb1N5Va8+V+Vfx1NIU6tlS3yQOprgmcrYlEabsnne
ZMLcGD0xexn6K7W56lHqF+Jn05aPOvhdG3I8/LtZ5CUap845L6YsrERSf3znO985hpcwn0Tviif8
oTX6gJ7rahMk0sxv/Z7FtW/bCJtSe6tcnB8GPuxWYEaosfooHryp6X0TbZEGfUA7b5T4IOnrfVN5
VZ5JV60MNwd1sU7aESHPS1jbpLmBbVU58i20a9u0J7wY88CjLx9U/uTDCpG8PuTFyizbsjZhl7/X
7zZtrLhcFb/EH3y80r3auK7fcna8+Fzdam3qygohM2yM1bmUZ5tn2jUh5zX6lhVvulf77rjjjkku
1XNdPa82w2DiZXrX9yrcbOLcsBw+Lc6s87+bxsRS+/WlQZ9n1/umMpKW6lxHK6V65GUQr4U/LbIc
npd7Pf9upUQvSSQzVKexwK8WL1WtaaVLKQ34FatioHv6T11gxbYZseted3reVEYS0uoe+m0plOqR
x/Mrk/IV5YqrVU756m1fvvxsVX07q6vPi76chxwLv9qT3ZBKAT2QlepaDWrOhsGd7nSn2jZmRZY5
rdJ7dHUf2mDt48/qXvVm7G4TdC605G+uNmG/+KnqRBwzwI/FYacDpYOODT62NW16ZttTj8X3D1jZ
P8ugsk7q96U8oe/SijfFnVXfn0TD5Kf2pDzY5/LA7opg3lTe/Jsuv5V/HU8hLXMEpzKU+CB1tCN/
0vumNNqUyfMmWygy9gk7Q4FFqc1Vj1K/ED+btnwUCJ6hXRtyPPy7WeQlGqfOOS+mLNhh1B/tKCke
FcMketdHwh9aow/kwbaGHztnPY/T9XffthE2pfZWGXTmM7sV2AQvPR67MpY1vW+iLRKjD2jnjRIf
JH29byrvWMFqHpjDLLU7uz+WgnZEyPMS1uywYoutRj6Fdm0xRUqXMQ88+vJB5U8+5twfyYcf5IWd
6Oijj07YjUX474M2bey/VfwSf/DxSvdq47p+axPChnyubrU2dbWt6ZPeVcqjzzPtmpDzGqVlTlTd
DncUsO31B8ilefC8+pBDDkntkMfp+lu42cSU4qc24WDkedOYWGq/vjQ4kmnHH01lJCnVuY5WSvXI
iyBeC/9eZDk8L3f8XjwEOOe1VVhLRhEMchi4bEVwGpRsBveAZxikSvWw1SzJeF1yULG1JR2NNGAo
+l6GSJvxlhQeDL56x9ZH2r54Fk4typ2XUfXhHYZsO0MllRNmr3LguOe9xwLDN8/0neJylVGQ+rKd
K85k/x6HlYRGFDq9Ix9bbZUcjsJQbaA4s7pS7q5Y+HpR/pNPPnnoHMBBiqFe9Xrc4x6X6sX2TTxT
fXAM+TqAOYZw4ghT3vMcIwLPPd1RBv/9LO/BmnzZeox87dy39BusmvLxBn++s5nGRWcGaTBgEUd/
xx9/fHKe0O4YBfTcO0RkROYd8b1DhoHOVl8Mv6s7YqCp/Pk76BCcfZ8VrXMFp9I3ikP/tpV5wzb3
fcx/17fvQ0PKq9Rf9E55yQkGftAhii3tjLPNZoYPsRON6ru+V18+8pFjHkOQeAll9OmrjeGD+XEM
KJnQA+X3fMl/3/beT8SAt2qyBQKQ39JOfc6nK6c6/cLzaepIe1M+6ui/6Xsv2si3apcxhrw87+yb
j2ic9PiDp2GcpH0kZPI8d4T6dmxL75TR8wpwpD2gF8Y68UGccrPgc7Qt6fi2oazqH74NhZ/e8R3b
ZVN3zwd5T3srvudnODvhR3pHXIzCdQ5t8QXS87TFb5XD54UTW+2E4s2Yw3ucYnZO4fBdTp8qT5er
rxdGL18Oyq1jDeoc55QTJzDHIjDO2u4yQ6MV7xgrVR7RehcZyPM0+ghbnCk9+oXtoJHwIE3y1zuu
wrZtG/NNnzGhDx/UBCIwwlhCG5M/dAtvgUfzDpoifV+vvveahIBREWxIh3HFViSlfg+GtutAek57
kj9/xCee8rUZ/QOOfND7uu36Fb/tVRPzqLvKQd9mYp2OhfGTfnK5zucjfhdy+G8GiyCH+7aJ+3En
Yyuleo1FwiCHgUvHj9gKmgHPMEiVAuM0xmucAvAnH+D78BvSKBki4V3o7xh8FeAPkvVm4dSi3L6M
ONFUH95hyJYM7A12GEh577HA8M0zfacyc5VRkPqynSuykw/I9eK98GUF8kHuoq78qXykN+tAubti
4etF+W03k6FzAJ4Ab1e9kG0IjDU8E03gGPIBzDGEE0eY8p7n0sk93c0DC5UHWiBf6VrYWPgNVk3B
G/yph602LzozSEMGX+H0nOc8J8kMtLut4h/i5x0iXr4nvnfIIO/pqDrSRKaaNkCH4Oz7rGidKzjl
QX2E9/TvBz3oQSM0rO/9d3Iyde370JDSK/UXvVNecoKBD3SIjEu74mxDdlJbiEb1Xd+rLx/5SBdE
zvI4+fTVxmCRH8cAH4AeKKfnS/77tvd+Iga8VZNzsNXgkBQW6nM+XTnV6ReeT1NH2ptvqeMsgmgD
/gmfUkCWVBk979T7rlfRuNKEp+Gcg4Zs1fAwr9wR6tuxLb1TNs8rwJH2gF4Y68QHccrNgs/RtqTj
24ayqn/4NhRuesd3bJcNLp4P8p72VvD8jIm98CMF4tpuI7UObY29pOdpi98qh88LXVrthO2TMYf3
2ITsPPLhuxNOOGGEPlWeLldfLxYO+XJQbh1rUOc4p5xMdsFeAv3aqt6BrVYelpGxUkG03oUPep5G
H8F2r0C/sJ1JUl6k6fsPcYRt2zbmmz5jQh8+qAlE4KfFAOQP3cJb4NG8Q84k/VkETUKgfcCGwLiC
jk+/B0P0ewLtKRokPvEUsFNw5IPe123Xr/htr5qYR91VDvo2NnRNMPKTfrxcF3L4eXxhUeXwtjQQ
8VYXgaVznHvDsRiWv2Ikh5HI2OMNnoonY54Mw3rOVU4PBlI5hXgOM2U1kwyk+ganqncYKt+2VxlH
ld6kqxxUMG1vlC99R/n9CmOYqpwFig8GCHAydPIc46WMv94Qrm/8VeVpW9+meH2xIE0Mt3nb+HJy
LwOvBk7/3jug6miMwcp/4+9JW8b0pjp2fXfqqafW5kn+z3ve84a0XkrbG2ERVktxeFZXZ19H7jFw
Kw0MRFqpqHgM7DhM9JsrfQcBRN/1uULvOe36PJSPdhQgjzbfKA2PTd++X+InSt9fPYa0n39Xuhdd
+77cB8O25fOrKnP6g+dwPtp+++03LLfvO33KpW9Q2Er1Lz3DMUj7aiWo4qgsJb6F8wiaVX59rqV+
wplxyn8WqzkxQpIe/Ubplq68/9jHPjasT196Fw4ohaV89MyOexhx1Oq7LtecnpS2vx522GHDOpF2
m2/4Pp8YJKe30qad5LjVM64YMFWHUvv6uLpnjBQtwfcn8SZ9N+04kZcPGqBfH3TQQSNtJzlG9WrT
9zGEaNznu7580O8AQ71LdIxRRPj1beM29E7efkwgrzZYUG7PB5EpNVNdbVmSv2xLtyEtCfu+V/q2
8uKqcUDP+I2jQuljQNI7rraFbPrzz+gTij/tFSc5/Fbpl/qAVsuHHP6sIe6LLodPSxfL+P3qqvHz
z90bjtWf/ZWxwRvevcFT8WTMk2FYz7nK6YGhXU4hnsOfWc0kA6m+wanqHYZdESjpeEq7dGVcJWBc
9kb5UlzKzwQzBYyvWv2m+GDAZEcZOnmOc0rGX28I1zf+qvIoj2mufbEgT2SbvG18ObmXgffI/040
9++9A6qOxvykL/+t0oafzDrIcZnnp992NEhjln4yRNO5s3V1Vj664tBTwLmmlYp6j9EeY7B+c6Xv
4ICbJkDvOe36PJSPdhQgrzbfKA2PTd++X+InSt9fPYa0n39Xuhdd+77cB8u25fOrKnP6g+fYFvMj
sqnvO33KpW80OaiEQf4MHZD21Yp3vVdZSnwL5xE0O00o9ZOb3/zmwzacxWpO2RdK+ojqyVU6g+rT
l971/ST91Y57GHHU6rsu15yefH10z85QPrT5hm/ziUFyeitd2kmOWz3jakc+DrMrta+Pq3vGSNES
fH8Sb9J39OVpxom8fNAA/foRj3jEkAbJS3KMKtam76M3atznu758UBOVVecSHTPBQPiRV582bkPv
5O3HBPJqgwVl93wQmfKRj3zkCMYl+YtdFWcVsAcIQ64aB/SM39gWFHIbLTbH3O5In5hVwEkOv1V5
Sn0Avwsh5PC1I4fPij4infkjsHSO85JDRAyGK0qiN9zkgw1xZMzLHbUYIrVyhjQYGNhS1Keve5ww
OCW98dfn2/ZeK9eV7qSrtnYsOY1K33qnAN+UjL3+OwZePxGA7TK9cdTHZfBUedrWtyleXyyUJu2F
U8+XUfe+XrmBmTis1AMf0hKNecEE2kDBLxmH+R6MyF9lmdXVb5enuvirb99SngivbconhwzOAu7t
HJghjuCAAIlwmeeBQ8GvSPdlu+ENb5gMTFo9nH/b5Xcbes8dCW2+UXnz7en79P229Jv3GfgRZVdZ
uOLkYwa0F9DAuQtmedy25aPtNflI/BMayMtIOe3M7zQDOM+rz2/yZKspjwP38GkmXninJ8YAVnsy
ccnHZ9IGq1A1e9q/y8eGPmXkGxxaJT6AMxClqG+6+s6vKMEZrBWmvi44/1Di9A3Xaeid7+vw50gL
+BCzbX1+fe5FT74u+T0TB3zabb4hDXgwqzX8t8yAL7UVtMyYkB+RIN6flyn/zQQJP/bDLw488MAR
WuQbJruwakjfTztO+PLhGFW6usI3Srt7yFmMAgqvYxKEvqFf0b4eN9334YN8y64AOspD+XDFkVCa
bNenjdvQez4mULY+fFB4MN6W+CA8KnfQ65tprjji8/xodwycpYl6ds59Efc6upimbHzLKsGcBzNW
4ETxsnSpfUMOP2+HAN8/dO/lVXBeSTl8WppYxu/nr6qvbg4lh4hokStHn/igVTE+jox5uaMWQyS8
SoEVfiU5j7RwwuCU9MZffdflqpXrvnxN93bWb0q+5DQqfeedAnxTMvb671jV7CcCILt646iPC/+s
22qyCwaK2xcLfU974dTzZdS9r1duYCYOK/XAhyAao376HtpAti8Zh4kDRuQ/64BcqDKUrr59S3nL
2T+pfHLI4Czg3sse4IB9CZ0hDzgUkDVKZbvpTW+aVvtr9XD+bZffbeg9dyS0+Ublzren79P329Kv
+rDqDz+i7CoLV5x86G/eMQzO04S25aPtNflI/BMayMtIOdEvsMPNIpAnOwJ6HLiHTzPxwjs9WS3P
ak8mLvn4TNpgFSq2HP+c+3xs6Ftm5OcSH0AW8iuA+6bPkRIqO85grTDVM644//yqUvKaht75vg5/
jrSAD7EqfdogevJ1ye+ZOOBDm29IAx6XH52CfldqK2iZMQE93Afx/rxM+W8mSPixH37hbZGKjy2M
IzT1exIf9mUp3fvyeZub0odvlHb3kLOYbf3hdUyC0Df0K9q3FPrwQdLBrqWjPJQPVyZWlSbb9Wnj
NvSejwmUrQ8f5DsC422JD8KjsEHMOmAHyfOj3Znkgv6Sh8997nNF3OvoIv++628mxOc8mLGCRY5e
li61b8jh9Xq1l1dpk5WUw7vSQMRfPQTOR9bGWCeG3/72txPjrNcIpvBWdp5Utemmm1YmVFabbbZZ
tfHGG69JOMzZUpmiVhlTrmzwrmh3GyirDTbYoNpmm21SHddkxVyhqZc5gZg0ktrJBsjqAhe4gIux
Pm5tlmNlMzgr26qsMqNGZavDaytuClRlymRlKykrUzCq85///CkuabTBzoTdRFcXutCFKvqLDfJL
QUsr1ffBzxS2hBmYb7HFFrVttdIvTLiottpqq+p85ztf4hnwQMoIH4QnzjrQf/mDBsFhUXmtGRES
rcM7wWfzzTefNRQj6TEGwdM23HDDueCuzEyRT/Uir0022WRh8Vd521xtJXWiJzNiVBtttFGi3Tbf
dY1DG5EH/RkeOA/aNYd9deELXzi1DfzJtpKrzLCUfv/f//1fsci2DVpl2xJWplRVV7va1VIcykgb
t+HvffkgZaUfkxe0NA9+UazwHB9SF2QojXXwKGhqnqFr30eus5WQiWdTznmPJ/BrcIEXMi7MI/Sl
wXmUZdo014McPi1Gi/R9HV9dpDKutbLQn+FT0quRn+YxXq4ELjaxpbIJm9UNbnCDyhyalRlfkwzF
2LrtttsuxbgHj0eOkly45ZZbtpIdVgL/lcwD3WfvvfeubIvtylY2V7Y6vDb77373u5VtxZz0cJso
1kuvRi+UrDEvnau2AnN6sVJ9H5mEfgmPod0udrGLzalG3ZO1iZ/V1ltvPdSrscNRRvjgPORk+i9y
JDIaOCwqrzXHUNJp4J3gc9GLXrQ7uB2+YAyCp13wghecC+4qCno1uhp50Z8XFX+Vt80VPQj9Tnr1
vGwgtJH06nnZ3xnb6HfoqfAn9Cfp1XX608EHH1zZauPKnNaVLdpIkMFzuujVfWQg2TPIC1qaB79o
0/6zjENd/FgHj5q3Xt217yPX2SSSxLOxwcx7PIFnMybAs+fVt1ZqLJ4lrdSltR7k8Lq6x/PZIRCO
89lhGSkFAmsKAZsVX9nOCJWtckzOcxxudcFmiFa77bZbim9blyXBoC5uPA8EAoFAIBBYOwjYirHK
di6o7Nyw6spXvvLaKXiUNBAIBAKBVUYgHOer3ACRfSCwIAjYjj6VrfqubJVjZWfZpomsdUVjcu32
229f2U4KlR0RGHp1HVDxPBAIBAKBNYaArYavTjnllMp2gqtsJ7A1VvoobiAQCAQCgUCOQDjOc0Ti
dyCwpAgwM+3EE0+smMnMLMQ3velNaYUA1bUtbyrbBimtVMyrb9suVbY9dGXbCqVXtk1YWknAyuJD
Dz20su2i80/idyAQCAQCgcCCI8DsaMYE25YwjQV77bVXZce1pJUP7DCy7777LngNoniBQCAQCKwu
AuE4X138I/dAYLUQQK8+9thjqx//+MdJr8YBzkpLwlFHHVUddthhRb36zDPPrOyonsrOIU1x0b9Z
RYtebecNpx3+0ov4FwgEAoFAILBmEECvtiMEqpe+9KVpLLCjsCo7riXp1XYMWrX//vuvmbpEQQOB
QCAQCAT+h0A4zv+HRdwFAkuNANtA2TktQ2e5ryzbBjMrsmQAZNYk27OXwumnn15d+9rXLr2KZ4FA
IBAIBAILjICO4CgV0c5+r+y8x7QNWOl9PAsEAoFAIBCoinJz4BIIBALLjwB6NavL5Sz3NUavZlV5
aSvfAw44IB2P4+Prnm3e99hjD/2MayAQCAQCgcAaQUBHcJSKa2e/V1/5yldCry6BE88CgUAgEFhw
BMJxvuANFMULBGaJwLnnnpvOh+ZMFB+Y6c6WcZxTnQdmT55zzjnF8+owGPBthEAgEAgEAoG1hwDO
c1ZNed7PeXFMouKc0giBQCAQCAQC9QiUJpzWx443gUAgsEwIoB9zdn2uC/N7hx12GJGtVG/0apzq
pSPSdtxxx7G09F1cA4FAIBAIBBYbAZznuV7NOd2ce73VVlstduGjdIFAIBAIBAJFBMJxXoQlHgYC
gUAgEAgEAoFAIBAIBAKBQCAQCAQCZQTCcV7GJZ4GAoFAIBAIBAKBQCAQCAQCgUAgEAgEAmsZgXCc
r+XWi7IHAoFAIBAIBAKBQCAQCAQCgUAgEAisOALhOF9xyCPDQCAQCAQCgUAgEAgEAoFAIBAIBAKB
QGDuCITjfO4QRwaBQCAQCAQCgUAgEAgEAoFAIBAIBALLhEA4zpepNaMugUAgEAgEAoFAIBAIBAKB
QCAQCAQCgcB5CITjPCghEAgEAoFAIBAIBAKBQCAQCAQCgUAgEOiAQDjOO4AVUQOBQCAQCAQCgUAg
EAgEAoFAIBAIBAKBNYJAOM7XSENFMQOBQCAQCAQCgUAgEAgEAoFAIBAIBBYDgXCcL0Y7RCkCgUAg
EAgEAoFAIBAIBAKBQCAQCAQCgVkiEI7zWaK5wGn98Y9/rN72trdVm2++eXWrW92q2mCDDRa4tFG0
QCAQCAQCgbYI/PCHP6w+/OEPVzvttFN13etet+1nES8QmBkCQYMzg3JhE/r0pz9dfec736l23333
xGsWtqBRsEBgBREIx/kKgr1AWaFXv/GNb6wuetGLVre73e1Cr16gtomiBAKBQCAwDQJnn312dcYZ
Z1Q777xzdf3rX3+apOLbQKAXAkGDvWBbUx99/OMfr775zW8mHnOFK1xhTZU9ChsIrDcEwnG+Tloc
p/n+++9fXeISl6gwfqLor3Y499xzq4MOOqi62MUuVp3vfOer/va3v6UivfCFL6w23XTT1S5eMf9/
/etf1WMe85iKsl/oQhdKZW5TXjA/6qijqq233rr68Y9/XD30oQ+t9tlnn2Ie8XAUgZ/97GfVe97z
nur9739/Bf6ES13qUtUjH/nI6jKXucxo5Pi1EAi89KUvrd797ndXm222WaL3U045pQqBsH3TQPMP
etCDKgzyf/3rX6srXvGK1ROe8ITEJ0upPPaxj63gQzjN3/72t4cBtwTShGff+ta30uSyz3/+8ynm
+c9//uoa17hGdfDBBydeP+HzNftafZX63uhGN0p016cy86JB+sIDH/jAJCdw/+IXv7jaZptt+hQx
vpkCAeSzG97whtW3v/3t6phjjkn9York4tNAYGkQCMf50jRlp4q86U1vqu5yl7tUl7zkJSvkh0Wg
A/TLe9/73knXR69GfiS85jWvWWi9+iEPeUh1zjnnVBe+8IVTmduUF4Mz+jjywI9+9KPq0Y9+dHWH
O9yhUxuu18g//elPk7yLnia9+tKXvnR1xBFHVNttt916hWWh6/285z1vuAAGekd232WXXRa6zItU
OGj+Xve6V9Il/vKXv1S77rpr9dSnPrVWr8ZOh+0Cp/mZZ54ZenWPxvzGN75RveENb6g+85nPpK/R
M69znetUhx566FLr1eqr1PfmN7959bCHPawHelWyFc+DBukL97znPZOc8JOf/KR63eteV8H/I6ws
AujV2JnoJ894xjNSv1jZEkRugUAg0AWBpXWcf/nLX65QajHy4by57GUvm4QfmBPK7d3vfvdaYakL
gGslLgrmbW5zm4VynGvlksdwXo59lIyvfvWr1QUucAGfXXI0QR9tw5///OdERz/4wQ/SJ23Ly6qE
Aw88cJjN05/+9OqAAw4Y/o6bMgI4sW5605sWXz7ucY9bF0LGYDConvOc51QIujhPN9544yIe+UP6
15Of/OTqAQ94QKLZ/P08f9/vfver3vrWtw6z+MAHPlBd7WpXG/6Om2YEct54i1vconrlK19Zq7if
dNJJ1dFHH11Nitec6/p9iwHqsMMOKwJw+umnV9e+9rWL75bhoe+r09DPvGgw7wvve9/7qmte85pz
g55JcV/60pfGZAWfIZPmrne961UYRRSQOTH8b7jhhnqU7vfee++ReLz83e9+lwxJ8HaM1qxo2WGH
HdJ3GPSQ1/7zn/+MpHODG9wg9X/i8x6HCI4Rha222qq66lWvqp8zv5LvHe94x+pjH/tYtWjyCzSB
ce6JT3xiTKabecvXJxi4n4fNIjhM61tpdm++8IUvJAcsejS7l22//fZpshW61RZbbFHd5z73GeFJ
s8t5MVNilx/4+yI5znHg5860eZUPPbg0Vu61117J7tK21dCrr3KVq1Tf//730ydty/vqV786OcKU
z7Of/eyY0CUwGq44sXBelQI6I7r1sgdkrxNOOCEtgjj22GNb69X0LyYXMNGDiYQrGe52t7slOUd5
fvazn52rLKx8luWa80Zsom95y1tq9erjjjuuOvzww5PttCnesuAz63rgPH7wgx9cTBYdZo899ii+
W4aHvq9OorOm+s6LBvO+8KlPfap2TGgqX9t3TOj73Oc+16hXM2kOPdfr1cic7Gbn9eoLXvCC1U1u
cpOReJTjt7/9bfWJT3yikl59pStdabgzGnr1hz70oRG9mnRufOMbD/Vq5Dnieb2aRVpXv/rV21az
czz0amzclG3R5Jd3vetd1ate9aqK8TEm03Vu2t4fBO69oVuRD5fOcf73v/89zUB+xSteUQtgW2dn
bQJr8AUTCJ7ylKck4wZMcJNNNln1Wvz73/+ufvGLX6RB7g9/+EMSoubVNkyUwMiXh8c//vFp5XL+
vOk3Rm9WviH0tS3vP/7xj+pPf/pTMjizMnTRDM9N9V2tdwg/rCB4yUtekgQX0S+OjZ///OcVxhlW
8C97wKiEkPib3/ym024RTBxipeZq0Bplpp/Q777+9a9X4TjvTqUoATip9ttvv+r2t799WmnrFQqf
IoLWy1/+8mTIYaW6F/x9vLgfR0D9izGS1Qj0GY4ywYgL32a2OI7SZQ0oih/96Eere9zjHhPprAmD
edIgcgKz41Gi581LMMZjFJ0Uvve97w1XGEJDKNe//OUvxz575zvfOWYgyvPwcgQGjZJBSflBp6Xj
GC5ykYskwwRpzSMwHjOB6yMf+UjalYDdCRYhUC5Wc6Dgz5s2FqG+i1KGwP1/LbHsjnP0anjii170
ov9VOrtr6+zMPlvTP9leEyfjxS9+8epZz3rWwujV6Ef0T2TwK1/5ynNz7LNrGuN+HtDVcC52Cci7
rHzrUl7kM7bLf9KTnpRWhi6a4blL/VcqLnRxyCGHVM997nOra13rWtWJJ56Y6JdJf0zOxpGAs2DZ
AzIbE2J/9atfddotgp0Q9t1331VxclBm+smtb33r6itf+UoVjvPuVIodBSfVne50p+qud71r9drX
vnbMAadUmfyPve5mN7tZkjFDrxYyk6/qX0yyY3I2q/fRq88666wKeQJn8rLr1R/84AdTPSfRWROa
86RB5ATaAT4yb15y6qmnJjpoqivvfv3rXyc/BffQ0OUud7nkJ+C3Dzi5sQH7kOfhZVLskMgWeVB+
yHLs7JgH9GpolrTmERiPmcAFrTz84Q9PvGYe+XRNk3Kx6Ar7+7xpo2vZljl+4L74rbtUjnO/Igbo
jz/++LQdNs4GjH0wAYI3UqYH8W/VEWC7EmZdYSCfx1byrFojXRz0rNpVQEH85Cc/WTE4dgn//Oc/
00qLruVly3GUrtVwZnap3yLEBWMEI4wpCEnrdcZb376h4xlWk9a0fXM4NPr1KHbK2G233dJKchxD
dY7zfqnHVyCAg5wVzPAXZl0zC3m9hbVAZyvFS3BQa9Y6s9wxrDGBBRphlxj4MUo0xjTfH5l8wKx6
Vp5jbFNgMgar8X1cJn+RJg504rOLCDvScPwIMgrOdiY0IMMS2E6SyTMYnpBzOY4BpwFGXNJRwBjO
ZKX1FlaKNtYbrpPqG7ifh9AyO879ihhqy+QZdp6AnyHXMaGJ4I2U6UH8W3UEGKtYWcxEbyZkzZpO
SZPx5/e///3Ijj1s+YrDpI9ezTjbtbyMh5wxH47zySSHXo1OgaOc3QJwTKzH0Ldv6HiG1aQ1bSEe
Do1+lMtOGeyWgtMQx6SXzfulGF/lCOBs3GmnnRJ/wSm5HvXqtUBnK8VLvvvd7yY7Lo5BaOFlL3tZ
msCy++67p11i2EGNXdOYFOT7I0ckYJ9g91G2rFdgMgYTOX1cxrQP2aQYdhAkPgsEmVTNJD706tNO
Oy0549mdkYBezqQG6dXwdvRqHPCko8CiFHZTWm9hpWhjveE6qb6B+ySEVvf9UjnO5SgCUs5tgiH7
wMxozv7CWYqy58/5RvFjRTKGc7adQ7mAmeLkxDCw0UYbDZPCoMm2uQRWTSN8sfUV23Ezg4stN2HW
nJ9TCsy2Y/tXyoPRHsaPoolhlK1SvYAxTV4YPDDMkh8zJakTAxNngE2aOYkzmVX7KMYE6nLLW94y
zXZlQKJ++fnSX/ziF1O9wI+Zy/qOFXylmV4pwn//9XUO+jTa3GMQZ5Y8DlkGYwQb2o1Z1nUBDLQ1
Km0DFtQHHBmoS45+2o2BV1vPsSKBPFBU2cLHOzMRJNgGCsxIn5XpxIFOMUwxmFMGjPhsewSd+MA2
NpxPA00pQPusVGUL2FLAOUC6pA9dcM48mHB/xhlnJKFmyy23HPkUOqKPvOMd76gQgugf4IASzjes
QEOYmTawSoK2QZA66KCDUhuxDSvlQajh2AXopXQeD7MH4QOUh7ikhSEGQ1++3bL6Fn2BP/oLk2v4
DmUKYwz9mVXtbOPMOXpvfvObUzsghNH3yYcVgDg42B7xaU97WuI9YEEb50YJ2orJE6ycBEMCE3nI
l1Xleb8kD2ZdsuqVmdJMICA+NKOQHz+g5wimOGLYeg+6oX4EtgD2PEbxdWU7JeiJfk6gnW9729um
Fal1qxkxdEFLzIanDtSbLZfAhZU4vJvVVu1t6d33K+rBOWVgyfZh9FtoHnq91a1uxeti6MMHu9Cg
z5S84KG0D8dHQK841FjJyriQO87J5/Wvf/1wCyv6J9/kdK48GNtoWwJ8gX7EedGMXbQxCgQ8w491
+pYrzj5mxTJWQj+0J2Md/JMArd75zncemZmLYYcyipYwVtAOGFXhNZzpVEe/KdE5/qM+YMgYcN/7
3jf1K9WFbOnv1Kk00xijALwAukaOoM3AHT6z4447jpQaemWsh39rDCYefYZ+hqzCc/goO2z02UUD
PoeDV1hCC4xT9EEFxaGt6aOeXhgPWH2ErAPPZewXXSADITcpbaXHtSsN6lvyBhP4OjyWMmHgpy9C
M6wie9SjHjWyfaacdPBmVna/4AUvSLhBg5yXl29Pq7ymvSpfZIe68dTncfLJJ1dHHXVUMuQzFuE8
QH4ojVdKm++JR//Slu3QBOPIFa5whWQgyMcGaA5ZAFkWpwF5QXvk5be182Xrc09fpVziC8gn9PNt
t922MbmV6Pv0T+Rn7UwDTbEaX2MdBSzRLc+hwbZyOPGnCaxqg7cg59GujD3wQfoc8gB0Rd+jjf24
1UcehD+TD5MqyIsATdGHPT/w9ekjl/TFnbahzowL8GACeDDhAzmjSTbxZV6k+1k7JBepbnIUUSYm
B+25554jxYMfowvB31gF6bFgzKFPwqPQfZCt4fXIXfvvv/+Qp5Ag8jjyCAEaYUUgPBcdFt3o8pe/
fNpNjnGyFOjP6CbQvvQTdFTkGnR0T1fT5EXZMMySH/2VOqGrobPlPDovJ/hh7GX1EwEZCprXblKc
171ddr40Mhu6CPipv/AdOwBMOpqjr3MwL/ek3yxMgLcwXiFPoffSx5Fb6wLjCjoybcHYQrvyh54M
P0Ln9bREOsR9//vfP9SdkM3IA4wwuHtnJnxUPIb0kSkwfiPXvfe97010RTtAF+hJnFXvw9lnn512
cYKmFKB97BlsAVsK0B30SvrQBfoSmMCHwYO+hA3GB8lCyJPUmf4BDpx7yjfofshk0wZ0M9oGDMGB
NkL2RN6krMjm6Ny5XYd8NX5RHuJCr9gY4Nn57jjqW/QF/ugvrHDnO+Q9MKA/0w4sYkCOYKyiHRi7
GNPJh7ZhIiA2BuQp5BuwoI1zGZu2oo8gs4IhAXsB+WK3yvsleSDHUHbqRt+Cltro1cid7OrFKkHo
hvoRJunV2IlwwHAl0M7IUfc13aOkYxAHnJBRkLOpA45I7AQ4frA1zNJx3pbefb+ijNA3WLJzAf0W
modekUnrQh8+2IUGfb7kBU60D8eLcMQSejUyUclxTj7oPxov4KHQSU7nyoOxDd2aAF/A9gGNMnbR
xshd8AzJz/pOVybbwi/on8RBJqSd4SME6AsdzNvjyI8yipboDxwbINs1/aZO7lW+87pSH/Qz+Ivs
Ad42SX+n//n6qCwscIIXgAe8nzYDd/gM478P0CtjPe0Eb2EMJh59hn4Gv+A59r8jjzwyvffft7mn
TUhLWEILjL3eXqw4tDV91NML4wHlpo8/4hGPSGO/6AIZiInYStuXpysN6lvGEjDBVgQOlIkxi76I
fQm7JcdZ+eMe5aTDloEujv4KbpSb3XQm2e6Vd9er8oXPl1Z65+lhT0U+YpxGl0Jf/trXvlYcr5Q2
aRAP+xN9isBYDE2QJ7SWjw3QHO37IZNNlBdYkNcs9Wr6KnSutkA+QQfELtcUVqLvS6/WzjTId+ir
GusoX4lued5FDif+NAE+A59EzoNmGXvgg9gAkAfgx/Q92tiPW33kQXQZ8sGuTl4E6II+7PmBr08f
uQS9ug/utA11ZlzAvk0AD2Q9+LDGM1++uO+JgBFTq2CC8mCR/4zhD8zBgDdpYEa0YllNaRgYIQ3M
QDuwVazDONxbB0vf8n3+R3zSV/1t4BuLk3/Db2OKw2/0rTG9wXbbbVf7PeUjjuJPk5cpA2P5GEMZ
GLMZpq98dDWhZ2CGhrHv8vrZIDuShjGvxm/MuDISX/npqjag/iZwNcbVN12vpnwMzEiRymmD4sBW
haV7U7yLmJjgMTAFoLFepfKac7nxG7A0IWBYR2NyiS49xjagD8wQM5ZOnp85Jsfi+HTMaTqg3h4r
m3XX+A3f57QL/dMPfNr5fR2OPu8296Z0NOZDvuZMGGszc0I1fmfC4wAeoDKYIDkSH2zNSJLSzutG
vzGFeSR+Hif/TT83Q9cwv1J/9N/YsQHDuJTRBNxW+ZlQM/zOhLExWvJ56N4cdwMTzoffkR/0boNs
Y55m9Bj5hu/MEd34DXnm/EJt0PXahd7pV6pv09UMEGN16ssHu9Ig9TcDYuP4Q9nNQTbWXqYcjdXP
8xWPLTzADBxj8XNc6MO2i8YYHqaIT/yWtExBHn5rRrHGb3Je5ss773vwsBXDjeWjPqY4DutDmfiO
Zzlu/jf91vetnJ/RlvQj/43u4dd96l6SE5BpUqWF/wAAONZJREFUfDlyfkeeqp8ZlorlUbkoc0lu
6EKDqhd8sEkGIs8SbZjxqbGM5tzthZ3KVXdVvm14GOMLdaP8NhlhYKvNU5nr+qXSFs6eL0smKvV9
ymqTqFLa9FnyZUwknTblrKtr6XleRvKwCWONWK9E3zclsZEehKlN3Bora1c5vIRL22dmwJtYTi87
TSMPmsOhMS9kINL3Ze8ql0yDO/KJ6FTt46/0G5s8NlI+X9ZFvW+lRK/BSGYgGpghP9EU41opmLNr
YI6fgTkkBuZ4G0bh3s6trqVH4pO+ghkma+N6GmGsy4OtaBuYw6L2e8pHHIVp8jJj2Fg+ZlQcmOFK
yY9dbcLmcCzwdcnvGYd9mMQ74PVNQW1A/ek78whmaB7YJIeEiU0IHsgWYE6pIibmWBiYE2EMQ49F
qbzwbB+ndI+spWDOvESXPh68yxxZY+nk+dmuCmNxfDrmNB1Qbx/Mod/4Dd8jg/kA/dMPfNr5fR2O
Pp0297aKrjEf8jVnwlib2e43jd+Zc2FgRuVhEdBnfB3AFnsLafvn3NNvSjJkHs//pp+bc36YX6k/
+vh2bMAwLjd2VOFYOXx83TMuKjBmUg+9q7ua425gTgd9lq7Qu02Mb/wWe0sezADe+A1lyPlFnkbb
313onX5VV3//3FaHjmXflw92pUEyRn5uGn8oK7bOvL2wVfp6cO/5iq8UPMAmc4zFz7+nD5vDzn+a
7s0pO/Fb0rLJsMNvbfepxm9yXjb8cAVuwMMmMDWWj/qg5/rAdzzLcfO/6be+rXJ+RlvSj/w3un/m
M5/ps2t9X5IToClfjpzfkafqZxMBiuVRuShzSW7oQoOqDHywSQYizxJt2AS8xjLapDRlMdOr8m3D
w5AxqRvlxwZz//vfP5W5rl8qbeHs+bJkolLfp4LoH3xHn2Vc07jVppxdAMrLSJ428asxiZXo+7bC
v5EehKlNch0ra1c5fCyBDg+w96gsdVcvO00jD9rkqMa8kIFI3wf6Y125eJ7LJdPgjnwiOi3lSb/B
rxZhNggwC6NVWFSDhcrljT8o1nqeX22G7cBWZo0YlGWgtJlJSaiGcUL0MAYRoXck4lhAYbWZn8P3
GEjJl3gyCmMEhcmrDBAuhiGlabPWEzFjYLVZLMPn3mjcNy/lSTmps5STOiMs8SmrDL2UEScz9UFh
Pe6444bl411unLWZOOk9hjmcj9SVQUAYecOgyuavagNfd/9+FvcY7Sg77WOr/ZIhRW3BoOjz8IMz
ccDNZksPnv/854+0YV5er9xDTyjYNjtukBufc0M6CjXtJLxULtK33Q0G0Ar3lF3OWJ4rHu1ms0+T
smBbv47kB22pbtTLVvWl7zCE2Qzh5BCxWX8jTtO8fTGUk5fN6hwwiJAejlbvAJrUxirDpCtKts3G
TMYV9SXqbqu+0zMmMyAw+b7ljRaUEQcedaNeNlt9iJMvI32LelEH5SM8bVeCARMMJKgg5FBfJjQo
DrROn6ef6xnOb8qi9LxTWzyKutCeCBm2Wn1gs9bT9zy3GarDtlppx7kX5BD8UQgYkKEFP7HI9xXq
obqDO7+hS5vlOnzO+5yeJtFA6X0feocHCV/KweQqaIO+onaj3NCK8uzLB/vQIPh6R4Ktsk38Ilci
S3wbeoTX4iwRjed8RXXiSnv6yR/wJzCFLm0rq2F7eZrlO/F24YeRBWeUaFzPwVUTzPxYx3jLc/ob
/UW0BL0Tz5dxJe+hVdsee2RyFJMLxGfgQeDry2Qr5Ic40f+hI9sdY4SewMO3A7QFNh574vBnO7cM
MI5rfMCQ4vNrew8t2LZjw7LB02hvvmes4wr+tK3tLJLiUX74I+/o0yoT7cIEEOjC952SXNWVBnN6
Z5KjrQhJTmBhQDlKtOHfc0/fxqAmOszlrbbYTYqnfNvwMGQEyo+hlHShH35TRo3bPj+ljYygiZ/U
iTiSiUp9n/c2+z6lbWeQpfgaL5S3z2eae8YkaBRZUJNNmrBYqb7fZgIg2OeOc18+3sMHeNYkh/fF
L5+sgjGZvgZd+DESuSSf5NJVHsTARX340zgHb7LdMQZMDtM76MPLTl3lkr64i54pB2MPuKNnMenD
y1V1faVvG6zEd62U6DUYifYR3WBErgvwcGjaG5RloKSt6YP0MVudlfRvpekdiTgW6Bu2QnSYJ2Mw
YxRjj4zCGEExtCvQvhiGlCY8mGfQuNdPvNG4b17Kk3JSZxm464ywxKesMvRSRpzM1Af531Z3DcvN
O9L1wVbrp/cY5tCLqBc6gzDyhkH/ne7VBr7uejerK2M6Zad9bLVR0pPUFjgOfAAL2/1qWGdwg88h
h/o2zMsLVkoTemKyLjKV11l4nxvSkYFoJ+GlNEjfVuYlnZ57yi5nLM8VD/qzFcxpQgh8yucHbSlQ
L+QpvsPBYyv7kkOEMd87TfP2RYbhG9utYWC7NaTkcLQy1qoMk9pYZZh0ZVIDuvPhhx8+7EvUHZ2V
Z3a+6gBnlO9byLcqB2XEgUfdqJcfU3wZ6VvUizqozyoN25ki6ceSVdF3qK+fjAWtw2vo5/oOIzNl
UXqMWQpn/5dHURf6PjIp+oZ0Gp4z6VNhpR3n1FH1wB7EOIiRHVrwjl3fVyRH8h248xu63HvvvYdp
8S6nJ9Wxy7UPvcODhC/lYHIVtEFfUbtRbmhFoS8f7EOD4OsdCUzkhF/gQFVbcC3xbegRXoudSzSe
8xXViSvtKfsqacKfwBS6POaYY4b5eZrlO/F24YedznYjGdK4noOrJpj5sY7xluf0N8ZI0RL0TrzV
CtgLbMXvyOQoJheIz8CDwNcHPzGf/g8d2QrcEXoCD98O0BbYeOyJwx+6EY418WvbzcNn1/oeWtAC
K9KFp9HeBMY6AvjTtlqYQPnhjwTvOKdd0O2gC993SnJVVxrM6R1dEDswvgxhQPlLtOHfc0/fZlK2
eG0ub6WKzeCf8m3Dw5ARKL+txE05Qz/89uO2L5LSps9r4id1IkgmKvV93h955JEpbWwgBI0Xyjs9
nME/xiRoFBlYk02asFipvu/tmGBc9wev8sGXj2/ayOH++y73yHW+XOiS9DXowo+RyCVeJ+kjD2L/
UF4a5+BN6Ovo83oHfXjZiX7OO/pcG7mkL+6iZ/Ji7CEv9CwmfXi5qq6vdME94p6HwNI4zmE4EA5O
EBQcOnGfP4zMfK80ZJz0hnClK6MnQoI3RMnJiAEIw5Xiy7kBcVNePdfVG75wnOg51655+W+5R5HA
YVFnhCWOBiNwLNXXr2YpGU5l+GO1JkZIFBjN3ioZwn0ZZVSbFM9/0/VeRgqPrXBF0PDpeSaGku7f
UT8ZkH15qb+c0rQ9wp//DuENbOvwJa7KQxyMLWCoNPyKP+FFPGhUcfwVpwzvvSHSOy5KbaiVYrmT
RMJjbuAlP61yxnnv+4EvS9974ZGXx6cH7jJC2xY8I31O8bxwjcKi51zVN8CKP+jEv5fjSXExStPu
DNQ808o/VuTjnOKZyl3CmPfQEIZE+ANtqdX8eXzaHF6Ec5U8MSDxjHz0R3r+j/e0g9pMfVnxfX30
nYzn1B+DkJ7rCkZy7MjwTv0pE99Aq6q7vvHO37xeitP22pfeSV8rYHLaAH+V39NXHz7YlwY1MYMx
gRmHHg94J30XfEv9zsdV+6mt/Tt/r3j5GAS9iHcxYUzf+HZnnBOP5z28CeWD8uVOS00gAl+NpT5N
+Gc+Pur9Sl/V/5Ed6Jd1+XvjbT7m8w0YSmGj3uIPSk/Ygxf4szOJ3nH1vN4/b3sPzmBK3tA234mW
4c1qO8khOGuVtuQnvoXu9NzTNUYDPS9dVb8mGsTwQf35QxnO09GOEr4OiiOemo93KMek5ydF6ZtZ
XJXvJB5G+2tHG40xnm/JIe7LpLThP3JI0obwaH1bktl8W4vOJD+CHbTq85nVvXhpExYr2fcZc8Bd
jinRaNNYJ/rPeaAwEo7QlJcV9b7tlXLZ1nuJNuEtGMj8t5RRPLeOdkUflKVJHiRdxYW3/n9757Ji
S1O04eX5iMcPVBAnIjhwIIgTB4KiiOBEceJEcaY48TARHYjeg6Ag/A4E78KReAGOBS/BS/Cvp/me
zbvDqFpVtbr37t07ErqzVlVmZOSbkZlREZlZjGlZFte2HbS69w/S7NVLzuBu+cgnOmPlz/ED/nKx
Z033GH8/VYMCYwvtgROEXT9nA0ZmDDnuTLUPpiFc2s6hLKpKQ5RORgxAGK4MOjfoz/BbQxq+cFxl
OFpW5uUaxwUOizUjLGlwWIIhf119czcL/bIGDX/s1mRMwajO/A69zhCe+TWqXUuXeY5es3ALXnJX
n7hidM6QTjB21GagfhqQk1/qr1OatmduzJAnvHX4klZ+4BPHPRgacsefeJEOGe2CNqE0RKbjomtD
9XwcXBkcE6uBlzS8q4MD4372g8x/9lo8OqeNNMFdI/RyLPtzfc40LhwBLxZlZrBv8Iw/5CSDjifu
kRajNPVlbiFoO2JHPs4pgnx3GPMcGWJ+YHygLd3NX9PT5u4mpEx0b+5Rjn/Qy8Bz2sE2U9ZMn/Ux
n8Zz6o9uUoP15rmGd+oPT9xDVq27eRnDeMZfrZdp9sZn5R36noZRZQP85T/l/cw4eFYGXZjBnLAc
0/wcHIyd9F3w6/pdJrb9bOt8ltemq3MQ8uLYxQJyQ7Y785xjPM8Zm9zAVJ2WvoOCb52Pocn4WedH
y3zRMfwwN6I70C/XAn1Pea5zPnnA0MUn1NvxQXpiDw3w5/0jQ471eX/vde52RrYJyjJjs22nHoKd
3KD+BN/InSHlOhcP+jxj67clgyx4EkMWitXgiRLwYR1M45ha5zsWJdhHco40362x5V4bw2h/T7Rx
jslxS4d48iNt5jdt+fQLxmjzdjpbtrVypv4IdsjqQwTH0i0sXmTfZ84Bdxc5KqNbc53yX8dA8RJH
ZKrq4abZE8PXcvz6nWwytvDOmgEeHXNzQV+mUT7gZUsfJI9pGVsZ02qw7aDVvX+Qfq9ecgZ3y0c+
8SfU4PgBf7nYs6ab3/sRGMf5MhEykWDo1PmGgNW/zhisoaru0NM5mcbfNKJVJy3l++eOtmpIO1KW
tDLeMsKaTkfb8r2c1vBGOpX2dDRxn0HxN2+u1KrY8TuxsLyM5e9ausxz5DodQKzUZLBlVaC7WOuu
U7HAaJ0Oa8tkQq71st25X50i5vOlu5Mn0tjO1UllfmMmWHHGOEs9cHj5x85FaSWmKYfkR0HnNAFe
NMgL353RXSWKPMt39e6c9cs3re52kvDyjPFHx4w83kdsHbYM9ToR4K1zTsAH9dZIXY3hyh753b23
xrtpE1PbIh0cHd8oXazS0xlKefWvq2dX5hp/eV9lek3WurTwg7GLFXzKEjHy5Pjo2IQyRXqwoP8n
Pa7pc2sLAmraa7/FmPKOyDt0xaHuPEQmfEFN3O37R8bBMzKYfXGtjXSmgflW/xKfNTria7qUVZ9Z
76TBWED7prybnlhnR6XHWKico0izyhy6jDPsLmSRAONv0npZ1/DKorK1OsqXYyDpUJC9nzEvx9Zb
J57PxR48PLXDZ/cRI086EHWKuwuZMmlL50HqkOO8vLEAosoZu33odykXHb/SWEuX/Y1FXR0NyuYT
JWCYp0CQ1jG16luMPdTnWvt15e25Z7k5RnT5PNEGPrhmTEDGzd9h6zNog49zFIv10DtYMFX7FmWz
qpg24RMilOOfpzmwg6Pj8dZ7jqVbWLyMvp84btUxx9wzevgW7fos9UGMpvU5vxlHaONc2JLprNc1
fVAdAZlAl2WMrfP32kK2s3oJfMrfljxYH9PCY9VX0bvyNKe1MURajy3e/8r9aqXU8HvWcc5YrfON
dq9/nTFYQxW6RQadk2n8TSNaddJmXne0VUPakbKSntdbRljT6GhbvofYGt5I5+eOqiOTOaCe9pYY
JhaWl7H8XUuXeY5cpwOIRXoYCNm57S5W5CZ3nYoFRuvOGM97OfVLfm137leniLxuLcQgje1cnVTm
N1beKQvjLPVg7PaPxe/SSh5TDsnLTnUWYKNTkxe+O6O7OgN5WJhMPTiZiPdExlR2oeuYkcf7iK0D
Otta0IkAb51zgnzUWyN1LpzgmbJHfnfvcb8Lpk1MbYt0cHR84xhjvtMZSnn1r6tnV2bHW72Hbg39
buxaS0t63j/ZjassESNPjo+OTe6mAwv6fw30ubUFATXttd9iDH9H5B264lB3HiITvock7vb9I+Pg
GRnMvrjWRjrTrjnOxWeNjviaLmXVZ9Y7aTAW0L4p76Yn1tlR6TEWKue803FKBHQZZ9hdyCIBT85I
ei/jGl5xnK/VUZ4cA0mns9Jnxuh71lsnns/EHjw8tcNn9xEjTzoQdYq7C5kyaUvnQeqQ47y8sQCi
juPYT/eMI9JI+cl6ZX/DvtwFyuYTJWCY8zFpHVOrvsXYQ32utV9X3p57lptjRJeP9yhwgg8cg4wJ
yLj5O2x9Bm3wcY5isR56B6dR1L5F2e5s5xMilONiT09zwA76EMGxdAuLl9H3E8eteueYe0YP36Jd
n6U+iC+nC4wjtHEubMl01uuaPqiOgPyhyzLG1vk7TzHJ9jurl8Cn/CW95D+vTQuPVV9F78rTnNbG
kKQ319cReDKOc3e5MJHljqk9BpYUfIQPQ+UPf/jD/7JDkd/8dYYcDUHVaKQRKw25aUTDabDGF4JN
edWQdqSsjrY8dUZY02sUrWX7fC1OZwG8U2+OwP3ud7/7DL/EoqMjf9fSdXn33HPnne3ZxToboKfi
zw7sjn7Hb8ogyk6XTyW6kyfS287VOVBpMaB2dejuVUzhk3tdWu7xDOU0y8TgzCSzlof7KG3V6ZI0
zlyLR+1jSUvcaz0zDfy7G7A6FWzLungi83tt2izLtkjnZuU7ywcrxin6Gd8Uz7bo6tmVKT9bsf15
TdYyr2m32tdnOGtQqnGucw/DP7+TntcVB+8fjcVYHrbibBvKsW4dDh1/pj8yDp6RwZwT3KFacdEx
nbJV0/BbfLo6ZnrTdfSsd9KwXqTv2hhH7NpJJnnKQ9de9QSA5PNFXu/tXy4s2JpDaVMd56z8znqI
fd2dn2luvfZYfZRpxmIXroA/85tGitqe8rZXLjo+pZHyU9PZ3+oYXNN1v81bx8i97dfR3HNvrdya
t+qRVeY17GS+StvFGcxF7GrAmF7lrc4ltRx+by36yfKPXjtG1DaodF503684Vn78nWPuGT1cOnti
5ZL2qGPBnvyksV7X9EHKYh7uZKG756KeKktH9JLk75o8kFaduuOn3uOI070YPYZ011+1X80ULK6i
bZCL3DG1pzYshMh2xVD5ox/96L/sUPR+Z8jREMR8kkEjVhpy04hWdxZmXsctHJppwD5SVtLzWp46
I6xpNIrWsn2+FiPXOgvAi3qzgIaFo+KXWHR05O9aui7vnnvuvJOfLtbZAD0dEOzA7kLHb8rgmmPF
XTedPFGO7VydA5UHnRRdPeq9iil8cq+m8zfPcIpmwODs4kbT1ZgNCSmzmf/stXjUPpb0xL3WM9PA
v7sBq1PBtqyLJzK/16bNsmyLdG5WvrN8cGOcYp7hVLRsi66eXZnysxXbn9dkLfOatrZp9xtnDU4d
F0Vi+O8Wl0C/4pBlHrkW446fei/bhjKsW4dDx5/pj4yDZ2Qw5wT0pi78+81jdFO2unTi09Ux05uu
o2e9k4b1In3Xxjhi104yyVMeahvxu54AkHy+yOu9/Uub6NYcmk5DjiDPIPZ1d36mufUa+wzYsvOd
sdiFK9zjxDPeK7iu7Slve+Wi41MaKT81nf2tjsE1XffbvHWM3Nt+Hc0999bKrXmrHgnO+ceYzyL7
DJW2dg/mIk7D5XSTKm91LskyvN5a9JPlH712jKhtUOm86L5fcaz8+DvH3DN6uHT2xMolbVLHgj35
SWO9rumDlJWf/FAO1mIX9VRZOqKXJH/X5IG06tRrPOV9NuZOuB2BJ+M4T+dt3Vm4ZVhJgxNO0rrL
yUG7MwZr1KpGIw1m6cBJA9XWrladUdWwfaSsrr7yVI2wmVbjQmc8z3T12nzUFwd1PmcnFAa9xCKf
ey1/19KZ/mjsseXslgaD/HOBRGJuepzFXVkaYJNfnVwMkijGXT6dL508kX6tnSstHVoMiqyi4/MA
7Bbv/hjMkT9psCKS79iwOgk+fve73939oUg4yHYyQFtyXCJ9wjx8DxgMzFf7gmWejffgkX0f/tbK
0nBbsT8ie11aJjfqn5hVvk1DOlaAYQCST9pGY1iHX1emebdi++We8dBxh7bkRaCTI++hhFKuLzx5
RH3yc61emfba9S3yLg613SmzthP3TJ/teY2/MzJIu3r8PQpxV4b1vsaL8tXVMemarqNnvZMGL23I
BGOa7Z70dPR19JhL2UGFvLPbkTGDbymmMzfLSrpegysvOvwx5nr/PuO9/Ss/wbK2Wx5aOrBqX97C
/r7qY3vhOKV8x2VixmperLmujust3jq56PiVxlabro3BHb16r+urpNnbfpXe3t9r5WZ+d/KD7be+
9a3n9At0DefIik1HW92DhV4swqg6m3oGZbGSPnUZrrnPH+N18ngf18pCle1K+z76fqW59Vsct5zh
5L9VD9/ioT5TR6QtruFV8/rbel3Ln2XxLUn0cOfrGvMMeaUM+yw8HtVLyC9/13AnrX2fo+QxaFe+
/M1uMMZ9MXgV4ttfxR8nBbDXeVt3Fm5xnAYnnKR1lxOyhsx1xmCNWshmBg1m6cBJA9XWrladUdWw
faSs5MVreapGWJ8TaxTtjOeZrl6bj/rioM7AbigMeolFPvda/q6lM/3R2BPU0GPBIP9cIJGYmx5n
cRc0wCa/OrnQQXM3X+b3XaSTJ9KttXPS4FqHFrLJaU+8T6KDd384wZE/AzuMGFfRE+GDz87wxwJc
6PHXyQC72ngfp0+YhzEcDMxX+4Jlno334JF9H/7Wgobbiv0R2evS6jBKzCrfpgEn7BkcdWqgbTzS
tcOvK9O8W7H9cs946LhDW/Ku1MmR9zxm1UUgeUR98nOtXpn22vUt8i4Otd0ps7YT90yf7cn9rXBG
BmlXv2uM3tQF632NF+Wrq2PSNV1Hz3onDew/yARjmu2e9HT0dfSYSzmZA3nnBFDGDN6t05mbZSVd
r8EVXZg/xtyHCHv7V36CZW23PLR0YNW+vIX9fdXL9sJxSvmOy8SM1X6Gszqut3jr5KLjVxpbbbo2
Bnf06r2ur5Jmb/tVent/r5Wb+d3JD87f/va3n9Mv0DWcIys2HW11DxZ6odNWnU09g7L4Tn3qMlzb
5ozX9x2UhSrbtZz76PuV5tZvcdxyhpP/Vj18i4f6TB2R9riGV83rb+t1LX+WxcmL6OHO1zXmGfJK
sM/C41G9hPzydw130tr3OUoe21Dly998Jolxf8LtCDwZxzkKgIYZjJRru851/KF4IEQ5Cf7rX/96
zlgDTY/OrAZP8mo0qkatNUOu6TFqd98ZJp+OFL8jTDlnyjKfsTxVI6zPid2tRmdf2yHDyjs6Kg4R
84o7q+G9Z+yRSLTJljFM/q6lk+6RmHIxQEO7c2h77Dr11vGqgZg8ncPIBRXJL3XQadIdA+oiAsrp
5Ik6KSNVpmp9qQdlQ2vN6UYe5AzF3PzyiAym89bnGiBwhOUOU+93ZUFTub3Gt+XsjffgYZ3AopNB
ykpnQ/1+Jvn3HNUMnS6tY0j2rcq38gTuiSs0OWrYXaodfhrF1+QXel1bWiaKfYe3YyDPOPIG/NbK
MD95wIDf1ntNBnWq8ryrlzT3xGflHdri0PW52k6kPzMOnpVBjWrd4gPmHxdUpGx1eNkWXR0zvek6
eh1OyJV9G4cHY5j0+H6dR0NXx7n9jRXaps9Y5+AWvyh8yI5/D7ULsevTyavX+e1jjob0fsaOk/Ds
XOLzLexNc2uMzHiyhrhhyFWP8R68ZFlbvHVykXm9lsZWm9rujHd1kSJ04B+DJAssHGek3/VVnu1t
P+kcjdfKTTqeaMNpHN1Y7CcXqHcuuuhoe/S8bVX7qjvb18Z1DQTokMnjfVwrC1vj+X30/aO8qoN2
+gm0cLhIU8zP6OHS2BPnYoq100voA+woxPDT0ZTXLbzJx+kSfkql0z2Tdo7htucZvQSaR3D3OGXm
ka6PyCP8bT033WOKb38Vf5wUMIhpmMFIybtUF3T8+S3TNBwhmxmg6dGZ1eBJOo1GzCcZ1gy5pseo
3X1nmHw6UvyOsHTNu7cs8xnLUzXC+pzY3WqM52s7ZFhI8vOf//y57zWKO4u3a/Bb4bQJ/WAtyN+1
dGv5t+5TLgZoaHcObd4VnMN0vGogJk/nMHJBRfJLHXSadMeAuoiAsjp5og5r7VzrRz0oG1qMuWsB
OeM72gZ5RAbTeetznaE4wnKHqfe7sqCp3Fb5lO7ZeA8e1gksOhmk7HQ21O9nkn/PUc3Q6dI6hmTf
qnwrT+CeuEKT92IX/XT4aRRfk1/odW1pmRjSu+AYyDP1wrUyzE8eMCBY7zUZ1KnK865e0twTn5V3
aItD1+dqO5H+zDh4VgbVS7rFB7nwIGULHmuwLbo6ZlrTdfQ6nJAr+zYODxbPGHg/8Gjo6ji3v7HJ
qwvq/lv8umgA+eHvoXYhdn2645n3HXnhKOQuOE6SzrnEdFvYm+bWOB2D8sr7vXqM9+AlwxZvnVxk
Xq+lsdWmtjvjXV2kCB34x2bBAgvHGel3fZVne9tPOkfjtXKTjifacBpHNxbrX6Deueiio8184NxO
e9W+qk1/bVznPY186JD3HZSFrfH8Pvr+Ub7VQTv9BFosFjSI+Rk9XBp74lxMsXZ6CX2ATxzxftsF
ed3Cm3ycLuGnVDrdM2nnGG57ntFLoHkEd78tzzzS9RF5RE/eem66ia8j8GQc57zEpWEbBxCTMIZY
BkyUzTwSi12V5GFS0gHJrksMNqTnG946LRgs2TEHLfLwRzoN1CiE3pemu6zT6aoSDT0mXBQA87F6
mSNcecZfHs14pizo8uKK040/duzBEw6OvJ/GaQ3QlA8mHLFmneGVF3v5Ez/K8duJX/va15451DGw
YAA3PfQSC/KBs/xBnzSmSx7F6GzsyzhGbehWOtRboyMKCHXW+CsWTNC0A0Y9vtO7Vi8cRT5DuQUH
8iFPOpl4XuUJvuDjy1/+8l1+ZAqnt/jYDsm7RlVWrbLiMdOgcHi0OpjCB3kpQ+c++dOIynPbsjrO
NbBSVrY9eWjXLcdv8rz3Gr7glU8mgBd48JK3hgffkxN3+nk6J1gEIn8cgSsW8AI9ZI+8e2SPvLVv
M/mSH8zgEbq+uDk20JcsA0cWaUjLN9ltD56bPnFKAzztgyGSvkMbq8xh+AavzKcDmHq5kAhcWQGn
I00HIDjIB1jhtJQWcojihAMHHj2qHf51qnKf8RMeuI8Dg3v+dfWS/t74jLxDmxdD+Kh9jn6Z8iUf
1MG+CnZ7x8EzMmgbwR9zAm0KXzil+dyF+KVsyad9AX6RcetIfp9xbXpiXzQ6en5ns+Lkogp5wfn5
k5/85Blv3K/OPfsEz9jdnHww1uE84dmWk9XTOSwXmlmXW6+df+j/2afX5h7GV76/LT/MKznm0pd8
lt+zphzaiOOReQ72WQbPbq1L5vf0CMqiL9Mf/SYb91ik4Y5T87FjVN5I733ilIu8z7VytlcGc17l
pBdW1EoTQwQ6BHwwz6Cz+Az56foqz9Hhsv3Mc0ts+1CvOieDD20qfXjzRaz2HdKQ1u9WUjd2IXEf
2ck65WJKjCSkZfxBXhjzycP47djEmJp88Bxecq65tc9A3zaGtsYFyk79hLL9u4++L629sQsyGEPh
l3z0a8YQ+gDy5Bx4Vg/fy0umy4U0yIi6BzIEhrQv7Yz8Zlsif53s2RY57lieOhr02IWUOhB9xG8q
8lwdJGXFe/C2Ry+h3CO4p1ywkACe5J160S/UQbbmBfM8pvj6q/armyIN2xgemSswxOJYwvmZcwuL
JQmMFRop0XEw2JAevcZdoMghO+agZSCdRz/XY3ah6S5r5MWgcRV67BRibjPQhzjClWf8Mf8YzpRF
XpxcON34ox/CEw6OvJ/GaQ3QlA8mf//735/VGV5/9atfPeNP/CjHBVLf/OY37/QF7iHzqWdAL7Eg
DTjLH/RJwx9tlTyS9pbAewR1wqgN3Rqot0ZHFs3Qzv/+97+f1RWeWABAO2DUS32v1ot3aduQEwzA
gXzIk04mnld5gi/4+OpXv3qXH5nC6S0+KXvy71zOnMEpGJkGnUQ7EjzCB4EydO6Tn/pkgC/4q45z
DayUlW1PXtpry/Gb9Pdewxe88skE+AEPjN9reHA6orjTz9M5wSIQ+eMIXLGAF+ghe+TdI3vkrX2b
+UHMNNBrUHZsoC9ZBvojgbR8k9324Lnp7xK8+S8N8PQ1jOT0HdoYozv5MHyDVwbmbctkPieAK/On
jjQdgOAgH2CF09KAHDIn4sCBnke1w79OVe4zL8ID93kP555/Xb2kvzc+I+/Q5r0OPsAu+wj9MuVL
PqiDfRWZ2DsOnpFB2wj+mBNoU/hCJ2JzhfjRH5Ut+bQvwC8ybh3J7zOuM7iQqaPHiZDQqGNT6qE8
x/b4i1/84hlv3KvOPfsEz9jdnHww1uE84dmWkzV1UtJC8z6D8w/93z69NfcgO3x/G174Y15JeaIv
+Sy/Z005tBEnavJ8aw6+j/p5egRl0ZeRG05zlDcWabjj1PJ4v5W3KmcpF6Y3Vs72ymDOq5z0wiZA
A+9B6BDwwTyDzmJAfrq+yvM1fcu8Z2L1D+pV52TwoU0N8KY9vfYd0pAW/U78+T45AdnJOuViyv9b
HKmkZ/xBXvwECk5PxybG1OQDmvCSc82tfQb6tjG09VFQduonlG24j74vrb2xCzIYQ+GXQL9mDKEP
IE/OgWf18L28ZLpcSOPmHJ4jQ2BI+9LOjD/Zlmf0QXU06P3+979/Tgeij/zxj398JoPqICkr3oO3
PXoJ9TiCe8oFfgd4MtBm9At1kK15wTwTX0fgSTnOUb49MsXBtIsx2vOySXomER3gXdp6D8U1jb8+
xxAEvaqU8DyPRfUFynwcHc6fv4lx9ECLv7NlpZEqaXfXubs8d4maVuOevxM/eKwKoOm6OI3AOsK6
dHkPQ414HIkZ4NOxJ83cze9E6jNiDK0oejoM8lm9FhuPw2YS0fhX09bf5CW9u9Hq8/ydjhgxYMCE
V9MxieHAkifv4yjRiIrcV/7I87Of/ew5Wn/605+ew7zihPH+pz/96X9/8IMfPCsfXixHHs/EtSzr
kTHHDidtJot0apG261t+25O8Tk5Jt17brqTv+hTPWThgPhzzGL1TtjEC0861XcxTY+Ui66cjpab1
d7fTESdLykdtd/LmDj2dqtKkjemv/jbOzxfs6fuW28lw1vHa9VF5R6mu/V8Z7cbV5O/MOHhGBpl/
coGWGK/FKIXgtKePQAN5dGevTo6kzYIexkmdcT7LfJTHMag+6+ItxznpGZvoEz/+8Y+fo4NS2bU7
uLgbn/w5Znfpz9xL+l2duIfSnLQ7GWScyb4NdhjIyLc2B9XybNcs6+x1jkfqJRj1LLPuSK1yQVvh
ZOzkwv4Db2dkkHzp2IcnypM3YwzlOou7voqxD1qdvlVPFDmKoy+x8lJj+opjdGKd6ZKHnAtM873v
fe9/+hzPdBjm2GXfWtMTmJeoI3kcay2HuM7lR/DoeE/aXiNntledJ4/2/SP8mdYXVfnJ/sg9frN4
wfRH9XDzHY0ZxzT2y1sda7nP+CrttXY2P3HOVeYD/6oDYcj3U0Tmpz0wcpDvVr3kKO4uYpMXjGcu
lvEe8V//+tdneFi/xxxff9V+tVPgQMz26a4x2mtcw3ipA7xLW+8xZqTx1+cYgghpKPNZHota39XQ
+6rux3u44WxZaaSSj7U4d5d384TGPfMnfvCZhkjTrMVpBNYRtpbW+3uOgRSvjNPhKC3i3M2fxkbT
YGhll7YOA+93sdh4HDZ9X+Nflz7vkZf09X0m03idjhjriB4Pr6ZhvMSBJU/ex1GiIxm5r/yRh5Nz
khbjWoaKE8b7X/7yl8+9P5LfcjLv0etalvXImFNsMmDUT6cWabu+5bc9yfubN3fmJd16bbuSvutT
PMcGYz4c8xi9U7Z5J6ada7uYp8bKBWUarumw3U5HnOTZprXdKRc7oUGnqvzQxvRXfxujlxv29H3L
7WRYOnvio/KO0ysd+/CvjHbjavJ3Zhw8I4PMP7lAS4zXYt4xCHv6CDSQR3f2dnYkFvQwTuqMs9zM
R3ksUPRZF285zknP2ESfwH6X+XGWdgFc3NRB+hyzu/Rn7iX95CmvWbCZoZNBxpns22DHok7C2hyU
ZXBtu2ZZZ6+xnUpfvQT7hffqjtQqF7QV+nYnF/YfeDsjg+TLTRjwRHnyZsyiM53FXV/FCUno9K16
oshdwgP/XGgnLzWmrzhGJ9aZLnnIucA02KNrn+OZDsMcu+xba3oC8xKBPI61lkNc5/IDUDw3jyXN
ep07qus8ebTvH+HPtP/85z+fk6Hsj/DKb+wOhqN6uPmOxoxjuZETXrp2Z3w1rLVzYp5zlfnoL1UH
YiGBnyIyP+3BAi3CrXrJUdxdxCYv3/jGN54tlvEeMZugJtyOwJNznCOw7DznO5MpMFxjPPvLX/5y
5ywnnX9MZtV5QSdgByGGoTTC4WhA+ct70PaI6Dp58awagf72t7892+GcPGJEcteHvJ0tqzM2Z1le
U08Nr5bJAN0ZTHEQYKjWQGp64s6xgtGOnavufKbMNLDmffnpYjDPsvZed4ZE6GOUl4btlQZnDI06
gHEs1ramnVD80jCTxmkcVblb1DrhZGXFkr9xQpA2d3TWRRSmxXHU4U5+Xs5NlzHGVYywmQ/FU8Nt
VxZ1xbGBwVeMiMUJeal4UOb3v//9u9X/mefstWVlXeo1O/s6+hjT9vIHjUq3/s527foUq6FzNyFt
yk68XJ3qwhmMCylnlAWvrKjNXSTKRdaP9uCYpcofi34oCydXpveaMvOb0uSnDTFuuAPPtMTcw6lT
y+E3CyU6Bx/jrSc2mI968QKQO5PXZDjLv3Z9RN6R9Vp3+jbt40py+SXmRSfLPzMOkv+IDJKets1T
LOSJMSR37tNujoV7+gh0kCUMUJSDUUzaxLQRY3/n3M3FNmLCQgxkjRMniJmbNITkgijSZ1/pxplu
rrMc4rrAx3pnmluv98w/7Fyo5bAw5re//e1zWIor/Yrn5sEg4O562s90Nb7P+jHe2x8dv8ATWaBc
jHryR1xxQC5o104uqAsvSuQ7I4OWy2I9eUws0BkqfylLptX53znOebm2nDPxnnqpIzBG1DEdHpMH
8QVX+WdnSR2beGZ7wTf9jHue8JGLH6QDTcfxdLb7nLjqn0cwkfek112j/6ozZHud6ftH+Mu06KCJ
MXxSPkYTdPxMy/URPbzmPfqbNqi8wR+LVnhJTnq36IO0ATLUtdFXvvKVu1OgGMezvFv0EugcxZ0V
8F2fAR8Me4w9yd+rcH37q/jjp8DOc74zWWUL4xl6CsasDLRbdV4wB6IzI/NphONzWcxReY9yGH8I
uYPQ8qsRCD3UHc6mIcaI5K4P+TtbVmdszrK8pp7MDRnQBTpjL++RGKo1aGeezrGC0Y6Fee58pkwM
+ebP+/LTxWB+JnSGROjTdw22VxqcMTTqAGaOr21NO2FvSadcGqdxVOVuUevEeMdCNX/jhCBtLurN
d3XTEeM4Ejd5JyZ/975FHoyrGGEzH7uJNNx2ZVFXdObaR8QJeal4UBbvTNgi7iNYVta/XrN7uAts
SNnLX12UVsvgd7Zr16eYU9BnzEubshOPucN7Lpzh/TvljOfwyoaL3K2qXGT9aA9OZ5GmMYt+KAsn
VxcoM78pTT7akJ3q6Bo1cA+njvQzZqEEOlMNjLd1PKNe6IW5M3lNhiu9rd9H5B1Zr3Wnb9M+6BZZ
N645bSLDmXGQ/EdkkPS0bZ5iIV+MIYw//qbdcHQT9vQR8iFLfqqBo52lRUwbMfZ3zt1cbHNX4PKP
hRjIGov1iXlfd9FILogiffaVbpzp5jrLIa4LfKx3prn1es/8gx2pBhbGsHA4sfSafsVzA4sp3F1P
+5muxmfnOMvJmPHe/uj4BZ7IAuViS8lQcUAu0Ds6uaAuOGgJZ2TQcrFryWNigc5Q+UtZMq3O/85x
zqajW8KeeqkjMEbUMR0ekwfxBVf5//Wvf/0/YxPPbC/4d1OMJ3zk4gfpQNNxPJ3tPieu+ucRbOQ9
6XXX6L/qDNleZ/r+Ef4yLTpoYgyflM+iM3T8Go7o4TXv0d+0QeUN/rDlYivOcIs+SBsgQ10bff3r
X7+z3zOOZ7hFL4HOUdyxqXV9BnywLzOnTLgfBN4CmUUYrob//Oc/V9M8tgSLAfmyKISXt7zlLZf3
ve99l0WANlkk/aL8Xd7xjndcPvKRj1ze/va3b6a/9SGYLhPvHX/vfe9778q8leZ95ge7RUm+wwO6
H/7whzfJLwrBBQwJ73//+y8f+MAHNtO/Kg8XhemyOBHu6rQc+7G7nZbjXy7LgHsh/6LcXd797nc/
WJUXg8SF8sCdNgP7tfJoV3iiPWkz8i7KweVtb3vbZTFe3sljx+jiiLx8/OMfv3uubIAHZVHuYwnU
bTn29K6O4P/BD37wUckiODLs0j6MM0eC7UX+97znPattXGna5rTxnn6JLCET8EhZ5Lk2Hi4O6Tue
4PGNN95YlaPK25nfR+T9DP3Mo6wzLxCujYOkOSOD1GlRvu4w39tOlPUyw/Iydlle1i+L4/yy7NS9
G0Pkh7mAeRc5pW7Li+9leeG9+30Nw2XF/GVxGN6RWhZbXRbF7/LWt75V0o8iRldYHFXPeKEvr425
zxK9oAv4WgyPl89+9rPP5u/FAHunbyzHTz5o3zxSRWSEdqW/ICePaR45Uo+HSsvYAz6vGi639P1b
sWTuYs5ivN6D24vSw5HxxSB0QddnPGS8eNe73nVrddv8tSz0z2tY3KKXwMRR3NHRkG10NHDYo5e0
lX0EN6/NZ4+AxXtjgXZDT+G9Gpn62Mc+tkmb9L5Xf/SjH72qR24S2/FwMeZdFqfGHX/oH5T5mAJj
Orq1+uS1dwD0aTAkgDfvM08hMEbxzkCdeI/c206M175XM2Y8pM7FOE158Mh7NdivlUe7ah+gzdB3
fa/G9kR/6QJ62ic+8Ym758oGdCiLch9LcE4h5u9DH/rQo5JFcPS9eq8sia3tRX7m57U2Nr2xbc77
2p5+iSzlezV5rr1XMy+jG8Pjln1Gnm6Jj8j7LeWQV1nfOw6S54wMUid0E9p0bztR1ssMy2LGy5e+
9KXL4ji/LDt1n3uvZi5gXPC9Ghuy79XX5pJlwdVlca7cVW3ZzXpZTnZ4lO/V2pFhlL68tz8+dJvB
17Iw/rJsPno2f/MbfYN37bUx/qH5qvSREd+rGc8e0zxSeX0Zvxl7XsX36lv6/q04M3cxP77zne/c
JU8vSg9nTsA/43s148VDvldnWeif1/rWLXoJbXYUd2wM+V69Ry+5VTZet/xP2nH+ujXm1HcQGAQG
gUFgEHgoBDCAq5TiiF1231yWVeuX5cSJy/IN3Xt7cVx251yW71TdVWNZnX753Oc+91BVGrqDwCAw
CAwCg8BpBF4nx/lpkCbjIDAIDAKDwCAwCDyHQL5XL7uSL8uJqZflVJbLcuLEZfmG7r29Vy8nrl6W
Y4fvyl5OObgsJzI9x8f8GAQGgUFgEBgEBoF1BMZxvo7NPBkEBoFBYBAYBF57BFhpuhwzelk+KdBi
sRx7fPn85z/fPjtzc/lm22U5ivFuJzsv+6ygnDAIDAKDwCAwCDw2BMZx/thaZPgZBAaBQWAQGAQe
LwK8V7Pz+89//nPL5HLs8eULX/hC++zMzeXzb5fl+Pq7nezL51XmvfoMiJNnEBgEBoFB4LVFYBzn
r23TT8UHgUFgEBgEBoHrCHA05ne+850Lu78zsGJ9+abhZfnmUd6++ZrjDJdvT10+/elPXz75yU/e
TG8IDAKDwCAwCAwCD4HAOM4fAtWhOQgMAoPAIDAIPE0EeK9evpF7YeF5Bt6n//CHP1y++MUv5u2b
r3mv/sc//nH5zGc+c/nUpz51M70hMAgMAoPAIDAIvE4IjOP8dWrtqesgMAgMAoPAIHACAb6xx/d6
iAl8S+jotwRPFDtZBoFBYBAYBAaBR4vAOM4fbdMMY4PAIDAIDAKDwKNEgPdpvpPte/Ubb7xx4W/C
IDAIDAKDwCAwCDwuBMZx/rjaY7gZBAaBQWAQGAQGgUFgEBgEBoFBYBB45AiM4/yRN9CwNwgMAoPA
IDAIDAKDwCAwCAwCg8AgMAicQGAc5ydAmyyDwCAwCAwCg8AgMAgMAoPAIDAIDAKvLwLjOH99235q
PggMAoPAIDAIDAKDwCAwCAwCg8Ag8HQRGMf5023bqdkgMAgMAoPAIDAIDAKDwCAwCAwCg8ADIDCO
8wcAdUgOAoPAIDAIDAKDwCAwCAwCg8AgMAgMAi8ZgXGcv+QGmOIHgUFgEBgEBoFBYBAYBAaBQWAQ
GAReLQTGcf5qtddwOwgMAoPAIDAIDAKDwCAwCAwCg8AgMAjsQWAc53tQmjSDwCAwCAwCg8AgMAgM
AoPAIDAIDAKDwJsIjON8RGEQGAQGgUFgEBgEBoFBYBAYBAaBQWAQeHoIjOP86bXp1GgQGAQGgUFg
EBgEBoFBYBAYBAaBQeABERjH+QOCO6QHgUFgEBgEBoFBYBAYBAaBQWAQGAQGgZeEwDjOXxLwU+wg
MAgMAoPAIDAIDAKDwCAwCAwCg8CricA4zl/NdhuuB4FBYBAYBAaBQWAQGAQGgUFgEBgEBoEtBMZx
voXOPBsEBoFBYBAYBAaBQWAQGAQGgUFgEBgECgLjOC+AzM9BYBAYBAaBQWAQGAQGgUFgEBgEBoFB
4AkgMI7zJ9CIU4VBYBAYBAaBQWAQGAQGgUFgEBgEBoEXh8A4zl8c1lPSIDAIDAKDwCAwCAwCg8Ag
MAgMAoPAIPCiEBjH+YtCesoZBAaBQWAQGAQGgUFgEBgEBoFBYBB4EgiM4/xJNONUYhAYBAaBQWAQ
GAQGgUFgEBgEBoFBYBB4DoFxnD8Hx/wYBAaBQWAQGAQGgUFgEBgEBoFBYBAYBLYRGMf5Nj7zdBAY
BAaBQWAQGAQGgUFgEBgEBoFBYBB4FREYx/mr2GrD8yAwCAwCg8AgMAgMAoPAIDAIDAKDwEtDYBzn
Lw36KXgQGAQGgUFgEBgEBoFBYBAYBAaBQWAQeDAExnH+YNAO4UFgEBgEBoFBYBAYBAaBQWAQGAQG
gaeIwDjOn2KrTp0GgUFgEBgEBoFBYBAYBAaBQWAQGARedwTGcf66S8DUfxAYBAaBQWAQGAQGgUFg
EBgEBoFB4BAC4zg/BNckHgQGgUFgEBgEBoFBYBAYBAaBQWAQGAReCQTGcf5KNNMwOQgMAoPAIDAI
DAKDwCAwCAwCg8Ag8FgQGMf5Y2mJ4WMQGAQGgUFgEBgEBoFBYBAYBAaBQWAQuD8E/h8froP8d8M6
vAAAAABJRU5ErkJggg==
--=_MailMate_BF26B4AA-F696-4D64-B54D-F727A911EC59_=--

--=_MailMate_AFB8E0AC-10F7-4AA2-BE93-8CC0907BE41D_=--


From nobody Tue Oct 18 10:05:56 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F4A8126D73; Tue, 18 Oct 2016 10:05:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.606
X-Spam-Level: 
X-Spam-Status: No, score=-1.606 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_16=1.092, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQO03kwXSky9; Tue, 18 Oct 2016 10:05:47 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB8E412952B; Tue, 18 Oct 2016 10:05:46 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id r16so73829241pfg.1; Tue, 18 Oct 2016 10:05:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=YveYDBu1BPShVFj8lB70WoIx+DiRj8omPcwnucSSFWE=; b=Qon1zyHFWgKhd7nRm7BidEn1FR5BChSma4cE1O5tIpo+bB7M2gU7kfVfEnJoQTAHw1 N5CmRarjbpYKpTGuBfuiHaKGtluaWsdob9h7R+8xsv3PldIthL+lpqaAX41aD2yWCGvw 5BjwjJ+YGCQZe+c+/JMe7cFg+4OFqIQ8IcJUyQZVYJ4RELQAzxr+G+cowpZ1/4kO0lUk 7H9ShVEYEq8R8vE8Zl177f9rKMfAgIUvoTfCY2MQzsqOdgyszjiDFUDzU2l3nertLMGT /xW8GfQsOOohbbUsM0xTf3bMW2TehsgwJQVHpMLd+Cp+Fq2lJRvu+LMEjeuxgDMlhF4P SMbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=YveYDBu1BPShVFj8lB70WoIx+DiRj8omPcwnucSSFWE=; b=Eq8OOuK9iNty6LiP/n0xY2XHiWsMB83fBeERaxmi9hWJL6ApWkGzUJysq6iXeodMTB cjPRdckSvOF9FqFp3PlZ4+q/mPzMaDZ2rFJ66z/ZAHRAriput92Mh0tPAYBkS0ONPCVH 8I84dq63r+fFN6owSOgEil/y4QyIs0fwMsRQRJwbLjtm5Yp2Cvx5Ln53NUR/rh+J6ACe poREz+2/CNmZ7N3s/4sZ5OKaxaKN7fqpvbhTLFbK3ExW4ksWvFm1lp/R5TFp3kNgB0TG JBq5MdT7x1fjcYUmdwosH5Ol5XZbeKAi7jvw/60V0RY+AxfIu2SmL2oew/RaDl6F4eBY 3kJA==
X-Gm-Message-State: AA6/9RlfU0J3i1Q7NOJ7gK0E1JFwSZk+Wt/ukZDEEnGmRSZeDDkTE6zFvtSefz+3OpFqlQ==
X-Received: by 10.98.92.65 with SMTP id q62mr2505853pfb.24.1476810345499; Tue, 18 Oct 2016 10:05:45 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id i123sm57031089pfg.30.2016.10.18.10.05.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Oct 2016 10:05:44 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Message-Id: <89EA6A5A-A4BA-40E4-9044-0D5AD0027770@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7C4B94BA-E26C-47B5-924F-3DC4C73F4713"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Date: Tue, 18 Oct 2016 10:05:38 -0700
In-Reply-To: <96848257-D21D-4ACF-A76D-975503C7A0E0@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com> <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com> <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com> <A7D2111B-594C-4EBF-A07E-26077A845677@gmail.com> <96848257-D21D-4ACF-A76D-975503C7A0E0@nostrum.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/rgTVaDEWXkfL-KvSuQAQGFR4e_s>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 17:05:48 -0000

--Apple-Mail=_7C4B94BA-E26C-47B5-924F-3DC4C73F4713
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

> I can live with that, with a couple of minor comments: I think it =
might be improved by changing "examine" to "consider the applicability =
of". I say that because I do not know for a fact that RFC6820=20

Changed. See below. Please ack so we can publish.

> really applies to lisp use cases; I hope people who understand lisp =
better than I can reach a conclusion on that. But I'm okay with an =
experimental RFC pushing that analysis into the future.

I assure you we will address this in draft-farinacci-lisp-geo.

> One other point: RFC6280 and BCP160 are the same document. I think =
these days we prefer referencing BCPs by the BCP number, but the RFC =
editor will do the right thing.

Oh, I didn=E2=80=99t notice that. I=E2=80=99ll change the occurence to =
RFC6280 to BCP160 and apply the RFC reference. See below.

Dino




--Apple-Mail=_7C4B94BA-E26C-47B5-924F-3DC4C73F4713
Content-Type: multipart/related;
	type="text/html";
	boundary="Apple-Mail=_277CF6E9-B803-4E58-97B4-D110E8DB14EE"


--Apple-Mail=_277CF6E9-B803-4E58-97B4-D110E8DB14EE
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space;"><blockquote type=3D"cite" =
class=3D"">I can live with that, with a couple of minor comments: I =
think it might be improved by changing "examine" to "consider the =
applicability of". I say that because I do not know for a fact that =
RFC6820 </blockquote><div class=3D""><br class=3D""></div>Changed. See =
below. Please ack so we can publish.<div class=3D""><br =
class=3D""><blockquote type=3D"cite" class=3D"">really applies to lisp =
use cases; I hope people who understand lisp better than I can reach a =
conclusion on that. But I'm okay with an experimental RFC pushing that =
analysis into the future.<br class=3D""></blockquote><div class=3D""><br =
class=3D""></div>I assure you we will address this in =
draft-farinacci-lisp-geo.</div><div class=3D""><br class=3D""><blockquote =
type=3D"cite" class=3D"">One other point: RFC6280 and BCP160 are the =
same document. I think these days we prefer referencing BCPs by the BCP =
number, but the RFC editor will do the right thing.<br =
class=3D""></blockquote><div class=3D""><br class=3D""></div>Oh, I =
didn=E2=80=99t notice that. I=E2=80=99ll change the occurence to RFC6280 =
to BCP160 and apply the RFC reference. See below.</div><div class=3D""><br=
 class=3D""></div><div class=3D"">Dino</div><div class=3D""><br =
class=3D""></div><div class=3D""><img apple-inline=3D"yes" =
id=3D"9D5335E4-8583-4067-8ECD-EE9AE5C111F1" height=3D"182" width=3D"749" =
apple-width=3D"yes" apple-height=3D"yes" =
src=3D"cid:33733F49-3C6D-4E3D-A8CB-4C2403AC1B75" class=3D""><br =
class=3D""><br class=3D""></div></body></html>=

--Apple-Mail=_277CF6E9-B803-4E58-97B4-D110E8DB14EE
Content-Transfer-Encoding: base64
Content-Disposition: inline;
	filename=PastedGraphic-3.png
Content-Type: image/png;
	x-unix-mode=0666;
	name="PastedGraphic-3.png"
Content-Id: <33733F49-3C6D-4E3D-A8CB-4C2403AC1B75>

iVBORw0KGgoAAAANSUhEUgAAB9YAAAHmCAYAAAAm1WW0AAAMFmlDQ1BJQ0MgUHJvZmlsZQAASImV
VwdYU8kWnltSCAktEAEpoffeQXqXKh1shCRAKAESgoq9LCq4drGAqOiKiIprAWSxYcHCImCvD0RU
VtbFgg2VNymg62vfO983d/6cOefMf+aeO5kBQNGWlZ+fgyoBkMsvFMQE+zGTklOYpB5AAfIAADsg
z2IL832jo8PhLzDW/13e3QKIuL9uJY71r+P/VZQ5XCEbACQa4jSOkJ0L8TEAcHV2vqAQAEI71BvM
KswX4yGIVQWQIABEXIwzpFhdjNOk2FJiExfjD7EPAGQqiyXIAEBBzJtZxM6AcRTEHG35HB4f4kqI
vdiZLA7EDyC2zM3Ng1iRDLFp2ndxMv4WM208JouVMY6luUiEHMAT5uew5vyfy/G/JTdHNDaHPmzU
TEFIjDhnuG77svPCxJgKcQs/LTIKYhWIL/E4EnsxvpcpComX2Q+yhf5wzQADABRwWAFhEGtBzBBl
x/vKsD1LIPGF9mgkrzA0TobTBHkxsvhoET8nMlwWZ0UmN3QMV3GFgbFjNum8oFCIYaWhx4oz4xKl
PNHzRbyESIgVIO4UZseGyXwfFWf6R47ZCEQxYs6GEL9NFwTFSG0w9VzhWF6YNZslmQvWAuZTmBkX
IvXFkrjCpPAxDhxuQKCUA8bh8uNl3DBYXX4xMt+S/JxomT1Wxc0JjpGuM3ZYWBQ75ttdCAtMug7Y
4yzW5GjZXO/yC6PjpNxwFIQDfxAAmEAEWxrIA1mA1zHYOAh/SUeCAAsIQAbgAiuZZswjUTLCh89Y
UAz+hIgLhON+fpJRLiiC+i/jWunTCqRLRoskHtngKcS5uCbuhXvg4fDpA5s97oq7jfkxFcdmJQYS
A4ghxCCi2TgPNmSdA5sA8P6NLgz2XJidmAt/LIdv8QhPCV2Ex4SbhB7CXZAAnkiiyKxm8pYIfmDO
BBGgB0YLkmWXBmMOjNngxpC1E+6He0L+kDvOwDWBFe4IM/HFvWFuTlD7PUPROLdva/njfGLW3+cj
0yuYKzjJWKSNvxn/casfo/h/t0Yc2If9aImtwI5ibdhZ7DLWgjUCJnYaa8LasZNiPF4JTySVMDZb
jIRbNozDG7OxrbMdsP38w9ws2fzi9RIWcmcXij8G/7z8OQJeRmYh0xfuxlxmKJ9tbcm0t7VzBkC8
t0u3jjcMyZ6NMK580xWcAcCtFCozvulYBgCceAoA/d03ncFrWO5rATjZyRYJiqQ68XYMCPBfQxF+
FRpABxgAU5iPPXAGHsAHBILJIArEgWQwA654JsiFnGeBeWAxKAFlYC3YBLaBHWA32AcOgiOgEbSA
s+AiuAo6wU1wH9ZFP3gBhsA7MIIgCAmhIXREA9FFjBALxB5xRbyQQCQciUGSkVQkA+EjImQeshQp
Q9Yj25BdSC3yK3ICOYtcRrqQu0gvMoC8Rj6hGEpFVVFt1Bi1QV1RXzQMjUOnoxloAVqMLkNXo1vQ
avQA2oCeRa+iN9Ee9AU6jAFMHmNgepgV5or5Y1FYCpaOCbAFWClWjlVjh7Bm+J6vYz3YIPYRJ+J0
nIlbwdoMweNxNl6AL8BX4dvwfXgDfh6/jvfiQ/hXAo2gRbAguBNCCUmEDMIsQgmhnLCXcJxwAX43
/YR3RCKRQTQhusDvMpmYRZxLXEXcTqwnniF2EfuIwyQSSYNkQfIkRZFYpEJSCWkr6QDpNKmb1E/6
QJYn65LtyUHkFDKfvIRcTt5PPkXuJj8jj8gpyRnJuctFyXHk5sitkdsj1yx3Ta5fboSiTDGheFLi
KFmUxZQtlEOUC5QHlDfy8vL68m7yU+R58ovkt8gflr8k3yv/kapCNaf6U6dRRdTV1BrqGepd6hsa
jWZM86Gl0Appq2m1tHO0R7QPCnQFa4VQBY7CQoUKhQaFboWXinKKRoq+ijMUixXLFY8qXlMcVJJT
MlbyV2IpLVCqUDqhdFtpWJmubKccpZyrvEp5v/Jl5ecqJBVjlUAVjsoyld0q51T66BjdgO5PZ9OX
0vfQL9D7VYmqJqqhqlmqZaoHVTtUh9RU1BzVEtRmq1WonVTrYWAMY0YoI4exhnGEcYvxaYL2BN8J
3AkrJxya0D3hvfpEdR91rnqper36TfVPGkyNQI1sjXUajRoPNXFNc80pmrM0qzQvaA5OVJ3oMZE9
sXTikYn3tFAtc60Yrblau7XatYa1dbSDtfO1t2qf0x7UYej46GTpbNQ5pTOgS9f10uXpbtQ9rfsH
U43py8xhbmGeZw7paemF6In0dul16I3om+jH6y/Rr9d/aEAxcDVIN9ho0GowZKhrGGE4z7DO8J6R
nJGrUabRZqM2o/fGJsaJxsuNG42fm6ibhJoUm9SZPDClmXqbFphWm94wI5q5mmWbbTfrNEfNncwz
zSvMr1mgFs4WPIvtFl2WBEs3S75lteVtK6qVr1WRVZ1VrzXDOtx6iXWj9UsbQ5sUm3U2bTZfbZ1s
c2z32N63U7GbbLfErtnutb25Pdu+wv6GA80hyGGhQ5PDK0cLR65jleMdJ7pThNNyp1anL84uzgLn
Q84DLoYuqS6VLrddVV2jXVe5XnIjuPm5LXRrcfvo7uxe6H7E/S8PK49sj/0ezyeZTOJO2jOpz1Pf
k+W5y7PHi+mV6rXTq8dbz5vlXe392MfAh+Oz1+eZr5lvlu8B35d+tn4Cv+N+7/3d/ef7nwnAAoID
SgM6AlUC4wO3BT4K0g/KCKoLGgp2Cp4bfCaEEBIWsi7kdqh2KDu0NnRossvk+ZPPh1HDYsO2hT0O
Nw8XhDdHoBGTIzZEPIg0iuRHNkaBqNCoDVEPo02iC6J/m0KcEj2lYsrTGLuYeTFtsfTYmbH7Y9/F
+cWtibsfbxovim9NUEyYllCb8D4xIHF9Yk+STdL8pKvJmsm85KYUUkpCyt6U4amBUzdN7Z/mNK1k
2q3pJtNnT788Q3NGzoyTMxVnsmYeTSWkJqbuT/3MimJVs4bTQtMq04bY/uzN7BccH85GzgDXk7ue
+yzdM319+vMMz4wNGQOZ3pnlmYM8f9423quskKwdWe+zo7JrskdzEnPqc8m5qbkn+Cr8bP75PJ28
2Xld+Rb5Jfk9Be4FmwqGBGGCvUJEOF3YVKgKjzntIlPRT6LeIq+iiqIPsxJmHZ2tPJs/u32O+ZyV
c54VBxX/Mhefy57bOk9v3uJ5vfN95+9agCxIW9C60GDhsoX9i4IX7VtMWZy9+PcltkvWL3m7NHFp
8zLtZYuW9f0U/FNdiUKJoOT2co/lO1bgK3grOlY6rNy68mspp/RKmW1ZednnVexVV362+3nLz6Or
01d3rHFeU7WWuJa/9tY673X71iuvL17ftyFiQ8NG5sbSjW83zdx0udyxfMdmymbR5p4t4Vuathpu
Xbv187bMbTcr/CrqK7UqV1a+387Z3l3lU3Voh/aOsh2fdvJ23tkVvKuh2ri6fDdxd9Hup3sS9rT9
4vpL7V7NvWV7v9Twa3r2xew7X+tSW7tfa/+aOrROVDdwYNqBzoMBB5sOWR3aVc+oLzsMDosO//Fr
6q+3joQdaT3qevTQMaNjlcfpx0sbkIY5DUONmY09TclNXScmn2ht9mg+/pv1bzUtei0VJ9VOrjlF
ObXs1Ojp4tPDZ/LPDJ7NONvXOrP1/rmkczfOTznfcSHswqWLQRfPtfm2nb7keanlsvvlE1dcrzRe
db7a0O7Ufvx3p9+Pdzh3NFxzudbU6dbZ3DWp61S3d/fZ6wHXL94IvXH1ZuTNrlvxt+7cnna75w7n
zvO7OXdf3Su6N3J/0QPCg9KHSg/LH2k9qv6H2T/qe5x7TvYG9LY/jn18v4/d9+KJ8Mnn/mVPaU/L
n+k+q31u/7xlIGig84+pf/S/yH8xMljyp/KflS9NXx77y+ev9qGkof5Xglejr1e90XhT89bxbetw
9PCjd7nvRt6XftD4sO+j68e2T4mfno3M+kz6vOWL2Zfmr2FfH4zmjo7mswQsyVEAgw1NTwfgdQ0A
tGR4dugEgKIgvXtJBJHeFyUI/CcsvZ9JBJ5canwAiF8EQDg8o1TBZgQxFfbio3ecD0AdHMabTITp
DvbSWFR4gyF8GB19ow0AqRmAL4LR0ZHto6Nf9kCydwE4UyC984mFCM/3O23EqLP/JfhR/gno8Gz+
GcRuRwAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAZ5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4
OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4w
Ij4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJk
Zi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAg
ICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAg
ICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MjAwNjwvZXhpZjpQaXhlbFhEaW1lbnNpb24+CiAgICAg
ICAgIDxleGlmOlBpeGVsWURpbWVuc2lvbj40ODY8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAg
ICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KCe6dMgAAABxp
RE9UAAAAAgAAAAAAAADzAAAAKAAAAPMAAADzAAFmnjOSJI0AAEAASURBVHgB7J0JoHXV+IfXp1Ki
wZeSShONNEuDQpKSMlWEIpShGaEQ/WWmUaIiDRo0odJEEUWzlCjSpFkiXxLi/s+z6j2ts78z33Pv
PffeZ9V39zl7WMOz1t5nv+u33rVmPPjggyPJIAEJSEACEpCABCQgAQlIQAISmKYEnvnMZ07Tklts
CUhAAhKQgAQkIAEJSEACEpCABLolMENhvVtUnicBCUhAAhKQgAQkIAEJSEACU5GAwvpUrFXLJAEJ
SEACEpCABCQgAQlIQAISGCwBhfXB8jQ2CUhAAhKQgAQkIAEJSEACEphkBBTWJ1mFmV0JSEACEpCA
BCQgAQlIQAISkMAEEFBYnwDoJikBCUhAAhKQgAQkIAEJSEACw0NAYX146sKcSEACEpCABCQgAQlI
QAISkIAEhpWAwvqw1oz5koAEJCABCUhAAhKQgAQkIIFxIaCwPi6YTUQCEpCABCQgAQlIQAISkIAE
JDCpCSisT+rqM/MSkIAEJCABCUhAAhKQgAQkMFoCCuujJej1EpCABCQgAQlIQAISkIAEJCCBqU9A
YX3q17EllIAEJCABCUhAAhKQgAQkIIE2BBTW28DxkAQkIAEJSEACEpCABCQgAQlIQAKZgMK6DUEC
EpCABCQgAQlIQAISkIAEpjUBhfVpXf0WXgISkIAEJCABCUhAAhKQgAQk0BUBhfWuMHmSBCQgAQlI
QAISkIAEJCABCUxVAgrrU7VmLZcEJCABCUhAAhKQgAQkIAEJSGBwBBTWB8fSmCQgAQlIQAISkIAE
JCABCUhgEhJQWJ+ElWaWJSABCUhAAhKQgAQkIAEJSEAC40xAYX2cgZucBCQgAQlIQAISkIAEJCAB
CQwXAYX14aoPcyMBCUhAAhKQgAQkIAEJSEACEhhGAgrrw1gr5kkCEpCABCQgAQlIQAISkIAExo2A
wvq4oTYhCUhAAhKQgAQkIAEJSEACEpDApCWgsD5pq86MS0ACEpCABCQgAQlIQAISkMAgCCisD4Ki
cUhAAhKQgAQkIAEJSEACEpCABKY2AYX1qV2/lk4CEpCABCQgAQlIQAISkIAEOhBQWO8AyMMSkIAE
JCABCUhAAhKQgAQkIAEJpBn77bffiBwkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQk
IAEJSEACgybwqU99atBRTkh8CusTgt1EJSABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAE
JCABCUx9AgrrU7+OLaEEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCYyCgML6
KOB5qQQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJTH0CCutTv44toQQkIAEJ
SEACU4jAP//5zzRr1qw0MjKS5p577rTAAgukGTNm9F3Cf//734l/z3jGM/qOgwv/97//pf/+9785
rn/84x/pL3/5S7rzzjvTOuusk+aff/563Pfff38+d+GFF05zzDFHff8wfqAcDz/8cM7aXHPNlcsx
55xzDmNWzZMEJCABCUhAAhKQgAQkIAEJdElAu7pLUAM4Tbt6ABCNQgISGCoCCutDVR1mRgISkIAE
JCABCTQn8K9//StddNFF6fLLL284AdF6u+22S4ssskjD/nZf/vrXv6Y//vGP6brrrkt33HFHevrT
n5523333LNS3u67dsVNPPTXdcMMNs52y2267pYUWWijv//GPf5wuueSS/Hn55ZdP2267bXrKU54y
2zUTvaMVa/L1mte8Jq211lpDme+J5mb6EpCABCQgAQlIQAISkIAEhplAK1tPu3rwtdaKNSlpVw+e
tzFKQALjR0BhffxYm5IEJCABCUhAAhLoiwAjvL/5zW8mBPFmAc/1XXbZpcEzvNl5t99+ezr77LPT
n//853yY6zbbbLO0wgorpHnnnbfZJV3v+/vf/54eeOCBdNxxx9WvQVAnX4jneMUfddRR9bQR83fd
ddf0tKc9rX7+MHzAc+HII4/MrOHzlre8JS222GLpsssuywMbyOOLX/zi9OpXv3pUMwUMQ1nNgwQk
IAEJSEACEpCABCQggelCQLt6/Gpau3r8WJuSBCQw/gQU1sefuSlKQAISyNMgM21yhG6nFka4euih
h9LMmTOzh2lcP17biU5/vMrZazrUZVmfiIjD6IXba7k8fzgIPPbYY1msZmr1bbbZJi266KLpnnvu
SaeddlqiYyDC5ptvngXf+F5uGSl+/vnnp2uuuaa+G3F44403HpWXej2yJz4wbfpXvvKV+m7i33DD
DfN37pFjjjkme8izYxBe8vWEBvSB6fXxqr/00ktzjG94wxvSaqutlj9z7Nvf/nY9/3j48yw2SEAC
EpCABCQgAQlMDIGqHaZdPTH1MKhUq/WpXT0ossYDAe3q8WsH2tXjx9qUJCCBiSGgsD4x3E1VAhKY
xgQQpw888MAGAu95z3uyR2TDzsoX1iU+/PDD8168KHfeeee8tnLltDH7OtHpj1nBRhlxs/psJ3CO
Mjkvn4YEmF79nHPOSe9///sb1kG/9tpr0/e///06kVbt7m9/+1s69thjG7zdmXZt7bXXrl87qA9/
+MMf0gknnFCP7p3vfGdaaqml6t/xlGc6e9ZiX3/99dPSSy9dPzYMH6pe9e973/vyQIbI27nnnluf
ir+b53Zc51YCEpCABCQgAQlIYLAEmtlh3byfTbRdO9HpD7YWBhdbs/psZd8MLlVjmk4EtKvHr7a1
q8ePtSlJQAITQ0BhfWK4m6oEJDDNCbC28fHHH1+n0E0HwPXXX59OP/30+jU77rhjWmKJJerfx/rD
RKffqnyMhEU03GSTTdLiiy/e6rQx3X/rrbfmPEQidgAEifZbvK0ZLDKM04G3z/n4HsVzA8N0nnnm
aUj46quvTmeddVZ9X7N2x9TxTCFfera/9rWvTWuuuWb9ukF+KNdQxyOdaeBHO8X8IPPXKS469I44
4og6r5IVzxoGOFx55ZU5mm6e253S87gEJCABCUhAAhKQQP8EtKv7Z1e9Uru6SmTyfNeu7q6utKu7
4zSIs7SrB0HROCQggWEmoLA+zLVj3iQggSlL4MEHH0yHHnpovXzdCDS33HJLw9rFVU/KemRj9GGi
029VLNY9Pu+881I3DFvFMdr9TCnG2tH33XdfjqqZwDnaNKba9XTcfPe7301/+tOfRiWsw55/ITrT
qYA3NGJuu6kgMarjXATgueaaqyPi8hqmJXzqU59aT7fTxdVr559//k6XdDz+y1/+Mk/vHidWnwmU
r7ou+0te8pI8CCWuGeS2eh+84AUvSFtvvfVs65BTP5zLzButAlPXw3fGjBn5FL7HvqjrVteOhjXr
wB199NH1deCpJ54tz3jGM1K5Rhz7mUFg2NaHb8XE/RKQgAQkIAEJSGAqEtCuHlytalcPjuV4xqRd
rV2tXT2ed5xpSUACEnicgMK6LUECEpDABBBgreSvfvWr9ZS7EYUxmG688cZ09913pyWXXDItt9xy
9evH48NEp9+sjPA4+eST86FuGDaLYxD7qoKiwnp7qrSln/zkJ+lnP/tZXme7F491ZgdgOnE8sRHl
77zzznw/bLbZZukHP/hBfXADOXjHO96Rlllmmdkyg2fLGWecUfdKRljHg/vmm2/Oa5cvtNBCCZG6
FNt/97vfpbPPPrt+TUSKeLzuuutmERhBd8EFF2wQWynrb37zm4bZJriW2Sbe+ta39u3N/fvf/z6d
eOKJkY1UbXOke+qpp6bf/va39XMwuLlPKC+fQ7SunzDKDw888EA67LDD6rHg7b366qvn5xZrr8+a
NSvXD3l/5jOfmZezgDHX3XXXXemRRx5JPBthzaAAZuVYbLHF8tTxl1xyST3eN7/5zWmllVaqf48P
g2DNvYzHOm0sAs9b6oo2e/nll+fdVd5xrlsJSEACEpCABCQggfEjoF09GNba1YPhON6xaFdrV2tX
j/ddZ3oSkIAEHiegsG5LkIAEJDBGBJj6iH9zzDFHXgudLcLSs571rCweNRPWme65GvC6xWDCy7P0
wMVjllC9hv2ch1j16KOP5vRJM0RCxD/EozJEGohJ4UnKNSG8kXaz9Ktxkc/wMqWTg/SJe5FFFqnH
VaaLByoCKddxHoJft9NGl8Y/cbKWM1PBE08ZyDd5gRPlWWCBBRrWqS7PbfeZfCIOEgdeqjNnzqyX
qSqsx/TRXINYCJOSZ5kODB566KHMl/3zzTffbPlrVce0J/JEID/NRipTfvJBOrAh76QRdZsvLv4Q
J+2WdtQsL8WpTT9SFspMoM3BO9oe+6jrn/70p+niiy/ma65zxF7qvTwvH2zy5+c//3m68MILmxyZ
fRftqboueXk9xzfddNN06aWXZsF34YUXzoLqC1/4wrTVVltlRrRx1jG/7rrrcgJc8+53vzvfX6Ww
HamXSzTA/LTTTkusO054wxvekMv7ne98J39/1ateldcZz1+6/MM9etVVV9UFXi7bbrvt0vOf//yG
GG677bZ0zDHHNOwrv1CON77xjel5z3teuXtUn2HEgIUITAOPoc/MBMEgjr34xS9Or371qzPj6rrs
nINH+Nvf/vZ05plnpjvuuCMuy9sVVlghIa7HM5Cdg2T9ox/9KLeJhkSf+AK3bbbZJi09ZGvDN8ur
+yQgAQlIQAISkMBUIKBdrV2tXa1drV2tXT0Vfs8sgwQkMHUIKKxPnbq0JBKQwJAQQDgMb9xqlpZa
aqnsRYthWBXWn/3sZ2dvT46VYaeddsrCcClYcXz33XfP4tPXvva1LJyW1yy//PIJr9AICK6IVAjP
Va9SzkEsQvwt08ajdtttt80ib1Uw4xrSR3QsPVTZz9TPiN546UYop1NmH0L0FVdckS644II4pb6F
AyI0nvnkGWGuGpqVIc4JUZvvCHKIeni/luFlL3tZ2nDDDWcT4ctz4jPC9bnnnptuuOGG2JW3lGmH
HXbIgnZVWF977bXzObEWM18oB3UZAwe4BoG59MTNF9X+UE+UAxacd9BBBzWUgfwjQrOedRlKUZf9
Va/mOJf2gBAL4y222CKLq6SD2I3wXAYEUATg6oCF8hw+4zl++umnN7ShOOeVr3xlFpARQpu1pTiv
OpV57K9uo/4pB4IqYY011kjrrbdeZlK2/ZJJOXU615Ie9YJX9ymnnFJPhjaMuE4ohXi+hxc8AxaO
PPLIuoc8AjUDSNZaa63cfhkMceyxx2ZPbK6jzjbaaKN07733pm984xvsSq2mSs8HK3+qA0nKwwwq
4dkSgWcQad9WE9cjcI+/7nWvywMHEI4jRHnie79b0iw95OG688471wdLkJdS6K96ndP+Sk9xZuT4
z3/+k5jec5NNNmnw+K8K64NmTV6+/e1v1+sumMBwzz33rJcp9ruVgAQkIAEJSEACEhg8Ae1q7Wrt
6sb7Srtau1q7uvGe8JsEJCCBiSKgsD5R5E1XAhKYsgRCOESEwbMVT+KbbropnXTSSXUhDbGoKqwz
5TFiHaIbXql40jI9NQIgoRQF+R5TnyM+IWgivEUgbYRZxGumvY6wxx57ZCERr2JErlJIR+RbddVV
s4doCNFMiY3HL6Jqq/TvueeeLIhFGmxJnym4S3F94403zmI2xxGU+UdAECWvMIpp3dlPHAjriMvV
gJiKkMvU3FEG4sDjGOGafJdesCFgcs23vvWtHF1VnKumwXe8IxD74BFCId7vIYwSB4MPqLdYY518
B79qnCUDRGwGYHB+eFVH2+E6hHs8fql/4qO+yumpOQcR9+qrr+ZjDjFwAwH7lltuSccdd1zeT94R
kYnn0EMPfeLsxzd4La+yyip5AAJtiPQQo0mftaZZN770Lm64+IkveLkfcMAB+RvG/gYbbJBnZ8Az
O9adx1t7tdVWy0wRvqk7AuV//etfn8VKhOkYeJAPtvhTcuIU6hcPc8od91pcGvcJU8gjNkcoxXMG
KMQAB8qPIIynPbwOP/zwen2WfP/2t7+lgw8+OKLLbZj7lUAnINPSX3vttfk7ZSROtnjHh7BNm41r
8olt/rC+N236mmuuSbcVgjmXkOcYJMB3plWnPZYhylvNW7TrbmYLKOOrfi7XH+dYdS338vlRzS/n
07YZJESAE+zZcm9Qr1/60pfyMf7EIAU+V8szCNYsMUD7jLZLOhF6qbO4xq0EJCABCUhAAhKQQO8E
4p2f9zvt6icHrZc2pXZ1yoPDtau1q7WrH3/Galf3/lvjFRKQgAT6IaCw3g81r5GABCTQggAiz1ln
nZXFrxAoEXsJCHfXX399eu9735vF4GbCOmtOX3TRRdnrOzxmIylEnq9//evxtS6sswOP6lj7l44H
hFEEs6r4F4IUHpkhBHM9Hu54kDJdfSlIcyymmW6VfjUuPE2ZKhmhDm/xEPxDyEYUx9M3BPGIvyrM
7bbbblkgJw/NQtVjuPR2rsYVXsvUT5mnN73pTWnllVduFv1sgh1rLMOpXMcvyoTnfskToRfv4FYM
yAeiNQIoAVEYcbtaXyEKc061jvGWp21ddtll6bzzzuOULESyXvk888zT4D0c9U66pVdxiK2lCB+D
EJgqvkyzXX2UbSZEfNp/eX2wQiQty0l7ZfYDzu8mUIZStOaaMm/cZ6UnPwyZAYH6iYEJpZhcbROl
eB6e8ZEvBrvgFU+oitflmtsI3wyEiMBAAwYcMKAmBjZQ7hhQEed1u2XAClPhlaH0AK964JNWuY59
WS/VY2WcvXxGjI5BK1wX9zWfYVx60DPwhUEjtIUIDEJgyn0G0oSg/a53vSuxvnl0qsa5ZVkHyRox
n5lBYjASdcaAAPZHoJ3GwIvY51YCEpCABCQgAQlIYLAEeH/Urtau1q5+X7aTS/tNu1q7GhuYoF2d
MfhHAhKQwIQQUFifEOwmKgEJTGUCP/zhD1M5BTiCG566iEhMTb7ssstmga0U1hGF8ag9//zzGzxf
S06loMv+VqJrKYxWp1fGCKt6WBNX6YVZin8cC8GwVfpVYb2MqzQAI1/EU04fH4J4NZ4QfclDs1A9
v+RRCotVAbPMU2mUVtMoxV+ORT5L0T68Bap56cSA+EqBO4TCKvuyTGW+yzXAq2VFQGWARCkkt8oP
o7q33HLLeqcV+QphGWG9FLBLoZTzylAOukC0jjyUeY76J96yLfUq7DIwgxkDYmBGGW9VJEcEpd5u
v/32LNpGnt/ylrck6p5Q1iffo73zuSqsx+AK0mEwQwxm4dyYUp1BFswUEMYuecDDhvuf6cVDpI3z
ubafUF0HvMx39RgzDnCcQN7LeiV/DPZhZo3RhNITnzhpA/PNN1+OspzRgB1x30R65Km8H9jPbAws
U0AoRXm+x8wbg2TNkg8MXIr62X777fMSCc1m5CjvJ/JjkIAEJCABCUhAAhIYPAHt6idnt2pmV2lX
b50bXWlHaFfvmp72tKd1dTNqVz+OqWo7a1c/PiNev30Y2tVd3X6eJAEJTAECCutToBItggQkMFwE
yimPy5whxjDteVVYLM/hc6tpt0sxkvNaia4hnpNOVUQLT12OlR7WpfFQNbAiP62mr6+KymVcZQdA
5Iup60vRN7zJSfeb3/xm3as4REzK2ixU0y15MDMA0+MTqsJtmafqsTKdqqBWxo+gR/qsS0+o5qUT
A/g/8sgjeTp7vNoXXHDBhMcvU9iFYEy8ZZplvoMl8TQT1vFYDw8P4glP62p7CE/qaqcV11RDVQyt
HmeafcpEG2PNa7yMS+G5zHPZltvVQTUNvpdrlPO9nHWAqfsPPPBAdufAdPasa4/QHd7q1fSqntZ4
kcfyA5QDsTXqJAYX4NF8/PHHRzINU9GXZYsTWBaBgTMEZkhgzXrqfDShrHfiKdtctT7LNdir9zc8
Ypr6fvPD/YCHPgOHCDE4IzzSyxkROF7mh++0G6aBD1E7BkTQlqoDXPBgZ7YG4h4Ua+6Lc845pz4g
KmZ4IG+EX/3qV3kwwuPfUioHtsQ+txKQgAQkIAEJSEACgyWgXb157huAajNbULt629y3ol391Xzj
Ve3cTnejdvXjhLSrtas73Ssel4AEJNCMgMJ6Myruk4AEJDAKAghXCHkxzXcZVSuRujyHz7Eedbm/
KiJ1I7pyfWmEh7GFmNtKWK+KxAiijPxGXCy97CP96vmlwFemXQqr5Vpw4U2LVzEevRHCKzW+V7fV
dCM/nFcKi1HmGLld5ql6rEyjFOfZHx7r5TnxuZqXbhhwLWLvFVdckQU9xETWFw8Rl+Nlmcp8lyxL
Q7AsTylmIlAy9TZCcSlg4rn9vOc9r6EtMN09U2AjNsbgDPKCWM+6460CDH73u99lT24E0pVWWil/
j/PLPJdtucxznNtuW4qcVc/o6pTh1APlK9tttGeEWcpYekPHwBPujwgMGGDAR6vAWuIvf/nL87T/
nFOdIp59LI8AV2arYLq2QYTbKtPNh+hP3GVbqfKtDhipHu8nb9UBDTGQI+Iq17AnvaqQXy1LPCdp
fzfccEP2Zo+4ymfjoFhzX8Rgn1LUjzRp20cccUR9cEbZhuIctxKQgAQkIAEJSEACgyWgXd1eWOdd
Wbt6Rm502tWzOxR0uhu1qx8nVLVFtasf59JPH4Z2dae7zuMSkMBUIqCwPpVq07JIQAJDQwAh5te/
/nX2Gq5mKtYWLsU+hKhrrrmmLtxwDefF+ux8L8VIvncjunJeKTKHIISHaSthvXwZ5voQiVul34+o
TPp0ArCmPKEqwr7tbW/LYmQ+2OJPNd2SRynGVYXDdqJjmVTVwCoFvfI8PlfzEsw4VqZXisssF0Dd
EPCsJv9wKT2uyzK1iqeVsE68CN2sKU94znOekx599NG6cI94jihMh0wZN8IvwifTyXcbmO6L9bVj
UMBrXvOatPbaa+e1zlnznFCWvWxL1fpplyZCeDnVX7RnRPJqHYSAi8czbT1CKfpW6xgem2yySa6H
8La+++6705FHHpn54akMQ9Ji3XaEcsT4MlQHZJRtgfOoY7zkl1hiiZ4Yl2nwuax3xOBy3e/ynq96
j1c9f6rHIx08YCgrccfMDHGsur3pppvSSSedVN9Nu11kkUXy84xnGANmYqBRtIP7778/t3sGvJQd
gkQSs1hQ39Vp65linjZL/bLWfMxMwXX9si7bDvcisxbEQBziJZT3SNWj/fEz/CsBCUhAAhKQgAQk
MGgCvKdpVze+i8b7NO/E2tUz8iB17erehHXt6iefVNrV2tVPtgY/SUACEuiegMJ696w8UwISkEBX
BBD+EBWXXnrphDiFyPv973+/fi2iE2JVKawjFiFoI+BFqHrP9rP+dikYEW9MYfzf//63QVgv1wyu
phPHqvtD9K2mUYpbpRhVdgDABVH95z//eV5vmam3ETJZkxlhd8455wwMLbfVdEOMo2x/+MMf0skn
n5yvRYBDKHvGM56Rv7fKUzWhanmZgpp1sZsJztW8dGKAAH3ooYfWkwzRvjrtdTDmxFb5Lg3BqkiN
8HjaaaflJQhWXHHFLEjiFY8ojAd6hDPPPDMP7IjvZbrswyMZ47uVx3qZt7LdlvvL+m8lrMOxXd2z
Hvphhx1WnzK85FwVd4NpVeiOdffKKdHhhpc95aaD6jvf+U7afffd89TmJ5xwQsbCWu7E2S5/nFgO
6uB73D98JoSw3W4GBM6j/SFWw561xldZZRV250BdlFOXl4MFOIHBDHiJE8o16Ol4K6ds53g5Ip/v
hKqXfnWQz+NnPfm39Ein/inbRRddlH7/+98nlnRgloQIMOReOuSQQ/I0/rSLo48+ui68l+2nOkX8
mmuumRC1DzrooDzFP/cLz9sI/bIuBxPRFqh7ntEReKaUeXz961+fVl999TjsVgISkIAEJCABCUhg
DAhoV3f2WNeu1q6OfqWyL0C7+skHknb1XLMtvaZd/WT78JMEJCCBfgkorPdLzuskIAEJtCDAaGmE
mC233DKLdJx27bXX1sV1PEvxAD344IPrMYTIVgpiHAwPWj5Xpz2OazhWCph4XHIMARWv0MMPP5xT
cnj729+evWyrQjDi21ZbbZXF7XI6bcQlRH8E71bpE1c5TXIpbpX5ClGfjITXMfEjiMf02AiGCJvh
Lfx4rpv/rZYBcXHVVVdNX/7yl7NA+r3vfa8+A0Cs6Uz8eHDfeOONOdJmomKkxrnlNOHsZ8pvhD3y
iDjOFOGI7TNnzuyJAcZdGMDEG8JoyZ79pcBdeiEHS/JRCsrUPSIoXMup3Zjynam8IiCwlgIxAxFC
QOYcvKm5BuP8vvvuy0sbvPSlL03rrLNORNGwLfPGNQxkoA7hx/WEso2VwjrHqB/yQ91E/tlfDdU2
GPWKAItXenjMl1OJ31aZMh1BdMMNN8zCLyI4gTwjrL/oRS9KrJ8O34022iidffbZDQMOOHeNNdZI
DFJYfPHF64M12B+B8rIuewSEYvJJGjwHzjrrrHxfM2MA9dcqMOjkwgsvrB+mnbFWO6FcFx5hmsEC
5T1THi/bSpVfs2tpG8w+wLkRygEMsS+21fvw+c9/fn7GXHDBBbn9zpo1q8GbnbiuvvrqtNhii+VB
B9VBJuUz74EHHsgDKSItGD73uc/NgzwoM1M+DoI193o8k0gr2lWkWw6yKe+xOO5WAhKQgAQkIAEJ
SGDwBLSrX5sQwAja1c0ZaFf/paFfQbt69ueQdnVK2tWztwv3SEACEhgtAYX10RL0eglIQAIVAmH0
IsAi8CFy4p3Nv5h2GTE0pujmcs5FuEQgxDMyBEKOISAhiv7iF7/IYiD7CFtvvXUWKxHnIs3Hjzw+
tfgrXvGKdPHFF9fjKoXNqhjGdQiOiF14wkYIQY3zW6WPKHviiSfGJVl8RTTEC/SMM87IQiUHERgR
BxH8Yz3j+kWVD5R34403TosuumjlyJNfiR9RrWTF0SjnHXfckb1z2RcCIiLrcccdx64skDL4oRQk
84HiD8Jd6W3LIaZUx+MbT2jqd7PNNks333xzVwwQ5XbYYYcsDJbCepHkbB+pAwRVPI0RfwkI37QL
pquOtsV+2hrT6CM+IuCyvECrwCwBiMeIxNUBB9Vr8DBmUEYpxpfnVD3ey2PlZ4RRBmpQDjzPq6Ec
lFE9xvfLLrssr+Eex6g/1lBHFA0hGOG7rFeE3QMOOCAuqW9hRfkxtIMrB1kLfdttt83tohycUL+w
+EBbY+r4BRdcsL4XYZo2RltrFmC5/fbb19dkb3YO+6666qos7Mdx2FHneO3HtOuI0Nwn1TZMfcYU
6lz3rne9Kw/mIV+0aQJtiIEl5cwF7C+9t/lOiOfA498a/zZ7lnBGzBhQDvyIK8OrnTqozihQDiCo
dgBwPeWJGSgGxZp4y9kiSANPe56HDE5i9ot4zpSDXbjOIAEJSEACEpCABCQwNgTCxtWu1q6u9i1o
V2tXa1c/3seGU4129dj8BhmrBCQggXYEFNbb0fGYBCQggT4IIPIhCLHudCnY4cnJFMJMQd1MVH3T
m96UHnrooXT++ec3pIrIg1CNUFYNMUVzdDpwnJdqBL9SVEUAftWrXlUXRqtiGGmwFnIpBpYiZznd
eJkHRNzS0zmOMXU1U1gj+paBgQWIeXh6hydzebz6ebfddqt7s1eP8b3q4U25EVVDLCQNpkIPMTHi
QAzH+7qdx3Ccyyh4BkFU88s64ng4V0fJx3XtGCBSX3rppQ0DJfCAJl8IvUyhTaDDAF60qWoZKCv/
TjnllEgyb6lLxGtmPyCNTgGxljXuESkRrvE0LgOcaH9zzTVXubvhMx7oDAgp2zt8mOkgpuTnAjzz
11133SzkM4AD8TgCaSAUt6qTZjMIxLWxjTqpxhFT4sd5MIIrMw0wJX/kG1GdASuxpnh1SvS4vtwS
Vwi9sR/xGw8b0i0DMx5ssMEG9fuwPFb93CoOzqO+GIjDII9WgWkhmY6dqeergXqgXquCPOfBmaUr
WMsyArMXMDilVbjyyitzeeP4Nttsk9sm33kOMgAmGDNoBtGdATaEcn11WDKjB1sCz0qeFdH2uUeI
uxzI0IpTL6xzYrU/DMJglgBmFqgGBmwwWIk2bZCABCQgAQlIQAISGHsC2tUpLwmlXd26b0G7+vEl
wrSrWz+PWtmLXKFd/aSDQCtO2tWt25ZHJCCB6U1AYX1617+ll4AExoAAno2xFjViEgIXAlYpBg06
2VJYj6mfEbQQphAJEWjLUBXWY81gvDY5hrCFN/RYhU6ewJFuN96hGAD8w5u6Ws6Ihzphen4Ca62H
8B7Hu9ky6CHqkjhCfO3m2lbn0D7IO/mJNeARuBHriR8RryoSt4qrur86JXn1eHyveiPTZkIERfzs
lhV8YUQo+SBWwq1ZXKRDeqQRQmvkq7qtrre9/vrrJ/7RzuP+alcnpAVb/pFWDBSAP/nDC4IlCeDN
dzryYoADg0wQdZmdIdYuL/PHoJiVV1653JU/0wlGgA0DXjqVMZ9c+RPtjvYNK9pEL/HAn/sawRxO
zLbQqU7JL9P4M+sDTBC755hjjkrOGr+SDtfx7Ai2cQb7OU4Zop3HsU5b6guO5L3d/TAI1pEX2gr5
Ja9seZ73wjzicSsBCUhAAhKQgAQk0D8B7erO7LSrH2fE+7t2tXZ1uztGu1q7ul378JgEJCCBXgko
rPdKzPMlIAEJDCGBUljHixmv23aCbFVYL73Tx7p45ZTLeEsvvfTSWewkv/xDVMbLnI4U1l9nympD
bwTK+mXqxPDOR6REoKTjAU9hPKqrwnpvKY3f2cymwHT4EfA4ZxaIsQhlBxX3EoNVIsAQj2amv4+A
B/h6660XXyf9lnuU5RpoJzErxqQvlAWQgAQkIAEJSEACEpBABwLa1R0ATbPD2tWjq3Dtau3q0bUg
r5aABCQwvAQU1oe3bsyZBCQgga4JlB0ArF/MVODtPEzxID3yyCPr05szVTwC63gEPEuPOOKI7BnP
elDktwx45TKtOOIenrLh/V+e4+f2BGB84IEH5pOaTeON9zKe10wVz/R5yy67bPsIh+AoU9uHtzje
32PVNmBTrk/fTFjm/vnGN75Rn6J8Kg0Aufvuu7O3PgNbWJudtesMEpCABCQgAQlIQAISmA4EtKun
Qy13X0bt6u5ZVc/UrtaurrYJv0tAAhKYSgQU1qdSbVoWCUhg2hHAWLnxxhvT2WefXZ++Gwgvr63l
zJrAzURphGvW4PrRj37UwOuNb3xjXkcZ0XIsA1O0Ieoj3BHwpn7uc5+bp+K+//778zrf7N92223T
iiuuyEdDjwRoFz/4wQ/qa0UzTTnrh+OtznroF198cY6Rdc2ZTp39wxxKTwHyidi7ww47jFm+r7/+
+nT66adnJHjFs3Z7DABhmvjrrrsui++csOaaa6Ytt9yy7QwROaIh/4N3Ou3iiiuuyOujM9Am1jof
8qybPQlIQAISkIAEJCABCYyKgHb1qPBN2Yu1q0dXtdrVL8gOLNrVo2tHXi0BCUhgGAkorA9jrZgn
CUhAAl0SYFrqyy67LK8JXV7y6KOPpqWWWqqpMM1a1XgqV9ejZq1qPNcXXnjhMqox+YzHL56x9957
b14/GbESo3XmzJlp0UUXzf/GWuAfk4INWaR//vOfM2fEdNYQhzPr0C+22GLpOc95Ts/rXU9E8Ziu
/sILL6wPxIg8sOTBWmutNSbe9txXeMhfdNFFkVxeI532ec899+R9tE8E91VWWWXSi+oUiOntKe9W
W22Vnx31gvtBAhKQgAQkIAEJSEACU5yAdvUUr+BRFk+7uj+A2tVL9QfOqyQgAQlIYOgJKKwPfRWZ
QQlIQAISkMD0JXDrrbfmwQFzzTVXAwQGjyyxxBJjIqxHQsyu8OCDD+ZlCfCa59+8886bB4AwAGXY
Pf2jHG4lIAEJSEACEpCABCQgAQlIYPoS0K6evnVvySUgAQlIYPAEpoywXuv4Hhk8HmOUgAQkIAEJ
SEACEpCABCQgAQlMDgKxdMnkyK25lIAEJCABCUhAAhKQgAQkIAEJSGAiCMxQWJ8I7KYpAQlIQAIS
kIAEJCABCUhAAsNCQGF9WGrCfEhAAhKQgAQkIAEJSEACEpCABIaXgML68NaNOZOABCQgAQlIQAIS
kIAEJCCBcSCgsD4OkE1CAhKQgAQkIAEJSEACEpCABCQwyQkorE/yCjT7EpCABCQgAQlIQAISkIAE
JDA6Agrro+Pn1RKQgAQkIAEJSEACEpCABCQggelAQGF9OtSyZZSABCQgAQlIQAISkIAEJCCBlgQU
1lui8YAEJCABCUhAAhKQgAQkIAEJSEACTxBQWLcpSEACEpCABCQgAQlIQAISkMC0JqCwPq2r38JL
QAISkIAEJCABCUhAAhKQgAS6IqCw3hUmT5KABCQgAQlIQAISkIAEJCCBqUpAYX2q1qzlkoAEJCAB
CUhAAhKQgAQkIAEJDI6AwvrgWBqTBCQgAQlIQAISkIAEJCABCUxCAgrrk7DSzLIEJCABCUhAAhKQ
gAQkIAEJSGCcCSisjzNwk5OABCQgAQlIQAISkIAEJCCB4SKgsD5c9WFuJCABCUhAAhKQgAQkIAEJ
SEACw0hAYX0Ya8U8SUACEpCABCQgAQlIQAISkMC4EVBYHzfUJiQBCUhAAhKQgAQkIAEJSEACEpi0
BBTWJ23VmXEJSEACEpCABCQgAQlIQAISGAQBhfVBUDQOCUhAAhKQgAQkIAEJSEACEpDA1CagsD61
69fSSUACEpCABCQgAQlIQAISkEAHAgrrHQB5WAISkIAEJCABCUhAAhKQgAQkIIGksG4jkIAEJCAB
CUhAAhKQgAQkIIFpTUBhfVpXv4WXgAQkIAEJSEACEpCABCQgAQl0RUBhvStMniQBCUhAAhKQgAQk
IAEJSEACU5WAwvpUrVnLJQEJSEACEpCABCQgAQlIQAISGBwBhfXBsTQmCUhAAhKQgAQkIAEJSEAC
EpiEBBTWJ2GlmWUJSEACEpCABCQgAQlIQAISkMA4E1BYH2fgJicBCUhAAhKQgAQkIAEJSEACw0VA
YX246sPcSEACEpCABCQgAQlIQAISkIAEhpGAwvow1op5koAEJCABCUhAAhKQgAQkIIFxI6CwPm6o
TUgCEpCABCQgAQlIQAISkIAEJDBpCSisT9qqM+MSkIAEJCABCUhAAhKQgAQkMAgCCuuDoGgcEpCA
BCQgAQlIQAISkIAEJCCBqU1AYX1q16+lk4AEJCABCUhAAhKQgAQkIIEOBBTWOwDysAQkIAEJSEAC
EpCABCQgAQlIQAJJYd1GIAEJSEACEpCABCQgAQlIQALTmoDC+rSufgsvAQlIQAISkIAEJCABCUhA
AhLoioDCeleYPEkCEpCABCQgAQlIQAISkIAEpioBhfWpWrOWSwISkIAEJCABCUhAAhKQgAQkMDgC
CuuDY2lMEpCABCQgAQlIQAISkIAEJDAJCSisT8JKM8sSkIAEJCABCUhAAhKQgAQkIIFxJqCwPs7A
TU4CEpCABCQgAQlIQAISkIAEhouAwvpw1Ye5kYAEJCABCUhAAhKQgAQkIAEJDCMBhfVhrBXzJAEJ
SEACEpCABCQgAQlIQALjRkBhfdxQm5AEJCABCUhAAhKQgAQkIAEJSGDSElBYn7RVZ8YlIAEJSEAC
EpCABCQgAQlIYBAEFNYHQdE4JCABCUhAAhKQgAQkIAEJSEACU5uAwvrUrl9LJwEJSEACEpCABCQg
AQlIQAIdCCisdwDkYQlIQAISkIAEJCABCUhAAhKQgASSwrqNQAISkIAEJCABCUhAAhKQgASmNQGF
9Wld/RZeAhKQgAQkIAEJSEACEpCABCTQFQGF9a4weZIEJCABCUhAAhKQgAQkIAEJTFUCCutTtWYt
lwQkIAEJSEACEpCABCQgAQlIYHAEFNYHx9KYJCABCUhAAhKQgAQkIAEJSGASElBYn4SVZpYlIAEJ
SEACEpCABCQgAQlIQALjTEBhfZyBm5wEJCABCUhAAhKQgAQkIAEJDBcBhfXhqg9zIwEJSEACEpCA
BCQgAQlIQAISGEYCCuvDWCtjmKfLL788/f73v0/rrrtuWm655cYwJaMeLYHbb789XXzxxbme1ltv
vdFGN+2uHxkZST/84Q/Tww8/nDbddNNkZ+m0awIWWAISkIAEJCABCXRNwHfFrlF5Yo3ApZdemn73
u9+lDTfcMK2wwgoyGWICt956a/rxj3+cVlxxxVxfQ5zVocwadvX3v//9NGvWrLTFFlukmTNnDmU+
zZQEJCABCUhAAhKQgATGi8Bswvq1116bfvGLX2QxasaMGWn55ZdPr3vd68YrP6YzhgQeffTRtNFG
G6Wbbrop7b///mmXXXYZw9SMerQE9t5773TkkUcmRPUzzzwzzTHHHF1Hee+996b3ve99WUz+5z//
mVZeeeW07777Ju7p6RJuueWW9KIXvSgX9/zzz09rr732dCm65ZSABCQgAQlIQAIS6JHAoIX1q6++
Ov3sZz/LYhTv4CuttFLaeuute8yVpw8jAewr7AyE9S9/+cvpQx/60DBm0zxBYCSl3ffYPX31q19N
L33pS9NFF13Uk1199913p+233z4ttNBC6ZFHHkmrrrpq+uxnPzut7Oqbb7657pTxy1/+Mjtp2Lgk
IAEJSEACEpCABCQwnQnUhfUHHngg7bzzznkkbwkEUe+ss85KT3nKU8rdk+IzAvJJJ52UBwrMP//8
6fnPf35affXVsxcwItu73vWuSVGOQWXyscceS2984xvTJZdckr70pS+lHXfcsW3UeLZ/5jOfSTvt
tNPQjuy+66670qmnnpquuOKKNPfcc6dFF1005/Wvf/1rQlx+//vfn+add9625RzWgwcffHD69Kc/
nTbbbLN0/PHH99QBELMSRNn6iSOuncjtaNrgfffdlzswyf+FF16Y1lhjjYksimlLQAISkIAEJCAB
CQwxgUEJ6/fff3/aYYcd0rnnnttQWkS9n/zkJ5PSrkZAPuaYY/JAgQUWWCAPvkdYxguY/gJsrukU
/vOf/6RXvepVuV8BwbbTgHX4ffzjH0+77bZbHug+jKz+9Kc/pRNOOCH3ncwzzzzpOc95TnrFK16R
HnzwwYS4/IEPfGDS2tWf//zn08c+9rH02te+Np1xxhk92dXUHYPUI/QTR1w7kdsbb7wxM+inDdKv
QnsgXHnllfXB6xNZHtOWgAQkIAEJSEACEpDARBLIwjpTTmMY/vnPf855YdQ1hvLTnva0PDKX0bmT
KTBV1YEHHphHErfK92QVGluVp5v9cPna176WO0TwZsZQbhdOO+209J73vKcrEb5dPGN1DLF5jz32
aBv9ZBZUmcb82GOPzZ0v1Fev3uYMLmAQxTve8Y70+te/Pn3zm9+cdB15o2mDf//739MnPvGJxKAh
OlOWWmqptm3FgxKQgAQkIAEJSEAC05fAIIR1ZkxCaEZc5939sMMOy96dDPR91rOelf9NJsLYj3jn
MvNVqzBZhcZW5elmP1wOOOCA7P2855575r6UdtchWOP13I0I3y6esTp21FFHZbu/Vfy0ZQayx2xg
rc4b1v1MY85McPR50X/Qq13N4AIGxTDjxJvf/OZ04oknTjq7mjy/7W1vy8+kTgNBqvWIXc3ACvoL
DznkkLTMMstUT/G7BCQgAQlIQAISkIAEphWBGTWvzpFXv/rV6ZprrkmLLbZYYsrkxRdffFJDuOqq
q+rGLR7XeGkzSIBp7hGKMQgmq9A4nhXzgx/8IL3zne8cSmH98MMPz6IpPPCox0sC7wlGlO+6667p
tttuy6gms7CeCzDKP3fccUeepYGBJN/5zncmXQfAMLfBUVaNl0tAAhKQgAQkIAEJDBGB0Qrr//73
v9MGG2yQPTqf+9znZs/fJZZYYohK2HtWLrvssjxQACESIXnbbbfNdjX2NiIdAwgmq9DYO43+r2CG
NTgNo7COQ0JMZb/brrulPT+wZ1pwwQXT9ddfn2f4Y7DIZBfW+6+5J69knfZll102e71/73vfm3R2
NQPWt9lmm76E9Scp+EkCEpCABCQgAQlIQAISgMCM2lRYIwjPCy+8cB5xPdlFdQr1f//3f3kk7Sc/
+cnECPIyMIDgla98ZS7v5Zdfno3G8jje+yeffHI677zz6rvXXXfd7PW74oor1veVH/71r38lvItP
OeWUxPTTrIW9zjrrpM033zx3rMyaNSt9+MMfTkypxhRcTJnH1PpMW/6GN7whG6pcd/rpp6e55por
MbUc9VCubU++SCOOcy31xrRc5Pecc87J1zHV/Uc+8pH6VF3k87e//W2uW6ZKJzz88MN5tDUdPu0C
0/198IMfzNPBs0wAU8kT/ve//6WnPvWp9Uv/9re/5Sn3KTdGN/mfOXNmTmPOOefMaZOHSJ8tHQvx
vR5Rlx/++Mc/1tfLbjalPUbvWmutlWNjZPlqq63WEDPrgsH6hhtuSPPNN1+uC4TnLbfcMs/QECfj
iYDRfM899+RdG264YfrHP/6Rvv71ryemymMmB5YToJ6bhb/85S95GQXaUrQL4qBuGTFPxwrtpAxc
893vfjfXM/tpWy9+8Yvzv/K8Zp8p169+9atcPyx9wHW0uTXXXDNPJ99MWO+lvY+mDT700EPpggsu
SHTO0UlDG6G90CH31re+tWVb6LYNljxI5w9/+EO9jZIW9QSLdoG142gXDMagM4l2DkPuM5aRKAPl
oEORwHMBb3hmBMCTg3K96U1vys+MZm28n3ZRpu1nCUhAAhKQgAQkIIHBExitsP6jH/0oD+5+9rOf
XRfXB5/LcYyxtjb13vvsnQdZf+5zn0t77713Q+K892LLUF4GN1f5YZMx+xbLykXYcIMN007v2Sm9
4AUviF0NW2wf7C/sFmww3qsZrIBdjK2D5yw2Pu/12HJMt49djYMA9iW2KPYx3rnYqwx2WHLJJRvW
tidfpBHHuZYBA6RHfhnYy3V4Z3/qU5/KcUcmsWNwRAi7AjsfW6bTzFjf+MY38rJ7X/nKV7J93cqu
ZsYx8hB2NflgpgPSwK7Gzrnuuuvq6WNrvP3tb29pS0W+W21ZdmuFFVbI3JqJ/rG2NlyxfbAry/Dz
n/889wOQJ+xP6gKbequttmqYnQG7GhuXZdwIzJz38KyH00EHH5SwMemLYqB82f9RpsMMZNhptKVo
F8RBfwb5/ta3vpVe8pKXlJfkWcuOO+64uk346KOPpvXXXz//azixyRfKxZTn2IMM3iduWGMTMkND
M2G9l/Y+mjZI3wv9QsxMh+MIbYT2gr2LU0Qz+5MiHnHEEYlZ8BggQx9PqzZY4iAd+q8iTuxq6ina
f3lu+Zl2xT3IvcJzAY6w5z5bfvnly1NzObCtCTwXGLzATB+/+MUvcrmY6QHnmMhDeXG7dnHooYem
o48+erZ2UV7vZwlIQAISkIAEJCABCfRLYEbNMBg588wzs4HKtFgYKhhOCLdsJ2NAxMa4QgDFwC4D
Rh2jsp/xjGdkT+dy7Xiu4dpWAe93DImSCx7BeL/f9oSHdLNrMRRDxMfAwKOaUO5nFPt73/ve+uVM
IUi9YCQRyuv4TprbbbddQycB+wnkEyE8Ap0gCLllQNyvGsYcx9jFSI1lAcprys+IjcQJP4wtDKUy
IFhj6CFQMjL6oosuKg8nxPFq50vDCW2+xMAJOnIwrulkKAN1jFGJqI5BFoNF6IjBKKNDolVgkAJT
xBEQ0TsNPuC8L37xi7kt8TkCHFdZZZX42nTb7DoGSFCvZWg2eKA8TucRjOlcahWazdDQa3vvtw3S
ibHJJpu0zB/1SFtn0AihnzYY5cbYZ/3Km266KXY13Gf1ncWHeCYwzWWrQAfe7rvvnts75zdr09Vr
GaxBZ07ZPvttF9W4/S4BCUhAAhKQgAQkMFgC/dom5ALhiIGVrN+MCP3Rj340r0uN3cjaxKX9ONhc
j2FsNWF9l113yTY1Yi8CVxl4J6as2H3Yt6VdzfJjYfOW1/AZFgjMTC1dckFsZAA8HtKtQinif/vb
385iIueW+xHly7xiG2CLhl1dXse11BuiJO/uZSBviJDkM4caj9332D0LuXEe52Dnr7322rGrvmUg
NuI8Xv3twlve8pb6zGK/+c1vZrMhEaxhg13NgG7Eygikj7jIoPaewxMDJ7BJGbyA7VzaLcQX7ZpB
I+QtbGMGTTNAGuG1WSBf2Omvec1r8mEG9tNO2gWuQQytths4MjiiVWh1HdO/48QQgfOaDR6I42xZ
S57ZHBko0CrQv4RdPJr23m8bxK7Gdm6VPwYAUI9hV995553Z4aBTG0TwZrmCskzY1Tht4CARYZFF
Fsl9P62elfFMYDm2VoEl2nAEIS3Oh3fZpptdx2ANnq1l+6Rs0R6bXcM+6rvanlqd634JSEACEpCA
BCQgAQn0QmBGbYTySIhQCL0hqPKZ6aI6iYO9JDZe52Ic8o8y8DKN8YGQHsZ0s3xgFIYBjrC52267
5Rd1eNAxEMI0HrSMUiYgvGL8Bz8MBF76MUAxTOKaUkDH8MUQ2muvvfL1Ibg/8sgj2duYUfocw4gp
18RmNDyeAIzoLgV48sGACMRwykCadHyQjwh4yGIQMbKYzgGE5VZTpPcjajJKGhGdfMCC8mJIx2hk
hN+PfexjCeOWY4wcRojHuO01YExuscUWeekCpoPHCGwWEO7hvPHGG+fR8xht1C/CNQHvA4xi1jsk
z4imUY8lG0bpI7YzGIPAYAQ6kDAmaWMYeHg54EFRdhZQRuqRUfecz0AV6pDzGSFOaCaYU/94A2A0
0jb222+/puflCGp/qm2QgSF4WVOW0qCtCuv9tPd+22AI6wxCoR3QaUXHEJx33HHHXBSM6eiQ6qcN
Bg+21D2dInih4MFBiPssf6n8ibpiN/VFHukAZZBR1DHHyvqiTePJEPcidU975HnJzBXUOeFnP/tZ
euELX5g/8yfS6rVd1CPwgwQkIAEJSEACEpDAmBBoJRZ1kxjCITZniFAIUCFmIfoygxX23aQKNeEV
W+T/Pv1/WbgOr2Dee9vZ1XjzMgibgGCNjYxH93333pcOOPCAbJ9jBzKwHM9mQpUfg1o5hl3N+zM2
PaEU0LHTmY2OAeXYROE1j12NtzE2CMewMUohFJsGz3ME/LD/c+S1PwyI2HTTTbNHMl6z9IdEWTgH
W55rWWaOwezYlq3WHu9HWMeuJu8MBqctUd6f/vSneYYs0sfGQejH3uAYXuAMHOjHrv7nP/+ZXvay
l2Xbkz6OsJtIpwzMBAZnBFBEfuoEJnj2ky5CKdc+/elPz+I7y7SRd46VbPBipp8i7CRs1oMOOigP
CmDgPDY3QmnMKhd5wMZiTXAGQHA+dhoD5k866aS600MzwRy7Gk9o7Gq8u/fZZ5/cjlqtL15tg/vu
u2/2diY/MVU+eaoK6/20937bYAjrDLSg/dHnw3OL5wsDNAj0SzDjImE0wjrXU/fEgV0d9wFOFa2e
lTi2hIMHA9H333//7OSAfc+zhDomcG9FPWBzM/AlnAt4vjA4neclg2SoBwL9TeVMhJEW6Rx88MH1
dkEaeOYTynTyDv9IQAISkIAEJCABCUhgQARm1KZbGik9XZl+qfyOx2+rKdAHlIeBRxPrSlcjRnxG
+MIoKAcMhPBHuTGm+VcN4SW99NJLp0svvTQb06UHL0Z1GDBxbXgEl8I6xxj9S17obKkKfnFsueWW
axDWI86ybBgdTInGSPgIGJDNpsmK40yXx+jyUjyOY7H973//m0cQEzdGfQiKnaYLi/WwKS+MmLaO
gKjNQAV4RVyRVq/bUkiuipbt4iI/MdgAI5wOkzIQL2InnQZVT+NgBmeEcQZpEJiGjQ40OnXK+6RT
eekcoQ0eddRR9c6kMi/xOeq6HTOmFUQIpi3g9V0amwzCYJQ+sylQppgKvt/2Xs0X33ttg3QWkT6B
jpkYBFMtY79tMEdc/OG+pd1V77M4hSn6V1pppfyVwRUMuCg7pqhLOgHorKm266gfGNAZ8LznPS/H
Uw7iYHBMdEIMql2WT0kFAABAAElEQVRE3t1KQAISkIAEJCABCQyOQCuxqJsUECmxBUtP0lVXXbX+
nfdLBNlWU6B3k8ZEnIOAx9TM1YAthfDFIOdywEDJgXdo3q0bQuElzbtziNThwQsnbDw8qMsQHvCl
sM5xbAuEc97pQ1iP6+IY7/qlsB7Hy7JhlzD4HNsuQie7GtsXW6sUj+Pa2IZNQ/qI+CEAd7KrGXSA
kEx5YYQdQkDUfve7350F6ogr0up1G0Iy3FhOrLQj28WFLbvRRhtlmwn7k0HvZSBe+joYIIBDAn0K
4WkMMwZ8MzsfvMOufvDBB7NNhl2NZ/zKK6+co+xUXjzpaYs4NYSwXOYlPlPXtLd2zBBnGbRAW8Dr
u5zdj0EYzMDGtpwKvt/2XuYr7q9e2yDtm/QJTFeP3cs9VxWTow3SB0I/UBzv1AYjj7FlFkTu01bC
OgPPGfRAYDDNF77whdnsavrZvvzlLycGHlHP0a7pr1hmmWVy38LVV1+d6AsjYD9zj9FuyH84VbCf
QTsMCIny5Aue+MPsjNQX9127dlFe42cJSEACEpCABCQgAQn0QgCX4Zp5+7hAhmjI2tSMKN16662z
1yuGDwJgu1HpvSQ4XudSBgyn8BqvpsvI15jWrVyzm/XLGI2NIR2BqbQQZomLl39EOowXPLQRK9nO
1mlQuxhDkJG4nH/xxRfXPZpD2GwmrMexVsJ65BUxD8E3jM7Ia6dtiN/thPWII86tip5xvLqNvDNA
AW/p8MzGOMKwCXZ4K/cbyjR6EdYxqpgGDCOecoVxX+YDUZ0ZCKr5DA6HHHJIg1cDBl20gSrPSI/4
Mb65r2gztCUGZ9BJEkZ0mYfyc9R1K/6dhFriChG/FNYjXo53297LOovre2mDjJzHmwFvgWahVRmD
favjzeIq99EBgBdBK2GdjiSmzKPOy8EgZRwMoKBzCIO/9KwPDtXZALgW75ZyUErEN4h2EXG5lYAE
JCABCUhAAhIYHIHRCOuxVjW5QSBD8MMjF69l3sPx4MXTFQFwstnVeKzyLo5tXQ0I4SynhDcwoeSw
ww475IHL2G8R8HzFPiGuEMkXXGDBvO46g9J5d8dmqAbEQZb6YjAzIjB2CCGEzWbCehxrJaxHXqkv
bJRy4H01/WbfEb+p03bCelwX57YTduNctpF3RHU8kxlITcCmYQBHsBtNmy3T6EVYj0EQeMpjAzez
q2HCIIVqPoPDUUceld6947tzmfgz8r+R3AaYnaDKM9LjPGYxIF5sU9oS9jRiLmuftwvUNc4irfh3
EvCJm3uaJeNKYT3aEMe7be9lncX1vbRBZk1jRgfuo2ahmdDMedineHe3Ot4srnIfg9CZIaGVsB7L
GFRF8zKOv/71r9kphAEKpWc9nvHMdshgEgT0ckp67OdyQEDEh6jOM4HQb7uIuNxKQAISkIAEJCAB
CUigVwIzaoLSCCODq+tyD1IM7TVTgzyfkbyMgGbaNjx4KWdM+R1exiGQdZNuKbrG2uXtpiRvFmeI
w6MR1sPjufSubZZWdV8IlVUhuHoe3+PcXkTN8O6GE8I3hlVMwV4Vppul2Wlf6bGOkUVHVadQCtDt
8kCHF94RCN/lQIh2HKINVHkyPR0dLXR+tAqd8h/tshX/kgVTuzNooBrCq7qVsF49v/q9bO9xLPLV
bRvE6I1BFsSBEE2HAh1FTHtPaFXGduzzhR3+dBLWQwBvJo5H1HDecMMNs7BOR0Z4GgWHkm1c0yrf
g2gXkYZbCUhAAhKQgAQkIIHBESgFr15jZYruNdZYI89k1bAudy2iQYqhveZrkOdjV7PEGDYswhgD
qWPK7/AyDqGwm3TrouuCz8xrlyP4YTe0mpK8WZwhDo9GWMejlQEPvdrVIRJXheBm+YxzWwm7za7B
nsBGgRPTYGNXY3/hJV4Vpptd32lf6bFOWjG7W7vrSgG6XR6YuQEPeLzEy4EQLTnUXD1Yv542UOXJ
eu6s1c4g6GaBeuuU/07CesmCfgBsv2qIGQ5aCevV86vf6+29ZgdHiPul2zZ4xBFH1Kc5Jw6E6Jkz
Z+b2wbT3hFbC+VgL6yGANxPHc8Zqf7CrmcmD58evf/3r/JljIazTBlk+sBTWW+Ubu3rzzTdv2S6I
l3ulm3bNuQYJSEACEpCABCQgAQn0QqA+FTxrYuO5GQFj6OUvf/ls3rtxPLaMHke8I7B2WvkSHOeM
55ap1BFyEUcZPV/1CMATHQOVDg4MO9bgxqCJadxZz4k1szEamwVGxzOaFgOO9awZWd9KFGx2Pfva
CesMAKAe+FeusR5xtRPz4px22xD8qkJws2vi3HZidPU6yhZroMMFsRfDFKYMZGA09mgCIjkjkzGS
2omh1TRibWvWfKtOSxbnRjuoisnBoVk9txLWuS8w9vBypqOJDgECa4ixHhihmk7eWfyJum6WLqeV
rDFA8RqohihTKf7GPs7tpb1H3JGvMs44Vt2SR6YKZDALs0Swpnp4mHAu6wOyBlqrMgb7XtpgmYdO
wnrMUsDzgs4a1kushrIM5X3TjkPku1quQbSLav78LgEJSEACEpCABCQwegKjEdZD4GXgKNNIs3Z1
BN43mb2qmbAW57DlPRHbgcC0yBNtVyOkI+Qijh544IGz2dW8IzPbFzYey6JhGzAbFDOqYSszBfgS
SyzR0q7GLsSLeEbtv1123SXbSL0Iz3AK7s2EdQYA4IWOLYLoV+WJTbTCCis0eCATZ7chROKqENzs
+ji3nRhdvY6yxRrocGEAONPusw459uVo7Wr6OxBBqafquuHVvJTfY81zlnrDRms2ICHaQbXNB4fZ
6rmNsM59gS2NGMsAA2YTIzCYhTXXCdV08s7iD3XdzmO9ZM004sxWVg1RplJYj309tffavRGhlzbI
/cZzhMEsrFPPbHylXc1MivSDdRLWmY0Sm7zX0Mljnan/maWDWQRon63s6igD58eShv0I6920Cwaj
tPKw77X8ni8BCUhAAhKQgAQkIIGSwIza2lEjGPus1YxhFYFOAQy5duIfI05jXWquYwouOhKe/vSn
RzTjvi29eMMjvZqJEEPDYxhDHFESz/1WAiVx0LnAv1gLrFx3vfRwjvQQgZleHyMQw3OeeebJhzCK
mBq9mcc64h6jaluJxiHmtToeabfahuBXCoSdzi2ndS/PfeSRR9K8885b7sqfmSYN47wM/QqjZRzx
mTpiTS0CI5ibGb7MUkAZEfbp0IlyY3ziSc8gkGoo67MUWePaqkjK9dGWqjzZzzRmDOBYdNFFG5IK
L/J29xYXRF03SzcixMDFiGZKPAbHlFPxlZ76ZXvpt71HmpGvMs44Vt3Guey/+eab84j6OIf8xWwG
rcoY7Httg5FGJ2GdezMM+ngexLWxjVkY+E7HWUw1GGVrxiHyXS3XINpF5MutBCQgAQlIQAISkMDg
CIxGWMdGRPhkNiYGrm633Xb1jOGxy3rN7cS/cl1qLkTwZQa5ibSrSy/e8EivF4oPhRjKuy82LIOI
EX+xq1sJlFzaYFfX4tl7n73TF7/4xdk8nDmXgN1w8sknZ3uCwe1hV7cT1pkqG1G9lWgcomar44+n
3PpviMS9COvltO5lzK3samYlK9cwR8BFGGWd9UEEBjlTfuI977zz8lTn1XiZpYBjDJZfcskls3MC
/UYI+wjdDAJpCJX6pF8pRNZg1rWw/kQbO/bYY7NAGmt4R3rhRd7u3uLcTsI6bXnHnXbMThPcx/Rp
lXZ1eOozo0LZXvpq75H5J/LFvV7GWRxu+BjiMztxxlhooYXqx7k/Yi3yTsI6ziextEA9gtqHVm0w
zukkrGPrx9rorTzF2U//IYGB9zisEKJszbzdW3mskx/qg3iq7YIBSrRLhfWM1z8SkIAEJCABCUhA
AmNAYEZt3fAR1gJG5ONFlxd7XqpZIwpjuN2a1CEslfmqCozlsfH4HKI163wjmGGAMz1WBAxsRt4T
SpEsBFKEV17Q8daP0de8mBMPIlkphoZASlykxdRcYVhiWGCwwJA4MTqjs6YU/xEMGW3MGmF0umy7
7ba5I4IR/3ish3DNiFy88TFMN9100+wRwHGMKAKe+dHBkHc88YfrYEKYe+65s9CPhzBGOqOFiZPQ
rNMmBHLKfMEFF2QxGi9s8olBj2dCMzGSOFmnngEbBLzVWUOrHFGdD/T5p6xjojj00EPzuloY7Ixg
pw3imU74+Mc/nj70oQ/l/bFONuVh3e1Yn572zswDn/rUp/I11UEA4e1OR8j73//+ert47LHH0kc/
+tHEum/VqdhjNgPaBXHjWRCB6cQxKMu2FMdoGwTqk/uLDgzS5R5ltgUC9RiGftQR+4mTMjCQgM4s
uNAmCbQn8sm1hH7aez9tMGZgID9wpGOI+wrjGaOf9kOoss07a3+ifN22QTrpok3DiHvw7LPPThdd
dFG+/+J+ifbO95133jmvF0eaxx9/fJ5SLu59OpFYh57Ac6P2vKx7u8RyGVW2nMv6c7SVarn6bRfE
aZCABCQgAQlIQAISGDsCYav1mwLTiSOoI/IhzLG2N+/2rGvMQM12a1KHyBtp8y7ajWAb54/FNkRr
ZrKjT4BBvKWYx3s6a06TV7xCs0j2hBCKcIrwiiiGV3u8WzOo9dhjjk2f3v/TDQMNQiClHKTFOzme
8gSEsw984AOZIXFybtj3pfjPe/dee+2V7Wq8YbE7GMiOhzEDnqt2NTbt+uuvXz8edkK3djVxvuMd
78hLiDHIOWyQsDNy5p/4EwI5bQO7mD4D7GryCSv6YWJwQnldDNjgPAI2Jf0cg7KryzqmjuhfYFpy
7GrWw44Bxhzbf//9s23NAPa11147Ow9QHtpBrE+PXY2Nh43MNVUPfbzd6ftguYQ999yz3i4e+89j
abfdd8u2a8NU7LX2xGwGXEe7gHk5QB4bjxkImwnrpV1NG2KpBtLF4aGZXR11BGcE3s9//vN5IAFt
iEEf2NYE2hMDErJd3Wd7D7u6lzaIPf3CF74wt2lsTWxTGFO2L3/5y7kPi/zFUhQcKwN9N0ypj9jM
tPHVNkj7KwXxql1NfeE0wuAhngNxv0R75zv3A/cugf4W+iciHzw/YEegz4vnZcwiwbOOe4jBOQy+
iD4LziU+loeolmuXXR5vF8w8SV9d2S54/tL3o7AOQYMEJCABCUhAAhKQwFgQmFGbQmskpu5ulkBV
MCzPaSas4w3MC/9EhVK0jjwgSjIlFXnDoCAghvGSHlPFIwDSMXDbE9PvYaxipOG5jBETgRd+DIoY
dV16T3MO182aNStOz1umwN5jjz3qhgM7P/3pT6eDDz644bxmXxCJ4VkK1c3OY18z9iGgtrom9tMJ
RH7CuGE/xj4DDIIJgy4w3MrQysO/HMDQ6xr0ZfytPt9+++25vsq6qZ5birEcwwikjiOwVjbiK+t7
RcD7GPGU/Qj41Xtj6SemDCddvDHKUAqvIaDGcQw71pmDX7TB6rT04eUc17TalgMVMGDpHAiButU1
sT/aSK/tHR79tEHyF1P3Rx7abasDc3ppg9RXTDvfLg2OlW2yGQueF0wvGO0L5uSNThtCzG6Qvzzx
hxky6ACkrunwilDWVz/tIuJxKwEJSEACEpCABCQwdgRGK6zHdNIhgpY5RVxqEAzLg7XPzYR1RDfs
h4kKIVoz9XQE7A68UnkvxnYhIJZhH4ddjRCJCIqITsA+xo7APuRYBDyDGbwddjViIYJbhKpdDUO8
bRFt6zZrTdjc52P75KW+4rpmW65FvGN9Z9JtVkdxHefOxr4QUOO8Vlu8ycvBuJzHVObMWhBMGOBd
ciXNVh7+5QAGHAB6WYO+VR7L/eSJ+irrpjzO53JAAN8RZrkmAlyxF2NgPfvxwmZmNfY3uzewm3Aa
uPfee3NfTcTFFnGfa58y4yl1YT2O42QAS/hFG6RdltPSI86WszHGtdVtOVCh9Eqvnlf9XraRXts7
90k/bRC7mkE6TN3fTaCNx8xsnI9dzeCCVm2Qc7ivsWWxq2PKdva3C8wmEG0S2xmhO9LgHuZ5ceed
d9bbF04A5C1m9aO/ioELZcCW5jryz8CeCFxLvRNvCOtxrFm7YBAHAyKoL4MEJCABCUhAAhKQgAQG
SWBGbcTxCC/ZH/zgB7NBXEbOyM9SiCyP8ZmRvhi2THdHQMBmpDjG00SFqjdzs3ywJhWjacOIj3MQ
xJkSn9HJ1YBoiviMp0HdkH/iJF7899lnn3TJJZc0XMYIXaaowoCpBkZz0zEQ621zHCOG0fgYFyHM
4d2MoE3adDxUOxjKeJtNfc964njadwrkE2/nqtGBEMzoZKY0j0AeaC+I0OXI4DjONqa0X7omRDeb
Jr88t9/P1BfrqjUboNCqju+66658Pl7kZUCEx6ArR1XTviljWXaMOzygmU692tHFvcA/QgiviPdR
l2V6sOZ+KdtgeGeX5zX7DFME8liSACObQSLUUxne+9735k4sykCg3s4///y8vhzfe2nveOf32waZ
RYCZGUrxn7zQ/ukUYdq6ELCbteFu22CzgRCUs1mgA4AR8RGqsxbEfrbUFYMgwsuFfawzybMuAu2H
ARNMj1gdgFAOxumnXUQabiUgAQlIQAISkIAExo7AaIV1coaAyuxg2NERsK/w1sRbtFXgPRZ7jFnB
CHzGQ3Mi7erSm7lZvikXtljVpuHcsNN4j64GxHPEZ2zfql3NgGdsGkT4MiAofuQjH2kQCuM4A+sZ
yB7rbbMfkQ2bmsHtCHPklRnkmEUA2wPngVZ2Neci+GLH1UNNWKcseNp3CtiD9CcQTxkQBGGFnRxh
/vnmTx/7+MeyCBwz38Wx2MKCwcMI0Qj+5HvQgfrCfqbvoAzt6hixlHIyYLkMiPB44W+99dZ1BrRv
Zi4oy44wT9kYzFwt+3777Zd5M0V7LBOAeF+KrKRJ/sgD90tpV5fe52Xeqp9hSrso7WruQezoMhA/
A0goA4GZE5h5IGbA66W9M7NBX22wli6zCNAPwwCLCLQH+kOYRYD8xQAJlm9oaMO1C1gTHru2rAeu
Z5Y/BiJEPVBf9Hu1G4AS6SP001cWAbv6a1/7Wr5fY19saV8Mgijtatod6UfAy5x+taVrfR4veclL
GvLAd/pMqOsQ5Ju1C+IirWq7iDTcSkACEpCABCQgAQlIYLQEsrAekeAFjGHKKFoEotI4iXOabRHm
MYrDIGl2znjuQ4jDoODFm7xhgNAxQLkWX3zxjvnEGEAMpDwYFRhOzaZZr5YJz1c4MLUX7LrhQf5I
g/hJZ1gD+aRcMOyUT0RYREsEaQYOMFp9LAN5Y+03BGY4Yox16oTC+KXji/riXITRaufHaPLM1Gm0
IfICN+4r6hk2TJ1WTm82mnTKa2m3lAkG3dRTXNtve4/ru91yfzBYYa655srTN3aqo2q8vbTB6rXd
fid/tKUITDPZzb0f53faTkS76JQnj0tAAhKQgAQkIAEJpPqyXYNgwXTleHzzvotANFntaoQ4PIpf
9rKXZTuDacCxHSgX3r6d7F3OxRYPu3qBBRbo6t2aQbdhVyPCdUqHOsNWwObn3Z10hjWQT2xC7LVO
+USERVRn8DEDg7fffvsxLRZ5gz12NW0WkbyTzYZdTR1THs7F/h20XU385AW7mvsq7OpnPetZY2ZX
Y8uHXd2pnqJS+m3vcX23W+oo7Gr6FjrVUTXeXtpg9dpuv5M/7P8I5HPQdvV4t4soi1sJSEACEpCA
BCQgAQk0COvikMAgCDDynFHLdCIhriOkGiQgAQlIQAISkIAEJCABCQwrgUF4rA9r2czX5CQQ08Dj
Wc0gB+3qyVmP5loCEpCABCQgAQlIQAISmFoEFNanVn1OSGkYcc/Ue0zjhkfBaaedVp/am6nwWNvq
6U9/+oTkzUQlIAEJSEACEpCABCQgAQl0IqCw3omQx8eaAHY1U5szzTp2NUtpxdTe+9WmR99rr720
q8e6EoxfAhKQgAQkIAEJSEACEpBABwIK6x0AebgzAaY5Z63sWCe7vII1u1i3zI6qkoqfJSABCUhA
AhKQgAQkIIFhIqC9Mky1MT3zwjTneKeHmF5SYDk2lhhgqSqDBCQgAQlIQAISkIAEJCABCUwcAYX1
iWM/pVK+66678rp2rK1WBtb7WmaZZQa6zloZv58lIAEJSEACEpCABCQgAQmMloDC+mgJev0gCPzp
T3/K69lX183mO6L7INcvH0R+jUMCEpCABCQgAQlIQAISkMB0I6CwPt1q3PJKQAISkIAEJCABCUhA
AhKQQAMBhfUGHH6RgAQkIAEJSEACEpCABCQgAQlIoAkBhfUmUNwlAQlIQAISkIAEJCABCUhAAtOH
gML69KlrSyoBCUhAAhKQgAQkIAEJSEACEuiXgMJ6v+S8TgISkIAEJCABCUhAAhKQgASmBAGF9SlR
jRZCAhKQgAQkIAEJSEACEpCABCQwpgQU1scUr5FLQAISkIAEJCABCUhAAhKQwLATUFgf9hoyfxKQ
gAQkIAEJSEACEpCABCQggYknoLA+8XVgDiQgAQlIQAISkIAEJCABCUhgAgkorE8gfJOWgAQkIAEJ
SEACEpCABCQgAQlMEgIK65OkosymBCQgAQlIQAISkIAEJCABCYwNAYX1seFqrBKQgAQkIAEJSEAC
EpCABCQggalEQGF9KtWmZZGABCQgAQlIQAISkIAEJCCBngkorPeMzAskIAEJSEACEpCABCQgAQlI
QALTjoDC+rSrcgssAQlIQAISkIAEJCABCUhAAiUBhfWShp8lIAEJSEACEpCABCQgAQlIQAISaEZA
Yb0ZFfdJQAISkIAEJCABCUhAAhKQwLQhoLA+baragkpAAhKQgAQkIAEJSEACEpCABPomoLDeNzov
lIAEJCABCUhAAhKQgAQkIIGpQEBhfSrUomWQgAQkIAEJSEACEpCABCQgAQmMLQGF9bHla+wSkIAE
JCABCUhAAhKQgAQkMOQEFNaHvILMngQkIAEJSEACEpCABCQgAQlIYAgIKKwPQSWYBQlIQAISkIAE
JCABCUhAAhKYOAIK6xPH3pQlIAEJSEACEpCABCQgAQlIQAKThYDC+mSpKfMpAQlIQAISkIAEJCAB
CUhAAmNCQGF9TLAaqQQkIAEJSEACEpCABCQgAQlIYEoRUFifUtVpYSQgAQlIQAISkIAEJCABCUig
VwIK670S83wJSEACEpCABCQgAQlIQAISkMD0I6CwPv3q3BJLQAISkIAEJCABCUhAAhKQQEFAYb2A
4UcJSEACEpCABCQgAQlIQAISkIAEmhJQWG+KxZ0SkIAEJCABCUhAAhKQgAQkMF0IKKxPl5q2nBKQ
gAQkIAEJSEACEpCABCQggf4JKKz3z84rJSABCUhAAhKQgAQkIAEJSGAKEFBYnwKVaBEkIAEJSEAC
EpCABCQgAQlIQAJjTEBhfYwBG70EJCABCUhAAhKQgAQkIAEJDDcBhfXhrh9zJwEJSEACEpCABCQg
AQlIQAISGAYCCuvDUAvmQQISkIAEJCABCUhAAhKQgAQmjIDC+oShN2EJSEACEpCABCQgAQlIQAIS
kMCkIaCwPmmqyoxKQAISkIAEJCABCUhAAhKQwFgQUFgfC6rGKQEJSEACEpCABCQgAQlIQAISmFoE
FNanVn1aGglIQAISkIAEJCABCUhAAhLokYDCeo/APF0CEpCABCQgAQlIQAISkIAEJDANCSisT8NK
t8gSkIAEJCABCUhAAhKQgAQk8CQBhfUnWfhJAhKQgAQkIAEJSEACEpCABCQggeYEFNabc3GvBCQg
AQlIQAISkIAEJCABCUwTAgrr06SiLaYEJCABCUhAAhKQgAQkIAEJSGAUBBTWRwHPSyUgAQlIQAIS
kIAEJCABCUhg8hNQWJ/8dWgJJCABCUhAAhKQgAQkIAEJSEACY01AYX2sCRu/BCQgAQlIQAISkIAE
JCABCQw1AYX1oa4eMycBCUhAAhKQgAQkIAEJSEACEhgKAgrrQ1ENZkICEpCABCQgAQlIQAISkIAE
JoqAwvpEkTddCUhAAhKQgAQkIAEJSEACEpDA5CGgsD556sqcSkACEpCABCQgAQlIQAISkMAYEFBY
HwOoRikBCUhAAhKQgAQkIAEJSEACEphiBBTWp1iFWhwJSEACEpCABCQgAQlIQAIS6I2AwnpvvDxb
AhKQgAQkIAEJSEACEpCABCQwHQkorE/HWrfMEpCABCQgAQlIQAISkIAEJFAnoLBeR+EHCUhAAhKQ
gAQkIAEJSEACEpCABFoQUFhvAcbdEpCABCQgAQlIQAISkIAEJDA9CCisT496tpQSkIAEJCABCUhA
AhKQgAQkIIHREFBYHw09r5WABCQgAQlIQAISkIAEJCCBSU9AYX3SV6EFkIAEJCABCUhAAhKQgAQk
IAEJjDkBhfUxR2wCEpBASeDyyy9Pv//979O6666blltuufKQn4eMwO23354uvvjiXE/rrbfekOVu
+LMzMjKSfvjDH6aHH344bbrppskO++Gvs2HO4axZs9IPfvCDtMACC6TNN988zTHHHMOc3SmTt/Hk
PlWfuf7uT5nbYcoXxN/pKV/FFlACU4rApZdemn73u9+lDTfcMK2wwgpTqmxTrTC33npr+vGPf5xW
XHHFXF9TrXxjXR7s6u9///uJ9/ItttgizZw5c6yTNP4pTIB2dOqpp6YFF1wwve51r9OuHqe6Hk/u
U/WZ6+/+ODVWk5FAlwSmnLB+ySWXpP322y8tssgi6dnPfnb6whe+kOaee+4ucXiaBCQwlgQeffTR
tNFGG6Wbbrop7b///mmXXXYZy+SMe5QE9t5773TkkUcmRPUzzzyzJ4Pj3nvvTe973/uymPzPf/4z
rbzyymnfffdNM2bMGGWuJs/lt9xyS3rRi16UM3z++eentddee/JkfgxySps499xz049+9KP02GOP
5RQWW2yx9MEPfjAtueSSY5DicEQ5qPcSRPV3vvOdaeGFF04IlXQEGMaeQL/cb7zxxjwQ4uqrr86Z
fMpTnpLWWmut/Ls377zzNs34aJ65TSMcgp08/1/xilf4uz/GdXH00Uenc845J9HO4M3vr6F3Agrr
jcx++pOfpo989CNp0UUXTfxeH3LIIdrVjYj8JoEJI4BdzXvFb3/72/SVr3wlfehDH5qwvJhwZwK7
7757+upXv5pF9Z/85Cc92dX33HNP2m677dJCCy2UHnnkkbTKKqukz33uc9PKrr755pvrThm//OUv
s5NGZ+pT9wzaBDYK735hVy+xxBLpYx/7WFp66aWnbMF/+tPae8lHHn8vec5znpMOPfTQvt5LTjvt
tLTNNttk3QCbzfe/8Wky/XLnd+6UU05JV1xxRc4o9s4666yTf/da2dWjeeaOD43eU/F3v3dm/Vzx
9a9/PT9faWc4SO2xxx79ROM104TAUAvrP/vZz/KLYychhheJ9ddfP/8YMursve99b64+O5+nSSu2
mJOGAPfqG9/4xoTQ9KUvfSntuOOObfOOZ/tnPvOZtNNOOzmyuy2psTl48MEHp09/+tNps802S8cf
f3xPHQAxK0HkrJ844tqJ3I6mDd53331ppZVWytm/8MIL0xprrDGRRZnQtBEXN9lkk6Z5+PjHPz7p
OgN7aReDei9hdPKWW26psN60FY3dzn64I3LutddeTTN13nnnpRe/+MVNj43mmds0wgHt7KW9V5P8
z3/+k7baaqsExy9+8Ysdf/er10/H773aPwyyefe73509ueD16le/Oh133HE9/WZPR87NyjyVO1Yv
uuii9I9//KOjEMO7+ktf+tLsDfid73wnbb/99hkVA9bxjJ3KjJq1CfdJYFgJcK/ybo3QdNhhh3Uc
sI54hOi222675YHuw1quqZovHH722Wef/C7/ve99r6ffaOoubEr4YA/0GscwcB1NG2SANkIq4cor
r6wPXh+Gco13HhAXERWbBfrOsK0nU+ilXZxwwgl5kAnlw5mOa/t5L2FWxpe//OWjimMyMR6WvPbD
HZFz5513bloE7Eu0oGZhNM/cZvENal8v7b2aZq+/+9Xrp+P3fuyfN7/5zXkgB7wm6+/tdKzriSrz
0ArrGP5MaXXbbbd1xSZEun//+98JL0EergrrXaHzJAmMGwGm8Pra176W6DTGmwqvqnaBEY3vec97
uhLh28Xjsf4IMI35sccemztfqK9Og5yqqfz1r3/Ngyje8Y53pNe//vXpm9/8Zvamq543zN9H0wb/
/ve/p0984hPpgQceSJ///OfTUkstNcxFHbO8cd8zsvxb3/pWWnPNNdNnP/vZ3GF/1113JQYf0IEf
HSVjlokBR9xLuxjUewkzfQQ72tPTnva0AZfK6JoR6JU776+vfOUrs4c23kX8hjFtP++mtAVGPbca
WT/aZ26z/A9iH4ND+A3oRxjv9Xd/EPmdzHGwdAjPxG7sH36To07wYOPd6q1vfWt6wxvekI466qhJ
93s7DPXWT+fsMOS7Ux5oV6uttlp+DnU6l3aFVyWzSvHM+sMf/pBe+MIX5pngFNY70fO4BMaPAL+v
BxxwQKLTeM8990yvetWr2iZ+4oknpre97W1difBtI/JgXwSYxpyZ4KgnvN96tasffPDBPIiCwYpv
etOb0kknnTTpfudH0waxqz/wgQ+kP//5z3n2lGWWWaavepjsF3Hf77rrrunwww/Ps+EddNBB6VnP
elb605/+lPBi33jjjfMMM5OpnL20C95LmL3gBS94wahEcd5nGIAAO2bj0a4enxbTK3fsagak47H+
rne9K+GFjl1NG/jXv/6VRc9WdvVon7ljRaSX9l7NQ6+/+9Xrp9t32s+qq67alf0DmxikiF3NuxWi
+mT9vZ1udT2R5R1aYZ0pLhiBO+ecc2ZvVaZgoBOeTmU6BvBgZR+erzyYQlgHZlx7//3359GM888/
f+IBFKGbl9jyfK7r5pqIP7ZlHO2uL8/rN61Is912UOmU8bQqV3nOWJYpylum1ypPcS7b8ny+d3MN
5/UTmqXFvk5pNruuU/r9XNMpzok8HlPwlvf3RObHtHsncMcdd6TVV189e73j+cRzezKFydQGy/u/
0/OFOijP5zvXsK+bazm/24DHKkLR3XffnRilvHQP09OVeew3X4OIo1rWXtvFIN5Lqnno5nuzso9F
HZOXiUqLtLtpG2X+ymsGzSOWgKCdX3bZZempT30qyU3qQMcEHtEh4k7qwgx55pk6n073ueacK+24
0475NzPsn9VXW72+D/uHTvWyTm6//fY8Mwoe68wyM9l+b4ehaqaqsE67WnfdddNcc82VO+RpG3TC
M/iPqaTppGcf0xMzoDKEdeokrmUgHLNXzD9fza6u/UeYUfuP/9uG2qlxPud1dU2TCMtneMtn/oDS
apL87Luqac3oBGL2KNgT5WrHJc6JGFqWP04Y7bYoW1dpFeeTdFfX9JnHkkUwY1/bNKv566bd1vLX
LK2c7Vp8Hdt9n+WLyyLtKGPsH802puCNjuPRxOW1E0OAQXfLLLNM7uzn3Wyy/c7bBkffbrCr6Vvh
N/zaa69Nyy67bHeR9vkcrEYezyb2t33uVi9s873XdoFdjcc+sxgw+K/n95I2eWl5qMrvid/8jr8/
LSNsc2A806plo6xTctVNvZbXNPxODfj3MZaAoJ0jyo+1Xd1XuVrUV6sa7rW9t4rH/Z0JxLMCXZHZ
ekr7B4ef2If9c8wxx9SFdWKe7L+3nel4xqAIDL2wvsIKK2SvCx7uIdAwlTSeGOxjvVZG3pbCW3Rg
4y158skn19d05SXk5bXpXphGBG/2ZoGb57vf/W5iqs4IdES8/e1vb5h+iWOMYmGqRfLBv//+979Z
8GfkFC+6Z511VvbGwxNvrw/tldZca82IMm97Savhwh6//O1vf0sXXHBBXpP1+uuvT3BglBdeLfyb
Z555GmKkY+7ss8/OnS+cS/5hzgjI75783XTOuefkOHihwwux9DTkfOqE9U/oCCSwFhRTabz2ta/t
a/2bhszVvtBRzfRPhBVXXDF7geIJyZRIlIu1cvCQrZaL8/mhZE2mM844I91www1pvvnmyw9XPMgY
jcSIxUEFvFRpA6ytTGcUeWMWBtYopP3SadVsCqd+2gVt/pwfnpNOOfWUelrETefqVVdelWY9PCt9
+MMfzkyYeubHP/5xLjdrJuLZRPslj6effnq93hdffPH0ute9ro6DdoE3HZ1y1DPX0i54oeU+Y30n
9jdrF4wwZMTX3HPPnePDc2brrbdOz33uc+vxN/vAjxvrLzOlFfctU98Q/ve//zW8VNHG6WCGMWUh
HzNnzsxp8CNK2uQh0mdLm4zvzdLuZh/3Okxo71HHcN98881zG50160nuZXy0QViXbZCp0mmD3C8R
aK9M88a9R6D9MOqO6ZAwpjiXkZuk1yz85S9/yW2Q51nkjzioW0bMN2uDXMMzkHomUEZGibaaurhM
l3L96le/yvXDgCau4T7kpYXyNRPWaVe0n+ozl3uY+7sMo2mDDz30UH4O8vwon4P8fvAcbNUWum2D
ZT553mLkxYs/7ZF6avZMKq/DcKBdMG08U/vSzmHIffb85z+/PHVUz8F+n00NGejiC/cldUanPPdv
PNuYTpbR5njw8+xq9hyAH8/pKgueV8stt1xD6qP9LW6IrMOXMLZoF6xluf/++zd9NvEcKkO/7yU8
87hvuA/j2cZvbjy3yzTKz2Vbov3xrHjphi9N/3nsP/n5T/6ph0GEXtJiSYBf/OIX+feHdQC32GKL
/Jv861//OrcFntsbbLDBbHUc+aRN8UzkeU+5CM973vPylIAve9nLMqM4N7bxu4/QyO8fgbUpeSbx
nnjNNddkz6Ell1wyLsm/Nb1yv/POOxPPT9r5O9/5zvyeyW9DBJ673NNMW1gGruEZWD5z+R3p9Mxt
9bvf7ven3+fgt7/97Ty1fav2XpYnPvf7u1+2p26eg1dddVVOMt4HmRkl3gcZYc5vSavne+R1mLYh
rFMefqe573mOspQIXmqxj3cupuguhXXY0W74TXv/+9+fbZRgwW8d5/NO1Cz08lvc7Pqpsm+qC+t4
eDGNKu3q1ltvzR3yb3nLW+r7GDTG70szYZ3nJXYN52Dr8TvOIHje06vPtdweah2Nt9x6SxbqsSsj
8IxngDxe8GXg/Zb7l7zxD7sawZ/fP56lvB/xPsyzdN99982eevXre0yrfl0fH+DAuz+DW/jtggP2
B+95O+yww2zverfecms643tn5HdCfrewA7fddts82JBBDGeeeWaO40UvelH61Kc+1eBpyPkc5/eL
934CfRj0S/A8GMSz7ec//3l+p4T5yiuvnNsEwivv9JSL5wb11ewdlt9Xruc3mXdr3v3ptMSe4d21
VX9LH9izlyptgLZEOyBvzHzGu8RXv3pYOvrob6WXvOQljVH32S74feVdg3sl0qLd0pcBF+y7T37y
k5nJb37zm3w/kB/qFvsSllyH8we2APXIOwa2b4TRtAtY078QdUJ+eO53mhnriCOOyLPP4OXOfdvK
rqaN0zYpE2WhjdNHQhr8hmDnXHfddfX0aYe0ydG2R+51uPP+VXKnPwLueCwH9+DINtogeSrbIPdI
2bdDe8XGjT4q2g99Enj88htIe+W3s+z/KNPBfqIN8hyM/BEHdgzrPLMMULUNcg39hWET0raYWbPV
1MVlepSLPi/eHRdYYIEcN3XOey/3WDNhnec6dUceI9B2mT2J538ZOBfe5I06jmcTZSMOnvXsb/Zs
4n08noOIu+VzkHfgVm2h2zZY5pN0eH+POLmfqKdo/+W55WcGgnEPcq/w2w5HuPP8XX755ctT8/Oc
PgICnBDxeA5is8RzEIaRh/LiftpFeX23n7kvqTPsXt5tGcgLG+xC+DPggnfIZs8BZt866cST0vkX
PMlivfXWyyzoby8D8Udfe6ffYgbndbJXyrirn8Oupl1Qp1/5yleaPpvIRxm4j7CVmMWB34Ru30t4
5tFvHHY13HiniOd2mUb5ObelE2ptqcaPa3hWbLTRRvnZTh8WQil9o4MIvaTFOz5OC/zuUu+8v/Hc
wN6mLfD8I58rLF+r40aEOau0KZ6J3O+Ui8C9wWBqZj6ocud4/O7zvkZfJgEbhWcS9UGePvrRj6al
l146H+NPP9x552F2Cto5/fu8Z/LuGYHnLvd0tT+D+5HylM9cnsudnrm9/O5HHuJ9kOnoy+cgz0D+
VZ9Rzdo7/UmtfosjHbb9/u6P13OwzOswfY5nBe+3/B7Qpumr4XnJb0Hs412b3/5y4CH9kdwPO9Te
7Zkthedi/Cbwzs+ytq3s6l5+i4eJl3npk0Dt4TcyjP9qD9KR2o/8SG364JHawzHnsfZiWTOP0kit
M7S+r/ZDkPfVhPV6OWpecSO1F6K8n/NrN0/9H99rL40jtQd0/fwoP3FwvNk17Kt1KI7UOkDr19Ve
8Bvirf3AjtRuyJzvMg4+115cRmo/DPVre00r8tjrtmRRcuAz+aq9kIzUBLd6voi/9jBpKBd1UJsG
tIEN1/KvJnjWr60ZM7OVPdLkXPjUOrDr5/daFs6Hf+1HPucv8sC2TIfvtJHajAUNadUebiM1L6CG
clSvq3UMNFzTTx65pvbD1zSd4E4ea52hs6XVT7uoCZkjtReX2dIr+cA+2nzUL8fL/bUX2gaO1TYb
10UZum0X8KgZIg1xk3ZN3J+t/MGOfJX5b/a51mFTfw7UfuBmaxM1w3rkj3/8Y73NlHFQBo71W79c
1yt3rum1DfIcDN7V/Jf7m7WlfttgrTNjtroqn6/NmNVeqps+c8s8l8/yiKPX9t5vG+z1OQi7Xttg
lInnaU0QaWBY3mdxXrnluVabiqze5qnb+BcMP7nvJ+vtfTTPwX7bRZnfbj9TX5H/VtsVV1ix4bex
VxbkZTS/xd2WhfNG0y7KNgiLqN+4j1u9l9SMtNnOrT6bq2WoDUioc6+mE/VQ62Qa1fMv0uw1rZrB
X89b5KXkEftqg/Ya2gXp1YTE+rVluYJhzRgaqQ3AbCgXz9CauNr0ukiLbW0AR8N1vXKn3ZbvF2Xc
5Wfu82AX236eud38/tQ6IOq/+6RV60iuP6eb8Vt3nXUb3gd5p+vmOVjruK4/m6JM8Kj+7pNmq999
ruNdv7b2a9u6qnWo19Pi/FqHdr4/SsZRttjX7H0w8jmMW9ow9g/3Stg/tU6qzKU2WLK+rzYYI5e9
/H2O86LsVRb8Dpe2COWnrjr9FvOuz3nDyGvQeap1ek3JUBPeRmqdSiO1zuORmmCdy1jraM/tqiYW
1vfVOqhzu6ot21TnUOtkH6lNo9jy3qx1bua2Ub+g9qHW2ZntyWpbpE2yj21N3MvnxXW8S5ZtttZZ
OlLzIMn5jmvi+tosOCO1jsh8aT9pRZq9bksWkdfYkseagDVS65xuiLY2MKmhXPwm1TriG3hG+WoC
X/3aO26/Y7ayl2nB55Y/3lI/v58PtIXa4PKcP/IQ/8p02FfrMB+piVkNSdSEtZHaQK56fcY1bKM8
tKdBBJ6L1bxFepFWbTBIQ1L9tgvs5ZqoNlt6kT5b2PPsIUT9VvdXf9vLNlteF7xatQviPfDAA3Na
8Wf33XZvaFOcw/O/WeA9iPcBzmn3r9bBXH8O1AYLzNYmsKv5HYArv6tlXJSBY6MJ3XCnHMGdtGiD
r3nNa3Jeoj3ENvJXE5jr2aqJ6LOVi/Oq11TbEhHAMeKM82Mb+5tdVxO/6/FzPudiH7ULvK81e+ZG
OmxpL/Esj7hKuyvyFmlyTU20bHjmRtuNc7ptgzXBrp6/Mp2IpyZiNTwH+2mDUSaep/TrRjqUo9oO
4tzY0kbptw1ecW3kj/2f+9zn6vyiTZfHOSeui3iaPQf7bReR11621FfkpdWW3/n4bSTuXllwTW1g
bEPZ4d3qt7jmsNGQHtd3G0bTLso2WNZV1GFtwFXDs+L/2TsXuFuLqv6PAiqKXIQKNUtMU/NKZgqF
CFrm3QrzQolQhApyjoqp/IVz1EwKb2nlXUsTUTEtE1RU7GailaJpF4tD3rrnLTUF2f/1ncPvYe3Z
8zz7mdn7fd/9vmfmfN4zz36euaz5zZo1a2bNRTQxF6d6Vdh5Zbj44osj7j6e4qoemItYhivNC51O
NHhftOod80hXXblbZxKdZoDv4iq8fOKZMXuC7ugdMtSuOcvGU1742G28K8UdvpVs9+mmz4xPUlcj
c2v6H8+Dwk0+dC5TDlJG21nd4S4c+vp9woMh+ChszrerBafkIPpgLpx/l5OD5LeqDp5FLvo+0xYb
xHJSFvWjtkgpvvP9s8L58vtn0vTyVhgwhvLh0ud0/KN4zd+8CLCqKHY6q+Z7I7omgfw7TTbpnTeI
+glshNu55547YZLUVph0DG530kyV21aCd99sZfbk0ksvnZCOrUSfnHLKKd03FBphheGWSUJboTZj
2KSRMuGM0gYNDIA0KVWTl/Is9SmD7QiYMBhCcDIZS8dmK8y6MqUT7LZiNw74MbR6IUA5tm/bPrEV
gRETfttqsIiHx5y8bMVuzMdWA01sFVDEgLQwADNYKC2HD4+y52kjPzCljv2krN012eUD9n7wv3PH
zqg0Qh/lxxCmsqYT7D7vsc8MXEiPiX4misifvBgYgxvf/GQo6dbwBQopE7CkR7oYI1CSbOViV0d8
84Y9OgjxrH9vu+0mDD71LTWE1vCF8LLVXpFvwFrGhz6cMV6hwFMeYaVn7/vJfNs1H3kWI53Ka6uO
u/qHZyiPvlFOtUfRWOLX4F7LgyhMtqsg0g79dmRnLCsyCgx4h1GO+vFlqOFB4tsq9cgHtiJ0snPn
zph+yqs+nxQLOxkhLsRBkVP9QWPKTzX8XsuDpXKwhgc9JvRLyEkwpI35dubD6Zk+CoyEE3XLJKKv
Y775eqiRg+RXyxeitcT/4Ac/OLEVzxNb4dn1kbTtM844I76zXexxcsm3xRosavvikrIQdhG+8H0k
7WKMXiL6kJUYlZmkFY9IB1IY+V7OYISkzaBD0Q/Z7oaOz/rkr9IZ49fkxcAVGSF+x4cnmIx8+ctf
PtUXwyeiw3Yld3EkA2kjtkM3LlKTrLFddZ1shz4N/vlOf0wfRN9wzjnnTMmnHB4luEMneo/dQz6x
HRcdrSwEFL/TFuh7VCb5i8rcvn4fXMFb+aB7SR+k/Kk+CEZeH8SwXtoXKy/8tN8n/RzOiqO2Tzj6
Cy8HWUgHr/CtVA4Sx+uDym9Vffp8aMaIrvEP7yi/N6wrnB//KJzaFcZ3dGPpEKTLQkRfdttJ12Gb
jn9YHCHc7ZSLqXg+ja30vHmH9MOUY0Sn/jGiaxIoZ1hXOG+MSo3JjKEZS2p8R7qMB73Toiu+Ifts
t+GESUjGQpoc5BtjDjkMt/Awcig1bCIDmHB+8YtfHMuB3GPSEFeTl/Is9cHCrqSL42rboRplrO1Y
mtAO1VbSCXbbZTux3UxdH044hX36058+sVO1Iia24yyWBZo85oxzWeBOPhgSWcQPdqRhO1dj2NJy
+PDoJ9IvSJP8bBdrrGMZp8gPWSLHRCS8pHKwwJd07FSUKGO0wYF46MSLOk1SMolJX0bdgwV6A3nw
5ydDya+GL7QAReWyEwTiXBD9JXxLPnzzhnV0UPGsf28nMEzQg/XNL2qBvjF8YXfJxjxtlzRROkff
AN/AazI+9OHMOA26hJPKpt/y7eSKboLZdnNGnmUymvDoAnYEb5c/dU1d6BvlVHvsAhU8aOJbtO04
+1rchYHyor/BkR96neKg1+R4kO/IFTlknJ8vst22sazIKDAgPEY56sc75B7fMDbleJBvKQ8S33bL
RT6wEy6ivtoXTnmlWGAQYyGOn0MiDW8kIK74nW+pzAVD3vOHLJGr5UFkueSg3U09IwfJx8vBGh4U
jfjMXcHvYAgv8ic+8OH0LHkBHeBE3dK2fR3zzS+EGCMHiePlIPnV8oVoLfHZoMTYGf5VH0nbPuuZ
Z8V3jLeZq/ZtsQaL2r64pCyEXYQvUqMm5dzl9BLqKtVLRB+ykvlSDLDiERnXFEa+lzPMpdNm0KGQ
AVpATBp98lfpjPFr8qId2Ak+XfuGFniCMSlzbVqUwns7XaAjgzEa7/iTDKSNML9Au1BfZ6cGdfwE
fcgW4vDdTmCJ/T19A/qQ4vA9h0cJ7hDKBspt27Z1YxjSZVGX+J22QN+TukVl7pj+hzzXSg76RW6+
bCX9PvEkm8CNfsvLQfLgPX++30rloJ3uO6MPEieVg57OVXuWcRz7nMY//p3avt758Y/eUWb6HRaL
Ime8DsFCRO/Qn4Wt7WrPjn/47sc/Pn573pwIrKxhnUEKDIsBVRM2CGOYEIGqSWU6BQzffrISgaAB
HQyr+PgyFGH00Xsf3o4t6d7rOz5CnbxzhmF2KCo/OhQ6Fh8Xo59+L5qX0in1mWBm8hZBwB+/KStl
8pOUPl0EJt/5Y5Btx3515SAc6Sm8HZUWw2FAwvig9/J9WsuYnFN6CHv4Qvn4iX4WD+g9/KGy+ElI
fUexY7KeMIvuboIGOyotpsVEA7+VDz4DH/iEhR56X8sXdIQqF4YXpSdfE9WpYU88m74nnr6lhlCl
KezH8IXieF+8MjTBjuIAbnbkaSyfeBS5wJ9vUz5tBhPQRbnoCPXN14nS0rcavwb3RXhQmNlRbFM7
MjGaUFbK7CfLfXnH8mAOB9X1EGYsHoq8cOP942pmnw4TUXbMTvzu5XYtvytt0VXKg+AyVg7W8qBo
lE/fkWtn+s5ghHLwt+30bTPyAppZmMX3lK+Fw1g5uCy+EO0lvgw0nk/T+ItgQVqSXWA1ry9O8x77
u5YvPM+P0Uty9Kh8fbKZOPRlWmzFwj/q3KfF4BtshurBhx96rs1LfEs9Yfj2ugT0+tMbdMqN+IeF
WeCQ0iUZSZrSCRhs85u/nAxj4QtY8H2oPxqDu6dH4VnwxII1/23es7DJ0au4Y/sfBoDesK74YJzK
QYxUYJHmK37XiTb6Pq8vVl7ytXOvD2cWCqmukJkp36LzyxhHuXz/Tj9DXPRU1T35EocFlZTL64Oi
aVV9sKUNoP+IRhnMvWE9N/5RODACF8WnHtlJCxZ+8QQTgxq/5MY/1IPGP/TlhFeaW9XfnMP5+VQz
Uc7YF1kplzOswysYYfxkpYy84h/Fx0fH5L3fUavwtEvG3aljchaZw/ecYRijnnZrkjYTxN7xXW7R
vJROqU8ZmLzF2M3f1d+5eoIRFnr9JKVPF3ksOYe8YpGXd6Qnpwl/JshZRJY6pUV+y5icU3rQhXyV
Y8IR4yX5MH6WY/ciZeF9blc6E/R3v/vdY5iHPPghM7vdlc4YHxrsGM4OW7CX45n5iZS+Wr6A11Qu
DC+pk5GKekEGyoln0/d817fUsK64wp585/GF4nifhbzEpf/rc0wmg5V0JfEocoE/36Z8GjqxkD6F
vkmOtKgT8lVa+lbja/xOekO4Q4dw9zqenwhX/hioMRiRZrrDTpjZdY9TOzJJmzyIw4JUOV9ejE78
9o5FP/Agi42G3C6bg5uHGYuHCAMv2HHOU8nBK8hMlUkGAW9kzMlcEtG8HwZZ2od3okv5DskmHw8c
puSg/WbzSq6MtTzo8+OZcng+SL+j35I/f34BlsJBsxb4pnwtHBhXezlIHC3i8HKQ92oHi/CFaCvx
pROnRh2fxiJYkA6nBfi+2I5Q98n3yo2pQHN+1PKF53n0Wu/QS6h/r5f473pW+dJFKvqO7xe6oGNT
595pE52XF/57yXNtXuJbyozh2+sS0Ot3LXNiJ078w8Ks9JQdvktGkqbaAmNyfvOXk/ssfEEO8n2o
PxqDOzTIKTwLnliwVuKETY5epVPT/yguPhivtxxU/fThvEjbF2Zj5aDHYhWf0XFYJMpchBw8DZ/6
Heu58Y/C0VfQ/8rR99oV0zENv4jMy6WavljpN3/zIbCyd6wbo8846wjifWpmoMne1asIJtjinW82
AIj3Epliqk/xzg/i82eruOKdOUqXQNwdxbdvf2v3HSO823ufveNdCtxraIaNeFc5jN/oeAAAQABJ
REFU9z7KKT/rUOOdLdxt0ucWzasv3aH3NoEebBVvvDsoF84mSuP9EOk30WpCNd5nYquW0yDdb1tx
H+995AX3SHn8uM/FBFq8E8sEVujLr0tsxINoMwNDvI+Pe2XkbIIh3iPl8+HuDO7psyN04x08ubsw
TFkI973vfbN1rLTH+sqP8NzHxh3T3I3FHaq2OCPeBcP9WHIqD7/H8iDp2YRnbAv4NqGj5DrfOvpY
btv5FWwAGu+U56N4ljbCtxw/c48xd+d4bIkrWsfwBeFTZ4pAvHPGJtjjfTzpd/9bYX1d+u/ps8pF
W+TOJ+6Pw3HPEPdA5tpvmsa83ybmq3AXT9TwoHCwVeHxrkPR6GlJ8VR+hB3Dg0rT+6rrPvzJ3xTz
eDdNXxj4jnsWvdxWuuQ1lt89jyp+CQ/WykFh31c+j1fuGdnI/XVpO1NYMybHO/PgTe5n8ncBKozt
yon3SNpOr3hPnE1Wxk/CYawcJNIy+EJ0lfjqI1I+9WksggXp+PbP/WlDfbHPt+a5lC9E21i9JEeT
0uiTzcTxbZLfZriOdwVyx9eN97txuMX33SLeBbmMe+Bq8xLf9vE8+oIZEOPd57baOsDfyG/kuhmr
gy0YC9/8xjcpXnToaGbkj3fu8kI8Jl3g1re+dWxbusN8d6zd/9tgOt4dTtvjTuucG4O7j8c9wci7
XP/qw+WehU2fvPEyf16/bxNAwYwfXb9PXBv89eqDNhkydV+3p8+MPPG+PZusyuqLPmzuWfFtsUe2
3zfDeuAOUBu4Rl01JwfNeBXv+7NTGAL3GUoO6l5x2jt3n3mdxYwC8T7ZWrpzZdmIdyoj7YKxiy+j
p0fhuFfWFkNMhXvZy14W9SKPhcKTRl9fTNsAV+rGJtun9EWf91Z53qp3rOfqxyaMgi3Eijoiekof
X9lEUTADVLBFQ4E4flwNf9B20TNt4XAcVytd8jSjQ/yGHJXj3kt0Q5vojOMh+n6Pu/KzhdrBTl0I
NumtqDP+onnNJDjnBXLUDH/BdjSFD/7JB2dCI0fNwBJOPfXUmW+iFfy4n/1Od7rTTJj4wqbqTt92
ekyH9LjT2ePHO/pJOw0l3j/al18+8fxb0WbG36gnel4wY2wce/h86Du5X9KON499bm5cTR/EHbhm
bA5pHeep6H9ri/Lj2JEQyDfSZRwML5mhMN4xjG4kp/LweywPHnjAgeHkXz45zuWgs9ruRCXX+TaZ
Gk468aTwob/8UNRRGIfgxLO0kbSs+nb7299+BlviilbSoj318gWBMw5dh/tnbYI93oWdCdK9Ulja
Xo5Hu4DXPMB3dk1MuOwTl4XnPve5wTa9xC/LrFvalJ02FHE3o2nUUVI6mM/gvlrwsUVjUa8RT9gx
zsF2M2fvOQUT7n+m/7Ldep2cEQ70bdyRKudpSfFUfoSFB0mXsWkfDypN79uCuHhfax/+5E+7Iq++
MOhR6MRmEOjuWFe65NXH79zDTBtOsSCO4pfwoJ0EFOeekOU510e/sO/7nkvLv7OFX/FOaF+f/rsZ
mmMbopw8M9ZIHfok98aboSTqxfRvOOFAn2MG9Kk+kfHz8ccfP1Mvy+CLlL4xv8GB+kz51MddBAvS
of0ja+0Eq9gX0z+slSvlC9Fmm21ivXm9hDkf7tSmjaDb7LXXXlmylQbjv7S+FcG3Sd7RPu20hnh3
Nu2Fe5q525x77hd1tXmJb/t4Hn0BPOAV7h6Hv1WvZqwOtmAsMHaVQ6Yx1uLub5x4TG2AO6fhrdy4
2k6RCbaTPN4Hbgt3leSUPwZ3HwHauB+duu5r9z68fxY2ffLGy/yS/kd5bJQcVHtR3Yge+Yu0fWFW
IgeV72bxVUbfj+ZoVzjuYkcX9rqxLYKL96573lJ40qrpi3M0tHebBIHNtOPABEdcFWITlt2O9Rz9
2hlmitTMbh0dJ+p3fCldq7K4ysoGrL2+dVgzaSq/3HHMKX2L5pWmN+83K/Uol8rGnY0cScEqcsrJ
e5vAze5AEa0cv5fuHkrz1bEwymcIQ1YMpfFLf4u2HC9o1ZnKBe02YRjLynFVfXmxyg76b2nH1XN8
bl+4Me856pBV0MKBdNM/Vo0rLZVnDH6eB7WLj6NelNYYXzybayP65tuIT1O0juELH0/Pqh8zfsyl
WWFVl0pjyNdqfMpmkxuRd3UNwFD9D6WZfivFfVEeHMJBtKR4lvJgWkZ+q6778Pc7VrmXJpeGdmD6
tqp0S/ld6Sv+WB5cRA4OYS96hnzqJ9fOFEenMvS1N8KBM3IJvNjJobjCwWOrb310L4MvlEeJ38en
Po1FsCAdya4xfbHPt+a5D9++tERbjhdyekkuHaUxxCvEY6cJ/URf/wMNy9ixXpuX+Hao/YpfkD2U
W7vwx8gM7chVHbErXqcc5XCd924s7kpH4XN1rTB9vrDpk7nEEzal/T73eYGfMEQftInqTh+EX/ry
ZRff0Pe+8ui94qf9lL6Pafvs2kQOQoeXg+wgoUx+N7fSVb595VK4VfeHyuhpHwqXw0LhxROSGTnf
654+z632bJNse4zL7VjPFV67f3O7cc0oGNuf342rdMfwlS3yijqNz1f5cXd7ehyzD8fzonml6c37
bQtUOhlKO6HcXAFii2a7Ptcm2bLJiFaOm2aHU6+zTxxxCn5jMES2L+pEG8e7axes0nzLW94Sy6Zy
8d0mDOM7Tl/rc1ynB/3ssJ1Xj31p6D3HvnNfaSqbPEYckS+n8ozBr+NBw51dfOTRd4Sw0k998Wyu
jeibbyM+vmjlaNZBvvCR3LN2laM/zHMKq7qcF57vtpA01iN9ALvgoFG7d4fqf0zaCqPdk2NxhwZ4
kPodooErbQjDLm3Pg0M4iJYUT6450Mkvng/Fg/hgNeQkL/vw9ztWucIm57Sb0O+0U7rQ4GnLPed4
VPHH8iBXMPi84G2uQZIc5FtfGYewz5U3fUf9wIvoHjmneSAzCs3IMoUHZx2ljpySEw4eW33ro3sZ
fKE8Svw+PvVpLIIF6diioLhjPXc1gs9nGc99+PalLdpyvGDGrcifQzxAukpjXjjmE2k3aXuCz/mD
hmXsWIemmrzEt0PtV/xCu6TcuuYjLVPut3bkqo6wJaR6ArSPdWNxV3oKn6trhenzhU2fPCKesBnb
/yivjZSDqou0nxJti7R9YVYiB5XvZvGHyujLMBROdeB5S+F9/5hrU7zL9cU+7/a8uRDY8jvW012C
2g1khohu17s1gLgS3xpA3G3NjihT2Pk541iZxiotawzdN1ZdsXJ0zO6kRfPqMh3xAF3HHHNMsAFb
3MnFilzol7OBctzJYxOOU6t19T2Hlb6lvh2pFFca2zGtcUcMeeccuLFT2+8+zYWb926IttxOQptQ
jCv7WRHN7n1ff8pLdWOT4b27SxV2nm/HGgUbwMXVfqwYM6U7RmGlHbuGTExM7Z5W3gRix/9YHhTu
fXXYR+cQz5oBIq5qZGXj0I5134b68sm9V/1oV2EujN4pbLpTW99zPmV70IMeFHcSsDOLHeLsqABT
VrD6Fa25+GPe1eC+CA8Kh1w99+0ELuXBXLnVznL5Et5jzY5EcE6deNvzi94RtoTflbbo8mnqW+pD
4yJyUNiX8KCnYd6OdZ2UYQajuBNj33339dHjsy+DbzdDOIjutO6WwRczBI540cenPuoiWJAOOI3t
i32+Nc/CdyxfDNE2VI+eNqUxtGOd8ISj/2HXFCtn+Y1jxzf9Pv3PmLYTI835ryYvlZfV8nZ858wu
I+izQW53EoYZIeJpMugynETCyTJ2LFyWMlbZsyuMVfSqo3llJb+cTqAMxuKehh+jEyqOfGGTtlt9
x6/pf2xSIp56AYZnn3123H3u9UG7xy7uMPC7mX2e2nHO6my7h9t/GvWs+H071nWqDDs/2MmZk4Mq
A/2HT0e7rnO7uZVvX7lEPKcp0WbQTQ8++GC9Xhl/qIyeyKFwOSzgB3Qk+J9dLGN1T5/nVnv2O6e3
WtnS8tCWSnes0694jHJpEIZTzuArdluzI6pvXI1Ozm4xL4Np69ohn+aXlmHRvNL0hn5DF7scydOO
f407fr0c5TSJE044Ye6OdXb3D50QwFT9qaedGjixhfGMHePa9eMpfeCGTuDrJA0z5neuHhXPJg+D
Gc6mygVt7HjmNDi7Am+q/hRPdWOThzO7uBVmrI/uyljajIrBFuwGTnLC2UK2QL9EP+7zUd5FPGhH
7IE743S/Oz9LI+aUa6eCBnesowuwC52xCDv+/I4n0hb283ZOZemwl/N2rvl4Cpvu1PZh0md0IMZ3
NoEfcWGH+F3vetfYrtErlzGuhpfgKZugHt5J73CnntgZOcSD7G5EJzSDzNROR+GQy69vJ/B3rvpO
+PJXvhx58LKPXxa+9OUvRahssUF40YteFHkwzSfFUrvZcvkS1mP9/ve9Pxx7n2PTJGI5KJPnF5WT
wJwcUipzRZdPcybja15Ao12fGDhpCDkI/l4O2nG7UU/sK6OwL+FBT8u8HevwKacJcJIFc3A5fdKX
gfDIddwQDqI7Ldcy+MKXb+xzH5/6+ItgQTrgxFitZqewp2PMs/AdyxdDtA3Vo6dFaQztWCc84eh/
4CfaGroAjp388Dv9z5i2EyPN+a8mL5WXuVtOkEhPkIE+fxIGO2lpI7RhTiJh/DQ0rr7jHe8Yx9Wq
o7lldXI6V9yxuCuuwtfwobBJ263Sxq/pf6BpI+Wg6sLLL1+mRdq+MMvVs/IdwhM60HtoM+imuVPo
PK0b8TxURk/PULgcFov2xT7v9rzJENhMOw1MQCCmJ/N2aw3tFsqlYYOv7p5iG+h2uwFTbFilm9vJ
PJRfmsaieaXpDf1WWcHMJtumyqW7J/lmE7hT35Sm4s/Dm/C6u77v/lPCsGuXVbYmaLP5Kd8x/hBt
2qXmy6V3pvhPuB8ml4fukTQD18L3SLKjjLxYvZjmpR28fjdbLV94mtmJmuZFPbMT7BnPeEbc9afv
QzzLiv+hdjaEvdIf8lUXfTvXfFyFNWPKTNngJ3by+vB6NiNBLAPl0N+ydquTRw3uKksNDyqu52mV
VbsXUzxLeVDpeV91nctX4dgNCsY28Jq5+xj+02kRXo7U8rvyFF0+TX1LfYWFxho5KOxLeVB0UA++
reu9fO1Whj5Wl+q997kTSHzMDkN9U9lyOIjutO6WwRfKv8Tv41OfxiJYkM6QXPP5LONZ+I7liyHa
hurR06o0cvWtcIRhd7cdfz7THgmjFcxmbJ5wl5Ti1fi1eam88LQdoThDA3dVit/RyZAj7BLi3dln
nT0TXrRLx9Bv3w+w80fvvc/dsOwMtMmS7HfCjsHdp6nwQ+3eh/fPwiZttz5MTf+jnclmZMjKQXZ7
860v39e99nUR/7H87unlWbul035K4VRuaDDDw0xdULeSg4TxclBlYwc+vKI0fb595SKMGcM6fiNt
diz4NFbheaiMnr6hcKoDjwV328OnlNsM79lyg33f+MfnvVWebQJyj3G2sCLyft9OWgGhHbe53RW5
NJCB7CyCr2jzWWe7g21icmoXqcIN5acw8hfNS+mM8VVWyoWs8Y7dW+z25ptNOPpP3bPiz8ObCLYY
KNYN959e+e0ruzT8A7t22cltx7z611XPQ7SlO9bJQDt1zKg6sQVhM3lCG/cb02+zY506rXbX7CQn
ry984QszyXDvJfl4/qziC8tH91BDs00Kz+RFPaNHPfvZz467/hRgiGftSpbBdibs5+2aVF6pr7qg
H53nFNaMKTNBqTN28uYcp5JJL5Nvi+9zQaveCXd2EY/FXWVhXJ3jQQjx6XoeVNxcW9XuxRRP3pNX
jgeZ3wKXeTsqbRFFDJfLV8DpFEhOaOBuYe+u/s61O/U9v9BHkzc02MJDH+Xa5wGZK7p8mtdGnH5S
WPLKyUGdZtBXRmFfyoOignoYwtkMIR2v2gJbRZvy0XfEx7Q/OZUth4PoTsu1DL5Q/iV+H5/6NBbB
gnTMgBx3rA/h7fNb5Fn4juWLIdqG6tHTqDRy9a1whGF3t22sy/bF8Bi8ZEbIiS0AU7QqvzYvlRc6
zNg3k7dtNOz4HflAP6b7obkjvs/RJ9i1Cd1n3w8wnz3jTMbYlRMTu4pz8vnPf37ms16MwV1h8RW+
hg+FTdpuffq+nxjb/yjdjZKDai9pP6VyLdL2VbZcu1C+Q3h6+Qo+tsBWZK2MP1RGT+RQuBwWi/bF
Pu/2vLkQCJthIgTjGUosx3vSOJkQ5h3HQjLhk5YB4wkTy0wWcQSUvhPW7mDq0mDQpW+a9EdhpkNC
USQ8f7aTphscphOl0GArU2Kayk+08U3pe782L5/GmGcEATSBmd03GyfZMWrb/VSdsYtvHM3uJyMJ
A952h2WHlS8T39L8EepMJpAehjaUVOEHDkxw6yhXP6mXpjPmN+m+973v7Wjz9cg3jkdNy8Wg23ZC
xfdgwjGioo+yaWEA8ZZhgNWgyFbATlA8lBe+OpuUl2r4grSFO3lhmFJeKFG2sy+Wef8b7574EL6U
WfXBRDmdAPFQtsQzameKU8MXxCUePMCf3T030TGKGDTIV9/IX3nJl2EEmlgQQRgGr7Yae6Lj3XOT
8ORj99rHslOntgsruyhG+ZT6NbjX8iBltjuFZ3gamiknR/lSRvD0GNbwIGmqPmjnGKPUlshL33gW
ZqojwjGYRl7yHUPVKaec0tUB/OTbag2/1/BgrRxMyzeWBz1PU17qh7j0RV6OKn3qjElW8OPPdvBP
9T8yhPLN7vTrZDXxSuUgedbyhegt9Wmv8JLnU3ARL3mercUCmkivtC8uLYsPL74fyxc1egn5eZ5R
GpLNwtD3yWAr2U4bA39w1R/9PbxEGssyrJNeSV7oC8TRHzoBBj7q79WvenX3nj5bixm1kIE4hGfA
rjKhb/jrHujHwA4sbJV9TI96uvDCC7u2RV4M/EUD+o6v31Lciau+jrS9DurT8nno2dfjGJk7uv+5
xuBBPmAEBugLGFiR0dCLPsixxMLBdkZ2Mkb04YvfmdRI+2IZ5X1fLCwoG3nR75N3X7+PDio5SDiM
3V4PX1QO9pULHlJfJAwoj9eJPQ7r/Qzv0L7HjH8oywfenx/j8E26MVjwm7L48mO0YvLD405/bick
RP6g7tFj1huD9c5vcw3j66jFeIaRiStB4HsmhHn3ta99bTKxidHU0VcwsYzhkjYtx6Sr5DlpMPkZ
naWhSX/4Cl2FiVzC80dfdtZZZ8W8vTGUvKEBPQq6+EYfINoifcpcfm1eil/gI8toB8goZCJGL4za
6Lu2Uz3SzDeOZqe8coQBb+Rtijdl8gY/xUFmkxbh0dvIW/gRhwlu6oQwdj+qolX5pMtRr6Ktq0dL
jW8sNkrLhezQUcrUE8cpiz7qSwsDiLewAdbqWEfjc83arl27Yl7wC3myeEP8gryIrpIvLjcZJ9zJ
i8lplYu+Hd2JvOBrMJCjTlQfGIZYNEI8xuLwjLAFG7kaviDuVVdeFdsJecKDjBtIH4MG+fKeP/JP
nQwj0IQxmjAszmBBowyi/kh9xScf2+EY8yGvMdc0KO4Yf5fV6RDu9MsRd5vPEO7UNQsgeE95+niQ
7/64eMpMm+F92lYpJ1c78A08PYZjeBA6Oh68puCqD9o5+pvyJS9941lOdUS4hz/84VFe8h2913Yp
x/h8m5K5Fvn0J+7+xlwmOkMqc1mYSjxPo3gw1xdAW042od+RBmmdf/75U3JQx/Pz7fnPf/6UHEzL
RxpjeNDzNLKJ+iFuX99AnT3mMY/pcGLOyGMhQyg0ov92stqaC1dp8T7FljSRg7ly1fKF8Cj1aa/U
i+dTcBEvsfhCbhEsSM92CMcyD+GtvBb1xfdj+QJdFZlLeK+X0C9ooX5aj9Do9QmlQTj/3vM92JIP
dY9eA/5RLlg++PC5eGZZhvXSvGT8Ix5/GD0ZA1N/jM30HnmpKzFkFFR4u8c8locyoW/omHO+s2gX
BxZ2v3xMD9yZT1fbIq8zzzyzywt9xzuP7xjciau+jrRV133t3ueltjBW5u7aVd7/rLccFBaUjf5g
Xr+/SNuvkYMef+n/4jvaVydnfcANeIYP4Quv84o3kR1TbkCWgK/vE/gtV9MXK27zNy8CK29Y14Bd
DTP1MeKiYGvixU++Kawm+9LJM77TURCXDkmGV96jlLIrjIlIpYPCzyBLk9ha3aTvOT9npK3JS+Ur
8cFFg6SUNsqiAYy+MTClI/UGSX1L/dzuLxQLn+axxx7bGXaJrzzf9KY3dfVVUh6F1W4tTxMDAmi/
wx3u0NUX371BlYkdTx9hpRyIPnY80VEqr1pfxivRCBZPetKTOmMw7+1Y+inereUL7UJSXvCunvEp
M4MplBhfnu3bt0+FUxyPEe8W5Ytcu1Ne3s/dg8sufN8uZTBSPGjt22XFQErhmFD2ZV/Gcw3upTyI
Upy2R52ooMG5yojPncWq5xoe9MYrn2767NsVcub444+fals+fMpPkh2l/F4rm2rkoOePEh70Rk2P
Qe7Z82QOC2ST739ufvObx3u3RFutHKzhC+VZ6o/hpzPOOGOqbdZgUdsXl5bHhy/hi1q9ZJ7+4/lK
d05jiEvlJLoM/Q+ygzi0SSa6fXlqnmvz8uVK5YPKxPtLbJeX6EKucXecD49+w4IyH4fJbn8qDQN7
H4ewvl3x7X73u9/U6SeePqXd5wt36NTpHX1hec9EhsqEP6aNEM/LXOKN6n/OvrbfBz92U+ZoAwOP
Ec/0+55OJh3G9sXI3LH9vh0r3/VZGJJ8HugyXg5CF/c8cuIJtJFPKgcJgz7IJEyqDyJDtVBDZSON
VCauimFdu89zdcY7sIP+PixoCx/72MeyWICzxjI53B/20OHxj/Dbiv7mHdKPo5z67uMp3tu1YVPG
JC0GVhzaWDS82RxSOnnGN9LHobPJ6EVc2jNGIiZjfVqcRhInsS29HTt2dN8Uxvukz+Kr1BXnlSYw
8jcTgyxw9DTpGdr487/pS771rW9N7n73u3fv9d37xEOnTx16ok+TvkqGXeLzzY4VjwuW0rijfxvu
qQ5Fupy4Bu13vvOdp2j3BlUmJj19hPVjFr6xYArj3ULOaJTxSriBhV0x1PVr5AU/+snNWr5g0YQv
V25c/bznPW96othohB7R532fFs9j+YI0cnyRtjufl3/O3YPLbjzfLmUwIh608Uf/n3P+NCEmlJft
xuDO7ko/QY8BwOM7jwcxDKXtkQUiyCD0HI8fz+idyi/Hg5wIqLk26Eh50Buv0rT9b3+HNTzMYmRf
Lh82fS8eYf7K1y18y47DPpmLcSbFwuejZ6Wv+oa+4447bgYrwkNbSh/87l0JD3qjpujp8z1PCgvR
AhbIJmHBe2QZi7jkUjlIPshBcErloK+vGr5QnqX+GH5iw4x3NVjM64vBxi9W8fnVPpfwhV8cIX7Q
gqCcfJRewhyDws/zWaiDw+jm5STxaFe0fS0ug5+Y317U1eblyyWeT8vHexbLyiHXWIDiw6OjYetQ
XL4xlvAngnzyk5+cikNYtSueiWNX2ETclJenT2n3+cKduOn4LBfnoosuUjbRH9NGSMe3YSKW9j/r
KQehL8fXOTx8v1/T9mvlIDTKpTLxIQ9+SNePKsxG+PP4EH7zOmSKBf0Iiy9zfYL0CMol3FU/8/ri
jcCi5bl8BFbesI4yh4Du+4Ph/cSOhKIPL8Pb9m3bp9KhE2DSSfGZcKOT9HH1zEAaQ52MVsRh14e+
9/l9k9eleYnGUp/GL6OXaKSDtPvQJnaPZewI9Z7JSAQBg1XeEU7fUp+wOVrYEWb31MzEA2sGQ3TG
uXgl78565llT6ZM2SjsDaLvrZOqbXwhBHuTPpFFaHtJgolqTlCX05MKK19gtl+bF7507dnaTmj5+
LV8wuW93ns3khUElnSBXfqx8puPz9N3nPveZ2J23cZef3pP2InzBUYBKa8jfdvq2LP5M3FCPPi68
CYa+/apc8ikHHRrGpHQyXWEW9WtwL+FBBnxp2RkEYzRA8fSY8OzlYQ0P5uRnmge/mZRndbDwo93Y
HYcz9LCaGvmrNKg3LztK+H0RHiyVgyqX/LE8iGE9lUEqe+ozAaD08WmPz3rWszqsfHh4ne8+fK0c
rOELn2/J8xh+oh9N0yzFYpG+OM275PdYvsjhMEYvmaf/iEdoV/SB0I7MUL9jd2DO8NMy+7ravKAV
2Ywhmmdkvy8LiwAY/KR1gZxBp1JY77N4jUme3JUopMXpGT48z+DDogev15FnDe7EG9PXsSPDlyvH
Gymd/E5lLmmU9j/IQa7m8OnDO3aXbEwL3uAbhhovp0Vv5Pd7ZPrinbN98RgsyAvDuNe7Btu+5ZPK
QSYQfXnYOQlP0UemsjjVB1Uu9FalccABB0wufu/FU3WkcOvto9+IrpyPEcfTlGIOFugbOSzQ8+mv
FL+kL1acreovf6i9WikiB3L8pHfoId4hs/QNH/nAyQgTMySic/pvhx56aJx0Unx2RnFktg+jZ3YK
6khShWf3qL7nfPJmh2TOleaVS2PMO+QVuzI9fchRxpDo5bQ7vkErO9mZgOM4d94RzsfTs8Lm8kfO
s0hIYeWTD4v3p3bq5RIY8Y4d1koXn3qk38Swzi5l/61bCHFNuiywS8eSMY3vOTQuJPOTlCNIyQdx
vMZiK0+PntkhHxdoJCnU8gV1yVG5Sl8+BhX6mJxjxx/6i8LisxDC7ryNi8T4TV2T9hi+IDw8lLod
Z++YysPn559pnzn8OSGIevRh4c1zzjlnqv2m+bLYEd2NCWTtekzDLPobbOwu+inaoHMId3jQ7sid
iUMb4RoDjwG7n9OyH3HEEZHX0R89JjxzoqGc5F0fD4JfyoOp/EzT128M4uxElINmrvLTd/noTMzr
6Df1hvFXbh6/szhCCwVY8IIBjLT6ZBPfcjxI/y/jv6eFEzI5oU1ysC/+WB7EsJ7KIOWX+ulxw7RH
TrhKw/GbuuK7d6kcpAzIQdpqSoOXgzV84fMteR7DT5zglbpSLOb1xWC4DENySudYvsjhoAVB6Ma+
zqlH9B7crl27dyb777ln2gN1j0NmqM2n4wri5uRMjFjxX21e0IpsxqjKs3gS+igLO8mZR0sdcoZ6
zGHA9a5sTswdjU5anJ6RxgMfFj1Ixii/GtyJu2NEX8eGHe9yvJHSye9U5pJGaf+zXnIQ2sZgQbnS
fr+07dfKQWiUw8YkzOE/FsCtgpvHh76/h94Uc9o6+kauT6Avpb+SK+mLFaf5mxuB6yAQTBA35xAw
pTjYMS9hv/32C9bBBRMI4QY3uIELsbzH9crLJo6DDZDDPvvsE25yk5uEvffee3mFyKRkxwYGGzwG
67DD9a9//YhhJtiGvbLBSzBFIdIIFraDLVgHsDR6TOBGHrKJ6mDKRbBOLfKSHREUDj744IjJUGa1
fEE9gzt57rvvvpGHh/Lhmwn+SBs8Dq+vqoNOyrXXXnvNpROc7diZYEfwBTuCNtiOiTUtVg3uq86D
NYDBt7QreGlMPSmPWn5X/LH+onKwhAfH0pSGQ07bxG33Gnm9zP5nUdnUEbYOD2uNxbKKsB58UUKr
6DnooIMC9U37MmU/tsll93U1ednK92ALhIJNOAe7Nzv2WZQPuT1GN6EfsEF9uOENbxjLZiuBi/o6
9CAc+GwFV9r/NDk4W+vS0+CpMTw4m8LWeLNeffEqo7VV5MIqYQxf2T2d3bjaFrAsVa/xZV2vvBjn
alzNuG6t5QZ9nh9Xg+EqOcY01DG6P1gw/l32uJr0bWIzjgVtZ183rj7kkENGjatreFDzGfQR9A/M
Dc1z6EXoXOjuq1ZPnnboRO+izubRSThbaBDsFKBgR9AGOzHFJ7X05xrcV50Ha0BSn6xx9bx6Uh6b
RQ6W8KDKVuojp9F75ZDXyx5XLyKbRNd6+GuNxbLKsB58UUKr6GFOhnE187oaVy+7r6vJy64sCXYH
fJz7tIX7VeNq26DWjauZDy7p6zSuBp+t4Er7n0X1QdX5mL64Ft/1bvvoTOhpN7rRjdZcP67FZD3i
rVdfvB5laXkMI9AM68P4tK8NgYbAJkLA1jlFam13QLBTJoLtVo/GdSl8m6gojdSGQEOgIbAlEbDd
seHwww8PdnVFsB053eT7MifhtyRwrVANgYbAmiPQDOtrDnHLoCHQENgMCLitNxe/7+JgOxiD7VYP
dtd83KixGYrQaGwINAQaAlsdgSt2XREOu9Vhwa6uCOe98bxuXB2Wt2dsq0PYytcQaAg0BBZCoBnW
F4KvRW4INARWAQFW0r/oRS8KdrRpXG15wQUXBFYP4uxInHDaaafFFXOrQGujoSHQEGgI7KkI2LG2
4RWveEWw47cjBCeffHJcyczpQE95ylOC3SW+p0LTyt0QaAisAALNsL4CldBIaAg0BDYUAcbVdo98
sOtX4rjajgSOJwVB1M6dO8MZZ5zRxtUbWkMt84ZAQ6AhEIJd0RHsWphgR7BHOJjz5NQYxtV2XVa4
+c1v3mBqCDQEGgINgTVGoBnW1xjglnxDoCGw9ghwJJPd69MZ032OHBNsd5VumWN/fdnac0OgIdAQ
2EwI2P2Q8fj3HM0XXXRRsHsMc5/au4ZAQ6AhsC4INMP6usDcMmkINARWGAHG1XYHbWdM96Qyrra7
SuPVgv59e24INAQaAg2B9UWABeqvec1rspnaXdfhyCOPzH5rLxsCDYGGQENgeQg0w/rysGwpNQQa
AhuIwBe+8IV4Xzz303jHqs3DDjvs2mOR/Mf23BBoCDQEGgLrhgB3YH7uc5/L3rfFEaNrfU/tuhW0
ZdQQaAhsSgSaYX1TVlsjuiHQEFgyAuhqX/nKV2b0MvQ0jO7t+p4lA96Sawg0BBoChQgwrr7iiiuy
13Pc+ta3npHfhcm34A2BhkBDoCEwAoFmWB8BUgvSEGgINAQaAg2BhkBDoCHQEGgINAQaAlsXgWZY
37p120rWEGgINAQaAg2BhkBDoCHQEGgINAQaAg2BZSHQDOvLQrKl0xBoCDQEGgINgYZAQ6Ah0BBo
CDQEGgKbEoFmWN+U1daIbgg0BBoCDYGGQEOgIdAQaAg0BBoCDYGGwLoi0Azr6wp3y6wh0BBoCDQE
GgINgYZAQ6Ah0BBoCDQEVg2BZlhftRpp9DQEGgINgYZAQ6Ah0BBoCDQEGgINgYZAQ2D1EGiG9dWr
k0ZRQ6Ah0BBoCDQEGgINgYZAQ6Ah0BBoCKwjAs2wvo5gt6waAg2BhkBDoCHQEGgINAQaAg2BhkBD
oCGwSRFohvVNWnGN7IZAQ6Ah0BBoCDQEGgINgYZAQ6Ah0BBYDgLNsL4cHFsqDYGGQEOgIdAQaAg0
BBoCDYGGQEOgIdAQ2MoINMP6Jq3dr33ta+Ed73hHOOCAA8IDH/jAsNdee23SkuwZZH/4wx8O//iP
/xiOOOKIcJvb3Ka40JPJpItznetcp3veUx4av+8pNb27nHs6v2/12vb1S1nXUqb5vNYyn1WqM5V5
TynvKmG/6rSINzydm51PVKbNXg5fJ+154xBohvWNw34jc/7qV78aLnjrBeHAgw4MD33oQ9u4eiMr
Y0Tef/7nfx7+/u//Phx11FHhtre97YgY00HUb/B2T+w7GFe/5S1vCQceeGB42MMe1vh9mj223K89
nd+3XIWmBbJpwon9k1szmZbmE2xOcg+YllT7WTNcVXHN33wIJG2CAmx2Pmn8vvnYsFG88Qg0w/rG
10EVBX/4h38YTjzxxPBd3/Vd4dJLL40Do3kJISQ3u6CfV8ZV/P5///d/4Zhjjgn/8A//EJ7znOeE
U089tYjM1772teHCCy8M+++/f/j85z8fXvrSl1ZNIhRlukaBa3mwht/XqAgt2TVGYCvx+xpDtXDy
te1xkYyvuuqq8LSnPS184QtfCDe84Q0D8vGVr3xl2G+//RZJdibu3/3d34U/+qM/Cn/9138dv133
utcNd7vb3aL8Jd/N5sbWldoP5T322GPD4x73uM1W1JWidyzuK0V0DzFXXnlleOpTnxr+7d/+LbY9
gv37v/97eOELX7hyOsVY3F/zmteEiy66KKw3v4+lr6cq2usVRqAZ1le4ctaQtLe+9a3h537u58L3
fM/3BPSHUXyAHWMPMCqsIexVSX/zm98MP/IjPxLr6dxzzw1PecpTitL5nd/5nagfsjnhs5/9bEBv
uv3tb1+UxsoEruTBCy64IDz84Q8P3/3d3x0XKIzi95UpdCOkBIGXvexlgXmULcHvJQXfiLCV7XER
UhlXP/GJTwyf+9znwo1udKOAfDzvvPOWPq7+1Kc+Fd76lreGj3z0I5Fc9O4f/dEfDWeccUY3plik
HOsdd6wer/ZDee93v/uFbdu2rTepWyq/sbhvhkLT9p7whCeEL37xi7HtQfO//uu/hle84hUrp1OM
xX2j+H0sfZuBLxqNeyYCzbC+Sev9L/7iL8KDH/zgUYZ1BNVv//ZvR0F/1llnhRvc4AabtNSbk2w6
3Z/5mZ8JrK7/jd/4jfBLv/RLRQX5xV/8xXg6AfWIe//73x8OP/zwojQ2OvCiPFjC7xtd1pb/Yghs
BX5fDIG1j71oe1yEwq9//evhXve6V7jiiisCdJQsDhubL5OkDPRx6WIyjHBMBGwmx2knv/qrvxpO
PvnkuDtriHbffn7qp34qvOENb2g7kYYAG/hWgvtAMivz6X//93/D0UcfHdseRNH+aB/ve9/7Vkqn
eM973hMwcp199tnh+77v+3rxg374nQljnu9///uH17/+9WvO7yySfO5znzuqPfYS3z6sLALNwLSy
VbOmhH3wgx+Mi6DHGNYnV0/CC174grhA8HnPe14bV69pzcwmziKxn/zJnwx/8id/En7rt34rTmzP
hsq/oa945CMfGfsY9YEf+chHoqE+H2M130L7C15Qz4Ngd+9737sZ1lezepdKFfzO6QTwDO6jH/3o
puP3pQKyBokt2h4XIYlx9V3ucpdw+eWXxzpei8UyGNswIOLScTXzm0ceeeQiRVj3uJx2cuaZZ8YF
CWx+GnK+/TD3/va3v33NxxlD9GzmbyW4b4Zy+rYHvasqY9/1rneF3//93w/oq7e85S0Hod0Ift9q
fDEIcPu4ZRFohvVNWrVM7P3ar/1auMlNbhL9fffdt7ckCP373ve+4X/+539G727vTax9KEaATpaF
DX/2Z38WTjnllLiLsCQR6u/LX/5ynAhgtehmNKwvyoMl/F6CbQu7eghsBX5fPVSnKVq0PU6nVv4L
ecauWQbiyzasq2zIjF/4hV+Ixi+uSmHC4dvf/nZcbb7Zdqyzs+iXf/mXRy3M+sY3vhH7mkc96lHx
eM9Xv/rVcTdveS21GCW4bxa0/uu//ivuZmHnxQknnBA+9rGPrZRh/eqrrw7bt28Pb3zjG0fRBb//
6Z/+aXj0ox8dfvqnfzq86lWvWnN+x+jPSRC//uu/XrxQcrPwyZ5MZzOs75m1zy71Zz7zmeGQQw4J
L37xi8PQuJpFSve4xz3Cf//3f4/f3b5nwrompZYR65JLLon9xU/8xE8U5YOeyJzIgx70oPDJT34y
bEbDOmVgkSh9OpPSpXKrhN+LwG2BVw4BeOVLX/pSvDryE5/4RDOsr0ENLdoeFyWJ+mXX7B3veMel
L5ZR2T796U/Hxazsjmdc/U//9E/hW9/6VtzotdnG1ezoP/744+PCrHkniTLO+MAHPhDLyak2b3rT
m9Z8nLEoP6xq/BLcV7UMKV3/+Z//GeCRvffeO45DWbi0SouX0JfYmMEJb2Po2gh+34p8kfJJ+731
Edg0hnWtAFKVsFpO79KVcwqDrzB6NxRWYfri8H5MfKVT4/u8l5UXR+0y6PyP//iPlTas+7KDnco/
D/e+eGPw93GVX188H1b06d28uH1plrx/+tOfHo9MHjKsix6lW0OXT2Movg8nPJRv6m8ED5bQl9Lr
4w5hoHi58LwbE1dpjPV9XsSpycOnMRTfh6vNa2y50nBrxe99ZeL9EBYpffN++3yUrt7pd18aCqfv
88IrnI83FGfR9ujzIe+hvERb6rPjiKPKl90vYUDniFBW5H74wx8O17ve9dKse3/7ctWUiYSXkUZK
oK7CGHviCUeb3vWudw3sWGeFsi+Lf07z8b99OXg/Np5PYz2fPb19tPowY8pUirsvb2lexO2Lw/u+
Mg3F8/Skz6T5jGc8Ixqix+5Yz9Gnd0P0pXkP/a6h61/+5V/ijnt2rHNCg6fFP/flqzL470Px3vGO
d8TJxVU3rPtyqTy807Mvr3/28Xg/L7yPuxWeSw1Um7bMtnlx5k7W3RsardIHSpWLNxA8fuqLQ35D
ec1Ld8x3l/eyeJmjdu95z3vGqzRGHxs/htZlh3FlJ+mu/HNwX0QGKO51qNh5dZujD9pw8+LuDlX/
v+Vz+rbTo2FlyLCu8iijDkO9GOO7cvbGd2FIch5+6PEs7mCRao1hfQzZaZhFsPBxezFQhikWNueH
I425cZXGWD/NawzfZtIeVb4l5ZXJftSr008/PV4nOGRcmSrHSCx641h5l9qOHX7iA+Wt31kgXDy+
z2tbU2m4uEN5LNoeVQ7lPZSXwqQ+42rGv8uWCRjQb3Ob24Rb3epWcSHZ6HG1ww5ai3B3hRM2tfFd
Ut2jrsLgxJN5hnUiccreYYcdFo3rjAGue53rdvrTqLpaEhZdAdbhYRTuabmukdV95JXi7tMRPXpX
hbvoM7qHZFNVXpbkGBkr+qOfww/acEvUgUrpWm9+X4QvdoO1Dv/n6sqyhVcGeTGNR8UusW7XoeQt
i5EIbArDOgMejjDSXal0bD/+4z8eO3eUiOc///lxlZAvM0z+V3/1V+HNb35zF4/VdQ958EPCIx/1
yLiaz4fXM4OT888/Px4vxjvyus997hNXsL/3ve+NR3r/2I/9WOB4b1assarnG1//RnjEIx8Rbnaz
m8Vk3vnOdwYm+lA8oI9jwG9605sqizjZj1J7/etfP670Y2DEquO//du/jfRypA60PvhBDw6Pe/zj
YjgikyeT5KwOpAGTNumyS6evQROHlYZMsLM6m6Pu2CHoO4x99tmno42jTzmGE9pw5HW7290uGuZJ
CzxZFamygc8DHvCALn7tw1jcffoose9+97vj/eMYU9iB9b3f+73hoQ99aCyvykAc6oP7dnl34xvf
OB6n+7YL3hbedeG7Io7snOTOHI5PyrkaHmRlJ0Zw0fH1//16OO7hx4Vb3OIWuSy6d9zNQjxwpl5R
ZDm+FT7/zd/8zeyOdXiBI45pJ9xdjDv44IPDIx7xiPCQhzyko0GZYHCq4UHi/83f/E3kEVb5Qyvu
Tne6U1wNh5+6Uh5U/Bp+J24JX9B+OToW953vfCcqzNQ1HTx3z/7AD/xAVJLufOc7xzDpfww23va2
t8U6oQ7A/F5H3StcedWVcbfd7/7u78b7GtN4Nb9LcKd9v/0P3h6++K9fjG0V3kNGIS/gLWimzdH2
n/D4J4SH/fTDpkhCoaKt077kmER8zGMes/Q7g2r4nR0aGL0oC7uQ2QHNYBJZiCzNyUMw+cu//Mto
eKHsOPgV2UhbA19kAEcPkx6rJ1l9Ch+edNJJ8ahP5CFyXzIYmcOuaNq4l/tf/epX48CWI8kf9rCH
hV/5lV+JfQp9y2WXXRZPGWEHMvG9K8FdbZj4yOjv//7vj6tR4V/6D+5OZEdqevVHbXskH3DhCDQw
gN9xtJGf//mfjzKqD3fw5joHJqPpO8CdVfX0jdwJd+mll4YDDzwwplf73+c///m4ewwMTzzxxNjP
IQ/lbn7zmwd2w+Zk/Gc+85nwB3/wB5GfoINw8BH8xGSCd/Qlf/zHfxzbjvpgygEfv/n8N4cLL7ow
YoNhm3r3fb9PZ8yz+mnkCHeIPuc5z4lH8VGHOOgEzxT3f/7nfw53v/vd4y5edtZibBRfsLMXnvX9
vqelhAd9vLHP6HEf+tCHuv6aHWO0S9oFsptTeNDvlom72j51zKkv6AC0Pe7K41g/dih6V4s7aZT0
Pz7PtdaBfF48U8axhnXCoi/QJyAncWP08Biw4D/4mnqh3bzuda+LMvWII46IMljJ5PiWfpj2Cm/D
7/Tp0IscZEcK8ikXj/bLcbjoxbQPyTQW/HDEvHR65Z3yBdczPP7xj+/o62uPij/W9/0PegnyDDk+
1P/4tMEDHYYdNpRJesm3r/x2+MD7PxBe97uvm9FLKBuyjT6KMYDcWvX7Sn8V/a1uWKeu0R9oJ/A9
7ta3vnW4tx0LzTgUnuEOavQf74hHX/17v/d7XTza2HHHHRd1DY5Qn3E2ofTpv/t0oA9DX8OR1/1/
6v7hkO86JHA8JcdOMsah/dPu0RMYt6Jv0m/jkN2M89C1oI84vn1yIhhlUjthTHfkEUeGyz5xWSwn
bRxaf/ZnfzbucNa47Korrwqvee1rOp2OtEmXsVPar0ZC7D/o/NrXvhb7KXasIxPRKyQfCOflDYZ3
dAbpYrTjO9zhDvHqCtKifyYdlQ18GLct5Apw9/nQf6HLouchR8AMnZhdevTVwo04uy7fFS542wWx
XAfsf0C49zH3jnozujl6OVf+sEA2xxe1PMhuW+STsOTkAOQ++u+QYycn4xlwpo9Bv2Bu59nPfnbg
jnbaAWMI7+AF5g2oH/RUHPMn8CV85LHgWy0PmnUmfPSvPhrzQg/SGJ4r30477bS4SJL0vYNvKDvz
UYyHOHlmiAcVl3jsWtMYhnqijQ3xO3HFFxiU0JfFF4wz0KE8FoyrOTkGR35ghc7HmAo9+Qd/8Adj
H993pR3zUOe98bzwnve+J/IRmHNUM/VBHdK3HXrooTH9Rf9DT3jnH70zfPyyj8/FHZ6lf6R+KC8y
gDEW8gKepHzol+jkT3rSk2Kb8fQhv17/e68P7/zjd3av0XXZSch4aJnO8ztyDH7n5ErGECwIpNwp
v7PrktN4wBi+YM6Q/h/eQJ7m5CGYwPecjEXZcdQrPEF82tXTnva0cMtb3jKOs+kHNK5Gd5K85r14
knzABIy93Ecvgn84khx5tGPHjjjPQn+EDOaUEXZSp+PqEtyZf2U8gkNGM//GiZPwLzyPLsnYXfIn
BrT/atsj8Zl/QLemHOCOo42ggyKjcrgjMz716U9F3ZX2BlaMOfmjntHlGFMsqssg9+ALMKStI2OY
a5RjPhO9NyfjOTXuTee9KbZj6CAc+jx9921ve1slEf1du3bFuqbtSCYRDj4GF+Qw7+FZ6t33/VMJ
jfihfpo7sOFB5laf/OQnxzokep8ej9yjXh772MdGHQKeF1+go3PNp+/3PSklPOjjjX2mnTGWgffp
C5m7oF0y3kafYoyLDL3tDxruzqC3CO5q+8hE+uX9998/5o+egMxHbntXiztplPQ/Pk/m4eEfFo/j
0K2Y84M2r3v6OLV5KY0SA7bmJNGrcWP0cOUz1kc2wRfIRvR6+OSoo47q+J10cnxby+/o1Be/7+Ko
7zPvJ5nGfAsLWKTTi/5F+EJpjPGRs6X9j0+3Vi9Z67bvaWzPK4CAKT6TVf6zO8FNfQgTUyym/njH
nwnHiTHtVBlM8ZrYwGcwnimPU3HAwJTNGCfNT3nh246xGM+UjYkpGF14M3jG96YExPfQq3imcHd5
2aBuYopSLIu+m6I7sY59il5983E//vGPz2BgSsrElJ4ufV+Xdj9lR4PSy/l2jGYX/6UvfekUbYQ3
o03MIy2z/+bzLX0uwV1pW2c0MUV9CjPxCHTBF4RR+Fy5FF51RRwTnF0cxa3hQeKa8t3Vl3C3zn0m
feWDb51eV2eiT3Hl2+TUVBqm0ExMSR3EwgYdXZxFeNCOZ52hT/hBnw26u3woTw0PCo9SfideKV+Y
UjzD75Qjxd63Q9FnA75BLEgnF0/xS/xS3NVWfd2Qhg2Qp/gEGlMZiozjvcfBp4O8godK6O8LW8Pv
ZtQdpM8W1kxssDBFH3jYQHwwHuVV20r5Qu9t4naKN4Qdct8MTV36HjthqXf6bQreFI0luOfasNL3
dWUDiIntCO/yWaQ9XnjhhV351D7kkze4207pLi/qHFxs4DoTTxjgC8M+HhnzHjzsvs0uH5++f/5/
/+//TdFHPN4pjMrjMTz7rLMnNnHZxbPV7VM8YAsnJugTPg09m+GtizemHD6MLVyK2CitPt+M+lP0
kYZNmnX0EE/lUhrQnNMbSnjQ01rybAP+KdpEU0qjGVenaKzFHVngeUP5+DpGpqgMi+Be2v8oz/XQ
gZSXfHhfOorkm755n3B2PHKsM4+dxw9dONXDfRpjns0Yk+UL8Yf4WLq2T9Mmlabiik7FzfE75bKr
ebp4iqNy2STRBF5QPuhZyCql2efbhNJMe1QaY32bjIhtVmVW/cBfopNvOdxt0VxHo8KqTEov1UvA
Yl7bR5YRbmwZNnM4m+jZuu7qyeS5z31u5BHPH55HbJI81rMHwSZnJzZx3BuP+PCVdzZBPWHspbbi
8/PvkO04M1RNyFt8asa5+N4MB/G9aMSnLcjZ4pOJTdpNtRnG1NIvla/S9XGRW/qu9M0gPLHJSCU/
5dsVbF15VIbUJx3GL3K2wLKjTWHNkBbz8GXWNzPo9OavNIf8UtyVlk1CT8yQ1OGf4kLdEEYuV65c
HHTQKVfJg3av/cQmh7v6Ai/yQ/73ObCwifWuzkSfsFYa6EzeffZfPjv5oR/6oUEsLv/ny7soi/Ag
42bRI/rw9Q75753dkdp9U5ic73lQ8dGH0jxskn2Q3+bxBf2Q5wtbnDPD79CnfEUr46zUXXzxxb2Y
K55vv2n8kt9e5xBtQ7jbQoYpOQQ9pGELVado5j2Y0AfKIeNEfy4v5BW8ugw3j9+hI+V3W0yTpU94
mFF1YoaJKfLAwwzN2Xgqq88r5QvRYAuPpnhD2NHn2MLtLn3SEnY+ff/OFl1M0ViCO/gzZlaZlYdP
n3e2aGBiizy6fBZpj2b87MqnfOSTF7jTR3gHLrZwYyae6MUXhj5e6TN4PPCBD+zy8en7Z3RD74jH
PJHCqDz4ekc/isyUswV1U3XLfI0t8OjC+7gvfOELFa3Y19yY6Ojzzag/RR8ZMT/sw6tcegfNOb2h
hAeLC3RNBM3tiRb5KY3MZ5jhs8umFndb5NLxhvKQr7yRKXKL4F7a/yjPebondEr3VJzavBQfHx2F
tCXf/Df/LF1SuMkXfstow3ZVzhTPKu3Ut0UinrT4XMvvtrCgy1NlwidP29QQ5wmV2SJ8oTTG+qX9
j0+3Vi9Zj7bv6WzPG48AKwpXdqKEAa8mspj4tB2k0UiAMs6glEaam5SXUKMh0+EjKGm8DE4Uj7gI
PZX/la98ZScIEGa20y1+t5XKUUGREGLySXGgw1Zjx3jpe4wQ+qZJMcWzVZ0TW/HXfVfa0ItyjWLI
QIeJPU8j8UmLtG3nesyXCUM/6a888HecvWNKUSEfL+T07A3rYI7BRzSRPvgpXVv91hm0bVXkxFZZ
dd8UpsSvwd3zBWVgcM8726UXaecd9HveuOKKKyYYQr0xHt6wVd5TcdJJW59XCQ+Cga32ioMuJps0
sZ/ygsfqta95bYe7reiK5YL/4AWViXL5NDBcMQnDe/gFLHbZwJny2urpLh7ltlXWXV3V8qCtqo1p
whcoTeDDpIZdNRBpYFDiDTY1POgxKeF3X1dj+YIJH/KAl8XzDJJp29SbjKUYr/ykMs92UkOMg7HS
VgfHcoOrrWDv0vJ15ctV+lyKO+kz+YCs8GWjjMg3+Ape4Zkyijd473GgfcNjtotiygiBMl5ahjR8
Db9f/N7dky7QSBth4AX24L5z586O3z0fUlca/MMXGICpW4zk55xzTheHNFVf4MEiGGGn95SBuMLV
yxhkia167vCj/fkFEWCNcmY7ZGIYbxCtwR25bCuuu/xo/6TDZNqZZ57ZvffyvbY92ukvXXp3u9vd
Iu4Y0W1HU1yQJvlkuwy6dgLutuI+xuM7BlX61Ze//OVTfarHMOWRkt/ws+1WnTLks4jtjDPOiJMQ
0ILM8mnaTqWuXMg0+J1y4WMgU1vw/Tv8Bt957EjAcNcAAEAASURBVAlHGbdv2x5lPgY7fjPB5fMr
ecaoB8+QDn/KQ7/l5wx56A2inTRsRXnkC8+fyDhPTw0P+vhjn5HTT33qUzv6oBMaGQTDGyzkE+3U
ndKtwd3LafDauWNn1GfoH2nHPi+18Vrca/ofyraWOhC4Qpcw9D7YjDGso1fRRsGvTwcaysfnOfSM
fiaeVv3rt/df8pKXzJTHG9Zz/E78lN8pv51QEvPE5zu6E3xBeaEBHVE0Y1gnbdHCdz17P9celcZY
3/c/pC3eJL7vf1LcGQtIL7FdPVN6iV9s7NMjTdu5HMtLXug/vt+HR1TWdDHY2PJstnAbPzRfOwrg
e/Gx7aKe2G6SaCRg0ukud7lLrOvUsM5EObJYfMDENnohhhX6GsWDf5iMk9M4lXi2wzTqTXy33dBT
BnQ/uQkdz3rWs2Lb8u/R8TBC6Bv5ekebsd2G8Tv56Q+abIdjbDe2Y2tywAEHTNFIGqRF2jJwMknt
J/19PhhRSJM/n4fe4dvuoCnDOvzPuF7hSR/85BgryqBN+7WdhvpU5dfgLr6ARsqgzQe8h3aV1/PG
V77ylajTinbCvOhFL4p9juLwTgskVBjlxbexPKi4jC/tJI44vsHoQxopLygsPmMnlcl2V0YdFP6z
0xm6MqVpsJDDTimL8dCrwQKjIsYE2znZxcPoR1i5Wh60nXMxTQwzdrJC7HNst2cnyzHkeYPNGB6k
TDnDOrSm/E6+ffwO7yIvhCE6PO9SviAM73EYHcnDrmbpeB79mzZMPytjKcYrZIscz4zPyIsy2slf
sdzgKl2Fb0P1rbTG+KW4kybjLmSFLxs00S7gK/Dh2fOGX4QPDrRvjKPood4IAZ8t6sTv0OT5HdkH
T/A+xZCxsN4Th4V9YA/uLPpUPM+H1JUf39mpJbFuMZKjoymOz4u2gq4m7Hw9Ml8hXD0vob9qPEua
tD+/IAKs0Vc0lvMG0RrckcteftL+qdddpht6Y7FvW7XtEbkv3O3EpYg7RnT0OL8ZyE6t6NoJuD/h
CU+I8cCDvoT5CMZvYKH0PIaL8BT8hH7sx47Mr5z1zLNivUALMss72+Hf0YFsgd8pF/6jHvWo7htl
lIPf4DuPPWWhjMylI/NpK/xm8WitwxYATqTDn/LQb/nQmcpEb2gkDfou+EL8SVroL97V8KCPP/YZ
2atNYOIBaGReBN5gnljlZaG0XA3uXk6TJvNotBv0AeS75qShQ4veanGv6X8om+cjcKCNpLon9Hkd
szYvYSlfNigv3/RNvs+LeSnp4fSR0qeX0YaZcxRPiy/02/uvftWwYX0sv1M+2itp20klsT2gO8EX
pAENfmFMLV8IxxK/pv8hfc/vJXrJerX9Egxa2LVHYKUN61L2mOSi80KRRxjxh5EdYyVGIb9LDmVH
woOBncLLJ94P//APxzAyAqDcyuDK5Lrf4Uc8FEUZ2PwEO99kOEnf+2/pJJZoUVzoJX06ZH3DT+nw
3ygHnRf09hnWCc8glPKxoxkcKQvvSFt/Pl09azINBcrTobSgua9cSmOeX4s7BjTy3//GswsPyBMj
EEKdMH5iVJjxPjV4ICx5jwHO81kND+bKrbruw4wOX5O5DFY85qRHOaCPP5+G0iWu310lGnx7yE2K
Kj7pjuVB+A2M6BAxrKFQsSOeNKAjnciv5UGVAV91N8TvtXxB+uJ3FHdf/xhXKRfywcsZyq5TAgjj
45AeCi48iDLhy7HIcynuyktloxzsOOJED32jbvRMPUohRiHSe+8zwBIeDLr9t5LnGn6n/HZsXszf
jgObqg/l7ZVpJk14z6APmvnLyWkWOUle+LZFXGGXvte3lN/VnlhsQRj4wo70jHlrolJtUsb/RXBX
WqwCRYknT+UrAwsrUfUev6Y9Cgf6XNqiT49nlRuMRYdWePKOiW0fx45tjzvM+JZi6MPVPEtW2FFx
E/LpS4O+kPz523b6tpk2TN2d/sTdK2+hEZ71aQl74jP5YlfFTH337czHK3mmrqBDxlfxr/puu0dv
Kk+lTR0IWxZ86L1vQxjo9H4RHlQaJb7Hjj7XY0V5/SkC/rQV8vBx5+HOgFV17Heli1bkOAtFCON1
nRrca/qf9daBVG58cKZdI/ty8k1hmfAEHwb5qR4O/yETMKz4/lFxS334Gh5FB4Iu8eg8fpdhHRo9
v1OP9Bk+rZQmcCB9yobuQv4sRKHMTACThuKIL1hUQ5pj26Pil/hD9aNvlNfrW9QBekms0/e9f0qm
EQe9BKOf10vox4f6feKp30dHXKTfLyn/RoZd+6H3xuWAYQjeZpILQ+Hk6mtpsaN44y4kO45yapcc
PEYctaNrY+x+Ip5dPRLDPPG0J8aJKNKWwZXJf7/Dj1j0OXwnTT+5yTcM3Ln3/lvfpKWM49BLOdAB
vEvp8N8oBwbVIcM64TFyMlnIjmZwpP/iHWnrz6cbnw1nTbimOx7BirQoc1+5ZtLreVGLO5PjYEaf
iq6TOt5BH38veMELus/CjPdMJHrHQnXSZNzB5KRcDQ8qrvfFJ32YoQsiI6HBjiCd4UHKwbcUd/EQ
dYtMTZ1vD8wzpU7xSXssD2LEASMWq9AHYXhlURtpUAbkoXfwm/iG76N40Cdgz0zmw+9DhnWdpsN8
S44vMA6CH3R6viAr8TunD/n6V39N+/e7cSm7TgkgjI9DeuzwIy+MD8typbgrX5WNcsNbdnywPk0t
gqAetUgDHTHnGG+TDnj4hRq5sEPv0GPE7xg8U1knficvtRnKzyIT3nECpq8P5eX5mYXaOM35EC+V
33xnkZP4QnnxHifs0vf6lvK7DOnM0+HgCy18ZvyO22X6G7TI+L8I7kqLcbXnefLVwg/GE97VtEfh
wAIh2mLqVG7KJTpYRMBv/lgQ6Z1dnzKxY7jjtxRDH67mWbLCrtuckE+fQw6JvrTdEwcMtbAaGuFZ
74Q9adAXMQfrnW9n/n3JM3UFHZq3EP+q76ZPyznqALqgmz5Azrchf5rGIjyotEt8jx1jKI8V5fXz
yPQt3vm483D3c2qMsVOHHGehCFh5XacG95r+BwP/kO4Jj2pxl+qeMtTklZad32rXOfmm8Jp/gpfo
x70eTltDJkBjTh4rjbE+fE39a0GOeHTZ/D5Fj6l7pE/Z0F1oIyxEEU/AC3I1fKG4Nf5Q/fAtlZ01
esl6t/0aHFqctUFgpQ3rTHrKoI2Cw5GyCD5WRNMhsoItnTh/ne2kpOHyhxJud0lNWImjP4yLMs7I
sCHjKXmwKyU3oSPjCzuq/Hflpwm23Le+SUvFxUhEp+bjznvWRPiQoVFpKGyJAYOd6cIRpVpp6eiS
MfkqTp9fgzuTfHafWqRNxqtc+jpaX3VMGI8DE9o+nmjx4flew4M+XT2rrvt4QZPX1BEDVcWTzwTB
Pe5xj1hun4YMXtQVSrb4PPpmUMOgRZp8H+LRsTyIYrnj7B0db4hH5PfxmMcehVTlGusrfh/fLcIX
0CAc/e5e3suAnpbL50fZMQ4x6EM2gT0GASaPxpZvXrha3H3ZWDTAhE1fXiiBqkfaWMpPyE7hlOLR
l2bf+xp+90YoFLRc2tSLDMpaVCOjJBNcOaMw6TDhwCSANzjwXuX1bU758i3FQe3cn3yhNDiSibjC
GVlDfeg32Jfirri5dqFy59q92lNKv8rmfYWFPozV9L1ezsAXfiW/sFL+0OaNU0qbhWSkOYYGxRnj
02YxFM1Ll9Xxyp/2lUsbWaVFdzLyKZywR29gEknv18IXX+XqMpefaPOnIiicjgH2aSl8DQ8q3RJf
+VFHOexpp1oAyXG+Pm3FHYM7g2bKxIQhEzg+HT1r8VSOX8bi7vuDEr1EekeJ7lmaV2ocVrlJB9mE
3FOb1TfvY1hQG4BO6eF2n2WUBZd84JIZPdzHL30eS5dPVxP1ud3i8Dtl9PyuuExSnnTSSV2/B6/4
P07ZyPWZ7ALpS1NpL+oP4aBvmuBTXtAq/ZhyjNFLhB3h+/ofFiHzPc1P+W41f22G26uRKhN1mnSk
PW/fvj3ujmOxCBP5LExOJ87ZhUn9w/PoNiw84UQe/WFcvPfRu40zLCRkokzGUyZpOW0k59ihyEIP
FkR6R37k5Sc99V3f6AdyTrQi89Oji3Ph/TuMWmMM68RRWIyv8P8Ypx2KlA2ZG51NQDJuAN95Bv0x
edTgzqTnY094bMQcA3uf005E1THhPA5MaHsnWnx4vtfwoE9Xz/N4AQMsuFJH6KCpw4Bid5THcnf8
ZPWhiVfqicUC4nN8DGqMjZCFQzxKvmN5EN1Ei/uJl/6lE70qhyZv+74rXJ+v+H2GdSbj7T7hSI+M
mrm0dOWCjJoKIxxZDOmdJqpTun1+YEDfjLxBNoE940bGI8tytbiTv8qG8ZD20+fQb1WfYJnyE7JT
aaV49KXZ917tjXRy/I7BBn6HHvG7N0LZ3bvZpKkXGZS121BGSbtzOmsUJiHmn2gj6S5elVc0+Ez5
luLAonRo9idfKA3mKnHCGR6kPvSbeKW4K26uXajcub5J7Sml35dPzwoLfRir6Xu9nIEvcgshlD+0
eeOU0mVOnDTH0KA4Y3zaLH3jvHTZ4KP8U6O58qG/lA4iI5++CXuNifR+LXzxVa4uc/mJNn8qgsKp
D/dpKXwNDyrdEl/5UUc57Gn/WgDJ5jLvFHcM7hoXc5oqxtOc07gixy9jcff9QUn/I6M1ZenTPbXw
h938uNq8cmWXbMrJN4WnPcm4P1YPV9xafwxdPm3xxFh+V1xOppARH95P/3Jylbhj+UL51PpDOPAt
5VnPG5RljF4i7Nar7ddi0eItH4GVNqzT+TLgRjHTX9pA052LEviEU5w+/8gjj4zKJ8KP8BgNEMIl
k0TKLzdpp299k5b67o0wY/OWsSNnUEnTUNjcxHEa1v/WLhVNSmNkIA2wuuQaI5EPX/pcg7sMnfNo
QLkhDBOLmhgdwkG0yNjly1LKgz6unlXXfbzARC30stsoZ4QiHRnofBo6iou4fXyu9xi/RI980TWG
B72RiTTpfDh6mTug+A0NfTw2hL1oGfIVv4/fF+EL8s1hy3vlmysXRhEwEL6U3/8RJzXUDpWx79si
uPuypYsG0vzUBsbwEuWGrjSNsb9r+F1GqFxdKF8MDtohLoOceNzLAoWf5/fxBfH4ltKivHx/kKYh
nCVr9LsGd8VVWr48OVr0fYivFUY+YXU6wxgaZYCWbGKXpNLyfgkNPt6857HpesO/+og0beSKjIoY
Afx3YZ9eE+HDLOt5qC5zeYi2sXyh8GPqd9G2D73Kbwg7tRvflsbGJRyyQEbGof6NATblpp5T/W8s
7rX9j3Ao0T1r80r5RMZZ+i+vU6Th+O11ILBK/1I9PJfG2HcldClNTeKwiCBty31GcHRYlQMMjj76
6LhogB340mdy6ZFnX5qiZxn+EA76lmuLTFQO6SV8I4xoFHZgIV2mz8/lp3S2kr/8ofZqpchi6bSO
1Rbw73nPe07tlJGxegyP6H5yjrImPEcLc9xoiZPB1E9SK76+ITtzTt+9ESYXLvdORuIxBm6FLTGs
T8xoq92pmpSmLau9ykiUo23suxrcMXRrx/wQDa977e6NC+h2MiYO4SBa0MkVXuUo5UHF877quo8X
dCw2Cy1zRijqg4lU2kKXhr3zk8JpO0l/p7u0oU90jeFB6l9GJtKGn5h7Of7447t+CP5AvqZOxrm+
72n49Lfi9010ywBOOx7ki2s2tDDh7Ou5bwJb+eboxigCBinO0MAfcZaxYx08a3EHR5UtXTSQYuwn
2NMypb+LZEmakf2G78CItpzld0e3+F1GqFxdKAsMC9ohLoOcjCBpnSvOkC/sRIMPy7eUFuXl+4M0
DeGcM6ynOKe/U9zTtDx9OVr0fYivFUY+YXU6Q0pP7rcM0JJNbHLKuRIacvH73o1N1xv+vSzw6SJX
1Pa4ZtA7YZ9eE+HDLOt5qC5zeYg28ZgPk0tL4WmTuTr171Ie9GmPfVZ+Q9ip3fi2RPpj4hLOGxmH
+jc2KVJu6jnV/3JYkXbqavsflYUFK2neaR76XZuX4ntfGOfkmw+3DB3IpzfveSxdSkc4juV34vmT
TOBvrmN80pOeFE/S4Dc8kUuPuGP5grCLuCEc+Jb2P+RVqpcIu/Vq+4vg0eIuF4HroFxaxa+sM6EY
TOAFO94x2KRnMKEerIMPNikWzNAS6baJ12BHjcVnE1TBFL1gBo9gK5GCrYbvLdtNb3rTYPf0BjsS
JdgqrhjHdrCEAw88MBvHoA8mGKa+2SrDcOKJJwZPgwKYYSfYXSbBJi3D4YcfrtedPxS3C9TzYEe8
BLvXOtzmNrcJdtTvYDkV1lawhaHypVnZTqVw17veNb62Y32DrUIKJnSCTYYHM0oM5pmmlftdgzt1
AN52z1Kw0wiC7SjKJR3EB2ZYiHyw1157hSEcRAvhbRJ5qmylPJgjSHXdxwt2IkKwgXSwXenBjtYJ
e++991QylBvsbUXrFD/ZkUoRB5sMjrxGGXMOvrXVcTO8Lbpy/Jumo7C0LesAg61e7YKA0f3udz8W
6mR5bAj7LpGBB8Xv4/dF+IJs7U6YyNNp/SjfXNvhG+W2DjfYTpTIX6Rlg/5gA9wATTl+IkyJWwR3
8ukrW0qDKQLBJlTja9uREczYE+VtGo7ftsIy2Er1GXmYC5t7V8PvdqRQOPbYY4PtXA9mDAi2Az2X
dFCbEE8Lv3l1QX2l8r0PO/ohu7M2mOI8xe/KS3lDYJpGKmvsOoVq3NO0fH+Xo0WADfG1wsi33WvB
7poPNkkaZQzPtvJZn6f8613veuH2t7992GeffYLdhRrMoBlsR0fEYCqg/VC6fTIjDT/299iy2QAg
lssMqsF2r4d99913JgvSsrsJY9lT2TCE/UxCC75QXYKn3YE8N7Uh2pSW59H1bPsQL/rG9HeeTh93
XnsmrBlAg90NHGzHbbCdeDPtmzAqO/1aqh8Jq3m41/Y/yLJS3bM0LzMOB+Q5OpB3pPOMZzwj2ORI
sF37WR1V4ennzPgSbBJ5Wg//gOnhl3444mqnSXV6uOLV+J4uO5Uq2H1zc5NBhtrRg4Gypno/uqAZ
goKnjzzoJ+APW6wXbFd7YDwgZzu/gp1slU2PMErTdu2Pao9Kt8T3OKT1YxOW4YQTTgi2uziOg/yY
pU8vsV1jUW8jXY8Tct0Wz8Y6tEnzNe33S8q/kWEPOuigjcx+zfOmPfMH/9gCyW5cbdeZBFtoFHnB
7j8NdsRxpAV91ozNwSZ/g+24nJElnmD0RjOmR7lqC/JiHHTkXkyZgZgeVkc+JT9Pg/KwHZNRpqMD
2oIeve58xiZ9cbtAPQ/MLaADo8Mw1vL6VBpFYe10lTgG6C1fEtFOpws22RwxZg6D8QJzFnan68zY
M4k66if9WSnu6LNmXI11azuyI365zMQHZijv+GAIB9FCeLuneArPUh7M0aO67uMF+m/kO7KcOaN0
XE25wZ7+sUvD+PHU004NzN/YscrBTr7qxnYpDYwXGJOmdS+6cvybpkFYsKdtMS7yc0VghGy2xWJx
/iXNB1mPDmVXsmS/p3mlvxX/dre7XaDeU36nr7CF88HuNI7fzWCTJhF/qww2YR7rWbqGnZIW2zDj
JN9WlW+Obr7ZLupAf8WcE/yFM0NNbB/QRD70wSm9MeDI/2xHcCybTaKHd7/73UW4k0Vf2dLsKQPy
BIfsNGNP77jaTvcI1EU6Dk3T7PvNvJjtLA+2Kz3Ycc0z/A528LudMhbHrtSJneoR64Z+AF2AcX3O
0RfQJswgF/sF4Te3LjLyvQ872iPzi2ZEnuJn5aW8oS9NgzkYaBc9yJ5a3NO0PJ/laBFeQ3ytMPIZ
/6Kzomuif6KTDY2r73jHO8ZxNfMJ6LJ2MlYcYys9+Uq3T2YoXKk/tmy0dcpFH0cb7htX2xVcseyp
bBjCvpTmeeFVl4yBZEMYijNEm9LyPLqebR+6Rd+Y9u/p9HHVfjzPp5jYSRTBFniE0047LbzkJS/J
yiuVHfnKs++7hNU83Gv7H2QZsiCX91RZnGyqzUt9nU83lU3+m3+mf2dcTRvI6eGETevJxy99Fl22
SC7YiYBzo4ufcjyhOkzpUz+B3sD4mPGAHPLgTne6UyejUx5TmvP4QunV+sIhlT19/Q/5lOol4n/i
rnW/Tx7NrRACGNZX9U93aXIfS45G7ai2idfuu+7UZCchxyLl4rFCmF0/uitQ+Vi1TDjqLBfHGmBc
ocqR8P57344mds3oyHmbkJ+Ko/h9cfV9yNeuvL4dvD6udjiBCatu/DeeOTKm74jk7du20/VM/c3b
+Zqm3/e7FnftZONoZ+5KSdOnXnWMLEdYUt+EEWbgYJ3YVDzql3KmeIrGEh5M6eG36rqPF5Q/NNgE
xBRtxNeuOr77NHSva9/dx8Sl/DaZkz0KV3T5NpSjn3fagWqd0gx93C8MbTlsibsIDxJfdZfWj6e1
li9IQ3E9tj7ftFzQwy7evuPFtWrXjD+9JxB42oeeF8F9qGxpnsgGytnHgwpPm0t3durbWL+G38H8
dre9XaQvx4Pkzf260M8fR5TzTrtWeNcnuzhanpXgpvhN8bb4Ir0/+zP/+JmIVcoXufakNMRbKrt4
eRHc07Q8/jla9L2kPfq+7Oyzdt8dr3S8Lzmjd8ofjHJXrHBMIHWSYqj4tb5kxbx0OfJWvEJ7zeXH
Tl2FsYnXqTBD2OfSWuSdsLSFelM0kKb0GZ/+EG1Ky8v8RXjQ5zv2WfSBrdqpj2sL+Trc0/5QcdV+
fLz0WWXlqLX0rnaFlR5pCyw6nVDfFH8M7mrnJXqJ9AtwKNE9S/IirHQglQufd+hHNok7pVP4MDxL
puZ0INLYdvq2mIbnpzSNkt+kSZ8HXTZ5nuV32rhPk7YJhrmj23O7y/1d5BzN6tMi/3PPPbc3PcJq
5+YYvvBplzxDB3UHDmn/Y5PGUW6yst7rsui+6CVm7Mnq9JJnNonb6SWMk5CVfXhDM7Qso98vKf9G
hrVJti3r4BfaCifJzDjbrcvRxvCCTZh1n3W6A7uqaHs5Z5NS8X5odjDjlA9paZfjVDzLCz5GrjC+
8Y6dlykNfGcXJkfO841+IOf64ubCpu+0+3rMjnXt8gYT2kbqOCKVo1dnnJVbu9apB/4oD33BMlwV
7kaTdvEgP2wScYYUsNExsoSlvnHCDBxos95px3qKp2gs4UGfrp5V1328oPzBF/07deyWFP4+Da4c
5D33nF757fxRt5Sf+0NzR+GKLt+G0rzjb4NQO1Bpd6nTKV3I+RRbwmqXHd+LePCajMxoPfeOdfGF
GSrm88Vp1/IFWSiux5b3yjctF+/ZxUteOdxtoUSsF5vo792RTfpj3CK4k35f2dK8qRfKCT9x7VDW
GR/Q5szQkv089iXylHz68tIuUr6rToQ573I8SN5qr4Qx40ck513veleXV1Z2WZk4Wv7JT35yvCrI
l0HYaRe2vjEXCVYpX9jCjZiXb09KQ+VQ2XX6wiK4p2mJPvwcLfpe0h7Zza277ft2n5MucsZfaaL8
wYh5mNRxTQX1lGKYhiv93ddm03TMGNfxBe0159DroZE/ZLR3Q9j7cMt4FpZcF5U66TP+/RBtSsvz
6CI86PMd+yz6fDv1cbn6Srinskhx1X58vPRZZWVcbYvk08/xt3QcdqxLJ1RAxR+Du9p5Sf+za9eu
rpzML+Qc5U11z5q8cmkrHcmmXBjReNYzM3q4RRB+np9y6ZS8U5+X04Xgd9q4d0M8oTr09En+wWPM
4aROVwn18ZjSHMMXadolv1U/Y/sf9ZElesl6t/2S8rewa4vASh8Fj1BSJ0CDxPjLBA9/GAYwJvLd
T+jx3lZ8xvdMlNJwFAdGpzNhQpZ4HHGuY7e9AZljQ5mgIh7Cj/udREd6rC2TdnxjYoqjYhUHZVJx
MNrwXhNF0EFZEB6E4YhufjPZxx/fFdb7lE1hbIdOnEDDcOffa7GAj0faMjSTF2VGgeVorx3X3JfN
ZHA6WUkaui9HZeHoVgwtPv1Fnmtwt5W4cSICmrj3yVYGdXXMEWHQyDcG096QhgIHT1BX3tBD3djO
qBgHPD0ONTwIHuCrugJ/GZHgBepX38QXvLMVnB3P2G78yIPQgmFB+ON7foI+ysl7jrqmjKTJH3lg
VGSihO++ndTwIHdWk47tWI18QR4oVTpSmW/CVuUSb9TwoOfrMfxeyxfQpuPDPbbQDp7gp3KpPNSL
cGXyGzkh3PF15/QyDOu1uIMf8oCjOamblPdy7VgGGxRmBtCEUbmQFwy8Vc8MtoVHqV/L77Y6NuYP
DRh5uU9M9NHWad98s5NIOoMDdWWrvTu6L7zwwq5cyA4vq23nwlSZtKiBvkZyBtlBGxAOkiXQ4WW6
8BWm4A9Okile1ihMCe7kpwUtPi3y4BtH4UMjvChaVE+l7VEGRtJDjnjcaSPcu8c3/uhjyYfJFskm
2g+0ki9tRfeRET5tW6Kx1JfMpZ58m/VyxKcJRkz4im4mJDy/a3EM3/3dzeRDu4JX+Ab2Po9cH+zz
rXnW4hCwwkAM7eCIUfABD3hApIP7+Uibb339WcoX/BY9NTyouKW+2oCwh6cw8FF3r37Vq7s6Oeyw
w7pFPDW4I6NIg3zATjoa5abOtDCN7+h9aTlKcK/tf9ZTB6J80j1owxhYaaNp3+BxkNGacMgU2jD4
8UdadnJSTANjtI9X+0y6WuyAfkcevIM30MWR8dzbjMGfPPj2gffn9Te+SQ7Sj/KbOOjAWvhKn0Zb
4hsLq9DxxZdq22lZxBdMXqbtUZiqPaZxx/6Gnr7+h+P1oJH81f+QLrJnjF7iDevko7YPrrY7cUoO
0u8zAaX8Fun3x5Z9o8Ot7bB7Y1Onv6Yuac8YvKPx92qjyf4wFtOf8I0xt5yMyMTjXkhkNRNx/GEQ
QkZwJRTfdRQ86WlykPQY0zDBShwMklrkwbf0/kwMk6SFsRbjp+LYCRsd7RhteC8HHZQF3YI00Un4
De385YzFxGUyUGGQCxj2MNz59+nEMPG4nxtDs/LC6I+RlbGK7sumLaaTlcRFplE+/dlu9akjtAlT
7Spxp51TFmiiLm03ccQXjJEr0pUI4w1phGPynLqiXHLEUz8Pnh6HGh4k3auuvKqrK+oWnQ164AXq
V/UoviBPLQYgHHxFXfIePVX4Kw3Fgz7e8R0ZTJ/HN/7IA6MifEIY305qeFC6MzIZnYQ8kMle/0TO
g63oE8ZgoPJxJH2OB5kM9th7vkbfncfv9G/CIscXHDsMToTxfAFtOj483t19bVONeJKvyqXyQCfv
SY/Jb+RELLPFxX/+858fvy3DsF6LO/jBQ3Z6WqQl5b3c8denP/H0GJbxHVdlEYby8Ie8YCxLmcGD
vq/WwX+2WzimRXroKTl+55uXn8hm3vGHkdd2PXf0Uae0b75xrYfoo67sNKH4HrrRrVUuZMKZZ57Z
pWkngk0VSQYeFq5IzmAkpg2QzxRfWN1rvAiPC18ZRyJvWeoyAnlZU4W75acFLT4tCkB90WdCI7wo
WlS40vYoQxLpYaDyuCNzXv7yl3cY0sfidu3a1bVHcIJW8qWt+LnqKQxFYIUvmUs9qc1SV16O+GTB
yE7z6+hmjCq+4JsWx1Bm3+/Rd8KrXJ/IN7D3efBt2U6LQ8CKuUzoA0eMgow9oMNOgdidrfGFFuPP
4wvSkaviQUUu9NUGoJs/eIr5L+qO8Yjeo8NpEU8N7sgA3Q8OdtLRKDd1poVp5Ge7j2dKUYJ7bf8j
3RMa7FTfyFuqX+mefPOLWmrzooDSPeBT8U7aN3ggfF1h/KcNozPzB4bIRujzhmsfv+ZZmNCPQy94
wBvggYynf7r88st3J210lPI77VyLhejT1H8z1wDOlIc/te20DCV8kcYt+V3U/1jCtXrJerb9kvK3
sGuLwKYxrNMYafRMAD3+8Y/vGijKPAqHn4ihU9RAgHjcr8UEmRo1Pt+ZUFM8O5IzGl98PCmNCk8H
wkBRcfAxPPs4yoN3/j35M4hJDdUK733u20S4+Xw0QPXh+p7Tu2BJB+HcFx46uW+eiWufp57t6KEu
bi5thavxa3FHwfb4UldpfaH4iiZNhHoM6PD5rklc/03lTHEfy4OaqPRp5p79vc9+Yj4Nq7Jq0tQv
cKCc+k48Bnwy/PGbb/zZUW+xvLU8OIY+0S1+F/74JTyY4q50c77qijxK+YJBY5omdUJafmJDYZik
5xsTIKoLfWPBDnfJyLgL5ih0hF/krwZ3BjOiq8/3PCT6UPZkiCIe/E65MEopHcrFHZyLGhDHlEsY
i1ZkFBM50CB6cm1f93yrXAzsfRzipmWyqwxivSoOvnaeKC/5aVoYBtM2T/rIt1NOOaWjlUk43/4I
g6yvwT0ntxiUMiCnzxOt+PQp6SkDJe2RvivFncEDdysrHzDBMMPgRBiyoCjFyofnWfWQM2wqnTE+
7VZp9/lMZPi0crjDT6KJdFikoZNewFaL1Pry4L1f0OXzq32Gj3y7VLsQDWCs3b0pX9CGMULm+AJZ
pXacw2Kt2r6X70P8wU5JMFsEdxZ0+DxoG6muwE7nnP5Tgjt0lvY/xFlLHQh6PM9pp7X4JueDlW+L
MqwrrHSgxz3ucV17syPdZvRwn2/pM326rzPfHnmPEQfjHgaIlN9ldGfCIJWDtCHxuybWVS7v+7x5
9osSKcuuXbtGt8fSsvvwY/ofTx/Gl1Q20Ia3b98+pZcwke7zwZDk5Uvs9x+6Nv2+z3dVn9d22L2x
qcuoKX6nrjFSwCN6R3smnHdM4Pt2YVdBxXsTFQef7zt27OiiMbGGrPXxfP/J+0MPPTTqP10ke4CP
fRzlwTv/Xnd3E15h+nxvFFJeKRZ9cckzvQuWNFhw6Onx8Xl/9L2Ozu5oZvL0WTufFWnuS1s01vi1
uKf6GnWV1hdh5FiQlZaZCXzKp0lcffflTHEfxYOWpoxpSrPPxxguo5dfMJCGhyb+ZMz1hh7GenxT
HMYHfh6Jb7QTMMDV8uA8+pQ/PhPSKpfqYB4PstBFu+rR8Xx6Q8+e38fwBXjJ0T+maVMnOG9YUxid
aIFBQXWhb+xuY0GNjLvgzlzGos4bUZSXfF/vvBPu/iQlhU19xklpHaFbyhBFePidcjGnqPjkyWK/
RQ2IY8oljEUr/IEx1Jc71/bTHX65+c+0THadQjQU+fpicbvPy2OgZ3zGqGmbJ327KmDCqXUKi2HK
tz/CoFvU4J7KLfJgww6GL/o85Ymfu8O5pD3CJynuGL2YX1E+4IRO63cGa0GRwnhfuKoecoZNXxfz
nrW40+eRPnOSq3fCXbTA7/CTaOI9/TEbLHB+QUKatv/tF+74/Gqf4SPfLtUuyBMa+dPu3pQvKBNz
Nzm+QFapHQsLlWMt276X78Je+crnPX0ObhHcc/pgqiuwGE99j6+jEtyJV9r/EIc85umejCPBzLua
vPwCGeGc831b9HVFWPgCWcccsuJSV6ke7mktfWYRtucLtUfy4z14sBADV8vvLAbyeagsysP/Rr57
V8oXPm7Jc0n/Q7q1esl6tv2S8rewa4vAShvW6URpoPzZXd/ds96xa0O749IJGiaSH/3oR8/EIS4T
CLmJbzp5u4dzJg5KDcZLJkDTfPiNUoGAEl34TEwycad3di9qNKwzQa+w7KzXd+8zwZUaQTwWPmz6
DK1MWqd0MgH57Gc/eyY/jCNM3jFxncbRb62mxXBBOnq/LL8Wd3blHXXUUTNlyvEFhsYUKxmaWWDh
v1E/Mg553Et4ME3Tp++fOUbVY8oKsbRM0EPHbXeXdHRixMPYpTqgo8jxE3FZKcYASGFreZD4559/
fkeDysHELUqWL7P4XXnil/Cgx1355Pwcv5fwBbioPSp96gR6WYyhd/LFM/Asu6B5n+ML0uQ0C1+3
HovS51LcuRJDNOfo41vKQ6IJ2cNEhuJ7nx0ItCXPe4pX49fyOxMxab1B5wknnBAHwTlaUGQxcvvy
8Aw+LKLoKxPGcB+HfOED8tJ7lEl2nuo3PnKclZosTNJ7DBrkw+kUCiNZX4o7R0gpXXzoQvYjy5W+
vucWQpS0R/AkPAtFlKb3WczDoCHXR2LwTesKGU2/6elcdBGKlz+eNv/MitiUN6gjuw8+W66dO3bG
OlQcFGUmWEkT2ePT9s8scFCcZflMalGPPh9ogEbt3iWvFAewR87l+IKyMJASjaU8qHilvgzr6BQ8
6zhx4crgkvaqdBfFnfLbHXpT2JEX2MyT02NxF60l/Y/irIcORF65Ps3zE88YC9j5ItrgLYXJ9SU5
fUtxF/Hp81K5Qf7IY7/wNOV3JgeobwzrXr5QBs/vffKP8QH6H4sTc3ioTJEv7pFpjzun26PC1/p9
/Y8mZH196XQW6M7VFXgy8ZvTS9ar7dfisJ7x1nbYvbGp03bUntP2wXuMh9odl1JKXK/3KB18dEb0
9tSxi5KThnxYnum7mMRkMi3nOB6etqx48Dk6hibueI9MxzgB3yssi2kUx/ucyqZdWsrPY+HDps8H
HHDAzAQsabDjh5M60vDHHXdc1G+YuM46MxJrBw9lIJ1lu1rc0cnZdZSWKccX2sSgsJ2h2YpjdwBP
pcECChmHPO6jeTCTpvJNfSaFPaYcT5yWCXo4degpT3lKRycT294oygKvHD/Ba8zxYMyTq+VB4mOc
T8uA4ZWx+o6zd3TfxO/KE3+IB5kX8DyIwTvNJ/ebtpkaHOCLY445ZiZ+ji9YeK72qPSpExw6uN7J
Z7yKg2dlDMnxBWkyX+XrNkas/K8Udy0Gh+4cfbxPeUikIXtyc3DEYUEHbcnznuLV+PB7WldgB7+f
ccYZHf4prZxWk9Yb9DFXwILEnEM3x8hNOP8HPiyi6CsTxnAfnnzhA/LS+ze84Q1T42feYwhlZ7cf
s6Erkg+79RVGsr4Ud06dU/740EVboB0pfX3PLYQoaY/gSXjmE5Sm9zkpj4VKuT4Sg29aV7RF+k1P
J2kv4rz88bT5Z+bTU0cdsSDVh9Mz8+x8l8P4ygIMvg+NqzlRatmOBbrUo2gTDdBIPyWX4gD2yLkc
X1AWf0pIKQ8qz1IfPsVwedJJJ0WeReaqXODKKRK0V7lFcaf8fl5aeYHNPDk9FnfRWtL/KM6QDsRC
sFy7Im5pXrk+TVh4H3km5/viXF+S61cVdxGfPi+VG+TPuJAxllwtv/fJP+ZB0f90Iha4eDyUbylf
KF6pP7b/Id1F9JL1avul5W/h1w6B69CQTBCvrDMjRLjRjW4U9t1332ArwIJ1xsE6g/j7oIMOmku3
rdwO1sGFG9zgBsFgDNa5hL333nswnh3xFmziKey3336B50MOOSSYEBiMY0odixRiGPK4/vWvPxh+
oz6aEhBxBAswBZchZ5OTwVbxxSBmLAhmvB0KvtC3GtzJ0O4fCraiKNbRDW94w3CTm9xkITrSyIvy
YJremN/gTv1QX2P4T2naUYbBJjeCdW6RB+HFZTtoAhMcbaQ0j1IerKV/rfnCOsxAu0cOqUzImr32
2ivYDru5MqO0XIviXpof8hb5SR2bYhHreZ68KM1D4Wv4Hezhd3z43SY/R/Ei9UZ59tlnn5j9mH4E
LJAxxDnwwAOXXrfCAX89cSc/8e7YPgG8bXAWkLXQaittI4+QVp8jjhl2Yzg7rnLpMrov35L36n8U
h35krfhdedT4kjvImVLZOza/teZBG2AFO8I02OAx2DFksc+CNnhjnn42tgy5cHb8WbDBdMyPfErk
dCnuNf2PeLBE96ScNXnl8Ol7txE6kGihD0I2IXvBZdmOeuUPvammzZfyRQ39Jf2P6KnVS9a67deU
f73jjNEJ1pumZeaH3kRb0rga3Ubj6jHjJ+SNH1eje82T28g25Ihk2xjZi97AWBxHHqs8rmZuAjmF
XjRPbzAjbLCTcKIeacaCboy9zDpWWjW4E5f5DPpL5j6Ygzn44IOV5FL8RXmwhghbwNaNq8fwn/JA
3/Xjanhx2Q49HExwtJHSPIhfwoO19K81X9B/aYygMmlcbQvDlj72WhT3UhzpX5Gf1DHjUOp5nrwo
zUPha/hd4zt8/hjvjuFF6o160rh6TD8CFsgY4tDnzptnVblq/PXEHfrEu2P7BLBmjKxxNWM7eGTI
EYe5E8LRZpYto4fyHvtN/Y/CQ+Na8bvyqPEldxhXj+H3mjzWmgdtQU2wqz+CnbARbEPDuo6rkWlg
hx5YIqdLca/pf8SDtBOex/b9NXmV8MVG6ECij/pCNl3vetebK2cUp8SnXhm7wxM1bb6UL0poU9iS
/kf00K9JtpfoJWvd9lWm5m88AitvWN94iPY8ChC2crbiMNh9KcFWpIadO3fqdfMbAg2BhkBDoCHQ
EGgIFCNgu2PD4YcfHuyKh/DKV76ym1Bby4m1YiJbhIZAQ2CPRGCrG9b3yErd6EJfM6ye2DWTjKVt
92qw0zbi+HqjSWv5NwQaAg2BhkBDoCGweRG4YtcV4bBbHRbsiodw3hvP68bVYXhf4OYtcKO8IdAQ
aAisGALNsL5iFbLR5LA7wI7AiavOWE1rRy5HktiV+LznPS/YkVXXdtYbTWzLvyHQEGgINAQaAg2B
TYOAHa8a7KjxYMeURppPPvnkTt+wY1nDzW52s01TlkZoQ6AhsPUQaIb1rVenG1kidiZhTGc3F7tc
7Ej7SA67Eu1I8WDH67dx9UZWUMu7IdAQaAg0BBoCmxSBSy655P+zdx7wltRkG48KKiKsnxXEAohg
wd5RWBRsoGAXsdAsoDQFBRRYxN6RoiKggAVUEBVRAUGwd8XeaSoqWFEsIPfLP+xzfE/uzJxyy557
98n+7s6cmZQ3T95k8pYkZS6Rj18oNdh99917cvWBBx5YdshZoFUz2UbACBiBBYOADesLpqnmh9Cf
/vSnaZNNNmksbKONNkooxdnaw8EIGAEjYASMgBEwAqMgsNdee5Xt35vSfPrTn075fMCmV35mBIyA
EZgXBGxYnxeYV5pC8rmRaeONN26sbz7DO+Wz6S1XN6Ljh0bACBgBI2AEjEAXAjioH3fccY1RvvjF
L7bq9RsT+KERMAJGwAiMhYAN62PBtngTcWbPhRdeWM5WituycoYxq9Y5F87BCBgBI2AEjIARMAKj
IsCZipdeemnxpq/Trr/++o3P63j+bQSMgBGYKwRsWJ8rZFfOfJGrf/nLX06Tq3nOea63u93tVk5g
XGsjYASMgBEwAkZgRgggV1900UVp1VVXnZbPBhtsYLl6Gip+YASMgBGYfQRsWJ99TJ2jETACRsAI
GAEjYASMgBEwAkbACCwgBGxYX0CNZVKNgBEwAkbACBgBI2AEjIARMAJGwAisIARsWF9BwLtYI2AE
jIARMAJGwAgYASNgBIyAEZgMBGxYn4x2MBVGwAgYASNgBIyAETACRsAIGAEjYAQmGQEb1ie5dUyb
ETACRsAIGAEjYASMgBEwAkbACMw5AjaszznELsAIGAEjYASMgBEwAkbACBgBI2AEjMCCR8CG9QXf
hK6AETACRsAIGAEjYASMgBEwAkbACMwEARvWZ4Ke0xoBI2AEjIARMAJGwAgYASNgBIyAEVg5ELBh
feVoZ9fSCBgBI2AEjIARMAJGwAgYASNgBFoQsGG9BRg/NgJGwAgYASNgBIyAETACRsAIGAEjYAR6
CNiw3oPCNwsVgampqfTJT34y/f3vf0+Pecxj0qQoxaCrDte73vXqRxP3O9I9LL3jpJm4is+AoEnl
wRlUyUmNgBEwAkbACBgBI7BSITApMsRKBborO1EIINOcdtppRa5+3OMel25+85tPBn1ZrJ7K/2IY
Vk6Naeb7fhwZeZw0812vuSxPPHjllVemxz/+8ZPDg3NZaedtBIyAETACRsAIGAEjsOAQsGG9pclq
gUa/J0WAEz0if1LoEj3zef3Vr36V7n//+5cizzzzzPSABzxgPotvLOuaa65J++67b/rd736XbnKT
m5Q4v//979Nb3/rWtNFGGzWmmYSH73nPe9KnPvWptOaaa6Zf//rX6YgjjhhI79e+9rV0yCGHpLXX
Xruk2XPPPROKmJUpTCIPrkz4u65GwAgYASNgBIyAEZgpAjaszxTB5vRRbi0yq+yjk+JvHIy210uZ
qEmhqxnOOX3685//PG244YaJdvryl7+cHvzgB89pecNkfvXVV6cXvehF6be//W1affXVS5LLLrss
HX300emud73rMFmskDjveMc70ic+8Ym0ZMmSdMkllyTk7EH0fulLX0r77bdfWmeddUqal73sZemJ
T3ziCqF/RRX6i1/8It35zncuxX/lK1+ZCB5cUVi4XCNgBIyAETACRsAIGIHJRWBiDeu/+c1v0ne+
8520yiqrTEMPo+XDHvawdLOb3WzaOx50pVUCjJ3kcf3rX1+PyvXyyy9Pp5xySvrc5z6X/vSnP6X1
118/LV26NCFkItQddNBB6cY3vnGJ+/Wvfz398Y9/LIJnXyb5x2qrrVYEItLXZdRxR/mNYuKCCy5I
p556avrpT39aDKB3vOMdS11+9KMfldXaz3jGMxppGqWchRQXg7WE1HPOOSfd5z73WeHk/+Mf/0ib
bbZZuuiiiwotUijNBX0XX3xx+v73vz+tr2zykE3SmkvWHAmLXXbZJX3sYx9Lo9D7kY98JO266669
NG984xvTc5/73JHKXeiRJ5EHFzqmpt8IGAEjYASMgBEwAvOJwGI1rOMs+41vfGOarAC2//3vf4us
21b3rrRqm5uuftO0dPOl02TeP/zhD+mDH/xgOuuss9IVV1xRjGVbbrll+slPfpL+85//pNe97nU9
uRoDGnJ4k7M4cvvtb3/7tMEGG0wrQzSMc0Xe+fa3v11o/PGPf1wMoOutt156+MMfnn7wgx+UlbLP
ec5zGmkap7yFkAaD9W1ve9tSZ3Qdcl5fkbSzK929733vhCMzgXaDT+aCvgsvvDB997vf7esrlIVc
j+P5sAEat9tuu4ScPAq9H/jAB9Kzn/3snlx95JFHFqeCYctdDPFYmIDDPoFxaxJ4cDHg6joYASNg
BIyAETACRsAIzC4CE2tYR6hg5SsBYURBwvanP/3p9MAHPlCP+64xLS+a0vMcb9ioRGC1M0Zpgsrh
XulvdatbJVbnYtDHcHq/+92vKAD0PqbTM9J8+MMfTve61714PaPwr3/9K+2///7pxBNP7KOPTGN5
onFGhS2gxH/729+KwwMKm9e+9rUJR4NJCNDzz3/+M93gBjdIKGVQ3MyFYR2h/eyzz+7xgOp+4IEH
ppe85CX6OdQVvv7LX/5SFAE//OEPh6IXxRgKDwzq7373u8t1ZTOsTyoPDtXojmQEjIARMAJGwAgY
ASPQJxcuJjje+973JpxnCZIZuZe8+8UvfjFtsskmPJoWYlpeNqUnH4zicdtwjuliG2eCyuFe6W9z
m9skjNnI4sgRGM0xxOt9TKdnpGFnrfve9768nlFArt5jjz3Sscce20cfmcbyROOMCltAif/617+m
ffbZp7TnYYcdlnA0mIQAf1111VVFrn7Sk56UvvnNb866YZ12h2fhMYL4AP599atfnV7+8pePBAVy
NQs12MkNJ/hhHAGQq9kC/ZWvfGXZOW5lNKwjV6PDoM0niQdHanxHNgJGwAgYASNgBIyAEVj0CEys
YZ1VuJ///OeLt/BJJ52UEPhf+tKXFuGOleMIKNEoHlvql7/8Zdm6DGFo1VVXTUrPFuEoFRCkb33r
W6dHPepRPa93jIkPetCDygQeL+Hdd9+9eGtfeumlCQPlueeem6JhnfJ4xkpV5f/0pz+9ePzz7lvf
+lbZ7gsa1lhjjUIPW3qNG1iljxAJDgh3GDHBgNXw4PT85z+/CH81jbE8CYd6FpUcetZ2jWmHSRfj
k+cwaVR2TDtKOqUf5hrLIL7K4bnum/JpS9cUNz7DIQKj81wY1n/2s58Vhw8Zd1Uuqw1Y/QH/jRrG
oRdnl2c+85kjGdYjnrONe1Pe47TvoDSjYlvHb6KzjuPfRsAIGAEjYASMgBEwAnOLQJtsObelzn3u
rMI995xz0yqrrpKOP/74dN5556WDDzo43WmDO5Ud2dhqOhrFI0Xs2nb++ecXOfOGN7xhL/1DHvKQ
9MIXvrA4EbO6dKutturJ1RgT2U0Mw9jOO+9cZPjb3e52ZSevF7/4xcUhOBrWKY9V7ayWFn04JW+x
xRaFlK9+9avpXe96V6GBVcOsJmcF+7gBXcKjHvmodN755xW576ijjirbbSNXI6shzzA/r2nsKy9s
H8/zLjmmL13+MercP8af67JqWof5Henr20qftRFt2+rX+BGxLW4kIqfbc689EwbnYQzVMekw9+ym
gL4FBwOOdVOA33A6H1muHpNetpDfdtttSz3ZBn+Y0NcOWV/UFmI84gzk3bqtludNPl1pYznii0Fp
2mge9rnKVHnDpnM8I2AEjIARMAJGwAgYASMwKgITa1iPFZGRDwPyxhtvHF8Nda/0nBN2l7vcpTGN
jIIY108//fS+7b8wunO+GF70TYbRtvwx8KNkQKkw0+2xP/7xj6eddtqp0I4XdX3e2RlnnFG2DcOY
ijAYt8mHfpQVrGTHWxplAquot99++/Knre3JHGHktI+eln572W9LWZtuumlZnY8yAyeDW9ziFoWO
rbfeuryv/8Np4TOf+Uzx9Ga7NhQUKFIQDB/zmMekG93oRr0keJ2z+p7ANoR4iCMgsxU/Dgt3utOd
yq4F97znPXtp4g07DKDsQclDwPkA5U2sT4zPPfXD2Py+972vbEPIs3vc4x6Ftj//+c9lVflee+2V
7nCHO/CqF1htTnngh9KHQLrnPe955dqL2HIjHmnin5YkIz+Gv3G2WLrZ0nTxJRcX5RXbz0kp1ZQh
dYEm6o5grKMP3vzmN6e3v/3tjfyO9/15WSGn7fhuectbljLYNo/V85HXIz/RTv/4+z/S07d7etne
jXI50gAFBg4wL9zthekJT3xCH5nw7mmnnVacV+BbAnzxrGc9qzixNAnz7ERBvuRPGnh2s003S1df
c3X67Gc/WxR2KMpigG/pI6yugafoH4w17DRBPo94xCMKb8U03I/CgzgLoSShD6CUoW+desqp6YxP
nVHoZKUQvIfTT1OgLrQxysRrr702rXPbddKmm21adt5g1QZ9bb28qoQxx8EIGAEjYASMgBEwAkZg
NAQWq2G9h0Iw8nHk2sg7qoX0zEfvdre79bKON8itT3jCE8pRZRyvFo92i0b3aYbRkD8y193vfvde
tjgSM3dGrj7iiCNmtD028tHTnva0IvugX+B4uBg4FgtnA4ypHMEW+QKZCbkbeZt3rDBGbkAG3XHH
HfvkUOSgk08+uRxTh8zCFvOszmcVLnIBDvG77bZbkZNj+bpHPkEvgSyEfEM5yKjQjswX5WrkM1bf
E5CrcchHbmArfuQ9zk3nvO62I9OQgZDJlCdyNbQNkqu/8IUvpGOOOSZxJB2B/JHpaWfal/PC1113
3fKu/Jfb+Bvf/EaRicCPI/wIpGNhA1u+d4bAI9P4pzPhaC9xJtl8882LDHhRPtoN5xR0MOgz2gJn
wKMH4ahA5DLOCUcOP/TQQ9Ob3vSmRkcA2o2d55A/CciBlIFsRxvHFeuRn2gnVrbvsMMOZTEIMilt
jfEfmRsHFvgkBnj3Qx/6UDrhhBMK3/IOvmDhCXQ2ydX0uw9+4IPpzLPOLGngWfgYuZS6ordZa621
YjFlEQt95KMf/WjhKfiWdmWnCdI8+tGPLrzVlyj/GIUHaQ/Khj9xtoEm6s/YQ59k6370L7XMrzKh
n76P/gK5Gn0VGHDUIo48tB+7aKDDcjACRsAIGAEjYASMgBEwAk0ILCjDOgauNmGwqXJ6NoxREwEa
gRiD3eGHH66kvSvCAYqBQw45JN30pjftPeemK/93vOMdZcV7NDb2JR7iBxP/xz72scXoi0BMeXVg
tTJb46+/3vrpo6d9tCcEI5A/8pGPLEJWLSwhnOFIgLEPwyYB4Q6BnXcxKK2ev+ENbyhG5RgHQYSt
9BE+FV/vSYeLplUuAABAAElEQVQgRlkbbbRReYzw/tCHPnRgWQiK7DYQA5gsXbq0CD88V/5d2+BT
N7a2Y2t+QqRR9eJ5zWdyumhLA+8gvHWFLh7pSjfsO+jH8QJ8MXojBLOLAYI5TgQItHVA0cNKE4Kw
iDjwvMaCc84QhgltaSKvg3l9ZAJHNUAngn3Mo95tAaFWRmLFKwXn/6ATQRfFWuyP1B1FEiGmifWq
+Qle2mabbYrjSUxDHkrXhOOoPKgjKpRnE41g8KUvfSnhrBADCjGUIyhLlC7mo2f0LRRcTe0d8/O9
ETACRsAIGAEjYASMQD8C0YDa/2aR/JqpUXLI9Mha7OSGwU7G3oggshMOrcgMcR6fBuT/1re+tawi
nolhHaMbhnRkmmXLlhXZPtLGPauVmVNjGMXoKeMyR3zh3P69732vT84gDfNy8mVHO8nVGNEx+jXN
2ZUG2QPdA0blGNiCHsMqjsxN8gkGQ3QT7AxAwNEBZ/RBZSFnsNtADGCC0VPGcfLoXK2fEyPjveAF
L0jIN4RIo2jgWW38ltNFUxri4wSNQ3NrGMAjrelGeIGh9alPfWpxaGAXQtqCXQxwGMDJoZazqC/y
NkZugrAQDnpWY4Gzv45gaEpDumhYB3MczOORCeCJgZnyYx4Y6NG1aEzDEQTHFNFSbpb/B53U9z3v
eU9ff6Qt0CMpX6WJ9aIOccEH8jFGbvisLV0TjqRDzxd5sK6DyueqIyoiLbE8npOefoF8HQMOEOjW
Yj+O+RCXvHAcwvmjbu+Yl++NgBEwAkbACBgBI2AEVl4EbFhf3vYIDvLqRcjHy37JkiU9D/s4Ua/Z
pctoisCO8B+NjXX6Qb8vueSSnvd216p7DJEoAhCA8LIlYFhny3vyOOCAA4qhldXsGEx1DnZtaMQj
HqMrygsChtHXvOY1RTCjHqwGrrcZj1vpg9Vxxx2XNs9e3ggpGPow+nIfjad4wrMa4XWve10RoimL
bfjxjscDe9dddy3e4RhK8YSv24AdARCM8Mpmu0BCm2GdslkN/P73v7/kgyEVozJtjDEWbCRQ1cZk
FCqsxMaQi4KI1ROcn/6KV7yiKFuajK6FmPBfF4+EaGPf4u3PCvp184oA+ACPdClaUBwhhMfwsdOy
I8kuO5dHHFHwqle9qiiB2K4ewbsJCxwnpIhBSQRv44RB3yGd0tS8TjrogZ+Iq4Cw+5a3vKV4vIPP
6quvXspebbXVihLp/ve/f4kq/kO4RfED/xGf8tgx4PWvf31pU37DP6wmOPjgg0tb3eQmNynKB2jC
O59Qty+7EWy55ZaFp1EEUs6///3vohBAyUC+bW08Cg/i/EJZnBkn5xNwZ/cHhHb1EXYKoB4K9GEU
a6SlDxx04EFprbXXSj/58U/SEUce0Yc7SoKZHDmhMn01AkbACBgBI2AEjMDKhoCMUIu23jM1Sg6Z
HqdknGOZt2IYZD6N/MnK9c4tmjvyZz6OgzmyA3nKOXjUtmKlKzt0QVu9Kj7mhTyEXM3cWnI1hnVk
IfLgzG3m5/AMq3BxLidPZPVoaMTZGRnkta99bckeR/i3ve1tZUctHPaRuettxrWqHwMqeSKfsJoW
DDCmSz6Jxm/kalbfIgOBP+lYNIDcQT2QLZBbkGlZ2cv7GFgx/etf/7rI1cjevG87Xx7DMzIYhlji
PfnJTy7lgAVyMzI3tPKuNiYjp4EbdaANcQZgF4K999670L3N47cpiwRajZkdPBLrM5N7dulDxkV+
xtDLCnR0H9QHuRaHixjkSMJ7Vj7DozhXINPpGIUaC7DVjg/I1SxaWC/vPAY+6I7AjxAN6/wmHfTA
T7SzArzADoMYqPfYY49iIIe/kavR7Yhm8R+4I+9ypOGee+5ZysO5AycPaKV8dm3AcI+uhu3okavZ
VZDz39HNEAc9g2R2aOE3ZYADdUE/QTnggDxNmibDOmlrHuRZdA7gtwJyNbyFc4ecT8AdHR4ys/oI
dErnRVrkahZEQCf1RMeF7IzzOrsKRNzRF83kyAnR6qsRMAJGwAgYASNgBIzA4kTAhvXl7cokm0k+
E3FNqHmFERXDHsYvvKebhDwZTREYtFU9BkAM1jvmLeEIg7bkLpFa/kMIZsU2Ah3COsLXqIE6QRP1
JJAHxkaEuNoQynut0kZQYhsvrSaIBvRo5EcIQzmw5hprpnPOPWeaIReBhzpAB4qIqAwRfgh1GGsR
cgi0BQbPdbOxmK26REN5Wf2HgIeSoM2wjkcyhn5CU31JhwII+mrDK2lQIEAX29cjHCJY/u53vyve
/dFZgLhNQXVsyrsp/qjPcBgAv4itykTBgrJCAacAdgpAiYGjAMJy3KJRuywQX/RSf5wXEJAR+uEP
DOMKKHlQqhCa8OW56OEeARejsrYbZMvC2LcUF6cQPPC18oO0BPEn93IcwIsffkHhgQEfr3fxEvFQ
YoEPHvTxSAi8/NtW9+OwgCKLVfps2xjzI88YBvEgcVF2MI4gvKNkY8xROProo4uDB7tmoIhRWXL6
gc/ijg+ki6v6xz0qQ+X7agSMgBEwAkbACBiBlRkBG9YHtP6QRk0M0MhdzNGjXI0xj93SMNgxx49z
/1JyyJ+t6olPQIZlm+inPOUpZX6MHKAdtEqEEf7D0M1qdAxmrGadiVxNPQlL1lySXnnoK8uW302r
6bVKG6M8K/Ul08qAjkwWt9ZHPkcWgja2BJdRVNXEAKkd4Di+C+N5Ccvxgwa2YEfGkzyBERLsMRZj
gBcNyrN3zXnsf8D+5eisNsM6Mjr6EfJucnLAKUG7udWGdcqJcjW6CZyrkbnYejs6C/RoijeBR5ry
jlHHvWeBAI4DOIUXGTqUiUGbtlHA+QHjMVeMz8iLUa4mD3bMAyvRi9yL3Axf0B7IptRbAecE+geh
NqwrDnI/7UygXIzKbXK14qLPYsV9LVcjX2rLc/oH/IZcjYEcxwLRLV6iTHiLRQaRb3mOPqZvdf/1
8655y304cNxAt4T8i1N+zI+0MYAxq9LbDOvERa4mP/Q8ON5r1zreoZvCwQNdR1ygwdiBzgc9Bosr
tBCBNHFVP31k5KMyyMTBCBgBI2AEjIARMAJGYKVBYMEb1hFMWLX8fzf7v3TTNfq3aFcrykgnI6Ge
11eMphgoWb0cgxQCCDjHH398bzs4xVH+GMzk0a6VuQgMCLEITrUQo/SDrjM1rGMAZ1UvwkJTaDKE
Qi8raOvVs2Chld/Ck2d4RiNI1UbcWB5e7fvuu++01b/CrzYMylCK0qHNYK78yQNBsS2ejKcI7Aiv
TW2B8AZ9teEVQ/QH3v+BojBRefG6og3rCJU6KgDBWAZltiLEGF7vLqCV59ANb3AGeQzkp63R1cZq
C9KiEIqe6UqLEqjNUYM4ameEe/hEfUXpdUXBouMLoB3v8X9edZ3iijirrLpKYiXBQQcdVJKIxsiH
vMBAjWMM2zeucdM10u3vcPuiRKvPgUNphKMBAQEab3qUG9B3xzvesWzLjtDdRm9JmP8bxIPEU91Q
vqBsjMo8FBmscKlXx6Og4Wy+6DShMrmi2AAj4RDf+d4IGAEjYASMgBEwAkZgOARWdsM6cjXGL2SD
RsNrMDDK2NaGLHI1BkrkxhgkV2Pk0xnJvffL88dgiOGcuTfxWRFOQK5mzh63W++lHfJmJoZ1aGEn
tmUHL0vnnX/etBKhr8mwjoM9W+NjTIyrZ6euzbtvPf+6ld/CE6PzLjvvkk448YQyx8dA3hRwhMag
isyGE3xxUgjtg2NCNAyyLT06CVY7txnMSznL82AVdls8tn9HzsK4z6roJrma1dPQh9ETeUwBJwL4
ota36P2KNqzjxMGW/jg0wGcsDKBdWTCB4bbeXQDDM/WDbozM9XFe5IeOCJlbbay2AF+2Uqdd6oDD
NosWBhnW2cUBWbBNTkX2JH/agVXkRx11VDGaqzx2/rv44ouL8Z9nyKfI+fA6Ox6g+yJwDz8VuXqN
NYqjPXLy2muvXd7rPzDA0YDA8QLsQMBOa9DHThHoHza++8bp+je4vpI0XtEXcGxcl2FddWOxA84m
Ua4mHfJ7vToenRi8h8MD59DXAR0Fzv/CoX7v30bACBgBI2AEjIARMAJGQAgseMO6jFFMgBHemoIM
eoMMTwgQCE4oFdheCsEPoz0esDo/DI9XrcxVWcqftDEgfKBMwCu2SeCMcbvuVcc1shCD8RkhZtiA
MCQvduhjeyyURgjBCIzUucuw3vRO9RWe0ejKyuUoxEc6MbyzxRiCOMZCCYB1fkoTjZBtBnPFJY8u
w7ocBeqylb7tygp9hGFt3Y0wiFCNUgJlEPitaMN6XI3fVo+4YwLnGiIcowzB2WLaapGcSd0mkQc5
a65WGlCuVpE38QzvlWftQMG7GGh3zmbDiE+o+1WMyz3KNpQeBOhEwUTfJdA+MdBW8EJcsU4cHAIw
ThPqNDxDqfXSl760x7M8q8MgHiR+F0/LgQbDOg4+UibKkaU+skHlC3f1Rz331QgYASNgBIyAETAC
RmB4BFZ2wzqGPoyEzIlZZTstBMOtjITT4ix/wHxacjVbkeNUitEemRr5lHfcs4V6LyzPH+N0Pf/H
SIdBjHn+TORq6sgW3BjhWJW6Xt6Ja9iAsZgjy0Qbx8jBMxzpxC5ShC7D+rR3DXhGoyuyOvVuCse/
9/i00847lRW5GOyLXN2Qn9LqfHi28m4zmJe4y/PoMqwjV1J3VgP3ylZBHVec5ZHZtHU3q4a3e/p2
6fIrLi9bksMzK9qwrtX4bdWg7dnBDXmNoG3g6TeN53E3tEnkQbZpRz6tg1aRDzKsD1pZjezJ7gI4
AIhv67LibxwAdJQBxunN884T9N0YJCvTfuh+tKU9cXj3ykPy7g2vOjQm6ZOvcUw5eFm7kz0JRzWs
1wZ4DO0bbrhhMayj+5BczU4EOHbUZ8OLWOFuw7oQ8dUIGAEjYASMgBEwAkagDYEFb1iXMarNmEfF
ZdDrMjzh9X3ssccWz2TOgKuDVuPiFUx+MSh/hMxNN920bEvFe7Y1m40Qjbv1CvKu/KOBktW9eMhj
nFdAEOQc8ybsZIhueqf6Ck8EKFa3I4ggqLC9X1OQQbdekVvnp7RdRkjF0ZU8hjGsR6Ol0sYrdYlC
p3BA4KV9tSUhaXC+YDXFsCvqUTwIs1jmTO/xaIcv7n3ve09TDqHAQjCMmMsQi/f66aef3rddHbSA
gXYgEL2XXHJJyR/+QZGG0qMO2hWgiWeI29bOdT7RUePAAw8s27vj7d8U8LLHG10KNniGdkFhgUDN
bwJbr8Pv1K2JB1D4YYxHmSLlAfmceOKJvd/CookOng3iQeJ08bTGspo+bc3fNPY0tRXlNAV4ARzh
5TgONMX1MyNgBIyAETACRsAIrGwIrOyGdRxUcT6dZgAWIzQYCfUqXtmW+p3vfGeRQaZhmvNg23RW
42JgO+SVh/wvacgf4yXOzeykRZgtuVrGXc5Jr1eQ/4+Q6XcYplnJi4zBduA49Mf5NEdX7bDDDo3Y
IUOyYn0arqG+clRgxTpGa1ahc/416ZqCDLptK9aVn9LOhWGd1cAyWqqcvmuun7YB57kM8siRyKPs
sqaALLbJJpsMvaIeg3NdR+U19jXTu9/++xXdCMZodrqLgZXdOFDEVdDoCli4wCp3jMxxG3jS0p44
tCNTil54j9XbOHfgSF7vpkY6bak+yLA+yACMXK0t3TlPnF3uuuRqjjWMcjXtwip0DNc6+gCnfpzA
kUObeADdFfI09WU1OeFvf/1bevcx7y5ntPN7EN1zYVinXI6GY9HJwQcdPG03QuqjVfqd9GU+ueTS
SwqO8HIcByjDwQgYASNgBIyAETACRmDlQMCG9eXtzGpUjMIYsbbbbrtprf/xj+Wt0bNXOJN8FAEx
yGDYtVo7xh/1nkk+RjXowyjGytV187njdcCQiGEQAYczwGWoIx7e0De/+c17SRDydGZ2kyFUBuWm
d6pvNDTqGQIoW+TpjC8ViCAGXdCHpzDbcMmArbQxP9J1GSGVr67k0WVY56wyKSbaVkzjoY0Sh/Pf
2YKcIL5oandWEXA8AG0yzIr6uTCsy+kCoZl61QZvdlxAQCYg3NI+kS/AbOnSpeW9/sOjHeUAQW1C
W2gVOYLo3i/+35ntxEPoxiCMcqCJZ4jT1s68iwHeREHBavqmshSXfoHxe8mSJeWRaGTHiabt/uVQ
EJ0MSKjnTViQ5+Me97jCt8JC5dfXQTxI/C6eVrtQd5x8tKMD57/pzDgUbPAcfYf6n3zyyb2dOtro
Ix79TSvyEf7Z2pAz/RyMgBEwAkbACBgBI2AErkNgmhF4sQGTDUJ77rVn2V5aRr5YxaEM61kWPvKo
DqNmLuNFu7+oGNZPOOGE9OxnPzsWUe5lYGVHKOaovQB9y/PvWq3diz/GDduv777H7kXmR25C/sPI
GQNzZ7DAuMYcHLma3+z2xRwcZ9x4lBayC47lOCxPM57njEcxrKflbUQ+lMcq6Ca5GvkN+nCGxsG6
yNUBv7p9Z9OwjrzMVv6UWW85D47ghz4AfQJGzHXWWSc/vI4v0LWg12DRQi/kd1/92lcTZ9DTJgNX
1A/iwV7Go93I6QK5mpXgtcEbJ2W2gqfeGJpZER35gqMAcQaJASM0u/mRRm1CW0QnDWTIGORkgEw+
U8M6vLnFFlsk5EkcQtq24KfNKFcLTJBZcS645ppr0g9/8MNyFFukUSu7o5MB7/UcLCg3BvLcbLPN
Ct92Gq5zotkyrOOkgvwsuRq6OHKOQH8VH1N/nB923HHH8q6NPuItW7asbBdPRORqdvPjXHoHI2AE
jIARMAJGwAgYgZULgYk2rCPUsE31K17xisT515/85CfLBF+e67xD4GByXBvzSMvElzhsMYfRUel5
jjdx9CiW0Q8jKUKgBGfisg04279zjSuy8fbFiFfnD32N59LNgLfYMo2t06AHGjG8ccYcwhKewKd8
5JTelltsjY1nMmeDEwfhH7oxECLUYYDnfC08oQlso8+2dhI4KIPz0DEq1++oG1ipPRCAyROhEcMr
abfddtsiLEMnAfpYMY/nPXHPP//8nrGX/DC0I4TRPsqPdNCNFz5CLkZDzgVT+Pe//91bwUA7wiOk
Jx5KMeggqB0Q5DBI4nENXSh6wAh6KAejN2dtEYQf91otvOWWWxYPZwzuGLMp5/nPfz5RSn78RmlA
fgps5UeAB6kjSgjxoHhY9CnNKFfqeMYZZxQHCXBj5QKKn0gDgjsOBRiptZ05ZcMLCIEEeANjM+lw
EIg7DsQ20VnepDnowIPSjjvtWPDFaQMsWBVOqHmGvghvNfUT4kOzeI/fBDl2cE/f3n777dNqq63G
z8LX1FtHHCAgs00ibSzjP/SgOIhnrdGW8GFtWFdZCMZgCF8o/OY3vyk8SN+njePKilF5kDzhNXY5
ABPyE0/TlijOUMZAH/2PM+wIKDToB9pikjou3WxpOunkk3rb5ROvpo9nBHDRmfXXPbkO03jGo577
agSMgBEwAkbACBiBlRWBxWxY13ycc4WRezC0sXuVZBLkFeQ5ZIraOCy5mvk6MgRplZ45bJ9cjXE3
G+/JAyMpzpzsLoWcQdxf/fJX6VGPflRi1S4Oohi+CMjVzHnr/KFvJvJSEy8jCyPrQw80nnzSyWmz
pZsVuRqnZLaof/nLX15oRoZiJTUrcDk7mrk8dCMvUSecinFeRbbk95vf/Oa0995792QbymD1Pseh
sZKfI54k91z9n6vTHnvu0WsPdr4jDxzRdc71U5/61IIl224TLrvssiIDcf40caNhGwyRt3AWpn02
23Sz3opxtoBHzuA4M4yGGIgVokwDH8AjrETHEIwDAXUgqB2QLx/y4IekC753QcGPXcvACHrACUM/
ciO/hR/ptVqYVdPwILLzn//85yJ7P/OZzyRKyQ/6kJFIryC5WjIlRlHxoHhY9CnNKFfqSJ1xpKAd
cLxe/SZ598H/kZCuuuqqtPVWW6fzzj+vLLRArgRzGYuhl3aRzgVHb3QIBN5Bb2njnClboSMz85yV
5C94wQuKkRZDPXIvfZEAP9Ee4hn1Y8qgb6FXif24Sa6mfeAjAoZ6dhqUXA0/wy/sYkigzdE5IT9q
C3mcN6AVufp6+d9U/ofeZN999+1bvU96lYVcDYaFL5aDyCpv5Fj0WrXhOvIg4wl1RndEvCYepCx4
jfEK3sARp8fTmV2/9e1vlT6E4R/5PsrV0ABfEpCRcQDAqI5eUaGmT8/BRWfW61mb84Pe+2oEjIAR
MAJGwAgYASOwOBGYWMO6VpEOC3s0rGN0a/KOV16cgcVEPK4y1spkxcGQxflSGA0xchEQaDFu4cnL
5B8PVwTfphDpaXo/zjNWxD/lKU/pCbd1HghmGI8xurNdHgIi21lhOKwDcQkSlLnHMIfiA0Et1mvd
ddctK4ARvNhuPAaETwRjhD2M7QhYylNnrWMwJFAmigdoImh78fJj+X+cgX744Yf3VhHHd9pNIBpQ
4/ume6XhHd7vrMQWfTzDyE69CDV+PIsOA/yOgfgxLwyiOhtbxtoYv+l+lK39Y3oUCCglYjvxPu4G
0EQDbYmTCQItQmWkX/mrXiicUBapjVkdvtVWWxUPfcXVlTQE5Qeu9C+8/UnfFZS/FAbExWEEBRTK
CeWJwwaGbgRnAmUitKOkoF4oGlBeQLMCq7/XW2+9ojDAOE6aY445po+mGifGB4RsFD0oyQjkgQAu
JcQ4PBh3TRB90ILTjrbz13OurPSAFgIrCOhbKBjqIHy6DOuPePgj0k9++pNe0nH5rpeBb4yAETAC
RsAIGAEjsMgQWKyGdea6zImHCcyVo2Edo1vXXJ5jsvrO7c5GLVasI4MpMNfFoMgqX84pJ7AaGEMW
mDOvlnFSaXSt6dHzmV6Zl+Psqnl0nR/lIutjREeuRjbBCeDUU0+toxb5gofKi7QYKJnHa2W5ErFj
1Pe///3ieF6vlMcoLlkSnNhFTXnqrHXJfpQBxjKIantxlcMVJ1pkjbr9Scs59+xep9XT0agY89B9
TMMz6oCsL/p4hq4EHQuB+BE/nkG7HAb4HQPxY17oYuA95EPtcBDj1/ekP+bdx6RdnrtL/Wrgb4zj
6AgwpsYQdwNoooG2RNbFGN5VL/JExwLGamMc9eF5OabHcqkLQXiAK30Hp3hk1K7Azos4htRyNcZ0
jitQnhjaL7300p7jNmUiV+OoAV8iV2sLeZUH/1Nn5HN0CaRhoUbc7VGGdaVhfEB/wEIJdEYE9YEo
V8uIr3RtV2Rz7boIf8UALeDLIpC+HRFyJPRROtIP7Olb9O06CJ8uw3pNK33MDus1kv5tBIyAETAC
RsAIGIHFj8DEGtYRduMkfVBT4Akuj/dh0iL84JWsCT2rWzXZbyoLgy+T9LXXXru8xqMeAYVVyE2h
Nt41xRnnGUIMRjhWEseAIRPPYYytEsZ4j+CAN7VWp/MMoenVr351WeWLokSGZbyqMSDigY9RVAGs
8ApHaVIb1tnKjZXQCgiXbI8lL2A9x0MejKUU4DlGUjyEVT7P9txjz7TskGWpqQ2pAwoQlC/aVp40
XQGlAXEVWMXPaoG6rVEM4FxB/lEQJd1ZZ51VhDTlwRUjL/yAoVNbbMMjeOKTvon+mF73kW/1bJhr
NDzH+Kwk1zbtokEGcuJFvoeX8AaPbQUfsZsBxmopxDDWs3Uc9bryyivLCoSjjz46FpsOO+ywsloF
Yzhh3WzoJg8cE1CMEMBYThblwfL/Yv7xOYItChXe1wGnAARnlAtalY6zC79RUDSVRd3YbpK2i31E
ONEv8GaP/Ei5CO/wufo+z8bhQfBAsRiDeDpu1c57aGXnBHCMAaUK5/vh3AM+rChgJQPKgzbDOulR
pLB6hkAfROGilS/lof8zAkbACBgBI2AEjMBKjsBiNawjr+I4PUxgjszqTa0gHiYtq0bZQarI1dmw
vtfeexXjfFt5OFkfeuihvaO3cBjG0McOZnWQ8U5HetXvZ/IbB3rm+OgEYrjNrW+Tjn730UWGjDID
xsF99tmn53hLGuQH5CCMbTi4Y1gmDTIQBkRkE2RsBbDCWZ6V8bVh/ZB83NzBBx+sqMWQimMtq5Jj
QF4FP+QABYyk/JZhm+fUDRmjbkPoA2sMkxjWN99882lGZeWrK2kwmsadzZCZWMnMit0YkDXQB5B/
LVezACLK5qSj7dFvsGU3+RF22WWXhLxJ+pr+EqH6D/oi31avO3+yAyF6HZwaFMiPleTI+wTRcLe7
3a23sjnyPbyEzBrbit0Q0EUga2pnPGRl+EVy9YEHHjitr6BHYtU2NBHgEwzeOCYgAxPAWE4W5cHy
/2L+8TlyIwZxVsPXAR7dMW+BTntFuVors5vKQo7EAYdFH2ClIJzoF4wHkR+JA0bwho7d4xlyde2A
wvOmAA+iv2K8ob/FAE8zzh2y7JDeTo68h9amIx9wdEAfwrgPPrQn/AcvthnWyY/d/qSfoM9RLm3t
YASMgBEwAkbACBgBI7ByITCxhvX5bgYMrggsCBAIMmyThhERQYGJcjyffL5payoPellBDH140Q8y
khEfw+Oqq65a6kId5zKw2pdtuaCPLckmDT+wQ4gDD8IgRRqe7GBIYJs5CZ3lwQL/j636EXyp4y1v
ecs+4bitajhsYNxHESGDdFvcmT6nDIRy+Igt+Civbas/2pX4tCf1IT4KI7Y1xFgdBf9IF9sqsnKG
9+INnGdo57ayYvoVdY8SgN05UGJ0GdahDxxQXC4m3l1RuLtcI2AEjIARMAJGYPEhMEgeWHw1npsa
YXBlhymOJEPm5LfkVhxV4/nkc0PBaLlCH7tDIQcw7x9kJCO+5GrqMtdyNQZ96SWQ+ycNP9oWOUNy
9SC5HxkNDAngvWTJktEabIJjI1NKru6SPWMV0JtIrkZO07blMc5s3SMns1hCcnWXrEu7Ig/TnrQZ
q9glV6N7apOrcRqhn0uuJg350M6TLlfjOMIOD12GddqCOoHJYuLd2eIx52MEjIARMAJGwAgYgZUF
ARvWV5aWdj2NgBFY8AigxGOFAwo8FBScGcc2hQS2nNxggw0WfB1dASNgBIyAETACRsAIrAgEbFhf
Eai7TCNgBIzA/CNQy9XsWKAjCzlabsMNN5x/olyiETACRsAIGAEjYASMwIJBwIb1BdNUJtQIGIGV
GQG2lGSrxqbAFvPaLrHpvZ8ZASNgBIyAETACRsAIdCNgw3o3Pn5rBIyAEVgMCLBTJVvcNwWOm8PI
Xh9j0BTXz4yAETACRsAIGAEjYARWXgRsWF952941NwJGYAEhwIr0xz72sdMo5vxEzk+/0Y1uNO2d
HxgBI2AEjIARMAJGwAgMh4AN68Ph5FhGwAgYgYWMAGeuP+xhD5tWhWUHL0v7H7C/5eppyPiBETAC
RsAIGAEjYASMQI2ADes1Iv5tBIyAEZhQBK644orEOXycrc75e5xvN5fn8E0oDCbLCBgBI2AEjIAR
MAKzjoAN67MOqTM0AkbACEwkApdffnn605/+1JOr11prLcvVE9lSJsoIGAEjYASMgBEwApOJgA3r
k9kupsoIGAEjYASMgBEwAkbACBgBI2AE5gkBG9bnCWgXYwSMgBEwAkbACBgBI2AEjIARMAJGYAEj
YMP6Am48k24EjIARMAJGwAgYASNgBIyAETACM0fAhvWZY+gcjIARMAJGwAgYASNgBIyAETACRsAI
LHYEbFhf7C3s+hkBI2AEjIARMAJGwAgYASNgBIxAJwI2rHfC45dGwAgYASNgBIyAETACRsAIGAEj
YASMQEbAhnWzgREwAkbACBgBI2AEjIARMAJGwAis1AjYsL5SN78rbwSMgBEwAkbACBgBI2AEjIAR
MAJGYCgEbFgfCiZHMgJGwAgYASNgBIyAETACRsAIGIHFioAN64u1ZV0vI2AEjIARMAJGwAgYASNg
BIyAETACs4eADeuzh6VzMgJGwAgYASNgBIyAETACRsAIGIEFiIAN6wuw0UyyETACRsAIGAEjYASM
gBEwAkbACBiBeUbAhvV5BtzFGQEjYASMgBEwAkbACBgBI2AEjMBkIWDD+mS1h6kxAkbACBgBI2AE
jIARMAJGwAgYASMwiQjYsD6JrWKajIARMAJGwAgYASNgBIyAETACRmDeELBhfd6gdkFGwAgYASNg
BIyAETACRsAIGAEjYAQWLAI2rC/YpjPhRsAIGAEjYASMgBEwAkbACBgBIzAbCNiwPhsoOg8jYASM
gBEwAkbACBgBI2AEjIARMAKLGwEb1hd3+7p2RsAIGAEjYASMgBEwAkbACBgBIzAAARvWBwDk10bA
CBgBI2AEjIARMAJGwAgYASNgBIxAsmHdTGAEjIARMAJGwAgYASNgBIyAETACKzUCNqyv1M3vyhsB
I2AEjIARMAJGwAgYASNgBIyAERgKARvWh4LJkYyAETACRsAIGAEjYASMgBEwAkZgsSJgw/pibVnX
ywgYASNgBIyAETACRsAIGAEjYASMwOwhYMP67GHpnIyAETACRsAIGAEjYASMgBEwAkZgASJgw/oC
bDSTbASMgBEwAkbACBgBI2AEjIARMAJGYJ4RsGF9ngF3cUbACBgBI2AEjIARMAJGwAgYASMwWQjY
sD5Z7WFqjIARMAJGwAgYASNgBIyAETACRsAITCICNqxPYquYJiNgBIyAETACRsAIGAEjYASMgBGY
NwRsWJ83qF2QETACRsAIGAEjYASMgBEwAkbACBiBBYuADesLtulMuBEwAkbACBgBI2AEjIARMAJG
wAjMBgI2rM8Gis7DCBgBI2AEjIARMAJGwAgYASNgBIzA4kbAhvXF3b6unREwAkbACBgBI2AEjIAR
MAJGwAgMQMCG9QEA+bURMAJGwAgYASNgBIyAETACRsAIGAEjkGxYNxMYASNgBIyAETACRsAIGAEj
YASMwEqNgA3rK3Xzu/JGwAgYASNgBIyAETACRsAIGAEjYASGQsCG9aFgciQjYASMgBEwAkbACBgB
I2AEjIARWKwI2LC+WFvW9TICRsAIGAEjYASMgBEwAkbACBgBIzB7CNiwPntYOicjYASMgBEwAkbA
CBgBI2AEjIARWIAI2LC+ABvNJBsBI2AEjIARMAJGwAgYASNgBIyAEZhnBGxYn2fAXZwRMAJGwAgY
ASNgBIyAETACRsAITBYCNqxPVnuYGiNgBIyAETACRsAIGAEjYASMgBEwApOIgA3rk9gqpskIGAEj
YASMgBEwAkbACBgBI2AE5g0BG9bnDWoXZASMgBEwAkbACBgBI2AEjIARMAJGYMEiYMP6gm06E24E
jIARMAJGwAgYASNgBIyAETACs4GADeuzgaLzMAJGwAgYASNgBIyAETACRsAIGAEjsLgRsGF9cbev
a2cEjIARMAJGwAgYASNgBIyAETACAxCwYX0AQH5tBIyAETACRsAIGAEjYASMgBEwAkbACCQb1s0E
RsAIGAEjYASMgBEwAkbACBgBI7BSI2DD+krd/K68ETACRsAIGAEjYASMgBEwAkbACBiBoRCwYX0o
mBzJCBgBI2AEjIARMAJGwAgYASNgBBYrAjasL9aWdb2MgBEwAkbACBgBI2AEjIARMAJGwAjMHgI2
rM8els7JCBgBI2AEjIARMAJGwAgYASNgBBYgAjasL8BGM8lGwAgYASNgBIyAETACRsAIGAEjYATm
GQEb1ucZcBdnBIyAETACRsAIGAEjYASMgBEwApOFgA3rk9UepsYIGAEjYASMgBEwAkbACBgBI2AE
jMAkImDD+iS2imkyAkbACBgBI2AEjIARMAJGwAgYgXlDwIb1eYPaBRkBI2AEjIARMAJGwAgYASNg
BIyAEViwCNiwvmCbzoQbASNgBIyAETACRsAIGAEjYASMwGwgYMP6bKDoPIyAETACRsAIGAEjYASM
gBEwAkbACCxuBGxYX9zt69oZASNgBIyAETACRsAIGAEjYASMwAAEbFgfAJBfGwEjYASMgBEwAkbA
CBgBI2AEjIARMAJpURrWp6amek17vetdr3fvm4WDQGxDqF5R7RjpWFE0LJxWM6XjIhD5jDy6eO3K
K69MH/vYx9KSJUvS1ltvnW5wgxuMW6zTGQEjYARWOAIXX3xxOu+889KGG26YHvKQh6xweuaTgDj2
d43780lTV1l/+9vf0sc//vF0s5vdLG211VYT8/2JOIr+hYCnaB10nVTcB9G9EN/bsD691dS/rpey
TG2xejpAC+CJ2lCkrrDxMatopvI/wgqjQSD4ungRCHxGJbt4Dbn6wx/+cJnXPOEJT5iYec3ibRzX
zAgYgblE4MILL0xnn312ustd7pI222yzuSxq4vKOc52ucX9SCJ/U70/EUVgtBDxF66DrpOI+iG6/
n1wEFp1h/Ytf/GI65JBD0q1vfet0m9vcJr3+9a9PN7rRjSa3BUxZHwL/+Mc/ykTgzDPPTH/84x/L
OxS4u+yyS3rQgx7UF3cmP/hYDPo4XHPNNWnfffdNf/3rX9Pvfve79IpXvCI97GEPm0mxc562/ggO
quOcEzRLBSzWegEPfLbffvul3/zmN+kmN7lJ+te//pXe/e53p5ve9KaN6GHU2GmnndKtbnWr9LWv
fa0oAhojroCHw/SrFUDWCi0y8u5i6Y8rFFAXvugQ2H///cuYh1H9E5/4xEqj1GRe8fznPz/d4ha3
KHOMY489Nq2zzjoT3b4f/1j+/uy8U5ljf/WrX52I78+vf/3r9MIXvrDgyBjLN5TQ9R2daJAbiJtE
3BvIXBSPbFjvb8bPfe5zZY661lprpbXXXjsdfvjhlqv7IZroX8jVn/rUp9Lpp5+errjiikIrPP6i
F70obbLJJrNHO7byAU4XV199dSn3L3/5S/rtb3+bXv3qV6fNN9989miYi5yCgbbPsWSI+s4FObOW
Z1u9Zq2AFZcRcvUee+yRLr300rT66qunf/7zn+mDH/xgq1x9yimnpKc+9allXvOTn/wkTdQ3YKHz
2RywgeTqvv44B+U4SyOwUBHYc8890xFHHJE23XTTxBxuZVmEc9lll6Xtt9++6EiZY5x88snpdre7
3UQ34yR+f5Crn/3sZxcckav5hhK6vqMTDXIDcZOIewOZfrSAEJhow/r555+frrrqqqEMoA996EPL
RPgjH/lI2nXXXROTrkk0PC0g3ph3UjGkP/KRj0wXXXTRtDbfaKON0he+8IUZTwzgi6OOOirx4T3o
oIPSjW9849Z6oozAyw+vP8Ib3/jG9NznPrc1/op+8YMf/CDxkfjRj36Urn/966f11lsvPfjBD06s
dOID+eIXv7izviua/qbyaa8LLrggnXrqqemnP/1pWnPNNdMd73jH4uBAPRF+n/GMZ0zjl6a8JvWZ
+Ay+H2bc+tKXvpQe//jHT9z4Bp+95jWvSfRVDP8L2YiMk8N3vvOdtMoqq0xjGxQ2ONjg8NMV6HOn
fOSU9PVvfL0ooVFKk+7Pf/5z+v3vf59222234khBHuSJUxgT14gbae5973s3FnPBdy9Iv73st33x
myKS98Ybb5zWXXfdptdDPRvnWzxUxo5kBDIChx12WDr00EPTYx7zmPS+971vxt/5hQLqz372s7JC
n3GfcNZZZ6X73//+E00+49Q222wzUYZ15gbRQASeONdOiuF/Nhp0EnGfjXpNYh4TZVSZZYDOOeec
xJwzzjOaivjvf/9b5J+b3/zm6QMf+EBRsNGvcFj/8Y9/PFmGp6YK+FlB4PLLLy9y4K9+9atpbX63
u92tyFczVbhPXTuV3vLWtxTn4Ne97nWdcubf//73Mqf95S9/WehB8Y+BfxID/P69732v8D/yNXL1
ne50p2KowOGenXZe/vKXd9Z3EuvFZgHf+va30kknnVT0Bex+hr7g4Q9/ePr+97+f6PM77LDDNH6Z
yLq0EMUYd6973SvB95oPdBnMkXFw8GDe0BWvpbg5e4xczaIO+iq6zUHj9pwRMgsZIxN/4xvfaJWr
wX/Qt/eSSy4p/fErX/lK6Xc4esG3f/rTn4qjzkte8pI+uZqdsGo98m1ve9t0v/vdr7FG3/rWt8o4
Nghn5Gr4a/3112/MZ5iH555zbvr7P/4+sE0pa+nSpaVfDpOv4xgBEGBh4QEHHFD0haeddtpKI1cz
fjNeMu4TkANnc2FeyXSW/5vE749wVFWH+Y4q7kK5TiLuCwU709mMwMQa1pkU42UVjawaJKmKJj16
JqPnf/7znzKRRslmw3pzo0/qU4zCrN7CeIqi/Z73vGdCKYDwyhaxbQamUeoDX2255ZZlEj7Mal+E
mre97W3p7W9/+8Qa1q+99tr0lre8JaHQIKhvcK/+sRD7AqvOWMl44okn9tVpodcL+uvA6g1WLw4z
bmFEeO1rX1uELK6rrbZand0K+Y2RCEeOxWAcQ5GMty9BfYh79a1Pf/rT6YEPfCCPGgM8u/fee5d3
SsOPmBcK7vvc5z4lTjQMxThrrLFG+uY3v1m+ZSXi8v/oG494xCOKs0mMH8siqt696lWvGlt5Oe63
ONLreyPQhcAZZ5xRxnkUawtdedhVz6Z3f/jDH4p3/be//e0Ux4SmuJPwbBK/PxgBwZHxDoMHjraL
zbA+ibhPAj/OBQ2DlPtzUeZ85IlRU8YmzRU0R6D8+Ix7GT2Rq3/+858XBz0b1uejpWavDOayz3rW
s4pczY4ozDlx7ES3whaxbQamUSiAr1Bc4xw/jNMFYzTyKnob8dgo5c1HXORqVtMvW7asFKe+wQ/1
mYXYF5AdkG2OOeaYXn8XnqrXpBmXRd+oV5yYWbGIY/GgOsG3Bx54YLrlLW9Z9E+TIldj3LjrXe+6
KIxj733ve8vuk7SjeI179S2cB6ODJO9igGfRERKUhvuYF4Z7OafSpne/+92J0hcHufoXv/hF4Yny
cvl/9A3Ssmgj5hnLUnzev/nNb0777LOPHo10Ra5Gx1k7PKlclanfRx555Ngy/EiEOfKiQYAjI+kz
LFjba6+9+vrMoqlkS0WY47AAifEgjgkt0Vf440n8/iBXgyNjEDrqYb6jKxzIEQmYRNxHrIKjTxgC
E2tYZ4LDx4AVg8973vOKpzCrCFkRiWJAz5iIsS2FDOvgq7Qo2hhQMdRqcsJ7TVi4bwsxPnGGSdOW
12w/b6JNz7roVBzR0xVXcca9jlOWtoPFKPW4xz1u3KI700XeGMawTmYY0Z75zGf2eCzWbRgMY3zy
GyYN8YYJ5P2yl70sHXfccSVf7p/znOcUj10McqwEoB8MMqyPQ+M4aYapE3Hw0H3Sk55UVvGCF/0b
nmDFwOc///kiXFF+V73GpS+mG7etxsmDLRIxltJew/LmsHgq3ih0xbhK34UHK1Ae8IAHJM6nQ4FH
W40S6vK6yiLfpvh6NijtILpw5oHP+P6wqoPvzEtf+tKyqoN2ghfblO/siMFuGNDAdwpDIStCmMCx
NaF2wIhGNPidLbBRYPM9ozyFd7zjHWm77bbTz96VHTxQuiDc44Ak+siDsOqqqxalEt/M+H3sZTDk
jcbMcb7FQxYx69HEB8p4pvygfOprLIcy6t91fP2O8Xg2V/SpvJleI71dtMZ4c1mvpnL0bBLoGxVv
zX00JqguKwLDLvxGrZfix/rEOvG8rbw6TUynfJuu7PrxqEc9qoyJC2HFeqxnGxZN9ZyrZ5EelTEM
XXU6peG57pXfpF/bvu2TTvcg+ugbOD8yN9h9993LHI2tkjEoYWDVM7YNPeGEE/qMnkqLog0nyjXX
yHK1zslm/+8BW4ATVfGh83rDpBlUodl8X9OXv+fLq9ddt6Z0s0lXyKutj4UofbfE32vPvdKRRx1Z
dv164hOf2Pd+tn5E3mCeO0z/4Ugr6JFhPdZtqPFiDnHHqE5feOc731nGLozrzOU5qotvyo477lgU
zp2G9Zq+Ifm9D4ch0wzbjsgZ6NVYxQvGGOuQs5HVmHug56D8LiN0pI9yx2qrMesVyx6q3Ewf8hrG
UhzXkZeG4c1h8VQ80TXUmDYiX+DQxMKSpz3taUUWHUmuHrGsUp86zbDjoMDouCL7skp7lVVXSccf
f3zhQ2TlDTbYIF39n6vTE5/0xNZV2W9961uLEZt2p2/iuM6ucewksfPOOyf0D4RoRIPfWbCDTIxR
H75XOOH4E9JzdniOfvaufPt++MMfJpzR0cUcfNDB6U4b3Cn9+9//LnFueMMblh0g+WbOxNiNXI0z
EnI1egHaVd/i+973vr1n0ANWMymrV7kZ3ojPlc2wfVDxh72qnF5/CjzZWWaIR1mdcYclZi7jBXq7
aBUeIqUrruKMdQ30kL6Uk5+V0DW/a0q3PNmKvGgrfI0JEce5wrCvjOXfOZ7NRXlNZRW8abO29qrb
ashvscarufyOziav9GHDN2xFhzFx76tHbKuuNl7RdV3Jy594wzrbCsuzli2AWLWMIKBntdGT9pQh
AG9VztYgztlnn10m2JvnFVGcxYhBringxf2hD30ofeYzn+m9RhGBsRKv0ZkGJvbQwiRq7bXWLhNJ
BlyUFUwAUXggCHAeyLbbbjutuK9//evpwx/+cGK7IsJ6661XthdGmCUdRhYmajHQMTGyUi+lY+u3
bR6/TdruGdtN89qMaUe9B3uw4zw3PDGpp+rCStb6vHsmvKzEIR4rwz/60Y+mV77ylWVVOds3IbhC
P+eOEmcmgUk2XqLQwbZRTLLhgzhwgX8ddKb1G97whrK9zNFHH10mwJyL+oIXvKAIqnUafs8H7vAD
9SGgCMNDLwb4gtVbbQbocfidM/rABEGc9sOTDcEVJQmreGdjAiHMqQu8RB+MgRWOnP3Cll4YIeO2
3KPyoPJFgIX/qBf5oVyhPtTrzne+s6KVK7yplfTUF88+FC8IX3iJcpYhfZptyvbdZ9903/vdt5ce
vmAcYEt3FFIIave4xz2KNyBjG8JVbViHd9///veX/CmPvk7e0NaEN4ZhDLX0N7yz2f3j1FNOTWd8
6oySFq9wPFhRoNSBvNkehz/o4DcBo/8uu+xSMI9p1H/YMpEt2Tgnma374/aS0FiPS8pjHB4cZxxU
eaNeZfTC0I7HZleQcwFxmozZKBa0QgiBGSexGOA5HBPgaa7wEkoHeKVpbKJtaBe+dWCC4o9Am4C5
vplNtMRyu+71PR3lWwyf4JDAOAt/E6CVYxvYZpIxn22v9T3gHecbwvtf/vKXe98NHBjY8o/jIKCD
tGynX/dH0U8+fO/5RuKIR2CcfvrTn162r1Z5ij/Klb7N6i/KoD/+95r/lm3+GZ9Q8lA3HJzYco3w
rne9q/SHWAZjJfWmX7HlJnnRTzgPjL94NAnGizPPPLOHEeWzwgzFKOXzPafdwZd8mAtstdVWsbiR
7lEYI4CCEWWh9GH8Q3FFWfAktD7+cY9Pu+62a48uCqEPgzvHJzCOEvjmcHQK9DaNUaxuY34mvo5l
lgxa/hun78/1tzjyxlX/uCpt/8zty/eDMQPlHOUzf+RbrD4aq6cxBt7BSYazwWlTtp1la0u2tVOA
h3C+oS3AlXj0C/oPY+y5555bFIPidXgK/tdvvt98n+AtvlHkw/eBbynzagwd9bZ59feH3xxT0fb9
Ea3Um/7Lt5I+T+Bbx5wF3mWVPt+hO9zhDkpS6sO357w8P6OtqR+h7fvTS7j8hm/qXBjWOT6I+QH8
ylyU+Qernug3zAfAkXkQf3GuCgakIz19lTko7cH3m7kG836wIV9kE8Z9hVFwZ5tV5k3qT6S9/e1v
X+aErBBlPIZf1Bd5T/tBBwGcx8GdcZn5GMdwiZ/gn8c+9rHpm9/4Zrry71cWpy/4r/4mQANOY/om
IBvpe8G7pzzlKY1zFOEzV9e5ML7MFa2j5CsDKKv4+JbBC8xJ2M6W75eewUfwhoyelKG09FvGD+Iw
5iMDMMYzTjXNJzFO/+rCXxX55JOf/GSPXL7jzJkHzal6CTpu+EZBC32QcYz+Rd3oc4yV+kYyzsBT
MdA/6cOMUYw3BOZcm2ddAfnSL3BurOevpOM7jtyldJRP/myjjew6W4E+BuZ8HxhzKIe6YGxjjqSx
XeXRJjoSjF2tmA8xB2TcZaxi7IZ+xoc4Vin9KFf66ZVXXlnmZXzTGdPhA/JX0Jik31wZL2gneAwe
YFc45BbmDXwTGD+awnzgznwb/oSHkGXoCzEwd2PuTj2nORKMye9898EE/Qntx9wZuReMkNc0bkc6
Rr3nW8M8gYBjLnWMAXmDuqKzQZ6L46B4kDjM8cSD5IfeoeZB5cu37aQPnpTOPOvMkh8yDjIi4z4y
RQzwpnR71Be5GiMq8yt4mLagT6MPwrDZt2tYxv2HP/phmTeQD/SgL+SPXQrhrdqwDu8yZyd/ygN3
8tb4EWnjnrESDJlTsWAHeZfxhbGQtBwdyFyuqe9fc/U16ezPnl2++fAX8QmPfvSjywIIyo1B/Yc5
NTIjczRkB3BXgOZ6XNI79G8nnnBiOv2Tp+tRae+uMZe5GkcxMa4RhhkHe5mPeCOj13e/+91pcnCd
lZwLeN5kYEbuhlYCOk4M0zHAc1tssUXhDcZMeAlnBcb3prGJMZ95HH0Q/tWcnTYBc+Qd5K0mWmK5
Xff0J+ZJzO3hoZgvfUPP0OOgC6Ys5od8b5jDq7/BRztmRx/kXMYivrGSI3nHbiXwPnM7xnqOUqSP
0//Biu86uzTAyxttmPtjgw0KPKAD3kBGJzBOMwfmeydauurb9o6+9573vKd8ZymHPgkf0qfoS9SN
xQrIoAT0YMw3YmBOwhyUfgU/UW/6CUcS8ic8SMMYwLdUz2gH5kPIzpT9/ve9P13xx+vwJR/4qkkX
H8vvukdupj6UR1nIgIzn6DTAEz0QtKL747jOiCV9GNyRy6GbwNjCginohWfqAG/AI5pHxzLruPH3
WH0/j7lf/dp1cyeNGdTlyU9+ctoxt1vTOBjLHHQfeYNdcXCgoS8jN2HgpT8yd2Cupj4a89QY89nP
frbIJsw1aFP6Pke4IIsqwEPHH398aQtwJR79AmczxljGXtpMfEM7Mc9Te/H95vtE/+MbBQ7IrHxL
KRcep+1jGPX7o7TUm/7LAiacgAjsRMR3mDGL+eh+++2X1l133fKO/0b9/vQSLr/ReDXbhvU4Rwd3
vk+MufQbZGXGLPoLY2Wcq4IB+iP0fLQBc1Dag/k/ug3GT7ChH9CvGPcVRsEduZqxR/0JvgBXeBxd
DH0NutUXeY8sBR2EcXEHb+b7yGTiJ+ZrHMNHX6W+Bx98cKn7ON+EmfZNYelrAwK5E05N4l/+eE/l
SfdUVjJN5Q9FoTF/XJDUprJw2HuWGb48y0Jjrx5566ep/KEsz4mfGb73x+/M8FP5g9WLr/qTB++b
0vAsezBOZcFxWjqlH+aaJ0eFFvLLE5MeHdlY20djFjym8kDdV1b27JxGG3UTzTE/0ZI75FR2CuhM
l4W5vnKUdtRr7uxTecBpLQv6iBPz5bfob7vmlRFTeeLcly7mMcx9HoAGlkP5WRE+rZzs6dqXVvwk
erNCYFqa+cAdXsyTq0JbnpT1+kSNR17JOpWFgKk8ue6jcxx+z4rRHhbCIfJgnoBOZeGzr5yankG/
s3J2KgtGpZy8Ar8xryzYTGWlxtSDH/TgKfq78hyHB8Exn2HWWa/stdyHL+Wo/vABvJ0nwGXM4nd8
F/sytOaztaeVJV5SXvX4lIWFXp7CO+ar+uuaJ3IlfsxXNCk9NGfjXQ87pc3OItPoU5pspJ/KSqVe
mmw0mspGjF78WF68n80xd5xxUHUb55q3niv1y5P5Xr3b8skKwRI3TwKnwKaOB69tu822U1kp04ej
4mXht6TnGweP8w0Ex7ay9a2jLYlPPlm4Lt+4PLmeyoJz4QO+XSpj1Os432LSiGfEB/zOSsNCR82f
epcF/lJfpdGV9zE/xoX6+5gVgT28FF9X8gGjrPQdGwfmH5EG8qx/189oA+GttlIc0aY84BnGPsWv
MSJdNqyXeoMv4x/P9Kd3Sj/KFb7Miqe++sAz2VGv5C9aVVYWXHp0MjbpueKpHRykCAAAJi5JREFU
TjzPCtBe3EhTVpCU8mLcOI+LcXU/Tt+fj29xNsz0YSc8uMb6wYNZIJ6Gh8YYpROO+p2N5b002fGk
L0/iMJ4wR1I7Kh3XLIz25k/0Eb1TGbrynPvsQNgrS7hn5W55F+NmYXdaH1R8rvBoVro3lhdpiGMb
9Hd9f9rGzVhuFrTL/J/+UX9HY7xR7zVHF+3xCi76nZX4U9n41cMwOzeVvqo4XLOwPJUF/ZImYlrT
PAruUbaAFvLVmNDEM7zXeDwu7tCnOb/KJF9hwVV1Aof6XaShHu/iu1Hbaqbxs9JmUYasjJnKivyp
bDiaykarUsesxCrtlRU2vWdZOVjaKiu0ezhkY9VU3rq217a0j/5o52ykLTzfS5BvshJ0Cr4UPyg+
V55xzcdYlXgx3aj3yGjKMyuMenTU35hs+JrKSrX/ZX/t1FTe0adHS00fNMb8lDAbI6ay01hrOvLh
GzkbIRvIp7LjQ2tZ0EecGLJCscQX7k1XxlL6/UxCNtoPLAcsmCPUIRu3+tIKe/FFNrDWSabmA3f6
BXIsdGQFaa9P9BGT+Ya5SDa6TOXj4nqvxuL3nFc29PSwEA66Qgff0az475Uzzk1W+E7lHcVKOehD
mkJ2wCr8ng0ABWvFGcSDjPE1D4IFc0jxnurDVc/gH41DlEUeikcc8s2GpzJm8Tu+y4bmXl+GL7Ly
vJdvjKeyyIvvQgzoKhSXK3FjvjEu99k40htnlG+dnnKQ/eqQjTzT6FOZyNV8HxWygXFq66237sVX
WfU1G22m1Yk8usZc8mBeT/vEoL4c6yP6SNOEX0w/6n1epV3qh1w1KGQjUYkLX4JNHahLNvCWeXDE
UfGYp1CHbHiaysaQHj+1lQ0/8a2jzvQJAnIEePO9ZH4HNuA4bsiGwkIH80D1AfQxolPPssG4PKNN
SRPbhLj8zgblQkbNn3rH95649R/vY37oubIhqK9K4MmcQWUpjdKBEbLHuIE6Ky/RpzL0W2XrN22g
oLZSHKVVnvAMY59CjRHpsBcwLwBfvqcqJ75T+lGu8CW6HNFCfvBMdtTrw1PloVdUYGzS87pOPGfe
0hSy41MpT2mIC+90hXH6PrhnI2hfPWKZlIt8MZOALitiJzy4xufwYDZ6TytKY4zS1fTlBYe9NNnJ
pi9P0miOpHZUPipf8ydkXb1TGbrqOfJNHWhjxeNK3K7vD+nh0ews01ieyuJaj22jfH9qOvmtfjbb
3wHN0SPt3AsXPc+OlkUHL9rUV4Ub8bIzzlR29unjSZ7XNI+Ce5QtRIvGC81X9Jwr9Gg8htZxcEdv
oTm/8oz15JnqNO43QTj6OvsI4N1SJmaTdmVQgHn4KEmBHp/VxnYMfqpDrcB+05veVAQ7BDXy5I8P
m+JzzZ5jvXd0zOx9VQx2DNZR0Ucni+lGvWcSkT1eizIKJasUf9krpghXehcdCiiDeMSHduqKAp7J
Owqz7LFVnsf8RJc+LHTKfF5YEVz4CKDMVDryBFulGeca6aMsJi88Y8KVvcB6H6yaRvAAX4QiGYlJ
z0SaZ9lDc2rfffftM56OQ9+yg5dNG6gpp/4bZFhHMAU7cM9ekwV3jIa10Xo+cIfPZXhj8j0KLuPw
+9lnnd3rI9m7ukyaqDdKnEMOOaTXxrHPjkKT4kZDDTjreX3NK0VLX9BYMC4PMj5oXKDf0fcRJrhm
r7Teu2j0oe9lL8heX1Z6+AnhLa9Qm2Kyyu8999izKLCYhOWVvCU/nmNERLmUV7aWj6TyqPuI6g3f
UWcmIsStxwjF44qRFRqk9KY8+j8CZuyPTU4he++1d6E7byFZ+JxJCEpCPuSUSz4qCxzyqopeP1Id
KC/+wS+0j9JxHYcHYxuPMg7Gcke9l9ErGoCa8qA/yiGk/r7E+Iy1eZVEzxAe30mBwHueyyEIASbG
072+dfAMBjsEkezlWNoJelEGwGMzNSjTrrFfD/Mtpv/g8COe4Numvgp/RuVP3nJzCoMY7YsjkNJw
he8QSugnGIr0ju9CjQPvEIb4/sC3lJM9Vwsv8o7+QDlKN+qV7wOGM/KCp/MKy6m8w0qPprz6pPQZ
1Tv2L9qKby705fNFS1+Exux13EsfDdZgQV9VfenvTORFM04T6t/QBN56N86VcTyv+pvKqwR6ZVI2
/RhlAO2H0Af9cb4gpx/aCdzhQRQfeQVjyQfezCtOptEGb6JQpky+H5QVx9i6DuP2/fn4FkMrvKG2
Em6MHdmbeApHEHDkOUpUxuFYP40xvGc+hEMGxi0c4ngGP/H9IE32GC/f3rtsdF1fAF8M+8oPHoFX
SEebgLHS6lvHe9qb5/SRvM1mb7xua4P6+8P3S/1ZZevK8+zpX2ig3hgq4G3ofP3rX9/DgndxXIUe
nJN4zpXvP32EtNSTOsXvj8qL17kyrIM7Ywk06A868zbBpY1RXvKbd3lHjT4nGRRmfLs1dig97cN3
kH7DPcJ0PT4NizvpIn18M+QEx3caYT97vBf68gq4KeaMKmsc3Jkjaf5Jvfl28Q3COQx+FhbUi75L
G8VvAu/rbwLjPNjwjvFe9MX2nY/72Re1JyNHxmWwxYguAzPPwDwa1hWPsUMhGtbJgzkOfVPfV54x
1sXAHFTtydw3r7oqCjrGnDguwwczCfA3YwT9JxrC84qXqfPOO6/3LjoUUB58D39CO+MtCngMNyhZ
84rkQnvMjzQoWZl7qF6MnXzbUXDxXVQ68kS+nUkQfSpLTvA8BzPK4F1NI3ig0DvggAN6RmLiHrLs
kPIM2RrDMMrSmQTmMeQrOkSnnnHFsWuQYR0nYbADdxSo5IOjRm20ng/c4XMMSdDON32UMA6/802k
vqoz4zT1ZuzDyU3YIleqz45Ck+LSV1UOOLcFxnD6vQx7jLf0EdJCC/IEz2oeJA7PFXDKUXkYD+n7
OPZwxWFB76LBgb7H3Ed9WXEolzkQ8+3DDjus0MGcir7IH3oi0Ucf51vLdzUayWr6RCd8R50xSJFH
NHQqjq4YWaFBSm/oov/zfYv9sckphHk18flOgj+OEsxvRCP5KIAD32ri8xdx0DOuTc5M4kHS1GNu
VPIzlijENqbtNQ4yR9R41oaf8hj1qvEf/LsCY5QcQurvS0zHWJtXMPYM4fEdczTw4D2BcYvfeTeE
GK13H41I6ICRVdD3kAZ682rCwmMzNSiTX+zX1EHP1P/0TN9i+k9e0V7iEZe+orjwJzpqnvOXd2GZ
YjyjfeWUrHfwHfNO+gmGIvEZjtAKwoE0yH30ffgW5wQWkigN/YFyxg18H+K4zzwROUS05l1ZSp9R
vWP/gkZ4FPqQt+mL0BgXAUWDNVjQV5U3/Z3vtwJOE+rf0ATeMwmM43n1bZ+egLLBjjkU7Zd3Cyj0
x/kC4zVxaCdwhwfR++eV1oV2+iO2kTrAm8x5KJPvB2V1GdbH7fvS00AjzpFNcyDKjnWqaR3md9QH
CzfGjrw6fEp6fZ4jV9P2MWiM4T1jH/Na5JO8E1zBBX7i+0HIq+OLjCQnEvBFl6FA/eAV8uIdGCst
7chzHOBob57TR5Bh1Efa2mCU7w/5Rh0yzkR8Q6Dz8MMP75UFLfW4Osr3R3WOV40Fs/0dAHfGEmjW
H5gxRtPGLAwVhnmngT4nGXQdfLs1dig9fQY9KP2Ge9q7Hp+GxZ10kT6+GXLe4juNjJ13TCi0851i
zhjLGhV35AjxIPWGx/kGoTOCh4VFbIdxvgmxbX0/uwhMrGEdwZAPCKtEGPj5oyPQcVDwS6GHwhZF
JJMOxWMA1Ip1PqB6zlUK3Kici/GZ9Mb4utdKxJkq5smPjyP0oSjkQ6Ay4rvaaCbhizQX5g8uQo3S
kR+rRlHC0uH1PH6QahxUlgxBKOFinspj2KtwZXU57VSnwzNMA0LEPsZjFQ/tG40R8f1M75mEoNBB
GQiOfIx4Bq/pr6kMTVTrFYXwHvnwx+RBaecLd3hHhpWonBYdbddx+J3+JqVs3iKrj89Ujgy+tOGo
hn7lwVX9HIcF2iu+67ofhwfhAX2MMSTXfYDfGMaJU7cztKgv8x7+ZnITaUQZr98I5CoLQ6Kec8Wx
BqOcyqnHhRhXZdZjRIzDveKRJwJpfC/BEs/Hus7E4xl9grEGWmh/hFLyigbWmCfCi96rP+kq5yjF
H4cHSTvOOKgyx73K6DWoj+GwJEMDk6tRy4PX6c+Rzxg3xRPwap1nxBH+0xhLmkH01nm1/aYNx/0W
i37oQXEdy2CcF7/oe877OH7CnwiUSgdfxt0l5DCgbwfYyZikNHWeGKvju1HvxQ+qj9ot7uYgepqM
lNSBOtG3+OO3HCqa4qs8+h1tIXr1LZvNtiZv0U6+zClQAqpMrpGG+Jx60AdQNuFwhYDJN3MY+tTm
TfVXGeP0feULDXM9B4JOzRPphyh3RTtXxkeEIWihTeM7tXE9/8Tjn/hNY67mJXG8IE/aIR8rUNJh
SFc59DGeQxs4E0/vuEeI5R2OHnredOWbxvy1y7DOKjPoJr9Ig/IDG97x1zROQQ98Rv+ovz8I0fX3
RPlyhe+gD6y7vqMxzbD31F1zZhxr6r4hZR71QqkZ86VOamfes+I1jm1ddSKfYXCPZdTzA9ofxQ9l
5/NF+2gTnaPgHo3gNa+Tn5w46nbQ/A466nmivgm0cfwmiL75us6umD05uaEIQv5ijFdoMqzDiyhx
UB4qoCxiFR/thjI4BhkAo3FI8RkHmJvXASUhxjHeNym+6viDfqOggz4UafBJDHpXG9ZRzFE+aVCE
Tl37v1SkYdUoq5IxCCowpmhsq3EgDulkCNpj9z16ylelH+WKExJlYTRoUlDzjPbgD+V2U9AKtmiM
aIo37jOMvRgyUAaCI2Maz+A1/TXljdKTuiFXxhWFjPuMGeTFvcJ84c4YiGEFTBmrhg3j8Ds4SSmL
c0HkM5Urgy9YjWroVx5c4RXyYNWtVuHG9233Ms6g22niQfQgYEXe4kF4gN/8yQAe86fvyzBDW8d2
Jh78oN0xyBtH4xjoYwoY4VQW39wYcKzBKMd7yqnHhRhXZXYZ1omveOTJnCkGfb8wflDHaSE/ok8w
1kALBlHkCPKKBtaYTmMU79WfdK0dLWT8IL+mMZd8JWtEY6j0IGBUj4PUl3GQMbqJPyOto9zL6DWo
j0VDA/P5UQO8Tl0jn8Gz4gl4tQ4RR/hP/E2aQfTWebX9pg3Z0QG9mYL6KG0tY3nTt1j0Qw+GwhiO
O/a4Urd81GcvD95fmOfSxOcP/sQAqwCvMi/QezkMsAKUZ2AnY5LScI15Il/NJIgfVB+1W9zNQfQ0
GSmpA3XiW8Qfv3Ekg/6m+NLrqV+JdsqVYWu22pq8RTv00JfQ+cUAPzQF6kEf4LuEwxXfGVbhk88g
+tQ+TfVXWeP0feULDU1zIMYMzYEwRFKHmQSNWfRDDKkxMD4yV4AWeCgG8VQ9FuK8RvymMReHI97F
8YI8qUPe3r68i3jG58hEdV3R+0I3DqhdQd+Vru8P+i5o4y/SoHxxptBY1cgbY3x/lLfGRHDp+o4q
/ijXyC84i9V9A/ue6o3jWB3UzsTJxyT0jW31N7JOOwzupNF4UbcP7a0dBFrHwBFwl16HutS8Dh1y
WKzbYZxvAvk5zD4CE3vGemaqaSF/7FMerMs5YXky0nfeQoycP67lDJY8WS9nk2ShtPc6e8OW9FlR
Wc434RwM5UukrHgs7//z7+vOP+LZKquuUs595dzLrMQs5w/FM52JM0qI9GWhYNr50JwfwxmynJ+h
MyU4a4Lzm/IHrZyZnDtyykaYcu5D7mDlnETODYnnjOQPeTlfBtry6tly3klWHPRIpV6UwVkWEY9e
hCFvMlumPLCVMy0484HzZptC9o5M2eO8tSzRm5W+5WzWpjxm+qwL+7a8RVcWmsqZQoqXB9SUvanK
GeBZOVzOOOGd4nM/l7hHvo3l0x7Zi62cTwYNCvkDU842y8a40o94Piy/w4dZAZCyMaecIcOZJ3Wg
XM5cykrWlCfp5TwoysxKvJQnhHX0vt9ZUC7nw2TDZK8/ZsN6qUfsv32Jwo9xeTALMr0z6PNkq5yp
E7Itt1nQLGflUPc8iexhx0vxU/bsLme1ZWNDnbz3O390U1aslzNUs5KrnMHTe5lvaBfOCxo0xqjM
eoyIeXGveE3jIPXm/L6mfp8/0OWM36zMqLMsv7PCvm9sUiTxY9t7xeOquNwPy4OMueOMg5Qxk5A9
DgsesY8pvyz8lnb7v5v9X/lOMHbDC1kBNvLZoZwDlSdtpY/mSbiKKGdokmf2ii3nEvZe5Bu1cRZ6
y3lknFWbJ/LlTF/OWuZ8wbkIaj/4p+tbTNnCLxtZy9lmnFdFn+J3VhqU87I4H0pBedMPmvpkFkDL
+ZtZyOhhojLIg7NS4/ebM+NIw7eJ8mb6fVFZ4ge1Af1M33N9A+qyGJezsrx8c1XfeK3j845vPmcs
ErKStcwDuM/e0OWcsGH6G/GHDaKdMwazkJmWLFnSmZT6Z+Vg+dYxRjYFYdX0jmdq86b6K804fV91
IY+5/BaLRvGGvn96rit9Mxt3ytwtK5DKXI53SlePG1mZUs4XI454i3uC+I6xgfNGOeOYwLmJjENN
3xHGFc4sJXBW1/3ue7+05pI1yzzyjvnsxaygKOe6lwgt/2UBu5xhznyT75jmqDE6fJMdXss8lvll
0zmWWYAsZ2/zPu9E0UvO9yc71JYz6XoPww3f2LZyiSb66OvZGaNvfh2yGetWeWdlTuH5bAyZlk92
WkvZqFzOtsyr63r4MEfJK0jLtyQ7YKS8gqj3blomDQ9UdhfuJMuG0vINyQqWMn4KW/FFdpZJ2WDa
4z0VNQruzH2Z5zP2c2VsrQPfRngtK3jKOZJZQVqiRBzyUT7pE6d/opxhmJWhZU6SDeqJb2H8JtR5
z/XveLbwXJe1ovNnLsi8m/GAM/2a+jM0wn/MGbPDZiJNnJfznc4G0pJHVnyVua3yJW1WSJZ3jFkK
nFkIH2YFYRl3soK370xnxRv2Gumr89K7u971rkVOVR2zwrqc75uNtqU/ZINDGf+gjXPIs/NMIk2U
qxnbmKfRv+jfjJn0BwXSHnnEkem888/rw0Pvh72S5y4775JOOPGExJiSlcuNSZkXcuYq7SfsY0To
5ZuTlb4lXnw3W/fCF96osW8rQ3ShV8lORr1ojBucX5lXCZWzQpmHEOYLd/Et7Yu+SOUzbvF9hr4Y
kHHzTj7l7GH6EWFYfocPs6NWmePRF9Dx1IFy+eYxl8mOK+W8UMpEn5KNQHX0vt/0N85AhocZ3/l2
cOYrc4bYf/sShR+Uzbm22Rm18CDzlKaQHcWLvJ8NFWUMgQc4vxbdVHY+K3OROh3jPdjS97LTYRlb
FAe6kQ84551zVOHftsCchnNw6ZPco9OLITvalTpDS17Z1TrGqEy+l9lBrnUcVLzs6FYwjTiSP1gL
h0gL3+XseF9klkif7qG/qVy1W9t7peequNy38SDzTsaCiAdz67zqt8zD+U4PMw5SxkxCdtwqdDA/
UB9TfvSxbFwp54YjL4oXsmF94HnsykPXvCNWOY+aPpoNNOVcZt4tXbq08Fd2MkzP2eE5il6uamNk
r0MPPbTQQT60T3YW78ljfYlm4YfaD/5B1tN3qinrvBAkHX7E4UV/xdgBTvQp+Fc6n4ir8m7rk8jI
2WBb5mt5IUbRbaqNKJ9vC7goMD6SBp0u5fEd5zs0blBZ4ge1Af1M/RYdWnYOnVYW4/KyZcsSODSF
JtqQOTk/nXDOZ89Jj9jiEeUePS9z2mH6W0kw5H+inTkUvDTIhkD9wRw5gTGyKQirpnc8U5s31V9p
xun7qgt5MAdirjRtDpT5gfZoGgtV9rBX8Ya+f3U6dM7Z+SdlB5rEGCFZQ+nqcQMZIztfl2zEW8oT
3JFLLvjeBSlvt190LLxjLsA4xHyvnuPwfdxpp51KFsxdHvjAB5b2ZS4ITWuvvXaRhVVG01X83vX9
0beO7zjf1Sa5Gr1Q3sEl5QUmvTpS3rjfH9Eq+mJ/1LuZXpU333v6MmN1HZAxsyNS+TYxZ4xjo9o5
O/GVeUp8V+dT/1bZXbiTRt927pk/Zecbbst4SXvXvFde5v9GwZ35Vl7kWmwJzPfRFdaBfgavIXPl
Vew9XifeqN+EOm//niUE8DxZKH/5I1K8VrIyv3M1g1bxZcXitBUrWkEXV3Mo3wxp8fbJE4bWa56U
TMtzVPy66NO7SJ/yx7Mx0ga98S9PovpWEkfPl5iu6X7QeZmioekaV2qyUqkpDs/yx73Qi3dP02oU
0ZuV6615tOU97HPh28QbbXl00aUVSNlw0KNZ8Yfhp5ngrrpQTiyf9ohtHHmEFXDj8HtcLZgneb26
RszwqGQ7ScpjaxzeQcu6eRVupKHtHu9d0qgsPFXrLXNjefF+XB7MH+hCW1N/U/6xDniQ6TlXtUHT
cQAxHvd4CVN3tuSq38W8BvGmyuyieVB+4oF6LD3vc+f12goeysJn2WaP1fT8hv46jerSlqfex6vi
kl/k1ab7eswddRyM5Y5z39THlY94Fd6NPJgnwI1trHT1Nfadtv7Byil2IYhpxQvwH16evMOrHxzx
JI5xZ/Ne7dfGC7Es6FGdWH3DO45J4FkTDyvvuP11zI97tYm+Fepbw/CTxpk6z2F/q2yNuWqD2G/1
DRB95M1qPuFA+7DiNysti2c3v3kX40d6tBKaVU1ZiVHmIJRHmq5vbsxj2HvRzuqbQWki31KHrGQs
Z1ztsMMOxeNb9RVWbfmpzdvqr3Sj9n3VBTqgr+tvJt9i0SfeyMJhI3bqC5FXSKt0NU5NvKWyuGp3
AfLLwn5Z1aAjdZraLysKp7LSoIeD2kdX8Bk0dmlFOPzbNI+DLraYJM+2uV6sQ7yHlyMtfH922223
siMTtPFu0Gpm0Vd/N2I5494rb1ar18f/KE94VHSy2kjP6Su0M/Vo4w/Fbbqq7C7cSUebaB7GakE9
Y/tdym7aQWBU3GNdNNdrorntGfM6MIIevgnkp7OuB9WvLc/ZfJ4VHCtNyIqf0hbwTDZotNZbK3JZ
HQTWMWRjZMkjrghXvmpn2rrtLytmp+UZ8x/mvos+vYv0KU/4r6YLmvXHUUdxpaZWWg9Tr2lnuqvQ
Ia6Uyco5aOPYl7bw3ve8t9DKHKip/aCXPJC/5yoI3ybeaCuzla68uocVSNDMvEBhvnBXXeryaQ+e
6U/8we+s5CzbzMZnitd0Fb9rNXIXblmR2juSTFths4KRVbgqr+uqc6CZHxAPuRoZfpgQVwt38uDy
7aeZz8KDmpdk41QjT1J2rEN9Pm521Cgr1lldH48DaKJZ28AjUzQF5cV8oB63YnzF66KZ+IrXlJ/G
wWxM6qt3XGkIP2yxxRblqENW0/ObdqnTiLa2PPU+XhWX/Jr4Lj6reW7UcTCWO869VhnGPq58xKvw
buRBtuQdJcS+09ZHspGqb8cM8lcbw3/Z8FiKZO4MfnFb8VFoGSau2q+NF2Ie0KM6ITcQOCaBZ008
rLzj9tcxP+7VJvpWqG8Nw08aZ+o8h/2tssUPaoPYz7JzVamf6CNvttuO9PGNR2ZAVlbfivEjPVoJ
zRFn2UmgjA+UR35d413MY9h70T7MzjGRb6kDcjU7XCE/0G+hjz9h1UaD2ryt/ko3at9XXSLucWyJ
9zOZA4k+8Qbyc1NQX4i8Qjylq3Fq4q2Yb3ZiK/iSHzta0B4cZ0Z9m9qPXQ7i0R2qv9qJK3l2BdHU
1HeVTrjrO6vng64z+f4ob9FXY6z3M7kq767vvdqEsTE7FvYVp3Zu44++yNUPld2FO0lin8xG/pIL
z7IDW+GLpj42Du6qi+Z6FbmdP9UP4Ldhvgmdmfnl2AhM7FbwTUoSBkcYZpAyv0sZ2ZSHjCPkzVZS
nKVz1llnNf4xqUIJ1ETfsM+66ONDiJK0yeCQV4OVrSc5EyeviJrKnpTlvDQEf2jnLyqmpdwkPwyq
bXXiedP2ucPWBzykyNPZwE1pRQ/tFxWOiisleKyD3s3WtQv7tjK66GpSiKuec407ddHW09ljq8eT
tAcfYLYl5cr5PfAGhiq2Ex2H3xHEZSDnDLQ2rGTgUhsyKeE8T000uq7QS76xrCbjQFPZ4/Kgzs2i
biium/KOOI9q+Ij5yTgmZXd8x70Ms/ANGNTv9Vs83DRGKA5XxWvKr2kcJI3aj0lk9srrowHlEXzU
Nv4qz0F0Uc44PKi6jToOKt2416Y+rrxUZ/g98uAwGCgPrjK4gS9pMS7EP57zx1gd07W1cfb8nGaE
j+lmeq96t/FCnb94n/go3DWWNBmYlHf2Di5G5DovcM67HPR978S3HIlCnm3fOrbl6upbdVlNv2t+
aGqD+ptBHI3VONbURjkpBzRu1uVG/qAO2oaZMb3NuFnnMezvmvaudGoreJN5CUZ/xY/tVI+biqOr
8mmrv+KN2vfn61ss+sQbGAH0LF417tVjstLVODXxVsyP99qanC1b4X3aou0YFdqHMwQph28rc0j+
UETxbSYtgnNXHxnGwCtjz6DxAR5RfbhHYQANjIH194dt7ng3CYZ1FF1tc2aOrxKdcZ5L/WhncK7b
WRh0XYfBXenziphCAw4A9BmUhGpbZAzF4zoO7qRhzKUug/psLEv3pI/fhLwaoHwTyK/pm6B083Ud
W6JegAllAJ+JYb0pDxkNadO88qqcncz41/RHXJRUMwkyiNYGI/LEIZFxrcmwjlKUuTdnMrKVNY4n
jIk6+gr6o9LsQx/6UOlLlMOcuKk+eta0fe6wdcRAmVc/lT6ms4Gb0ooe2q9WOBK/1YDdlNmYz7qw
b8uyla7MBigXwZ15gYLqOde4UxdtBYyspgB/okdhW1KueVeYwgc4LLE1+Tj8zjiIgZy60ofaggxc
4sO8ymoqr5Iq6Ujb9Qe9BMZOGeNxKB8mRGUy8nlbkNODlN7oCPjeUB54NgUU2sI5tjNxpeweRokv
45iU3XVZMswOyktlDlKwK15TfjJk1YZRtZ/O4I00Mo8AqzqN4ijPQXQRXwZp8ht1zGUcxDm7bRwk
T/GfaJvJVQaEuu3JU3WmvMiDw2AQaZKhgf5BWsb/+Eed+GO8jqGtjZHb2Dp4roLq3cYLdbnifeLz
jVP/bjIwKW+2EceIXAdwro1E4luOAiBPfdfqK8cxML7MJNT80NQGMiyKD4mjMQTHmtoJB5m0i2/F
H8ShDpIXcT5oclKbSf1q2rvyUltBF/0xtldsp6a+E/NVPsIrvov3o/Z9jfeMgXM5BxKN4g2OnGoK
GvfqMVnpapyaeCvmy3ttZY+uRfoXDL9gVYdrrr6m6GEo59hjji1zSOaReRe58m2mHWva6jxEU9cY
Jx4aOD5UU2n143G+P6JT9A2qh+KPclXeOP1dcvEljUnlsE7d63luWzs3ZlQ9VNlduCuJdODig7zr
RRlfwATdSh3GwV1pBvXZqaqNVfYo3wSl8XV2EViQhvVBRosuZSQDH4NczINBGUWnPmJtyhuMhLVC
vC1u1/Mu+vDIrOkjLw3snEvVlLeUVFHJpXMpqBtCX1M6BDuUCm1GxaY0Tc+kGGZVJTjVcchfCuC2
89xHUejX+Q/7Oxovafc6HYNjvSq0iy7VOypK5xN3zo6BX/hrU0jmLVnL+7wNcanvOPwOz95lo7uU
fKIRP+KnVUjQMpNzjKW0JR94F6+vWI7umQhzVrlW6qotRuFB7WBBWXjZK+941QedOLVTQVdfjnlw
Lz6iThg+6/fURXXuMmyozDiG1XnxW/Eor86vaRxU34AGhPI6TyaKvGsrV3lqVW1MT5syLnDl+Tg8
SLpxxsFIxzj34qvYx5WP6qxxV4IZODEJVrx4zdtzFS/ryANazZy3dG5Mo8kSY2fMq6uNY7zZvle9
23ihLk/tBi76azMKK2/iNY0jGJaVB0InZWkcxLBej9+iBd5DkI7GX70b5VrzQ1MbqK+LL2KdMGzG
8jCMa5Wx4sf3ut97r7179Vb928Z8pRnnWtPelYfiMuZGIyJpEOrlQNHUd2K+wqer/uKhSZ0DUR/x
BvXWd0n1pJ1R6tF2rBqPfKh0NU5NvKX8dJXBQTzBtckhDf6nHIzCtdGavPT9Rkisvxcqi+swBl7R
hEKziUehhbNFESJ1TjlGKJxPSFN/f4iv78+gFc2ib1A9Yp2GvVfeYMxZbrVTC4K2eJ4xO+ZLHRi/
qV/dzjFe273KHlR/0jMG4phEWbQFu3RAc00TccfBnbpI5shbyxfjfU032GDAydvfl7lI/V78FvkW
Q2KNaZ1uPn7Prpg92bnJKN5kdI6UdxlPm/Jg7KIPit9jXr37rBzCSFgrxHvvR7jpok87MtR1ZJyD
/3B2mxYybRhWoT8quZQXBl7q2BRQfmPQazMqNqWZ9iyXL4Uh4yI41YH8pQAmLuXWodWAXUecwW+t
rgcT5vl1wDBQG6Ra6Vpeb3BnXqAwb7jnAnWuODQw76gDOHPmJu/5lhLG4XfaT4ahaMSP5YlH4dO8
BW98NdI9NEtpS7/kW9UUcHJigYlW6ooHWdk7kAd3v44HkXE0rret1GOVpOLUTgVSdkMn431XkLGB
uOjn6kBdKGdQXipzkIJd8ZrykyEr5iHDPjQgu9RBZ6bGNDGO8tSq2vgO5Xppk+Xdnr4HXZTFooHG
sDxNHHMvvPC61c8HHdgwDuZMJH/GcbAx7xEeiq9iH1dy1VnlyZBHvXBqaQrIHxhSL77ofzwgh2V2
w2kKefvwghXnQMfQ1cYx3mzfq95tvFCXp3YDF/21GYWVN/GaxhH0acpDvKNxEMP61f+ZboyHHsaV
fLRbn/G3pnOY3zU/NLWB+rr4ItaJeWMMGMa1yljx43vdi7dVd65NY77ij3utae/KR3EZc2sjInKj
HCia+k7MV/h01V88NErfz1u8F15hrJnTOdDyyog3qLe+S6on7ZyPIC301E4jSlfj1MRbyk/XM844
o9cfxBv56Fy97rtSDkZhZLQ6CN+m70WMK5q6+n6kqZFH89iej/ooBn30D4SZfn9Eo+gbVA/FH+Wq
vMF5n332mbr2v8s/aMszQd4Uzzc50LW18zA0qOwu3JUP81h4DDppCxxxuW+iaVzcNR5R3yYnDvgd
WwXOv9BeB/GbeJZr2zehTuvfs4PA/wMAAP//SqQDnAAAQABJREFU7J0JvHdD/cdHdgqhIrJmqWTJ
FiKUkr1NllK2KPKg/rI+j6UkFYpWWylEhCiyk3YVbcr2KBFFpaIs+f3nPZ7P8f3NnXN+55zf/d37
u/fOPK/7nPM7Z5bvfOY73/nO9zszx/3tb3/rDPvfvffe27nvvvs63/3udzvOuc7mm2/e4dkf//jH
zsMPPzyC/jvvvLOz0kordV7wghd0fvnLXxbviXvttdcWedx///3Fu/e+973h+fOe97zOBRdc0Hno
oYdC3qT52c9+1jnooIPCe/K8++67i3RtsIN26KMuhx9+eOfPf/5zKOvqq68ONNs6Kv+f/vSnIT7v
PvvZz3YefPDBgj7ye8Mb3hDeH3/88QVtPF955ZXD82WWWabzwx/+sEhDmZS33Xbbhffrrbde569/
/WuRVuXWvV5//fWd2WabLeS17bbbdn73u98VZf3mN7/pvOUtbwnviHPjjTd2lQOd1Odzn/tciHPM
Mcd0HnjggdC+tLFtp7r0lMWjnFe96lVFOdT5L3/5S2jjGdNnhOcvfelLizJpf0uX5Tfy2nXXXUOa
yy67LNSXcscS9zvuuKPzwhe+MNAAb8C70Ki/mTNnFrxxzTXXFLi34ffPfOYzRTnTj5je+dOf/lSU
Q5vCY9CwxBJL9N1Hbr755oKf6HOXXHJJ6JO0FX2a8imLvyuuuCLUqw0PgtM73vGOIq+zzjqrq++f
ffbZxbu3vvWt4Z14C96Ez6FBsoa25zl/iqfrLbfc0lWnK6+8MvA9bXTiiScW5SgvpeNq85V8s3KQ
8pCRNs3vf//70CZxftQ5JQeRea95zWsCHcg76CLur3/96y68Va4ti3vqpza56KKLQlr67g033NDZ
fffdw7sPfOADBY1teLCNHIzprPsbzKHf9nHkptoXvK+66qpQL8ld4q+yyioFDp/+9KeLfnLXXXd1
vvSlLxXvDjvssIAFOL/iFa8Iz5Ej8LilETnzne98J7ynLX/yk5+E98Qr4z+bfjTvwaTJWGzL/vCH
P1zUHT6JxwHFtW1MPLD97W9/G+p62qmnFXksu+yynT/84Q8BC9Jo/HnnO9/ZgfclA2mv8847rxhz
1VYqr8mVtlAfkcynzWk/2gY6ye/MM88MdDKWQcftt99ejO2nn3566Pe03/e///3OTjvtVNSJ+PTD
FE2/+tWvinjgwphaFjeVvtczeJv6ffSjHy1o57f4nfdxHpdffnmIS93pC9QVPC699NICb2gVVja9
8oWf4AXiUX9bJvdKY/liGHUg6JRMoy7oGdddd10Hef2jH/2og17Ec/5OPfXUol7U0coYMFSd4eOU
Lqv3XEkvnYa8X/ziFxf9wsYjX8nhtdZaK8hrnunv4osvDrShT8Q6btf4c8cz+rXGAduOKo82lUwj
P+SXdGpk1gEHHBDKos9q/EYXU9+Kx58jjjiiwE7lqiyu9CXRcdttt4W+RrnoCpZ2m6bNva0XWO+5
556dn//856GNqYd0IOr1gx/8oGhHaEBf2mijjYKcoj/YsaSsH1va76yBu62T1V2gFZqg1cbhvi3u
v/jFLwqZCz+hs4mXfvzjH3de97rXhTZbYIEFOox9cbn8tmMC9JWNCam0g3zWmQLh3//+d+exxx4L
fAp/bL311h2e/etf/+p0nh4JAHzy8pe/vPOiF70o9DXFePrppzuSzeTxn//855lXPg/0PfKGB9B3
//e//3WIzx9yUf2aPGnPfgJ0Qx98xBj23//+N5QDL2qOpDqqHOSr+sZXvvKVzhNPPPFM3T3t5LfF
FluE/BhvFFQO6ZZffvkw5qtOlIl+9va3vz3kS39/6qmnlLTxFdsD9aEs8mRerLKQRZq7EAf92wba
kvpQL96fcMIJnccffzzUizoU7WQTtbwn37XXXrsohzo/+eSToY0/9rGPBfoZx1QmdRBdn/rUp0Kd
VPQTjz/R2WuvvUJezB3Ei2OJO+MJPCnegHehGVq4/v3vfy94A94PoSW/ow+qHLB69NFHizamTZdb
brnw/iUveUnffQR7gfiJPsE8kD5JW6FLH3vssaEs6EE3JTBmKE2KB3fYYYeCfvEgGO2yyy5FXt/8
5je7+j7zecrgb8cddwzvhCHtDJ/zDhqhS3KJd3GYOXNmQR/x0bXg+3/84x+dL37xi0U5vENHsMHm
yxiM/JCMoCz+kJE2oG/RJiPy8+3PGAjdVg6C78YbbxyeY7eALvBBH7B4q1xbFvfUT1hhsyMt/Yjx
9/3vf39493//939Fsv0+sF94hi0Tm2ksc2U7gX7JXOYnKuPLX/5ylxwEoy233DK8P+WUU4py2t6Q
H/TvvffeIU/6OHLT4o3Mhh6VR/zVVlutoPG0004r+gk6h9V1PvKRjwTS6KOrrrpqUQY8bgM88r3v
fS+8BwvGAgLxyvjPph/NezCBz7DRin/Em5J/ZeUdOePIAhfSqg/G8W0bC1vmatT1nHPOKfJgTPvn
P/8ZkpNGfZ+5A7wP//FHe337298OfUb5xWXW/U1bqI/AD+Jx2o+2gU7CN77xjUDnJz/5yRAHOc17
yv/6178e+Jb2w2b1nve8p6gT8ekHqYCOTXr9Ic/K4qbS93oGb1M/2fgY7/gtfud9HG666aZAD3Wj
LwgPbJzIKNEqrGx65Qs/wQvEjcukfAXLF3X7Pryp+R2yELuH+EI60Pbbbx/K3nDDDfvSgaBTeiR1
Qc9AL0JeM9eTrsU7+FiBOloZY/sRfAyO4BuPCTb9OuusU2DN+Kt+oTi6Sg6/+tWv7sz08hospCtg
d4c2ypK8VTr1cdqszvhj5SD5Ib8k3+nHhx56aEGvxm/eq281HX+eevKpgk/JnzL56zUmq351r9RL
shqs9t133zBnBBPqIR0IWUTfVpDc3HTTTUO947GkrB83xV3lcbW6C7Tyx/w2Dm1xh38kc+EndDb1
LWwnb3rTm0KZCzxvgTDfjsvld90xIZU2P+sfATdI48Ro5K0Juxg4vmJER7FSWVbBUlyELe+t0VPv
5KRgcMFQr+copTidMRjrGcwOozOhVXltr/vvv3+Rr/Lnqg6lZ3KGxjhAH/V53/veV+RDWtVHdGHs
tnkyGGKYVP4qE0Om0rS9MnjbslCErTLMOxQcm39cL0uX7nF0MxDadP3co6wr7/gKjeuvv34w1Mph
YuOIFiks9h1GVvHiWOJ+nTfex7jDF1psIRqZZAm3NvyOEovSGZcVt7EtR+W1uV544YVdZakeukLH
G9/4xmA4V/5teDCFBXWyfZ/FAihxKscahEVPfMWpqvi6fv7zny+tk3BVuUpfp4+obBQtysKRqGe6
ypkzbdq0Ee+UDuOb4sdX0afnsYMS3n/zm99cpEdGKS5X0h9x+BEFJince8ncGIu6clD4172mxhFb
l/jeYoHBA+UzjqPf4MB74mFw0nN7pZ7QigzSIiz7HoPRuuuum0xLPI0bdetbJ16MvaWH+3gsjvNk
8qU0xEVpjuPw25YT85zS8xy5Z9Mzttj4KNuvf/3rizJ5x9+5557blc7mUXWfGg8wvMfPmQhb/mG8
xSlhHauqB1fRZZ+Vtd/BBx9c1Ed9tormuu9ip72lRfc4bO++u3tRIb/LeD2uF3JN6bXwQHmXXa2T
2PIF8ev2/bEci6VjxnVX/Xi+xx57FIsYU3qEFh9ZHlJ6DB+pNrVyhIWAqTjIZznWlR99BF1UkzXo
ow7SY8gHnVLxq66ktTyJcYhnNo3GNp7xLh6/644/pJXMhVbhbsuK70kTy4wUTlXPrGOd/PhLlfOF
L3yhaAP0mDhO/DtetNcP7qIfg5EdO971rnd1tavicW2DO+nOOOOMLgxSY/706dNLZT2LboUF9JWN
CZbWsbjvf2o93DnIoSzs4ysyKhgHZ1VDi24UD77/1re+FYyH1ujJe97JScG8DUO90sEfGELtmEF8
FtTEDqzGCHpbph0fVaZo0m/KYywhxDhAH/Wx8/PnPOc5RX1EE8478lGeGAW32mqr4rfKnDFjhpK0
vsZzBhZR2YVU0EEcG+J6iU57RTZYA7tN3+aeMd1iYsvi+Ws3em1wWtHO1ohKPNGCfmDTcU97iBfH
Ene7uBs6wHz/afsHh7popF44wxTa8PuTTzzZQfZZ7FJtbMtReW2uLBKwZakuuvIOXsb4rFCHB9E7
bMBeQN9XWfQt6qW+z3OcFSwwU6C/iI6yK/PYOLAgXuXE6fRc5So98884btnvW2+9NRSJIzGOI2dO
yiagdOgDoiNOHz+XM1l1hPe1gIa0qTGWhUQKwl3lEB8nl+rPc8q0MjfGQnJQCyCVRnJdZTW9ppwS
ojN1tVggG7TYJRWXOvGeeOj8qTjUk4AjxzooFfdrX/taZ4MNNkimJY7Gjab1roofYy9adEVnl/xL
5cP8U3F32223UqewLSfmOaXnOU5LG+jXNj46u+YLpOMdfyymbhNipxp5MleOn+NUsvzDQhQWcL3t
bW8r6q96WLrss7L2O+qoo4o81Gfb1CVOEzvtLS26X3LJJcNcwaZFxy3jdeGt9PRr4hO08EDvyq6U
KSex5Qvi1+372DksXzCm0ya2TN7P8BvW+g3SMeO6qyye77PPPoUDH+ek3umqxUeWh/SODWmpYOUI
CwHLghzryo8+csghhxQ2H+izegz5xLgrbepqeRJbDfnZeLFsj8fvtuOPcLdlpe5jmVGGU9lz29er
2phxXsG2TYomnqUWybTFXeWiF9mxo0o+t8Ud+71t49SYz6K8soUDdccE1SlfRxeBoXesY3hUR0td
UWatoUUMaeNiFCAOkyL7HGGEc0PpWYWDMLRxdI/hC+PlaBl+WK2KMFb+XNnhgXLCjkc9l6HS4rD6
6qsX7xWPtKxmVV3slTqyK05x7RUDwmjuEmEFNCvUbBncl9Fn6xWn0W+cdUwWbJ36uccQe/TRR4+g
EWXu/PPPL5z4CKc111yzKx4DJrSk6I55cSxxZ7CI+Un4sVvkyCOPDCukLW5t+R0Fg76j/HV997vf
3cFQasvo9x7jBsqaytCV8pkEWQeAymrKg6SjP6JcK397ZfUX75U/V1ZF2zipe1ZV2zS6Rx7F+NE/
2P1p+U3pU7yWKo92ZuJAOciqOI4ciiyise+gRTvZyvoGspM4m222WZHWOg9UNya1O++8cxFH5bBy
NOUsbMqDFoumclA01rmmxhHVJXWNsaBeyNZUXBQiLc5CZsdxaA+NSykZRHyMOUyi47T6rXGjTl3r
xrHYqxx7jeVfnC8LU6QA292ccTx4mHg437mftt+0op7wOMYe5F2cjt/sjOWUFksX92AK7kxKUunq
PEu1BTKPlbwsuKMc6MMRqckPz+QwSvUN4nMSCE5IKxPK8NFuk16LGOrUx8ahbVR+Cj/qYU8IsGkx
+MZpyAvHC3xK2jh93f5FmTgIKc/yX9O+P1ZjsRy87EhmnGSRnuqP7ES/sNjZOikehgji4FjXM10x
ANj0ukdvpM+wYxrZo+f2imxnURV5WR1TeXNFT5BsUlqws3HK7hdccMFi/FFa+imYxGloP3gj1qdL
xx8vSxl/WChDXji7WFykcuIxLS5Pacr6lfLpdZVjnYV28P1xxx1X9BvKoK+zwt7mQ9uInhTf8g6M
Yiz6wV3lY5hW3av0/La4Uw5jDUZ61VFXFsmlxnzRxlWLrUjTb9vYfPu9H91p9vDlxlikdkpd0YVt
wKFk49H/rr3m2k7HO7MZ9+27xRZbLDg3lB4Dbmq+RRp2q6IDlRmIlEfdK7t90Q8sPSxsY6cXi2V5
Du0yVFocrO6t9KRlPE8F0jL+K669YkdAto9WYB7EriNbBvdl9Nl6xWn0G2ddvIuzH3px/nziE58Y
QSOOD+Y2cuLjWGcnmOjgiiEYWlJ0x7w4lrgz1y/T49HdWNwFz9nQlt9ZgIUzxeLCPWMD485oBnZB
ceJRXBblMz9NOfLgwU022WREmjIehF6wAaO4HH4zdsbYaWF8Kr6eMY9NBcaaGD9oQ7e2/Kb02hmm
fMuutDN6DEGLNG1cORTR2+xzaNFOtrK+wUIg4uhkDNJ/9atfHVE9xjNONbL5c48+l3IW9uJB6mFl
rsWiqRwcQWzFg3gciesT/46xoF5lNtqTTjqpWJyFzI7zoj2QHQQcOZYnFJc5C5tS9Du+atyoqGLj
Vxb7uDx+o5NXBRamaF5td3PGaeBh4mE34N6O2/A4u12Rd6mAjsemrJg+MAX3sl2/qbziZ6m2QOZx
Cor0SuhjUQeOatGAQwseTvUN4nMSCCdWWZlQho9OjqhyksV01/lN26j8FH7UxZ4QYPNEN47TkBeL
g+FT4WDT1+1fpGGXNMHyX9O+T3/iZADRYq+jqQPJwcuOZMZJnfxFechO7D422DqJJk6DIeBY1zNd
2QyWCmBNn2HHNLKnLKgvScdUvroy1sULR1M0Kr692vFH5dNP99tvvxH1oP2on5XtpGk7/sRjmqXL
3pf1K9Hb6yrHOgs+4HtsYuo3lMNCX2xqNuiEWt6n+Jbn8E2MRT+4q3wtIqWMKj2/Le6Uw1iT0rdY
JJca80Ub17pjgk2T70cPgdkYlLzgyMEg4AWg88c1uec+97nOH2vivGBz88wzj4kxerdeWIcyyJ9y
qoI3vLn555/fzTvvvA4a/aTE+clo+P385z+/Kml4R528AAt18SwUyptjjjl6pmsTwR/D5PzKHucF
j5tvvvncwgsv3CabgabxE/2AI1iA6aDaeCxxh5/8qnnnd4a5Rx55JPDwIossUoljG373g5XzuzAd
Vz94OG9U78m/lUT0eAnvUzf4iT7gHTc9UjjXhge9Mu+8kbnIG74dBF+AG+2EjPGrboeuf4A1f94I
GWhrigE8BZakp716yZkmPNivHCwadwxuwBB+QsaAIXzbC4sxIGtcivAGNucnGM47hZ0/jSH05RQh
3tDk/HFfzhvFnF88E3iIePSTutghm+A9ZNPcc889UNmUqkPVM/iXvjHnnHOGvlW3Tt6B7/xK2ZC1
d0I578yuKmbM33llvuDzQY33/fb9QY/FflW88wYd5428bo011ghtgKyn/9dt56YNR7/wi8+c30Hg
/M4y5x0mpVmg84ABcgi60CHRcckDPYG+MoiAHKQceJ7QS1/td/wZRB3IE53W79YJuo833hZyBfzQ
TWafffZBFd0qX9rYO1HcXHPN5bxxqGce/eBO30TmUib6NLpNVaBPMCZ8/OMfd35BgvMG2tIxoSqf
QbzrxZ+DKHOy54mOh06ueTVzhqZ6ZV2M4GPNdSmnKqArQJPm1fRxzavrjGPUSWXB05Q3KFnv7TXO
G8SLeVCvuV1VvQf1jjGGcQUsmPsPqo3HEnf4Cf2GcZPx0+8gcosuumglhG34HdnpjeZBhnK/0EIL
BX6qLKiPl/A+dgLGLvqAN2b3zK0ND6LvMj4owLeD4AswQ0+mLtJpVOYwXOEj+Ac9oQ0G8BR6FOMs
dewlZ5rwYL9ycCzxBUfoRcYgt+HbXliMJX1jWZZfeOS88915p7DzpzGU6lDogSuuuGKYK/jFM63m
1cgmO6/uNbaOJQ7wg+bV9K26/IBc9yejBVL9xqBijj2WtFeV5Rf0F/PqQY33/fb9QY/Ffje68ycn
OO9QdP6zUwEuZD39v247V2Gcesf4sfHGGzu/UNr5ndJhjpKKxzN0HjBADkEXOqTm1egJg5xXo3tq
Xt1LX+13/Cmrf7/P0Rf9JoQwdiOn5Asb5nm1P0EjtKs/xbhn9fvBnb6peTX6NON+r1B3TOiVT37f
DoHsWG+HW06VEcgIZAQyAhmBjEAFAkx8CBi7/OrrYJD0q47dMsssE56n/vM7boNT0u+ocf6b9IWh
AOPfVAvCj3rLCeVXKgdDylTDYtjrS1v5VfqBZ+Fxvys8kDwovhVv+JXbzp+oFPoUznVNsocdr4lI
HwYUf7pMMOr64++C44h6DKqNJyJGvWgW32pMwIgCD1eNCb3yHO332bE+2ojm/DICGYGMQEYgI5AR
6BuBWdvh7v/z/c6fnhTm1bf84ha33PLliyfvmXmPW3a5ZZ0/Htmdc/Y5z+qsU29a7fcgP9sCLEo4
6uijnD/1KizyfPZNvhsKBHxb7TdtP3fyySc7f4qXW3211Z8haxB8a/jiqquvcv5zqmFBMk7UPK8e
HDf4z+G4tdZeK9gJ/SkIbv755h9cGw+uGuObc4sxYXwJnrylZ8f65G3bXLOMQEYgI5ARyAiMCwKs
isdhwokF/hjnsKMWQvxnSRw7e5deeukRdPkj55w/4tn5o73Cuz333DOsSGb17wc/+MFiZfmIhJPw
AScdsMOfFdnU3x8tHmrJbil/rJnzx+g+axyZhPWfSFViF+GJJ57o/PHtwenqj6oLC0lYic3pC/7z
GKNWHVZxUxY7GVjB7I+HD2VSgD+Szu27776hz41agTmjgAAnabBrwh8DF377o87d4osvHnZn0hfX
XXfdjFQPBC6+yI8JN1wf+BYjGQtBCFVjQo8sB/I6O9YHAmvONCOQEcgIZAQyAhmBlgj4z0k5//mU
oOOzg5cdtQR/JLebPn2685/PGpGzP9I6nBLnj4kO75gjaF55+OGHB+f8iEST9AEnZ8yYMaOoP4v3
Ccyr/RHUzn/eJc+rh6TtmVf7Y/rdGWecEU5y2XTTTZ3/lnuYc6233nrOfx5j1ChlXo1dxX/2M8xP
/KfKQpkUwOKLD33oQ3lePWpoP5vRnXfe6U444YRw2h5P/VHnwc6H7YS+uMEGGzwbOd8lEWgzJiQz
yg9HBYHsWB8VGHMmGYGMQEYgI5ARyAiAALsScZZceeWVSUD8Nzed/8bdiHf+m4Hh+PcRL/yDsjSp
uJPhmf+mXDgeK1WXlVZaybEIYdiOnk7ROhWe4XRN8TN1H+22YsLpvylWONMtvhiHcFhmx6BFZXTu
/bf9nP/2YzKzww47zB144IHJd/nhMwjwWQ7GBP991yQkwyTfc/9JNlF+mBHICGQEMgIZgYzAOCDA
vHqbbbZx/lvaydJvuumm5JyRBep8oioVytKk4k6GZ7fddltY9JyqC59a8982zvPqFDjj8IxjwZk/
p8JotxXzav/t+cKZbstkXu2/zT10n+y0NE7U+3PPPbd048ExxxzjmFvnUI5A2zGhPMf8pl8EsmO9
XwRz+oxARiAjkBHICGQEuhBgZTjfB4qdvzhYOPY39Y1FVijfe++9YTV5V2b+B98IHtT3tOKyhuE3
3+piMsfVHjUNfkz0OAIwh+FBAOe6vgkmqmgrnHR1vl2qNHWu9913n+O7XXHfon+wY8XyS538cpze
CNC2rK7ne2c20D+XXHLJ0Cft83w/EoE2Y8LIXAb/JDvWB49xLiEjkBHICGQEMgIZgfoIMKd+8MEH
R8yF0UNxDJbNq++5557kcdZ8I3iqzauZq8Xzan7zzXh0+RyGBwGc6/G8mrbie/OLLbbYqBKK7emR
Rx4Z0R/oH/StPK8eVbhDZrTt7bffPmJezXNOtcTWlUM1Am3GhOoc89t+EMiO9X7Qy2kzAhmBjEBG
ICOQEcgIZAQyAhmBjEBGYMIjkB3rE74JcwUyAhmBjEBGICOQEcgIZAQyAhmBjEBGICMwcASyY33g
EOcCMgIZgYxARiAjkBHICGQEMgIZgYxARmCYEciO9WFunUxbRiAjkBHICGQEMgIZgYxARiAjkBHI
CGQEhgOB7FgfjnbIVGQEMgIZgYxARiAjkBHICGQEMgIZgYzAOCGQHevjBHwuNiOQEcgIZAQyAhmB
jEBGICOQEcgIZAQyAhMIgexYn0CNlUnNCGQEMgIZgYxARiAjkBHICGQEMgIZgdFHIDvWRx/TnGNG
ICOQEcgIZAQyAhmBjEBGICOQEcgIZAQmGwLZsT7ZWjTXJyOQEcgIZAQyAhmBjEBGICOQEcgIZAQa
IZAd643gypEzAhmBjEBGICOQEcgIZAQyAhmBjEBGICMwJRGYUI71f/3rX+7iiy92Cy64oNtyyy3d
7LPPPiUbLVc6I2AR6HQ64edss81mHw/VvWi0RLWl1+bVNg9Lx2jnZ/OeaPcZi2dbLGPxLBbDcGfb
A3qq+j5xL7vsMvfvf//bbb755m6yOEqmsg5k27+q7YeBVyczDf/85z/dJZdc4hZaaCG3xRZbZD18
Mjf2FK3bZBkv6jQf/fmCb1zgFnr+Qm7bbbfN/bkOaDnOpEdA+sZQ6xp+6t/x/2xoS6/qS15t87B0
KL/ZnLdLDK9pwpI8sHthQQGjge3ACB2LjA3PTnksxgLvHmVY3iRqVZsQ96KLLnLMQ7feemu38MIL
98h9YrymPueff36Y02y33XZTSwfK/XEomHRK8+BQtEAmIiMwOghMKMc6xrxdd93VveAFL3A//vGP
wyA4OjDkXIYFAavkVSl4w0LveNNxxhlnuO985zvuOc95jtt0003d3nvvPd4kjSj/qaeech/60Ifc
Aw884Oabb77w/sEHH3QnnHCCW2mllUbEr3pAvz/yyCPd4osv7v70pz+5/fbbz2211VZVSSrfffvb
33Znnnmmm2OOOdzLX/5yd/jhhwcsKxON40v6x6D6BW2y1157BSfkfffd597//vc7JhlTMYhnH3nk
kcC3hx12mHvNa14zFaEY9zo/+uij7qqrrnLf/e533cMPPxzowam3++67u3XXXTdJ39133+3WWmut
8I50a6+9djLeRHs4GXWgOjIt98fh4dRLLvZ6+G67uhe+8IXuRz/6UdbDx6Bp6vSRMSBj1IsY1npN
Jcf6N77xDbf99tu7F73oRe62226bNIvQRp1ZJ3KGs4znXU5O/LFT3OFZ1qSf+9zn3Le+9a0wF3zj
G9/opk2bVhZ13J6jEzFHu//++938888f6Pjzn//svvjFL7qXvexljej6/ve/7z784Q+7JZZYwv3x
j390Bx10kHvzm9/cKA8bmQ0wX/jCF8K8+pWvfKX76Ec/OmXn1dg9dt55Z7fIIou4e++91x1wwAFB
3lq8psq9ePYf//hH4NuPfOQjbuONN54q1R+qejKvxnZ46aWXuoceeijQht6DTNlggw2StN55551u
hRVWCO9++MMfule/+tXJeBPt4QUXXODe/va3hznN7373u0mhA9XRrXN/HB5OnYw8ODzopimp00fS
KYf8adbtx7WBJpRjHeWfVXLZsT6uPDOQwp988kl3/fXXuyuuuCJMPhZbbDH30pe+NDg7b775Zrfh
hhuWKnsDIWiCZIpziUksAwQ7M7/61a8O3WpLFPiNNtrI3XPPPQFVaCVcc801bo011gj3df/DCMji
AeVx/PHHuz322KNu8hHxjj7qaPfpz3x6qPET0bfffrtjIrrnnnuG/qDno3Ul//XWWy9kB779Yjta
dI1HPuLZmTNnhuKnMhbjgb/KxJG+2WabBdkRLyhhUc73vve9pLxjkYiMi23kjMoftutk04GuvPLK
sFNg+vTpbqmlliqFO/fHUmjG/MVNN93kttlmm+xYHyPkf//73wfHxKDG/TGqRlcx6Bef/exnHY6g
I444ws0zzzxd78f7x1RyrDPv2mSTTbJjfbyZbgDlM69mUSJOYhymL37xi8NiZpydOEZYjP3a1752
ACVP3CyRTTvssINjrsk9Y903v/nNpJ45nrVEJ1pttdUci0gJ0Er46U9/WiwqDQ9q/Hf22We7d73r
XUUep5xyittnn31qpExHOeSQQ9zHP/7xkB82O3a5DusJkzjSDj30UPeBD3wgyMF0jdo/JX8W7RNo
o36xbU/J+KcUz951112BmKmMxXi2Bo50FqUjO+J5Nbx66623Jvsri0TY1EJoI2fGs85VZd9www1h
gQeLhSeDY50NQ1/72tfcxz72MbfMMsuUVj33x1JoxvzFZOPBMQewYYGDHvcbkjMq0dEvPvWpTzk2
xtH3h21ePSqVnACZTCjHOgamY489Nhw/w3XeeeedABBnEnshwM7jHXfc0f3mN7/pUvI0UST9sDqN
e9Vt0O8fe+yx4FwCP3YXn3baaUO5MhxF/j//+U9Q1nfZZRf385//vJVj/YknngjHO+Po/NKXvtS3
8/d///ufu/zyyx00DTN+8BErGt/73vf2XecqnvzrX/8adi2BxVR3JnNE6oknnug+/elPT3ksqnhm
kO/E8wsssIA76aST3Kqrrurg0T/84Q9uxRVXdKuvvnqyeNoOhw1yB11h6aWXTsabaA8nkw7E+M5O
MAwAdRY/5P44HNw6mXhwOBCtpkKLCXFU9LOIsLqUsX3LJzpYMPX3v/99KE89mEqOdXapc1LToosu
GsbYPK8e274wqNJwpOPU/OUvf1k6rx5Wp/GgMKmbL/NqdBLwecc73uHOOeecoZxXowtDKyeuscMc
Z1cbhxfzao6iPeqoo9zJJ5/ct/OXeTWLOd7ylreE3dnnnnvuUOIHP9C27CgfpJP3L3/5i/v1r3/t
Xve61w20nLr8PZ7xOAUOoz/6zCAxH886DnvZ4nnm1aeeeqp71ate5ViMzkYCFqSvueaaySowBzvw
wAPDHJz5+LLLLpuMN9EeTiYdiHk1i3BPP/30WmNB7o/Dwa2TiQeHA9FqKiQDJ9MYxEKZddZZJ9g9
J8MCoeoWHN63E8qx3gZG65wlPavzeBav0rN5t0lj0ze9T5VXlUcqvp5V1asqz/F6hzLHbmYmiCh5
OEsRDEzymIwdd9xxgbQqp6fqrjq0wcDmUZXexqO8qriip801VQ7PUuVhQMHBxOIDnBQ2jr2vosOW
VzdNVX5V7w4++ODQznWcKWX54AxnMjwazt8YP47VbxosfqQdBIY6BrpNnZvQp2O025RD3ZuURXwb
bNpBYGjLqnMf81lT+mx8ymtSJ5u2Sbo69VIcW4alj+dVZZalU75VV5u2qgzykKw466yz+vrkQxU9
w/CuCSZt6B10/m1oIo3at+5YMJ79sUkdU3jrWRXPK44tqyq+jTcR7m39hqleli5whDaeDYLGpmVx
IhEnE7VxrKfK6sUnSqO667dw6ZW+znsWWb7hDW8Ien+bzwlYmkaTLtE+lRzrqnOTq8Vfx4vzTDyT
yqtNmlQ+tZ75zbv229OisTJtnMbLgOLz1RPsyHROgmBOiEOPeTVzaU6jwjHyla98xc2YMSNAUeU0
tu1F5Kq2LcPV5lGV3sZrW1YZDfa5LUc8wbMUbTiZlltuueBcZ8f1c2Z7TsFTqfi2nHAf89OAvzXO
Z9FwirdxrIt2nOHbbrvtqDg8OaFuWe94Y3EHY9iwzqt1BG8rA3vcxsiMkqBjtFuV4/O0vEsRtXhw
Fi02bZN0s5KP+iXms6b02fgQ16RONm2TdE1A6CrD9nvPL/wsC6XpyhKY50oruWZejbiVrOAkjn4+
+TAi4yF7IEwgayBtbfr/QPJviafat+5Y0G9/RE/q0rcq5GDLKj2TzJQjvNXG+p3M36TjfZ0+ksxn
SB8WGFhZMwS0ii5IEeY8q2yrlnQ3Laufcd+WFerWi98N/6nuNg89a1n1Itl///vfcBIJJ4u0cax3
0TRkvFRUcgLcDL1jnW+A4Cx8/PHHQ2fkaDOOokEZqGJGdqrx7Ri+r4rzlmOoOE6co9BYoccEJP4+
K0zJ0aSXXXaZu+OOO0KaVVZZJRy3heGXY9N222230KzQxWSV1cKPPfqYe8cO7wh585Jy2VE311xz
Oehl1a6Oz7E8wcTjvPPOC8ef6znfrGH3rI6x1XNdf/KTn4SjU3/2s5+FR8suu2z49i+rnSjrk5/8
ZFi9rPjDfpVhnW970Va0jw0YAGirlGMd/DC0/+IXvwjtRTo+E8CuHnbDWP5AYFz0zYvc/X++P7TL
o/9+NLQZ7ULbXnjhhUEQzTnnnO797/Pfln5z97el+SYUk2vaHJwJyy+/vHvnO98ZjtKzZYWXLf9r
woMqgmO1+IbwTjvtFI5J5zh4+ASe5xlHvFGvVIDPUa7BgO8WP/3002FhA/1L31IiHfVnhRcr4+F9
+gHHjNAvwUT9k8kz5c0999yp4sIztXkdZworsDiqUsfdsauGVd+33HJLOK6vrfPXEif8aEu++w52
nJ5AWyy44IJBbtDPUgFegAfPP//8cPwKcfiWGgYrdjtU4ZDKL/VMg92Xv/xl98EPftAdc8wx4TtY
tAOBNkPWpHiQdkOm8W36X/3qV4F3xRfwRuqoGOEhbJFxX//610NayqDOS71kKbf1Nlt3kdsEC/LE
WUpgdwPGF3BH2UFe07eYHLBDuZ/AMZjssAQfAvTTNhgbFa699trQ3mor4sDDYKPFDDg1OCKN7xfy
nTzamO/RI2dSYRixsHTCUxwFiqxAASNwPCiLc9hFyIkS7CaOj+dmXAUT+i67XOAvvmWOvGBBlOVB
xkAmbOD6vOc9L/SjCy+40H37O98OPLT++uuHMjh+zQbypc2QJZwYgHxiJ83rX//6MN7yLVjoZ8yI
jXWMIcg0tbeVVbaM+J5V2/ABp6dQB46ZRz+4+qqrw5hBeRv7bwG+5CUvaSUHSd92/KEOTXQgHFVM
qAkrr7xy2K3P6nWNCXxL7t3vfney75OmLhbwS9tAnWg7vusJbehcGP4l08g3NWa17Y/gzydl0Lek
OyEHt9l6G7fDjjuEY83b1oV0VufDecHE5owzzgh6C98r5Zg3ZChHLHKCAiePWN5FXhCHP2Q1vwno
nDhVrV7EWMvRrcRBjiLHGQNuvPHG4EghHfoj/Wu++ebjZwiikR/owshYykOPIs9lllkmPEeHikPM
g/zmcz1lejh50qb0Q2Tta17zmiDb+aYjdJf1fZVreRCc6I/IF+Q5TiMCRxj3w4Pk0UTf4lMpjKWS
Lcgp+hdyCTzgLWQn7/mNzvCmN72JYkJoOieBZwka9/kMzPve976ij1SN+2Cc0ks44pixVmMdfIru
S1+DbxmLke23//52d/wnjg/1Y+wjL3iRe/imnwA26N+bv+mZsea6664LervqS96pvs/zJuMP8duG
ye5Yf+rJp9zpZ5xe6O3wCzIG3ciO4TF+LICGX+jb9ENkKHyx5JJL+nnaKV7mnT7ik130MY4mJR3j
Omlw+rJLjk9/8Q1r+JoAb5x55pnhdCt0f+bCjPME9ADmAfAu9MLLVi6GSL7L3D3z7uA8hkYF5A+7
uJjPxwG+Y8xEH2WMJPAZMsZ7dplSFt/cZu4zEQL1QXfGgYe+gp4nDAP9HqODPnyQ+8QnPpHcjQ3G
6G1gQXsR0Ln23XffIM8sf1AW4xpHT9IunERBm9Eu6GKMU7/97W+DTGSnI7qHDchL5CbOfuQpgZOI
mMPDV7Ysm67pfRMeVN7Ie8ad97znPW7//fcPdiOwhH+Z/zIup+QUmJCW+TLjBbIEWc2YR/8iTwXq
j3yHt5C9fOaMeQf0gomdV4OJ5LbS22sTZwp9i7EUXZmADo7uj4601VZbjYpjnbxpS3Die+s/+MEP
wukJLKrC1kD7Lr+cH0sSjkb6HDzI/IT5FgG9hHnZ2972tkocQuQa/9FOBOZ0yB9sZ/AoMohQNb7S
bsg0Ps2ELQLehS923XXX8JeaVwsPOdbR3Whj6gqfkwc62Fvf+tZQvv5rggV5Yt8kUA/yAnd4EXlN
e6CPNv0En2jRFT2Ofi1+hH7aBnuJAryPvissiAMP81tODWx76HCcCsd8kTaGj7fYYgtl03UdRiws
gfAUnyfj5EhsSASwRuf629/+FmQqcx7a2QbGVU4mYjyED4iLLRh5gdywcpAFP+AHjujWfMaF9mVu
RFo2KmFjQ2bbwDvaDH2aEwOQ29h40FHhG/R56GfMsHMT8mAsxU6g9oa36DNqW1uOvUePZxygbakD
NhTGYvoOYwblYUPhRDnJQZs38o/nkoPkwTguOkhvxx82ZDG31fgDLrQDOvkBBxwQTs8QfZTD3FN5
gw/jZJkOxCewkP+EV7ziFWHRFZ8zon/R97EfMq8rw6QuFmWn8Inuqit1ou34rAU6C/M75no8V0iN
WW37Iw71H/34Gd2JeSsBLJA77/HjZsyDoqHu1ep82JqQYZ///OdDO+IbuPrqq4MMxV7FCQrU2/Iu
eu5VV18V5jTIatqYgM7Jp06sXgQfMGdHxqDHMMYzBjAfYp4Er6E/ohfaebVo5D22aWQsdGFHZRxn
cR7PYzsXdDTlwbZ9n7IIY8GDlCN9C2yQG/BEmc7Pe2wT6jekpX8xBoDP1776NffQww+FPk/7oZuz
+E+hek5ycmjTDTbYQNFDO/Kjzbhfd/yBX9B9kTtgjm6HbEcWITPgI2yayGx4kXHQ+lsKYhvcgBV8
S12ZJ+MXg+fgS4VU3+ddk/FHeeVrBQJ+AO8M859XWjt+MC3+fFU63gDb8YxQSrd3IMFJ4c+m5V7P
vYGoK7135nS8Ib0yjZ94FOV6Zb/jmbbIzyuGIb/7778/PLdlecWiqyzw9gpNkdbSKPq886zjvy/b
lc4fbVtJn1dKO35S3JVmmNvWtpNXKpN0X3/99aHt/WSg6z18IaxS+PmjDbviq71su3jB1/FKVBem
5Bnj6CcRybKUlxfyHb/ruau8Nrg35UGV4Z0oBX3QLzyEj1+UUPCt0sBbhx12WJFOaVQn0k4/YnrH
C+hQL688hnyVp1c2wnNvkOoqL8ZO5dmrVz5DucrDvrP39BuVJ/r0W1f6kU3T5j7Gj7zj8uC/WOb4
IxY73kgSaFR8XckDLLzC1xd99BHyUX3Lrn7xTtFWwgBZ5BWUUvqQd/Cc4usqPISt7WvCxjsUuvBo
ikXMT6qXxY9nKdkpOntd4XGv0HZhR/5e6S3qrDg8Fw1+strxSnGI4428xXPV3caV3Le0DCMWlj5k
4fbbb1/US5jbelHXuH/6BTSVaZCDXvEvsPXKYpfMsPipLHjbGyGLNNDpJ69FOWqT+LrA855tI9UN
XoYvVR/S1JFHdeQMeSIvY74VRr3kYD/jTxMdKMXPFnfhiC7jd7N14Q6OTbAQ7k2v3mDas32hM9W3
2vRHPxnveGN/KFO8oavwKNM/6tQNOeudqF11ivNXG6g8byzqwt4v0inSKy1X4vtFKR3GAdFC/9A7
5aerfY5+6o18IZ03Yo2g0aZROq7ewVSUpTL9JK3oV4rrDX5dY4Dicq3T96Ev7vukrcuDsY5ny69z
7ye/PXV+b3Qs6piqk8ZB9D87HwBbvYMWxoQYb3AUllztnIT4dcZ9b8AaMe73Gn+gU3qJN8IXNFj6
dK+r6ITP4aU6+KbioFMqz7IrZflFIiPKaDr+pMqv+8wbIyZ1YJ4IzvqjLbxBvuONM6X1hsfVZkqn
K8+5p4/Y4I2VHW/oCekUV1fl5RegFuV6w3jHG2OL+PAnwRv+w3PSqizkoA3eCNrxTqskjUrjvz/Y
IV4R/O1HP/rRIk/RpnJIBz3wzUQJaifq4BfEJMn2i8tCe3njdNd7+ELtEmPBb7CyQe0lvLh6Y2HH
Oxm6ME3hSB9PlaW8vBO+Q/79hqY8qPL8ooKCPuiELtHGb3TouL94A2oH202qXsrDO7U6xCMwritP
rsy9CN4B1lVeHR70ToVQrvIIGSX+s/p1XCfRTT/qNzC2Kz9d4/IYD7zzo6so+Nc74EJaxdeVfBi/
mJ/1E6SPi66yq1+8U7SVyvMLAzp+wXcpfcg77wBQ9OIqPIQtcyVbLnVkvm55qikWfiFQwU9x3uSv
Z8xj2gbkJ/MH5cWVvP1CnCJLxbFlMq9mfkJA347T27j+5MoiL90MIxaijat3ahRyT5hQJ1svnsf9
0zuVCiwUX1fiIwf9Qo6iKO/8G5Gn4qss+gjzOxuQKRbz1D3zarWR0sLL8KXKIB359xoT68gZ8vQL
Rjsx3wojv2GsslwwRzaq3tDG+OMXeYS6VtFM/9N7pfdO6K7+JwxS/ExZSi8s/QKKjne+KVlxbYJF
kajhjV+g2rN9odMv+hiRc5v+iBz0ixy6cI7x8M7EEWXVfUD+fhFvV53i/OM28AsEurL3i3SK9ErL
lXTMq5EpCuI1taW9Kg3P4H2/YCgkS9GodCpPv/3CUhVVXJvwIIna9n3SjgUPUg7yopfOTz/ROJeq
k8ZB9W9hyFXvKItxXO+Et656buck/Yz7TcYfv6CnSyZBi+Uh/dYzv/gizHGoU5uATqn6Vl2xJcah
6fgTp8+/RyLAyrgRBoxhe4bxGuem37UVmAdHoRx+KVr9ytMQD0O/XyESFAW/g6bjd6MWzC2nkdLj
bIEh/Uq3jl+ZFjDBIIugFvNbxzrpUE79ysCQzubHc+jVOxnfVZZfhRvSUB4KgF/p1cE4i7C2BlaM
yErDhFeGNgxMOBFQnCjLr34J+dVxIii/Ybj6leqBbr96s+NXNBZ1tbSh5OEAjx1scjYwyCGYGRSZ
CPsVxwUWfoVwV54MLLSL32FU4E8bkAdtQj7cW+OhX8FdxPXfHeqgKCBg/bFewRAq3kDBgFZLe9P7
NjxIGSihEqbQ71dwdsBHWPAOPrH0+N0KRRr6EzxIvbhirFV+4muMqdAn7CxP0zbCtQ4P1nGsWyWA
CRkGMZQ/+ocwh0bRZ+vW9N7iR57iKfqZX1VflPehD32owNA6raEP3kFJQs7YQRXe7scQjeEFeqiz
6q17e00Z2KER2QB9DLw4R6ARxVrtG/cry0/wCL+RgcSnPGSqX4XY5ehpgwWyCx4SP5E/shA+hSY5
qlgw0E+/om1RxMjf75zosFCHsYM8tagAjFF6hQmyQGVaR54/FSLQDI1+lXWIz3hhZdcwY0FbUi9r
9KQ9wRvHsP/sRsFjYGH7+FVXXlXg41f5BjlIvRlfjzzyyCKdHSPpC/AKfYD84B8m0fAhjkV+8zx2
oGKAop/7FeYdv2q1SOtX+odn73//+zv0RbCO+zrtzcQagzKyqJc8Qk6q3ekn6A5+pXcHxV/0MQFD
92AM7kcOthl/VD/aoq4OhAHFr8btqhc8TV0PPfTQ4nnsvGqKhWhreoUnwFb4ijf0TNeYLyinaX8k
jQzO5Av/gQ8TLDCV7gQN8E7Tuig+PG3HW8YA9BbxFjLc7xDrHH300eFZvBBq/2n7Bzym7TctyEDk
NP0S/iUP6FZZXP1OhCJv4ce46ndAdVgEJmzhaWgjDQ5Xv0u0SEccFh7hvGIcVRquqYUGMQ/63eql
eniq7+OUsX2fcuI25r0ws/3R76Ir6OO5+qPFpOk97UFZyLMynd861un/yC3Rh94EL6lcdEXJOsYH
dCm9k75FmtScBCysLkNbtRn3kU8a78CJ/gIvxXqJdFwWF8Crtk6Mb/Anz6CLBb1gRd34HcsN1bHO
dfr06SEP8lGZ3Ns/v+NkRBl+91sRf8kllqw1/tShpyzOyKny5HuCvGPhjT+mOWDLImM5/FK19Tst
QjwcivAZxma/i6jjd6MW7SenkdLTB2hnvwsuyB+e+x0pQbaJB6xjnfcY2f1ujpCnzY9+A716B/02
MK6IZ9H1/E6YDoZPeN+OAdb4ij6kfuZ35QWjIIZxaFhttdVCfnWcmpaO8b6nHuCAUdqfQpEkh7ZD
T0InsQEZR7ss9qLFwhiADQQ9WXoDWLDA2AZkIO2CrFSf5koe/pS3jj/NKzg//E6jwngoJyPx/Ekk
Hb+bLDjR0c3tAia/S757IYQtuOZ9Gx4ka+tYpy7giiwVFuAEnxTh6U5HfYR39BN4kMUBXHHSUl/e
ia9ZMIJDEux4bnmathGudXhQPG7zKGibdUNbqY0YH/zuvyBLcUBQvt6Jvjh9k9+2jcmXOsALGHL9
Z0CK8lggp0B/ldMa+oiPUxE5w4JM0divIRr9D3rIT3nq3l533HHHETIRGpEN0If+Qp+BRrvwK+5X
1E94wCME9Dvxg9+FH8ZY6+hpgwWyi/a3fRFZiOxkXJejCl5EBrQN1GW1VZ+Rj8zHWKjH2EGeWlQA
xnbcRhaoTOvIY6MUNNOXNN/zJ6B0ya5hxgIMqRc42/YEb+ySn/nMZwoe473tn8y7ecYfYyRyEJnN
+MpCS/GmdUT5HZCBV+gDKg/bNnxo7dValKY2xuZCP0d+Me9X2iNnHBmeMd8+4vAjwpipNLrS3v5E
t6AnM17yh+5UFpCTqhf9hDk1cxP0StWJeTW6B/lYOUg6i5GVg6lyy8Yf+rcdf+B9yrGBcqwOhMwu
04GwN8gHAY3Ui/ypq11MxTzahqZY2LRN7tHRJbuEvX7b62mnVjvW6/RH6Pq///u/goewz4IPjlAw
le4EHfBO2wBP2/GWMQC9RfWjjRnfNb+KF0Lhg6Hu2I6QL8hp+iXpyIN+Y4O1gfCetIyr2AdnTJ/R
xbvQRkBmYxsUTaTBDsa8inGU33qHDScOTXiwbd8fKx6kbugz1BcZzjyWEOv8Vp7R/2VjJh19EF5S
wNciWce4hi6lgFwhDYuPUnMS3lldpu2433T8YTGn3UBCneA/6YDQhT0E3lXdYrmhOta5Yt+Hzyyv
6be9xmW0GX/q0DPV40wIx7qMH0zwMBpVOdaZKPujMUNnQzGRg0R5yKiL0qFnXFkhCbNbx4Dey7mF
4yfOT8ZTaxRTOr2zDgoEhgxfCHvFtVd/BG+gxTrl1AEwtCIkLR3gwkQFYxlC3uY1zPcykle1Zy/6
wQFhyQpmHD0IV508YHG3+cixS3v7o6k6GA/0Pt6VrLjgK0ec4nJVG5MXA6R91/S+LQ9SLuXDGzKi
UzZGCn/sUnjHJE70oOwTnz8M+ZaXiMPv/T7wzEo/8kQxUlrhkcKWd8RH4VD81LUqD+JDtyZY8DQD
qc3HOkFT/c7GrXMv/MCDyRETEJsOp4bw0k4vtTv1RT7Y+NxbBS3enRjH7fUbnqRNxB+qM3Tyh3G8
Kg/SwuPIDckOZA91Ul42vfDA0YoSTjwGZ4wwMa+Qrh8sxAtM+GzeWmSCDOxXpqE8UwcUGeilHJ1U
waSKZyzCoS0x/tn2l4yKd/crftw/hh0LFhaIl1Ntj0Naypn6uJUj/tj3ZHvYCac/5q3gR43ZlMnE
2vKZVlni6Ldtb+MIz9gBZ+OU3TOO9pJHGmuZGNE3bF6arLF4wh8R3/VOfCuMbLpeclBpwaTX+GPz
5V549hozJX8wXthxCZwlW1lgY/Nvi4XNo+49fQxaZIzS+NRLpjXtj8IBrJm8xfSBp5zN/S6OE6/i
PKQc6ofTiLLlqBY9KT2T+NQfPmQMpd+xSI70TCitbkJctRf9lQm7rRvGA3iftPCb3qmfkoZFJHrO
lXK10EmOV/te94w36LBVjnXiKh5lnfWV7l3wqb5PnbTDoKo/4giP+6Noa3LVeJpqCzm2Y50fGtV/
SWfHCvDjBBvqa+UC7cichOfIXPIQndyjz/Au7o8a91kko7Skq+ojal8MkCm9RAsXyE96Ce1EHyCN
dD2NE/440lCe6k06WzfVo8mVegkrykQf5ZnqZTElX95Jj4UvUvqA6g19dvxpQpeNO5UMAxiBcGZV
OdYxNvujPQMfYqiSgwScuMeBAvY4l2yQTCwMaU/PeuuvtCMGTsZAmx8xMLiTnzWKKV+9Y1xTwGAu
hxwL/eJA/iw4Qh5aA7scjdCB864j+nwG4LLlllsGnXA0dk7HNA3qN85I6lnVnr3KBi+M5PR7HD3+
6PCwC4k2sbgX+Xjc5Ngljj9mNRhT9V67k8JvHxeHOTSCrxxxikvZWuxBXv0Y5smzLQ/KsQ5vMB4r
UBd/HGzgT+tAxbZDnaCZ+VXM00//7+nCGUGeyLkQZmGXxHbWO+Ijn6qC8E+2j09IH5ZDjT6A3LfB
OkFT/c7GrXNPu4EHf/BDvJMTZ4zeawe6nCaMC8iHOMyc+azDzi6QiePV+U070kbiD9UZOvmj/1cF
0uIwwFnDH79xUlIn5WXTCw8crVrMRptzQlDMK6TrBwvxAjLP5i2nB8b8fmUaC6qoq/9cV6gm5aAv
8Uw7Ohm7aUt/PHJX+8uxHu/uV3zSFP1jAmCBXUi8nGp7Fm7S1sRR/6Q/Ikd4hjMz1R6Sg8RhQaMC
MlPjHfqjDcyVic/cyra9jSPeip3vNk7ZPbKN9qmSR7IvUS/6hg1afITjjXHFBvGtMIrfVZWrtNS9
cvyxmc66FyvTolcAAEAASURBVJ5VjnWizpwlf5hX23EJnCVbYx2oLRYJMns+Qm5BC4tdwEHjUy+Z
1rQ/CgfKYO4eB/CUs7nfxXHiVeaMBOqnzV86kUf0FHqmJciPodQf/Q6epd9p8WEqvtqL/op90Ab0
RcZi6g2/KYhGnmvhlN7hDJfNBbkbL+5QvLo8qHiUVbfvq05N+6Noa3LVeFpg6/FXkGM7pfPL50A6
2ksB/HSCjZUL8AFzEnBgMSa/bdBCE8ZaG9qM+2pf5E9dvUR9wI5lmn8z7qmOklu2bpbeuvfUCx4H
K8rE5s8z9X2Vp/z6GX+UR76mEZhQjnU5pXsZlVFs6Gz8Ydhkoo3yx3MEKgxsjSjcs1JQaVhthSDC
IeO/2xFWpSFgMZDF6c70O0JIl3JS6J01RFG2ysHYhlKN80p/GLtkuLNOAQQSxk7SMqj779uEFY3U
C0HGasLRMDbG9Rvkb+HTqz1TNMALGEa1Q0iY2qvF3eYhfDHiptpUccVv5IlzBZzVTlxpK7tSsaw8
5dfr2pYHxVPxLjjKw5kI/ZY/VU7sFLT0YUgQtnJ68F7YperKO8uzNj97X5UH8eB1HbHOZN+m1b0U
BVsvvWt6FX5ltDPB02INVsiRv+oAtnEfxkCOE5r8Yuyb0mbjq780qTPyTkZpaIn/UnkJDxuXvmZp
sff9YKG08S448UBZm9jye91rUZKc5nZhiY4TljIop5jyFOaxYxe5IWXZ9gXVB+ya8oXSDhILOZPA
IrVQiHpj8GJSgXOO3+z4kiyAn4SNvWKAFR52d61kKO1IPjaN2iXl2FI84Z/iU8Upu4JnFf/Qr9U3
rIxTfnK6pvJQW9m2V7pe5Sptr/FH+dmr8Ow1ZqoPp+KJByym/WBh6Wt6LyxSOKbyEj/U7Y+KT3/0
3zbv+G/qjRjDxQNVfJiiJX6msixtqt91/pg+4qtdKMvqHqxc1iIDK3d1HzuxraNTC4ZieuSUR2/U
qRqcrEKesaNeaTXxs/1f73Rl8WIdx7riMcmL+z4Gn5gO+httQdmp/mgdwOgnoqftFWOn8LU6P+3H
TpQynV+nGEEnhk+VL10rbivex3OSo448KsxJMMKUzUmUL21GWba/6p29iieoE/Grxh+bn20n4SoD
vOqivElXt69a2uL7VJlxHP3GaMb4Q9ll44/GY+LY8Ud5NL2mp8uT86mc0r0csZJv8BeGTfiRRR88
5wQNa2gWUixQUR9j8QZzcRwyGPRZPIkDBgNPHHAO05YpJ4XeIUsV5ASlLIxtLKDHoKY/nHBy5lon
Jc4M7RhhXu2/pR2MdNQLYxp9PTb+q8xhvcqx3stJkKKfnTnowsJEbacrbWJxL/LwNk0ZCJmbpdpU
ccVv5IlzBZzVTlxpKzldS8tTZjWubXlQPJXatYzdJeZPldPlNI/oQ46CLWnl9OjMwi5Z11nvLM9G
WRY/hX+yfXwsFkrIQI3unQr0T9ol1e9S8aueyZHM+I/8jQOGXh0Zy6JbguoADXEfxmHFmEZ+o0Uj
Zcqp1KTOyDs5RaEl/kvlJTxsXPpaWegHC6VlIacN4oGyNrFxe91rHi2nOYZ81Q1diCCHhJxiylOY
x45d5IYclJaPVR/yb8oXSjtILGQ/AAscKqmATYg+rlMucBhJzsJPqYCzSHjY3bXaQUk7ko8NapfC
sWVfzroX/ik+TUTvegSeVfxDv1bfKGScycE6nGK5oLayba+kvcpVWhaTVI0/ys9ehWevMVN9OBVP
PGAx7QcLS1/Te2GRwjGVl/ihbn9UfPojPhLmmvEYLh6o4sMULfEzlWVpU/34pA1B7UJZtu3ZlKVF
BpJN9ppqR+Vt+5uliYW75EHf1YlAorGsrsxhVK76v82T+7o8qHh1+/5Y8yALulXXoPP7xWbo/Nid
Cp3/qZE6PzvTle6aq68p4IG/eJ5qq3hOwmbaXnMSZaw2s/1V7+KreAI66o4/tp0k58Snti7Ku25f
jWmzv1Nl2vf2vp/xx+aT70ciMCkd6xjx2GmBEsOfOqu9MghaYwsTHh2hWZaGCaM1hpJeHTtl9NI7
a4ii84gO0Vd2RXDK0EVZ7MqwcZWPrmW7CW09h+leBn6cPBja6tJGW2knGHhwJA8rZd/97ncXky4w
sbjbvGXsjh1YNg73ODHk4CU/i33qPmUMjvOs+t2WB8VTsbGessSDlj+Fe8rpIvpwbMqZpl29vBN2
KWx5l3JCKU9dq/IgjhxuWhWqdPYqJdbWy75vci/8WJhAG6TSimaVZ50gKV6wz1h8kcqz6bNUW1bl
oZ3a4l2M5LvttltYSQp9PFd9bD7CQ+m4witljth+sBCuMT/JgViHnyztqXs5SKkHR+LhNOGeP2Qm
TkV9giOmowrzFO3DjoXqwy7xeCxLYccz9ceqtrAyWYtPSFvVjuKzlNwSLaI3xaeKU3alfaporrN4
o2zXe6rtRUevcpW21/ij/OxVeFbJbuJXYZvCtB8sLH1N74VF3O/K8knRrripvBSfvm5lcuq+6pvh
KqPqqrIsr8Y0pdrl+uuuL+QRdL32ta8NxoA3vvGNhf6KI9z2V/obeRO/jI/kJLd6pJy01vlv6ySH
J/mWtYniyOlq09t7xbPl670ct7ZerARH30rFJx11ZjFK2XvlXfdKfm10ftLptAB2ADB+sOMOWQNu
WkRh6cCw8up1y+ckpMMwZdPoXm1m+Urv7BW6mow/ckCn2iluH/IWv5XxhaWl132qzLI0WoRR1e70
DeYE4GjHn7I8ez0fOVWevE/k6OzlWGc3BI4wMLZ/0qV4xvGHNrBL1x7/r3RKw3WG/863NYaSXs7z
lNFL75ClCnKC1pHziy22WOhnSqsd8KKNq6UPW0JqN6HSD9tVpzcgS8t2R6Vopg3sJyCYV7OziJNc
tEsLbCzuRT7GORw7sIo4s26gSQ5ei3nqns9CpJwzcZ5Vv9vyoHgKuVKHP4W7NZrGdGkhB3XVrt6x
cqzL4ca8mjErFeQITfW7VPyqZzIiVx07LqOyyrNOkBQ/2GecuDMaoYmBnfK0U1u0IDfZ6IIuwDNk
h+pj6RMeklFc4ZUnn3h2d56N3w8WwjXuq00M75aW1L0cpNSD8VynzPEbmYlDRycQxXRUYZ6ifdix
UH2wr8SyIoUdz9Qf0WvQR1LB7s7V4hPiVbWj+Cx2Mtr8RW+KT2281D3tU0VzncUb2NJTeaTaXjT0
Kldpe40/ys9ehWeV7CZ+FbYpTPvBwtLX9F5YxP2uLJ8U7YqbykvxJcskC1PXjTbaqPietvJsclVZ
lldjmlLtYk+RgC4+e8bnDuxnxVJ9RHmX8ZGc5JZ/RaN1/ts6ir/Aq6xNFKcXDyqeLV9lpXAYax5E
ZunYfMsP1F1/vE/JSW2Y23DDDcP4gVyknqTTIgrVlSvOYS3GLysLnSYV1GaWr1LxeNZm/Em1U6p9
xG9lfFFGU+p5qsxUPJ71M/6U5ZmfP4PApHSsM2lg9QsGIAyIfNeSPzoHnY9OmjK4IzAxKKE4Kw3f
clXHJl1sVEoZU2W00RHSNo2cFOTF6luUUXblpv6YUGLQUn4sGGC1E99LJW9oPOSQQ4ISS3789TK+
saqaVfjawaS8x+Oq4yah+7prn9nRVYcOBJDqCxa0t9KBlz4FYHHXe66xsdu+s/dyNlAWO1uhN9VO
PONdmePR5tnrvg0PCo+UgyrFn5oA4ThnQpSiyS4qsDiWYYdhkx2rqX4V51+Wh+Kh0IA5BgCEv57b
qxYH9OJ3m6bsXvixK93ykuLDU/outcqTAZtPBODYKOMLjqOxi2OUZ5ur2rLMKWLztO3HN1Lj/i7j
gOpj0woPjgVmh5hOygCDFD79YFHGC3Ig1uEnS3vZvXZigKH9NhQ8xoIYVlbG30snL2GewilF+7Bj
ofqkZIXFzo478K8W2TA+2nj2XnW3WFW1o/isihbRa/O0ZVbd0z5V/IPMov8iazDWx3ndM/Oe4OhL
5ZFqe9LXkYNlaePyU7+F52g71vvBIkVn3WfCIuWMTOVRxQ/Ky45XOCVpX9rwiiuuKJXTyO/U0dkp
GsqepWiLaUrxvPoNO1NY+GPz165q64DmPf2TvNFnmSDaNLpPOSSFBw5lxbNXObfJF0zsO93LKTra
jnWOAaU/ltUJ3ajK8S76mlx76VvQYvlJeWvRAu8Z4zmKDj5jJy99SfF0LZuTYJAnD9Iyz0jpCnKs
9xr34QnxUhO9RO1pyx8mxzqLFrRjvWz8oe4YtcGyzVihdtJ1KhkI6jrWcZTA28gwDIh8KoU/jJXi
4dTOWo6CxUnJXE1pmE9VOWvlPE8ZvXSiDnQo6Eh36GBHCXzCXDv1R1x7bCTGOeZ6LLgkb2hkbq2T
TMgzRYfKJi/0az4PpB1MejceVwyQyBPoThkjy2iSI5l0LDagvRUwgrJwnXcWd72vdA4XkZ65wbmM
Y5282NmKATzVTjzjXdkO0Cjbyp9teFB41HWs61vu9lMDMVFaVNCFo1mUEGPLUZ7oBal+Fefdy0DL
WAdfMOdhd3EqaMF6Fb+n0qWeyYhsjz218eg3Gq9UngzYfCIAO0AZX4A1sno0ggzsZU4RWwaGay0K
4QSkuL8j48BY9bFphQe6HDuU4RPiMm499eRTNmq47weLMl5oYngfQVDiATsEqQMY8n1u7uFteAz9
k+Og4++lk40wT+GUon3YsVB9Uo66Lth8X1eAf7VjHVlTFlR3i1VVO4rPqmgRvTbPsvLj57QPumJZ
/2OsoP/CC6lvStvjiuM8Um1P+eSJHKwqtyxtTH/qt/Ds5dSswjaFaT9YpOis+0xY1B3/U7SrLOVl
xyb0M9qX9uAE1DI5zfPU0dnKu841RVtMU6pd1G/0/W1blnZVp/qI8k7xLnmkHJKikUWkqSDnNpiB
SSrU5UHFS/WFFA7jwYMpfYvxQTo/OFh+Eh7SUXjPGC97BYvzqEccGDc1J+EUYc0vDjzwwDAOiUdj
OUM+arM64754qYlekmqnVPuI31J4xPXt9TtVZlmafsafsjzz82cQmJSOdQyOKHaxkRJGktMuNpZr
QsHkmnj2D2M2jhc6aWxkSxlTSUtn18TcpkEoUzZ5pcpSuUx8rDNMdOMUUhx71Q6aMqMShic5lCgb
fOjINo+xvseYsfJKKwcscGqmnLzQzdEr7ObhHhqFOTvdMcZauhFccgJZ3G2c2Nht39l724bTj3jm
u6n2ve6hiwFBv9te2/Ig7UibppwtwsryhY4yJQ1lpujV6nviWGOmsIuN7nfc/sw3quN+lcpbeZS1
D/1NJwWkcAdrvbf1SpVV55nwK8NDzg3e6yhSOWoxYJctqBBfpJzRdeiK46gtdXy5fU9Z9Cc9s3Vi
kZGec4WvdWx3Cj+llSGfCTKTZerPCnT1Q+XZDxZlvCAHYh1+Eh1VV7uIh3qwCwcDLPf641mchzBP
4ZSifdixOO+884r6lu10hcdRJFnEBR60heQ07R9jxG85msBS3+5VWo6NTrWj+Cwlt1RGFf6KU3al
fVLl2vhaIUs8jr4Xb1NnnF7UJ5WH2r6NHFTaMvln6Yvv1S+qMCNNFbZlmLbFIqaxyW8ZVu2R2kpP
W1Bf/eZaRjvvUrheeumlRRviULF56V6yM6V/KE6da4q2mKa4XeziPeRRXA4TRXgwdmJDs/Jm4VP8
GSBkPEYi0uo72eStiSq7Ee24zjvyROaThvdlCw3kiI1pimlXPAwAscOYslP1Eg+SJu6Pe++9d0iT
yi8uu85vnQCV4j1oR+dn3Ev1U7CSzk09+CNuSqaqrcA0NSeR7Cyr15lnPPO5qTrjfpvxJ9VOcfuo
DmV41MHbxtECDuqcWjyJziS9Cvqk75WNP9qdAn1f+fJXRvQjW3ad+6lkIKjlWPcOAQxA8DDtEQf6
N30gdgBqNzh9KA6Ui+OFNkMu2lDmWMfRuPFrNx6RhnECXhJ/2ryKe18HvolsnWGim8WnI4KPrxMt
yhwQ7IamX0oGgA9z0PEMclxDE05NcI4DTk1kFeOjFhnIWE5fA2cb6Is6wjxuqxAP/tj3AyPaxeah
+9CGs75RHh8RrThcoSv+Pq99X/e+LQ/KsZ46ySHFnzKawoPxyQ2BVo8RtGisKJxpYOf7Fuliozty
EL6O+1Wq7r0MtBhdrVM4zkMOL+gr4/c4TdVv4UF+qV1jOjqf9zoKW45aDNhlO7nhC2i1Cz+q6Oj1
TgZ2HV9u41MWThEFWyd0LBvk/CvDT2llyEcfpc2Jj5xRP1Se/WBRxgtNDO+io+qqcZc68MfnNlho
qN96FuchzFN8lqJ92LHQ8dDUF1vtiOD7ODyOwwddnWD7I+2fChqfyJdPZChUtaP4rMpJXIW/yii7
0j7IJPSosnCkP/4ZmomHzivehm4W4uldnIfaHpuTDZKDVeUqbXJ8spkl7oVnFWYkq8K2DNO2WCTI
rP1IjsCU3kVbUF8bymgnTgpX2dNoD3SvVJDsTOkfqfhlz1K0xTTF7WId2cijOPAJLngw1d7KG30n
/gwQMp7TcUlrF4yJRvwqxbhuCuXzoKThfdlCg7o8qHipvhDjIBLGkgd16g0b+OIA7ej8YFHWT2UD
II7+kjLVZ05bgWlqTjJz5jMLCVM4QZfarM6432b8SbVTqn3Eb2V4xBhW/RbfU+fU4kl0Ji1UhT7p
g03Hnyoa8rtOZ+gd6xgeEUT84SBi0scON/ucTmWNJTLWcswvHRKjkP40sYmN5TKK0kkvv/zyIj7p
mACUOWtlqCQ/jswmPh0aBUpCAUcFz0WjDKKUhbKEgi76WGEGk5PW0kinU34MCkx0lQYstPMu5QCi
XBnklQfXsriicyyuWuELPbQXTl/qhVBgJZx2ny/wvAXCcZvQRPsQH3wYNIlP/TASyADH+xh3cIJX
OJpG7ylH/EU7xHUWXxAfvFCKhTsDqD1um4EkTt/kt8pqwoPQcu2114b60C/AQWXyjmMxoZ3jyPnN
O64YC3jOHycnWB6Ug5938Q4s9S34je/XkBf9g93NxKdN+C0adBXG4C+nLu1j8VdcrnYRCCvd2LUE
z8MTOOpEO/VKtZvNq9e98FOeOBc4HQKaZWziHQ4MyRr6oybF7OSGF8CCP9LhwBQvjlY/k1MUjJnQ
UhayBoeMMNVxsgzgxINuvisMdkxObJ/iXYwf8djBzTtLt0454DntQT8gLti2xYL0+qRD3FfBE/zK
+KlXm8bv6ftqD2FCGwsjnqFo2XTgm+o/xIH2XXfdNeBkaR92LJAPq6yySqCburMqV32f/mzHLXb4
Co/PfOYzIQ04sdjFykEMtBofl1hiiS4nGu3Iu7gdwVb9LpZblEl7gbHFn28sS45YOScarSzhPe2j
cslPaRWfqzVuUTf68qGHHtrFF+SBgcOmayMH24w/lGlpr6MDgS0Of+oTYxvztJWdbbGwuDS9l3OS
3Qi0D/TBh3wnC75hLMTxSL4x7fxWeWX9EexWXvmZxXvkh8GGdPzBL8g1FimAFUd5xgv1lH+vK/kx
QSMfK1Ol6yEjyEN6nNoF/LUAE70PeU5eLGqhn5Gf2pG6iA7iKG/e4wS+7rrrgo6McV5ylTGKSb3S
SV8lDU4gxhR2WuJE5/QjlYfxgDKUrosH76inh9OOYM4kz+oE5HvtNWmdBSOcxlVooT9CF31QtJFf
3B9FZ5OrsACHWOfnmF5oh5aUY51yqJNo4hrrSqKF+kpeVM1JyuqlcZ/38bjP7jdo1LiPQ1z4Vekl
xNH4ftedd4WxUe0EvXKsi09VB9JhRFbd2l6R5VqszOlb9Dv0E+Y/7PoAzxVWWKHQZ7vGH/++a/y5
oXz8aUvfZDcOYIDBAcsf2GNgYfeOfd5lEH362eMQWaiDnArGcv+cK32ENosdgNKf6WMsULVp0L/K
nLVKR370RdLhTJOMgg9xVIT8aCxPhwxUlMX4hxGU9/wxbuI8j2lEP+EZ+XHUbjA6+bzID2zQq3nH
nDsVwGjVVVcNeSiflLMolXaQz1i0D93QRHsh48GBhQXIenaf8w6s6NsE7Bc8A3N2CxEf4xtGdBng
RuDu08EzGKA32WSTUCbtQjnir9ROIxk1hS3p1VaM5TpRi/fIon6CeKkJD0KLxmr6BTgo8A5egTZO
OOA3wRrdeUcbWB6UwRmMu77b7pPLEYJDGdlInn+45w9Bf1OboB/FQRjDh+hQxI3xt2msToG+QtvD
8+gblo85Zj3VbjavXvd2AT90oYdwOgQ0M+/gGX92hz/zVrDjOWMmvAAW/JGOsUe8OFr9TE5Rxj/s
DJSFrMG2JEy1UEIOPujju8Jgh7Ea/N7znvcUdYrxIx66J+ks3RpneU570A+CDPLgtsWC9Ogi5Akv
IMsUwBP8qGuKnxSv7lWGfMriD0zAjvz1DN3KBvCl//AenPitAO1aQGlpH3YskA+rrbZaqBN1R5aq
79OfmVMKD2wwCthm9JwTEKwcxHatHe0veclLgs6ldLQj70a0o4dS/S6WW6SlvcBY+CO/Hn/88UJW
Wzmnsqws5z3tQ7ls/LL6guJzZf6tfkz9OJWBU2AsX3CPfmZDUg76ctBzyWdEfX1iaED+bbrppiFO
LP/K5JilnXlYHR2IuRV0xNjGPG3LbIuFxaXpvZyT7NZGbkIffMhiYviGefXdd98dso1pr9MfwU52
WPLDdkA6/uAX5JoWdnOsd7xQr3Z9PD+feOKJAXN4VbhK1wsywmeGfLDtQjx9450xD5kEbcwb6GfE
VXzqYoPy5j1OYOYk8AcLgMFTaZlzKUif4R3YMt9Hr2beDN8rDZ/Wsfg25kFfYJu+P5Y8KCzAwer8
jEPIDMk09KtUADPhxbVstzppJS+q5iQpOUPaJuN+m/EH3Soea2M+tXUQL/OsbUC2a+EC/YV+h37C
/IdFrOC54oorFvps2/GnLX1TJd1QO9Y1sbGdrOzefgdaRizFZcBllZycTzxndyKML8OLnJpKw6Cx
//77d949awLKc+tYUzomqVaBUHqe2ecYqGTEpnPpeGXiI4Aw7lrjIWkRFtaRp7yVBsOqdtXxjDQM
aKLNXhGs2nWofLQj1cYbj3scdRYr0acr72ZMn1G0FwqBVdAUjytxbV5yisS7U20a3fN9ObWRcOA3
gt3myWQLA6nS8Y5JO0ZPpWtzbcODckyIFngJRwSDrxQfvcNQLH5K8SATA8uDOMni3UQYKSwWyjt+
JqMtOMT1Upr4avmRNpZDJI5HWbY8tXEbzPW5BnCjHJuvLVdGGVsGk0IbHzmjBQbKi/fnnntuX3yh
MjFEWrlhHcUqj4VDxEe2yShg66F4lm6eYRhlImfj2jZEztl33FuZ1hSLuCzywxEA7XZhh8ocje+m
2r6i3ZAaE+Ahy+vIy7j/cEIG/SpFux1Phh0LJvZx+9t+zzu+72wdeRiUYjmIvJAxgXYiHYsyxK9y
CKkNubJbg/e2LfReY3idcV9tobJor7g/KN/4GvMSBi/6FfTHf6RNyZemcrDt+FMHC9VP+KWwhd9T
Y0L8+YM2WKgN2lyZeIG56hDzIeM8k/Z++iMGUlsG/RrZpTK58h7Hdps6kMY6ucmPeiCv99prr6Ic
nDNWjoqv7OI8S5Poss8kk5HvKlM8a+MpLRN5u1hAzuSqNPQFJmLCwhp/4zLsb/IUD2Jgjd/R96E7
5k+bjjLh1ar+CE+gH4i+tlftBBedQeeftn9nl112KWiHDulMqXIOPvjgEDeug41LnVNzEuYXMhiS
nvYkrk3L/cyZM2uP+8RPjT98X1D1pCz+0EvituU5ephdNIAeiEHK8pv4MKa1yW8cDKIpvkLH+uuv
X3x6BtnFYlCeK248/vA9Zjv+NKEljjuZDQByJgvHsitY2+9Ay4il+OgI8L9dxINR0hoO5dRUGpx3
GH3Rl3hGGYzlXU58Dz5OH9vWSs8z+9we0w2P6Hhl4qPTYwi1c0XSspBJ5cVYkIY60DdVJnxFvFQg
Hzn6VB8ciMMQcNRZrFQfXXl33HHHFe2F7MGprvf2SlyblxZQaAGfjRvfdzmRZwGDwY/FWzZP2gqb
h9LzbsEFFwzOzn7wbMyD3gAsx4RoYf7HmIMTyjqgeW8dw+JB1Qt+YgGReJDnSy211IjdRDialUZl
crXPuLdOWRmwbfzUvXZIgyFyLp7XKA352/KgmfhtgnSaOvNqxhob0M8tHcgZjZPChPdspBiNgLPf
yo24P1MW82MCsu1tb3tbwaPCztJln6G/M37bZ7YNYycC8XDayYHUFIu4LPJD9yDYhR2iBwdrv8H2
Fe1Olu0BHmIBqwKO2bj/YOjHIZCinR3wGk+GHYuULVj9HrzhI77vbB15OD3QNy2/Iy+06FDpmJcp
yCGkNuQqJ59tC73XGC6njp6nrmoLlUV72f6QSqNnMS8xb6NfUbf4jzQp+VJHDpJWfYi5ncovu6Yc
c3WwUH7CL4Ut/A7vxjwdf/6gDRZqgzZXZKrlqZgPGb+ZU/fTH1l8Z8sAA2SXcOPKe2z3bYN1cpMf
9UBec3KVyuGERPRF/RZfsTjP0qf3XOPn4ifoVJnEieMp7T777NO1WEBjcVUa+gL+BIU2PNi271Pm
WPGgsBDe8AXzBM0feW51JuFhr0cddVTRnup/9r3uU3MSFt9q/KE94jmJ0jYZ90nTZPxJtS16mOVT
ZAQLqcRv4GL5UHQ2veJvSfGteJeNpYw7hDbjT1N6pmL8oXas48CQoKq6MulBgZVxZH9vHCM+O/NS
6TgWIzaW4QQgLnkhmON0ONgZRFWGvbIiM06DcYrJhfJhEmmdtqzcQQDovb2y2hRDvI1vsVh99dVH
pMNw1mvHNDSpnDXXXDPsDLP1GM97lP6UMZV6MamJaUPRxPGq+nClDVhZjJKp5+QJ1kzC9CyFH+8Q
/BZzlYnBAWOJ0tsrzlQEJkZ0xW97bcODOAMsPWCAgs8Enza275igokyJPoylDGA2ju7pI7xXXHvF
QaB4XCkTIy19RM9RapRG9dK7sqtNQ1rajdWxcXz42NKgNlZ5Ta7sjFT+GJD5dnvMhzhHMKyl8mUi
EPMh+YEJKyNpi1S6ts/ge4xPopkrMov20s5O5Y0haOeddx4Rl91fOLSgUfngzMCxbJ+hSCgvK3+U
Ztp+07ocAU2wABdbFnmSH+Wl+GU0FiewA5tyaF/JfxQZnmG4sX2ffpLqPziYU1gw6RJWXIcdCxQ/
+FptqSuykYUNFgtbLybPcbuRNjU+MoYpX13Vjim5pYVJKXyVXleOoaYtRFuqvRQ3vlIHpdOVvHDK
sDAFunEQkicGDjlAFVdXK4MoA1zK5GDb8acOFpRtdSAtVFO9oQv9KDUm2MV7qlcbLJS2zRUnbMxT
8CF9Uw7UVPsyntXtj8hGTr8RJvaKEyV1hHeTukjnVL7IGMZPJpR6xupg+pXkisYt9AtWtSueruRJ
n9hss82Kd4xX0EUa9BXisjoenmbHvdKShgluXAcc68RhDEVfZFeB0tAGJ510UtjZYNOBneJUXXGC
SA+P+z7OKdqZfOO+j5FHfV/lpngQmS0nhfhC8dtcNc600fkpjzbQLth4h7+lh3gsJgC70jnJkSPn
JDaPMO6vmxj3fbp43Cdd1fjDynXpJXHb0k7wiE4OgGZ2GLDbRYuJePb5z39+BG9Zeuvcl/E9RhHK
Ql7F+TQZf+K0TX5PZmMAfaeqH+sd/Rk9IYRZzkbesaBBceyV4xLlsBZ+GAKJQx+jn9v43CPD6Nep
gI5q08CbzLVkMCU9C4fkhCIPjnlPyVLi4uBF5tn4FgvJZUsjC7BYfFIV7Nxw3XXWDX2lKv5YvuNU
oJRzg3ohq+NAv8fxajFYbLHFOtf501CYW+s5iyHAmud6lsKPdxgOLeYqE4cZ+pLS2ysnovEO42e/
oTEPel7n1AxLDxjgBMWxvs4663S9w1mGg0IBYykLj2x63dNHeJ8KOAgUjytlojeyCIXf8D87DhVU
L5smdc+pgDbQbhqPbHz42NIA39jPJtg8et3rMyvkz25b5hQxH+IcQcanAvp3zIfkhTxARxmN3da2
XJwOLLixeCCzWHiCjLCBcYTTsOK46Hc4tKzMYic7jmX7jDFMAWeyzYd75pJyJhOvCRbwqC1L+ZFP
il9GY3GCFmpbZ4mM+3bhEzTQT1L9BwN/Cgs+bWPDsGOB3gpfx22KbMTGmZKD1O/CCy8c0W7kkRof
tVDYlqF2xIlpn8MLnMJASOFr43LP4kU5XUiTaq84jX5ThziQF7YlbLjQjZOMPNlVyXyDvhQHK4PI
mzpQP813eCaZxmkqKr/J+FMHC/JFBkgH0kI1lQddvMOxHvO0Xbyn+rXBQmnbXJkXxrIAjOibwj3V
voxndfsjspGTOoSJveLfwH7RT7DzZ/JGxjB+Wrs180r6ldpA4xYylE+pWZq4J0/6hE4j4pn4CVrl
6GQHMTyNI1J5kIa5VRzkTEY/RV/UokHS0QbM29EdbGjDg237vsodCx7UONNG5xedOlWARWF2LNR7
XRkrwbhsTsL4Hc9JlJZrk3Gf+HXHn1TbwqfYscRL8Ck8AT/pmdUNKK9NKON7FgRSFvIqDk3Gnzht
/j0SgdkQsH4lw6QKnnGcP/rD+YHbeYHrvCB2/ngS51dJu0UWWcTNPffcyfp6Bdj5yYzzTO78hKJI
4wWEe+5zn5tMo4eU47EMP4lfVobi6+o7faCV/KGRtPPMM49ed129UdbNP//8bt5553Wko15eUIbf
z3/+87vilv3wA2lIQznDGGgDaJxjjjmcN+yEvyo6ie/ZOmC28MILV0Xt+x1t7BVnN9988wX8/Wrs
nnzRtNB+eLBpWYrvhbvzRk79dOBYxoOKBP/5lbduzjnndAsttFDoM3o32lf6sh8sQl8G8160jUb5
lAlfUb9efZ/y/K5A5w0fgU76/qD7F/IJfpx99tl7loXcoI2pC21L3xpkGGssmtTFH0/s4CG/iCIk
Y6zwiyacN/4EPm6SV524w4wF9GucgzcIdcYR+I56caVfIqcHze+BuDH+Dxmw7rrrhlL96uwkf4yl
HBzj6ncVVweLrgQtfjSVuS2KCLoW+gVjCPIdvh20PKxLJ32RP8aRXmMwtHsHtfNOUOedRW6NNdYI
xdAneVdWp0suvsTttvtuzhv4nXdKFaShG5elKSKN843/3q7zC0GCruGPZEz2x6Yk9qNvkdYb/wM9
3rjs/AK70uLbzkniDJuM+6Qd9vEHGsEGOQrfMrfppd+NxfhTZxyE9qkUaCf6oDcUhrEf/V/z6kUX
XbR0zuuNSW7xxRcv5tXIX+QNekMv3Zq21tyE+E3m1dCqeTVpy/iKPkI8zaupl+bVdeeU1Al8KGcY
A21AH0PGM1/jryoQn/4IZthMBhloY+9gLebVjMm9+KIpPf3wYNOyFJ85F3MvBXAs40HFoY380b1h
roYMwhY1qED/0LwazHvRNhp0UCZ8Nddcc9VqY+wtdl496P7F+IpsYl7dqyzkhubVtO2g9aexxqJJ
e/sFOUGXZh5NQBZ6p4Vbeumla80pm5RF3GHGAvrgI8YEzavrjCPIQerFlT9kdC8epKyJFrCTv+xl
LwtkY49J6VpjKQfHE786WPRLX1OZ26Y8yrDzavh20PKwLp30RWwLyPQ6Y7Dfje78piLnFx46fzJt
KIb+WDWv9p/0df7EHec3AzjSK0yEefUgeLAffYt5tT9JMUDIuOJPzBCcI65t5yRxRk3GfdIO+/gD
jWCDjxC+xWfVS7+bKuMP2Aw6TErH+qBBy/lnBDICGYGMQEYgIzB5EMBJIMM9irbfdeT8zkznP6Hh
cJxheJ8qIWMx3C3NZMmvvHd+l5nzK+uDgxeKqwzxpPGnKzm/mt75XV/Of3qjqGRVuiLSGN/EPMhi
AL9b1fmd/s7vZh2X/giGCtCDjPA7lNyRRx6px/k6CRBIGXsnQbVyFTICGYGMQEYgI5ARyAiMCQKx
Ho+uzPzDn4Tk/IkO46LHj0nFE4VkLBKgDNMjP73bb9p+7uSTT3b+NC+3+mqrP0Ndj/Vt/jQf50/a
cv7EU7fnHns+W6Me6Z6NOHZ3Q8mDz06rw1z6qKOPChsHmGPnkBGYaAhkx/pEa7FMb0YgI5ARyAhk
BDICo4aAP7oyOMjiDHE4YgTAGTlVQsZiuFuaRR8nnnii85+8CTuS/VF1wbHO6mR/xKLzn/8YUQEc
wv64O0fb3nzzzc5/3sD5o8HCjlN2xrD7XYtKRiQehwfQ6o+rHVEy/dEfY9+1KGBEpAE9ePihh91x
Hz8u7MRgd8ZZZ50VSlrgeQu4Yz92rPNHTVcubBgQWTnbASCQHesDADVnmRHICGQEMgIZgYzAlECA
E7X8cc4j6ooef+qXTnW77zHy3YjIk+RBxmK4G5KTYvwR5OEUOHYk+8+8Ov998LDr139mzfnPf4yo
APNq/wmQ8McpapyS7D85F+bVzCFmzJgxVPPqYeRBTvUBJ044wOnP4gQCJ4v6z5Y6/5nJPK8ewXn5
wTAjkB3rw9w6mbaMQEYgI5ARyAhkBAaKADthDzvssK4yUOxxqm+33XZdzyf7j4zFcLfwnXfeWXyi
IKZ0pZVWcv47YOHYO/sOR7D/7p+755577ONwzzGw/hvnySMZR0QeowdlPIhTnZ0B4xE4tnKDDTZI
Fl2GezJyfjj0CGTH+tA3USYwI5ARyAhkBDICGYEhRQB9/YADDuiijnm1/xa123777bueT/YfGYvh
buE77rjDMY9LBY4jv/XWW0fMq3EEr7LKKs5/a35EMvjcf2s7fNZtxMtxejCMPHjbbbcVJ+7FsJTh
HsfLvzMCw4RAdqwPU2tkWjICGYGMQEYgI5ARGHME+LYTq5YJfONT34Udc0KGoMCMxRA0QgUJd911
V/gWqD3Cne+l4hDkG8ip8MADD4RvJPOtORv4DiTHqw9bGDYe5BtkGEq4xrhjRFliiSWGDcJMT0sE
smO9JXA5WUYgI5ARyAhkBDICGQGPAN9b5pQtAnoy30+2+nN4MUX+y1gMd0PjXOe76JY/me/xbfbF
FlssSTzz1IcffnjEN+WZVy+//PLJNOP5cNh4EHyxZ8Tzan4vuOCCbskllxxPuHLZGYHGCGTHemPI
coKMQEYgI5ARyAhkBDICGYGMQEYgI5ARmEwIZMf6ZGrNXJeMQEYgI5ARyAhkBDICGYGMQEYgI5AR
yAgMBoHsWB8MrjnXjEBGICOQEcgIZAQyAhmBjEBGICOQEZggCGTH+gRpqExmRiAjkBHICGQEMgIZ
gYxARiAjkBHICGQExhGB7FgfR/Bz0RmBjEBGICOQEcgIZAQyAhmBjEBGICMw/ghkx/r4t0GmICOQ
EcgIZAQyAhmBjEBGICOQEcgIZAQyAsOOQHasD3sLZfoyAhmBjEBGICOQEcgIZAQyAhmBjEBGYKAI
ZMf6QOHNmWcEMgIZgYxARiAjkBHICGQEMgIZgYxARmBSIJAd65OiGXMlMgIZgYxARiAjkBHICGQE
MgIZgYxARqAtAtmx3ha5nC4jkBHICGQEMgIZgYxARiAjkBHICGQEMgJTB4HsWJ86bT2mNe10Ou6y
yy5z//73v93mm2/umhqqSG/DbLPNZn923fdbVldmE/RHjBfVqMIsruYf/vAHd/3117sVV1zRrbfe
evHr/DsjkBHICIwpArFMayLPxpTQMSzsX//6l7v44ovdggsu6Lbccks3++yzj2HpgytqPMafzF/t
2vOf//ynu+SSS9xCCy3ktthii0nDg/fcc4+78cYb3QorrJB1oHasMWlSNZ2vTJqK54oMNQKMWRdd
dFGYV2+11VZu4YUXbkRvkzGv37IaETakkWO8ILOJHnr33Xe7a665xq288spuww03HNJaZrIyAhmB
qYJALNOayLPJihHz6vPPPz/MabbbbrtJM6eZOXOmu+qqq8L4s9FGG41J81n+ms15u3256X5M6Jko
hWQenCgtlenMCFQjkB3r1fjkty0RYEK51lprhdTf/e533dprr10rp0cffTQoAqR5+OGHQxoMuLvv
vrtbd911k3m0LSuZ2QR8eN9997n3ve99bpFFFgmT/v/+97+hFl/60pfcc5/73Fo1Ovjggx3xcap/
61vfmjSKZa3K50hJBFCQ86QrCU1+OGAEPve5z7lrr73WLbDAAqGkP/3pT26//fZzGJMnQ2jbt3Bo
7rrrru4FL3iB+/GPfxwMAZMBj7Ecf/785z+7yy+/3F199dXuqaeeCvC9+MUvdgceeKBbaqmlJgOc
terQmgcv9jy4267uhS98ofvRj340KXgQLA455JCgA62//vph4cBkWbRSixlMpLZ8YbKY8LfZsT7h
m3BSVuCOO+4Ii5/Ry3/wgx+4V7/61bXqybz6O9/5jrv00kvdQw89FNLA4/vss49D3qVC27JSeU3E
Z/fee6/bZZddgq4F3v/5z3+8j2A2d/Y5Z9ebV/u9AftN28+dfPLJDqcG+uxUHVMmYvsPiuY8vg4K
2ZxvLwROPPFEh22VhdmEP/7xj+6ggw5yb37zm3slnRjv2Y/VwpF7wQUXuLe//e1hTvO73/2u8Uaw
YQUHmwnjD4u6rrvuuoGOP/fff3+YNzG31rx6ySWXdIceeqhbZpllhhWi0acr82AXpmPJg10FD9mP
PO4PWYMMkJzsWB8guFM56wcffNC97GUvCxCwYnuNNdboCQeO9M0228yxcyh26K200krue9/7XlIx
aFNWT2ImUITbb7+9a4cVAryp4+Wkk05yRx99dDhd4Ktf/WoS5wkESSa1TwSuvPLKsIJ3+vTpU8rZ
1CdsOfkoIcBCKnZmE5BnhOOPP97tscce4X6i/kddPvvZzzqcu0cccYSbZ555GlXl+9//vtt6660b
y/dGhYxD5LEaf372s58FHYMqxjoGBoAPfvCD41D7sS2yXx686aab3DbbbDOpHOu0ADx4zDHHBB3o
rLPOmpI6EEbXb3zjG26qj/vZsT62MimXVg8B9AYWgTF2/eQnPykWr1el/utf/xoc8CxAj8e8l7/8
5e7WW29Nyro2ZVXRMdHe3Xbbbe4Vr3hFQTbj5ote9CLH87ry4bjjjguOBXS2b37zm0mciwLyzaRH
4Nvf/rb72te+5j72sY9NLWfTpG/ZiVHBHXbYIdh1oFbz6lNOOSUssJoYNUhTSV0+9alPOTYZ0bea
zqtvuOEGt/HGG086xzrjDwuGGX846WZQC7vQRbTxLdYxmFMddthh6YabRE8zD6Ybc6x4MF36cDzN
4/5wtMNYUZEd62OF9BQrh+NCcRywOv7YY491Sy+9dE8EWDX43ve+N+xSxMi56qqrOowCHBPLEeWr
r756Mo82ZSUzmqAP//e//7m//OUvQVEGC3YgNHWsI/gxJqNc7r333iMMMBMUmkx2CwRQEKdNmxYM
AHUXxbQoJifJCJQigBzjb84553RnnHGG+8QnPjEpHOvsHHv961/v/va3v7Xacf773/8+jKccAcu4
Ou+885ZiOJFejMX4g1xjd8bpp5/u1lxzTfeRj3wkHKWLMYbFeewqW3zxxScSbK1o5fM8LGD8+9//
3mrH+WTnwU022cTttddeU04Hevrpp93+++/vzj777HCaQ53FsK0YcAIkqus4mwBVySROIgQeeeSR
sPiLeTFz5GWXXbZn7ejP73znO8O8+rTTTguL3BnvWMDOEeWMhanQpqxUPhP1GfNqcEJvYKx85Stf
2dixzuLQU0891b3hDW8IJy7FToeJik2muzkC8NGee+4Z9M+f/vSntRbFNC8lp8gIlCPAnPof//iH
m2uuuRynwuH0nAyOdebV66yzTrA3t9lxzmKpww8/3C266KJhXJ0s82qNP8z3sOkNYvxBru27776B
n2iDE044IeDIiS8sznvd614XFgOWc+XkeJN5MN2OY8GD6ZKH42ke94ejHcaSiknvWIepbWBg4Vmv
ASaVzuYzWvepcurQ16b8VFl18rHphNsgaNRxsDh4B33kr60TGAyyXnUwTsWxNIq+VDz7jGPgUaJw
tA/6qOAUfYPgC1u/Qd/bOqmsutgrPlebT1l6G4c0ZfF4p2DTED/+rXjx1cbjXa+y1BfbONablhXT
ym+bRxmtNg5pLB5laYjXJrQtK5WuTfmDStOWvrbp2tSDo8V23nnnRo71NvSVpeF5FT+VpUvVdSzl
s8pvQp/S6GrTVmGg+GN9bULfk08+GZznHFnHDoVlGhxPZ8uhjm2wsHmUpVccvdfvXmXaeL3icqQt
hn6cM2N1lHsT+qDfBptWuNj343Vv6YIGaNOzQdGp/FVer7rb+L3SEJfdLTiC+ExCdqz3Qnfqvrd8
pe9o8qyS7/1UvOP/KSidfo/mtRV9bQmI6+XlQJ3QRaPSAE+95HWKCPJo2n7T3CmfPcVdeOGFAz/y
t6tOVER1GeV61ap8KlLcVpbGVPxZzxgzOXYfR3uTHesVWZa+6sJwQHxRWvigXrTEPSYnic2ISJGc
EYZxPPNb+RYyydDbSKb1KEvH4rZxrItGkV1JlyLF1zr1MnFIHsrxz0JQf571s+9Ly7JGBYu+ia/I
IFWviuh6ZetV8KJejvKVTz5uu+22jRzrlj7IqcWDZVjAU2X8FKfpIaeZV7Nj+oEHHnBtHOttoG2F
xayCbNpaGLYhsI80TehjXs2mNxzpt9xyi1tuueVql9xVTo82Lsu0K4+U/DW8JKx7pplVmI3HI6VP
0TIePIg63aVTp+qfItY/s3WrqldJ8sE9TtXJPwuhTF70SU1TLGx8iu6FXz/jfp9Vy8nHAYGhdayz
qu6cc85xc8wxR/hex2677RaOd3n88cfdueee67jCzM95znPcu971Ljf33HN3wcdOab4nxtGGTIY4
AoXvjHCMGoYjvjuio0tsQlZxn3feee6KK64oHjOh4ltbOtq8eNHHDUKY45Yvu+wyx7fMoG+VVVZx
q622msOZtemmmzrqTEBZYFLM7j3qDC133nlnMIo+9thjAQO+Yc43zcEjDgiBm2++OdSLo1AJlLfN
1tu4HXbcIRx/E6fhN4ZXjoVkxRGDJ9/w3vA1G7q11l4r4MNq95122qlLqIA39WFFJIFvrajtwoPo
vyeeeMKxAwq6+f4Px6UdddRRYVcfdePoNehfYoklRtStaVkUTV4//OEPHcedo4ARWIm++eabh1Xp
P//5z8PKvn6+tQrfscuestgFt/zyywdDPrwF3y6z9DJuw402DLvKAwHRf+AHDvAB35dnJxErAfkO
0gorrBDF7v7ZxHHD0ftf//rXA1+RC7TRJyirKtTlC/Kgr7I7U/wAH+24445hpyDtTh9Q3+WdvnNU
VX7qHbSzM4M8Hnv0MbfTzjsF3G688cZiNz/9d4MNNnDzzTffiCxIh7OFPxYk8JtAP+RYauSGDfAm
C0Doj/yxu4HV6P/P3nmASVkkfbzMOStmxYQeBoxnFsV06pk99TsV8xkQ45mznojhTHjqGTBjjndm
RTzBhAqiYkAFI+YsKqD71a93/0NP7zuzM7MDLPD28+z2O52qurq6uruqA3jQX+AB5A4nIP9+1N9t
1dVWLWRHtlFv4Lz66qsBFv2RvsSfrrGK60Q/+m3sb/bCwBfCW4mcLIOOnL7kiifcFVdcYZy2i121
fR849MVjjz02lI18WnvttQtvJlE2cijLQTOMoLfffnu4kos0yIxddtklXB2sdlZejDooGAiPee+1
114Lsoorh6HL1n/e2g486MACn5Cfq6eAI3m2xBJL2HrrrReUXuBx/vnnh7FDsFrj1wKLfsgYwruW
XMEJTXlvioUssialRWvwo41ff/11g9fhQ94l59YKxk7g017A4xo4wa2WL4Qf4yrvfCObkN3wMuMO
sgm5QV+ot9O74pVcBV8r3RkLkIX0fxz8xE5rdrDTV3fYYYcgO+K6MVYwBtGH2ZmNYyxBDuCnjr7F
rmbaH5nYr1+/MAbQFnJZfYt8XB9JH4G+8DdyBZqXo3c1tJA8Aw94iKvj4HtukUGOMYaxOOAWmXq5
asYfaHTP3ffYJyM/CeCZy0FLZB4LeuQMb89vtdVWzdCDRxmPUY4ffPDBxjjMHI+5BTzMbTrQatFF
F22Wtxp+Fw1pE/5aGhMWXmThQF/a/IcffgjpMWgyLsLrjFfnnHNOkKmMQ3zTDrGjLsjcQYMGhXkX
cdxWAw9yM0LKH4EHf3Qe3KJxvsO7e6SvlgcpZ4EFFmiRBymX+Rbz16FDh9pss80WZCF9gM2T9C85
0Y/fzHmIH+88+KXPgW4bNweCH5Bj5eZA1IlxCx5CBuDqPf4AgzkgcoU2ZGxL+Z159ZZbbhngp/9K
9f3tttvONt9888I4oHy0J2MUNzpce+21Yf5S6bivMiYnf3I9sc7J2+uuuy7MDZBP3E7FfBN+uf76
6wtjDLzAsyuaL6htmfvTl5kXwpvMz5BNzG169brUb5e5ptk4ifLvveHvhfLJJwdPI6dY99bLUQ9u
PwFH5Cj4ofRdddVVw3wM3j/ooIMCODZYsT5hbaL6kod5J32NvPQB1kTEp44+yhweuiGncOTZaaed
bM899wzjS5qH32x6Zq3C/BV5g/xl3o6egXUD14/vtddeRbIbujFHUXvQX6mH1gopHMpF3oI3N9sA
izEFuYucRXaDP2NeWrdqYQGbsniqDd0KcHFszGEewVwH+rCmaN++fYir5R/ykLk0Dp7jFjvGy3ff
fTfwLQp9wtu1a9esePDjyTR0Sszn6N+MMcyTWZ/w1Fw5V41hnT7C2lBrXuZtwOGvnKuULygDnmNu
In6gveEZ5kEY/mlD8QZx3FjAfKdaB+7cGMWck5tuGHOgG/N/9FLQlf674YYbZq6rx44Za489/lhI
zzNG4IKjH3br1i3odWKc4E14KJ5DcRoSPOBh+jVyB30QJ0zjcRrZRt8HDgYeYNEfmRfyJ3rEdaJe
9CXmKKwz2FAOHXmuifEdx9ybwwpFzmXac88/F9oZGYAD1o477hjyp7TW+Nq9e/dwspN1BnNYwuWy
5v7EgSNGUHRWzHVxyAz0nsga8UCI8H/IL+ojuY7OA97jyQfK0FvLrGmOOOKIovzSjalOSy+9dGhb
1uTgwSln1pX1cLXAQr4jI9GxSG+Krg69EbImpUWr8PQ2fmXIK9a3b9/QTrxL3rlz51B/4NO/gYes
L8Ctki+En3Rq6AzgW2Qm4wGyibZL5/HK1xpf74pXcmK9VrozFiCrkNM4+IkxCP6lr6KTgKaxY279
n/v/Y4NfGVzQIzGWIAeybi2lDyGb4HNkImshxgBkk1xW3yIf+jPkAfSF7sgVaF6O3tXQQvIMPICH
fHjmmWfCOIQcYwxjzl3PTazQAJpr/AFfyQDRQz40Qu/BrW04xk9oyW04rJlpJ+aIrBtSh7wdPnx4
mE/QBxibaVN0E9CSNRHjZtZttdXwu2hY6ZiAPGB+Rf25dYd5Lv0KHRlynfEKGwPynnEIW1CqV6cu
yFx4UXYCZDpjFmuulD8mNA/Sbsy3aLshQ4YEnR/zONbM8BjtJif68bst8qDwxK9lTIjzt/TdGn6n
7Gr6PumhN+1Sy7hP/txNohTwAbyhLf754NPgwouRMfz5RD7g6caYEK44FyANLgSL6uCK7kI+0sV/
Ks+VlEV5oIEvPDPzKY9fm9PgyuBm+aqlnyuqG3yxHmDFuKlOwPPJR4MPPgHWv//97yJaCB/8OI8r
Uhvc4F6Enw/eDW6ILwvLjedFeaiPTxzL0iLFkTzUy43tBXqTJqt9Ynq5IC3AiesVf88+2+wNvngu
wrEWWL4oadh5550L8GLax/DEazGelX67sqbBJxQFGHG5gqcwn/wU1Qne8rdoCnmVPm7jU04+pcEn
TkX5YtyA74qZFulOHl8wFrUVeNEH4vLS72r4AnrHuFM+v32SE2D4hKYoPo5L4bb0W3JBtI39GAf4
0SckzeroV7+WpLsbAxqQKTEO8C3lqmzK9YlYgytoQjlxnCvnCn1Z7SNaKJ3KQS7A28DySV2hfNVH
6fRb5ei3K7AKeFbb98Ff5ZTzL7744gIM0cQnd83qrrpRFvRxI0QhH7zuhssldUsUAABAAElEQVSi
+iFf3SDejH7kdwNmIa8/MVGUJoYjWOmYIDyr9WuBBW+4ArEkjtCCNNXikpWeNnYFa6HdUlqoHQmX
DK2WLwTXldDN4FCuYPimgQZfaNWlXoKJ74aeAKMl2VQr3ZkLqA6iX1wv4lLYvnArmwc5GdfB3ywu
pBesLN83RxTlowxXEhZkjfCKZUoMR9/V0iKdbwk30UO/434oWLX61Yw/WWMJOKX4Zc3rXHHUIu2X
W3a5goxWfarld2ge49PSmJA1r1P7it6qIz4yxRUgBf5wBVKhXoIb53fFcyEtdWLuEJeb9U3+LB4E
VgrDFX7NaCba4SMLXCFdgJnm57crBgo4ukI8wEjxUj7C+R6fPEj5aV+P68S4BV2Fi3DDF96u1Gu2
JonLqOT7gw8+qIgWWfzeUt8HP9IID1cwFXBXHVKf+mWN+ypjcvNdATNZOuax4lV85pg4V4CHcMW5
EjHwR0wEeFJ8Qbr4j3B+M6ePnRvhGmL5m5XH30ZtIF1rnSvIG1yBXLZvbrPNNg2u7AqgNP6oTvKF
o35vscUWYc0V4+cK4wbfeFASFmUgp1LH2lLlCg6+wvBjHMlPvVjTKT1pstonhuVK5KIy4/L17Rsw
gz4jzlcLLFfEN/iNQgV4wjOuF9/itRhepd+uHG7wTWUFGKoDvuDp2w3wRcW6Yr2BtYXyKL3ww/d3
eRtIV8oB3zcVtkh38jP3i2HwTR8o56rhC+gt3OM6MX7i3BBeFE9axZXDISvOjfRFZQmeaK3fjClu
uG1WhG/GLEl31tXIlNilcohy3RDc0LFjx1CO6ApcN0wX+jL9kfYRXkonOiEX3NgTQPkGi2Z1UnrV
R+Xot2+4KaAJLN8QVBIWedBxyIG/yinn+zMNylLwoU9a9xhX6MO6Tg45iu5Q9QYea2o3iBfhKzyY
B8j5BpyiNDEc0gOLcb4erhZY8IZvnimJI/iRph6ONvbDC4V2S2kh+hHOnBBXLV8IT98o0AxODM83
DTS4EVPJ6+aj96UeLcmmWunOXCCmU1wnhaew47mo0uMrPXIydshtxZXzWUOnjvVJCiOWKWl6fldL
C9+QUtQXhaPg6jfr73q5dPwBRkpnwcoaS0if4pfO68gvvYzqkOUjuzTfEsxq+R2ax/i0NCZkzevI
H+MXl4dMYXyXgy+UVuni/GeddZaSBn9C86AfFGjwAwQBxxi/GEdoLNfWeVB41jImKG+lfmv4vdq+
35pxv9L65OnaJgXYGVdQsLSlbxSIvsutAWMxQi42drJg9ZN4IQ7lZWpEkXEGRT8LTCY+frKnwd/+
KAxyqfLMd3IWhKnvBG3wHZsNGMFYLMRGNwaT1tKJelEnPwXb4LtLQ3kYO3wHYQG/2LDuO4MbfKd1
AT/yIkRPPeXUBoyzvuuvkM93BBYMc+DpO2VCPtL7m6JhYoCSGnr6zq1CmSx6VS8m2/HAwqBKPMKa
iYfiwDE18pKOyZGfogrGtKz2ERx8FjnQ13fONvhOsAKuvrs9hPkJs4a///3voS3ifHxXAwse8F3b
hfLhDfgIg2zPnj0L9KNuMa+lMCv5jfLKT0gU6ATtMSL6TuygtI0HQN+FXaC7vyNcyOM7BAMPsrCC
F30XWiEu5d0YJxluW6I7eeA52pS2Ou2000L55cquhS/A3XdGF3CHx8Uz9EkmfOKnyy+/vMhwENer
km8MAioLHzr/7W9/C33Ed4UW2pgFPYaCuMzDDzs8xPu1iQ1McplcwR9M4iiLvhOn99MFQT5RHxlR
BdN3Tjeg3GGiAA6Hdj+0sCGH9qHfodRiQgYewGJRLdyBK1jUSTLQd9M2PPbYYw2+27KQ1ndcBnxF
41j5XW3fB2fwjflTv2M/hgGe4jnwp14odqgT7YvcUnmpYQjZDO/5KYFCfURDZDi0Rd5QpuQTsh7e
Jh2GLzYh0Ba0meRZJbwv+pbza4EV56He0IIwlB9+UqxAi3rh6O9mBVoAC+UmChR4VTSHTiiBoI/q
Wi1fkO+xRx8rtBF8iOLIdzSH8RXZIXjxuCV4rfW1gCsnm2ql+5VXXlmoF30deQyvMR9Q34eGKWw/
zRLqjJxGhgKfTS0yJKZ0YKyGRqKT+Fxh8rOMmtCPMYk5D4tG8gJXcjSlby20oA8BQ7IGGMyD4Bvk
kTaLIWcYS1OYtfyudvyBvkceeWShvfxt2MCH8fjInAq+jPHxmwEa/NaRMJ+QrKZtmVcw72COwTgU
16sWfq92TKD+8byONoXekuW0ARt7kPnCO+YPGbupy7W9r21ACY4CWDQi3E/1FGjB5g7xGWXzp9/y
fXd1pmEdeqY86DcmlORBeBODlGAgI1iYMibAT2zAVJzmWykPglPMg6LB+ORBYKZ9PeYl5Diym3Sl
xh/oTh+M89XyXY7fxSPI4pjfhZ9oi+wEl3T8iXGsdNy/5JJLWl2nWugwMfK0zeV667FCgQhf0Tfh
YcY6Oeb3bDolLstw66d9Qp9lczLrc4w4KPn81pCCHEkVuPCWeBEZ7Kd/ggECORDPQ5jrtdYxDgDL
T2E3sNET5ydMgryhrsTFRmuMyOlmUtKxHvSTsUH2KB8bZmWYo96MHaoXegXmwCjtoKffOleIY30r
Fxu7KZe+STzjk5/4DXmEY2rkJZ2fnAz6AvpuVvsIDj6yFKOmP+3QwFpXuJ526mkhjHGPsQVjUOqq
gQWefoq5UL6foA1jGGMR8kL0w495LYVZyW/knN/MV6ATZTLPYgyF72JYrCuC+72hQXxLPLwLD/oN
McFHdyLapLwb41SNYR2eo03R7bDxCbjlyq6FL6iDcAd/xlTxjJ/SC7xFOH9+er7IcBDXq5JvjFIq
C5/60HfpI5rXEs66mrEmdqztSI8+BwU/BkLmOPAveeg7sfNT0UE+UR8ZUQWTMY+5kJ+mDGWypqcv
4uBj+h1rRdan4AGseHNkbESmTpqfIC+QHYz7wOLPT/4FfEVjdDdyRx99dEhDvdgUlNX3KUN9H5xJ
y5/K1+/Yv/qqYsM6ddJmAerF2oQ6IXORWyovNQwhm+G9WE8AXNKzPoS2fkNGoJVwZIxFrpCO9Qyy
jraANyXPiCdda10tsOI81EN6M+bsjB2iRb1whF9FM7/tIOiQaGvBIc5PUAf6iB7V8gX50D9SFn/w
IRtg/B30ML5KdhCHTik1UApurX4lhvVa6a51KrjT11m7wmt+u2Kh7xOXykU/8RxojJxGhgKfNY10
wykd0KHRJnG76HfsZxnWoRtjEnMeHRgCruRoStdaaEEfAoZkDXVmHkS/Qg5qsxhyRrIshVvt73T8
yaJzXCb0PeGEEwp86LeABD5kjPFbMUO430gU+DLOx0EZ1s7klaymrU8+6eQQxhyDOU5cr1r4vdox
gfrH8zralLFHshx6YBxH5gvvmD/QXcI71AU5wzodPaNohIzh0KPchORBaBnP55irMv4w5sNPbMCk
fvwxz8dNCjwY963xPf7Uwu8xfvBGJeNPreO++Cr3J10KtFnDOozMH4YxhISUbwpXXGqgYKLl1ymH
PExMYmUpeaREYqKssmLDEBMqhce+DBipcShOU+m3lPmp8p38GGUR3CgUY9wR7DLWokxjoIjhxQsI
FlLExQsiJp9xer7jMjG+AC+mXxYcFuzaLZWFfwwDmqXtE8en3zoFmBru0nRZv1uCxSRNA06W4pSF
OAKzFK9lwSwXprpQHgbzOC1KJRlgxE8oIoQfxt247cnLbwy0pIGmTFLjMvUtXq6G7uQVr2TRRvDV
r6rlC3+GoFA3v6KuCG/amjrBS6UMRapbJb76KW3JZD7Ow8KavgU85Eocxzc0hr+ZWLEwBx9O1Ak/
3SAR56MPaTIDzFT5zKaYOL2+gcWEDVj88VuLubQNJANFO/gHvolP0ovflFftCe6V9n1wo/7gwuSf
vCzCFU5cVn0EG55LT/aTN8YF47JoIF/5gYcBL5VtwFVaTcyBJbopjrbwt4NDGWxIUXitfi2wtEGF
WzZYUKWw6QuSM+lmjTRtS7+hNTTjL739gjgZQ2N5GrdFpXxBP/BrWwMcv/Y9nDJJcYsX0iyO0/jW
/GZxRh3F21ll1UJ39SPKxqgZ8xkwkMmiYRZs6EJfYaMaN8Uge1lsUl6W/EV+ABMlPfGUTxhw9ZdV
tzhM8qacYb0WWgiGZA1KeeqmcG0GRO7Uo2+pXPniyyw6Kw2+ZEXKh8hraArtWWDGeeJv1a9cmtby
u9oIXFoaE0jLvA7cNab7NaGhHtxeIp4U3lnzYPEgxlOMDx999FG4EQnYaXr4DbkJDzIW1sKDjAGM
eeUM61JsgEN8Kl1tAQ9pPsvYr3pSF9WVsbyIBx9r3JBKnxwfPKiNCuV4UJsLoV06/kAXxh+UNfXC
T3IVg1Jcpgzo0Dfm5VNPPTXwTrwZTTTHZ0wiD7wZjz/QH75n3Ce+knE/Lndy+550l/QVYP57QzCM
0c7wQ5FrikOpSJvKoWz2K5IDb6AMj5WlfPv12iGOdaicjJHwGmNS6siHcYx4FMzxqaE0bSW/NTYU
lO9el+Dcp+9QJ06Zx7hjXJexFsMGsjN2KPkkx9Ed4BhrFEY/SV1cZvdDugd4gX577hXyZcHBkCWF
aWz8T8tu8LqwTkjbp1m6KEAn2GLjYBRd+rMCWP4UU4EWGLBTh9ECPsvktTRxBb9lAKE8jISxw+Ao
A4b4iTmZ2gq6xW1P3t9/+71BBjFoihzMcuLlauhOOfAKuKYGJMFoDV+waY668cecIXbXXH1NCPfn
/koaiuL0LX1rbUpdaNPYsWEOuoAHBvdmzvkI5T7tg0yhzqxlSV/oq0km+oOMysD0K5uLUtDHshzt
i2EFAzR//GYzCbDSNtDGHtEO4wRjd3ySXidolXf48HGnGbP6PnhLnmB4Fb9Rf74xRIGLjPyE85dV
H8FmroH8Sl2MC2u51Ck/8OgPqWwDrpz0T8CinZAzctQJnR9lsCGlta4WWOhyqQfram0GiPGgL8An
pMEA3hrHeo5y+GPzSOyIgw7ExfI0botK+YJ+oA1V3ECWRVvJO+CxqbaerhLDei10Vz8CZ79WPfB3
jDd6L9FQ/SqOhy70FTaqMSdlgwnzXcqDP+N5CfnYcADPcjqaeMonTH0r5vMYTvwteVPOsF4LLQRD
sibeDEQcxk/qhdzJan/lr9UXX2bROS5TssKfHyjCA1pDU3BkM0App/qhuyvlWsvvaiNwaWlMkBwG
d43prO/Iy+0l4gnh3Wwe7JUQD7IGZbMLcwDdiJSmn1A8GNsxmJumjj7DxgjqydiqepJOdW2LPFjL
mJDWvZrf1fJ7rX0f+lc77ldTjzxt26TAZGdYZyBgEEGw8McilUW9v98dwpnQIxRJpz9+Kz3GQwzT
7B7VH8YgKfuyFOYqp1KfXYmCx25QFi3s3GUnLjv6WLgwoYjLk8GUfKUMF1ogcjKb/DJIkIfTsyxO
VCd86iWDiYzkTBx1nTVKkhgHfTOx5cQRxv8UT6XBh2bV0Ev4llNsxuXH3y3B0maG9ER/XIZ2pMaK
yji+mm/VRXRN88qQQNsATzwRK9jTPCzSMWyQR4rPNI34pBq6U4b6QCnat5Yv1H9iYwH1AU/qkxoA
0npV+ltwYqVxnJeTpsCDjvFJL3YvyphMfPpXypAlepOe/hXDKvWNDFK/S+HwO20D1Uk0Esy4jcVv
yqvflFdp34/xTWHGcem30gIrlZ2cxOcmArWz8IvLEK4Yy1gIxHHpN3woYycKEK5BZ9KDfEexyqke
FAhpvlp+VwuLCbg2n3A6tBRM3ahSSjaUypeGS+lbqhzxekxz0boavogN0NrckeJC3bWrXH2PBQ3t
wsmJcn/sBEbRlJap38I5rofi8GuluzZOwEeccIvL1Lc2XHEqT2H4jIGn+il06Jj1F/fNOF9W343j
W/pW/lLyqFZaCK76cnwymjjJ/1L1Uv5a/ZbGH5UrXog3ixBHvXUjjeSk8sS+6lcuTa38LjhqI/ii
pTFBaWO6ihZxG2fhTV7mNZoTpHyI8iGrnpxowjCO0oExWHhX6it/OcO6roHkunjkQFbZ7OgG5xgP
2pG6gnvKgyiXtSGgFryzcIjDUHIBt5ScIS04iN7x+MPcnfHnyb5P1m38AZ6u9U35nXk3/B63MWE6
YXKqG9jjusXfuhkJI1S8WTCmfRbfxGVM7t9tc7leJ6zcaIKSDd5B1hS5prgsA6JkL32WG7ToJzxn
QTjGqdTgwckQySSM8himOV2sP4xBGJ9IkwWvCK8KfjCGCx6bdlj3M25jAGFjGLfPodyNnQymkjdx
XPh2eug5IIzy5Oe0CnDIQ79k45DqhE+9Nuy8YUgjIzlKcxT/5MlSiAJLG7IEpxkuBJRpn8z0Hgi+
wG1Jud4sfwWwtPEHuYwyO8sx/+cmlHJK96x8WWGiveiapmFcUNsATzwBf0nBnuZB7mHYgEYyeKZp
xCfV8il9oBztW8sX2mwfGwuQzTKGNOvfacUq/C2lfHrCXNnRSUF36IgRQo5TjzImq2/GfilDVnxa
m/5ViUMGyVAZw9B3yv+qk2gkmNAOGuJS46N+UyZjfmbfb7p9ImvTQAqzXL2UFlip7EQ3x1pb7ZzW
LcYdYxmbDMo5DDIydjKv4Rp05nDId4wQbAj/6aefyhVRcVy1sDBMMH5AB06HlnK67j6L7qXyZIXL
eFWqHPF6TPNa+CI2QGtzR4oPddeGK/U9jDW0C+Nvub8zzjij7NX4wjmuRwy/VrrLSAYfoWPLctyo
gFzkZrjYIaNpY/XZ1I/7Zpwvq+/G8S19K38peVQrLQRXfRm9b+zoC9oQIJkTx7f2mzkZNCzVxipf
vBBvFiGOeksvKjmpPLGv+pVLUyu/C47aiPq0NCYobcwvokXcxll4k5e1HGNZyn/6nVXPLJjCvRJf
+WP80nyag3OTZ2w0j9Nps0Zcd+JV17bIg9WOCXF9a/muht9b2/dj2mfxTS3453naNgUmS8M6ilEm
kwzc/EkYxj6CU8ohmF1xylPKR1i1VqnHQo5dQ4Ih2LGPsT02WksBm3XVqepBnShDhhYJYcIEq5Sv
9zIFhzwY+FV2LT4K0lhh3FIZwrecYrNUGS3BUtnadFCqnHqFC16qEFX5MZ1RYsrwHyvTlVY+xg0p
dUu1jcqthu6Urz5QivYqt1a+iDcSsAsXmHpTpVydVfdKfRkgUqW88guPmD79nuxX1P87d+4clAFc
s05/UZ+K+6PKE13K9UulxWdxRHn8UTbGCa5SZJe7YKVtoDpJ2S2YcR3Eb8qr34JTqt8Trr4f45nC
jOPSb028K4HFW4dpfuFaqq+k6VHmxfURPeWnp1nT/NX8rgaWjI/g8eSTTzarp+CyyCFNa2WRZIYM
2SpfvnhdPEG4aA38mIZZ3+ILGaBjfhMM+YxpKDspFwUH4bG8IrzcXxZfqGzhHNdDcYKjzWDV0F0y
r9K+K5iM/5LD0I05wYEHHtjAW3j8pp6laJXVd1VuJb7yl5KZreXBUv1ecEvVqxLcy6VRW5RqY+Ut
xwulcFde/ErS1MrvgiNaVcJXShvTVbRgHqcxJ8WbcE6jwWvwHCeU2ejYtWvXgrKVcI0Zwg1fhvFa
57LKX8qwDm5sMAJ+OZnOHAb82SilTW7ljLuCWyveMQ2yvisxrJMvHhOyZFo9xx8Z1tN+kUUnbTyA
7uXkoDY9pONPVplZdJoSwtr2sr2V2DUZTOETZE2RK2NM5VQYBjzyxX/qA4RxU4VcbFiP02d9L7DA
AmHOoLy1+Jw+jp+7EBzhh8+Gk9i4LoMpp8hjg2AMX6cGZcyVcZfyBKOUv8EGG4TTc4JDuqy3qGN4
Zb/LtE+pfOPTsC5asAaI6VoKl9aGqy6pAUDlxnSGt2X4L6esxrgtw3qptlG59Tasq9xa+YKNyOJv
xnocBl/CytVZ9KrUL6WUV37hwdjM+IDT7U3qJzyHx/XAXLNOfQnHeJnFNzIyZF1BLJixzwYawaFs
Tsqy6ZqTwIKVGpdUJ8lAwYzrIAW88up3DIvys/7U92M8U5hxXPodb0jIKj8OY7N26oRrqb6SpkfO
xWXyTT31l55mTfNX87saWDI+ggc3ZJRyWhugT8niqVL50nDpUWXITuPF6+IJ4kXravhCBuiY31JY
GHX0DCS30uGgRzmjn9oLP4svBEM4x/VQnOBg9K2W7jJgVtp3BRO5oXrBe8habq3iiTvxYilaZfVd
lVuJr/ylZGZrebBUvxfcUvWqBPdyadQWpdpYecvxQinclRe/kjS18rvgiFaV8JXSxnQVLeIxJ8U7
7m/wHOtqNjqy/oYf1bc0Zgg3/CyYcXxL38pfigdjA285ma7NhPSleE6b1lX4CG5MK8XVwxfdW+LB
asaE1uJVDb+3tu+Daynat7Yeef62SYFJ1rCO8o4TcrFCUgofdr1xNSsLDRR77Nzjj4mqBug4nxSp
CE12gbK7navtsv7Y0YwCSrBq9ZmcochjQSD8eLcN4SbhHStFpYBlF2DWdcvgIUOLDOso5SiLuvIm
blZ9FKYyY8V8DL+WejIYxXRuqQxNjFMlYkv5iG8JlsqOldVZ5dajbSlX8NhAkQUnpjNtEF+1iwI5
Kw88IANSqbYRn1RDd2AxUYBXStE+xrcU7Cyc4zBd004boHSTcaqUETzOW+m3DBAoYLLyqK/H9JFh
mJ3BXHcU59NNAqX4php6x+3HKRgZEwRPyoG0DVQn0T0LpvhNeWvp+8IDXzDLKeiVXvTjGlzaUjIl
9TmhmLUpKcVd5Zby2TjFaRR2O2NURn7yliQLf8lO0aFUGZWGVwML2SHjcrmTqmobyelKcUnTcZqa
+nILR9apUE4KpX1asKsZE2JDMmNWiod+iw9Ee65k4x1sxtyW/krdjkLZLfFHrXSXzItlgeoS++mY
IHzIp3fglB5+QUaXKjOr7ypvJb7ylzKs10oLwVa/l6xRuOCWqpfS1eqrLcQ7pcoR7bPSlcI9LquS
NLXyu+BUQ6ustKJFPOakeGtXOv0K40Hc/5kbc3KZuLQdwbG1BmrlL2VYB4Zu5dATQ6JN7DOXRj4x
59W4AP9S1yzcBTdOH5fX2u9KDev0cebLzcafNRvHH3DP4s9a8ENeZ5WXRaew2cI3N5G+3PhDHHQv
d2K9knG/lvpMKnna5nK9Tlg1GWfhE2RN7LjSknlwlgGREzLwGHlQ7HHzAX8YyygLnorzcUU0YcRx
4pL+xfw764+0KA5b6ziZydqCvin8TjrppIJSNK2zDJsoULOuWwYfGWdlWNdNQNSV9UFWfRSmMuOT
ySnNq6pzU9vFdG4pv4zRLSk2m5VTASwZ1mNldbNyCGh904ZiBY8NFFkupjNtwE1k8CCncWnrLEe4
bhMo1Tbik2roDqxqTqyXgp2Fcxyma9ppA249kHEqPZkW56n2W4phnlfLcllGExmG2XDK2B07xk/a
pRTfVKPsJ60MgGzWj40JwEQWACvlf9VJdM+CmSrgxX/MQSrt+3G9BbOcgVjpRT+uYactJVNSHx5n
XE1dinsan/7mRCm3vXFrJrc3Ij9ZW8e366U0TMuo9Hc1sGJjV/zUSApLbQNPMY7V6jhNDb906NAh
81QoOuKUnwS7Gr6gzdRXkROlnPhAtOepA657Zixr6a/U7SjAaok/aqW7DGnQIosvC/VMxgThQz42
5cQOfil3sjur78b5W/pW/nJGTW1wqIUH1e8la4SP4LZIK2Wo0ldbiHdKZRfts9KVwj0uq5I0tfK7
4FRDq6y0okU85qR4Kw39GzkYnwqPDdtpO4JjFkzhXomv/KV4kDJ0K0f8zEhadtZYTJq0rsonuBOb
B6sZE4R7rX41/F6rHIxxE+0rGffjfPn3pEmBScawjpEGway/YW8PC8rrLEUvijkM0KmRjLw6xRfn
QxDxW8JUMFIfQ0FqDEvTVPJbOyIR3Gl6FK16ezJWikoBC47dunUrnGRSft6gkaFSxlxdFUzdUFwo
beyjoMNoysKHcL35CRxOtMRXRSofikWuwWUQVliWTzvEdM5KE4eVU5rH6bK+W4IlZQj1KmXI5Zpj
JrEY7bJgVBOmusCHWcYoNnyAizZKxO+Qx7cpxDCl4CFfVpmkFZ9UQ3fyMVGg3FIK4XrwhfoecPS3
ww47NOPluM7VfsMHlE1fSK8ERynITnbi13IlOMaIeMMAyr8UHotL0pcyZFVDb9GY8tj4E8MCN12l
nbaB6iR5kAVT/Ka8tfT9GB8ZSdlFGIfzjcwAB4XrTWcM6/CJwmOfPGwmig1Aik9xV3iWLx7i2Yus
eG3eEB2y0lQaVgsstRXGbsaLFBZyVvK9nNEpzZf1GzkFL/F3ysmnFGgLrXkqQnExLWrhC9p6uWWX
C+Xx9nYWLnq/Cpg8MZKVptawSvijFrqrfcGZ90Gz8KPPMilmE4Pi1TeyaME8hfJKyV/JG+KZd6hM
+fSPUn2INOr7peQRaWqhheArr2SNwgW3VL2UrlZfsjHm1ayyyvFCKdzjcipJ01p+r4ZWWWlFi7iN
U7yv7X1t4LNlllmm2RwN5QDjH0q3tB2hhU42s5CuhQdl4C5nWFc7YbBCSRa3Ad/IKPoPfYUT65p/
Eo5czMJdcMFbhvi03Nb8rsSwLjmXNf6A+2GHHhZwb4mPK8WzGsM68MUn8EVL4w9pySNc+Ea2QftK
xn3lmxz9SXM5XyHWrtBmTKOdMdLEjvGH/tXMgNiUh/5MP0wd/ZG+HOdDtlGW+nKaJ/z2cjEUpMaw
zLQtBOrECzIvdRhGdSsU8lVOBlNwP+qoo8Kb24rDZ14u4wen3XFsOlFdqWOWQxnHSRfKx8XvrocT
lWN/a5YNxWLPnj0bkJ0lXVM7xHQumbYpAqMPbZClNC+btwJYuhaZ8plPpQ46cM3xkUceGdZjaXy1
v2XAgg9TYxSweHqKttFGCSnKwS++TaEA1+sI35CHNGmZSic+qYbu5G3JsF4PvmBdBf7x36677tqq
U7uqt3wphukL6ZXgnA7mthzg60r6+JQXG6pTx3yb9KWMCNUo+9XGlEd/jR246SrtlP9VJ8mDLJip
Al7XhCPXKu37MT4ykmbJKPgXHOT0riuG9TGjxyi4yCcPN4nEBiAlSHFXeJYvHjr5pJOzosNzldA3
pWFm4hYCa4GltsLYzXiROsl3cOx+SPdWbdJCb4QsoCw2aoi20FqbQVNa1MIXtLU2hKCzzXIaV4HH
EyP1dJXwRy10V/uCM7qALEefZQ7NJgY59Y0sWjBPoTz6HfPN1EneEM+8N3W0YamnSkirvl9KHpGm
FlqQD6e8kjWNoePglqqX0tXqSza21G/L8UIp3GOcKknTWn5XG1VCq6y0okXcxineogNyJt2cw9xY
c8G0HaHFhOBB4YfdAJtPltNGO3DV/JN0aV2VN4tWiquHL7qX40HJjAkx/lAn0TELpyw6KazW8Uey
rZJxvx40z8uYuBRo84Z1KbEx2vBeE8ofrrrYZJNNwkCLopffsXJHebiSkcUeefSnRVSqIJZCCoHF
BIYJuvKwy4TBnoE9zRfDrfRbSkdgobAXHHzqIgN5rBSVAhYc+EP5iMISAx2n0ZWHCaHeCEeJz1vo
pCdep+2Bw+SDU9Iob4nnyiwZ0WX4JxyBggAnDzhgfIYGxGFsUR7qTpkobfkj7d577x3SUidwUVxK
J+IwJmg3FtcCf/rpp4X0lJXmqRYWZaywwgoBb/Bn57XaGL5i4U+d+IOeKbxqf6uNKY925k2YYcOG
hZNOvCksWGxeUPvL6Escu2KFH/Fxm7BzkjjhxIAv2lIX6sdfS3RXHhRlbDYALrSnLRQXG3liHKrh
C+GJr0Ff9S+1ySHOU823+jHlY8BECUYfYWKuBTZxnLihXOioHdn0cQZ46I3REmOl8OT0IHwa4wKN
oDdpKqE3EwzSkZ5TY9CWtmPnu97mJo42UPuSRvjR99QPeSOXsrRhRvxGXtLU2vdVPxmooRn1pEzq
ytteyBJ4GiMD6ZlkaiEKP6NMIj1/5GVTi25aiA0O9GHqd9ZZZ2XyHvHCRz6w1CYoZ8gvWNSZcYL4
GI7yVuvXAosFtmgB7aCZ8GOjFxtJwI809eD9mEfhB36zcBCNUlrUyheXXHJJoUxgoHxQvaiHxp+F
F164LkYv8IR3aF9tbiknm2ql++GHHV6oF5udkIXUCzkAr4uO3DAh/uGWBMKZg3DyhvSMkboxhjjJ
A+KUD5/6aGMF9WH8RAYwx2CzGnnZlBGPeaIF9ECW0ZckjwjjD7wFp1ZagJtuXJCsUZn0aZ3ET+db
SlOtH+NeyfgDLWNekIwELrgz34B+Ke7E057QKE4DjYVD2k618jvlVTMmwDcpXSV3aGPxgea0GDLA
lfkLdUXJ8Phjj4cw0rJxRrIWGZNFC+ZW4kF4OeZBTgJSLoZZwYZ+RTw4rGUepF6SCeDIte/gzR9l
aTMWOEJr8Q64ccU94aqr4qArdaO88cGDGICoOzSBn8QbfAsHjO+kAT/mq8SpXqTfdNNNQxx8qjy1
+pQrfgenlN95dzSlE/MdwsAxa/xhM4TwT8cf4LU07mOw0rhfa70mhXwTd1k+nqH/3lB49xijDX0O
o8H7I94P4wr8gQERfi64KA83AyFPycNJZHzWqspH+wbncVJIwTdsOsPQRXr+GMv0fnm1BssCXtFH
bHRFYR/jx2ZwFI30DeSrnAym4M4fJ4GQXfQ15uVSpJKPNQFOp6JJz0lonbYHHkYfZASndImPr4Pm
rWLBwahAfyMPis2n+j0V5BrxzO1jpS5lApM/8D3ggANC+7DJH2Wu4lQn+cRhTOAKYfDnamMMuUoP
3NRVCwt8Oq3UqdD2yHm1MXzFTVLUCfjQs7VObUyZ8BTjG+MXYwqnawWL61uhbWz0BQcOMwg/4uM2
4ZYX4uTGjhlboBVrEcYd+LQluou+0AZZKdrTFoqLjTwxDtXwhfDEP+3U0wq8BQ2yNjnE6av9Vj+m
bDaoMF+lj7AxT7xOXJ8+fULR0FHvnbNewPgLvVk36Ak40nN6ED4tOJcZ0AjeIR6at0Rv5s+kIz16
FmiLIY3+qre5ieMWHbUvaYQf47764UorrRTKYu6DkwKevKQBV/on5SEbsvq+1l+8gxv3Y8qT/gOa
UU/KpK4cmqA81tUYU3HoC+AdYDH/Y65Bev7Iy/xIhtnYQEAfpn4XXnhhyMvpc36L94hPnYwfwMIY
Svpwy4S3B3VmnCAuhpOWUenvWmCh6xQtoJ3GLGjBvJ6NJOBHmnrwPjwqePAWv9FtAEN/MS1q5Qvd
HkSZwGDTitqYemj84amSwrhaKaEz0oEnfED7anNLyh+h7Zvy1kp38Tn1YrMTspB6IQfiA0LUWU7P
JHKTEvKc9IyRsd6RtmBeQlzswBm5BDzqQ79DBjDH0JvtGMXiMU+0gB7IMvqS5JH6CnjL1UoLcNNp
d2RN6FdNhdKndRK/aL4loDX4Me7wkGgCHoqL2xhaxrwgGQlo0vHMHWVITsYo0Z7QKE4DjQWH53li
VxO/exGUV82YAN+kdJXcoY3FBzJ4hnZxRHVbBXzGTSDQhrToVCRrS9ECWo1vHkQGMOcEB3Dk6Rpw
5A9+1mYs4uPr4sGtLfOg2ga8x/f4Uwu/19r3xfuSh5WM+8qT+5MuBdq8YV27relw8Z8mPQqLDSlS
QiquS5cu4bo6nQglPD0tSMfm5IzyMMHF6CxDGOHARKkQK7FrURLJCCZYTNQPP/zwhj333LMAPz7F
Awwm+prQg0daf+HH9b8xTuwWjtNSBgpbwVY+jIrKx6DEqfg0X5qHRYzygJ8UunG6rG+9wUteKZGz
0ikMQ0Os3KwVFgv7uE6Un7Yv72ozqVO9avXVxsBLYQKXMNqYiZ9gZPFgp06dinDEcJWeMouNyaJZ
lo/SVbCEX1a6OCx+J7YWvhA8+SxEVT4LlVhZrDSt8UWLcnRH6RJvCNGEXnjFftp2kjMaKOO06Xf6
viz0i437cfosfNl0oz6vtMiwWBYQzgQwXnzQv6FrLX1ftGeCGdc97SdM6mTUJw+Khzg9Mlebn8BR
9dOV37oKUPXK8uE9lAzCCT+VF8hp2pz39FQGsErd6BCX1dJ3rbBY2MW0oA/zF+MHvVqCX0k8PHXi
iScW6Cs6ywemeFbl1cIXKK9QXrRUL07KC06tfkp30S31xeeCUwvdUbiz4Sqtl2ARDq+Dk+DEhmul
kx+XQ1iKI2WgkFH61Cc/b9tDb9JWSgvKQaktHKulhRbgMT7IZ8qLZYvi4zFcMKvxqx1/kHkyBgsH
DLfMxbJwj29CqQQWz/DE+NfC79WOCVlty5gRy0bGe5TR8bhGf8b4A1+KFrEPD8V8SLpUjlbDgzIm
xzCyvoEZ8yCyIMaDsSyVgxh6xes6DR6XzUk42iVWxhFPua3mwd7XZtIvhs83baCbqlJaaPyRYon0
U089davHH/g65XetCbLoFG+2rKTvkybmd33TfnGbpeM+hqV43Fe+yc2fdJf0lWHOxpy4ncXzcRjf
BeOBKzelhFRa1krHHXdcYTMW6THAobiSY90mRSD56C8ol2LZRT42j8ZKbOWvxo+NrsDCSIZMZq3P
b+Cwlozh8E06xZOG7/iPMK6Tjh0bdeO0lMHb0Wk+nXInL0pmNnCn+eI8yA4MZnLgFyt047TxN2Xq
DV7yshEujs/6Zr0eK9hrhcUmp7hOwErbF9qg+G2tUxsDL4UJXMJoY9Y/cuJBpYcHka3CkfDFFlus
+KSjs3BsTM6in+DF13sKv1LpFY6hTLc01MIXqpt85kcqu7VvTKvM2BctoJXoKHj4hKEzig3JPG2W
lVbp4/ySM/SXODzrOzYYgCPyZqeddsrMl4Uva1v1eZXPuhwDShzORr5404OuEGa9HdeLPMSpLHzi
2SiburSviAeVh/GVtpRjjhPDQuZieBQs1Y8NlTh0V4or5fNGMeN17GLDBvnoI7Q5z3yoHGAhV1rr
aoWFbjOmBX04niMRB73q4eApNjOKvqkPTcSzglcLX2D87dq1a4v14lBUa11Kd7Vr6ovPBa8WunP7
CnP9tL0Ei3B4HZzkYuOV0smPyyEsxZEyWOel6eL8bHKD3rhKaUF+jJdy1dJi+PDhhf4jXLBP4GLZ
orh4DBfManxtBFJ5pXy9U47MkzFYadnMwVwgC/f4JpRKYPEMT+xq4fdqx4SstmXMYOOC6kj92cSi
cY1w+jNyEb5UutiHt2L+QnancnRC8GDW3DOVgxzSE69ntWNb4kH4I22z8TX+tIbfq+37Md9XO+7H
efPvSY8Cbd6wjuBiN5WEGj4CDQMNhmiFM4knLX+cQiNcCnOlkc/u3izjOMozdlgrXeyjuOKq6HoY
AjnBSdnsuKYuMRy+qVd6jb2MaRibmGRxZVycFwUkhmPRIPZRxHEiNoXDbwz66ckV5YXGMQzlh77p
iSHwq/Q9XSYPgoFSXOWW8mPlK/lqhUVeBDg7/lNYK6+8cjAg1KN9gcMAy6CMopybARjoBBOaspuY
HXiig3yU6KeffnohrfLgw7fEK618NkXE6Up96yYD8okHS6VVOMpcJiSChV8NX8T5+GZTgCYrMT5p
ulp/ywDBSQb4DCOV6sJpMhQfadkYJzntoHTy4XMm+zqFRrjkTLlFl/KzUzeFhYFjt912K4KFHODU
Hgv+uL+xESLtU8gG+IYNPsAhL8p+jDGCiywQH9fa98GbjTMxPpRPP2ECmhpqSI+ylhsyhId8ymBn
MjiKHvCBys7KQ154TwYN5YvlBbgIhvyNN9449Delb43fGlh9+/Zt4MSC8JJfT/ziukFblL8Ys+66
664GDMZS8qWGdfLVyhf0KbWb6oSfNWbF+FXzHdM9hpF+09fF5yq/FrpzGonxNC2fvsUGCGip8uXT
N9L0bMRj0RPL47gvKm8peYNyjzaLN5FVSgtwjY3/wKqGFvBP2q5ca005WWOFNsioTtX6WWWm9OS3
xh/aSDJP6VAIIAtRfChMPgYV4VQJLOS50sd+Nfxe7ZiQ1bbs6MdwqXqg5KCO8IXCWOCBI/PAVHbS
hlx5y8kxpaeMVI5Ww4PICpVVzp9jjjma8SB8xSI+zQeezJHAQ/RmTtmMBw/L5kEMUPHGTpVRjV8J
X4A39NMcKKbF+Bx/mOPyXE1MN/F7Ft9g4IzrTt/HWBnn57uS8afUuM86LGvcj+FOLt+T3lK+eow5
GRLzxwILLBBuvNBTDPQxNrQE54ZGZCrppTCP8/LNaRkUsqnDgJg1vyYPp4RZH8WnpNL8lf7GIE2Z
jIUoR1P8mC+w7o8d+GIYw9CJ3GUeHudlEy4yLMvRF5j3pHD4jR6BfprlMILFMJSfPoycjh34VfKe
Lm2FfkIO3FRuKT9WvpKvVljkZXMUSuoUFusXxqN6tC9wNA6iKGfdw+Y/wVxg/gXCrUGcyk8dSnTm
wUob+/Bter15g/M7t7fE6bK+obtuMgCmeDArbRyG8Z9TeLGrhi/ifHwzP9K6OsYnTVfrbxkgONnH
+gIjlerDZm/WfqnDOMmNK0onHz5nYyD5FKaNK9oUpvAsn7ln6hh3uI0oTo8cYD7FvCLub2yESPsU
sgG+0ZhJXozIGKpVJvMY8TH9SzfGKF5+ub4P3ugmYnzIRz9hPkQ9UsdmNzYlqnz5lHHRRReFuYny
wAcqOysPednopE0dyofxReWmOgfC2SBMf6uHaw0snkzcaKONCrgK53riF9eR9ueWC+ba3LiCwVi3
RaWGdfLVyhf0KbWb6oSfNWbF+FXzHdM9hpF+09fF5yq/FrpzMwLjaVo+fYsNENAydfSNND03QKAv
YqOK4hiXUxxLyRs23dBm8SaySmkBruiMY1cNLeCftF2ZR+GyxgptkInhVfOdVaZoFvvIAMYf2kgy
T/HcXossRO+hMPncNCZXCSwOLWW5avi92jEhq21Z07CmUj2oP3WELxTGWh/HPDCVnbQh+ljmMkqf
JUcnFA/CVzr8KHzwwZM5EnjItXUeBM+4zcbn+NMafgfPavo+6WNX7bgf582/Jy0KTMVEzifkbd75
os98x7NNN910Nuecc5oLkZI4+wBqfkWJuZLOfPA1XzSZdyjz3bQ2zzzz2AwzzFAyLxHAIv+ss84a
8vngajPOOGPZPNVG+gTYXJER6uGT3AJ+wAJu6qiDTx7NF7DmCnQjHY46QYtpppkmzdLsN3XyHTuh
Ls6moYxpp522Wbo4APoBc+aZZw50mXvuuVukX5y/rX6L5vATbq655qorqr4b0XyhZ76YN58EFsqm
vVqiOYl90DdXOhfyQfd682Ch8Bo+auUL6OFGLHOFiPmmg7L9uAa0zK/SM19Mm19NaausskooAlzh
95boDk/w58oSG9/0doNgaGP4D1gt4VYLLeI8tfR95Scv9APXLNmkdPL9NoBAQ5/cBVkhWaX41vrQ
bpZZZrGZZpopyCRko+/ODL/r3Y9bC+ubb74J4xYyGhlKW08o55tAzJ+daCaDYvi18AX9iTbGp43d
oFYYj+KyJ+Z3LXSXzIXH+Z533nnLyifmGfAHjjzV8jn5mWvQt+Dl8SXfa6HFxGy7tga7rfM7c0l4
CP6pVr5MKB50JY65Ii2MC4x1fhK6bN9qazwQ49PaMSEua3x/t6bvVzvuj++6TMjy6z2PmJC4VwOL
8Ye+ydyOOre0roafXHkXxn7W41pXM1ZWsq4mP2Ml+Zg31HvMc+WpLbjggqEezOVZ77LmAlbW3JU6
+LvQ5pvZzBXohTG8mnU1dYrX1cBqaT7PmAJMrasr0UtU064TK61ornV1teNRS3j7KTnzDQHWq1cv
c8VyIXk162rN2cgM3evNgwWkaviolS98M7650cPc+Gu+6aBsP64BrUBrN4YF3ZM/sRiKANdK19WM
Jeioxje9WZcwd4f/gNVSP6yFFnGeWvq+8pMX+k0//fSZsknp5KOHQzehdTVypp4O2iEjta5GNmpd
Xe9+3FpYrrcO4xbjFboA2npCOfRWfiDJ3LBeJINi+LXwBf2JNsbnDz13vds4xrGW71roTn9E5sJb
fLc092dNAn/gyFMtDciPToi+xfg6vuR7LbSoheaTa562zu/MJbWurla+TCgeZO6OrGFsZazD5lVu
Dt+Weam1Y8KErFtr+n614/6ErFcOqz4UmGQM6/Wp7qRbCoLaT5uEiZefog0TBmozqQrRSbclKsPc
r/E2P5kcjMcYkeWmxPZicoLzk3fmOwHNr3kx3/lu7du3D+H1+gcc3y1u/tZxKN9vrAhFT4k0rxdN
83ImDQqgWIT/pUjyHfbm128G5P3mBPOrsSeNiuRY5hTIKZBTIKdAToGJSIEpxbA+EUncJkCzrvab
IIKR20/R2iwzz9KIV+l9+20C7ykRCea3fmLM/Aa7sMbbb99xG9ZtSmyvpiMxn4z8xPy5krCuHjxo
sC251JL1ZQ+Hc+hhh4bNDH5ji63caeW8j9SXwnlpbZQC6brabw+wzp07B2z95gTzq7HbKOY5WjkF
cgrkFMgpkFMgp8CEpkBuWJ/QFK8Bnl8vZOwW7t27d8jtV86GXfnsyvOr9GzNNdesodQ8y/igAIt/
vz7R/Goz82tDwu5Mv4oonNBgB6pfE9ziyY7xgdfEKvPee+81f5M47CpmQ4i/QxVQ8acJwunyxRdf
vC6osXPPr9c3fw847Hb1q+qCEZ8+guKMTQ65yykwOVKA0yD+7p751YXNqofCDWUAsid3OQVyCuQU
yCmQUyCnQHkK5Ib18vSZHGKHDRtmflWpcbMPzq+cNX9qLZx28yvew0n2yaGek0MdWFezQRQdiD+3
E05msYbk5gP6qr/DOkWtq/26V/MnFMK6mhsM/RnA0Mx+Pbn5FfbmT+jUpdlZV/szXoHunKbt0qWL
+dMJoY/4lcHhVr66AMoLySnQxijAyUK/Jtv8auhmmPnTIeZPUNX9pstmgPKAnAI5BXIK5BTIKZBT
YJKhQG5YnwSayt8jMX9rJxNTrvo96qijMuPywAlPARb6XC3o79M0A85JbXZ8TylKO5QhKD/8bapm
tCCAU/3+1llmXLWBnDYpVdayyy4bjIuVPJdQLdw8fU6BiU0BrllDAaDr04QPG7D83eewCUthuZ9T
IKdAToGcAjkFcgqUpsCUMkcvTYHJP4YTh6U23DJvYm2du7ZBAa7aX3HFFY1DBqnjCR7C631ddQqn
rfxmXb3NNtuYv3GbiVL//v1tnXXWyYyrNpDNJ6yfs1zHjh2DcTFfV2dRJw+b1CnAehqZw4aS2LEB
iw1ZbMLKXU6BnAI5BXIK5BTIKZBTQBTIDeuiRBv2uY7onXfeCe8rxWjyRskiiywSrgCLw/PviUsB
rjzXuycxJrz7Va+d5HG5bfkbox8LlHTxzTthXAVfz/ePMK7TV+Kr34GDkpR3IXOXU2BypQBvW9LX
4H+ug+fN02rf/J5caZPXK6dAToGcAjkFcgpUSoHcsF4ppSbddMyVeFedd4tjRzg3abEROndthwIj
R460r776qvDckTBjXb3UUkvp5xThs6b+7LPPmtECnRC0qOe6GuN6uq4GDu/OLrDAAlMEvfNKTpkU
YF2NYV3rat4Hr/bN7ymTcnmtcwrkFMgpkFMgp8CUR4HcsD7ltXle45wCOQVyCuQUyCmQUyCnQE6B
nAI5BXIK5BSIKJAb1iNi5J85BXIK5BTIKZBTIKdAToGcAjkFcgrkFMgpkFMgp0AmBaZ64vcnGjJj
8sCcAjkFcgrkFMgpkFMgp0BOgVZR4OtBG7Yqf5558qTA3Kv0mzwrltdqIlBgKvt6UOeJALdykJMG
v09lXabaqPJKxSl/vyj+lX/nFMgpkFMgp0BOgZwCOQVyCtSZAhdMfVidS8yLyymQUyCnwMShwJG/
XzxxAE8oqFMfPqEgTVQ4uWF9opI/B55TIKdAToGcAjkFcgpMzhTIDeuTc+vWXrdJw9BYe/3ynBOS
ArlhvT7Uzg3r9aFjXkpOgZwCOQVyCuQUyCmQU6D+FMgN6/WnaV5iToGcAhOHArlhfeLQvd5Qc8N6
vSmal5dTIKdAToGcAjkFcgrkFGiiQG5Yz1khiwK5YT2LKnlYbRTIDeu10S3NlRvWU4rkv3MK5BTI
KZBTIKdAToGcAm2FArlhva20RI5HToGcAq2lQG5Yby0F20b+3LDeNtohxyKnQDYFeKhhquyoPDSn
QJumQM67bbp5cuQmHAVyw/qEo/WkBCk3rE9KrdXWcc0N6/VpodywXh865qXkFGibFND7h/nSum22
T45VNgVyvs2mSx46ZVIgN6xPme2e1zqnwORIgdywPnm0am5YnzzacYLVosFn9ixGg80sX5WOV7p/
MnykDXr8ZVt02UVtpQ1WGq+w2mrh4jfwCzzHR853UKHNugZvtP739Leff/jZ1tp6LZt97tnbLK45
YpMQBVwASAaM9/GnzrByw3rb4bM3Bg2wj0e8YR1XWd8War/sREUsN6xXSH46vFxL4381aVUmfi35
askTw6zrdxsyrDNxk5tqXINNGvyeG9bVdLk/YSgQ9ZYAcFyPmTDwpyQo7w3/yh5/4m1bbtl2tsH6
S01JVQ91TXlNBMh5TpRomz7r6nvufdV++OFX2/rPy9vcc8/cNhHNsZqkKJDKg/EpB+oNq2bDekCk
oUmf4DUen5WepLhh0kIWmUjT0ZxT8ZW346TVgBMD2zbc93PD+sRgiPrDzA3rWTRtlNJZMVN02KsD
XrOrjrvS5l1oPvv8w89sl6N3tfW3X2+KoQm6wkhHON7rfelhl9o9ve6xldZfyc7ve75NM8005WGG
AcOTTCaTi8H9XrErj/23LdB+wVBvDLV/WHM52+OUPbwdJpNKlm/R+sROYL74+J2PrWuHrgH3Xs9c
ah3X+kN96pGXMkVT4P7L77cB9z1js8wxSxh/jrnmGFvsD4uNF5rUG1aRYX0C98fxQqBJtNDRv/5i
x+6+hn303lDresR5tvXuR07UmkwahsY6kMh5vojtGb6LArJhMOd6+6W37NWnX7VRP4wK4/5if1jc
Ou+0QbMMpP3o7Q/t1f6v2leffBXSdli9g626yWo27bSl506jfx1jg/sOsmEvD7Pff//d5mw3p622
6Wq20BILlZ1L/fT9T/bkrU/a159+HXBZc4s1bdnVfaPGRJuatA3DOhtXbu51nM3dbmH76tMPbds9
j7Y/brRdoNGkwe+5Yb1Z52plQAVdvZUQJt3s/Qe8Z8cd919baOE57MMPv7Vjjt7Itt9uytlIPSF5
A1iHHXa39br0aTeqL2l9n+jm6+qpyzLPhMSvLCJ1iuz31Dt2zLH32xLt5wklYqhdc83F7ZSTN5vi
1tVq23KkLTWcK2+p+HJl1hL3zrtf2DIdeoSszz5zuK3lbZa7nAKtpcDlVwyw++57zeaYY0b74MNv
rPc1/2d/WG7+1habmb/esIoM6xV2yN/GjrW7Dz7YRn37rX3/yUjb8h9n2lIbbpiJb10DA37+L9dd
1oWs340caX12391mnmceGzNqlC244oq2ZY8eU9wYVhditlRIhX2rpWLGW3yF+LX1vp8b1scbh0zQ
gnPDekLu5x54zh6/6XHb7+z93KC3QBI7Zf98/OYnrGfXs41dYrjuvbrbdt0aFWaTO2U+ePMDu/qE
a2z77tvbKhutPEGqe0vPWxzm1bb21mvb6XefXtawjpK394m9bfGOi9vWB249WUwuxG8iNnxXCS2U
fnLxqfcgV/z/OurXklUaO2asdVhtWZt/8XZFach7xz/vsC8//jLItOlnnL4ofnz8wNDwl4X+Eoq+
/IXLDeNG7nIKtJYCZ+56pj11x1OF8ecy561lxxNv1RuWDOv0x/tv/Kd988Un9tdDetj0M8zYWrLk
+augAAurfxy8ub32Uj/b99he9qedD64id/2T1sPQ+PmHX9hbA9+0aaebNiA41dRT2Rp/WqPZfOHl
J162X376pdncgE1qM8w8g827yLy28NKL2NSeX67h9wZ78dEXjfGlJffbb79Zp86dbLa5ZhuX1KeK
n/kmzCdu7muvP/u6zeDjzzwLzmMr+xzqPRv7NwAAQABJREFUh29+CAbwHY/Y0WacuXk/+Oazb+zc
vc+1Fx5+oQhnbTSceupxBpGfvV6XHfEve/DqBwNsbbyjvy201ELGBq8555tjHF5NX5+9/5kdtfFR
NvK9kQUY5CE/89ttD962WR4CwI187w99P6RVniP+fYRttd9WmXkI/G3Mb/biYy/a77/9HtJAsyVX
WsoWWrJx82DJjBVFtA3D+tMP3my9TtmzUU47Hfc95pJCP6sHv1dEilYlyg3rrSJfkpnV4gMPDLWb
+7xoZ/f4s7VffO4kxZT7E9pAl65d+4T+gs69V68drdtBU8aG9Tfe/MxOPOkB637I+rbRhsuMd0aA
3j3PecJOPPG/tvXWK9jdd+1t00TjSIrAd9//Yic5fh07LmAHHrBOYYxI001Kv2/u85Lt0fXmJpT9
1KYTZeutl7d77tqnxU0Gk1I9W8KVMbvvk8Ns1KgxJZOO8fF6tdUWtcUXm6soDXnPv6CfffLxd3b2
2VvZjDNMVxQ/Pn58+tkPtuBCp4SiB75wpK3ueOUup0BrKbDr/91gt98xuLCuHp+8VW9YMqzTH/ud
/083lH9sW559tk03Y/P1hOg0+qef7PxOK9tX774bgna4tJet262bosebP/S/D9hLN99kWzl+c7dv
P97gTCkFf/bmm3Zex+Ub92d7+3fcemvb+567beqWDqBNKQSqUz1/+f57e/CEE22Bjh1t7YMObHNz
oMmp7+eG9Tox7UQuJjesRw1AB73gbxfYg9c8aONTaR+BnKQ+x4weE653vuGMG8JJ6inJsP5En77W
Y/ezJuhmgv73DrAHr3rAVttsddvh0O3LDmgY/vfuuPdkZXge/eto+/azb206X7S+OfAtO2mbE23D
nTe0E/uc6Mr/cUr1SaoT1YDszz/9bHssvYd9+/m3IXe4wAoNkTsZEPje+8y9bbcTduOz4Mjbbc1u
9t2X39l1b1xXbPQopKrvB5s8Lj/ycvv2i2+t20XdbMEl6mE0qC+OeWmTHgXg5R+/+dFO/POJ9u6Q
d8frGF1vWDKs//LzT3Z817Xsh2+/tIvuGmqzzl6ssJv0WmXSwpg53n9uusBeH/ikbfnXw6zTWptO
1Aq02tDo48D5+//THuodGZTdOHP353cXPcEx6sefbZs5tg51hQa4eOxQWMe1OtpZ/+3heRuN45+8
94l1XaZrQemW5gsF+T/yU16vAb3sD003lADmgasfsAsPuCAky4JH2GXPX9Zs8xVwu6/TPYx5pDn0
0kP9tpo/hA0Ac8w7h/EXuyf6POHzs8bTCtsfsr11+b8u9vG7H/tG0J4BN+YNJ9x8QtFmg9/cuH30
Jn+3V556xeaafy47+daTfXPBfPaQz//Z1Ajccx87z1btskoMysh3zGZH2+AnB4d8p955mr3i39ee
cm3Ic4nToNQtLR8N+8j2Wm6vUJ5o9rfzDrCdj2zciFYEqOofbcOwPnbMaPv5px/sjivPsIdu/1du
WK+6HSevDL+7IPjb32633tc+by88f0RuEEqad7RvWvr++1/tjDMesUv/9fQUY1hnFOoTjLw3TbA6
A/O++161q65+zjbbtIMd2n2DonEwaRrD8N9x+Z62jRue755MDM+/jh5rn7mRdoYZprWBAz+wrbe5
2nb+y8p2S589pqh19U+jRttSS/3DPv/ih0KzN02NnCcKQXbmGVvaiScUzxPJ+8c1L7Avv/zJ3nzj
eJtrzvF/Lfv3P/xiRxx5r335xY920UXbm24cGIdp/pVToHoKwMvffPOzbfXnf9uQISNtfBrW6w1L
hnWM5Rf9cU376csv7Zg337BZ5iq/rv7lu+/s8bN72pPnnGMTwrDOXP+O/f9mz19zjR0+8AVbdPXV
q2+oPEczCoz6+mt7p99Tdv2OO9rKO+9su93SZ4oaw5oRZDwEsIHh3D90bLMbFyanvp8b1scDA0+E
Itu+Yb1RB9hImmiyyzYlRYXgOC4mZJSO4LJpPf7SQ/367UvvqUxpLwQKBfPR5MrFkaRUfIRvM1yV
p6muWgRQXLwQ4Hemi8omvln5mZk8UHCbMj1z/7N28nYnjR8js2A11TGgVC5MOCt9WkeFK538NB3h
pdJ61FN3/s/O2Pn0yuuchTMwFM53KXhxmnLpiGtyKGz3XHbP2gzPldIixivGPQ4HnzhOCOJnwWkM
bpF/Px3xqe225G5h48AZ95yRPXlK8QBmjEsaH8eRto2638b+ZvS577/+3qbzU4lffPyF9T6pty2z
age/QWE7P034W6Dfan7l7fyLF1/hNfqX0dZtrW7hutoJYlivlcYRb6hZKCp8K6C17RPjFpcZw47D
Y3hRGoIrxatIRiuj8GgtLJXThCc/C3hF+BbCSJeRh2CNH8K3KA8JYheVTXBLaQtZSRjlLZtPmWJ8
QwYfo5ueyCi3+U31UDGqn35n+jXCyiwrCZRhnavIT9hzbfv2q09rM6wXVcwJ0kSTBFzrfwZaJAQp
BYtkpeIqwSSF1VJjFaVvokEcVip/jGf8XQmOpIlpXwpGXFacnvCMPPUwrF9yyCV23+X32S7H7GJ/
2vNPbvj9zdov397BFTfKG8+9YV9+4hs6Dr7Ixvwyxg7712E2y5yzhuvPX/Pr028///ZghO6yaxc7
7sbjghFaY88Hb7xvvU/uHco81PNNO900BXJMN/10NrjfIHv0+kfHGcmdvndceKdd8ffLQx5uNtrx
8B0d3iw2/LXhdv4+5xvG8yzD+hhX/B+23qH21otvWbtF29klAy6x+dzgXc49fvPjwYh+4PkH2k5H
7FRIOuC+AXbK9qcEA/jVQ672U+tzFuL0ZMkss89iV796dYAVIh3360+/3thAyrMze522VyEPH+8N
ec/2X3n/gPs1r14TbgniZH+vQ3vZfZfdZ9Dv+JuOz56jeP4Rr4+wqXxj4OM3Pma3nHOLHcLNTyVO
xhcBbvFHhmG9Ah4sWWycN+GlzDz0KVwT2w3sd7+d+/cdcsN6I1Xa1H81lZCSpCgVrnTy03SEqwyl
kU9art++9F/9KzKsx2XHZcbhlB3H8btcfKm4OJzy4t+UiUvhNIaO+1+vPPff/5ptv8M1dTcyp/il
9Yzrl5WWmpYKH0eF5mkUF5evMHzKvPPOwbbLrtdXVOcYh7TMcnGCGachLC1D6WL/7WFf2LLL9bBd
dl7F+ty8e0mZHufRdwqP8CyYcbo4Pg4vlZfwNB1hcnF5Cov9Ee9/bUsseWY4sX7v3ftk1i+rfJVb
Li6G0xa/x/o86f77X7evvh5l0/t85qOPvrWTTn7QVl11Eb9BYQMb4+tuhr1NN+ngJ9aLb9n4xZ+P
WXOtC+3TT38Y74b1WmmclS9uB7VhHFbtdwpDZabhlKu4GEZWulJpla9UHsVnwSEuK1+aNitNyOgJ
SVuI56MprFTZhJfLQ3zsCmXHgf5NGamL0xbBaEqYlScuI85POOkPbXoio5RhPc2j8sYHLJXdki/D
+phffrGL1/QN659+WpFhnXJfu/9+u3bb7RoN6wd387YdV8MW3+sOSeMc0NApUYYY9xx6mPXv1WvC
GNabqhJjWBK/cdVuxN9/t5gvzqNGiuuexsdxSl+Ln1Hu1yNG2FlLLNlo+L33nswxjKZtsU4pPll5
4jSqU4yTwpSuVFwc7mmFW6GNItiFMJUZ+1E6gkumjeGBY5QvoFxmfffFsGHWs8Oy1W9cCDBVsybc
AmjfhN9CX6EulbrJqe/nhvVKW71tp2vThvVPho+0Aff0NxR3nJaeZ6F5gtIK5eBjNzxmA+4fYGNd
CccVyF1P7epvfze+GRVI7p166PNDQ7o3XngjBE3tb2ltsOMGttmem9nc8xdPlMf6JJpTsJd2d+WY
Kykv7HehrehvW6NYlAvvNDYJTsIfvu5hG/2zn87w00Cbdd3M5l143pD06XueDldLTj/D9AFvFG3g
LscbkCg5uZYZw1fHdZa3FdZePpzCe8yVbYP7DfbrTBzXHTawHQ7fIdSftxypN26VjVYJMO+86C77
/IPP/PTOnLaNX/+97rbrZg/sVdJCeHK95suPvWQoIHEoJVf/0+r29otv24lbn1i5kVkFlvF//O4n
e/GRgV6fz0MdFvd3NFdYb0V73q/mD/X2Oqyyyaq2zMpL2y+jfglXfqKU5Y+22O6Q7Yy3Mp+6o5/9
786n3ZD4ldN8XtvjpN1tuT8uV4D8g594pMzX/L34d155J/APtN5i7y1ss702D1eVFhL7h3SL/73y
P3bRQRdZo+L2LwW+4E3O6Z0/4wnVcw8+Zx+88UEYvELbevvi3vY3PHnLU+2+kl+butwa/iZn5DhZ
/OgNj4Y2J7jAH01lREnDp/B7Z9AwO3D1A21Fp9k5j55bdDIL3DLfGHWafuhvkva9pa8NfHSgzTbn
7EHJvvw6HW2jXTayRTv4VWNN/M61rSjOp/G3SqE3182HevipcsLHOO2DIt/Tb7nfln7FcfGV45xe
fvrup+3Z/zwX2gaaw8fzLTpfuP3g79ccbSuuu0JavcJvbRzgKvgsw7rwo1zwQF5wqm3jv24ccKZ+
w4cMDzhTKKfgN+26aTM8CwDb8Ic2GSBXOIUX6J7i622L4uCXH3+xQ9frHk6s//vlf/v7sb6T1+Pk
MJDUy/GMBjcnqO25Pnibg7Yp0DwLzq8u/1544Hn7n/PGh299EOTeUp2Wdpm+jL3w0EBbY/PVQxlZ
eSsNY7fwk7e5/PTr8MGNt3qDvHb5MNBlzuN+2vH9oSNs2umnDUaZDf+yYVHRyIx+tz9pj1z/SJAX
RC6yzCK25b5b2iobr+r0L0oeflAvxi6eM0AWwZcrrruirb3N2kH2j/p+VDDaFF3NX0V/jMeYH7/9
MVypfP8V91tnx31PHwu59hl8eTeYWwOQj+8Mfrcgf35yeRvkqJ/OXNCvIT7g3APCafCbz7454Led
n/rc+4y9bVY3hMWuGlowfve/6+nQ/jPPNrN12qiTPXnLk9b/vv6BjlzpvOtx/+djccbucqfFlyO/
9DHhRfv+q++DHFrEr6lmDLjpzBvt1nNvzdz8xiaTZ+9/xh71cfSLj3wsccf4uNkem9r6/i7z9FlX
NtYIK6ZLS99fv7yhX/881n7++Uc7aZ/1w4n18/y01hxztQvGTOWfZjofSzLc9998Yc8+fqcNeuZh
30gz2n78/mvrsMJats5mu9hyndZ2+mQwYUY5lQR9/tF71u+BG+3F//2nkHy5ldezTbbf3xZbunEs
U8SwV5+3oYO8jadvunrP8ei81e4+js5i/3vwJvvhu698M9AMNnbsaGu3YHtbc+MdlNV++v4be6n/
g/bm4AE24u3BoV5c47bRNntbl633chndWOaY0b9a3/uv9XFnTNPfWHt7yLM28Kn7bbu9jrWNPO3D
fjL2mcduD2Uf6vyx0lqbFODw8cGwV23Qs48U8Px51A+2/hZ/tfkWXLwoHT+QFwMeuc2+/qJx3rPC
6l3sF2+3B/pcZF+MfN9mn2s+22ynA+2PG2ZfE/7bmDE20Gn3P6fhl599GMonT+et9rC1N97R5cwM
BZj1MKz38o0m9/3rXjvyyiODTCoUnvGB0frgPx4UrjK/6d2biq5g54ryYzc/Nhihrx16bdHtJiO9
L+++1O5h/s2NMXLMP2C9Z+57xk7Z4ZSCYZ15BSezGZuyrlSXUZv4ywde7pvEllGR9pLPOY/Z/JiA
x2UvXDbO4F1I0fyD+QUG65U2WKlIsfL91z+E+n46/NOi0/SU8L7P0fZZfu8AJ6XFAOqz/clBXp9+
V/QMj9f31vNutauOu8pl6vbW/ZJDCsiozpx+T434hUTRh2g2Pgzrn3kfpv++8/pA+3jEmw51Kptz
7vntT7scbKuss4Ub9sfJi19/HmWP33t1wKzB5wx/7LK9veX9q/9DfeybLz+1hRdbxt9JP8baL5f9
BBK3cAx5/nEb+cGwUMacc7ezTmtvbu8OfdF6HrFtbliP2rwtfL43/Cu7595XXRZOY6NH/2YLLzSH
7bLLKvbJJ9/ZDTcMdGPTazbax1GuGj7llM1DvPB29rfnnx9h19/wor3wwvsheJppprKddlzZ9txz
DWvXbjYtGcI0k9sdkA/dD73brrjiGev3ZDdbf72lwtxUZbI2ETdizLru+hfs51Fj7aeffrWue6xu
Cy88ZyjrnntesfeGfx1O2o5xvHfddRVbaMHGmyvAq3//9+y559+3GWec1n79Zayts84Stvba7f0U
3sd2w40vWr9+7/i6aCrbcYdOdvhhnX2NNY3ddtsg+9jrDfyNNlrafvxxtF140VP2wQff2HzzzWoH
HriubbvNCgX8hDN+NbRQPvKM8no99vjbNuydxvV8u3az2p82W84GvvSBbeOnh+t1FTywvv/uZ3vk
0Tft/Q++De3AlebrOl0efHBoqDeV2MQNhyt3Wtg4TXj1Nc8FmU2b/Tb2d+vWbT1fV4/1q4Jfsbvu
esVGfvq9t8ccdtKJm9kf11hM1bJvvh0VrvvvP2C4vTL448A/vF2+z95/tL32WtOvym58pkQZwI1x
9sorn7WDu91h55+3rR1x+IaNfOGR3HIwvc/HxRekB2dOkIMz7Uo9cC+97GvYJ98ptHvnzkvZGquP
w400X3z5Y+ABeB4n/ljHy8lywAPOy4M+tNXXuMDW9/fYH33kQOefcTelMXZNG/1WOeR9++3P/TT+
y/boY2+G08zUB1j0sw4d2hXq9fU3P4W+NO20Uwd6c938jDNOZ784za/3fvCr8zltMbX/22+/tWwG
p0nsqNdddw+x//7n9dA28PdGGy1jiy46l/PR/8J7yaJTnE/fw975wjos26OkYZ12ve76gaHe4IG8
mHeeWWy3v64adArw1pBXRwbaUyan4PfsukYzPAWvLfvaZLCrt1Gfm/cI/SDFl7ZFpv3446+27noX
hxPrg17+e5B78LPcdC7T6uX+689ovPnWZ4G2lMn19AcftG7Z6+fhH57fuPvuVzzv50Hudeq0iF9r
v4g9/NAbtvnmy9lBLtta46jvrU3yk3b/wU/U77nHGraQy+tHHnnT+f9Fe33oZ2GcoW9zK0Ls4K3b
bh8c+By+wnVYZj7bd9+1bOONOxT6SJyHet1zzxC7+eaXCvy+7rpLBhn97HMj/OaPX+xUH7Piq/kL
/fEW74/Or9wu8LtvhFx7nfZGW8f98W4vm/GR+nz77c8+Jn7v49aAgPupp/7JHn/i7YDvyy9/FG4N
OMTl42CXd5I/37m85WmBa1yOLrnkPHbeuduE0+A9zn7Mnnvu/fDkxRlnbGFzzjFTXK0gPyulxXDH
707v84xzs882Yxi3+njduIkDOm6w/lJ23HEb2/w+FqcOWowc+Z09/PCbYUMJfXqZpefzMWAZO+PM
R+3cc10XmPHMAOMym1BuvHGgfegbUHDzzTur7eHj8047dcrs77XCCoVX+O+CqQ7z/jjWRv/4o/Va
d71wYv3IQS/brO2K19XTZqyrX7nzTrvhLzvb9m7sXnDFFex/F19s377/gc0y37y2vhvB/7DFFkyb
m7mv3nvPXr//P/aBnzz/4s23Qvys87fz6+QPCXniuTVjCPixkfaeQ7rbM5dfbgc/1c+WXH99l/fj
nteadtpiHXIzoFUEjPrmG3vjgQdteP/+9skrr9hvo0fbVL6u/uPee9sae/u6Oromnz48+Nbb7NuP
G9e6S3fZKNDyfxddVKDFOgceZCts62vdJlqQ58Xrb7Af/XaAaWdoXMsCY/U997RZ553HPnvjDePa
+2mb4BC36m672ewLFB/6qaJKISlw33va9YQDX7QG17vPNMcc1n7ddQKcs5deJtuw7vT//O23bFCf
W+ytRx+1mebyuaTnbb/2OrbyrrtYOzcYq14xPhhrX7vn3nB1/w8jPw30W2LddW15p8P7zz5rXI++
2amnBFoOdVpTZ4wF7ddZx5ZwnHAfvfSyDevbN+A31stbasPOttgaa9jYX361F651fYbrCfj73flg
xLPP2Ov33W9djj02tNGAS/9lg29v1Gf89aabbNlNi/UZ8NWI55+zl7wdPnjhhQCPNl7JT+6vsdee
Nls7p3VTe43+aZQ9d3Xj+g5YK+24g4145ll7uc/NRt3m7bCMbXTMMbbIKquEcvQPeuM+GjTILlpt
dVvCefaARx8JtFAa5kDTTFs8JyEO+sGDQ+6+K/QRcFu4UydbZLXV7I2HH7LlNtvc1jn4IBVTm9/U
tyanvp8b1mtjhbaWq00b1h92w8D5+5wXaEYnx2iwxT5/suO2OC6E0anV+Q/650GFkyoYNTh5/qBf
Q0ma2Cl9z4d6utFmjRA1uN8rdlSXI+Nkmd9HXXVUQXHJVbFcz8xbiziUmrytiCH0r0v8NVxhKVi8
76irIQk7fsvjw7uVisdYyxuTnCQSvoq71PO2X7G9bT371oW6Crk0bfdL/OSLG1BiVy0tlHfoc0PD
VZz8TuEoTb2ugq8EFjjsfeY+ftX1X4PRep8V9gloQKc5280ZrvHk5JbevCSSOL3HOY0Ldp3e5cSR
6qS6kHb5dZe3C/peUHir9IuPvgjGal3BrbSpH59Qopy4fWNDsN7tJT/pYp5VmSh0T3UFtRzpStEZ
AzensTBolnOc9rrqlauKFOWcsOpzdp9wCo28MT2Aiduvx362y9G7BKMgSuv9VtqvwIM6LYohdZ/l
i9siPRn9udPx/xbbNZQZwyFAsLJ4N2Ro+teSYT3Fj2ycRLvpvZtCvWkTjKhy4HH3F8XX5Squrfst
0QL8ucr26hMaJ1Pl6nPloCttqU5LlUtSURxG9ANWPSD0PzLQrvTLlBfiwshzpMvd1we8XsR/yo9P
/zn97siwERdQ4bdkNf1Y/Hbmvf5et99C8fhNjxVgZ+HMJqjDNzg8QMri3Q126mxH9z7aZp513EIZ
I9TRmx4dNleRUfkEm7CUNtX0R+i274r72ifvfkJRwWXBiMNOveNUe9qN3GwwEB5xfFY5jGeMa3LV
0uLh63z83ve8AjzKEUy+RW9OfcYnSYlj41zPvXryWcgjvEOg/5MM0m/emj5ui2OLxgDFCVavZ3r5
e8YLKTj4tcAqKqCCH70Pfd5uvvSEFlOe5wqS9h06FaV76ekHrOfh24SwIvoR4v1s7U12sgNP+rfN
PNucRflq+fHw7ZfZNed0D1mLYDWNCV2POM/+vNsRoU2gaY9Dt7JXnn20qI173viCG5/ntYP/vGQB
BcpaZMk/2Pm3sGnQx+Kmk/vvDxtCA2sNGNJT7rKd1rHTrvRFqSscRn7wjh22w3JFMCgvjFJNeJEx
hDX9vvjuN2yhxTsU4F973uH20G2XFsrn4+wbnrOll2+cAxYS+geGwq7rz1EEj3jRQ3y4z9EX2xa7
jjOskuarTz+0f3Tf0j56b2ghPeE48s3hRsce1z5j7RZZIoTV07BeiYH2V98Iesja3cK8NTWej/px
lB2y1iFhI0saJ6Nx/BQLG0D/6dfQX/PaNWHT3Nm7n91ovPYr2688/iq7zTe/rLDeCmFOxYa82CHv
ztjljGBEj0+Lo/DkZiA2Du13ls8/jtnVNw196bSc2uZecG43mhfP5+Mys77ZWMSGQ4zdjHVzLzB3
IdmXn3xluyyyc2infz3/L1t2dVeyuGOz5Dl7nePvwj8R5mictC84ZzrmmWxiOumWk8INQYqDtget
cWCYn2Zdb6908p+64yljTlhJuylPeb/xxPrnHw+3btssHZKKZ/kR+Nb7zf8dfKbtsM/xhaI+fOd1
O2rXTmX5nXL+0ftp67CSb+KJ3NtDnrMT925U0AuW+kdI5vnyN9Yjgk3kT2QmBrt99r3Vv/w0iQfs
vPPKtvdef7QttrwyYEc70obu2T//6QbPwzYM4ZzSxEB+tV+jTZxLxBDOP6V/6MEDbHM3EgMHQ3aX
jf9VSJP1QTlXXbmr7bvPmiH6Rzc6L73MWeGqauKu/Pcutp8bWn72GzY4Wfv55z82wZrKnhlwmK21
5uIhH4bLLbe60g0nbxVwOc+NtTPPNJ0bbu9swhc8G+U4eVdYYQGbfY7jQ/oYt5iPweGSi3ewQ7qt
Hydxw2fltFBGaPKcG3/WWffiENRIw0aclIawehjWK4EFzNCvz9zCTjh+Uxv6xme2worneGgjX2CY
ufXWrm5cvzPExfhusMGS1veJbuF9ctpmrbUvDNcIN6bxSgTXWM566y4R0k7XtIkXw8zqa/wztGVT
wkzv/3b1TZQ37hY2So1r3zdDG3I1+z1+whqDxa7/d73d4YZ/8MbFPMtvQu/zzSI77NCbn+4a05Wi
M0ak7bfvbQ+4Ib+cW3TROX0TwdFF14CDZ48ej9nJpzwUsoqX+KE+0uOsP9vRR28UaPfa65/aSp3O
bYqbqnCjAxsIll+BtmjMN//8s9kbQ48rggUdF1v89JAmhkP94HNcr0ua825jTOP/lgzrrw/91FZc
qRE/5Zt99hlt+HsnOy4zhT73sBtR5cDjyy/+YXPPNbOCJhm/JVpQkZ7nPGHHn/DfFus0eNDR1mml
4nVGi5kyEsCLq6xynve/z0MsPMRGnHLXz2N436jLpTbgmRGhf48rdhxfbE3/aeXTBmzEWWppv0q/
SSYD57579/NbKAbZjTe9VCRz2XD15hvj+Lf/gPds/Q16BdSyePcvbqzt3fuvNuss4w5oDB/xtW2y
6WX23ntfFeWDJnIpbUJ/dKP2ySdn90fy9eixlR1zdJewYQH59+67jeUTF8s8fuMa8W2k5Z137OUb
job4BoOXC31OMjDGKy5n//3W9nFt58bC/H+1tLj2uhds3/1uKcBrxCn893+NeEGHV4ccY+3mm42I
4KAShvE99+oTfsc4NaZo/J8a1pEzf9riChvqmyRUt8aU42A9+8zhtuQS4w6P1QorxqOS763O/dke
PL7ldfVRgwfZQm7Yi50M6woTH6rd/nLllbbW/vspOvg6HR1+ODEKI10TD27xj3/YJieOw+fdfv3s
so26FJWR9WPnq6+yNffdNyuqqjCd3h05pHhdHXqI49jejcMHP9nXtIGfa7RPmG32MP7EgFJabHfJ
JbZ+98a1bmYep0X3/k8Hw/IL115nt1EX9csoLoZRzfd3n3xiV22xpYV6kbGREcfB8KD0KnjWmI/3
6GEPn3xyAKU68UNtvKXHY1SeOtog9/XwEXbFJpsYGyhwyqc8hLFxgycHZp5zTrva8XrTjfbUN7zz
3nRq/sZddrVX7rijcbbhcdtccIF1PuJw4wT4OctWp8841q9jb7dsoz5jjBvm7+3evdFYHvEgeAnH
/R9+2JbbfDOC7NPXX7fzV1ypEBcC/V9ar+4DBnj7Na7v2PRx7Xbbu3H8ASXP9OdYZBE7asgrRU8v
sFkAnh/h5QkGmcWDfAc63XN30AXxuxb3RM+ek13fzw3rtXBC28vTpg3rnCwc/upwG+mnTc7eo0eB
enRWFG5r+NvT/e/tb/deeq+desdptv4O64U0Vx5zpd12/m2hUx/gRusuu25kM88+s334xof+HuX5
9u4r74Z01711vS3qJw9ffvzlcEKGQAmmWCCExP4vPRGEMe9/d/3Prj/t+iLjJ8bdH/ykzMt9Xw5x
qQHgK1foYXzhVCF55YDJNZsL+QlCDGMoBS8beFk4HfnR2x/ZIzc8Yn169AnJl1tjOTv4woNt9nlm
txtOv8H63to3XJfZ+/XermAft6iplhYUrpM8fGOc3P+cv9mC7RcwTmJDa9GolMGXfJW6kX7F9+5+
xTcOWPv13N9m8k0GnGoc4G+MA4v6HHfD8X4aacVgJMWg/M6gd4xTymxGGPneyJAf+q27nZ8wOGhb
Gz50hF1+xGW28993sf177hd4AcP6IWsfYpxe2utMf4/8z2uF8gY+PND+8dd/hDLiTRAY1g9a46Bx
b1s7Lll8wenu+OpP2vb1Z4YGno0N61+N/Mo+fPNDP4H/VYjLoh/vinObAYro1555za469qoi3gpI
Nv2DDjJMEqR2SXHEsH7l4CuLDOv3X36/XdytUcHT+S+dw+lUblzgVK/4iTKF468//2ojXvOTKs6v
zz/0fJFRC3zBBUP9Wy+91cyYKljA6XZht6Ag58RuXzfyXey3AIB3916H2nbdtgVkpmvJmMwJdW5S
uOBvF9gIb3sMl9w6sdhyjScXoP1lzg/9bu9nc7Xz91RvOzmcbktplQm8jQW2RAvQveWcW+2aJsN6
Kb4gHafY62FYpyzw+vIj38XqpypO2/E0lnjNeIF0cm8OfMvffz84yK2zHzjbllhxCTe4jbYhTw0J
m6fAux6GdeBxgwQnn+FR+FcOg8vhlx/hO0fHhqt8Z3IDOacNZ5hpBvvIb+rYs0PXkJRbLw6+4GBb
cqUlw+0Mff0GkUv96l9w5JrjQ/zkIryEEZ837bXBZ/eT9/CbR9YPxpqHr324ID9Tw7r6CMAq6Y/I
mAf9tHkYD3x1d+a9Lr985soTHTjq9Y/7/mFDnh5i/z763+Gk6SG9DrGBD79YGEsP9M1oK/hNGD12
6xGuZSbfaXf6JgaXPZSD3MBohlyuhRY/ff+TvfXCW3bBgRcEGQ19gLnutuvYOy+/Y6e7AQ36aVMa
8HH97uhnZ+5yZvjmKmg2nk3jTyDcc8nd4T1k8XM8rsabpsCXTXCrbbpaaJNX/jfETtnu5ACL0/kY
8mnfWmGFjFX+633Y89bn0hNDLuGfJXvO9VNO7TusVCj9nVdfsOP3alzszLvAonZ4j1v81PgKfqLv
B3v6wZvt5l6NhoHVNvizHXN+6xYqLzx5r53390YjYpdt97Ftux5t8y64mH339Wf235sutAdvbVSE
HXXO7bbWJo3pvnRDMqdVrzhz/0Df+RdeMlxxzwmBGy48OrxnHtr95Cut46qdbYFFlwp1w7B+4l7r
2OefDLddDjrDVl//z85nc9ngZx6xi3zzHO6sawe4IW+t8D3i7SHWp9cJfmL/IYMOR51zhw19+Sm7
8eJjQ/xq629lu3XvaXdfc5b1f+RWO9DhbbzdOEXF9/6m/QfvvOY3FswU0oTNCjc+b0t1XD3kT/99
8v4we+qB6z3t2SFq6RXWsL2OvNBmm2Mefzv69ABjnvkXsQvveM1mmqVReRVvFph51tkdh6tspTU3
CTw49OWn7dwjtyvQ6ILbh/hNDjPZxDKs/+i3cFz7xrU240wzhvqx6H3MNxmds2fPIDtKGdbX2mot
n6MeGm7UYWPSzWfdZNf7PPrXUb+G+WrHtTt6vWawIzofbm+/9LYde92xtqnfFpHlGC+Yx63xpzWC
jCENb8Efslaj/OQ3clIbG5FpZz/Y05ZZpdFoTHw596srIE7f6XR7/sHn/eT5Onb6Xaf5ya1pCllQ
vJyz9znGLVHIDOTQQkstFJ6C4hYe+JYT8x1Wa1RokJE8l3S/xP5zxX+ajZ3E9fIbrzC6T1zD+gg7
ZNulwyaOfY65xP7gt01ggHrwlkvs7t5n25zzzG//dP6bfc7GG7ZQoox4a7DddsWp4UYM6s2tEVvv
foTf7vKd9Tqlq33qJ+DX23xXO9TbW3Lro+Fv2BE7rRDoCb/vdmhPa7fQEjbINwLxtnqQc15Wblgv
sFyb+Pjhh1/t1ddG+sm8L/3E2c0FnGjXY4/pYptttmw40f4vv7r9Djcc7LCdK+U81THH3G/n//PJ
0P7/PH8bPzG+ajgxh0F2//1vtVeGND7t8P/sXQWcFVUXPyjdEhJSgiAhIEhKiYRKCIuS0iC1SzdI
Nyzd3R1LKCrSCoKAtDRIw650l993/nf2zN43+97ue48FdnHuD3bm3Tz33JiZ+z9xjH0Ov8eah+vX
H6PPPp+s6nf1zOMmFcjQqKGxzyMzwDxoR/fu85MDyPzXkSt0nc02b9x4gtN+NkFI1QD/ucSaeGdY
o30DaxX26v2TRCt6x4//mjJlTEKDBm+gvXsvKK08aOodPxHIgga7aOCg9Sp/gQLpaOQIH0qaJC71
7vsTA8t7Wfs3MR0+1IUSxDfeGTzlRWbmBQLoF7AU4OSQIRXp3QxJFIA7btyvvF6M82JXgK+qxM0/
4EPG94x3KLQ1eDA/X+PGopWrDtBKtlaAthA/Z/Y3BJAcWpyw2reXtS9v3LhPzVsscwCwfHxysobr
x3T48FXl57ljh5I0eFAFxVsA64ULjyIAX/0ZpK9QIQcl5voAuNaqNUfl0YUgANTkLzAiGFg3wBnM
A+69Q+9gkWDeHANYR8KZv68xWHhGzVkB1mFl8PKVW3T0aKDSwK9bd77DnJEKH7GmK6wZQDN8G2vV
d+m6xmk+5AeY+emn4xUwid+u5i7mxb69HUywG/Ni4sTfyNdvuepz1aq5qW+fL5SG/8ULt3g+/czz
6U9OA+D9Ffm2KMoWjJ6otdib5yv49cfOtspSBNoFvQBJBw1eT9CQtQLrE1mTFkIjaGfUSB9KlTIh
3ea1DZCveXM+0GeCxo012kF9zkJ4YPJj/i7avfsCfdtkkQLWANht2exHWd9PoaqDBYM2bQNoCWse
Azxdsrgea8xmVP131l5kjguPF6B98NAN1K2bATa4mhfIBy32iADWURfogpl6WHCo8tVMjvlfmMD6
rt3n2P/7SEqTJjGt/aEJ5fwgFVs+eEpbtpxkgHSKms8RAayDNgiAXLt2n/fPX+hH1oSXAEGQSROr
qvkLYaz48WMy0NuZ4rA1BuEz8sp+mysX08hrdCGvj1acH3MX1jLGslATnkt37z1m0/sjgsHdaAyU
l2XLI7mU5vnMmTtpbPD+aQXWJ/AagWAQAjTmoS0OixsXL96iPvwMQXsI2HP9eD1ij4HgGJ4HWKcQ
FMA4V6o8XeWDsNHq1Y1p69ZT1JGfh9B4HzfuK6UBXrvOPJUHgj2wElHrm7nmHrp8WQO196AejMvh
Q53Vs9MbXtxmywCwFtO02VJVP+hEm5Ur5VT7RNVqsxT/pk6pxkJpIYKQS5YabjdAJPau4f6V2JrY
mzRmzFbazHMDPEfQgXVdaArPi2lTq1OZMu+rMQEP0B/wB9r5GF8IsiF405Yq6OGfCkPZemk3A8gO
az1Ciz0sYD194cLkM2Y0xYgTh77v2ImO/PgjATTs9Ndhip0gRDgBwPrAjJkUsFqZNd0zFjPerX8d
PYY2MEgLwLXjoUMUn7XeEY6v30BTyhoAZ1j0fQ0Qv3HI96qHbDCzK2C9UGG6ceYMfd6vHwOYFVhL
+y069tPPNK9mTZWv1fbtlL5wyPtW4PHjSgMd9COkLVCAKo8cQXGTJqV1vfvQ3kWLDF4wQBs7ocGL
wGPHzDSUafLzT5SZwWg8j6HNfXDFClrUwFC4qjlnDuX++ivFW+T1NDy6e4/N/Bekq38Zwuqlv/uO
tcKL0BX+vaZ9ezX/UKcVWN82YSKt8PVVzeWuVpU+79uXEr3zDt1i7fx1fbhfCyFcSspiQVE/I5+1
rTIMyudkDW9ouf8xYyb9Nm4cXghMYD0e8/Ya8xoa4Atq13YA1m9fvkyBbNEAQgFIqzJuLFs1MNqB
JYEfWCDkKM+zxGnTUr1lS+nUlq30PYP8CNnLl6fyQwbT+v4DFP+rTsX8aKzS1vD83Ozvr14Wv+Rr
npo1eFwSKq35xY2/pctcN0IXHqPkrI2O77tL+/bRTz17qfaQVqBhQyrRvh09vHWLFtSpS9dOnWIN
/hpUm7XYsd+izMRgcBz5Xc1dBazv30dxmQ8Szu3aRaMLFKTEvH4ar/2BrUHkpKePHqn+Tf38c1VX
RADrGwcPee3Wvg2syyyK2tdIDawLa8X0MX7jAGzIz0MoG2vFSAAYI+aHdaB28E9DFPgu+XCFtl/r
oq3p6K6jDoAIgEFILY31M0zBC8CKeARoscAkvTWE5W9c0nQAQC8v6YjDgR6AQDEnjzi0rWv6SP7s
hbLTUDb3DRAIAQBz/Wz11QHkjEMzlM9HxHvDC2ygvav0Vmb2QdOY38aog1bUhyBmOnEvoCvuvQ0w
qQmzvujToLWD2PRwfLOqVQz+jmHwFwDPrKOzHMyWIhPGEsC3aKB3mNaBPm/wuVkeYKuzMcMLJNJg
xh8hXqJ4NJf9ac5mv5rWPsFfKV4WNrIJ44G1B5jp4c0LmbM6sC6ESZq1LUmXq7v5kB/AYQM2a6qA
SDZd6hD4xVs/UL5+5TpVTV1VZYFf1m8HGf5CpQzmAMZl8bDF6mBb1yiFJYiAcQEOwLqUQ9omNpmt
aymjrmGstfoza6+iv5VaVHY4PtnDwiWd2exr13ndqFRN15Kd7oDJoGMrH/YDsMOB/LQD0xlEN7Q4
QcdQtn6xjq1gtBzHIH6E+DSVnr/cq7u8wNyFKfiWRQxT8FP3TaVEyRPhu9wM+v5iRkbADeYPXGXo
c8Fa7YYFG9WaKlTBMO//Jq8zCfAjj7VdmNMAeMhhvqR7e5X5i/KVeA40G97MfHaAX/o6kbwFyxVi
9wN9TEsW0rbsx/gNcAnm4dHnYcFWVkZvHa00NiU/rrKn6cC6t+tR2odliZpsUh1zvG+1vkrYCwBU
AQasZA8RAYUg1ur+hgWZlCWPDf7q+bJmsuHmog4LAdTvU9/cV0GXjJ83vEB/9T0aoL0IvyFtxdgA
Gs9mrMs1LEftphpjDJPO0MYHmIbxgRl7fY4qv83tJ6K4wx60nc2/92DwHHyFaWkA8nrQn4UQwiv+
VTHyti29Xnfv4WP9X6xHNinevUFRZQref+FeZVYc4yZBN6uFd46+zUrT4T1bFMDcY/zP/AwMeT6i
DMyhD23no4r3nbaZsuUpJlV5dNVB4WpNelHVpj1DlZ8/piutnD2UAJ4LMCyZAK739zU+mmqwRuwH
+UoySF+FYMK+/dClVJDNSzsN3PcnbNr+8aMHKjle/ES0ZEpfBq/7MiA3VpmulnIzhrZWWud9pm5i
kL44g7C3qVOtj+j2zSCm56AC3HdvWUNDGMC2lpU6cJU8g8MA1vV8APd13t+9fYPafJWdBQ4CGVg/
yJr42VX1u9mn9JD2PgrQhNY+BAD0EHjpb/KtmElFgSeF2Cz+qwLWlXAhr/XY8WIz75/QJhbMPLzd
sBwCq0dYd/qeKxrrIF7iMW8BdltBeAHH8U7iqeCWaNTjnU7aypgzI50+eFrtb2h7Kgs+vZsjg0p3
9Qea72MZAIfAEspAWx1CUdYAFzafxwl5Z5R0lGk9oTVVbFpRotRV71so8JyXsZjlD5XmUIvx40Vp
rJtN8fg8fHif3W484j00htIO6NfiM+VGYdAcCJV8ZGbFO8GMYcb6qsxm32u1HGiO88lDu6hrvUKU
Mk0mgkUN7EHYy/w7fq32H8T3Y212APYSDuz4hfrxfsCV2MC6MCWSXQGEZswUAr7C1HXBAulNKgHG
iOlpycvDyaaEm/LhelYzH24AABYtNpp27TpPfn5FacwoAxCBOyJ8P/m1XK5MwQvAinjMOWgUxmSh
OT1wtDJH78zfeEjaDAcQUspLemWf6SrqvUzJWHPez8GcPdqOHixgo+eHeXHwIH48A0CHme5s2YdQ
UNBdOnSwE2XPllLV6Q0v0M+vGBSD5nQmpmnbb61MU72g4ZdfIIQwCcvFJeArfQzvivoAHMOsL/oE
cE1MDyNNwF+AK9B8jRsnpkOVcAOQv8DwYA30aDR9WnVqwObcJQBsdTZmSH/McwZgMQKAmL4MJvft
93OoPj3jdxvssQt5P6lTd56ZHta8QJ3Cex1YRzwC0jKxMEF4ggnu5kOdEBrJ8cFgQnsAx/SPV9Cv
f7MAZE79Ti81hp06lqJBrAmLPBIwB7p0WUPD/DcRgEdolMKcMsakNfs3HseCLDqwjnKSBqBKB9bx
7G3YeBHNYu1V1V8GBfWwYcMxKvvZZJo/rzZB899VEGAPQKsrH+sou4wFXQDYWTVhFR2NFhLMxYcH
4ruiIbLEu8sLZQqegd6Pi4xSpuBhtcAYR4yWEWR/kd8RdcW6hsZyWBrrMAv+Te25VJEFXAICGqr9
V9q/yAB9PhZqgfDLVNaa1uen5PHmKv65UbZFiyI0Ynhl89kBfukuFCRv+XLZ2VR9QwXu6m2uWXPI
BLKPH+umTJXDPUiDhgtVtl+3tiJYwdDDhEks0OK7XAl3iGb8lau3KVXqXipbJxYYGzzQEASScpi7
nZmfw4ZtUvP6EAPDcP+xOrj9QZy/S+dS6r2zavVZSjP9x7VN6PPPspG4DRABBQgLwaIKXEZsXN9C
uUmYPGU7NWMBl549PqM+vT9XAjuw1HHlyh1z/LzhBeiH8A/qOnDgstqXqviECGOPYRcQrdsEsBWY
QmwNxhhjuIyANj6sC2B8Ro/yMZ+BqG/EqM3Uvv0q3DoA68ILrPvdbCI+DbuY0MPZs9dVvxG3bGl9
5WbF27b0et29h491vIs+gin4j4soU/DtGeiLnzy5GjepR/+uljjRWLdqccPE+bAcH6hsHQ4eZLPa
hmCclMOmDKWRx/f53ZoBQ2h/v8HmsCeXKau0dNuwifi0+UIEtgFSwkrbCpiCnzCBWrHZ7/SFCinw
EnUCtI0e0/EZbLblzU0wfU/ZBPvTB8Z3dWw2m76uT18FKOsAr1Qv/uZBV9Nf1lGs+MY5A8zKD82a
je4EBlLHw4coZXbjWxflgk6epMGZs6gqWmzZQpmKh5w97Jw+g5YwEJyjYkWqv9KF33NpPJzrr2yi
f2Wbtgo8bs7a9mnyhjzPAGpPLlOGgeHTjqD2lSvUJ1VqVTM00ssPHuSw12Htf9+5C20eNkyB5DLO
u2bNMgUC/H7dSu8WdXyuClgvGusA1hEgcOHKz7ukWfkewO4GfmPhDN8t7BqgeHElkDAiT166GxSk
eP0WA+4yLlJW6kKb37IwQ1aec3qAtvhYpvk8g9tF/HxZWGSM2W9pz8oPAcKTZsxIWDsy9lIvzNwP
zZ5D8bc+m3bXA54fmNt6+JPN7s9n0/8Q6qgfEMDvSCHpNy+wCw02h5+9QgWCsMDzPn9et7VvA+v6
TIq691ECWBcgCZrLAHqh2egqQIsGpiQRcDgIX+o4oJYAoBXA4P4t+51qQwqA4AoMl3rkKu05A0kl
zVVdku4MVJb69avkt2r44SEBTV1oMOptSX7U4S4vlOZfsMbluN/HOQgwCC1zAEJbtPQlzZMrwOmO
ZTvRfjYpCpP32QqFCEugHhGCuHL2ignw6PXrWoo9FvagT6p/oieHvucXDmhwzuo1S41/6AyuhQWE
l87G2Vk9MmedAeuSFl5d7uZD+5JXN9XqjC7EnT50hr5ls+4AoXTQXM8PYQ0Am7AGoI9NWOsDaVZg
HXXCpcOwBkNV9cVYexdCMRCggGZzqndTKQ12gJJhBemfM37q5ZRVAjZne+rAKWrYH64DDGsIR/44
qjThoK0OTb0EbxmSl3rZqHLvLi/QH1kjOkj6Mvrpai7obZ/heQj3AgjwsftxxY/VXICPKswLmAfP
wACKbqZJL+/NvcxfCJQAkMahr7MgfAPAA8GeViyM8fDeQzMrniNXz12liRrIC7/wsg/X6FxDCayY
BYJv8CwaymsBIBZAJzzTvF2PsifpzwPp36TdkxRPrXMF5uPrvV9PmTCGr2T031qP9F3mDLS7fVmL
1BNevJ/P+ODS65pzfI6pmQp2wI1Eg+zBwkDB5v7FWgr2JgiJJUrGgiBawDOh/aft6dC2Qw7POuk3
ssInMtqVgJd3lJvUcZIC7GXf9bYtqdeTK4B1BAGwb167ojS747OWtqsgwPHVi6epz9TNDCaHfLhK
GTz7h7WvogCueu2Gs5l2w22BpLt7hX/kVj4GWPJJxXqUr8SXbJkhZL5HjxGT/mKAH+bUYc581PK/
yEo7BAB6Ny3FJwX8oA0ObQctZD/w1eSnwxVa3EtYSxblnAUrOC7AugDizni5Y8NyGt6pWpjAuuSR
epy1jTjJZ9V+B88n92tCG1bNIL0OoQ9lO/gvd+CfmoPsI37uqI4KkJe+vSpgXYQRQSv6o0I0UubX
q3Wo5iDMgjQB1rPkzUKVW1bmZ3cMWjBgPms03w9lDUfAcVib8hRYl3bQJoRoIUAKayFw89CVXUDB
Gg3ecbrN7+YgBIX8EtCdhYMX0PTu09WHO9xg4L0jVOB8S0YsZYseALSiKQsXeA4tYmsv4AmEBsbA
dQQ/iyTAtZLSxmfrOKHAc64vMgDrWBc7N62gxRN60lU2C28N6KsrYP0n1jS3Ws14eP8uA+uF6e6t
azRy2WG17o24QnTxzFEaMGs7Zf6ggGMz4C0EZKZCQGYMfV6thUp/7vnu2MoL+hWNPo1W0ru6/x3l
XblXUOr4iSB6P+tABYD+9msrpdnojAweSjbvu5+qMbjAU4dGsnZsSgYGIbwiAb6roTW4ZcspBUKu
0MwMI5cr4FDK61dpr3qNWaFA0pC02aFASNQh6aDVCirrbci95EdbYnZe0gCENmmyhGawRqQAnpLf
U15A868ga5EeYc3q37e3dhBgQHuoty9ryPdhIDo8YFjoc3UF6FK27CTawhqFIsig5wVwDiGIc+x3
XQdrJY9oKR48eIWB7zpUvWoeSXJ6Be3QXuzV+0c1/tZMmDPO+iS8dDbO1jrkt8xZZ8A60rJmG+i0
LSmPq7v5JC/WSPVq8Ltd2+X3AvIePHSJzboPcwDNEa8HCGvkLzBSWVaQsQEfXK0PSbMC66gTYHaD
hgtU9dDeLcBuERKzefaYrIUKDdJUqRLSe2yVgdnvMrgLJsP1QcFCoxjIu0T9+5ej7uw6AGEna84W
YmsF0OQ9opn6dtlgJE5wlxfogsGPkQ4g6cvoGoDYxUv2msCsszYPHb6szPcjLW/eNATwF3MBbnRg
rhvgcY4cKR2EQpzV40mcAMQAsAcNKO9ynQjfAAhDc3v8uK/pHrv/kACt/LPnrjuAvB9xH77lfXj6
jB3KosrgQY7CjiiL72oA77BosffPjsq6iPABlhQgGAXhB2uAn/d8+UcozW+YM4drEREi0TW+pX97
drenvHnSmFr3IpByis3TZ3l/oNKKX7igjuq/tR7puwDrcVi7u2Ahw4WGu7zI91Fa1QW9rhPHuyvt
d+nb0WNXWSBssBp3MfcPywLZc7BFIeYFtOWTJY0n2dUVz4ySsNLB1jx0jXXpNzKtWN6ABTWfmuWw
rz958i916LhKAfYiWONtW2bFHtwAWEcQE+h3GFCFiW4BPMOqSoB1XRsY+TGXZlf5ig6tWkVWkBzt
HFwRoMyLi6lwaxvWMpIuwKardMn3XFd+YJxiQPjnXr0JZuidBQFp9TRXvMB30NJvm9DO6dND8QLl
pU+GcMImZVnw3nUG47Nlo7sMxj9vX9H+4oaNCIB3FdYWL+JrfEfotMMqAMB13Qz7ZbYaAPPnAMA7
HGLhCBa0sAYIDYzKl1+ZfIewQzrWipe+lmRf5xUYjLcGzI1F9Ruwhvp2as9WEGIFWzOAeffB7K9d
p0HKSpqV78I74ZGzOSzjImXlN+quNGoU+61PqQQzpK03WUADWvUYe6tWuLRndYsA0/6jWMP8HguU
OFs7Qr/VIoC0ab0K7xEPIQjQkTBVKmU1LQmD9wnYmkMKFlyJqHNdZ3yz0mT9LXyMbGvfBtatIxU1
f0cpYB2+rHGghoMhV0FAAqSHlQ/pOYvmJP+NrLWnSdzIAb0OUCOvqyDtyWG9nk/SXNUl6Towope3
3kt+Z205o1vyox53eXHxxEUFdgDwmXtybijft6hLNCWd0YF0d4OYTb71zy2nwDnqCUvzVUAbmN23
msB3RoNoZuJLE95xYHI5QZIEyjUAzJnjIe6qT8LL8EyWS7tWQEsH8ABu1clcx2Vb1jpc0ST5cA2r
PT0f7kVT+JOqn1D3hQa4Zs2Dsfk2N5uVYWAdms6i7eVsnklZpDkD1mESulv5bgpMlLy4gt8S+q3q
p4BV+W29etI/mZ8A56Yw7Un4gLynTy+et9tYM7Y9lW9Uzlp9lPrtCS9kjQhI+rIEClzNBZ3RGP/Z
7MZiXr+5erTDvKjLZmjr9DQ+VB0yeflD5m94vuXBN/jmhUl32S/CanLstrFKMEjqhwnksnXLhlXE
TPN2PXN3QDIAAEAASURBVIbsSS2V9RVUKO3LM8c6VwRY1wVUrPVY5wyAdW94AXqsdenzz0ob9sjN
S9nvMPteTp89PU3dP9Xh2Yz6EKx9RNwY3zFsDWAVbsN91jUZ1pSqtavqdVuqEQ//eAOsX/z7KGtG
53AJZIMErKERDCTv2LiC/PrMohIV6nhImZFdB9bDe1cAsC4Am7WxH9jc9Cz/topm+HwfteQQS/OH
SCxL/nXLJtPUQfyRzO9yeJsrXKYqA3ZJ6O/j++jEwZ2qXwI+SxkBrgXMflnAupUO0GOlBXHTBvvR
z0sn4jbcOVinzVA2td3ulWms37h6g3qz5YbosWKwlaYxyoITxn3R+cWULHVS1Qf9jwDe+jv4tlXb
lC/y+afnOwiq6VrdfVfiuR5ijlKv09k93OQ0zduEbgXdCuXf/MjOI8qVjzMteakLrxTzB86jmT1m
qjFoymu9Kq91ZwHuNGpnqq3y9WYz8UUrG9oJt/l9EiA+rFpV71idmrArJDNw/QKej985gf2yZzGT
oJnV+6te9Pua30OD7maukJsXobF+bU8xGt65Ou3k/QDjCTcFhUtXVYcau9m6xc1r8JMZNrBuBd0f
P3xA3dhtA1xCyLoHoN7m6xwEE/BjVx5XljdCembc7WILDkPZaoUNrFs5Ezl+C0gJjVZotrra9/GW
LsA6KHeVT3pVrJjhU1u0eVHeFXAoZfSrtOcMcDXSYNJ2jgl2uyprBcr1fHIfXltWuiU/gHUEt3ix
3leBuQA2oMV98kT3UCAP6l3N2uzOtPRVQx78gZ96ADYw0XzkMPs1tvi7RlvQfIUJ/LCA9Rs3HjiY
wHdGAuqaPHk7m45fyrxAjmgKXHorSRz2P36JzZn/jUinYLfw0tk4q0JO/sicdQasnzz1D4NbA5y2
pVflDbDurD29TvRlwYI9BHPQ1RiEX+gChMfY5P5wmALWYUY+V87USqjCOs+kbtSLNGfAOkxCly8/
JdhkPXIaQfusVqasQbur4AmYrGuvwoc4hGt82G89rDBMncKCyo0KuWomSsR7wgsd2AxLezyiO+4O
sI5vArgd6NdvHTfvfF707PkZ9WJz6vq51PPQKgBseL7lwbeP8g134q/beesifCL1z55Vi+rWye88
syVWNPdhAl7AbksWgp/4XLmHKmAdlgewHgUQF6AYZaR9AZ2tc0WAdQHawVdrPdY5A2DdG16AHmtd
cOUhwUobaFm6bB8Lxs2m7NlT0IF9nRwsCEg5ax8R7+u3jCZM3KayhPesGza0IrVvV9LrtoQOT64R
AawLaKm3KyCkgJ5IU+dVVavSweUr8OBXJuJz82+4WTq8ejXduXpVVaGXCa9OPT0i7n+fNJmWNW+u
6MPjGCbQ47yVhGB6/OyOHeiEg0lyaVOARnd5IeV0Deqm69dTllKf0q+jWMO8bdtQptmljCdXAX1h
Bt536xY2vV8sVHGhQQe1RWs6LDAYdfvnyq2AdWhqp86VyxQUqDl7FuWra7iBDNWgkwgBn3UaJNs/
p07RoPcyh+K7dY45A4it4yK/UXd46zED86rFxg2mRrm1PaHPWbuShmtYfdPzyT3WCVwI/MKuCEKe
PpyqvZiU7dmTyvTqGSHPn/DoF7r0q/DR3fn+sta+DazroxR176MUsK6DAa5YLgfzANX6rugbplRM
Uj5AtJqMlUN70fhz1Y7EW0EJicd12chlSqNRQA49DfdhlbXmDS+/0K235Q0vxHQwgPVZR2dT0lRJ
QpGyYcEGNuE8MFxgOFRBSwSkv3pU6kE7fthB8LFc4AtHrZe7t+5Rq2Az1mKSWK8iLNBGz4d7HShr
xJqq8OeNPkqAf9HBdQe77JOMlbtCEAIaOdMgP8Taqq2LtnLZltAkdXgCrDtrT+qT6zH2bd2CfVtb
/Q1LOq46vyb+MZGyBB8gO5tnyI+x7FWlN/2143AoIQlYJsBYXmXf9if3n6S7N++hCF279A8tH7Vc
vbBivTobY5WR/wgv3NkDQHvbEm3VwTh4BwGaJnma0Ntp3qZph6Y5aM1K/fr1RuANusf0AgS0aszq
+V7Vvae8gLZxZATWwT/MhZvM76NsUeA6gz0I4P0PU78ngD8I+p6mIp7jj6v5a61ShH4ArMPyQcEv
Cir3EdZ8+A3t9QwfZFCm4scwSLVqwqpw17Z641QHkUTerkfZk/T9wdo/61zxBliHZQnxG+8JL8Cb
sPZoK204ABChmBxFctDITSNDac7iBVdcOujzQvgOH9CgEe06C/gYeSfzO2pte9uWs3rDi/MGWIfJ
8S61C7DW6WkavfwIpc4QAuLp7Qmg26gzm04P1gzV0925FxAfeTuytnWSt9Pwvhxi6UevA2DdOxmy
hvqwA9jWq0lJusXm3zG1MVbw017Lb6DDexgA8c6189OF039x2gCm2df0U452tv7ApmF71guldW4F
syMbsD6dgfWfGFjPW7Qc1fQdwPtFiMa/zj+IEqRM957S/H1uDV7+chWg14+fdeG5OBFtcuytcF8B
rXAAyW2Lt1Ha4Hi+wuKD7n4BtAuwrj9/4YLp5tWblDwta8UZqIrqJnyN92XhmK3LtzpYxtB54Ope
6IO2+/CNwyl3idxm1hN/nlACPq6AdWjQzuo1k/2+G37img9vTl+1+cosb72B1YvWxVpT2vfTKss9
ep/xPMJzU/Ej2JqGKs/8xl4DP+p+YyDQVMmsFu84zT5qSjCz746mfsQD60SHVqam1lWyqfGA1YSP
ipbnsYxukM7vaBP6NqYt388JU2PdHWA98CK7NfgykwLWsTclTpbS5IPc/PrjfBrTA+vY1lgXnkSm
a1ggpU4nDseWBvtnhQlrQxs9+OVFzxh8nzp1IkrL2ogSUF6Aw9272imNP0lzdkV+APnOAFekjRy5
mbXkVocLrDvTkra2F15bQreuse4NL8SEOYB1AHHwh60H0AFgVjeLrqd7cg8z6/B9u3btX8oMPEwX
6+HmrQdUpMhousb+6sMC1q9eves0Xa/rAb9n5cs3QvlaHsiaqr6+xRx80c+bt5vq1Xfu91znvTtC
EGhX5qwzDXJoqxYrPuaFAOvO2tP5gPs/dp1VWt2ZMrG/4f3sTzrY37CeL4Rfgeb8BR+s80zKYCzh
QgD+1q1j9ZQFuW7xWJ45c5327b9IN28aZn8vXbpFo0ZtVe9fVp/TUq9cnYFwkma9AswrXmIcu3s4
p3hcrOi79GEefwef0dYy8ht9DAq6w/Q+ZEGPOJQ0aXz1jijpkeHqKS8gvCLaxzqw+SL7AvAzPI11
8BrzIjDwDvviPk8wiY4A3k+d+jtdvXpH/RaQWP14zj/OQFlnVQLILlDQ8JU+oH95+uKLrOw+4pmz
rOxT/k36gP3Dx2DBXAF4safDF7qzgH4jyJNJfM1b/X8buYy/sM4Bk+p//XXV1NS2AuLIae2fda54
A6xDO98bXoAeT4F1EYop8nEG2rTJT/EU9UjAt1rDYJcO+rwQvpcvn50wXg+ZX84C3v8zZ05GWAfe
tuWs3vDiXiawLgAjaIKJ6+wVtHdr5t9i9lu9a9Zsl1raAmy23bPbwZx5eH10N/3Jg4c0kk3QA4Qu
x/7S4TdcNKpRx56582gBg8XOwERPgUadpu+7dKVNQ4awZnIFqjZtGo0t/LEBVu/bG8qvvV7OnXuA
puOLl1CmzQW4t5a7euQomyrP7qAtrps3h5n3mHHjWIuRzi8Rhlju66fM9fuwiXbxux6qoHWj4Qwy
N5wB+X9v267Ms1v5LvNB2nYGEFvHZd/SpTS3WnWlid8ggIWnNaVQK50JU6cmmJOXYG1P4p21K2m4
htU3PZ95z/x5cOumch9w/o9dBCsSCPDnvmPq1HAFUMx63LwJj35n1Vj5qudxxifhAfK9yLVvA+v6
SETd+ygFrLsDGsLEe7uS7ZSZ6yl7pzoFhgFqPLj/UEnLxLL4F5MD+mHrh1HeT/M6jCw/O9mU62OK
FTumGe8M3EDiv/zR06F0B2VyXAcAzIJ846qsnke/Dyu/FVBBOW94AUCieb7m6pBV+e7tXDPkTZXr
FLAbgJMO6Oh0enIPjdU57NscwOqIjSMofbb0qvgj5vOMbtNp2ahlKs0Z6BoWaGOlQUAcxAcEBVDC
pCEHGzgI7lnF0Gh21SfhPUAbMS8ubWBePOT5FIf9lUqQ9uA/ut9KFvBg0EgCfMpDE99VW5JP6ggv
H/JLXoDIOJDWD4kx3x+zT/mYDADiq+PiyYtUN4shjdcPGmVffixNmtftq9hnsU8P9Xs2C1ikyWKY
apd5Nnb7OMqume6/yRpmjXI2VPmtY4UyP7M5+JlHZoXShhNBDneBdXf2ABCxc+1O6lahm6JH/rSf
1oH9OX8hP51eoYXX06enmdZ7WW/nZmTNHC//RsbaHV4IQAyrENDeT5pSE5TheSE+DaOz+cCIDBhz
Z9YL9DYE2Bz2C++1pRz3WqztNiXaKNDZ1f6p1+Xuvczf8OqEoEjH0h1pH7upcLYPqvaYf/xPCQLE
T2yYVpvadaoyJQyhlcl/TmHgKkR4B2UA/sCfMQBuaEPG5GeJt+tR9iR9f7D2zzpXBFjX5461Huu+
Gi9RPK94gf5a63Kmsa7TIvSirLN5AV/LsKSBoI/homG8p3aeSgXLFaK+AX1ZyCH0fMY+DesZceLG
ZpNlb5p7JurypC3k9zQIsP7wwT3qWreQ6WPdAZBi+v599lQdiMJvG4DjLgxAn2cAGgB17VaDHZ7F
oEEALtyL327cexpu/nOFOtTMo8yU95r4C31Q4NPQVTB9T548omfsEz02g+t6uHLuJLX0eV9FNe4y
jv0356du9QqpvnxZtwN94zfIBNd17fgZGwIpQeIQDWn4mxvW4Stl2t6qKR7ZgfVVs4fRvDFdFLDe
yZ99i1l8Byvm8CS8x77hY8eJpwDPVwms677RD/52kNowuI4Dsq7zulKpmqX04TWBdX2tOmSw/Ni8
dDNbnuin6hv04yDKX4a1jOTEE3l5Lt26dot2/byLchbLRSnSva1qeMI+etsw2H1s9zHqPLszlald
xqz5xF4G1j9q5tSvO/bVYY2G0rrZ61SbXWZ3odK1S6uy8CEPDfhk7yRVaVKhaMA7A9bFdUwoYJ0L
i2AphHiw18i71kEG6kF76kypaRr7gYelj7BChAPrzNMf/P+hEayxnjrD+zRyyUFTWwF0QOClO5t0
D7z093MD69Bi71ynAF04c4S+YSGSyvU7O4zvvTu36LuGRTj9qA2shzUJXmFaWCClThZPKzbxfVKZ
igWwvvfPDqGAYeRHvvv3H6lvnTix+VsjOCAeB/STJm2j9b80p09LhgiIIQ3h0aOnFDtWsAAI/zaB
9TFfka8GpABMLF1mApseP20Ck6qC4D+obxlr51WvMTtcgBVFwsqPNCvgiThveCEAzhH22T1wQAXq
zL579e1QwG6Y0XVHIAC0uwqgsU8fw6w8xmvjBl/Kli2Fyg5gpFu3H2jU6C3KZLkVrEUmZQqeQcOr
7I/XWbqqKPiPzCE8N4Ku9mPANMTE8DPek6t8NYPgM9lZnwzeGwIU/fuVp25djf0aVSMN4T4DcXHj
xjR5Je0p38bsn1m3ijB06Abq2u17p20ZtRl/UYc7JuORW9rTfSdLXaARPuUBkGEsBWyDjNnKlY2V
j2t9jJF/1eqD5OMzQz2H4As6S+a3VV9lnomGrrQRGHSXzXoPUfmtYwGwD76nIaiROlUiKaKu4gPa
XWA9LK1eveK1P/5F5StM1aNo2tQa7M+5oEOc9Qe02iv7TDejl7G/+q80v9Bmwiu8kfFzhxcCEP/z
zz2ClrYuKINxhvUagJUAhSMyuAOsC7CJvbbUpyF7LegwhCPGsnDEeRNIjgj6rMCzqzrxXV2qzETa
vPkkDRxYnn2YlzbXtpRRa5//3Lr9gBInMgCxLryuhwzZoFwc4PmTMEHIWRvKwW3HokV/EqxWdOr4
KT9LYvB9EGXOMlBVuwrrkS03WNcjrITIvDx2tKtaj54A6zJXBFiX3+5orCdiIStveIEOuQOs67TI
3EZZ9QzmeSG8AL8PHbqsNPeRrgPrQ4dtpM5d1lD5ctkpIKBhqPmsxorL3Oaxwj6N+e5tW2jb0yDA
umg2w5x1+3372PS0JujJRD4L/q6Ozt/VEjwF1yR/8ixZqNNfh0Perbn+u/8E0ZhChRWgLECptCNX
AW1DAcRcHj7b4a89RmzHeS1l3bnq4F+foCCKn8zxu3pmlSp0eNXqCAfWRWNcpzFPjRpUa/48h3Nv
Pd2T+yWNv1Wm6GFuHj7W9THE2b0SaJg920FDXvf/3pBN+sPXuznh0TjzXPkvr1xZkdL52FF6m8dV
hATgb7wdm3qPnTAEJ0BG7F/7Fi2mf9i/fMlOHc3xEt5DuKBBwErzrAPtbBw6lH7o0iUU3wNatWIf
6+NMQQxnALHMOQHlT7Ev+wmflFTAOky6w8R6qMB74aP795UlhZhxQgQKnAHGKOusXb1O6du7rAHf
fMMGx3MN7t+TxzxvY/K3bvCGIn7hQ83z4LZEUMLVOtHbduf+dVr7NrDuzohH/jyRGlh/ypquz548
o1P7+NCWNZcBUn638Dv1wgrWwoS7FRgHkORX0E8BwwA3BqwZQOmyplcj8YTBxTPsM3ex/xLawgd/
ufhAz2oKXoCR4l+XoI4zOjJYGoduBF6nvev30kzWhsEB3ZR9U5QPYFSKwzFo5wAYHLZuGPt/z6gO
7xczeLpg0ALV7sjNI9XhIT64EHDQhxevVRNW0oS2E5TJy8p+Pgq0R3p0PpCNyS+GeuC9ktawlsxo
39Eqf5XWX3EdRoVPmUfjWo0lmDpHW+gXNjlveTGr12ya22+Oar7RgEZUoWlFpd194fh5GvDNAOVr
F4nN/JuxRtDXJh06ve7eX7t8jaqnqW6O6ecNvmDepqSAcQHKHy7qCQW6Mi/u8zg/5P9VU1VV6RP+
mMBgeSKznrg8brLRo46bQTcZ+G2k6oQ/9qLwuck8unDsvJoP6xj4RXDVJwFqQctY9ruZ6t3UapyP
s/Z3wLiVysx4v1X9TbOn4j8YdfbneMxdaG7/ylpc/Wv1R7TTtmBGFQFzG/yGpjU0r/T5ETNWzFDA
kQDUKAuQKA8LhUAI5Dz7MV47da0ykyxmTfHBN6T+EPpl7i/IrjTUPq5UxDx0/n0Ng+qVDVAdpl9x
0C6CASJ4AgCrw/T29NbbSdj/6VUa1Ww0/fHTTjUWE3dNVNrhwn8x05yNgfjvFnxHKdKnVEk8jLRv
014lgBJqjDkN6wS+kcGL0+wz3a+wn1t7APqEcq2LtlZa6/gNbfXph6c7WClAvDUIMCnxuoaexL2K
q86LU6z13/LjlgSt3sE/DlHkqDmBj/jgPUZo1PmAeeTTqopaI4Fnr9LWZVsJ+x2EJmDuHyCvt0Ho
Q3kADRN5X/s14FcGP12vSwF0YTli0NpBlOPjD0zyr/Kcgi9tuCLQLSZ4S98D9o+OOdytQleec/vU
Ppm1YDY1T1AnwFb4dtcD+NOnWh8VBR/rn9X/3ARLbgbdoG0rt9HIZiNVOvztvp//fcI6hHlhrDHM
965z+NAr0zsqD9bzhLYT1TpBn+efmU8JkyRUeT1ej9HeoOVjlpvPD3keyPyV58CFkxeUT3XsPz2X
9DSepTx35DeExGQcsPdVbVtV7Rti5QCWW+Bj3hteoNOw/oC5+oD3NbUvpDUANHxwHP/zODXP39yB
FuxZbYsb1iZQvseiHqw1yoI/PDSHGbjqWKYjolWQPiINgHz9rPUVL79oWI4aDWzIbkwM/+V4Dh7c
eoAmd5qsTPuLOw9v25L2PbkKsP6U/Wz3aFSMTh7aRXXb+lP5mq34I+9/FHT5LG3fsIwWjO1GqdJn
If+Fe/kdIDZtXDWTJrKWKQK0u8vVaMWCfcbH0t8nDpI/g9DQaE+WMi0N4zJWv+ee0DhzWBtau2is
0h7vMHQp5SzAh//BLy1XL5ymzT/MpWVT+zmapmfaL509QT2/LaFA+S+q+1HDTqNVszDpDhPSCNBK
r8OCATHjxKXbDPC1q5ZL5W/DPtgLlfRR7Vw8e5xWz/WnzWtmqzJ12w6jCrUY7OV1++zJE+rn+5ny
x678zecpyofajxi8L8zmra+Q/4I/ebxTmX7RUbbiN2153kSjf/m5++ix8VyNGSMW/bZuMY1jjXjU
A9/QGBOEOAx2I78K3K+fl01S5t0xThVqtVZ0IA20TB/Wmn5ZPlnVkZ1pQbnLLFzQukpWNQc/rcQC
eDxeCd9Krqp7wAIVR9in/NzRnZSmvlgXeJnAOt6n8f7aJM+3it8wZQ6LTarLvB7Vuy+/t0IjfOSW
kZQmc1qVhmfIsV3HqVXRlkqDuzs/w7G/OXv/Vp3lP9A8b8nP61P83MYcas8uWEryuwTA5js3bvMe
uIsGsdUjpDXs15BqdaslRU3gGnQM3zCc0rGwJd71+lbry+X+oFzFc5M/C74KoI29ZNXE1axJbsw7
PLPbTGzDhwv8wc/v0ZsWbVKCjFaf6Lop+O4LurN2fUlFw53rt6kLm4IHuO/D7+W+o30VnUJg0IV/
qGb6GuonXFOVrP4pC1fdpbaftCVo2tfpUYfq9a4n2V1eXwSwvm1mDOrZuDglTvo2dR6xmt7LkU+t
kxOHdvJc9uW5d0T1pc+UTZQteN6CwKcsLDOq2zf0x6YAMtKM92OkwQR876alWKj2Og2es5OF89Kq
g6nFk3rRsmn8LstjWKtFfyrzVROKHTcBr4PjNLr7N3SW9yek1WszjMoHr5/nnu8g6IWH19vHOsBp
CLDsZVPdRYqOVoADTOXyklbhzTfZhYDlXVDMi0OzLxP7b16z5lvKmtUAax8zKL7/wCXyH75JabYX
L55Rgbk66NmVTY8PGbqRqrJZ3hnTa1C8uLGURuX6DcepZ68fyQCoOtC7GZJiOStzstXZdC2A4XU/
N1f+3wG0DOU6Bg1er+bw5k2+VKxYJvOd8RH3iacbTZjALp/ar6Th/pXIjzWoEY8Qg4XpYjEIqgf0
eeKk38iv5XKVv3XrEvQGKuHwmPc9AEZTpuwgvS1veIF3z1691lK//r8oGqH917RpYdbujk3HjgfS
N9/MpQMHL6s0/2GVqE2bEDp0et29v3T5FqVJ20ft0yjTsEFBypAhCY0b/6vyh4s48FYHa8F3+Du+
e/cxpUrdU6VDUz9p0rjm3IgXL5bJb9QRyFrIOXMNU9rICxfWoyo+OTk9GsHPL+YDzM2DnapP4K32
jo32ANRWYKAWtABUfpd9QN9mbdtdu8/T2HG/KlBegWIVcqA5pRkPk/qoc9WqxlShXA568vQpLV9x
gGrVmhvSlsY/6RfKv8ntHzseRHk/8g81P2KxYIcVCBVLA2jvl3UsFMKA1CMWTjh6LJCmsPbvRDaT
3JGBvKGDKypwr36DBTR37m5Fx/LlDanSl/xNg8JMxOrvGcRjSwIINWvmpXlzvlHfJKDPL9jkMjRD
p0+rQW8nT0Dnzt+gZs2X0k8/HVH8AeAFX8xcmwqiTVqoUHo2dV2X0qcPEZretOkElSrNz3f2qQwA
X9eoxnp4wmdGWOfwdQ0f6RWZvwsX6nvAG7wHOJ5BoVH4Yi5adAxr559TNMAyxWF2N5AgfthCZAK8
qkL8RzeZLXGv4qrzYv/+S1T449EErd6ffmqmyMGciM7fs8JzoRF8KMJ8gPb+8OGVqHXL4mrfOnv2
Ou9d+6lr1+8pS5bk7A6howJ5pZynV6EP5aJHf4PatF3JAOcBBX66WpcCDCdIEIt+XNuUPv74XbPZ
8zyn4Ev79OlrDgCqmcGDG8xbQ5AqGq/habSR59yWzX5UkP2UY34hAGyV/VRF8B+hD7/HjfuKGtQv
wO/extkDrBoErDxIzZotVdmx/+TPl44gKJIxE5sW5kYx3+fOqU2ZMiVT6+r4iUBqy3z5kddJAgbc
/z7Tg5Kw+wu8o2I9zuH1iAAf4ZUq8f6E9chhzZrDbNljmrqHO5R5c79R7/ijx2zl+gLUuLYJfh7I
/EX/8Mw5eTJI+VTHulmypD7t23dBzR3jdz015tJPf34OtWv7CQuPPVEuOmDlAL7a07yT2CtegO/g
E+bq3buPaPcurit4X0Dan3+eV37jdVowj4oXH2uu28WL6vEazK54Ab/qpVnYQYL0EVwCSP5+1oGK
7w0bFqJBA8tRct6bEPCsgIBbx06rlMa/mM73ti1VqYd/BFjHN9nYIkWVZnPF4cOpWGvju/rG2bO0
f+kyWtu1KwEQh8lvgNeYG9DgXliP+eDvTyXatTXnxVOua2XLVvT75MnUYstmylSsOL/HEp3Zto3G
FS2mQM2Ga1ZTuvz5FRh+budOWt7CV2mKg3yUgclymWfSJQFtc1X9mmrMmEEx48VTfshPsI/wn9g0
9l0Gw0Ff0ndD1quUded6h8v7f5BT1Vln0SL6oIrxXR107BhtHuZPuxh8RkB/i7dtY57pghfbJ06i
Fb6+BN4Vb9PaTAvNC3wXYGY4Bpj+/rlPHzPS6sfbTPDi5sjaH2la+fKqJHhXftAgSpwuHd0LDKSN
Q4YyOD1WpQHUrrtkiTm+C+vV5zGeq9Lqr1hBOSp9aY7JX2u+pxmVDGtjuhCAEhLImEmdyaQvVIhq
zZ1DSTPxbw5Bx4/TKjZxf/THn5QlgO/+PkNxkxjP3KtHWWs+W3aVryG7BYA1g2f8XgK3AfNqsnIi
B53v4OuUsp8pX+gyXyBYMbogK11cucLCIQZoLsC6zNEnDJiPKliQrh7+iwD+N/p+Db2dNauq/+nj
x3T5wAHazOO7f8lSAhDeggUR3uDzc7QHOkCPPqfx0LoTFEgTS/I3LAultN29ixKn4e87bYh1wQmA
5Zk/LanmfSD3eceUqTx3JtInHTtSxaHGWbTQDGsJ3/64ljJ8/DFXZ1R44/w51da106dNgQJF/HP8
eZ3W/oD0q5+DE1Gg6BttogCRz09ipAXWdUAorG4685ULM44A4fDAQIB/6LfTpaAd3/9uVoWHXm0+
AKtvOQDDwdi3H35rlgXgdzPwpiqHMvgNM49JUxnSYEEXgviQraaZXxqQh6rQIADdNfYhWSOdcSgn
ea1XABnwLyvafdD6E9PWklfMeMOk5zcZv5FoddXBUG94cefGHaW99Pfhvx3qxQ9rv5wBoqEKhRNx
7sg56v5ldwWiWbOCf9Y2ZveeTXP6GsC/Nb/8bjeFfWk3Lic/1fjgYBbmSa3B2iekW8E8aDpCWwoa
nwjwAaz8L/O9lDcA7TwqPaz5i/wyL/S+CcClKgjjD+aH1ac86utfsz9tXrJZlQRwd//OfbMWtNkA
2vZdjQNsCBoA8AJwibLIDxPJmM+Y78iPdsbvHE9JNC3nP378Q2mCC/3SgN4nxAl4hXsB43GPkK9s
fsqSNzMLvzCYxH7PUbYSm1T1G+1n8hJz3vTrbBRz+lfnnzXDnvV/UqeyBhDXeVYX9nldxpol1G8r
rbJuRbAgVIGXEGFo/fop4QJXzWE/qNmllsOcl7ywFjCs4TBzzkk8ruA9rBz4b/APASr0DG7cuztW
qEofB+t8xz4Nk+swTQxT8Ajuav+pzC7+6PPARRbS90zJA+nUoQ2G0vp5603eQeAq6EIgHdlxRGUD
/7B28EzAGCBsWcJ+wmviEMB4/jhbiw1ZYKlGp+rmB4yn63Fc63EUMDZAtYc/WAdzjs+hWT1n0Yox
K1R8p5mdWcDmQ/V8QgQ0z2FmXw/QrLzMpot7VPpORZeqVYoFZjoo4TSAYgjYC9/L+57HvNjBViO6
W6xGdJvfnbVhPzVAvCGLVP3yB8IdmAMn955Ua1/4J+m4yj4j+68+bqsnrWFf66NNvmOfwbqFwI+U
xRUCUIUrFFJx3ralCnvwR4B1FAFwPL5PI/XxZq0C/QPg1XPiel6P0dXHGYD1rWvnmf16N6vxjDlz
dK8qjjL9Z26jLDkLWqvz6DcA7+71i9CVC8a4w+T7hx9/Tn/t2aJAcFSGtt7P/TH1GP+zOoTq0bgE
nTq8y2wHZYbO301vv5NRgf672K+zBPhmH7X8L4rHvtehVbtjw3JJMq+oH0Ef+37TtyqA++yJA2a+
/CW+JIDyANYlfjTXfYnB+SHtDCn0fMUrUsfhK2g2+3xfu3icWdbVzadfNqCmPaYokLHnt5849CsF
92fEkgN0k0FG34rGh7bUU7RsDWo5YK6aa+uCwXihP3dh9mPJQjB7t/9kZOf+oYedR66ij4qVf2k+
1sXE+mkWLNWD/nyDNaLmeMc5bbzjIK3V+FZUM51xMKCXw70rk+yS7xK/W8CVD95RnQWMdeIULKi4
DYKKxt6JfKC1HYPU8HFuDShjCKrmNJPgl716mmrmb2c3KAeByGwsTCUB2g7j246nlSwYKeOF/Qdu
U9Q7EIMws/6aZVrrkXI4jIAlpYntjcNIlBG+gif4JtHfmcxylpsIB9Z5Zp3bnJPaVv1A+VK3NGe+
W0lfEydNoXym32ftcph110Opyo2oGa8F5Se9vY+ZBD769plJJcrXUUA7BGrOn/rLTJcb5EOwtpWu
xH7JEomvry+w/vgJA2PFRiuNRVcDgLGDVmDuXKkdsuz846w6zJcxzZUrFaVLl4S+//6wmQ9le7Lv
3t69PjfjcAPQ+MM8Q3k+GNHQpA1kjWgETBUAq3/uCdGEP3/hJqXP0NecP0YpIy/upZ4vK35AASsa
0MVLtyld+j6Szek1bdrECugSkBGa2SU+MbQ3pYAy432gszLxDCBHDwK+4J3CG15cv3FPgRuHWTjB
GoKXi9kvK+htze/O779YO/7LSlMZRLvO2YMZH3zAiTHU20Bqb9Zy78u+mV0F0DgFvrQZYJEATVH4
m1++POTZLGlGn0K+dTE3xKS+5IGwxEcfDSdofCJkZ8160I2A8iijAO2SmVWcMX8NQFNFaH+QX+aF
9C0xmyaG9QPQGF7A/Dh8yBEkRv9q1prD4Nk+VRxg5Z07j8yqQN+A/uWoa5fSKg6CBh+zmX0Al6AF
+TO/l5wuXLyp5jtoTJvmLdrJgCF8lCOA9wAFK1SYYtKvEviP3ifc65r/AqxL3s/KZqU8ed9hYYmr
yu858vv5FqXRo6ooPiIfNF3Fr7OUc3Z1BshLvvUbjlGZspPUz9mzvmGf1/kkyeXVtyX7amaBFwmR
AVgXrV8IF7gKMCPetUsp9h9fOFSWWSw00rDRglBjhozgfbGiGWnDhhYUnYENb4K7Y4W69XEQQFfa
xD79xRfZ6Tq7foApeATZ55wJT0i58K76PHCVt0aNPDR/bm3zOxf58F3doOFCmstuImS9Vv06N2HP
37HjrKoK/ANIvvfP9pTx3WQqbgm7I6lRcw6XMfYyp2txQDnqzIIucl4T9M9dfmaNclyPmXk9clt4
/qAdgNJ/7Gyn1qMA6KpB/oN1cOJ4N+rRYy2NGfurip41sxYL2GQ2nzeJEsVWZvalDK4HD3RSLhq+
rGQA97VqfaQEymD6XeYbBGXy5nnHY144sxqxYH4dwvOpS7AAm06L+I7fy+D/R+y2Q/in5wEfwFb4
YIfwnD5uEydvYxcfhstGlME+AwEp7FkIKMt/afUqVsIqbwhAedsWavIkCLCOMjDDvojNsZuTSq+I
iQTY3WzDeha0fqoATICQEgC6dzx0kG5dvEgD3s0o0epaxM+PfMaMpgc3byrwVHyp65nwHFCzMnhu
xn/7bep09AjFe+stM9tlNknun/tDkz7kuRsYaKRz+QT8G1rSTrWQzVpc32Bc51StRgeWh/6uxiBh
mPSxh8Zwyg8+ME2tS80AbMEL9NPKCx2Elvy43rp8mfqmfkdFFeAxqDp1irkG9Xze3IPmxQ0bGYIB
wfzV61G81+IF1IeggZilx5wA0Js8c2a6eeGCwXfmSeI0aajNHzspQcqUZpX7GJSexxr3wiuUe3Tn
jpmO9r4YMIBKdu5k9lGBuyx0cf6PP8x85g3nlzmJMW/HoPnUz79QILjk+YBB/tqLFjrMy848fwKP
HaeZwQIA4r/9wu7dyjqC0JeKfcO/lT4dQVhAAmgs06MHfdanN+nAuKQXbNSIzfZPNbT2KxnnJZJm
9S+PdubVqEn7WGgBwSk/+venUt26qnQB1tUP/gP6sn3xBd2/fl2Zgkc8hBU6HjxAMTSNesnvzfV1
Wfu9Uxg89oYHUaKMDay/2mGCdi9MMkNT2ApM6JQBGMiQI4Mepe6hjTK371xaN2ddqLQanWuwlklJ
ypTb8TBJMu74YSf5Nx5mAuqIz8xAYGW/yspstgDekh++Gnt/3dshP3xxwxzU6OajVLYv2AR128lt
VR5oIePgTsABqUeuAGgA1KDfCNCsg6be4W0hBxjQhhyxaQRdv3w9FLBet1c9qtuzjlTHwInnvAAo
O7PHTAfwBhVC8wiaSkMbDlX1W2k1G/XwBuMNX8OPHjwiHHgCKIImLcxBX2XtWt28+FL2XT+5g/Fh
56qZ7gzglKxR0iEZAgM4DIW5UAngcYuRLej9fO9TRwZhRYjC2byCAMDwpsMdxgHla7GmT4mqxR0O
h1E/QGr/Rv60Z/0eaY58WvrQR2Xy0XcsSICg8w9zvXtFI94s4OQGZXB4Gyd+HIdUZ/1DBrQJk6ri
J10KwXz9qgmr2YTyFIkyr40HfcvzvRJrIMU24+QG/JPxRxzGqv3UDgRN97XT1qpsuilWaMItHrpY
gWZyAC114Yq2fFpWNrWBEaeESfhwHXMirKDzz5pv35Z91L5ke0qdMTVN3huynqz59N9YyzCJi4Cx
HfLzEIfDeD3vy7p3lxc6YKjThhejpSOW0RTW2NVDMbbagH0pb+m8ykqGnubJvbv0oc5eS2Fav6iq
XuY7+ByTJdZl7Unb5Vgwph7vZUlTG0JMEu/pFS4xoP2OgH0cvnqtAYIdvqN8zRdlSQfvNi/erCx1
SJxcPyr9EZWt/xkVKl9Q+SqWeFwxz8e3Ga/ccejxxb8uTjU61gi1FpHHk/U4tes0XlMhwDTWAYSx
lgxfSnNY8AgB1iGK874EARqsI4A+VpAL+2rQ+SC196EM9grsh9PYDYfUj70G4JGnvPgTgi2fdUK1
ZpA5OotpnNdvrhmPPUQBbNwPBJjHH9FkhAP/kKcLC8js5v102QhDo8E6bod+O0Qjm480hZ6kAZSt
yUJFxXyKKi1diX+etvQ6wrvXgXXwcc28ETRvdGeHYgU/rULQdM5ZsBRrp8RwSNu5MUBpnN66HugQ
X8qnMVVt0pOSJHcEQRwyefDjwT0Walk4mpZM6h2qVJGy1akk0/dB/pJqnUDTuw9rsh7bv93MC/B8
AIP8yVNnUGA4tLolAJweyn5kAb7Df/yckR1M7XTkQXy9diNYyzY/9WtR1gTzB8/dRVMHN2eg29A8
QV70G76b+zQrrdpH2UFz/lDa/M3LZ0AWKgmg/LvJSssemvbhBeUPvuVABaz3bV7GoV+ZWWgBmrw3
/rkcClgH//FfwtF922jKwOZKM13icAVvfBp0oQIlfZSFAcQ9twYvn+a442P9EQuqdcI75PaQd0i0
j3darHc5iDy+5wS1KNAcSVSuUTlqOLARP0PbhVpPSE/FJs8n75lkvqcizhru375PCwYvUO4xHNL4
rKHFiBZU/tvyDs99yQOQH+/OmxZvkiic3dGA1QPY3YOjAIkA8dAwdxUA4E/eEyIQK/lgEWv56OU0
xfIOBKHCfqv60XsfvidZHa54R4VFqpk9Z5rx2GNGbR3Fmv5pzLiwbl4EsH59bwmllT6iSzV1lfYx
9yCI8oDdEAwNBsplPd6/c5O61C1orjeUwVr4ptUg+vO3tTS4zZdSDV+jsVDISiUUgsgHd+/Qook9
6EcHwZVoDMpP5jkVnSb04YNODtLWO0VD3oVVQqT88/oC69C09Kkyg/1vQ7vPESSUocA54IH9nShH
9pDDRkk7feYa9e23jubMCRGmkrQubN68evU8oQB5pOPQGT6/GzVeZALqiM+bNw1r6xZjzd4cDlq1
SPtt22n6uuosMz/omjypmvqubt5iGbJQo0YFafLEqspseZ68/ipv9mxvMzjr+JxEXoBJAO9Fu/Yh
a9qXYbPy27b/jWQVChdKzz5ofekSA/UZM7E1Bi307vUZCw18ZsZ4w4vbDMr26PEDa2P/ZtaDfgGw
hgZxw4bGO52VVjOzhzewUgLt7wcsrMR4FgNF8dkXbnIqUWIsa0TfNDXWMT4jRxq+6101ATrnM4BT
o5oh2Cf5IDDQvsNqpZ0ucZhbI0dWpnwfpaOyn000QSxn8wpAetOmix3GAeW7dyutLBzAioEeAMBh
Hq1ff9yMbtWyGGtdvk9ffmkAWcK/+PFjKa34ihWNeLOAkxuUgUBJfNbK14Oz/iEdbdaunY/7yBpe
WoCZ8AkTfmMTyiEH3ZI8eFB5Nd/jWlwQgv+z+f1Fxh/5U/BYTZ1anX0WH6Zp03YoAGv27G+oNoN0
CDCPDQsOAE4FrFMJwX8GcVutWJNaB08B1pb4BH7Sz+tZQ91nzJiEedHRXCt6hs3BbiEAOsMMuqwn
PY/1ftv2M1SMNWYRMLbrfm5GBQukt2Z7qb/d5YUOGOoE4j1+OK+ZTp3W6NH0VZVcPI4FqXTpLKEs
IDhkDOeHu/ShmmVL67O1iFyqRmUFguc7+BwnTgxz/5TmGjcuxIJPn4VyHyDp7l63bD2ltN+RH/v4
n39eCFXUz7cIjRrpY75fSgbwbjELq9RiSx3WUIb5Vp+12GG9wWry/cDBS2zNI4A2bzGEf6UsgHlY
jrCuRaTf571vPNZj59DrEWukJT9/ZD3KmpJ6sQ6wZ/kP30y9e/+komHdBe0VZgEarKMUKeKz3/q7
UkRdYSXi/PlbLIBiCF+2almURo7woa7df1BrFpn27e1AuXKmVt/VnvACVl7KfuZ4/ilztBcLR/Xj
57ME7Pfbt7UyhRNgHr9JkyUO/EOe2bNq0S+8n44YsVkVtY7bb6zV3qz5EgW6S924omxXduGBuQfr
FXrwti29jvDudWAdc2rL8BH0fSfHM4ecX1WhggzMZi5dis1Yx1Cmr8eX+IQu7Ap5h8lWvpzynXyL
QdeBGTM5NFu2Vy8q28v4vrt65AjNZvA6kP2YSwBYCg1xgK+iBZ2Ewen2DJIDhNTDkR/W0mIGNU1A
nRPfyZuX/Xn7KY3quBoQr5dz9/7+jRu0ul172h2snY5yoOHLkSNZwz4fTS5T1my7AwObyd57jyaV
LkN/sza+hHSsqd1i8ya6zWD5QIuQgc4LyY/r7ctXqA/79EYAKJ8yRw51H1F/MLY7p7Fr2KZNHaos
0rIlAZSeXLq0ikdfW/6+nVKyz3WEx6zhvW38BPqhs+NZC9LKseZ70ZZ+7H89Ln46hEssdLGqTRvW
KN/iEA+N+ZKsnZ2WfdlbAwD7JTy2x39ZbyaBvqxly9J0mKLngHkB+qZXqOgw/wo2bkw+48bSpFKl
1VigH613/aFo65/OeE7mb9DAFFi4duYM/dKnL+2eM8dsS24+5b5+WIPdgeXOraJA16h8+c1xRyQ0
zCsMGUywBjC9QgUpqq6ica9HOptXSEf/8tWp7cAPqRN9AHCuz3WUQV/L9u5FiYLnC+KeN7wua982
Bf+8MyFylI+0GusRxR6AjY/5xSoGzFrx1wu09kwTkuE0grJYsDHYN7UVxLQWffbsGd2+dltFow2Y
Zo5swRteKB7wISL6Fy8h98tiIvBF9hGaqw2y11dN6MD687YJ7dAn/IEJk/vwte7ufJB2ob0OQQAI
GGCswwu32bQo8gOkDm8ehVeXO+kA6AB24rAc7YXXPwhu3P7HmLuoHzwJb5zRxoM7D/hF9U1lWQES
cq4CXDDcvXFXAXuYRw/vGvSBJwmTcVsvYK2g7rYl2yohiC6zu1KZOsaLlysa9XihMXY89sUM8+qv
ScA4PGST6NjTMBfDG+OX0W1Y8EiSKgkfGkVTrhWwV2PssK5exlpxt4+YEzev3qRYbMIUJobjsu90
d+jDXoN1iPLurn9v1qO7/YiIfN7ywpu24SoE5qMxdxMnZzOYYewzev0wQQ++QzsC+4s7+7S3bent
urrXgXXJA/PL8LnOC5LXIguXsOn3sMK/PIdu3QhkP+zPuF+8RhIkprjxE4VVxOu0Rw/v83q8wXM2
Pgv2PVTthEefN41BSx4+ut5kQYIEiZLyNbo31UTKMhCCiMZzEH7j4YPM2Vi9LGD9VTMI70wwQ49n
D9YzhHzcebZCKBTvC8ibIkMKpyB8RPQN77l4FgEwj5MgDrurSeHWXgPhSTyv8FyFcBP65m54UcC6
tH89iC0PqO+X2JQgsSM4JXki6gpBGcxz7Etx4uGdzvle9tzzPaIIDrOe1xdYD7PbHiTeuHmfwdon
FJu/q7GmobXnrmYmynIR9k39ZigQ00oChNOvsaYlAtqwmnK35n8Vv73hBcr8q76r/0cJE8Z6LnPR
nvb52vV7ZJhTj2YC657W4Sw/tEMfPXrGJvffUObj3Z0PUtftOw/ZLcu//F39BsH/cHjh+o37Kn/c
uDHCnUfh1eVOOgC6hw+f8ntlNIofn92x8fd/WAEmkeHiQAJMd8P3c1gBbUAjHm4L3kocJ8xnEFwV
3LjxgAH4BErY5O490Mfu05iHyZLFeyFrBYI5JUuOU0IQcxjkr8OCBe4GrGXQGC9ejHB5526dkSEf
xuEe9wt7GuZieGP8MmiGKwj4fcf3EtYV9mrMC+yhVsGRl0GPqzYwJ64G3lEm4++zQEpCXvfu0Ie9
Buvw2TO2tujm+vdmPbqi+0XEe8sLb2i5fOW2Erp4/PgZJee9wt3v6sAgg+94dsFNgjv7tLdtudMv
HViX/DCJDb/L6t2XQdPn8VsudVqvty5dUu89qDteUs/frQFUgr43Y8akWPHjW6t/7t/Q1n7GpsUh
SBCX6XvR39XrGOT9uXdvgiY0tNXdnU+edhRAOSwHgO8wcR47kXvnHzCzfpdNnUvAmLkzL8BHdY7E
Zy4A4N0ZK2hmwwy8u/mFJm+umEdPHjxQfVHnusyPFznW4P/Thw/VuUZMnreu2sL6gOUFzIOHt28r
GsGTOEyfOzz0hhcoE9XXvg2sezvykavcaw+sRy5229S45AB/lDxigFdAVhzEQvMS2kTQOJ52cJpH
h5Yu27ETXl8O8BySACsB0JbFYTfMuUa3+FaUfPbV5oDNAZsDL5oDzoD1F92mXX/k58BzA438zBON
dVhEKteovOq0m/InkZ9BryGFOIBH2LJsC/Wv0Y/8xrakyi0qGZHP9TcaQWM9Mofnnu8vpXM2sP5S
2Gw38sI5gK0Gvn1jsXIAAkyv9+79M40es0X5KIbJYl2jWWWy/9gc0DgQ/LhSMevXH1PastBWP/JX
V4rJAgB2sDlgc8DmwKvggDNg/VXQ8Z9rU3so3Lp8ifq+k0Zpxrfbu5eSZXI0pf+f443dYZsDXnLA
Bta9ZFwkK2YD65FsQP6r5Pw440c2v+8fqvuQeIJZfZgltYPNAVccgNYYTLMGXfiHtSxj0YaFG0zT
4jAnXrVDVdakiuOquB1vc8DmgM2BF8YBG1h/YayN0hU/L9AIDWu4TFg7Y61y15D2/XRsreYRwRWO
OxY1ojTzoiDxsMI0qtlINp71P9q6bKuS6LeB9cg2kDawHtlGxKbHcw7g7HvGjB3U+NvFoQrju3rq
lGrUSPOXHiqTHfGf5wBcCQwcvJ59Ut+ieHFj0oKFe0zT4r3YnHjHDp+q+P88o2wG2BywOfDSOWAD
6y+d5arBfYuX0In16ylmvHh0jn1+iyn5/PXqURk2m5/03XdfDWF2qzYHojAHbGA9Cg+eRroNrGvM
sG9fHQeWj1lBE9tOcCAAvpfbT2lPJaqVcIi3f9gcsHLgwb0HVOe9OiaYrqdjHs07PY8SJkmoR9v3
NgdsDtgceCkcsIH1l8LmKNfI8wLrcG+0etJqGuM3xux78rTJacreKcpFixlp30QKDly7fJ2a5m0S
8p7CHnQ6z+zMrmrKRAB9tsZ6BDCRq7CB9Yjho13Lq+QAgPUxY7ZS23YrHciA6Xn4dK/29YcO8fYP
mwNWDsBffKb3+ptgup4OH95nTvegJG+F9lGr57PvbQ7YHLA58CI4YAPrL4KrYdcJk+MzKn7J/rnX
Os3o99uvlOHjj52m2ZE2B2wOuOaADay75k1USrGB9ag0Wq85rfBxCRPwCABDk6ZO+sJ8tbzmrPxP
di/wfCDdu3VP+WPVGQD/rKkzpbbnks4U+97mgM2Bl8YBG1h/aayOUg09N7AepXprE/tiOWAD6xHD
XxtYjxg+2rVEBg7A3/Lt2w8VKQkSxKbUqQzfy5GBNpuGyM+B8xdu0q1bDyh69DcciMXvTBmT2d/V
Dlyxf9gcsDnwsjhgA+svi9OO7cD3+N2rV+mN6NEdEv7HvsiTZsrklv9yh4L2D5sDNgfIBtZfj0nA
wPpGCDbbweaAzQGbAzYH3OaAvW26zSo7o82B/zgHbGD9Pz4BXHTfBtZdMMaO9oIDNrDuBdOcFPEe
WP/fv6Od1GdH2RywOWBzwOaAzQGbAzYHbA5EFAdGvtEqoqqy67E5YHPA5sAr5UDbf0MsD75SQlw0
Hg0mEp8nvNHmeUpHmbLRlu559pycijJ9tQm1OWBzwOZAhHDABkQihI12JTYHbA7YHLA5YHPA5oDN
gUjCAe+B9RHPe/AQSThgk2FzwOaAzQGbAzYHbA7YHLA5YHPA5oDNAZsD/20OPLdGvQ2s/7cnkN17
mwM2B2wOuOKADay74owdb3PA5oDNAZsDNgdsDtgciIocsIH1qDhqNs02B2wO2BywOWBzwOaAzQGb
AzYHbA7YHLA5EHEcsIF193hpa6y7xyc7l80BmwM2B0wO2MC6yQr7xuaAzQGbAzYHbA7YHLA58Bpw
wAbWX4NBtLtgc8DmgM0BmwM2B2wO2BywOWBzwOaAzQGbA8/BARtYd495NrDuHp/sXDYHbA7YHDA5
YAPrJivsG3c4AIcr0dzJaOexOfCCOGDPwRfEWLvaF8oBe96+UPbalVs5YAPrVo5E2d/i6M5+94qy
Q2gTbnPA5oDNgVAcsPf2UCyxI2wO2BywOfBacMDe3yPdMNrAuntDYgPr7vEpcufyZAPyJG/k7vXL
oU7xK5hp0bw/nTmydxtd/PsIZc9TjFJneP/l0G638sI4EKHAOk8vWZYgWM0y76faC+tzeBX/T5YJ
Z5T+PMeSCa+5KJH+P2bKbwG/0YM7D6hQxUKUMEnCKEG3lUiMLaYkxvU/MabcUdXX16DPr8sctM5J
+/frz4FLpy/R3g17KW3WdJSrWM7Xv8N2DyMBB2xgPRIMwnOTcO30GTqxfj29nTUrZSxezP368ODn
8L/gt1jjVZz/RqF3cjzzQ97XohDhBuvtv5FpDqp3YYOgaJhV9nSy5+cL4oDDvhXGXEO+gwEr6fGd
O5StQgWKlzTJC6LIrtbmgM2BCOOAeowYb1aR+Vki+xD6Hfwo5nMvLx58wc9OlEQ9XtUBIv5j4eHt
O7R/6VKKkzgxfVC5Er3x5pueceC/xvfg/oJJL3Jd2cC6e9PQBtZd8Qm7oLEVGjnMndFVAS/iuY1/
nz2lwMtn6cShnRQzZmwqWKqKexVx2cCLp+ng7k0UdPkcvRk9OsVPmIRK+zSmGDFjOa3j+MGdtH/H
Onr25AklTZmWin9Ri2LFiec0rx1J9OzpU5o62Jfu37lJ14MuUU3ffpTjo088Zs3jRw+pc+38dOH0
X1S37TCqWLtd+HUoJMuLB3n4NUdMjshOX8T00mUtEQWs/3PpH/p99e+0Y+1O+vfpv6q9ZGmSUa1u
tShVhpQu249sCUEXgmhQnUGUKHli9fL46MEjReJ3C7pTnPhxIhu5HtPj7XS/ePIi1c1SV7U3dvs4
yl4om8dtv+oC546eI/9v/SlZ6uSEce0+vxvFTRD3VZP1QttfPXE1bVu1neIlikeB569Sp+mdKF22
dC+0zRdV+eswB18Ub16Her3dm15a39W7NLfm6esMlxvbehytHBdAuYrtVxSHAABAAElEQVTnIv8N
/vSmpx/YL62TdkOvDwdsYD3KjyXvHQGtW9FvY8cxqF6cmm/c4NbhHA5UT2/dSodXr6GzO3dS7IQJ
KFb8BJSt3BeUr169V3sw6uY+euvSJZr/TW2KlywZ3b58meosWkiJ06SJ8kP6X+nAy5qDBnjAD+Vw
nsvbJ0ykQ6tXUbQ33qCsZT+jYm1aR+6h4HUSIhRj6ZzlZ+TuiIW64H4ZXbB0xPLTUjJK/Dzz2zb6
vksXSvROarp57jx90qkj5fLxcUp70MmTNDhzFpXW6vftlL5QIaf5Xkmkm/v0K6HN00alL87KuTvn
guvAmlSgj7Uuaz3O2rTm0etwll9Pl/uw6pA84V1fZlvh0RLF0nGevqJFC7p/8ybdvnSZyvXvR5k+
+STS9eLmhQu0oE5dipc8mXrfe/LgAdMYjWovmM/vgvHdphf9DWjZkm6eP08x48WjJw8eelyH2429
Zhn3L1tGc6pWo/hvv02djh6heG+95XYPXyu+y34Tzt51avNmWtOpMyVImYISpkpFPmPGUPRYznFA
txnpJKMNrDthipOoKAOsX7tygU7+tYsB5BiqG5D8yfPx56E+lgMvnKEzx/eZ+fQ+x4gRk5KkSEtp
WGMYHwnOAkDn/TvX0+6ta+ify2fpreSpKXX6LJQ+cy46duB3ypmvJGXPV0IVPX5gB926EeT0YztW
7LiUjNtKmTaT07bu3r5BSyb3oR8XjTXJyMbazL0nh38AABoXT+lDATMGqbIiBZUoyds0ctlhBthD
b0IbVk6nSf2a8PPBeLXBR1XSFGlo6PzdlPCt5CYN1psr507S2ZMHTX6ChzkLlArFd2u51+H3wwf3
qGONPHTlwinVnUadxtLn1Vt43DVs9P1bfEaH9mymRp25jmph1/Hnrz/Q1rXzqVbLgfR26gwet/ei
C1z8+ygtGNedvqjhRx/wevgvhogA1o/8cZT8Cvkq9skaFl426NeQvmFwPaoEgK8NczQ0ycX+kvjt
xDTryCxK8FYCMz4q3qBv07pNJ5+WPpSn5IcedeH6letUNXVVVWbiHxMpSz7jMMCjSl5x5p0s9NG9
Ynd6ncY0PJb2q9GPtizdovqMvBN47N6PgmMH2l+HOYh+2CE0B84eOUczvptOlf0835tC1xbxMXdv
3aOZ382g9NkzUMVmFZy+K7tslT8qFw5ZSNO7T1fWPvos72MD6y6ZZSdEHAdsYD3iePmKauK9Y8Pg
wbS2e3fKUbEi1V+xPNxv1n///Zdm+VRhUH21+Z0M6nG2FTthQup++hTFTZLklXTowa1b9ON331HK
7DmocLOmYe6jV48cpWE5cqh3F3xXtATwVLDgK6HbbtQzDrysOXj16FFa260bFeOD//dKhv0NP7d6
DdrH2mM8oSg7r6UGASvCXUue9TqCcvNCvXX5Eu2eM5eFY7aoShOlSk0ZihShOHwwf/yXX6hU926U
+J13IqjBl1QN9+vG+XP05/wF9Dev5eixY1PClKko86ef0v3r1wmCNCXatmXwJmoLO+/h/i2sU8f8
5qoybiwV8TXOR6ycvnPlCvXmsUVos+sPSpsvnzXLK/mNb+TN/sMZOLxI5QYNohg8VlE1PL53n04y
YPM/fi5aw798ppkqVy5KlimjNcnh91M+qz7xy3r1TL1x7ixhPSZ7/31KzWX/3r6d3uM5/N4nJcwy
5/f8STfOnqU3Yxjn/Eh4M2ZMylKmNL3h5Mz++pm/6cLevQ75zcosNxA0y1DYewGMywcOEgQ6dNos
Taif4E2KbNnYUo5tmVTnz+N798g/94d07ZRxnh7W+tbLvex7PBuH8XuWBKxpbwBe6e/106fVnuZN
HULDf+16assWmvBJSUoQDKzH9QBYf134/vD2bX5H687v/NmpcPNmYb7z68/OFznPbGDdvZUYZYD1
SX2/pQ2rZqheCQg1Y0MgxU/k+KE7smtN2v6L8REQnNkUyMUGiQAAuvfkjZQmo6P24LUr52lQmy/p
7IkDDpNYyqFsvuIVqaP/cnr8+CG1rPQe3boeZL4IIl1okzJoq9uYtZQxWx4km2HnxgAa3skAXBCJ
/IXLVKU2Axc4fYGQgo8e3Kd+vp/Rsf3bVVuV6nWi/J9UongJEitNdWdA7LF92+m7RoYpvFp+AwgA
/vhe9RkwPk0fFa9AnfxdfygBjN8YzHfQiP6MWv6XU/BeaHydrvfv3qKAmYNp5ayh5C2wDr6tmTeC
Du/aROVqtabchcq4ZBHyTmaeY64PnruTMmWPHB8MOsG//bSQRnev7TU/9Lqi6v3zAusY57F+Y2nV
xFWUNX9Waj6iOSVKloiCzgfR9cvXKU+pPJQ0ddIow55nz57Rzas31T529+ZdapSz0WsDrG9YsJEG
1h5ALce2pMq+lT0ak3u379HEdhPpZtBN8h3lS6neTeVR+ciS+RwDeA1yNHhtxjQ8vj6494Du3rhL
3St0p1MHTkVpYP11mYPhjdl/MX3D/A00qO4g8sPe1KJSpGMBgP+GvG8UrliY+qzwHBj/beU2Wjvt
B8pXJh/5tPIx368jXUdtgl4jDtjAepQfTP7UP7hqJe2cOo2ylC1DxVq1CnfvuHrkCA3lA1V8w1f0
92cQsQI9YO0qHN7HSZRI1SPf9y+bP0Jbji8hJOD6e13oun3lKs348ku6sHs3tf5jZ6QBnoQ+++qc
AzLOL3oO/rlggbJq4A648fj+fTqxcRPNYFD9w2rV6JuFYZ9ROe/ZC47l9X4gIIBmf/WVakhfp/jW
lhCZQFihKcwrk75j2jRa2oSVYji8Nv1y0umnjx/TIzbtvq5PX7Y0MpbCmpsAHVa1bUf3/gmiSqNG
UdJ333VS48uPAqgzqkBBpusfjzUtXz61Ybd45fBhGpYzl5FJW0M8CVXcF/36UWkWVHEVoKk7rUJF
unzggKOgmlaXLqgD3g3M9B7dCQxUQjx6vS0Y4M9Uorgepe6XNm1GO6ZOdcwfTJ9DZm7z3WLFqMWm
jV4LBSkBoyVLVF/MuqUvepvS1uZNYZ7lm3X8h24esoDg+kGDadOQIWGu71fJkn/5LPPO1avqLPMh
v/8N+yCnV8A6+nD/xg0Wsrn0XHW8Sl68qrbxHgRB0nhJk1Hl0aMoRhzPrJ6+DnyHgMfQbNndEmbE
s/MfFvoZluMDr+eqO2NtA+vucIkfEUv3PAt563SvzCvJNW2wH/28dCJVrteRSlSszybUn1HaTNkd
XjRB2MW/j9FB1jhfNq0/g96BBCA5yduGhOrZ4wfo+/kj1YaZ4p2MNGLJAYoZ21iwN4OuUIdaeVSZ
uPETUusB8ylLrsL04N5t2vL9HFo8qbfqtw5+79/xC9345zJtXj2bDu/ZTCXK16GcBUupfCfY7Pq6
ZZNUW3HiJeC2DlIyNr8uAVrMVxnYTpT0bVVH268/cAtYh5b70il9Vb/7TN3MIHlRqdLpFR8VE/o0
os1rZtMX1f2oQcdRqiz41Oar7KrMsIV/UoYsuZ2Wh2Z90KWz9PjRA/quYdEXC6yrmahPR36BM97h
nNLmMlJedpBBf+HRC+h50Ii0g+blPjj/7i1raEi7yiFAsl7WVf3Sll6ffi/pTq4zhramHxeP8w5Y
12lD3eHRhzyK5eoPfoWUcUHvjg3LWSikWgg/jFJh/3VWl8TJNewaQlKR3yCar9rYheQw7rzihao8
uKbgulGPhY/PC6w/ffKUmuRpooD0yXunUOqMbgKuTIqFQsUCa9fN36EyB6do9Vi6Zhb19ubxw8fk
y5r40JR1W2NdowftqiVoWYeh6HFVRvrsqryrcqEaMCK2LNtKfav18RxYFzqkXlf0SLpcPaFP2pC6
tbIqSuKlbi+vTsdU2kad7rSj0WYWCa+cVkayoll1LxGozBK8WfqhFxbRODZFHTA2IGKAdeGXTrez
OEtfnNGlslh5o9crdUj98ttZHkkLK29YaZbyela39hYuIGUUefjjEBHcgMRJe3pfwkqT/J5cpT5X
bejxer1STuIkH8frSS75Ys2HeqQOqVO7wqoCrCt4Bax72JZq1lUZ6ZyF1vPHz1P9rPXpk2qfUHd2
C+JM60TrTsit1Ccxlnol2ulVo1EVc1VWbyM4j+wbYZZz2qgd+fpw4D8ErKu1YiwEYwloi0W7ddy8
gkdaXz+I0vM7mwxaW0Z2LuBNGb1uZ+U9pQv1cRllfpKBw+Jt2lClkSP0VhzvrfUjVafDmq6nOdbk
9q+g48dp8PtZ3Qc2mYYAFibYNn68Aax/lI+7aBCmyHH5AAomibNKfiEyQn036jzS+aPHo2E9TQjB
1UKfmBhW5obD6puzcq7a0Nvz5t7Ttji/23PQG3q0MmJqNSzwUstO1//+mwa8m9E45F0ZQG9Ee8Oc
H27NC095oTfuxv2+JUtpbvXqKmfualXpsz59WDs2FV07c4YW1m9Al/fvV2kugfVQ9CE7T4yw5gaX
QdDXiVu8MIq59XfziJG0pn17piOa0t4u3rYNxWW/s1cOHaJFDRuZ2p/u9yucPhkdcr9PwTwwOyP8
UvEhnHHJFyflD7HFkJmVKjsH3qz50bC0aRKh3ej5kY9/C1WqWFh7BapR5aWEUa/LvnDyk4cPaXTB
QgSNek9NGOu0oSWjW/zXuDEat/7V+mOUMTKDYl0Iw1rMnd8QXoBLFGisn9y0iXbNmqWeP9nKl6en
jx4xUF2UUmTN6rSq25ev0PAPP6S7DJLD2kttFuRJ/3FhQp17Zs+hn3r1UuWsgjonN22mG+fO0YU9
e5RwhVReoGEDqsoAuvX7IejECTq1ZStbc5hPMIeciwVrcrBAGehTgcf3GYNO63g/eI/Njj+PUFBA
q9aKB5/37ass1zy6e1fVC1PhEgdhAgCCZr94nwwV9PFU80vLIWl6vLM4FJF4rbjD7f/Zuwpwqaqu
vT4DRFABAUlBpQQBAeluQZRQpLu7u7u7u0tSuru7Q1pCGiQl1H+9a+46d8+5Z+6dGcD/k2/289x7
aufacc7sd613OY2NsNK4ZeDlhVM5nNTTGHSb33XqSjwtKbS5JXFELsHz0dUc/u/ULicZIhPzPq6d
0uI+B7/msy3/P58/o4FfpfNvTXBVw/l/CFnYGmK7tDLhdMESRPM5YihxrXSIY6QNNR0SeaifjAtP
ZUoaq0TXiae62aLZ+9UruRvtQXauovi/U5n2umkcex5hvVPs9fZwjbWtV+IkwWuJA2OHmdQcq634
90IEXne1n8PsK2Rkb4dk7i6LALBuStzz+b8GWFewsVb7MZSnaFXPLeInAN1blP2KHty7TYPnHyfQ
sms4fXQPta7gokXrPX03fZo0jTzS/KPFjEvdJ26zwHhNN21IS/p5cj/KnO9HathjutsLXtMCqI/3
WTCFyG9Mo96eLcUB8Idm7fzbr6eoQbGkLuvx/vyjxcMEAohfo4DLV1rHUWvoi3S5tHoej3dvssJA
aZfCwJAFJyjWx4msuBP7NqRls4ZRxcb9qHC5xtZ9p5Pn/HJoVS493b119aVbrP/JIOOhXWvo8K61
dOLgVnr+7KlU4ctMBYQ2XRUjtF5P/nhEaxaMkw9HLBh/sp96KA08f/ZE2AoA/EJWSPdD1XaU8It0
mpQXj7/p2P4ttJbTXzx7VO5/kiS1MBFgvJw6souKVmrhRsGuQHKVFkPo44QpaNnMwezX/oJQ6Bcq
1YDSZC0YnL9x9uupw7R/+0oKF85FB/X40X3Kxn7to8eKb8QKPgWFEFwUjO/TQJRIoDiRjBUnoISh
wRMNEdwD7Gb3BZuWTqWb1y5KdFD8Q9kjU57v6a1wzv42Lp49ThtZ6QLyR4gZL6G4WEDavUxJn7VA
SUqWNoc8g+wQVs0bQ2N71nH5iy/b2KrfX3//RXAVYILQ+7Yso0vnjouCSdKUmSnJl5klj7PH99Hh
3etENmB/SJ4mh1s/Xb98jnauX0BvvRWOnj9/SlGjxaYsX5eiO+zrfgMruuzeuEjGCSz6S9ToQFHZ
ZYMGf2Tx7MkftJfrunPdfFbOOSFarQkSfynrw4FtKwhjMX+JWloE+Qus379zn66eu0p/PPqDelfq
Tb+d/Y16LOlBUWNFpedPn1PMT2LS08dP6aP4H1ll6QmsnjcxyLtz+S6Je//OPfo8QzLKVTInJc/8
hSl2kff62evp5uWbFC58OHp0/xHlr5Cf/WRHo90rd9OaGWvpwrHzPC7eoh8a/0A5S+TUYl746AjC
esqVhxTAl3Uz19HuVbvpvcjvE+gQk2dGu3JRvMSsjKQfMEYed67foXVsSb7+p/Uiiw+iRRaa9s/Z
h/n2xdspQfIEVKBSAbcfl/fZAnnn0h10ZOsROn3wtKR74803qGDlgpSf44Z/h8euERRkWTJmMQ2q
PYhq9avFsirB4/1PiYV6hgvHlGUO9dvB5YBCHrJHgCLFd7W/Y0Uu9zLkof7zURaHtxym4zuOS+r4
yeJTLFbO+Hn4z3R0+1Eev29QvnL5qFD1b0K0S4vz5ah9ev/2fRp7cBwrhFyn47uO08O7D+nt8G+z
7/hkTHPPLlYcZOGr3FGvJ6ycsWvpTto0fzNdPPmrtOezVAkpcdpEtGv5bkpX4CuRp70Nz5/9SdsX
baNVU1fTjUvX5THGRv7ybLX2Q3buD+4ve2C53/ztJu1ZuYfu3bon/Rk3YVxKnTcNTes6lWb1mfXC
wPrmBZtlruPjNXXu1BQncVzav2YfXTl7hSBbMBmApSJKjChutbty7jfaumALs9G8Tc+ePhMWi9yl
ctPNKzdp9ZTVtHURvy953UicNglV6FiB53cwy4UvY3Azy/k3LkvHK8pCOWDN2L9+P53ae8oau3gW
M0FMylY8m1VXtAPz7sSuk9JfeBAlRlQqUvc7ylAwA7/XHAYGy+LQ5kO0dNwyWYuQJuGXiSgzWzff
47XtxM4TVKplKSkLc2nHkh1WHSCz+MnjS96Yj6unrZa+Q/1RvzgJ41Dm71zvGuTrS4CLjsObmLWI
6/zRxx9RlmJZ6TDX89S+U7I2vx/tffoy55ch1ias6cu4LdjQwh/qVbReUVZKfMZuBTbw2r2ZlY1u
sUyjUfl25ShpemNTyse5L2sT/1s8ZgkNqTuYavat6fXahLTHdx6jVTx+TvAcRoDv8mzfZ6P8FQuw
uyT3Maiyw5q7dvo62oA1l9ezyNEjixyC19xPeM3NL213rZ1/s8xOU+10tShltpTUa2Vvdyp3HhJv
vfWmZm8d7974nVZPXSVjHjfR18kzJ5c/K5LDCdaMHTwGtyzcQpdPX5Y1A/2Xo0QOylg4k9vcf/zw
D1o+fpnkgn7CWD667Sit5fciFMLw3vmxeUlKlDqhQ0mBW6+3BF5/YB0K1xe276C9U6fSr7t2SXdG
S5iQPuXN56uHDxN+ixQfMZxdgL0lGy6wBr3FlJb4DZAoTx6KnigRnVq7lm6eOUPPGUz48NNPKWGe
3PRe9Bghv4d4vUHaPVOm0LElS6yhkyBrVspUvTrFZNpyp28o+KQ8wiDe3mnTZVPyP7xGfZI1i2yc
o+5/sHVj/g7t3eh2H9zg9ziXA/pYBNTtkyyZKUFmz+8CWObhN9aJ5ctpWes2BOCgcO9e9Iw358Mx
le87DGS9GzkKvf1uBAYZ/pb8H7BFovow/It/r6Zl/+uRPvyQrh07TseWLhW6ZpSPZ6nLlqX3Pwr5
PY/nYQW1tr20bz8NYrpjWN3VXLWSIAsNeNdIP+kNHFnmANa3MLBekymwH1y7Kv7mATJET5yY8rRp
Q7FSfGGmsM5B33uMwa09PDZ+v3hJ7keMHp2+YprmFD98z997zr8lrQzCOHl4+w7tmTyZ3uCx9Tf/
ds/EVodvR3iHN7GfyH0BRbhNb/D7N0O1apacNdsH12/QIbbaP7Z4sTUuEubOJX7ktwwdRiUnjOc+
z6LRXUc/x6B7Jl5e8Ry5xhubB2bMpJOrVjENeWQZNwkYWPqSadVjsPzt492XMehlLRyj6XjaMXoM
za1dW5gZcjQJ/g0PEO1tzB2Wvxl0kzcdj3OAuzuYCeLC9u0yDtNXrkzpq1Wltwz6Zist5H6O5z6D
aW5zn/snUw3MfR6D7kVZSb09wZzv+8UXAuLlatGCKbh7uO2hAcwbwvP/2tFjjrThsG47OPsn2s1j
EvMDIVriRJShajVKzGuaXRZ4Djme3byZDsycRVd4vXzn/fdk7yY5W+im+L44RYoW/YXbdeMX3lhn
2myE4sOGMbBeR871H9bengld+3mN9+6huGlce5nynOV+/ZeTtN9tDP7FVNiZ6ctSJXkMcr52uXOa
B2wBfnDOXDqxYrnI4hHPVbiRQJpPsIYa4wIyODBrNt29fFnmKKzNv6pQgan2Y9OJlasE7Lx27Jis
xdmZqv5LVngwwxO2UAZNOMYWAmh/k3xdgC7u2UvjCxd2BNaPLVlKsOTTtRd7PVnq1HZ7B2gZoDKH
tT8C3mcpuV/Ob9tO+9hX8n0GftHHGC9xU6fWJG5HvLMALP/KVPM3TpyUZ5E+isH9UI8+L1jQ/TcN
yw77kE8ZbB2aJatYrDfZv0+sB3XOIQPHOcL3/RmDD27coMPz5tPRJbwOcnvwToBbh8jx4gkoXXI8
r4P8vnwZQcHQEmPHUEZek8MKC+rzu4fHbOR4cdkVyfYQ7hfgD3hD374eQaN1vfvQ0latKFWJEjwe
51D4996j5jzPosT/2LFogN5gOWh+5LDre4JjQe6yPxwEbEIJ4EWB9QOzZ1NbXs/CvfsuYewBMIU7
hlYnT8g9VUBSYP3U2nV05cAB63sA77bPv/6aYn6RnB7yurNnEr8H8S7neYVvFYD/sVKkoF0TJ0r+
AO+hVCDKDZzXPVbYQLti8Xr3GVPoox4hwj+w5mqZ/oxBVeoqxv2Fb5BNgwfT3Qu/ik/zbNyPmFsh
1iYuEMDhscVL6DB/E948dVrkFvnjeDxGfhR2IfO7BO/T48uWy5r8QezYsn7hOwkKH2Brwfch1voo
H3/M6X/Q5oQ4mmBlmIoyLPerx46y+4SN9IxZXrBGxf4yFcVhBZNRefOJi4Mw8whRAw83eAyc4fcP
GJmwxiKgnGSsVPKYx+OFnTspd6uWFDVBAnkm/7h+vrwTzm7eQhd27JCk+Eb/8NNPeE4Pt977acuV
o4z8DndydwG5HV+6jL/T5snaibUpTqpUFDdtWjrO75ak+QtQZl63zYBv8F3jJ7iUYriv0D9m35lx
3c79lLsva66+SzCGMFfxPslanzEnns+HWKnv4Ly5sga/z+++fO3a08fp07lV0ZcLfV/AxcUgVoj1
9ptfxyrWo2r8Tjjy8yL5TQM5Jsqbl3I0bSLvWKe6eCuLALDuJL2Q9/51wHpoALU27ymDZG0qZnIE
gRUgBt17j8nbKNEXGejWtUtUq1B8Sd526DL6MnMBzco6njtxgFqW+4p+qN6OfqzZybqPEwXWnai7
l0wbRJMHNn0pwPqqOaNobK+6DOQWomZ95ojiAF64ET/4kMETl+W9W8X4AiBho++Tk91CH/EUMFZ6
e3nB2zMIug5Nph6SeH17Yt9GDPAPlfiycAWlxALjZO1/6dwJalLCtSmAOKCnb9xzFo3rXY8unT3G
695/sK8gm0DJmPa+Y5DfetDoj+5Rizaz/3IELUvjyk3+Z+9HlZM+t9Jx2Qg1242mvMVCfmyiXbA8
R9DFsueUHZQwechF9+jejdSpBv+ICyPU7jCWchep4hYLLgy61S9ktd18qPLpwcoiMeJ+Yj7iug3n
sdtA7mmbcKF1xbnON8yRluXSiZII7nsKWfKXpAbdp8kPW+TTo8E3dHD7KslT3A70dymOwGXDdrhs
4IB4FZv0p8JlG1nZgmEBTAv6HEwRebjd3eq5lBikj4Pkb6b1RxZYEyB7da9gVYJPVBZ2lwn+Ausr
Jq2kvlX6mEWEOE+QLAGNOTjGDYQAqNT2u7YS1+wr3EAds/+Qg5qOaUqRIkeUOKCyLp+wPN297qJn
x82uC9lvNAPzaxiE0jyQ9mX7QlcQNiyLdWxSzug5gya0d3fxgbqq3Kv1qEYlGeAAUKxh/7r91Cxv
M7nUduBC0+DcTj2sdTp76KzVdsRDQLrkWZLTgHUD+IcvbyRzuHHpBtX6qpbIT254+AfwsfW01m4b
OQCdaqapyWDhBUnljYx9lQXybF2oNe1Ztcet3SoPlQUApS6gYHYAsDw0yfG2KT+NYC8rQ6GM1HJy
S2ZheV+jCCgG9gJv5Y6EkF+T3E3o6Najjn2FOPb+xb3r7EahVcGWInetG+4jaB8M3TaU2SFiu24G
/QdA3atSL7nSdCo/jfgiPtYhO7hGuHLmimZnHe3ldZrbyQ2wXjF5JfWr0lfio045WAGmYJWvuZ2t
5B7Sa11r968tSjJ44MsY1LXizrU7kif+Id/BmwcLmImyzHGGZ1DkGHPAtUZdPX+Vyn5aVtJqe3Ch
9arSrQqVbeN6LpH4H4DNgbUGMlDrUuhySoe4Knesm/2q9rXyxDMoz6AOkC/WOrP++gyAsa8BFuAb
ftoQIpnWUdtVvn15wp/OLbhLqPKF692MOFhX289qT0PqDXEbk3gGoLnfun6yxvs69zHOAVZjbQ8t
OK1NAJ+HNRhqKQCY6VEvtLHn8p6ULr/xjcKfOftYuaK5l2vu338RdSjWnnYu22lmH+I8RrwY0n/v
RXnP7dnWn7dSx+Id5Z5qt4dlkX/h+AVq+21bUV7RftJM0a4orCzQn9f3+J+7NubOHTlH1VNVdxtP
iK9pVRaDtwyh5JmSaVaB4/+EBF5zYJ3n8xr2/7qc/Y/zgHfbw8S4R3iPgeAWx48RfBs+ZYusfrzZ
e+vM2ZC9z+klIB2fV5w7l1IWK8bnevtv2jpiBC2oV19u6PzChZTFab7r15etxBu7ARW3zp6jUfny
EfxTImg6rR/umXXENX70Hfn5Z5pUvLheyrE4b+DaQSl5wP+wcd1T6Wf1pu2Isutt2cLgfCaJ3/b9
D9zWDet5pky0a9JEms2AHEeQXKxnnNbXAIB7EssSG5ShBQApTQ8ekL6y4nHxAqwzuKHBlCHOG7JC
Rbyv0upjOd799SKN4Y1t2azlOEHdaP2ehszrs29cbLL6G64eOUr92MeurrFKVa++4ZEvnoXoX76P
+nWNH1+K1vZIfPnHjeY6FxsyhLLWqytxXLf9G4NWBj6cQNl2bY8etKJ9B0nlVsegOVKoR3fK1byF
9ZvG1zHoQ3Xcot69dIkG8kYtrEhDC6lLlaIy012/4TWeAut6reuGzkdYicMq1W0Pibtji8z9epIs
hCz4LlwuwD+4o+KlVVjoJ9tGjqR5bPkYOW5can70iFjI2lMAZAFY2+TAfvHvrM/P8rweni27XLrV
D3e4v1Iy6FJqwkQKH8n1uxq3HzOd8XRWlpF5acwRVxJuNIeqrPSRrPA3cu7vvyUMLK5ngBE+4usw
rbRdeQayn8KgEnzHN2NAMQqvAwj4nlwjY7C9XLu1C2OQQyF+DlDZ/F0N0Ho80/0juKXBjSBZ/Dhm
DEVgRSMEpe7GeNJxUIXXXwChe6dNk7koETkt/L62PHHcWqPOM2AzlEF+CSxDjec6cf23sykAyOyf
Og1dDwKSUGZo/mQBrvVjKnOtm+atbdP79bdulbVdn+OoAKncM/pY0xTs1s2NBn1tr16ilGXm4XTe
FOOPASYz+DMG77LCU1cGBRG0PTiX3g3q42JDsQ665h6evUhQMNTeJ055mnWrzspqSVlZwh4AGmEt
yt++PbNLdHJ7/Pj3ezSQlUSgpIBvkCUMwu9kJQEAsea6biZSYF3lC5BuYtFilLZ8OUrJ3wO92ef5
+3HiUJ11/lPBz6tblw7NnWcxESiQZbIT6LgBxX0lBhUnsKLNiVWrZP5IfXksKYW+0/jEuIJiDnx8
61gz24l1F3MRAWO/1upV4uveisOP/ok1F+WZ/ezLGNSxpHXWtNreErzGZKzuvp8OavDxLEtR7jTn
IzIJWgewRsK3PcJuVliYVYV/i9vWCMsXNSLxs7DcAzj1MZLaA5QCl7VuTZvYLYUE9BNCUF/hNLS1
Cs+9DU9YYWherZqicIo0lvxwYZRnspj4+k5AX4wrWMh97LoKk29C7Su4S4JrIvPdhHV6RK7cdJ7X
Va2bVM2on+kCArcRMHd6fPqZnOs6Fnb/+Cd3X9dcjD/QrGu90JflWclmPq8J+q3sqnjYY0riefin
69ZxVs4NLXzA3zpNDx2kiIbveR2r4noDiYPmidZZ0jBzT8So7oYTvsgiAKyH1ivBz15/YH3uUcsf
+B9s6bx+0SQBE03Adt/W5dSzQWEBn0GLjmf2gIVk76Yl9D6DuIlTZHB7HBqwPnVwS1o0pR9VbTlU
rK/dEgZdeGOxjvLV9zaSJeI6gG5eQzP2+54hV1G9tI6wFvZEMx/aMyuDoJNXCaxPH9qG2QD6UJEK
zSn7N+XE0vwyg+d9mxVj5YjrbFHPoGu5RlaVsPicO3mAHt6/Q2N71KFrl4M3X9KzDPL/UJtB5qM0
qX8T+q5CMypbv6ektfzF84KTMXdx+rZcE4r4fhQ6tHM1AQTXl0VowHrilBmpSvMhbP0UgaYNbkEY
Ox9+FJcGzjkSYtzcu3uTfj19ROLOH99dLMDteWujDu1cS93quj5AtR7mS0njAcQ3GRu0X6AoAhcG
tdqPpZQZ8soL7di+zdSHKeyRn12xYsvyGTS4XXnJNvKHH1GdjhPEWh1W/GN71Ga5X5NnJrDeqnx6
C1iXOhofOFo/AOv1u021gEZYnp88tJ2GcFkmsA5GAbgjgAU6nmk5ms/jh/dFdtevnJPneh8yKVKx
BaXKlJ92r18oigtNWckkQ+5ibBnoUqjxVRanj+ym1hUzSj+2GbKUWQm+YKvHJ3Rs3ybqzkA+2mpX
PvEXWD+9/zRbaC5lADwSrZ+9gYGAK7Lp/031wsK08eTxE/os1WdiXa79f3zncaqXyfUDCWBEu5nt
6JMUn9Dj+49pNQNT41qNlToKiLog2I8tgB5Y4AK83rk8eK0AyNBoJFspMIA5lEGWCJEi0LhD4yh8
hPAq5hc6KggbFrC+aOQiGszWlgiwKqzcpTJFixNNrOyndJ5C62atk2emb3P12YsHkE/z8c0FFL91
5RYhzYENByQNgNcuC7pY4xB1ggzBFlCpK/v8LZyRAOjsXrGbupXpJmmGbhvGlteuD3MA67XT8TwI
Aq8wBrQ/JHLQP1jV24F1PLp06hLdvMRWTcwI0On7TvxB9neotPj+yOLWb7do/7oD1LN8D6lNxPcj
UotJLdnq9zNaw76XJwYpLMDVQEIeUy8StE8BkCOgrOq9a1Astlzex4oOP/WbLWMwLltijz883lJQ
8FXuyPvE7pNUN0Mdih43OvVc2lPG+tMnT+nQxkMCKKMv7MC6WT/UrenYppQ2X1rps4NsfdyhaHup
H6z6UT8d6xvmbKCuJbuiWMLcAivBm6xcsWDIfDq48aCkwTMFeHHuT7jOFv6df+jMbTshyTGWvsr/
FeVjFgmwWAyrP9Qqq+eynpT+6/QSD0wT5w6fY2vyq1Y/4wHSl2xRigHQr8RCd+GwhdRxDkD5rJIO
/3wZg2DOmNl7Ji0du5Tefe9d6jCnozBAQNEEc+EM93vbwm0k7/rDGrCleHqxsscNAOvlPisnQHL9
IfUpRbYUslE6n2U4o8cMuT/hyAT6INoHkh7917/6AFo+wWXdDWvhEk1KUKQokWgvW/EPZ/p9xEFQ
uUNGB3isdyrRSe6DWrzOwDr0YSyXhT6UFloUaCHAKizkaw+oTfGSuDYaJYEP/1DWvEHzaCqzFWjA
mlm9Z3UB0SGn88fO849YonJty1FlXk8QYPmM9R3pB9UZ5GIo4PvoqyxFs1CR2kXoHKcb2XgE/dis
JFXvVU2eeTP3kUe9IfWoaN2iokBSJ33YaxOA9VZTW1lrIEQ6puVonqs/SbkY67lK5aJ333+Xfj1+
kfpX68f9fEaeTTwxieIliivtgoKQKgygHrrm3uQ1d6rDmvsXe5dqCsUYtgBH0L5EWjNEjxedxvDa
ZAfWMdfBxPEGKwMdZXaRca3HhUp1f+/2PaqcrLKs1Sij/ez2lCZPGin3wPoD7Maji5yjDycemyjl
SV8dOEOTOkyiXSt2SpsLVikoiikPfn9Ivcr3FDYJyLDN9Dby3Kx74Px1lsDrDaw/ZIsG+O57yBZv
VdgyOUmB/LIJc+PkLzStbBmmTT4UAtS8w4Dm5B9+oIu7d0vHY54lKVCA0rKF4uPbtwgWajLP+X41
3hT6vODXsj7CumhS8e9l/qTjjc5czZuL1dl99gG+ccAAsTLjh1Rhzk+UimlcEZ7cf0CDM2aUDSuU
k4+t0lPw5jiUyHcxyAVLOC4sRB2R9jlvcF7YuUOsobGxt6RVawoNWMc3MPx9wnoSlh47eFMXZWbk
jUtYqcMiBX+w/gFwh3D9xEmhgN0/a5bIrcaKFWwRkkfWWYACR3ijEZu6yKcUW8GmgpW3jz4iUQ6A
9ZG5c9OFrdtw6ZIvH5GvGT4AsM6ADZQgrMBrvQLriJ+1fn3KzBavsGyczXXDBjUA1LIzplv5QYFi
SMZM4hMX9L0/srVn4nx5Ocv/0NlNmxiocP2W/PCzz6gZ+80Nxxb8/oRnjx7Tb0xlvbJTJzrJslNg
HXnBQuov7hMoflzet89S7pByuE1bGUTFZmYqpuwHXf/7TPf9B8v8wOxZbIFdR6K59Ten8WcMSka+
/pP6jeD61ROZpmRry6+7MCU5Azq/X7rsNmaKM+iVhduB4M8Y9LVqiA9gfRBbWAoQihv4IOCx4T6a
SKz7yjAwajInmsA6FB5gDftR8mRiMQcQF8G0FsX14QULLSWX9Jj7LTD344v/2o39g+Y+x6vAQCzm
iL9hHst7GwP43/XvT7C+9zbcYKvHXmAP4BAvfXoqyuMpFit8YL7vZ0t0zB/ICP0EkBLzCADFxOLF
6Chbg0F23/A4/apCeQoXMSIBKPupeg22jHd99zSC4kq6r7ytjls8bJIPz55D1tvSvIagDKeAfgGb
BdZbzFmErSNccwTnUHgATbWMQbYsByU22oZgApW/7twlay7uQ1Gn/KyZYjkLVpB9zBgCkB+yAJBS
mdlLVIECgMOjW7cYyO8p1nFIj4Ax8v2oUWJ1u5DXnnCRIrHF8SFZB6FA0yeZS1kRdf6G11/4SAfT
h67tyMMJxEV7MZfeZAavyfxe4RFsAZ1IYwbsE8JaeEWHjlbdMA5huQdfzzPKVxAq/S95HSxnrIPI
Q0EeAChFGdD9NFtWsX7dPHiIKM7gfnNewyJFjyZFruvVm5YxCwiCp+9dPIMVuwms+zMGkY8qk8Ci
u8iggbIOPmFmhv3MIAAmCvSVE8sB0voTFAx16hN7fseWLaPx3xQWFhu8l2Btbg+QEayPI8WITvH5
XW8GKMGMY9aYLKwUgHXyzMaNNCJnLskPVutgjrEHBdbxPYM5B9/Y47gOWA8wf8EuAbZPe1n2fDxd
Yz5CEeARM9XA6hjvWgWyTGBd433B78pC3bvRHaaGB6vFkpYtJWusI2D9gEzgF/nSnj3CcICHUHTJ
0awps/5EpysMgPX/MrVVHaw9mbkdiZiRAM9Ws397yBD5NOUxropu/9Sai4r5OwZ1LCGP+KyMWGzI
YFkXljRvQcdZEQMAYItjR+mdoHEDhps+DJjjvQU5lGNAMzF/b2GMw3XAFJ4DkIUA17weATi8z9+2
V/YfoHk8F6C4ppbiT9mSHN+wz/k3Jp7FYxag0FgMnPoY9TYDysY7H/LAOwHMHOkqVqKHvC4ubtZM
3neIL/XjsWOCoWY+3pyjrDnVqtPOCROkLLBw5GjShFlxogj7x8KGDUUWyMsE1v15J9z77Tc6tW49
zWDLdASs1fiejcNW+HgnLGelGARVZpEL/vcry3dw+gzyvVxt2VJ5j+CdCpcNY5mtAW1wAtaR/iLP
BzA3PLx1W743lfnB/BbRcvyVuz9rLt4ll1kZ6PGduzJuRMEDFeH+TlGsKGXmb0+8939mJcEc3Odg
vMJY9TWgnJFBSglIizYi2PNygeTuyrQ6VgVY57Kx/n9eqCCdZ3YvKAJyZlR68iRhlZFM+Z+vsmj6
9xBN6t/xjWAcz78M/h2pXmtgHQAbQHLQWyOcO7Hf6pW8xatTzbaj5Fotkk3/6VZEL04UWO87A77K
U0qKZ0wBByrt/i1KyLUnS3g89AZYRzwtB+eYaGgbAEidfLAUzvZ1aTy2wpYVM2kwb/4KMNh/vtuP
JW/LRWYKWr4KKnipLK8ffzGV0uPHD7k9bIUf6QPazxTcPRt+GwLU1MaZ7AOQB0Dl3EUq62PemHjK
AE84uUbfwz0AgpOSw4kD26hDtewiSzv4reMj6ZdZxPr9rbdcdMIAzpuUSCF5wg0A6NM9BfXTbs/b
jI9FFT9YxveuL1Tw3SdtZSWOjEJTiHiQi7ZH0+3ZsIh6Ny0mVvu9pu6iaDHdwYTrV85T3W9doBoA
6Ix5itOjB/eoRZm0opCQOf+P1IABBFPjDO4D4MLg6qWzbrKCiwVQ1W9dOUvGlILhqLen+uG+1sEE
1iWB8Uzz0vt61LS4huJAu+ErmWXCBTrhHgDwt4No7v2RBfLQOWJZpb/xJk8wPCFhs4BCQdpshYWZ
QF9w/gLrrlxd/4c1YP/NwxYI0AcLS6cAC4hmeZvTQQaMQbfdZ1UfAcLNuFt/5rHLFoIIAzcOYmtI
15jUOFoOrovUKUK1+teyKJ//5D71x6pT83Y6KsgZGrCOZyViu9bGki0YZGLQSmWLPLGmjWWFgdl9
ZwswBzAUwFxftt5dyVa8MeLGoKHbhwoQr3UAWNK5RGeCxaMdeNU4+E4BVTTo9hEifhCRpnaZQpM7
Tw7hQx2ywQfdupnrqUe57tZzlIOAvgFFd1gB7VgxaYVHYN0fWYCGGUGthQGGjtwzkuIGgWGQH6w+
IYu2M9oxrXeu4Gq6vtWCrz2dBc0BPNY+BbAe+7PYNIQtOQFUaQCA1TRPU7nsyKBs9u+z6yM5+iL3
tUzxD3m7FEW60JuGa5Qbl10KD5nYEr/JmCbWmNnG9O/tGTyHlfDI3SMFJDcr8BvA3yCragDQ2Zn2
Gq4VYEkO5QnMi7qD6gpwqunmDJxLo5ryjyUOCvDqM3+O2xZt5zq2k6QNhjdkoPU7K5uH9x5S99Ld
RQHGDv4jkvYzzqE40JtptT/P4FICwT2AkUrjjmt7CGsMIr5Zxsg9oyhxmkRWNqrsAGv/CccmOI57
9DHo0J8x9TkAeVhyN8/fTJgHTPmdYvC5VtqakjdA+qIsezPAVUOj7C5Ft5G7RrKLAdfmJ+Koz3s7
E8NDBkPrZ6kvluH2NGbe3p6bsgDg2mB4A0u+mFszes6kCe3GS3ZTT09jFoRYVtZgC4BSjrI0NBvX
jL6uzEBTUMD6o+tGmHOfN3LHtnZfBzH3rbWJ50rPCj0t4Dm0tQlU/1CAwDrbc3kvUcrQOmGH8hnX
u2G2BnSSFVtAYV9vcD1eh4n6Vu1DqyavkjkFxgcoP2mA64UuP3pecxWUl/V4XmdN5jry+hLWuwd1
BhuBR4t1rt/MvsxWxGss5sWI3SOsNVALg4IJ/Lwj1Oxbi5U4fpBztHkoK3Es5HdwKVZSqdbTpeiA
hyfYHQCYNrDWAfyH8lkg/K9I4PUG1hXYAPjR8uQJ9sXnUnhC7+I3EwCLaydPUlMGAcIzICKB54rQ
wfKGMdaPYsOZmhgb+EEBgPL00qVlYxTAa3MGXv/m+a1AbQEGUfN36KDR5Qhlw6UMfK/v04ckDYCX
dyKIH1MFpusyoOtGZ8v12DrSBV46WTSbBdw+d466szW6G9BqRrCdS3y2mLEDzrZocqkbUpBFnQ0b
6NPs2VzRuH47mIocm5/w9Vppgftvbqe8vLkHq5g+bDGT/LtvqeK8eW5JUAcFuqwHXA8F1guwRaAp
+3MM1A/LmpWSw6oO9QOri/Tvz2LlB7k23L2LosSNZ2WHk9vnWZ6wKOLyBAzlTV2/Q1D9LB/wvMFt
BTxr2IAO/jTHDViHYgXYAEDZLcB0HQDp+pH6N51cs5bGsrJHWfa3m7p0KcnOVBbwegz6oQSBwrAR
3Tl2HJFPbgZJQEmOvtEAUBYAJSiQIeOmPN4BopjBlzFopvP2XH/D7585kzdby1ngpfUbnmX8VpAb
BTNPBdYBDjTYsV2AUDzHb6BRefKKf+MGzGQQP5MLJIMbByjHYJM3f6eOVIDBTXtYwhZ+UGqBGwmA
8v4on+BbbCaDGHBp4Qj68VgKEYK6RObHUN58ZhCvMivD2N3sHVns8vWN9K2YVh3uL84wze8IBrcQ
nKzSYcU9gpVhLu7aLeABrFZlb8WpHpKLwz+uH/IZlD6DKBfZgQuHFNYtUEV3jhVbrgHUfdOrp/sY
ZHktaekag+jLZgxURoz2odWH6L+abGFrrftBOYNWFoo1CHUZ6LTWu6DnCmziMjPPyyID+lt07Rhz
uj5hvEDR6ihbtmPNr791i8yFoGzY+n4Njc6fXy4d+1Mj8hFKU7uZMltBM+OR26nWzS4PBYAw/sD4
YW8z1kS8owDGARjC+ID7itH58os1pglcoUC0EyDe0MxZhAoeeUbi+Y0xqsHcZ8M9f8Yg8ptdpaq8
J0U5QlwEBK8zv6xdQ2OYarkMr4NpgtZBLd/fo4KhYfUJ8te4oYFinuqBtk1moBQU93U38TjLls0C
sLGW4F37WQ73vQXkpX0s+eqay3m9TOUCKC3cZMUOKAiB5luBLBNYxzq6aeAg6fevKlaQuafxUP/v
WJkwR+NgcOkyg78D2Drf6VsG4xvrI9639VgWn/A7WwMUWgDA3b92TSipwdLyT625qMOLjEEdH8LE
sX6dte7CvQ6sghGwLr3HShcI+D7EmgUlAri8wDpshhunoSCVBJUSBpScrDiDoFT9Zv9oOn0WlnsA
7TunPDQvuFIanMH13is9ZQq7zCmnj2TtmPpjSVEaehnAujA9pEkr+TuN7XNbt9IwMLCwLHR98ued
oLKHglH3Tz4NIXv0/6RixYUhqtzMGfLNrI3ex+5HAOSKNTsrYb2J/fSgIMp96dIxm0thglsJ8/tI
4+DoTf/4K3d/1lytm9ZLwWson2aoUlkfi7KM0/eTFcGHE8zxPsxcoewXZlKnb34dq6hbjZUrKUn+
fFaS9X36inKPXfnQV1n0/Cx09iyrQE8nAWDdk2T+f+4rqOwJgDNrpSAwgHWniYtFAaB0q0FM15Qm
m0WJ/qLAOqxo3/iPi7IYoDACyk+SKrMbIGvWFefeANxmm5CmfpfJYt0Nf+OwzF4zf6yAq4PmHbMs
9BFPrfGd2nb14mmqXzSJmyUx0jgFLf9VAOtXzv/CVPBDBEx2Ktup7oindUI/N+aNboDEnoKCp7Hi
JyaA4AqOm/FXzRtN43rWpf6zD1G8z1watXiuwHqt9mPcrMXxI6Ffs+/F33dogLmZR1jxEFfHui9x
kQ6sBfAVrgFjD8oHUwc1F0tznTvqHgBzALKIFvNjTWIdVdGgHsZZIdZ2MoLKQ/MzHjmehja+9Zmn
vPQ56tptwhaxJncshG+q3PDcW1kg7q+nj1LTki6FmE+SphZFjijRYokSASz9oTAR79Pk/OMwmI78
ZQLrJuiE+pgBgBtoxWFROnDDQEqZ3VVPMw7WMwVRTTpojaPAOgBsUKs7af9p3JdxVBA2NGD9LKh4
U1azQHMFis3yYfkJgAptH8bW5AlSJGBL5roCnnVb1F2szs34OAdY2jR3U1FCaDy6cXBb+bct/DlP
6jhJLJHt6XBtWsabz0GfD/DI03MzrtM55A9f8JOOTwphnYn4/sgCfo0RABpVTFKRYMHbdkbb4Pby
MwWozXoDeFs+YTk9uvdI0nv6hz7MxuC4UidrnwIsHLadN6MMUFfzmAIFhU6TxWd9k7FNXHXxQ+6g
aa7GYwMhEYO7mb/NTFFjReX5+B+xksZYgSKKOR91jCNNZwbwUF8Nsg4yaDiq+SgB0VUeyn4AMN60
qNZ0AEgxlgD0hjZHNX5YRx1HnpQ+TDAXiiSmso32MxQooNQAxgpfQlhjEHlhHRlQYwAtY9/TBasU
Yqt/l+IC7nco1pG2sT/3VpNbU77yed2KBr34FvbRPrHDRMtK2y0CX5jy03EJP9bjDo8TEN4ef/Ho
JTSYrb7BpGHKAZbp5ROVl+h91/SlNLnTyPm8wfNoROMRjvPAnrc31ypvjA30hX19wthomLWhMBC0
ZJaI/Mw8oMGcK+1ntqecJXPqoxDHF5n7yGzjnI0E6nqPwLNRIuJ2KdlFvklh7R/1o6iyMa5RAPZD
0QtMDTpGn7ACUj0GmMF+0m1RN8r4jWsDQdPgeIcVU5qxUk3yTMmp0ahGbmvQxV8uCqjttD6ZeXg6
R/rKn1f22L6/GKwQ4H/KKqreozqValkqZFa8Bi0a5WJH0XYJoM/3Aaz/PHwhjd43WphiNPGjB4+l
3WB8USt3fRY4vu4SeL2BdWz+90/1pVgtY7MyQ9UqDHIkFEDtvZgxxboxxudJ3f138lyRDVG2FBbA
mAEjBUt0NCgoiPdtMwYNAUT0SpJUHqerVEnSwRpFA6wOAVTBSlE3liN8EJnm1GCLnPETxEocFqH2
AABjVuUq4uuxyb69sulnj4PrG7/8Qr2Sfu41sC7xub4Ar0FvaW+fWxksjwVsHQS/rgmyMlXzehdV
MyxtYI0JNgAnqnW3PHy40Lp5DVagfmxxC+DabiUJv6h9v2BWGe4npfsHiCSbbGAD4PuVGLw3+wr3
/mSli8XNmhPSe6us4LGJRv1Mi3WJL7INCayjjrsnT5K+R7wUzHDwMVsav8vU1PCZGpUBMliwR0+Y
kNvgKlnlhitvx6Cb5b8rG6/+w9d2/5SpPILmyARsEYPTpSfMlfrbtoawoNT6ejUGvaqVcyQFN7wB
ypCDAutONPGbBg0WSy0zL42PtLDQTF6kiNt4Qn+dYZAMc/9FAAcTgDbLR7lXDh5in+E3ZZzjGgEb
4/Bh/C5bNQIMwSY0rL++53mCvDSgfrcvXKDFTV3KwgpS7J7kGn+gqK29bq2bQYKmVcDWbBdo1q+y
cgzmnKcA8BZ+0mFlZm6S+wKsgwkC9OcCmrOygl1xA2XDnyqYC2B112D7NvqI16sBqdPIdd2NUBIK
CVziN8BEBlIAiNvBQeSpwCbAa7uPezzX8PQBKwywz3YoCkFBA/7b7WFl5y60qlMnZ0UJIzLKhM9r
b4F1uxx17DwMskI2LUkh/8PzF7BLh/YiF6NY61THhHWDT7TfQgPiNL7G9XUMIr1QXVd2ATqgDv+Y
lTCC18FPgtZBBiA9DzethlfHsNaL369ckTU4UrRoLwSsK704xi/k+84HH8h3xFIGVrFWfFmqpChO
2fewdPzl4/6Kxuv/78zOsYxd3XjrE94rIdgiaf9509eHF7KLGnbrgnbBwvz9WDHl9/ZEvgf2ixJj
x7Lv+qpuJWibnOYbIqplPxRD4OIC9RCAmZ+9yjVXK+nvGNSxZO8b7KdDqRPufHRuYd1RJRJ8C4I5
yClsGzmK3YHUcbOEDq1/9NnLANbhsx1KavJtxswX9u/Gu8wU0pWVFM33gVMbvLmnZUVnphUoo9mV
wZDHtlGjaT7LAt/g8I3uzztBmR30Pe703al1sb93tTzUBe8zAMP4LoNRHr7R3mOWj49YgcLcv0Nc
M3jTP1q+L3LXfP1Zc1E/M305ZqxKXdIz5mS2x5/z0GTvlJ/WDetA61O/WAw2iHuelR6HZsnqOD98
kcXANFudivb+XgBY915W/0RMBc08AXBmHRRwBQg8YM5hej9yNHmMH+S3mXp6+hB+SbPVrdJj79qw
UCxwAbr2Y6vzcKw170vQutk/mgHSFavcir7K8Z0jkKtlKHjoZNGrcaAJ17EG/EBvDWHB/eDeHWpV
Lr1YINvB2KuXzlD9Iold4Hk/980C+JRuVyVbiPy0TPNoytQO3pvxfD0/d5wtydl3PQLk90W6XBQ/
UUpRNti3ZZl8fHiSi9bpwb3bjlTsTc5OdQAAQABJREFUZl0UDM71XWW2bB/jtvlrxnM617ROY0/7
3i53ez6aR1jxkM7bPBF3XK96lkKCffzhuRnKN+oj9Pc63jxR2JtpnM61LU6W/07xtTwn1gQdn06y
RV6aFhTzDXsE0xY6leOPLJAPPt7mjOlCc8d2lWx5/8YV+L6GEjU60A/V21vj5p8C1n898avQ3ALg
8QTMov5dmO5207xNZAd5UH8FHWF5B5r5Vx0UWAoNWFdwLWcJBoRnugPCWj/4foYfXADrYw+MJdCM
q79uXH+a8lONGuZx8ejFNKj2IPmhCfJDUM+/F/U9OnPwjNAOQ4YKuNozU0C0/lC2rq3rbl1rj+t0
HRao6Y8stO0KAAIwMqnvUY/getcXCmncM2WK69BCzb416cemrg9H7dP7t+/ThKMThC7cnlYtsk3w
yh+5oy8mM8X0NGbSMAPua6jQoQKV71Demo9D6g6hn0f+LI/DWgdroF1NStAGgJIMNMJf+NiDYx2t
Z3XumMCw1sHXo/YHLO2/qRbS/6LKGMoL9vK0n/2lpg5rDGpbQGVek63JAeBjvfkw9oeW4keUGEyl
fdxFpa3x0SdgidjMwDrkjnSYW1CCAIuA+j0326NyKFi5IFkKGJqhF0dYcM/qPYtSZE3BfrP7E+jy
K31eSZQmRrGlPZQxXjRY8i7JVOAznKnAdWzY1w3tx9DmitbvReY+8vAHWEe6sOZICviAX9uXNbD/
ZBcadcUdAd4fuu4gD2+CAutO65O36UMD1hUAB/APpgrHvudlY8XkFcJ2AvYBzD/ZmOP7CqyP2DnC
jRlBFAq43Ri/AWDdm556neK83sA6AEr1RR78RuX+M96v2FirsWoV03EGW6zLhmjJkiQ+MG2bwOh9
tQ6+ygAjwFJQRyqwzgtOqHv8kdiCF/SfoF8XgJeBrtIMYnmiQPZmtAlI6S+wDrpjgynHqTxVJEDb
aq1ZzTStuWnT4EEMMjahL1lOoFkPKw+nfJ3uuQGuXtRNgXIni3Dtpwds7WYC6/AhK3SmXIGw3g+F
+/WlnExB6nfggafAvyOwzkoB8NVs1S+oIPi3BsXvBd4odBy73BdVFi4U5QgkUblJcm/HINOq+hy4
MrLRy7SpTpvQmp8qtWDs2P19I47WV4B1b/pZM/bxqOCGk9WbU1a6ySsUruzewRzXwXkNtejtNb7k
FZbcGWyy97NTHTzdUwBKlD3quej18V1q+YhFQmNtgx9j0IGD2ln9o4aFP0IJ4mMGgRXksYNCZt1+
4/WvHytYKOAFS2hNZ8ZzOlefslBqUYt1+C3HePAmqLVgaGMQgDLqB2AdVtVQIoBrkNCAH8gT/twP
scKNnU4W9dI+sIPX9jpfO8E08FwWFLpanzntCPwLM0qRoi8dWFewTutkAhEmOI+2qtU01nZQUoNy
HcDQUaYah5Uwgj0/3POUJ57ZA+L6OgYV8Prj3j0ai3WQLVQd10EuzJdxY6+b/dppjmsctAOWxuLD
nC2QD8z+SSxWAf41ZfpkJ+p2TWs/bmdQUKjs7Q+CrjFuQAcfJb67MZB9/InRE4/x9Kx8oBbMHrL0
+7avfS0MHqzsg/Unb9s2pO4X4GIG/pLtCl32NtkrqtbEOm9BU6/AepjfWy+45qIu/o7B0MaStlnn
liq/YJ2GtTqAWqegID9cPWBtxvsptP7RZy8DWFdXJAV7dKe8zMJiD1qWNwoY9rT2a5Wd2U57HPu1
P++E2OwSBUHf496+95EG6+eqTp1d7gpwQ4PxDgaDUr6OHdy+IzQajiqz0PrHH7kjX3/XXLNecBtl
uisw6/6yzkOTvVMZKjOncSasDokSu32b+iOLwel3OhXt/b0AsO69rP6JmAo2egLgzDoo4OrJulp9
i3/A/tIBEt+4coFpwl30Gr2n7aZPP3devM0yzHOtG+jeAQzDShjhnQgRzWgezxU8dAIezUQT+zSk
ZbOH0Q/V2lHJ2p2tR48e/E4Vc0SVaztwq9bJ2tZI7FNcw4ZFk2h456qUtUApN7/Y+tw8hiVTM64v
5wqGZs5Xgio2HUBRo7torJAH/JM3LZnKBfzbaOzx3Jc6KRjsCaRHfhLwlWr7laVpncae9r1d7kG5
WQfNI6x4SKB59p7OYzFp6GNxPAPrK+aMpDRZC1Hput2Z5jrYIsQqnE+wrRXz44TCZqDjzWlMmGnk
i90mCzzXttgt+N3SGhdanhPzgCp3OMkWWWjasOYG4vojC6RDeHj/rlj1nz66m/3LX5V7jx/cozUL
xlr+5s2++6eAddNqe9KJyRSPwWWnoMCiE/irAJAJbjnl8bLuKbAUGrAOuuE67EfbifZa64F8an1V
y6J3jvd5PMtiPdS26C/NoLFr5lOVLfYBjgMA1LB62mrqVaFXmMC6J0BU8/F0DAvU9EcWSo+tAKAT
cKUApgn8gTK8cY7GQvfsqb56v+vP3SxWAO1T+Kgfxxa8H30cQ6NZx7Uz1jKFew/L2vXPZ39a/eer
3B/cfchA6R2hZL7N4BYC6L6Xjl3iCNYOqcfA+oifxaK2SrcqbhbrVgX5BBvGcRLFEeYAVQRIniU5
DVw/0I0GHmnwA6EPux5Yxa4HQh1vZgGhnGt/lG9fnip1rhQiJpQelJHBzgoQWj+HyMjhRlhjUJNg
Q6I5u544wK4ndLwPZcYF0GXX6l+bSjT+QaPK8SJotpkxAaHz/C4yXkABjwD5qesGU34qB9C5d13Y
xeOPK0/vH9Oyf/iO4eLvHOVA6aD1tNae85NaefdP5e3N2LCvuTpXQlv/tBYvMveRhwLrjaGsUbWQ
Zut43DBnAyuSdBUXDmB1CE1jHAoVMeLFYLcxLsttANfDGXxOYtDyuxViW3P1mQLrr8piHfS6nVmp
bMuCzcLYkatkLi06+Mh1k7azZb+p9IPx9aLA+uOHf9CtKzdZGTc8uydh6kKH76XgigTO/h0SeM2B
de4EbIr+ce+++DS8zQALaLafsY/tE6tW0vktbJXA70k3q2SeK7Kpxxbr+XhT7OvOnUJ0pfpGv84U
hvXZEhLAOqgMkRfoyyPHjSPlhEjIN95hOvoYSZPI7xQBeNk/r+mHOkQaD+uNGe9VA+tYP5TOGrTq
2NAdwjTAdwCaMqAQO1VIdimzfr6cK+AaGmDmlh/XzRNw7RFYZ1ByG/tnTsbU2AXZPyw23pzCf5iV
L1qihCGAAKe4Hu+FUj+4OZnM1ui/7tgZAnCFgQH8IwOYvnzgoPjSRRmwmNw8aJB8cyj7AYAKpdP0
aQzyePUnXGD67yEMvobmgx6yh7Uw5kgIhQIuVPv5nwLWQwOITRmEtsmrm/2m5ZoCqMijIrNbADzC
GuMUsE7ESJpUvs2dnod1TzfYxYqPQTcwYSBc3LuX7l/5jd5g5ozTbB0PWuXI8eJS431sPMN0/wpc
Y6wnLViQ/mSfx04BwHOsL74Q60C1jDT9rtvTqKsNAF4tg/wxw8/3GgbUwgqwuC3Aayu+nRXIhp/0
ckyv6/F7DWth0JBVa3mA+qBTDufgjxqU0QPZ9QLAKgBYGK9qwd6Sge8YSRI7VnNeHZfijZMyhh0Q
c8yAbyoYCIC0FbsbgeWuPeybzhagrKBijid7HFyjTF8s1hWs07w8ARE61hGvEiu3JCv8jcVMgH6Z
zeAdgDx7fojvKU88swcTNPRlDCIfMM/98fvdUNdBBVxNS3x7Hby9dprjmlbbrCAYfIAPDKKrbryH
wdC0oexhGmMXbBKwqoQP7BTFi4WwxgW7DZQahP4+SIFG6+A0/uCaA+4lIjCjyasI2m4nIMupPLUw
R7+ARQb+mOHuxMlaHem1TdXYZ/3nBYNdiWne9nUGsoHSCsKrXnNRhr9jMLSxpG3WuWWug+XYfUlq
ZixwCgdYjlNZmVEA4CD3NqH1z/3rN5jZIwUlzJnzhX2sK2U/1u6vu3QOUb0nzNIxmL8LnJgxQkQO
44bKDjTrlVmB0FRws5JiTiG8wDsBvucRdC30BVjHd/FjXpvuX78uLlEwPxDw3baDmRlCU0ySiPxP
+07XFKd2+iP3F1lzUTetl7dzXtvjz1Fl7+03f2h107zMfvRHFs3fHOFPU4LTBID1YFn8N5wp2OgJ
gDPrGBbgev7EAWrOQLoCi/Bb3aZiRrp45pjQtncYsSqk1Tp/UB0/sFUAuLTZvnH7EaB18wYINeup
5woeOgGPGgfHOWM600+ju7Af8Spida1a5abP7B6Tt7EP6gxWsj/YZ3nrChnp0tlj1HnsBqG+x0Ns
oHeplZeO7t0YJo064oclU8TxNZh1az9iJaXMkDc4C16cV84dKRbZnuTiS52UEh8F9Ju5n+Intm16
cHnH9m+m3Rt+ZqvuxhQ1BvtKCwoKJDuNPe17E3TVdOZR8wgrHtIoQNxx5Gr6In1uMxugFS6/4uHf
kfs/T+5L05iBAcB6i37sz+Ttt9zj44rTPGSQGIoe8PF0/Uqw3/W6nSdSzsIVQqS5+utpWs2gcjpm
W4BveTNoW0rV6UrfV21jPpKy/mD3BKZSiY5vJ6WGhZP60PShrclJtshY03oaA2bh/sgC6fdsXEy9
mxQlJ3ljjHWonpPOMOBu9t0/BawDpKn9VW0Bj0o2L0k1etWwPpi07eo7F9ed5nRiCu8gf49BEf4b
gfXLpy9ThcSucdd1YVfK/F1mbY513Ma+49sH+Y6fzEoFMT+JadEvf83Wrk1hefjmG1Z8nDxkivPF
IxdR5I8i09eVXD9GFCTD8wU3FtD7H76PUwkAZjqwL3LQXJsAtD7HUYFAALZl27i7ReCpJX6lI0R0
zUcznZ6HBWr6IwtY7yNo25yAK623p3Zp/bw5KlgIa2qncQgArmHWBuJXGr6KS7csbdUN+fsidwW8
+65mqu887j/KUY9GORqJYoAJ1s5iP8tjW46lDIUyiuX+W2+7wF2zbegruFaI8O47vE6+6VY/p7LO
Hj4rjAnIwyzLzNOXc+0PKHXAFzSo0K3AdVs+cTn1q9ZPlD7GHxnv5ic+tH628gjlJKwxaCbdt2Yf
+0ZvTgCVm41tRo1zNmZrxKdkrxPSaJswHsFkYPrMvnvjd7F2BuOEKb+dy3ZSm8Ku94YjiwbLAm4b
MP9/aPKDm09vradares1jo55mRF8OFd5I4msqcV5TQ36oYp76oMb5/1W96PUeVLjVILOFW+A9TDn
PssClv/mOqhzH4UJvXupLlSla9hr04GNB6hprqYCrI/eN4Y+jOVSxnTV2vVf1zP8kA0fIRx/azyn
RtlclPdi7T3aac19yGvuYrc1V/NUYD2lWMD3c1de4bY9ffqMwmEj3JCtpsUxLCp4/IgfxnTuoLCP
lyQejWEmk3DhXRvrms+TR09kDJ/cc5KK1StGdQfXdX2/c9oXAdbNMYKy4Gqles/qbr8NtA6B479J
Aq83sK6W1nl5I7Bg587uc4/nBPxAr+/b1yOwDiCsEW9+i6/LoHmLDdCdEyaIb3E8bwaaSv6t0f/L
1EIdXnP1akrMvodDzHMu79nTJwJqwTLQBKsB+IDqHfmZAb9dD8DfKVs85mrenP2yO397+Quse7uR
hTqpLM36pWZf82WmTXXe9DQj+nCugKsjBXWQDN8OFz5YvnzPV2B9Xd8+BMpdAOsVGVB6y/5bkvOE
z2EoZYR7l39L2p/70B70s9avPlufx88YvGfxgDe9+/KmN/Y33CyZg9LsYT+mLRiY/iB2LLcStS9M
YB3gis9j0C1X7y9unIKvVwYlud5iNc/KFm7jnesPpgjQ/0rbAGImTuRWgPazL2PQLQMvL3SDXq0n
rWRBfQy/0uG5j7X+ujHrVC/NywRCsfEMdxPYXK+5Zo13c9+qhG8nZ9jn94icuSSRi+WCf1favieO
Ll5ME74rQqWnTGYfuOXdfMMX6tGD8vCaZ0+DMSrjnQEBBecOzp3HgHcJsbiGdTYAbLfAaWT9ZL/A
eOav73jkeWDOXJrKikwI1VesoKTwPW62i8t6cOsmnVyxUnxRw4pXLdOQRiyWncYgW12rv/SWJ09Q
lI8/tqz4sJ4WFr/OyCE46NzCnQpz51Iqph83A+byFvZXr4CY+cw8x+a/Wgw6yR2MFPBRDtDfHE9m
Hnr+qoB1Hc9Q1IBVokXtDHnfvEFDMmYSa3+ntipYARBNKb+1vhhPf/75XJQm3mJlD7zHRuXJKy4R
nGQh6TiNfQziPtoOtwRQ3PggdmyrCJyo8sL/F7D+HMpDDCReO3qM4Ee75mreT2eA2y3w98LZLVvo
8d3fRXEB6+Glfft5bKQlx3ccJ/5lzVr2b59P5pVdacTb8edWhxe8CA3IcsraVBzQ51D0ac7uG+zf
OHiuILNLSeaQm2seKCnNrFiJ9k6bJjKus2E9wWL9n1pztX7+jEGdX07zW9tszi29JwwIbNn/Nvu3
NwOU1UbkyCkKGVnq1aNiQwbL+9Wtf/h7ISK7/9BwmpU0RubK5WbBq8/Mo1sePNeclFT0nYD5hnpj
PbUCz1/00YwKFUJlBLHih3GiyhmIhvUlhPIml3dm8yY6yq4HsjOjEJRZ/XknxMB3DAdf3/tIo4wj
8t7P445fQJ7Ds+eQvjL7GOnMoHIPDVj3R+4vsuaiflqvfxJYl/VwLbudMb+3uZ/xu8n85g+tbk79
6I8smvw12Owm388DwLrvMnuVKRTA9ATAWWXzgLt35zp1rJmH7t9lapQpOylS5A95oQU1yCO6cOYo
g7V1BWiOGfdT8acN6vddDKj2ZX/ZACETpchADZiGFs+fsV+x3xhkXDytP21YPFl8s49YfJYifRCV
nvMzaFf3avQtHdm9XoDrRF+kF4v1CO8GUehZFQt5AmAZ9QJ42Lx0aqFrb9Rjhnx4hXs7PE8k9w3C
y+dPUqPvXRppLQYspHTZC0um8yb0pFkj2ouiAEDjyNHctUBBc/3T6M5Cfd9r2i6K9F5k2rp6Dg1q
XZoiRHqPBs87TvApHVrwBcQOLR/zGSZ219r56MieDUKzXbhsY4oY6X2h69+4dCrNGNZWogOQhVws
sJb7+PHjB7zZ/5Cq5Y8t7dZ+xgYPgl3+qH/bSpno/C/sU4uZCpr2mUtJU2WSF/Dvt6/T0llDaQHL
EQG+vJPwMwmc38al02hYx0pUoXFf+pbryInkET6UxvdtSKvZN7soLaQO3nz/izVKnzx9LPHQl1tW
zaZhHSq6jRE8jMBgt+YnkfkfgGYAzpny/kC1O46XOKjjoV1rafbIjnTvLmvbcT/HiPOJjM2GxZPK
mIHCRdl63cUnOPJ6zPI5vm8zTR3cQsa7Sd0+fWgbLqO3FFmr/VjK+nVpCs9gPQD4fVuW0pB25eVZ
Gc4P7gzMoEoKkGOPiVulHkh35tgeWsGMCrs3LqKWA39mpgHX+FTWBOQh91kxBZYHO9bNp0FtykjW
kG3hMo2Ebgs3/uLnz5j54fwvB6ld5SxucwPP33jjTQpvc9mAeeqPLFRRAH7c2wxZJuNCf8HevPor
deK15Nrlswys76LPkrmYLV4EWH/AlrfwZzuyyQgCVTZ8pydJn1Q0QNE2AH+gUtawYiLT2FbtK5fw
kV6sQXEGPVwfl2cPnaGO33cUunRYGI45MMby4w1rOgAkbQq3pgPrD0g5Sdk3NvwDI9jLkZt+/oP2
KnwtI/wRROGO8xG7RjCQ/YGMT1y/G8n1AwvztHel3rR66mrcFr/YmYtkkfmI6+2LGUwq2h6nbpao
CrrifslmJalUq9LSXlhin9x1gq0XOwsldIJkCWjMwTEC9MHvetUUVeU+fB5nDQLJLp28SLP7/SQW
ycivVr9a9H2jH1hmwbLHfQUCQcc/dNtQ9vMdWwDaX9jqfsGwhQLKw7o7M9OxIzx98sySMax3R7Lv
581sURlCFhFZFlyUv7LAD/Xju44zeFmPYP3b4acOPCfCSR2wDK5h2faq1MtjuySil//uMQV8o+wN
hT0ASQCuF29YnOn036eL7K4AfQnQHT+QJ52YRHETxRV/9/7IXcFaANA9l/Wk5Jm/sPaTrl28Jn7P
AdaO3DXSom8GyFUpaSWRJfyDV+1Rhf1iu35IwRL88KZDNLrFaKm/WhiL9X72xuInG21qP6s9W7Rm
lj45yn7Vm+drjtsSMEcBDloV0Qc+HLVdSIK2tZ3RVnzVA4hdOWml+CjHs0JseQxrccjyOc8rWP6f
OXCa6mepL/3cbmY7az4ByAYAag++jkEzPepTL2M9OsNriwZRpuhdQy+tI/zPN2TgFXOj+6LulCRd
Uh7/T+nEzuM0uO5ga7xAfqAXx6tT8ucxCzcMSNdpbidXH/PDO9dv04IhC2hGzxlSBvzJJ8+c3CpP
T25cukGlPi6ll25rhHXzBU7soGmDYQ0oa7Gssi4fWHeAupftLrnH/iy2+OcWBgyec494rGH9KxGr
hLTN05zXqoU197fxOtjBYR3U9DuW7aC2hdsKWD5k65CgtekB/bL7FwGbty/eTl2guMRrE5Rf6nO/
nj92nmJ/Gpu6Le5OHyd1bQI8Y4D7HM/f2f1mC1ifMjuo4BkI5/ElwH5QHexrLhQMuuiam5zXXH7/
mMoVqvSFsdxndR9KnSuNjA+sGUvHLqVFrARVsnkpqtG7uqtJQTLExZusNHXx5CWqxa4JsDYXZVAc
YwshXPhwDPy4lGdO7TtFtdPVljkBNwT1htQnuC1AgDX5qGajaP3s9TKfTF/qz1lpoFuZbmztvoUG
rB8QPL+5DneYLaMp+42Hj3UohThZo6vPeimI/0X5iF0lHHN3laDPAsd/kwReb2BdwTssxqUnTqQv
y5S2XJU9efiALX9K0fHlyz0C6+hJbASXZd+SH2fg37tsAbl70kSCVSbyzFC1KtPFj+ZX5X8sP+SI
X4GpvRPlzUNvcByeYgJO7Jk8RSgjTTBUQBz2+c4TWnxQl5k6la0qXQDW9ZO/0CK29DrBQBPybHvu
LPtLDlIQ4kxRf4T/8O8DtHNAmjT0Xf9+hA3XP9mHMcKbvDELYEPDM77/959/CZgzKF06gvU5aNyt
wPUNHzGidel2wmWuZOWEVVBQ4IB17mVbqyNfC9ji/KGkkCg3M+P98YSuMzC2Y8xYoXDPyaDYt31c
v+me83oOsGHnmDFUe8MG+ixbNte3C9f3/vVrNDJ3Hnp065ZsBEeOG0+e3fjlFPukTypyRx+C2jRS
dGbh4ADfyGc3baLF7EMZVuBubAYSw8d/XI95bHWoFvI/jh8nG893f71Ic2vVkv7FmMDmq9YPg0bp
6kGJXG7mDKYEji/jDODT6XXraVTevOLj3ALkOc2Chg0Z9Bsq48XbMehjayS6gB2VKtNeHq+YB/BT
n7zIdzImEOHoosUWoGlXvnihMehHZXWDHmAA/GxH/eQTUZi4uHsP+zIeKn5/qyxiCnIAsyzDi6zg
AqtmWMpV+OknS5kF3y97p05jkKcifduvH+Vo0thqrwIisE6uyGCsp7mPOqhltx9NEYByDIPOp9au
k+SwaM1YozrPcXwX/83f0M9p8+AhtITnhwnm6MY8EhVj/83pK1cSAJCbK8pARxYslLGI52AX+JjX
BvFPni493TpzRsZrrdWrKCYrgSBAGWHr8BGsnNJSrj1ZospDL/7JRjmDuL+xBTDCj+PGUerSpcQK
F/UAoD69rEvRWxUk0B8CuGEMcqg0f77bGDy2eAlNKOJyZ5a6VCkqM32a7BHsnDCRfuI5jwCQN1vD
BlIOruGDdRL7PgZ1fOR48YQ+XmirWVBPHvEeJu8xjC9cWOZfnY0bhDL/L94bQwj37rvyXC6C/uE9
sbprV7kq2L07ZapVUxQVbvJ6Pa1MWSkPDzGesjduJPXDNeaI5vsGK2393KgxHWYFIKwR7374oaxb
iBc+Iu+9Bv2Ef871mMaKTofnzSfU7bNs2YPXwRvXGVzLLZakjffsttaZc0yvPixrNunfKosXSb8/
57J/3bmT/TjXdbkP4HKQ36e8rmLN12CCp9/27y9yxHvszoUL7NpiLi1jqmgBCJmCHwph/oxBlKUs
DY7r4PoNDNjnofd4XoHi3k4xrnX15giZo38PsiIbwEG0KWv94Hcp8sC4H5opM8HKtSyvydhzEp/i
xVn5wnqHTxFmhOfMCnHr1Cna0K8/7Z48Wfq97flzclzepi3f7xfc77w3rv2I/aUH/N7qEsdlUFBt
6VK24i4oTXj6x2PH8WeOA2/a6m0cHYdQooBLBQQdg2C3ML8t7HmeWL6CxhYqZN0uzTLw5O5G109E
jsdrz/ejRlJUft89vHGDljNr0CEeTwj4DkvD6wKCpnnVay7K8mcMhva+wFxdWL8BbR892m2uXmL2
HyjjYCylLPGDfHvgnYEAxblFTZuKoiXeuU2ZCSB2KlefqJILlHTE/UezpvQW989FZlEYX/hbHk/X
5X0GS3jz+w5j7TmPKQSnPkY9EODiA0EUWT79TOqHeuG9GYe/O5/xvDjIbhHm1Kwp8fDMXGfkpo//
zHcC8qs4by4lyJxZ1iC0B++5teyLHqH+1i3yzN93At77F/i9B0WisN775jqtihMYg9WXL3PVL2gi
37nILtt4zcW7xA6sP+H5pLLFegsAHt/96B+9/x/ej1AlHX/l7teai3cd/7bAeOgUM5a8G3TOa91e
9nqjClLoSygpyDc/y+U6K2SG+Obn+j28fUtkBqUut3HGzzx9v/kqi0Fpt6E6/ocAsO6/7F5FSm+B
dQUlw6oDPoa6MSiYmEF0DfODAGosRE4BaQA0FqnYQkD19tVyiCWrU1wTxHR6LkB+U3etTzOeWtOb
1O14LoDo5D7WQmOl4bpVBDgJ4NcW7t68Ss3LpLEorZE3gFq8iDylsWXBG5p/sFV/JqHJfpk+1lfP
G0NjetYJ2R6uAORt9oXKVC337XU0r51oyn89fZSalUrllqcli6DyYPndqOdMAfG1zRdOHbKyjhU/
MQ346RDdvn6Z6n7LL1MjFPyxLlVu4dKWU9p+47HjaW72+V7T5vMdFPjNSn1p1dNeR1z3mbHXUoZY
NXeUWParrFJlys+bV2/Q/m0rXGWyHPHpD1AbbAsIYDnoWD0nnUfbgsb7J0lT07kT++U5ZI9yuozb
RLGYQt4MSNuSGR+uXjort+N+mkyA+6CEUlYHWNuzWwQEuEZoXzUbnT6yW67Nf2YfozyMrXdYKaVd
lWwe55am7ztzHyVI7PqI0nv+yEKBdc0jfqKUlDpLQXpw7zatmT9WbptKOLjhL7Bugmtanv1Yrl05
qtylsnUbH3oA1tdMW2ONCfUlC1ABAXIcunUofZ7xc7ney1anLdjqNLTwMqmTxWpw6ILQipNnpg9k
AN71M9cXpQCMXYBToOkGaHb3+l1pU3Sm1x2+czhFjRlV0iPe6Obsh2vgXEsW8PsLUFcDZNGNQb6M
37jWdqTpEuSDXuPoEXERdO7g3ARscQ0r51ppa9GVM1dwKT65Lxy7IOeaHhbPqXOnFtBQ6eslQij/
Wk5qRfkr5JMY/sjCyWp3wpEJIsPa6eqwTIKBUcjRk2/0UKooj45uO0oN2Bod/QN/1mizKS9Nj/vt
ZrSjnCVzyi1/5W6fI+jfDAUzEMB9UMEjANAcd2icpWCCe4tGLaYhDOZq3b7Kn05+5O9asROPpd44
mhT38CmO/tI0eK5B2wkf7OjvF50v2i4dM/YycR+uEUBvDlYFKMA0zOqyFtY6OR3tltoArv0Zg2be
6vtb72FcQQ72AFcVlZNVtuj5zef2dgJEh9/296K8R+eOnBM2AFMGeI55j4C0GQploHaz2rEyYwQz
W+t8SpcpNLnTZLkey5bKvvr/tjJyODGBddTFrKdGx33TrzfqgjqFFpqMaUrfVAveWEFcf+a+lgEl
rdpYm856WJt4eZO1KVdqSXKcFR6w5mp7ILMY7NZhx5IdmqXIHu4KKnaqKPfA6gGllFDXXFZGgmIF
+swMSAvwesNPG+S2riEaBzIEE0iZ1i4FOztYrfHsRyiRgUFBFRqgoAZFDm2XvB/5M/7U/uD3Y8Ph
DenbWgwUcFDA38wXCi1NxzYVpgRlCMBz1LHlpJaUr7xrrdY0G+dulPeKXgNYn3xyMkV83wMIpxED
x/9yCfyPAOtBvYANsHQMjAGs2MR02gjYTIdVsGVRy3NJNsxgQcnzAV9NOtckgST6j2yENdyxgyIC
6OAAi1VYIAKIQkBZSb/+mmBlio1ABMwvsWxjGnpQt2JD7wCDdwBEtAyke3L/vsTXNAB+czHQi418
pLHqZ8VyPgE41OLoEamLUnNj89VTAIDf7PAhd0skIzJoyHXDPz2DU1AqkDoZcV70FKDttNJlRC7I
y1EeTGmdh4EbC4Q3ChXQnS1RxZqoaNHgJyz7iqzwkBIWqCzDbbx5P79uPUvuSQrk5/55Q4BuSYS+
5z9Yw4Ii2e/AZUF5YxwDclyYezacv3WPzy0Qn6MpsK4JkhQoQHFSpxawC/6PUTcoURRlX/c4R/Br
DGoBPh6tsnjjGG1AP4HZ4e6lS67xznWClWIjBuneixlTcn8ZY9DHagqIPoDpmnVefpQsmQUYsuBk
futmrlKuahloE3xzg959IIPtAF41mFba9xkAAuCmZSBdUqY0BqWzzn2U9QmsWnXua0Y+Hh/wZvKo
vPlcdQmSe7pKlejhrZu0n2nUNQCsVZ/LMOyYBUUItijU8Qbg5veLl+gCr2ESuH5g0mjMgE00tkBH
uMB9h3bp2hSL/dGCneMSU8xL4DRfMn17Gc4X918k3GKXByhL6XND5MVlAUCF640PP/lEHltyD20M
ct81YtBExyAMHeAH3pSF+jPWdmE+wde8+vn+hTf7R+fLH6JK5g0TvNf7UAoYxgD3taNH9VbwkcuQ
ELQmADwCOAwwRS3dgyM7n6kPeBOY0JhQGPpx3FjLqlLv46jpUD9QajvJHDKQ1cpWP9OSVfw9V6li
jSmzDIx3gPG11q6RseHvGFRQU/PGOh0ndRpWejomSjEoR9wVBFnvajxfjk7yCy29ScONeGt79KTl
7YKVwO1pIUsocaQuW4a6fRzf/piZEeYwM8L3cl8BYzMS+hLrzbK2bc3b1rmTywLroZ8nahVqrnlm
VqgPmCyw1jkFzDOwa5xn5Q28B1rwHPAUV9tsH3NWviy/zLVri4W2sipYc9/83npFa66vY9BJduK+
g9mNfr98mbp/4lpftX2m9fm2UaNpfp061prrtDYVHz6c5VFLk8txaes2tK5XL7d7uBCZBs1hXJsg
r8od90MLps/3PaxcNou/ofWdYKbTsrCW4b33ogpXvx05Qv1ZocMsS/OWcnlcJPumEJWfNYvCBSmE
WuPCh3eC/b2PvJvzdzO+Z+zvfXwLgN0DY1mBdZUB3o9QgoFfclDBI4CNqjl/U8v3Pl+rRbU8DOMf
vj3UB7w/cvdnzV3ZKVh51lP1XrRf7fmif6eVKh36Nz+7l8nTprXj+0wVI53GM5hqwErgqyx6JFhs
r6Zv1wFg3Td5verY3gLrsM7Gn6egoFkuBjTtgCHSwHp6dNcaYqFq5gGwslTtrpbFKl6QA1r+KNa5
Zjw9b9h9OmUpUFIvQxxh9duroWuTL8RDvvFRnE8FPIUVrRkw2ZZMH0hTB7Uwb1PFJv2pYKn6Hn/Q
w9q9U41cLkA9KCWovItWaukxjVmAgsye/NabcX05R3sWTxtA0wa3dEsG5YW8xaqxv/EGFkBcr8tk
yl6orLR/ysDQQUNP8r935wbNG9edlrNltRkAKpeo3oHSMPCsmyJoc8caoAHfY0UF8N6833y6df0S
1fvOHXAuUaMD4Q8BDAFzx7q0cq3EDidFKjSnMvV7yIvefLxvyzIa2aWaW3+hjgVL1qOvmJ7drnBx
gt0UjOlROxjgDsoMYDUsztPnKkbRYrJlghFAJQIf4hP7NjLusiUzj7my9XuyFXsZtjB2p2HUiJfO
naDR3WoQfKRrQLpiVVpT5rwlxIpd7+N469olac+hnWus2xivqTLmY8aH7+Sejvlw4SMwe0Rxtpxf
JnV5/DB4Q81KzCf9Zx+ieJ8lM2/Jua+y0LmI+qNsUToxcs3D4xD9GjV6bOuuv8A6rJ/bfuv8Q0Az
hy/jHxq5flDoPRw3z9/C4MEgC3zSZ4UYqKnYsSLBL66GgxsPimUvrgEyKACvz3Eswr7G6w6qa413
85mv55MYVJrWdWqYyQCGJkiewIr3x6M/2Df2IqbxHmPd05NqTKtbtF4RVrR4R29Zx+0MBPWv3i+E
LEq2KEVFan8nYJEVmU8AAI5sOpKt01dZtwHK1BlYh/0GJxHqawX17HVEAvgY7l+zPx3dGrwZgPRl
mBo+R4nsbCkaS/IFqAnqbPhODit0nMO0/cWzWtF8lcX0njNoYrsJVnoAk4M2DaKYCZgyn62IzTqA
1rvPyj5uQLSVMIwTBUERDW2u1b8W7Vm1hzbN3WSl/Cr/VwQ2hYSp3ddEf+SucwRlhWNrbO0XLcxp
vOuzI1uO0MDaAy1Lab0P2ZRm8C4bWx0DlDMD6LgH1BhAmDMaEL8VKz7sWbOX5g6YI7dfdL4osA5r
9ISpEtL8ofNp7fS1kjfKq9SlMhWomF/YLHATCjUdinUQxgTIAkoNTsE+Xl9kDGr+qkwCZgD4rQ7N
dznmBpgiVNkEeaA9YId4yHVWi2soDcBiGG1BAKA8rds09t++UK71H9ar8u0rsHV+hlDXppm9ZtK4
NuPcLPw1jxc9KrBekF1OlGpVipaNX04/9Z0t2aL+GAvf8xodOXpkq6g5rOwzmq2jQwttp7elXKVy
hYji69w3M7jA8h9Qg9cmVoDRgDrCbUV2Y23SZ1fO/UbTukylVVOC10J9VopdOOQqmZM+S+WuNIjn
25ds5zW3f4j5WIrX3O8c1lzNEwoxo5q5r714Vrx+ccpbLq/FOoF7sMBv9207nIYaYrFizRgeSxGC
GFAQ+eTeX2gMK12Z8xj30xVIR5U6V2I2hSS4lHD94g2qk762W1uUyj1EHXivtxszkmT8JqMml+PN
K7eoTaHWBJcRQCLgNuHryl+7xQlc/Bsl8HoD6wBee8AinEOcNKnp8j6XMq32FMDKAl26sKUeWwlp
YDRBNszYj2UJtoIGBeWWIUNp33SXZTc29gp07SIAPayCzABf7psY6FzVsZN5W86/ZKvJ9AxCJMyd
K8Raf+XgIVrYqBGdZRDeDCmZihmUxfG+Sht8m+t3jH2RToCFbRhBKOYZKIPFkdCI5sxJl9hS11OI
xJbToKR/P5brG88e7x77ce4cJ478hgNFbczkIX+T2NP4c/3w9h1azNZZe9jKzQxZ2TI9LfskVnmY
/SvxBMDoTrlbtJQNuElMRW4FfladAe4k+YOVhs5t3kJzeMP+uk3ZAH0M4P4L9n8bhZUTXjhwn8Fq
ET6LNUDW8Pt9jK27d7KFLgAiWPWlLVeWgSqXT/sNTLMdM2UKunrosCazjoV69aRs9etbG7b6wN8x
qOl9OT55+Igt8YcLrb49HeqXlYF/WPJqeBljUPPy5QjmgTk1agrIo+mwMZ6nTRuCX28FalfyvFUL
Y8TDOGjEFr5gFBjKlr2X2C2Ehs95Qx+sAOqeAcowmwYNppUdO2oU6/gl+8tNz2Cu09y3IvlwAiu3
3cyAMY8ZD5xCFh4XsKiH1acG7D8dYKvC6WXK6C3rmDhfXvqKgXeAFFCuMQMUJdb27EXbR440b4ts
irLFfKofvg+xp+MW0YcLyBAg5TpWjLGHIgMHinW+AhT63G49r/dxLMQWjbA6NsegPj88fwFbZdcJ
VnwIepChWjXK36mjG+04lKNgfYgAC83LqlgQlAaHzHXripKL7qnpI7RpWbv2tJVlZQaAE1Dwml25
styOCqCS1+o3mGFkeA6s08FjzUxnnoMdAT660UdgWbCUODgSFIwK9+5FYGyAlb0ZqrBijioLYW5M
LvGj2xqIcQ+wCnVXq3+tnwmOYkxt7D+AlrDSlxlSsPJSBh7vYG4w2Uj9GYNLW7Wm9bIOpuR1MFix
RctDH2drEHId1OfeHAGs94AlrpfBqa9Ps/X8T9Wr020AekaAIsDXzFoAK3eAfhhH9vcN3B/oe0nX
IPSB9md+ttqOygAdAE3zvhZTatIkj9bgGsfXI9YYKPAAGHcKbgqCDhH+Ymac4TlySPrSU6awW4py
DrFctxQQq7txA7Mq3OJvqMF0bvNmeQgFpaz16ouikj2Df2rN9XUMAli3z2G8Lyox68TvPFftYy0/
vzPyd3Ttp6ONF/fuFdYRKGaZAWPJ9b2azrwt51gHl/M6szlIYRQ3ET83u/5Y0LCRNXeasDKEgrU6
1kJkZrsBZcuYyZNbd08xYw7eIzo+8QBl5WXlkp+bNLXWLjAMePIVb2UWxgnmzJqu3WgrM62YAesw
5sXnrPRoX3N9fSeoYozmjzlWl2nmoyZIEOK9b457XVuxJuK9ZMoDeTm9S7xda5Anvj3EDVVQxfyR
u69r7sYBA2lxs2YqCsfjy+hXe8ZQ8lrEY8f+zY9vGawdWD8RVOZmelWM1Hmqz9CPpiKeL7IIUMGr
FEM//mfO3j/558p/f7CA9ZZD6esf67zyCt++cYWtDx+Lf52ITJ2Ov/+mAID47q1rXKX/sOVyTHov
cjCo5qmeoK6/dvmcaEqCSjtG7ASeooa4D9r6dpWzvnSLdS0IVtCPHtzll8GbTLP/IQOcIcE0jfsy
jijv6ZPHFgUiqP3/G8ODe3dE8xW0ZrDkDisAFIa1CSwc4H/j3UgfhJVEfHXAbQLyB9j+fpToXv8o
hBz/Yr9R0Jj0pqwHv98WP1Ph33nXq/aEWflQIvgiC8x3uEOAdqGODbQLbXKSu7/AeijV9eoRXE8A
aMQHOv4iRY5EET+I6FXa/+ZIoPi9d/OeVUVY7IYLojW3btpORBbX7rIvwPBMSfeE3vsQihHum7q2
JALmPWOqdviPRBmgavclAHAE4Am641cld39k4UsbXlZcX2QBENUXud9i0Coq+4DGfEQ58PENuUPm
JpjmqS2gcsYPC2hkYkx401e3frsligegxQZgirJfZlBgXanoNW8ZTz6OQ037Ko/os5uXblK8pPG8
UshAn+EjHfMWc8vboP0Lv/cI77N7gbACQM2ScX+UaJ6s6cPKI7TnCqxnYgr1Lgu6WD9SX3Vfvcjc
92U+ou1QesG8evudtwW0wBwJaz30Z81VOUN5AEofmJeYw2GVpel8Pd67fY8e338s8/ediO/4NBZ9
LQvxHzJrwNvs1z2s95U/eQfS/H9I4PUG1iFRbMy9w8AyNr6w4fbkwQN2OfJMLAMtanVT9LxLoMC6
ZUEc9BxK5t5YZqIcbBQB0H7Om6zvfPCBBcCZRdnPUVd5l/O3L8AgpeC0x/t/uWa5rGIlhJWdOsmG
oVDgv+TvBnu7IEfID7/zwrEsvZG9PQ9vrmF9bf2WZPp89NerCDL+GKwC2BQhSpRQv7tAJfyYxxBA
3b94PGDcQhYYg5GiRaO3bP5X7fX1dwza8/HmGiAMLKk1gMVBAWe9999w/OMe/4Zn+eE3/KvsY8x9
rDkAWLyd+/7IB3K/zdTbWCvQJvwGwHgJbZ5gLMFCGWkwRgCke7POAMRCu0BRi/yxaf2yfzeoDNBP
D3gtxDc21u2w2oR0/oxByAJgCI74ezdy5Fc2LiA77FWhHMj8v21+gI1E5M207crCov0R1hFrFaiD
OQN6m8dVWG2DDLwdg/Z18Cmvg5hX3q6DYdX9ZT+HHDGvMEci8HjC3/9iOLl6DcFtBSiumzLFuamQ
YZeHWoSb1tQYIxiPoa1lmo++617Vmvv/NQZh+fwHr7tYZ2GR7c28xNr5jH2xYw6+qncc5I7+uXf1
qrznMBe9qZv2lz9HbZcq6jh+u9sy9uedYMsizEvMdyiioo+0jpBHBP6G9Oa9GmYBtgj+yt2XNddW
5D96ibn8qr/5vZFFAFj3rtv/dcB6zXajKW/Rqq7WveIfsN6J8H8gFr/IYb3dsnx68Vv/Mqng/wek
F2jiayiB/y9g/TUUZaBJAQm8/hLgDXj4y27Pvqphsf5N1W+C2/xy8fvgfF+3M0MFdHJnF+26+H7v
VUMshl9mc387d5XKfVZWrPVhZW5tlgb66mWKOZBXQAL/hRJ4/YF1X4WOzVxQbU8sVlyozjNWrRac
xf/ammi9h/6m39lavQvTYAIUaswWm9F4wzwQAhIISCAggYAEAhIISCAgAZfvAAZd//pTLLZh7Q5X
KsnBruPp24m/MRY0bEBbhg4TAF79hos0PaUJiDoggYAEAhJ4hRIIAOveCfdfAazjRz1op9cuZD+f
7P84doIkYm3ciOnWnaxJvWt6IJY3Eti+Zi7LfbxEPbh9lfjdDgDr3kguEOd1lkAAWH+dezfQtoAE
Xp4E8P2ybPwyWj5hOR3fcVxo0vOUziPWu/A3Xr5j+TCZFl5ebf6dOf1+83ea3HEy00S+KXJbOnaJ
NASU53UH12UK/QLB4PcLNnH/+v00f/AC2rbIRfdXtG5RthBwlVuuXTmKFifaC5YQSB6QQEAC/70S
CADrZt/8/dfftGP8eNo9YTz7Ht4pVplp2P/5M1a2jhAlKhVgus6wLIXN/P7V57zhDf/vp9hHbrh3
I9KvTEt5fqvLHRZ8Oufr0N6i0P5XtzNQ+YAEAhIISCAggYAEAhLwWwKX2Cp9+4iRYll979pVOjDL
5U4sXrp07JKhByXOkydE3rDGXtu9B+2aOFGYI+AqI3aKlMJ+ED9TJnafUTlEmsCNgAQCEghI4FVL
IACseyfhfwWwjqasmjuKxvWqZ7Xqw4/iUt+Z+0P4mrYiBE5eigSWTB9EUwYG+5ZQP9h23+8vpbBA
JgEJ/EskEADW/yUdFahmQAL/zxIA/XXVFFUJ/srtAcDwtLPTvKI/t6f9X7qGH/cqXwT7YjXbHj9Z
fBpzYIy4ZzDv+3sOP+JQgnAKgzcPpuSZg/2qOcUJ3AtIICCBf7MEAsC62XvwAd0vRQr2k3rOvC3n
4dlSu+3ZM+QNBWWIxP/CG6CVnvhdEfZpuCxk7ZlBrx77QE2QOVPIZ4E7AQkEJBCQQEACAQkEJPA/
I4HdkybT7CrOv1vhYz5v2zYhZHHj1CnqnSRpiPu4ESNZMmp28IC4uHCMELgZkEBAAgEJvCIJBIB1
7wT7rwHWvWtOIFZAAgEJBCTw6iUQANZfvYwDJQQk8LpIAP7b7926J5bPZpveevstiv1ZbPNW4NxB
AvDt/duZ39iH2V9u9Hm4hm/w6HGjO6Ty79aj+4/o2vlr7PPV5fPdzCVOwjgh+tB8/n/snQV4FFcX
hg8E9+Du7u5QHIpLsVIc+hd3q1FKi7uVIi3ubsWlSNHg7sWKS3AC/OfczZ3MbmaTTQgh8t0+z87s
zNX33pnQ/e45B+cgAAKhnQCEdccZfHLrFj27f589hkSyu+UWOUq4c38uMd+fcjxmRxbv+W+RxE71
L5auHUB8AQEQAAEQAAEQCHMEJDbyg8uXKYKb/f9LvuN403FTpKAY7u6WYxZxXfKwGzbj/nv+f2CJ
2R07aVLjGk5AAARAILgIQFh3jTSEddc4IRcIgAAIGAQgrBsocAICIAACIAACIAACYYAAhPUwMIkY
AgiAAAiAAAiAAAiAAAiAAAiAwAcQgLDuGrwIW95t4ahhSCAAAiAAAiAAAiAAAiAAAiAAAiAQHglA
WA+Ps44xgwAIgEBIIPDBP2CHhEGgDyAAAiAAAiAAAiAgBCJ2DRccIKyHi2nGIEEABEAABEAABEAA
BEAABEAABKwJQFi35oKrIAACIAACH5sAhPWPTRj1gwAIgAAIgAAIBBsBCOvBhhoNgQAIgAAIgAAI
gAAIgAAIgAAIgMAnIgBh/ROBR7MgAAIgEO4JQFgP90sAAEAABEAABEAg7BCAsB525hIjAQEQAAEQ
AAEQAAEQAAEQAAEQAAFrAhDWrbmEwqs60F2EUNh3Z10OzjEFZ1vOxovrIBDOCEBYD2cTjuGCwEci
IH/Cw9I/fz4SJlT7EQngn5EfEW5oqhrCemiaLfQVBEAABEAABEAABEAABEAABEAABAJDAMJ6YKgF
dZn3798bPwgbP8xFcP0n4vuXLtP5zZspcdaslL50qaDuXoDr0+NRP3QHYBzmht6/e0/HV6yg156e
lK1GdYoZP775tv05N/Se/9PEVLvyTV+wz+3rW4Da8lU6jF7wZqpHFyEAPHWZIDma+vHJ+hAkAwlh
lchDIsnFZ8SWmT91OX3Bv/Lm/BZ5IaxrkH4fzRglpwVKo4KA5DUK8UlQlPOrX+a2gvvccWzSfkjt
q19swso4/BpjYO7t2n2JTp+5TaVLZqAsWRIHpopPXsY8t6FxbQYGoHnMUj40j/vS5fu0ecs5ysrr
r3SpDIHBgTJhhQCE9bAykxgHCIAACIAACIAACIAACIAACIAACDgjAGHdGZnguv7o2jWa16w5xUyU
kH9UjEBvXr5Qxybz5lLUWLH87wb/Mrm8S2faNX4Ci+qlqd3WLRTRzc3/ch8px+3Tp2lR268pbvLk
5PXyJTWZO4eixo4d4Nbunj9PQzJnoQgszHfas5vSFC1qXQePf/vo0XRu40aKFjeOUoeEaZnevSl3
ndrWZRyuutyWLqd/DQ7NvwLrsTgeeWy3Tp2kY4sW078H9qu7ESK6UeoihalM9x4UJWYMxxKB+m7b
fMEA/WF4cft2Wt27D8VOmoTiJEtGdcaNo0hRowaqzY9WSK8Hqwb8GZ9RhOvw2RziUMj89UPa8m7j
yc2bdPPoMbp/+TIVbdPaZZ5vXr2iS3/vpH/37aP3796pZzNL5cqUunAhYxjmk/uXLtERXkdvX7+m
yNGjU94G9ck9TRpzFgpKYd2MxozM3KA5j/m6nDsrI/f8Kif3dQpsHc7KSbsPHz6jzZvP07HjNylK
FDeKGDECtWpZhJIni6ubNY7Pnr+iPXuucN5b9OzZK0qcODZVqpiF0qVL4HR8uo11606TiEOSMmVM
RJUrZyF395h+ltu37wpt3HSWXr9+S6lTu1OTLwtQzBhRjP44O3Hk6Wz8zsoH5Pqz569JxrZ69XG6
d++5KuruHp3aty9JJYqnC0hVnzSvl9dbat9hKd28+ZhixrQxvnXrMf3+e0PKljXJJ+1bUDSu10RA
18LLV2+oQMGRdOrUbRoxvCb16F42KLoTrHU88XxJbdsuJPm7KPM7ZUpDyp4tabD2Ibgb273nMvXp
s4pSpIhH/157SL17laM6tXMHdzeCrL3OXZbR+Ak7qVSp9LRtSwdyc4sYZHWjolBGAMJ6KJswdBcE
QAAEQAAEQAAEQAAEQAAEQAAEAkwAwnqAkQVxgdunz9DwHDmMWuWH1dhJklDv06cohru7cd3pCf8a
vWXIEFr33XeUo0YNarFs6acT1rkvp9atoz+4HwEeh8MAn9y6RQOSp1DiXZf9+ylVwQIOOby/Mq/Z
jRrT0cWL1QVplwtR3fHjqUSH9tZlHK663BaXE+v27SNHkoiTVQcPosjRojnUFoq/Mrrdv02iZR06
qkHIpgZJfFmJax137aK0xYupax/yIWv+L16vJTt1pIxl/RZBDs2dR/ObNlXrKVbixNT7zGmK6cpz
8SEdDEDZF4+f0IWtWylipEi+SrlFjkzR3eNRsly5KEp03pBgpRgx3IfX/iUPHueVf/ZQJF5PcZIm
o0zlytHzBw/oMa+zz7p1Uxsa7p6/QLeOHyep1zG5RYmiNuckyZaNokSL7qutt15e9PeYsbR9+HB6
eueOKu4yT+7jNY9DNK1qNVtZXhd6KNW5vjI9ujt2h67uP0DjihRR12UdqeeSv3X65x9KW9R2XW4G
lbB+yOMa3bjxRB59lRImjEnFiqa1ffH+vHb9ER08+C9FiuR745EI1nHjRqPMmRP5EpMvX3lAhw9f
p8iRfZeza4C/WLUrz48H92/efA86zeKftJM2XXwqVzYTHT9xi+LHj0HNmxZS7zpzfVJu4UIPavzl
bHVZP4/yZd/erlSoYGp1XX+I1W6p0uPVVxsHH+4zZ3xJzbgNq7Rt+wUqV36idzkbQD1fWza3V/20
Km+U0uEAAEAASURBVDftj71KDDS3lTJlPPI41IMSJXS+Kez8hbt0nIV/zVPYVyif+aMIUXfvPaWi
xcbQpUv3vdeGXrnvWbhMQkeP9P4o7Vrx+tBrskEgT95hPJYHqio9Rwf2d6eCBVJ9aPWftLwIy99+
t5ZyZE9K3/yvuK9nwa/OyYaDipUn03ZexxPG16MOvGEitKXrNx5T6jQDjPdkWJhT/+Zg7rxD1LTZ
XGPMoXXu9DiHDN1C/b5dQzVq5KDlS1uFmveK7j+OQUgAwnoQwkRVIAACIAACIAACIAACIAACIAAC
IBAiCUBY/9TT8u7tW/K8fVv9uPjy4SMaziJcQIX14ytX0L6p0yhzpYpUqnPnAP0o/THGf/vUaRrG
mwUCNA6Hjohguap7d3p27x7VGjOaEqRL55DD5+vLJ0/oxaNHLDhGUcLw5l9+DZCwHpC2Xj19SmOL
FKXn9++7vvnBp6sh+kyPTbwOFG7Vikqx8B2BvR/cu3CR3rK1cnZ2yR8lxgdarLNa6DFvHs1lsdyV
zQ9ebO1878IF3nySk1wWgoORsgj/83gs/AD7tKrVXbnifb3FsmWUy9GDAhfZO20aLf76a1XWLJxq
0UxudGXPASkLFOANKzXVxhVdp3chdTBfa7pwIeWtX99OXBfr9MEZMtry8qfU7yrPsxs30RS2TJck
z3SdCRMocZbMFJEF/vhsgS7W6ObkeecujeD3mAj4ebgfZXv3oh0jR9HhBQtUmz15c0DsxIlUkaAQ
1s0Wq1rkzZ4tsS/RdMrUf+ibdovMqLzFVlvv9RTOn9eUGjXMbwzpf1xmKpfV9+WGeYp1RrnvaK34
8pUXdeq8jKZN+8e7jI+wq+tLnDgWnTndj9zj+TxbspoGDd5E33+/TpWrXCkr9exZjpInj6Ms1jNn
SsTXdV1EwiBHzqFKQE6SJDaNH1eX0qSJTyNGbqPFi4+oLu7f153FeHsB9u5dT0qc9Ed1/4t6ebi9
Sup80KBNtIjLSd+OHu5FSZOyNxBTEmvTkqXGeeetRqXYBXeLlnPp4sX7VKM6C0vLnAtLbb5eSH/8
sU+VlXVoNX5TUx90Om/+IWry1RyKEycaTWUr4Pz5U9Dt20/p8uUHlI3XSIH89jw+qLFgKCwbBZ6z
wC6bQ+rU/YMOHPiXwoIIe+bsbcqWfUigRElZQyNHb6dtW89Tly6l2UND1mCYiaBv4uGj51Sm7AQ6
duxWmJhT/wi9fuNFnp6vaMDPG2j8+J2hdlOEHueKlcfV34mKlbJQl06l7d7POg+O4YQAhPVwMtEY
JgiAAAiAAAiAAAiAAAiAAAiAQDgmEI6EdVYqxNWyTk7jNftk8RGmzNekAh89Q1cnlfskuW/+Lnes
yviUUGevX7ygcUWL0VMW2l2yWA9EG6ohLueLhbkvVn31bstXOYu8luMw99WijNG8OZ++6Fd+nUeO
XPbEqlX0Z506Lom2vuZI6vCnLcuxSTlnya/x+HXPWX2uXue6XZkrozrOf/eCzf1+ggwZqDe7g4/E
VtBBnrido0uW0KyGDV2bI+7AGw4pIJsZPP/7j/qeO0fR48Qxxub0OTZ33BcLuckT7c9cm6twdv78
4UM6vmw5HZozh8RtfaHmzSkjW5tLenz9Ov31/fdKxJbvfc6cUYK0nEvaPmo0re7Rg/sRgb0rdKDS
3bpSjHjx6L8TJ2hBq9Z0/+JFlU+E9VQFCypr9RuHj9CFbdvowIwZFC9lSqryyy/qB3zZfLCZz7Ug
34Y9R2T7vIoqrz9EXI/CIngUDjExvkRJxdM/DwCPrl2ngaltltF5GzagRtyuf14aDvw5g/vfihJk
SE+9WEQX4f31s2c0rngJunXsGDXmOgo2b6a6FdTC+qyZTVg8TUkxYkSmdGkT6KGr463/nrCl9E3a
wgLcsGFbqVWrIlT/izzqnli7Dx6ySQnDcsEsVoqF9Y6/L9LcuYeUVWw9FqBr1shJr157qbKib7/m
8wEDNlKZzzKQCPMRI0akN2xJW6kSW9LuuKDmaMKEulS3Th4ljG/hWLxNvpqtxHorYXnT5rNUia1w
pe4JE+pR+2/8tsLV1sxPn76mIyKEs7guSQT30p9NUALsr79Uo2/7VVDX9YeIQSLQliiRjrZv7WBY
80vfS5Qcp8r9te5rqlI5my6i1lir1vNpxswD1LFjSRo3pq4anxZHJeNhj16UN09yo4z5RATEK+wF
4MULL25j7EcV1rV75mVLW7rsZppfF5bJ2evCnN+cx3xdKjTfs2wggBf12Mxr1a8qHPsjef3rk1UZ
cxtW5Z2Vscqr65JnLHOWQdSgfl7j+dH3/Do6tuVXG+Z6HMvJPWdlzXklj/m7X+XkXkBTb3aNPnwE
v9+9vRAEpC3HvLptZ+PS952Vk/t+lbUq51d+qc+xjORftfoE1ao9PUiEdXP9Urf5u7TvrH/O8jm7
LnXp5EoeV/I61iNlHPtrlccqn25PH52V0/d1O1b5XLmn68HRmwCEdSwFEAABEAABEAABEAABEAAB
EAABEAjrBMKBsM6/FP178ACdXLWa4wofoSc3bqpJTZEvH5Xs2JGS52FhxfTL0bHly0liA4vikal8
eUqUKROd37KF7rHIJTHDE6RPTxnLl6PYiRIb5a7u28+xh/+mCCymSAzhnGyZennnTrp+yIPesFge
i+OnZyhTlhJnzmyUsVpZARFtn969RwdnzSJxAS1J+pauRHF21V3cqmrbNWbhyVakYjF8dNEiFfs4
ZqJE3LcylLZYUTq5ejUlZcvgQi2aK6FEVyTi4em1a+nyrt3M8KgqJ5bMhVu15LwtfAltehwvuFwP
Zi4xz/9lRmJVHpnjY6cpVoxSsmt3s8Wlaov7d4rbuc0CpI6j/c7rDRVv185XG7pvdkcu77JoG9C2
OP/bt1702tOTxpcspSzWu7F7bLH61WKm9CWSyU23uDw/tWaNcu8t92SOkrIlf7aqn9NbttbyYDH2
KVu+y1glDnXCTBkpZ82akjXwidftbRafj8ybT2c57ry4Ihf39eLCPW/DRpZrUObH8+5denDxEs1q
0EBZJbdet9a7DxHIPVVKevf2Hbso/7A4vooTc/xnyu+0tH0HqjliOIvJ3UjclEuSuN2RZT2LmmhK
WlgX1+ht1qymEytX0Zm//lLMMlWoQJ+xK/LYPA9WSdbu0YWL6MDMmSq/5EmYORMVad2GMvNz7NiW
VR2uXFveuQvt4vADvU4cV3OsywjX3/jZv33qFNWfOoVjmrdRt+6e400MWbKo87psAe4YtkDeN4Mz
ZlL3ux06SCnz+1hQq80jtWrb1ScZX/HanNP4S/UMZedwDC2XL7MMCyE8RxcoqLxB+Cesb+j/E238
+WdKW6IEtd++jdwsXN6rTnp/vOM5nFy+gtpk0Iw3UOSpV9e4fXTJUprFFuzSNwlZIXUFlbBepOho
ZekponKe3NaCru6IFnKmTmlAbVr7hDYQobx8hUm0e/dlGjWyFnXrWkYXUUctZJ443ke5rJaLvJxV
EnfUBQuNpKxZkhjC4OKlR6lBgxnq/s6/O1NJFq/NSYva4j792NFehsW61CWWq7v3XKHBg6pT3z7l
zcWcnu/dd5WSJIlFjhsKfpu8m2NzL7Ec0+IlR6hBw5lUq2ZOZWVufif37beahvIGBEcXzf/dfsIu
yYfTnTtP6dzZb1U8dt2pzl05zjBbn44cUYu6dyujL1seRbwXZv/95+nLYt+ygIsXZZPDqdO31QaG
wYM304KFh3kjRU36vEo2tvZ+pazv+TVJqVLGVRsgzNWKh4HVq0/SihXHSMReiZOcOpU71WfBV1w8
R41iH/Jh565LJNyjRYtEL1/yRoHiaalYsXS8Fm/QrNkH1UYMNzcOTVI3D3Xr8hlFjWpf3tx2QM/1
etQirLPyskbvsaX74iVHaf1fp3kTyFt68PAZFS2Slho2zEfFOc68/RvXVpOwWL78mNpQIptSZBwl
SqRXa+WfvVfoyZOX1P/HyhQtamSjaZnTzZvP0WbeOLKHvRpIW5IqsRVvxw6lKEXyuEZeOVHPD38c
PnKN46SPYs8H6WjjxnZ2brRlTUayiFd9jMMJbNh4RrGXujzZnXyTLwtQmtTx5atlCiiLy5fv05Jl
x1QbcWJHo7JlM6qQDit5Q4qMrXSpDNS3b3lKkti2kcWy0QBc1HN6/FgfDhERnbZsOU937j5V/8YQ
N/nlymXytQal+oBylzLCYi/Po6zT/fuvyiXKmCEhv3syqlANXm/e0aSJ9YzNNioDf0i5ffuu0MxZ
PuVkbdSrl5daNC/EG2ViW66nZ/zsbdp0jp+re6qqxIliUZUqWTk8xzWqXmOqr/eMbs/V4z4ew987
L6nnPk1qd95Ik4vk+TzkcZ038fC/rzg8RdkyGTncR2K7/okHiKnT96p/j8o/Pby83lGnDiV549Rb
WrToCC3l97isf1m7339fkQoXSmN0SZ6rmcxPwllIsr0D0lHxYmnVd/PHXma2c9dlY71K3s9KZ+D6
Uqt3zYqVJ4x7Uk7Wfds2RY35lg1Ja9eeol389+no0Rtq/Qn3li2LUMsWRfg59P1ukbkSryRz53nw
WA6rMhKmQ+ZYQqXI38KcOZLyvBWmR49fqM1S8s4TDrK+EyaIyc9UfrUG5FmTZ07edZLkXda8WSGj
f+oiPmwEIKxjJYAACIAACIAACIAACIAACIAACIBAWCcQxoV1/lVJiVC1a6uJNIsGSuTjX4++2bxJ
xTOWDCIIiwvj+yww+kryS5Mk+UWez5uzaJSbLaPlZ0aJ8X2EhWpfyVyGb1b88Ueq+MMPLCjZfoRz
zK8FaX8t1mVcK1fSjLo20Up+PJPkp2ttznR+61aazEKkStw37xHZCcM5aoro5SPI6T6JpamM2ygj
lTCLtCVZcON6zXGf7crYWvMRMIUfp+zVqlGjmTMoZgIfq1Jx+z2KBcQ7p06rPDJHAXInz1W7KqwH
qC2uV8Wx//Zb1S9nH7K+uh/2sG3W4DL7Z/xJC1nAVWvGu1DSnDmox5EjasOFCKcSBkAnEd1lI0JE
3rQQmCSi5pZBg2j9Dz+q4lbrveqgX6lsr97cRkSVR8r8UbOW2jjhrE2pp8rAgVThO7/H76y8XBfx
fnTBQkZ8b2d58zVuRF/yhgOx+NVJC+tqDcpF73WoVhKvkbhsud2DN3zEjO+ui6jjJY4JP7FUaXVu
x0KucLnc9b+gRn/8SVFjxVR5PuRDC+vautyoizu5nMMz7GLx3Cygr+nbl7YNHeZUsJa1P6t+Azq3
aRP1ZLHePZWPy2q1xvle3QnjlaW70RafXNmzR1mj5+UNEk3mz7PjqPNpnuIBwC9h/RlvShjLcyYb
jf63eTOl42f9GW8UkHjycdglvPr1XVfqfRTL9DGFi6iNBH3OsoW+bCbyTnfP2zwimF3QB7Ww7p/I
KF1ZwkJJfRa8HQVjuTeXXYd/xa7Dre5p0UuL9yKA167zBzVtWpCF09zsWnwwpUgRl7Zu6UDveP7E
GvvAgWv0I4uPA/rbew+QtiSutFjpZsyYkDZvamcIlAc4DnzhIqOVJfdhj54UPXpkevbsNcWMGYXi
sbt4/Q6WOvxL0g8R95eyOGgl0m/ecpYqslW9iPtHj/RU8eWlzocsvEq89lMcE/6fPV1ZhE1jNKUt
09OnT0CyySB6NB9hVbN1Jc6wWNPLhoigFtZPn7lN2XMMMfprdRKbRdIrl3+g+O4+7velnAh8VvHY
GaOaj+3bOlK2rLYNRvKMVq02hcXds8bf0BG8oUC8JbRvv8R4PKSsJEeOtquB/9Tr0b81v4bFuBo1
p6qGzO9B+beL9E28NkxhN/nx4kY3OnOZPQpUqDhJsZCLupz6d5N3LitPC114Y8U43lhhLiPn6m95
7KhqvchGBUnq+WFvCSIW+pUcN57ovLKJY8KEXeqr7tf+fd043EFqncXXMaAs/pyxn1q3ma846cr4
zw8n+bDxEw7Hj/WmxIk+XFzXc6rbUi15P/B6DW7ijQe5c9lvHgoId133oCGb6TuOa+8zHtsdzdJq
fp2HtrDNsdSw/q//kYSuMCcRlYsVH6su2dqT/OYc7JljfD3q0N5vzxz2Jey/NWo8ixayeOyYHNv7
4YdK9OMPlY3NGvLcSxgN83wuXNCcOnRcot5/5vKOoT5WrjqhPH7Y2rStB2fjkGdw7bpTxril3oED
q9J3/SoqQVu8gGj2Up88c/fu/qLeUfpdKWECbP3xXhTea1A29Gzb2pEiR7b/t+PWbefVZjFbfepT
Puza0e/qM2fvUK7cw+zuSQiNy5d+4E1f0dW7bv2GM6q8fJj7Z1zEiY0AhHWsBBAAARAAARAAARAA
ARAAARAAARAI6wTCvrB+il0i/8EWkrnZUrJE+/aUNHcuesYxgFexpexptnrNIdaTJsvOh/9eo5lf
fEHXDhxQky8/HmXh+MIFmjWjFw/u0/JOnW0/PPH1NmxdLe6Wnz14SH+PGUObWXzUSQThqoMHs+Ac
iUXZoXT75El1qwK7hv584M86m91RC9L+CutcyuvlK7q6b68Sua7s3k1r+vbzU1j/7+QpGp4zp2pP
xtRg+nQllD1mC/6NAwYoC1O5qYR1ttrXwqbqU7Hi9JDdSIu4KnG2o8dzp7Pr19OcL79UP6512rOb
0hQtquqWDz0OLYRGY9fd1YYOpfjp0rL1/1baMWKEYpiILXZ7sWDvFsVHmBHx7fH1G0qon1mvnvx6
55pbfGmYf6h1VViX7C63xfVuGTqE/vr2Oylm/PAoHO0Sf+/uIcJ6bnVZ1sUF3nQgVrqSROyUePFx
kiVT3yV2ucSuFuEyW9WqVHPUKDtX4SqTqx/cx92/TaJlHTguOvdD1nuVnwdQ3BQpFE+ZY4lxLTzr
jh/nI8hyuSOLF9Hl3XuUoP/36NGqxaxVqij342/fvqWXjx+rvmf4zCZSu9olcz4R1scUKqyEdW5S
IKq+OBCkvI1EWJ9trD/JqoVgvblDBGqx+r/yz16a26SJqqsxb9IoyM+oTnfPX6Ah3qJuqsKFqfbo
UZQsd27y4ljxh+cvUGK39EFcsNdhHr7mUlfk4lEL613271PcpNg7Zndx+w76vWJFVUtbft9krVJZ
jWdi6c/UO6YxW9IXbNbUshVZn9c9Dqt3jDxDOvkI674t3Y8vX6E23Phnsa5d6/slrIvniGHZsqtm
o8aOrSzidR9kU0K9iRPZG4ctVrq+/vopC+tFitDLJ0+o90m2wDP1W4vuz+7dMwT9Tymsi8V6a5PF
ulgfipgo4oWVOKJFr1Ur21ChQqno0aOXVK36FGWZLYKQWEeKsCEi9JWrDyhdetvfA7OFu+akj2J9
+IgtEat+ns1Y8/Pmeyg38ZKnzGcZlSt5nf/XX6tSL461HtnJ5iydTx+1S3n5biXAihVkocKjlAt8
ETBnz2qiHs2OnWyiUqpU8cjjUE9luajr1MK1ldtuv+7p8vqoxaKgFtYlDvkvv2ykmLGisjD2H61k
S1B5Vf/4YxW2wvRi69U3FIvvffdtBWMzw4OHzznG92BlhS/vgoULmlGFCpkVi20sTtVvMJPPbfHg
T5/qZwjyN289VvHaxbK4/09/6aGp98lEtvbNwJsPhgzZoqxmDx7obmfdb2QO5Ilej1bzqqsUK96i
xcaorzKXC+Y3p1y5kinr7jkc2qBv39VqjDWq51AeC8Ra9Slv4ihSdJS3qBiBRIisxxtH3rHnkz//
3EfjJ+xUZayE177frlFhFnr1KkfNeMOJbDQ5zd4D6vAGlNt3PO28Jnjx+7Fs2YnKM4N0UIuKju/i
lOxZ4OgRH48Oemz37j9ToR2iR49Cv/y6UQn0Qc1CNr+INff/vllsbLgYyd4satfKRR5sCS0bdORP
maP3C93HgB71nEo54SAW0iXYo4A8V927r1SMYvMGBdnckz5dAqP6gHCXQvLcZ+WNQOJ1YvWqNlS5
clb1jJw7d5e+bDKbLaJvKsvzM6f7Gp40pFwvdlU/gl3Vy/Mkm0gaN8pPIr7KHLdpu0CVk3xnz3xL
mTPZ/jbod4Jcl7xDh1Yn8aqxjkVmvZbkntU7V667mmRMo8fsYLF6o1EkCYfEkA1F8l4eMnSzeh/I
fH33XUX65eeqKp+sw8OHb/BmoufUjjfEyMYaSTLGOrVzU7t2Jegkv0e6dVtBPXuWpaGDq6u5kTzi
5WTv3qts0R1ReTrpw8+Ts3HIe2kZb3D6pt1iKarWjIQVcefNUrLOzrKwLRuqJEmIjbZtilGunMlU
W/KulOf48uUHPL7PSZ5Xd94UtH79GWr85SxVxnHjjnjtyJHTtsFI1tL0aY2oJHuEuHnzCYctWU/b
tl9Q5URYX7GsFXmxV6KDB69T268XqGdfnu8d2zsqLyySUaz2u3Zbrqz4xSvBooXN2WNDeoOFqgwf
NgIQ1rESQAAEQAAEQAAEQAAEQAAEQAAEQCCsEwjjwrr39Ikb6wgRI9Dr58+VO+4oMWOSCMqDM2b0
bRHNP7ppK3f5MarORBav2BW5Ti8eP6G5jRsrUV5iUfc6fkzFEH7AwvOv6TOobIVbt2bRaYLhzlxc
cW8ezJbE3/+gfoTqe+E8JUyfXldpHLUg7YqwbhTiE9V2hoxOhXVxsS0xmw+yiBePLV87/bOH4rHg
qpPXmzc0u34DZQWfg12Ri5tmO6tpZiLxusXK24ut+iVFixNXuYgWN9GOlvJ6HCKECqNOu3cpzqog
13WeY0RPZjf7DIOasaibRwR0x8T5xKpX+uxSvHkpz2UCIqwbTbrYlgil4m5b4lM/ZxfuPY4cJnGl
rwUBqc+Xq2yue3kXm5tw2cTR3NsFtuR98egx11WC7pw+TV32SxztAnI5UOnJrVs0IDnPKTMt17s3
b+oYZPeDp6xB4bl9+HA1Fz143cZ2EEVlfkX8Fhf+fc6cpigxfKw5A9Uph0LCL0KEiCxsz6e5TZsa
68bsCt4qrrtZWP96wwbKUskmVEv124YNpzV9+lDNkSPps+7djBaVlfh4FuDZM0JL9sBg9qggmU6s
XkV/sjt1SX3PnVUhH9SXQH5oYV2Ka7ft13mThU4SQkJirMtGGy0wi3t4WUMqHIXO6MJRC+v1p0yh
Im1aGyWuHzpEs9ndv2zUqMTeMSoP+Mm4Zz7RPP2zWNcW5rqsvA9TsEeJGzwuWfMypu6HD/O7wMdS
U4vxZqt0Xd6q3U8prIulboWKNnf84vJZBFBJMs6zZ/r5EkHtRS/bqESksRJSdMxoEatPnuhD4kba
1WR2IS9lpD8ictxhYVLaa9WqKE39vb4hxDur1yystG5dlKZMti6j+2pVz6mTfQ0LbX1fC/9akNGb
sOS+rsvqni6vjx9LWNf1y9GZ239zHjkfNnwriSgmluyHDvoWwC9ctMUAF/5Wbu51O1JXhgwJWJDq
ZOf2XMS7SIH0RCJ1WiW9Hp2JyeKNpHyF39TGDHH7vHHjNxQrZlS7qsTitnad6era3zs6siv2DGw9
u59atpqvrlmFMJg0eRd16LDUUniVQoyIw6a8Yy8Lr5QYHzdOdPpr/WnlDUBbx4qAb05afJX7y5a0
5EXvc1f85Djm97lrO9P8g5qF1K5DFsiGm6Xct7p1bBvn5N648X9Tl67LqbU8k7xRR55VScLA1WQa
Kuk5FQFavFiYre9ls04FDlVxkYXfTh1L0bixNo9Fup2AcNdeJ+S9IuEc4vAc6fTmzVuqW+8POsNi
vgj4es2YNwttWP8/qljR3ipdypUsZfPS0ZFdqUv/5O9E3Xp/kqwzeS527+pi5zbfvPHH6j2q++Tq
0dzHVq2KsCv7LwxX5dIXsdL//vt1qrqLF77jzQkJjarN8yzTOG1qI2rFbtZ1es3he6Lw329nSbft
1zjMbUzh9dLWtLFLNvfIJicR9h37Jm3qNaU3B8k1ebYGDFzPQvkGu79DMlaxgJ8x8wCHvIhH//zT
1df7qH79GSTu5x2fSe11RNaG2RODuU6/xij9CvcJwnq4XwIAAAIgAAIgAAIgAAIgAAIgAAIgEOYJ
hH1h/emdu7Tvj+m0rp+1G2tfrsb51yslXLF1saXIzGtCi+jyI2pPFijFhfddjms9JEtWP0XLCSVL
0bWDB6nxDLGu9W2lqgXpgArrqu2s2Qyh0nHZvnr6lMRC9TYLuK1XraLs1as5ZlGx138rV55jrRej
L36f7CPa8A90F//eSRv696eLO3b4Kse/JPtqV4/jv+PHWcT/h9IUKWxfjhlvYGvqjT8N4DjtrVSs
aLM4ozJznuVdOnMs+MXBIqy72pYeW0DmSCzTB2fKpETv/7FrbxXbm8f399gxtLJbd4593pCazJvr
w9yelkvfbjLrkbnzOF1/UskzjlE+loVzWb+OXgbkvqwT2TQQkLFJuQAl/XzxmB03ZDirxyzI9jt/
zs4KWrs+N1to6/yysUPcxItltYjZOrlxHPcHV6/S6h491CVf7tt1xgActbCuhRVzUR4y/yr+nupN
mkTFvvmfspqX51H69yHCuljgx01hcwl8/ZCHzc0+P4/R2Lrc0X28uT+aj3/Cuhbwk2TPTtHixuGY
7cvV+rq8ezdNEBf7PCZz3Hhp48GVK/RruvQUGoR16a9tvmwufOW7WOKJaJQ3j8/GI7kuSYteYsGb
MUMiun7jkXKlbGWtqgXmwAjruh1ps1OnUjRieE0l6EzjOMBtv14ol0msnwvkT6XOrT6uXX+k4peL
RaoIWmaBzJxfXDt/8cWfykWxsGjZsrCKnTt58h4lilWrmp0WL25h5+593V+n2FJ/KllZrIsAnSnz
ICXWiBWkr/e6qfHgENa1SOSXEGQWjKzc5esu61j1jkKU3NftFGUB+691X9u5Vdflg/qo14kzMVms
YPPlH6GEOhH6xbrUMcnY67CIKlb9o9gSuyvHgW/79SKa/sde6tO7HA0ZXMOxCIvl75TwvptjqB/2
6EWx2fpfp7Pn7tDYcX/Tb7/t1pfsjlZrRjLo58XZfbtKLL5o/kHJolvXMqol8zo9f+47u00yWqB2
XBPi8lusnK3+Hujuv2Ir5Pz8DFetkk1fMt4xztarOXSDbHrR7APK/RnHFc+TZ5gS6cUCXjYGZOCQ
FBIrPGmSOOxpIA6HtkhKMTgMhU6asXwfM6YO54utNk7o+1GiRGLX/DvVRg7NQ+KIF/b2frCXxd0i
hdPo7MZxwM8b6Ce2oHY2ZiOjCyd6Hcl7/MTx3iTxxM1JhO0SJcdxiI5/aeaML9mrQiHjtp5n2UCx
YH4zatggn3HPlRPdtn/j0BuTVCiNYxxKw5vxpMm7ecPKEvaiIhunfDZpSNvyb4idOy9S//7r7TyY
mPtlblfmt3ARm9cJ8UhQvVoOc1Z1Lhb0ZctNJHlnmTdd2TiMYc8tN9nzh81VvRTQ3i+SMNvTDp4M
fFUe3i9AWA/vKwDjBwEQAAEQAAEQAAEQAAEQAAEQCPsEwrawLkKiWOA+YAtO+YFTxJ48LOg9Z1fE
YjUrPyo7FdY5n1iEFjVZhOr1oMVVEY6162ctrOdjV9Yikvr6QZV/GVNWtCzyORMUdb0BFTb9E9Z1
vdLf7mIhy4KcS4n7vIdF9qXt2itRWCyr8jSoT9Hd49NNjgV+de8+VY3jeHR7YvncS9xBs9Bnl7he
7RXAMaa7kU94hRFhXX4VXdOvH8fUHkrpSpWidlu2KFfZw1iwlJjVXXmzRcr8AfsR1+AkJ1y/x7x5
NPerr5TLdmextUU4H5knrxLWrdaBnreArj+7vvj3hfsaUK8CfgnBdy+wy/dMme3GLflHFyio4nzz
g2g2frTsndUmA8uMflzUwnpn9gZhDovwnN9B+zmO++pevVRpiTsu3iJ0HPJWK1eq8At+VO3rlha8
5Yb5PSPvt/LffksFvmpCMeLH91VOX/CLp84jx3McV/33ipXUJcdx7fntN1ravgOHhqjBgvsyw8OF
Xd28kccc996T1/qInLlUfdoF/ae0WO/NwmGL5oXpbxYs2rVbLPsElKvfYUNrWq4ZLWTqGOsiMObO
M1yJ0T26l1Xj0h9acBPR6ihbfaYzuW3WeZwdhwzdQv3YpbajOGQWQc0iimM9l9j6vljxMcrNs7hC
PnigB6Vkl9xWSVv6SltiISuuhyUdO36T8uYbrpiI63txPazTxUv3KGOmX9W15Syem62J9/xzRcWW
18Ka+Z4ur49ayApqV/C6fjlqMdAvXmYR6tDBHpQ/X0pzFca5WH+2bDVPWbHKZgrzpgHdjtUmC6OC
ID7R69GZmKzXoFienjndz86lt+6KrKn6DWfQ0qXHDKFR1+soPOoyzo4eh69TgYIj1W15L5Urm5Fj
NienC+fv8saN0+rfW7IurDZcaFHS2X1nberrmn9Qs5D6/VqnVv0Wpq3aLKAZHJ/dv+QYs1uz1+8Y
x/LaKto8p4Hl7hMfnF983knegToVLZqGNm5oZ4j3mrHcN//d0fnNx1Lscnzrlg5qw0S27EPYE0RU
tsL+3pfQLWX0O8ivZ9Rct1/nej4aNcxH8+Y2teynZuzYnp7nBw9ekHnTgl/tme/pth3rNeeR88dP
XlL+ArYNL5s2tqMK5TPbhV+wWsOTp+xRf6P4seLEoZzq5yX3+NE5RMJN2rvvinpPm9vVY5FNAhJG
IXcu2wY8Ke1K0nMi60zWomyiqFOXN+Cw54GpUxpSGxb/kfwgAGHdDzi4BQIgAAIgAAIgAAIgAAIg
AAIgAAJhgkAYFtaVgLeYZjVoqMTzNhzfOGW+vMasveC40eOLl1Auve1cjatyS7hcA6rI7pSrDPjJ
KKNPXnmyBTjHFBcX3toiWwvraUuWoPZbtymXzzq/HEWEWSju2GfNCnZhXVus21yO+8SANvdPnesf
VdWPd7ZY6WMKFlKW7lUH/UolOR61xFrWeQ9yLOz5zVv4Go8WaB+y9WpPFvPdUztYVnI7Hrz5YO5X
TZ16BRCxOMwI6wzM7OWg095/6PbJk2o95OOwAo4xxW2AA/Z5df8BGsexrcX1fk+2hI4Sw8e1q65J
5kXm09k60PMWXMJ6/Sm/88aVNrp7To92Yi27qI/p7m7k1e7KlcC7YrkSu8yu1j//9RfK+vnn9Jbd
3FslsV5PljOnL1fxVnn9uqaFdSvrd+n/8Bw5lYt2uZ+yQAGayaEXji9darchwK/6zfe0sF7h+++p
Uv8f6S3HjZckIS5cSX7xNJfXmxbkme/H4Stis3Cv067x43mjUBdf/Tezd2Rx48gRGpUvv/IioOOv
f0ph3SyC/vHnXmrdxmYNrl1i67HqoxZkzMLHrf8es8VhFF8WyhLvt2Ahm1tfczu6Lr+OWsDKnDkR
nTrR1xCuRbCrUOk32rr1vFPrTi2mSv0iiuzb243SpnG+yWLM2B3UrfsK6s0xsYcOqWHXLW2hbRZs
JINuwyzu6YLajbgIW3PnfGUnPus8+qjFn08trJvF5fnzmlKjhvl1F+2Oi5YcoYYNZ/pynSyZ9Jw5
srKrIIi/WK1HcxPmNSjCepbMPs+vOV/7jkuUhbnuewf+PoktzsePr0cd25c0ZzXOHf6poK7rcvVZ
9BszujYlT+azmeP4iVu8CWWYU08GWpT8WBbrgWUhA/Nrnep+O24I+PGnv9jad5PBy9mJeL8Y0L+K
cVvP6bq1X9PnJkt2nUG7zJeNMDr+eWC5i0eDJyzyHjx4jWQzzjsOF/PixRsW08/Qrt2XVZN6TciX
xbz+G/D6l+d++bLW/F7y/oei7pzpmDx5XOWCXG8EEGFdXM6LNbxj0hbc5rYc87j6Xc9HiRLpaPvW
Dhz73M2uqNr00Jo3PXC4A8f2/Jpnu0qcfNFtO9ZrlX30mO3UvcdKJZCLdfzqNSepVu3pJBsttm5u
b9dv6ZdsWDl16jYN+rUax18vZWx2kLrnzD1ETZvNsRuPebOQ+e+VVV+srkmbpT8bz5b911S90q88
eYdTYDywWNUf5q9BWA/zU4wBggAIgAAIgAAIgAAIgAAIgAAIhHsCYVtYX9qxA+2Z9BuV5ZjT1YcO
8Zlt/lX46r59NI7dnju1WGdhPVqcONT1wAFb/GXv3xDlh7l9f/xBi9u0Vfe1y2UtrIuFbPPFiyl3
3bpiWGJL0h7H0B7HYrxY+og78Ezly/n0x/sssMKmfxbrEjtbuaHnsSjX62yJH9Ec45T79/LJE9rN
VqhxkiahQi1aqB7pMUmff7pzh2IlTGD0WeLWz+Axnly92qmwLq6uFfshzF6z4BpkY8L4kiXpFovu
1TgWeDmOke0rcZ9CorCuNylIjHWJLx0nWVKfrnOf3771UpZ5kSL7uFBVGfietlrXBYSr1JE8j4se
BHRBi+Pd82y5nTmzmJJRqxUrSOK5m5nLRoUTbB39Z506ag325njfiTNnsqspsOvPrhL/vnA/tMX6
5wMHUoXvTCEa+B475abXz59TVJNI7JcQrIX1vPy8akt92cQyuXwFurh9u4o1X55jyztLssEmelwf
AchZPv+u+yWsi9g8gt30S+xzLTYf4XfEbN70I6nthvWUtZLNMtzczlNeY2fXr6f07OXAPXVq45YW
1h3dsBsZ/Dnxi6e56KPr12lgKlu74nkiKXtY0EnegYtat/FlsS7vx2UdO/F7dxLHvR/Bce+76yK0
Y/RoWtW9B5Xo2JHqjBur1uGnFNbNAoismfIVOR719gskLnrFSk+7WdYD0KKXK0KFcOjYaakSKEWI
EjfI6dL6vD91nefO36H9+69R3bq52O1yFHVZu3t27IfU2bzFPJo956CdiKLrMluuSlkR1RMmsG22
ELe/kSO7+doAoMXzH76vSD8PqKqrUsff2UryG7bkN3OSG2bRxrwJwczQFVfKHypk2XXWyRdXBe/O
XZexkLyTZDPDsaO9jbjMutoXL9/QZ2VsQlPHjhw/ekxdtX71fVfb0fmD4ujfejQLcr28N06Y/gyr
Lly+8oDSZxiozpewy/96dfNQX/aWMJS9JsgaOuzR0871uWR8x+twwQIPunDxntqQES1qZLs1sYlj
uVcon0XVKR/8WidZZ+Lm2plwrkVJsXTewpbOkU2CqJSXuNLiatyx/1K/JM3f2bMZWBZSt1/rVPfb
2bikfECSnlNZh+Jm3+yKXbjLO0Xc7CsBdkt7evXqreHyOyDcteD9vfdz78i1b7/VNHTYVrtnf8ff
F6lM2QlKWJf3Y7KkvkVymavnz1+pDTXRo0VW7LQobBVmQcR98a4horHjeyYg3HRePR/yfemSllS3
jv2/rQ4c/Jd5jVbZxUNH+XL8bybv5Nc86zx+HXXbrozjxs3HlDLVT8qSX/42dOi4VP3tkTASVSr7
hAaQ9nS9cn7v7i+UIL7PBjr5m6BDOZjbtbm8t8W7lzjxjh42pC7Pp69o0qRdJF5NxHOLY9IhP8zX
p01tqMIGmK/h3IIAhHULKLgEAiAAAiAAAiAAAiAAAiAAAiAAAmGKQNgW1rezkCNxlLOxxeoXU6co
F8zPHjxUYtXcJk3UTIqw3vXgAYrHsZhV4l8GlXDFQp0kEde/YrfxqThOuNeLl3Tgzz9pPVuySyrS
urWKMSwCqRah1Q3+XnfCBMpVV0TMiHRh61aa8+WX6pZYFPc47GFYfr97+5a82KJVkoi2IsBJfV3Y
sjVmAhZi+IczSY7WqDpmdISIbtz2WRrJlqA1R46kkp06GhasblGjklukSOqXbe16Xeoqw26py/fr
SzHY8tfr5Ssl+s+qX1/FaE7C8eJ7spv3iG5uKu76iFy56endu9R0wQLv8USgO2fO0vbhw+nAzJlK
yK05YgSV7tbVEBrEBf9EjsF8+9QpaU6J66W7duH24nPZMzSveXMVX1rGKa6xE0n8cU6yAeDdmzfq
PIJbJI4/3pVOLF/hPwsWYoWTW5SotHfqVBb2OjpnoWoPfFvGJgV23y68S7G7emn7wZWrdJTF0nXs
8j1RliwqdnbkaNG8W7MdHl27RgNTpzGu5WvciK3V5/hp1Wlk9ufkPQuD4j3gENfHE0Etli2jnLXY
pTWfi7IhGyD+qFVL1eLYrl6Dsv5+K1deeXHwb/350x3nt7kvp9ato+nVq6vQDJ3Zej9BunRqY8c1
3vixc/wEOskbAFqtYhfpsjmAk15PzziEQ7dDB32eVb533cNDuX0Xi/XmixdRJF7zkrT4LOd1J06g
wi1bUuToNit+cUl+guOFL/nfN3JbhXNIXcgn1qq6GIAPL7YYX9G1G/0zeTJ1+HsHpWbPATIfYiUv
c759xEg6MGOGqlEsvxPyO0CL27L5RFKD6dMoP3svkD4+4xAKIqjP/dL2jqryy0Cq+N13Kt9bLy/a
w+EkpL2ao+R576Sed+NZV7msP/Tz9Yb7K8+n8JR3n7xnIkSMSI7rVX60X9z2a9o3fTqlLVGC2qxd
ozYh3L98mTcJFVPvC0fxXFrWLuTF0r3T7l2ULFcuunXiBMm7RNI3m2VjUXl1HtzCuhfH2J06bS+1
Z5FPx5RWzwj3RotN0jERmn/8obJhOSiii8QVF2txEZOLFElDb968o5gxbGK4GozDh443LpdFXF+4
oDl9VjqDsgy9eesxzZ3roVy+y/3du7pQ8WJp5dROpOz/Y2XuRyX1jti0+SxVqjxZ5TEL2nJBLHKz
Zhus3L/Ld7mfIUNCFiTf0lMWUMpXmETZsyelLSwmmV2Yr1h5XLn4FYvSXTs7Gy6DtWWs1KUFVznX
SWIiS2xkEV/FfXq8uNFp0WK26G40U4lFZ8/0Y+HN7w0rHypk6b5YHZ+/eM1x6d1o/oLD1Kz5XDXX
YukpPCRFihTRTjw/fOQ6u2ceqe7V/yIPx4r+ghInssVnFq8E3buvpAULD6v7Zjfdr994UUR+x06c
tJu6dluu2unE7bzybidy5IjcD/4bHERJNjVIEmvhRo1nqdjo5vUo98xr0uyJQYTNLl1KkwieksTd
v7h3vnTpvrJEPXa0l3IXb34OxB34nNlfUYb0CVUZ2QjStdsK+uuv02qer1z+keK7x1AeefTGFFmv
PXqUVYK8rPNZsw4a61wsu2XThd5EoirlD3ObWza3YzfymZmhF505c4em8AYPsaDv1bMsSZgGSW95
Y9/LV17qPCrHBV+w8Iiy2g1qFtKAbEopWmyMeo5kradMEU+1Kx96M4uMa/GiFnZrysjk4om8mzp1
XkaTf9+jSgj7GX9+yewT0K3/ntCIEdtoHG/+kKSfSfNmloBwN4u14vL/y8b5jXedPDtimb527Sk7
sdu8oUae+7Vr2lLWLElUf+Q5ELfjw4dvVe8Bs4v7H/uvo4He1vticf3NN8XVpqVzHCKg8ZezVDmp
ZOSIWtSt62fGvyNVxQH8MI9Lik6cUI83LeVW7zx5d0t7kqT/5s1TMrZnz15TkqQ/qHf1wQPdKQFv
SuI/gSqZnynbFdun+Xk8d+6usuqWvyvmd4CsT0fLeSmtNy/o+qRPJ45zzHXv51Nfl/WXM9dQ9W6X
vyF16+RSjM6eu8O8tynre8nryE+7c5d78uz061dBPd/yXO3ff5W+qD9D1Zk9exI6dqS34RlF8ksy
i/PyXazVA+MiX8qGuwRhPdxNOQYMAiAAAiAAAiAAAiAAAiAAAiAQ7giEYWGd5/Iai25jONayK0nF
+maxLSIL4WZh3VlZEci77NtrE785k52w7qSQCDgiZKXM7+1qln+0U3HXWYT3K9mV4zKu9E/qi5cq
FYnLZRG43rObz9U9eyqrUd1WMo61roU9dY3714YF2GzVbJaLIg7O5A0Gx5cu00WcHqWPEm9eREax
jpc2X3l6Os0v4q9sWMjX0LaBQbsp12K804JcrjGLlAWbNVVZXOEuGY35ZQExsG2pBpm/iKQLWrVS
X60+0pcuTd9s2Wzb1GDOwGU3/vwzbfjpJ/XDqFWcc3P2gJ57sleB8cWKK8toKStzIJsWxPL4Kd+T
JGuiK89T7KRJ1XcR3RexO3axQHaamHlbFsOzVqnsNEtAboiV+Oj8BYx+JmFLaMd5F36ZypUjtSGk
Vm276rXorq3EzTdlo0ZittwXwWFBi5Z0aPZs43Ye3jwiQvfVvXuNa8JI5iFh+vTGtYCcqE0C1aq7
VKTuhPFUgsMp6GQWqPU1x6PETdebD9b07Ufbhg51zKK+m13hW2V4wGEZfk3n9xh7MIfkefLYFdfu
4O0uen+RvvXgTThx9Fryvi7iv8RmF48BkuR9JxsgJEk/WyxbajwbwSmsW1ngSZ/MVq7alblclyT3
Nm06S99+t9Z2weHTbCXocEt9NYvhVvflWrVq2ZXobhZv1q47RdVrTLUsYuUu+OeBG6k/u5/2K4n4
t3ypfUx0EYaKlxhjiFtSvnLlrLSB3UFLErFHYvTGimnbsKIu8sd/t58oEenOnafqkmwc0Oci8HTv
VkZndXr8WMK6o7hm1QGxCBYRy2wZPfn33dSu/RIje/78ts12Hh7XjWuTJn5B7b4pob5fv/GIUqUe
YNyzOhExSgvWVvcDck1bZftXxhx6QMTaVuz6Wrwc6GQ1rn/2dKWivFlEJ71JQn+XjReenraQE/qa
iKR9epczNmpoDwf6vl9Hx+dGNvHIRgFpV5JVe7/+Uo2+ZXFQkrbsVl/8+DBb6waGhdU7Q2J3N26U
35cwKt0ITDxrKWcWT83PktxzTB07lKSxY+p8EHfHZ0R4i9WybDgZPWaH0aRskMmcKbHxff+Bf6lI
0dHG99y5k1EaDjWxevVJ45qciMg/4KfP1TXZ9FOy1DhllW6XyeKLjF3CFrjHi2Fx1/9LjuNyVkI2
SOTPZ3u+9SYhZ3nluvmZ0vlcfR6dCdI6pIauT68r/V0f5dmo32AGLV1m24Snrzs76r9nUq5nr1U0
avR2I6vMl2yAMKc1q9tStarZzZeMc+09RS7IBoxmTQO/AdGoNDycQFgPD7OMMYIACIAACIAACIAA
CIAACIAACIRvAmFbWBfR8NTatTTd2/JVz7UIbJUHDKDDLOxuYnfUksT6/Ispv/sI6w0bUn12mZ6c
xedd48exJfBclU/iDFfmMoVaNKdIHJ9ZJy3wiqt1cW2+b9o02sZW3ZJEvBP3x2LVHTtRIl1EWRKv
79/f6IPPDfszEa17Hj9GSdmaXI3J2+LXPpfvb8o6nsWyqLFslnfKcnnNGiWkaqFVlyrLfS7Rvp2d
y2m5Jxb+q9mds7JO984sVvw12RtA6oIFaXLFikq01X0UMV6s7iVJvhrsDvrsxo10bLGPYJG1cmX6
nF3Ap8yXz7tGWzz3SZ+VIbFa9jMxixZLlijrecmnY5f7WYZvCv/aY8eoH6NFWA9MW7oN2aSwna3V
13CIAXPKXa+eWkeZKpS3jtnN63ELu8Vf9+23dt4OzHV86PmrZ89pN1s0r3V0r8/cqg0erDwaRIlh
+tGa++TfGpS5bb9ju3JJ/qH90+VvnzpNi77+mq7s3q0vqedEXMPn4c0cYsUuyUq41qK7o9BsFqGl
rPywfGThQprT2OYtQq7plJnXbaGWLSh7tWpqnerrAT1q62xn5eTZl/dNkdatKG3x4r6yveTNJ1sG
DaatEi7BIdUeM5qKMiNtaf/3mDHsxcHHtbo5u1iuy/qWubJK/gnr0k8R8M3u3nU9t9nLxHTePCCu
7HWKyx4+/rdpIyXJmlVfsjtKaInZjRrTmb98xN5szLrpgvk+7yMuEZzC+l/rT1PValPs+imCkrji
zZ7NttFE1oy45RXX1ZJEKBMhQmLYWglerogNYrneu/dqWr7iuF3bUt+U3xtSTRa8rebNSlwXa+qp
UxtR3DjR7OqyGptdBv7iTPC+d/8ZdWIX09oiW5dztNzW1/VRhKHPykwwBHW5LuJn3z4+YqvOa3X8
WMK62frZql25Jq67JQa8oyXpIY9rSoySkADmJJsNBv78ORUqaAuNIPfMmwvE6lPcWTsmR8tYx/sB
+W4l8lqVnz3rK/qqSQG7W8uWH+NNA4vt5koytG1TjH76qbJdPHRdUCzau3RdrlxU62tylHXRu3d5
Klgglfmyet+OHLWdevVeZXddxPevvy7GbsyXKUt3uWnVRxFgxTOAbG4xp86dSlFTFvTM7ckmEtlM
4l/qzS7whwyubvd8BYSFWVjUba1e1YaqV8uhNrKY+yDP8z97ulD6dDbrfp3flaO4RC9Vepwhesqm
hRdsOa4tvaUO/b6oVTOnXZXyzgood/MzIhstzJtHpHKr9a4bvXzlPg0YsJFmzrKfJ7nft095asSb
DvLkTq6zq6O4Hf/++7WGxb2+Ka7FRcxv0XK+uvShz4sW1mVDRd++5WkaeycZxlb0kuRdL5sSuvGm
n0QJvf9NzNdFeO7Rc6XK4+xj/rxm1Kihz79XJZ+rz6OzzUkyb1owdya+6/5YPRsynjGja1OhQmmo
QsVJxrMtG4ZysHcSndasPUmt2yww7uvr8ly2b1+SUqdy15d8HXf8fYHd/0/0ZeHvKyMu2BOAsG7P
A99AAARAAARAAARAAARAAARAAARAIOwRCOPCuveEiQtkcWcuKRqLzNHixvW+Y3FgoVFZhLOwXne8
WJi2NzKJJaZyrW5c8TnRwrrZMlru+lXGp3Twnonrb8/btykyC6xv2I26uILWLrSd9UTcZ79la3Q3
jh0eg/M74+CsvAhtigW7mPeTv7MKQuB1WVevOH52BP6BVFg6utJ27PLjmzfp5xQp1Y/8PU8ctxQx
HcsE9rt4DnjKrr51kjn2r386b3Ae9bqQ0ANBEevcqu+O6102fBibTawKfIJrwkHeUfJjuwjpEqIi
oM/Yx+y2PLv3L15U7u0jcf8SsIW/2aW4s7bvnDun3i0S7iIRexJwFJCDU1h31sfgui5WqY8fv1AM
YsWKSkkSx/a3aRGk/v33oXIf7+4e3c4Ntb+FA5hB3Hbfv/+c+0eUMGFMSpokjr81iAtocSUu8dvd
3CJSWrZedTVpa/n//vP8ICtVV9sLSL4HD5+zhfZLNVcxY0axi2sckHpCUl5xn37nrie7UX+vXKnH
Y6tgxw0aVv2VdRsxYgRVLkaMyL68FziWEZH40aMXaj0kSBCDJAZ7QJK4In/5kl3sc5uxmL3j5oeA
1OUsb2BZOKvvY13XLKR+93jRfb0/ze0GlLvMq7yHxPW4tPP06WsOb/GWokePrNz7m+u2Ohex98WL
NxSNy8vfLVlL/s2VlHnHGxNlDcaJEzXAa8OqH+ZrWlgX7xwrlrUy/kaJtwL/+mauJ7jOhbu4kE+a
NLZL71uZs1ccAkHetwnix3B5TLLeb9/xpBgcuuQ5eykRN/dRo/gdokKYlSk3kXbvvkyzZjahpl+5
5v0ruNiF6HYgrIfo6UHnQAAEQAAEQAAEQAAEQAAEQAAEQCAICIQPYT1AoFhYV+6n69RRFutF27R2
qbi2nJb41U3mzvXzB1CXKkSmsEWA15W4gBdX8GXZ0r36UN8WymFrwBgNCPhPIKiFdXP8a/9bR45P
SUAs1gsUHEn37j0LccL6p+SCtkEABAJHQFvii3W5uFZ33MgVuFrDZyntrUEs7sU9vzlsRvgkEoBR
Q1gPACxkBQEQAAEQAAEQAAEQAAEQAAEQAIFQSQDCunnaxMX3vunTaT/Hm5Y4zOL2Pd+XX9IbtraM
4e5Olfr/6NuymwXT89u20c5xY+nkSpsLVHE7LtamUq7C999RvBQpzM3gPJwQeHr3nhLTI/Ja8GL3
83un2mImi8V07bFjqWDzZvjhN5ysBQzTmkBQCOti+Vy4yCjlirtQoVTsMjm2ctktcX4hrFhz/5RX
Fy85QtP/2Ke6ILHcxcX1h8RV/pRjQdsgAAIhg8C27edp7Li/aeXKE6pD4vZdrNRfvnzDbugrUYrk
fniqChlD+KS9EAv1wUO20PXrj5Rl+7z5hwz38T/1r0I9e5almGzxjuQCAQjrLkBCFhAAARAAARAA
ARAAARAAARAAARAI1QQgrJunT2Jvj8iZyy6WsL4vYuh3ly9RjPgOrm5ZWF/Upg3tYzHeMYmo03HX
TsvYyo558T3sEbh96hQNy2EfD1WPMkmOHNTz6BESF+hIIBBeCQQGqPo6AABAAElEQVSFsC5uiJu3
mEez5xw0MIrFosTQdsVdvVEIJ8FCYPSY7dS9h09M4w+NqxwsnUYjIAACIZpAm7YLecPOXss+7t7V
hYoXS2t5DxdtBGSDWvoMAw0x3cxF4rlfufyjSyECzOXC7TmE9XA79Rg4CIAACIAACIAACIAACIAA
CIBAuCEAYd1xqh/fukXP798nsTI2J4ktnjBDBvMl4/zlE096ePUKReQ8jilhxowhKlayY//w/eMR
kNje9zgu9Xs+sums0ZB8lzjz8VKmNK7hBATCI4GgENbDIzeMGQRAAARAwIeA59NXdOXKA44/HtHn
ovdZxgwJXY5H7qtwOLpw7fpDevz4JbOyZyjfM6RPCA8wrq4FCOuukkI+EAABEAABEAABEAABEAAB
EAABEAitBCCsh9aZQ79BAARAILQTgLAe2mcQ/QcBEAABEAABEDAIQFg3UOAEBEAABEAABEAABEAA
BEAABEAABMIogcAL6/RuTBhlgmGBAAiAAAiAAAiAAAiAAAiAAAiAQAAIQFgPACxkBQEQAAEQAAEQ
AAEQAAEQAAEQAIFQSQDCeqicNnQaBEAABEAABEAABEAABEAABEAg5BCAsB5y5gI9AQEQAAEQAAEQ
AAEQAAEQAAEQAIGPQwDC+sfhilpBAARAAARAAARAAARAAARAAATCDQEI6+FmqjFQEAABEAABEAAB
EAABEAABEACBcEsAwnq4nXoMHARAAARAAARAAARAAARAAARAIGgIQFgPGo6oBQRAAARAAARAAARA
AARAAARAAARCLgEI6yF3bsJOz554vqIlS45QvHjRqVbNnOTmFjHsDA4jAQEQAAEQAAEQAAEQAAEQ
AAEI61gDIAACIAACIAACIAACIAACIAACIBDWCUBYD+sz/KnH9547sGTJUWrQcAYlSRKbTp/qS+7x
YnzqbqF9EAABEAABEAABEAABEAABEAg6AhDWg44lagIBEAABEAABEAABEAABEAABEACBkEkAwnpI
mJfHT17S9z+spezZk9I3XxenCBEihIRuGX149/49jRq1nW7cfEyDB1WjaFEjG/f8OxFhfceOC1S2
3EQI6/7Bwn0QAAEQAAEQAAEQAAEQAIHQSQDCeuicN/QaBEAABEAABEAABEAABEAABEAABFwnAGHd
dVYfL+fpM7cpe44hVLNGDlq2tFWIc5X+9NkrKlJ0NN2//zxQFuenTt9WGwcSJoxFY8fUoejRXBfm
Px511AwCIAACIAACIAACIAACIAACQUQAwnoQgUQ1IAACIAACIAACIAACIAACIAACIBBiCUBYDwlT
c+78XcqSdRA1bJCP5s39iiJGDFkxyF+8fENFi42m27efBkpYDwmM0QcQAAEQAAEQAAEQAAEQAAEQ
+GgEIKx/NLSoGARAAARAAARAAARAAARAAARAAARCCIGwK6zfvPWYFiw4TFGiuFGEiBGobeuidPbc
Xdq16xI9e/aaxesIVLx4OipSOLWd63Vxe75o0RG6ceMRRY0aiTw9X1GzZoUoefK4tHHjGZo79xCd
PPUf1xuJunf7jOp/kdduLs+du0Pz5nvQho1nyd09Or17956KF0tHjRrlpcyZEtvl1V88Dl+jAgVH
UelS6bmNduTGfdNJ3MK7uVkL7Zcu36dZsw7Q6jUndXYqWTIdfd22OOVgt/JW6c5dT5o3z4MWLjpM
r1+/pUSJYlHZMhmpaNG0XM8JLpeMWjQvZDB5+/YdeT59RSVKjlUW64c9elJiLvOeOanEXY3k5uar
qTdeb+nPP/fRq1dvuS5SbQnDhg3yGnX7KsQXXr7yUuNZsfwYnb9wl8fuRqlTu1OD+nmoBlv0R4kc
ySj27Plrmj59r/ru5fWO6tXLTbv3XOHxHaJbt55Q5syJqU/vcpQ3TwqjDE5AAARAAARAAARAAARA
AARAIMgJQFgPcqSoEARAAARAAARAAARAAARAAARAAARCGIGwKayL5Dt37kFq2myuv7yrfp6NZs/+
iuK7x1B5xe15hoy/0J07T9V3EYVXrmhDixcfptlzDtnVlyRJbMOCWwT5QYM30Q8//GWXR3+RegYN
qk69e5ZVFukiPNep8wetXXdKZ7E8pkoVj44e6UXu8Wz9k0wyvkm/7aKOHZdalpG2RoyoRd26fGaI
2FJm27bzVL7CJMsy+qJ2Rx+RxfwhQzfTt9+u1bcsjyL8i9ieJ3dyu/uXrzyg9BkG2l2TjQNbt3Rw
ulFAXOJXrzGVLl26b1dOfxHe27d1oKxZkqhLJ07+R7lyD9W3LY/Sv927OlMx3jiABAIgAAIgAAIg
AAIgAAIgAAIfhQCE9Y+CFZWCAAiAAAiAAAiAAAiAAAiAAAiAQAgiEDaFdQH86rUXbdhwlmrVnmbw
VuL2r9XZkjkRrVhxzBDKs2RJRMeP9aHIkWyW1yLw3rv3jAYP3kx/rT9tlE+SODZNnlxfWV936ryM
YseOospF45jhv03eTR06LFF569fPSwN//pxSpIhL168/pgED1tOChYeV5fb48fWoQ7uSJMJ62bIT
lIW10YDFiaOwLgK59L1uvT9V7latilDvXuUoTRp3+u8/Txo1ajuNn7BTtbV4UQuqVzePyidxznPk
HKLOhcP0aY2VdfuNG9K/DbR9xwV1T4T15ctasZX/hwnrUtnBQ9foJbuRF5Z16v7hp6v7Bw+fUbbs
Q9SGBunfwgXNqUKFzGzxb9sQUL/BDNU/82YGL2Z4+MgN6t9/vTFPwqNH9zL06NELtbFCRPrGjfLT
3DlfGZsMVEX4AAEQAAEQAAEQAAEQAAEQAIGgIgBhPahIoh4QAAEQAAEQAAEQAAEQAAEQAAEQCKkE
wq6wLsRfv3lLJUuNpQMHrpEI1P/s6Uop2B25JBGo17AL9Zq1pikReumSllSndm51T9/v0mWZEqnl
e/v2JWjUyNoUlV3ASxIX6dpF+63/nlDyFP3V9d69y9OQQdXsRFyxZu/TdzVbkW8jEYaPH+tNiRLG
UvnlQ4veImpLP8zJ0RW8jnd+7Ngt+umnKtT/h8rm7GpcffutpmHDtlKGDAmU8C8u7Vu3nk8zZh7w
xUEKi8hfv/4MWrnqBGmLdT02R1fwRw734r7H9NcVvLlTMg+FCo+kbFmTWsaQl7kYNnwr9WVGceJE
o4MHulOmjInMVSi38JmzDFJzJdb43buWUfelrJ4nR/b7D1ylIkXHKA7S71gxo9rViS8gAAIgAAIg
AAIgAAIgAAIgECQEIKwHCUZUAgIgAAIgAAIgAAIgAAIgAAIgAAIhmEDYFta1CH38+H+0Y3tHKlUy
vd1ciCj7Y/919Msvm1h4LkpT2Bo9IltqS3IUbAf/WtW4pzKYPo6fuEW58wyzFM11NrHILlR4NF2+
/ID27O5CRYuk0bfo3Pm7lCXrID8tunVmnVe+t2hRmGrVzMlW4V76toopv337BbUhQFt3R47sxgLz
aDrNVuurVrah6tVyGPn1icReL1tuIhXjePBmDnJfc7x9+6nh+l6Xc+WoyzsT1mXjgQj/MzlevLjL
78ubExyTzIf2CmAW//U8TZi4y5dLenHrL+O+f/95oPrt2Ad8BwEQAAEQAAEQAAEQAAEQAAFLAhDW
LbHgIgiAAAiAAAiAAAiAAAiAAAiAAAiEIQLhQ1h/+PAFnTzRl2LHsrdYFlF2FVtp164z3Zeltl+C
rXkBSL558w7RV03n+CmMi8ibJ+9wJawfOdyTcufyiUmuxXLthl2L++Z29LnOq7/7ddTCuriqL1ps
NMkGA8e2/Sqv72lh/GMJ61oAP336jrJWz58vpW7aOArnGTP2UysW4MXd+9TfG6iNDuZ52r+vGxUs
kMoo86H9NirCCQiAAAiAAAiAAAiAAAiAAAj4RQDCul90cA8EQAAEQAAEQAAEQAAEQAAEQAAEwgKB
8CGsX7nykE4c70OpUsazmzSzKG62gpZMfgm2dpXwF7PLcYnVHp2FbMckIm/BQiPZavwOOQrAWixv
2CCfpat0c10S/z17jiGG+/qUPKZ376S3vpO4Vc+aJTE9e/7a22Ldd9u+S/m+8qECtS7vl8V6A46h
vmz5MZo/r5naoODYCxnh4sVHqGGjmXabIPyaJ92ufxsCxN39lasPVJPp0sZ36pnAsU/4DgIgAAIg
AAIgAAIgAAIgAAKKAIR1LAQQAAEQAAEQAAEQAAEQAAEQAAEQCOsEwoewLvHIe/QoS8OH1rCLfa7d
s1+6dJ9+/LEyDehfxZhwvwRbI5P3yfkLd0nH/165og3VqG7val3q0pbxEjP9zOm+lDlTYqMaLayX
LpWetmxpT5Hc3Ix7cvL6jRdFiWyL7S7x3PPmG0537z6jzZvaUbmymezy6i9S5vXrtyquuDnWvNna
W+eV4xPPV/Tbb7vYnX0catG8kPkWaYtycakuscqTcpx4cxJh+j3/59hvnUcL3M6Edc16/ISdlCVL
Ijp2tLcxXnMdn5UZTwcOXKNOHUvS2DF11VzqsuIK3nHDgm7XL2Fdxlau/ERVr7Ql7R862JNixoii
m8YRBEAABEAABEAABEAABEAABPwmAGHdbz64CwIgAAIgAAIgAAIgAAIgAAIgAAKhn0D4EdZlrjqy
INu9WxmKGyc6nTl7m5o2m0siqovYffxYb8qRPama0ucvXqtr1atPpW0cr1zisxcpkprevHmn7seI
HtlOoJcY4S1azKXZcw7xdaJlS1up2OdSrwi/q1efpFq1p6myjRvlpzmzm9hZRV++8oDSZxio6tRi
+atXXnT6zB2aMnUPC967qVevcjRsSA3Dkl5EaLFIX7K4BVUon9noz8VL91Ss8oEDN6qY76dP9aV4
8WIYwr50olevstSvbwVy5+vSzr79V6k+W4zfufOUcuRISkdZPHdzs8Wal/xamD948BqNHFmLunQq
TTxkuspW3ouWHKV+/dYoQVpE92hRbdb6wlDySHrJ1vqlPxtPGTMkpPnzmxnX3dwiGPk9Dl+jAgVH
qfz16+elCePrUeJEsdT3m7ce88aIlbRg4WE1zsMePSlPbpsr/Tdeb6lx41ls7X5czVOpkulVGfnQ
ceNlQ8DBAz0oZYq4xj19ojc16O8yZ44Cvb6HIwiAAAiAAAiAAAiAAAiAAAhYEoCwbokFF0EABEAA
BEAABEAABEAABEAABEAgDBEIX8K61cSJED5zRhNq+lVBJVpv3nyWKlWebJXVuGYljouIW6z4WCXU
S8bYsaNSpkyJ6Pr1R0qwlmupUsVj0ba7L4tvEeZFHF7Ers4lSVlPtiDXSfr4yy/V6FsWwyX5bisa
fV4lK23fccFoS/KVLJGONm5sp1zTSxs9e62i0aO3yy2VcudORmLNr5O0s3pVW6pWNbu+pI6ij+v4
5nY3TF/M1vaOYrUpm92piNg65ru0Mfn33dS+/RIjT/78tljrHh7X1TXp38SJX1C7/5VQ3/WGBKMA
n7RuXZSmTmlot5FA7kvZGX82oWZNC5qzk2NfpU9m4d4uM76AAAiAAAiAAAiAAAiAAAiAgBUBCOtW
VHANBEAABEAABEAABEAABEAABEAABMISgfAhrD98+II2/PUNbdpyjn79daMhPosI27VLacqZI5ma
VBF3d7A4XbbcRPVdhF0t6ppnXVyRjxldx87qXO5LLPOJk3ZRnz6rzdmVqDt4cHV2YV6KYkS3djEu
bunFKnvGzAN2ZTt3LsWifyEqWCCV3XVx3T5m7Hbq33+93XX50oit4lu3KqzcxEeM6GN5LuNbs+Yk
tWm7wGCgC/fpU57atytBqVO560t2RxHmR47aTr17r7K7Xq9ebm6rKFWokJkiR7K5sLcSvO0KeX8R
i/uDB7pTpoyJjNsHD11ji/pVapOAcZFPKlfOSgN//pwKFUxtXL7GmxYkbr1Y2uvUu3d5GsKs1607
RdVrTNWX1RysWtmGqlezd9P/ki32O3VeRtOm/aPydu5USlnlO3Nrb1SIExAAARAAARAAARAAARAA
ARDQBCCsaxI4ggAIgAAIgAAIgAAIgAAIgAAIgEBYJRC2hXWJn12i5FiSGNvnzn5LcWJHUxPpxe7D
xTLZ7O48KGf41WsvunfvmVFlggQxDJfnxkUnJ+JC/eVLLxbtI1CsWFGcxi3XxSW/bByIFSuqcrke
N240f9uSmOi373hSDI4j/pw3AyRIEJOiRrHFcNf1OjtK7PZnz2xu3mPEiOxvW87q8e/6g4fP2Wr/
pZqnmDGjUIL4Mf0r8kH3n3BbinnMqB9UDwqDAAiAAAiAAAiAAAiAAAiEQwIQ1sPhpGPIIAACIAAC
IAACIAACIAACIAAC4YxA2BbWJTZ4ocIjlbB+6eL3Tq3Fw9mkY7ggAAIgAAIgAAIgAAIgAAIgAAJB
SQDCelDSRF0gAAIgAAIgAAIgAAIgAAIgAAIgEBIJhF1h/fyFuzRq9A6aPHm3At+gQV5Kniyuctfe
vFkhKlE8XUicEPQJBEAABEAABEAABEAABEAABEAgtBGAsB7aZgz9BQEQAAEQAAEQAAEQAAEQAAEQ
AIGAEgibwrrEEp8//xA1+WqOLyDsAZ4GDqxK3/Wr6OseLoAACIAACIAACIAACIAACIAACIBAgAlA
WA8wMhQAARAAARAAARAAARAAARAAARAAgVBGIGwK6zIJEkf93Pm7Km62eVK8vN5RmjTxKTbHJEcC
ARAAARAAARAAARAAARAAARAAgQ8mAGH9gxGiAhAAARAAARAAARAAARAAARAAARAI4QTCrrAewsGj
eyAAAiAAAiAAAiAAAiAAAiAAAmGFQHgR1h88eCAe4pBAAARAAARAAARAAARAAARAAARAIFwScHd3
D5fjxqBBAARAAARAAARAAARAAARAAARAAARcJxABwrrrsJATBEAABEAABEAABEAABEAABEAg7BGA
sB725hQjAgEQAAEQAAEQAAEQAAEQAAEQAIGgJgBhPaiJoj4QAAEQAAEQAAEQAAEQAAEQAIFQRQDC
eqiaLnQWBEAABEAABEAABEAABEAABEAABD4JAQjrnwQ7GgUBEAABEAABEAABEAABEAABEAgpBCCs
h5SZQD9AAARAAARAAARAAARAAARAAARAIOQSgLAecucGPQMBEAABEAABEAABEAABEAABEAgGAhDW
gwEymgABEAABEAABEAABEAABEAABEACBUE4Awnoon0B0HwRAAARAAARAAARAAARAAARA4MMIQFj/
MH4oDQIgAAIgAAIgAAIgAAIgAAIgAALhgQCE9fAwyxgjCIAACIAACIAACIAACIAACICAUwIQ1p2i
wQ0QAAEQAAEQAAEQAAEQAAEQAAEQAAFvAhDWsRRAAARAAARAAARAAARAAARAAATCNQEI6+F6+jF4
EAABEAABEAABEAABEAABEAABEHCJAIR1lzAhEwiAAAiAAAiAAAiAAAiAAAiAQFglAGE9rM4sxgUC
IAACIAACIAACIAACIAACIAACQUcAwnrQsURNIAACIAACIAACIAACIAACIAACoZAAhPVQOGnoMgiA
AAiAAAiAAAiAAAiAAAiAAAgEMwEI68EMHM2BAAiAAAiAAAiAAAiAAAiAAAiELAIQ1kPWfKA3IAAC
IAACIAACIAACIAACIAACIBASCUBYD4mzgj6BAAiAAAiAAAiAAAiAAAiAAAgEGwEI68GGGg2BAAiA
AAiAAAiAAAiAAAiAAAiAQKglAGE91E4dOg4CIAACIAACIAACIAACIAACIBAUBCCsBwVF1AECIAAC
IAACIAACIAACIAACIAACYZsAhPWwPb8YHQiAAAiAAAiAAAiAAAiAAAiAgD8EIKz7Awi3QQAEQAAE
QAAEQAAEQAAEQAAEQAAECMI6FgEIgAAIgAAIgAAIgAAIgAAIgEC4JgBhPVxPPwYPAiAAAiAAAiAA
AiAAAiAAAiAAAi4RgLDuEiZkAgEQAAEQAAEQAAEQAAEQAAEQCKsEIKyH1ZnFuEAABEAABEAABEAA
BEAABEAABEAg6AhAWA86lqgJBEAABEAABEAABEAABEAABEAgFBKAsB4KJw1dBgEQAAEQAAEQAAEQ
AAEQAAEQAIFgJgBhPZiBozkQAAEQAAEQAAEQAAEQAAEQAIGQRQDCesiaD/QGBEAABEAABEAABEAA
BEAABEAABEIiAQjrIXFW0CcQAAEQAAEQAAEQAAEQAAEQAIFgIwBhPdhQoyEQAAEQAAEQAAEQAAEQ
AAEQAAEQCLUEIKyH2qlDx0EABEAABEAABEAABEAABEAABIKCAIT1oKCIOkAABEAABEAABEAABEAA
BEAABEAgbBOAsB625xejAwEQAAEQAAEQAAEQAAEQAAEQ8IcAhHV/AOE2CIAACIAACIAACIAACIAA
CIAACIAAQVjHIgABEAABEAABEAABEAABEAABEAjXBCCsh+vpx+BBAARAAARAAARAAARAAARAAARA
wCUCENZdwoRMIAACIAACIAACIAACIAACIAACYZUAhPWwOrMYFwiAAAiAAAiAAAiAAAiAAAiAAAgE
HQEI60HHEjWBAAiAAAiAAAiAAAiAAAiAAAiEQgIQ1kPhpKHLIAACIAACIAACIAACIAACIAACIBDM
BCCsBzNwNAcCIAACIAACIAACIAACIAACIBCyCEBYD1nzgd6AAAiAAAiAAAiAAAiAAAiAAAiAQEgk
AGE9JM4K+gQCIAACIAACIAACIAACIAACIBBsBCCsBxtqNAQCIAACIAACIAACIAACIAACIAACoZYA
hPVQO3XoOAiAAAiAAAiAAAiAAAiAAAiAQFAQgLAeFBRRBwiAAAiAAAiAAAiAAAiAAAiAAAiEbQIQ
1sP2/GJ0IAACIAACIAACIAACIAACIAAC/hCAsO4PINwGARAAARAAARAAARAAARAAARAAARAgCOtY
BCAAAiAAAiAAAiAAAiAAAiAAAuGaAIT1cD39GDwIgAAIgAAIgAAIgAAIgAAIgAAIuEQAwrpLmJAJ
BEAABEAABEAABEAABEAABEAgrBKAsB5WZxbjAgEQAAEQAAEQAAEQAAEQAAEQAIGgIwBhPehYoqZP
ROD9+/e0du1aevr0KVWuXJnwo1jAJ+Lq1au0Y8cOypQpExUrVizgFaAECIAACIAACIAACIAACIRi
Avh/iFA8eeh6kBCQ/69esWIFeXp6UvXq1Sl+/PhBUm94quTy5cu0efNmypo1K5UqVSo8DR1jBQEQ
AAEQAAEQAAEQAIFwQyDC4cOH3798+ZIiRIhgOejIkSNTunTpLO/hIgiEBAKXLl2iggULqq5s2LCB
ChUq5HK3vLy8qE+fPnTjxg2KESMGybMwZcoUihUrlst1hIWMffv2VeMWUX3VqlXk5uYWFoaFMYAA
CIAACIAACIAACICASwQ+VFgXQc2//6/OkCGDS31BJhD4FATOnz9PmTNnVr8N7dmzh4oWLepyN7ze
eFGnzp3o2rVrFDNmTPUszJ07N3z9f/V7os5dOtP48eOpdOnStHXrVvx/tcsrCBlBAARAAARAAAT+
396ZAMlVVX/4abGpKJQixi2mULRQUSMllojlShBccMENoiwhAUJCIqAIsoQggkIiWETEaBKIpaCi
JbHc0IISLHFBg+JaaoEii7K4W4DCf777n9PcfvNe9+uemaR75rtVme5+fd+99333TmrO/Z1zrgQk
IIHhIfCQWbNmPXDjjTfWjngYhTZE0o0bNxZbbLFF7XMhor74xS8uHvrQh6Y6CKzf/e53i//85z9t
TgYzZswonvvc545p569//Wvxgx/8oMCrm3vxSI6Nkn//+9+prfvvv791Hw4KL33pS5Nh1WtfrUbG
8ebvf/978ZWvfKW46qqrCt4//vGPTwL0dtttV1x//fXF3Llzi5kzZ46jh8136+23317ssssuaQDf
/va3i9mzZzcezL/+9a/kSR6/A4997GOL73//+8X222/fuI1BqMicnnHGGcUznvGM4pBDDmlbw03G
d+655xbLly8vXv3qVxfr1693A6AJNOtIQAISkIAEJCABCUwZAuMR1rEhn/3sZxc4/NaVYRTabr75
5uJHP/pRR7saERU7N7eryYSFTZw77z/hCU8onv/854/Bc/fddxeIuGFXP+tZz0pZtKhIG9ivuV29
1VZbFa985StbdnUvfY3pvI8L2F1f/OIXiyuuuKL429/+VjzxiU9MGb+wH6+77rpi3rx5xcgeSx8t
b/5bbr311oJ5Yt7Y6wjn9SYjI3sc+ybxO/C4xz2u+OUvfzl02eSY05NOOql45jOfWRxxxBFta7gJ
hzPPPLM48cQTi9e//vVpneiw3oSadSQgAQlIQAISkIAEJDBcBAhTH/GrLYr99tuvZTQQrUvk71/+
8pehFNrwjF68eHHXmfjd737XMvR+/etfV6bAfuQjH5k2ExBc81LuIxdkf/WrXxV77LFHXj29j/56
7WtMQz1eQCjeZ599Ot714Q9/uDjssMM61hnUL9ncwPi94447CgzZpzzlKT0NFSeJ2267Lc1ZPo89
NbKZK//mN79JEQX9CuOk0r/ooouKl7/85X1tIGzmx7d7CUhAAhKQgAQkIAEJjIvAeIR1otV32mmn
1P9b3vKWll2NLblhw4biz3/+81AKbWvWrElCcSewiLDYYZE2/Be/+EWBOF4uj3rUowoionfccce2
r8p95ILsDTfcUOy6665t9fP+eu2rraE+PlxzzTUd03szNqKVjzrqqD5a3/y3ICofc8wxaT5xvO41
cyFOEgQ5MGf5PG7+J2s+ApwBENX7FcZJpU8GvDlz5hRLlixp/V/QfATWlIAEJCABCUhAAhKQgAQG
ncBDXvWqVz2w//77F29961vbxvq1r32tOPDAA4vzzjuveOc739n23aB/QMAOr3cixT/72c8WGMF4
XCMek6IPgx5jJ/esJwX2vffeW3zmM59J9eM5P/axjxVvf/vb42N6xWCkTQR2Ir632Wab4vDDD0+G
KEIv0eF42J999tmp/gc/+MHiDW94Q8uzvpe+2jru8UMuqhMhwHjY9MEb/UMf+lDx5S9/ObU4zMJ6
j0gqq993333FK17xirTpNYwR66x5UuCzxj75yU+21nXlw3pRAhKQgAQkIAEJSEACEmgjMB5hnSxY
COoHHHBAygSWN4y99cY3vrFY/YnVxbzD5uVfDfx7hHAiwokm32rLrYp1F61LEeSkCEc8JlKfDG+v
ec1rWvYH2dm+8IUvFPfec2+xdt3aVJ8HRXRet25d8a53vavtuUkdftWVVxVr1q5JEd8Pe9jDkiBJ
1G9EhxMNffrpp6c2PvKRj6S9CyKBe+2rreMeP+Si+u67716sWrWqeNrTnlYQ1U/mr89//vNpfMMs
rPeIpLI6+ynYpWSVG8aIdRzWyQL3tre9Le0LxX5R5cN6UQISkIAEJCABCUhAAhKYlgQectddd6WI
9fzpSbWGQIfx+MMf/rCV4jyvM0zv4/xoxHZStncq+bMTxc9GCAYzaeIR6csl2uY6EQmcoxUp4UOs
xTBbvXr1GG/lXvsq993tMxs8RDD//Oc/T/OJ53SeHh8Hg7322it9X+VAceedd6bn/9a3vpUcDojs
xjnhTW96U8FmQl6uvfbaFNnPNRgTNY7ASwo5Nj1w3DjooIOKrbfeOr8tvb/nnnuKb37zmymag80b
6pNK8XnPe15B3wjehx566Jj7uIf6pAOkwJt6ODl0KmQUiLT/3ItHPf2x4cXGTpWwjvf+l770pWRc
0w+FecbphNSHeWHjibo4L9A+G0EY5qTVI1U9G02MgfW0cOHCNDdxP5tDbF5dNZLykHFEXzDAKYQU
/lXlpz/9afGyl70sZV0gNWGeco5NrPxz3M/8Xnrppa11zTwwr+W5jfrx2su6uOmmm9K8Mu/8frzk
JS9Jz0+EPM9GZoelS5cW5YwQ0Rf//zBG0ipSiJqgDaJTuP+cc85pW9Nxn68SkIAEJCABCUhAAhLo
hcB4hPW6fv73v/8VI47s6e97spbtvPPOdVUH//rIrgHnR59//vkFkeRE9XYq8ezYNTgdIDxjF//s
Zz9r2R+t+0fbRpSmEN1OCvrgFWItkfA4tmPf5KWnvvIbG77HnuMYOWwu7LpPf/rTbTYIDgY4G/Bs
VQ4URPTz/AQv8CwjezCpPs775Ux37MFgW1N4XpziYc5eBjYd9ueCBQtq7WrsrMsuuyzZm9THpt5t
t91S33vvvXdx5JFHjnlq7sE+DVsdO4t63exqbDLml4AC7qUv0sGz5v/whz9UCuvsKWDf4WQBCwrn
umPrkuI/L9jV1CWogfb/8Y9/JMcM0u+TYZG1wF4HNjeR9qyzKNjV7CXwD9s/+oLBokWLkm0edfPX
H//4x4kXRzew35Db0XV2NfN78cUXt/Yl2GdhXstzm/fD+17WBVkxmFfmhN8PMs0REEKEPM/GeE84
4YQxGSGiT9YUY2SPgcIeF22wZplvgknyvaK4z1cJSEACEpCABCQgAQlIYCyBSmE9ol9f+MIXJlFs
2P/ADvG7yfnbGBYIpQjSH//4xwsMLzZB6u6NtgMtojMCNp7NIVyzIVAVRdxrX9FH01eMSARtBE0M
cQzQclm7dm1x7LHHJkM/N2QxIstR+vm9OB0gxmPUYfBixOJU0KnAFGMuX08YcaRZCwOv6v6q9Obc
h/HI3ETplsYd4ZhoggsuuCBuGfNa1QZj65RKHxZsdnC+IAWHBrIDcJRCFIxenDTYGMhLuT+M4Qsv
vDCv0npfnkc2C+bOnZsM/lalijcI+mzQlM+N/+pXvzomoqZb5oJe1gVDKR+ZUDG8JKqz2bHDDju0
fU00CpEpdaXMrq6e1yUgAQlIQAISkIAEJNCNwGQI6xH9uueeexZXXnllmx3UbTwD930mrDc5f/sn
P/lJsomw9ThyCmGaCObKe0vCOs/+jne8IwnY2NUhXO+yyy6VUcQ99dUHWOwmovKxfXEqePKTnzym
FWxMovipi/0ahUx2r3vd6+LjmFfsdfYPtttuu3SW/L777ptE4zEVswswRWTN7WrEVZyxsavqSlV6
c+6bPXt2clyO+7qlcWefg4wC2Gt1paqNPOq/6j5YcDRA2NU4NODMzlEKFIRtbGqcFNavX9/WRFt/
I+tpydIlxUc/+tG2OvGhPI/sLeBkj4NBp8K8k62w/H8F4jb3R2Gc3TIXdFsX7K8QnMG6oLBvUxVs
EH3ySlZG1id2cl7i3Pf8Wv6e+3CsKD9XXsf3EpCABCQgAQlIQAISkMCDBCqFdQRlDKVuItuDzQz2
uxC/68TxfPSkR+ffpz71qWQccbYYYuz8+fPT9bwu76NtjDsMFjycMZLwTu4mrPfaV7nvbp9PO+20
JH4jviKClz37uR+P8SuuuCKla5s1a1ZqkuhgItkpiLIYt2xiYNjynMuWLUvf5YI3Z5RfffXVKR0+
XyIC4/VMNPjnPve5glT4lO985zspOjx9GPkBLzza6Yd6RD4ggLMhwBEFlLyfdGH0Bw4gt9xyS/IM
j5SCiOBlAZnqiP/vfe9707zymYwMpGokWuDkk09uieBlsfb3v/99itLnHsRynoMxsgHBZsbxxx/P
V2l9nHXWWS3GCP6cMbdy5crkJZ8qjfygfa5hvHMvmwY8KykPKTFnRx99dHJsIEKdDTnmEKH+Ax/4
QIpypy7COps0nZwSqFcnrMOZSBA2ZGiDee30O9/PuiB9I3NMBMGNN97IcNIzsDHFpsTBBx+crpUz
JrAucezhmTnKgU0i1u9vf/vbxJrIhPJcpYb8IQEJSEACEpCABCQggT4ITIaohC3J38HdRLY+hrvp
b+lFWB+pi22x/PTl6W95orxD3Fu8ePFYwTNrG2H6lFNOSXYK0dA4U3cU1nvtq1dyI+2/74T3pb0A
oqoRwavsamw/xv6iF70oRZnTDTYWkewURNlLLrkk2cdEXiMMs5dAyQVvsp6xbxHH8SEC45hANDj3
wIb+cSYgOjwKDgvYT/SDQIwdjr0HwxD6837iPl7JAkdKezKqvfnNb07t16Vxf+D+B4pFixclW597
EcOx6Yi+Pu6441oieJvQPdoHkekUMqQhyj/nOc9JY8QJHfuXwvrI9y4YBxnTsMOJ+I9C++xbYZdz
D/sPBC4kuzqbM/YA2CsgyIAIewRwbMwVK1YU7373u1Nz2OZEb3dySqBinbAOZyLCsatxHsBZvtPv
fKd1QTaE2GPA1icTHlHz2NXMMccPskdBYV+BfQ3s7dg7QYxnnUZhXZJREOeEDRs2pMAR1g97DDiv
kIVBYT1o+SoBCUhAAhKQgAQkIIFmBMYI6yEGI1zxhzspooa9hPjdTVjHWCGdNhHHGFVE0IawioiH
KIwBl5dom4hwxGUi1meNCNQYVqR6R6Cuiljvp6+83ybv3/Oe9yQhuSxadro3T09P2nfSim+77bZt
t7BhgNBLwWhn84BCujcMfozaPCU+ojYbA9xH5D6MopAWnVR2GPsYkfkZZqR8Q1Ala0BuXMe9+SuC
NAY5RmqVsJ6LwkQTsLkThdR1eH8TjV0Wa2N+58yZkzYyyscBYNwfeOCBqamqYxPifirMmzcvicqR
Yo+UhXlquRgPr3zHOoQdmylkH2DMdU4GCPnMA9+TFSAvGM51/US9mLs6YX0864KNCuaR/1PYFMoj
NojOZ+Oh7PyBoc8mFPMBVxhEoT3WE3X4nSyvz6jnqwQkIAEJSEACEpCABJoSmGhhPcRgxD6iQUNU
bDqegauXid+VUefZgDlGC6dk7Bmen7/pEW9hgD29cePGdDZ765asberjPI39RbQyYii2EbZBVcR6
z321Om34ZmRsRy06KmU9q0rzXtdKnp4eOw1bs2y3RKQz9hrHgXHkFYW036SAxwbKU+Jjk2FLX375
5cn2zTPMkSkMmwrxHDE2t6s57gzbnu/qHANSx6OCNGna64T1EIUZM7ZdOABwP/ONzcoeQZuwPjq/
iM2vfe1r0x5D2a4mEh2RmHaxbeMYgBgXxxBwP4XMAAjjvdjVsCP6mz0JxlDnZMB6IwU/3+NIn5cm
djVzx7qtE9abrItgQd/Yu7EusIOZR8RwxpbvqxCdv2TJkrTnkB9DyP89/N4gnvM7WLarcTRgrnF6
L6/P/Nl9LwEJSEACEpCABCQgAQk8SGCMsB4RxFMlDTyPGuJmN2E9Uqdj+BIlG4XoWkRBIrBz47Xc
NqJyCMiIt3gNk/YPQ6acCr6fvmI8TV/juXsR1kPwJ7o4Iu/L/eVCeR5BHUcIYBCXnzcE9LJwixFH
WkAKHvcIwzNmzEgbAZzTjnMDHtb5xkB5PHzmWdlAqBPWo3/GhqFZFprZvOGc9VxYz51MiPrmPG9E
+ChsBrBJcdJJJ6VLVesr5gAPfKILuj0HEdmIzWRMqCpVbKnXiX1VO+VrcX95fqLeeNZFcMRLviyS
h4BedhhgU4YNBNYhjhpsEnG+OufnsSlAJD8bcxHpH+P0VQISkIAEJCABCUhAAv0QmGhhPSKIp0Qa
eIBm4nc3YR3xEhuaaHOiZLEf+ceRawjnCLeRcSzNValtRPkQkBFviazFViQKG2fq3Kbqua9eF0c2
tl6E9RD8EVqJGodFueRCeR5BjY3EefSI1OXnRUBnz6Es3MKVCHAK/BCGsZlghUiPnYtgnLMrjyfm
mExydcJ6CPiMjfdlu5rIdyK7c2E9nEwQhPlu1apVSYSP/rHxsPs4og7xesz6yoR5ormJXu/4HCMN
w5B9EPZwqkoVW+p1Yl/VTvka97N/UZ6fqNdkXfC7guCNwE5UekTWY1ezT0dAR1kkDwE9j3KnT+xq
1gUBI9jVOPsTPANz9l2I5Ge/Srs6ZshXCUhAAhKQgAQkIAEJdCcwRliPVNR1Alv3JgevRoibVcJn
jBbj5ZBDDkne33Gt/IoBQiR77l1dbjuEYoRYhGnScM2cObNNaO63r/J4On2mDzyWiQJH1CUVX5OC
IRiRwnUidT7+3NkgxFlE0nL0OUYhfMvrirZIic/1uoLxTPR9J+O5m7Ae0fukfQ/DNO8vF3/jublG
Srj8HPf8nvL7b3zjGymlfn491kc5BX5eJ96z0UDGhChsvrD5AVciHChVbLneiT3fdytxf3l+4r7x
rIsqttFu9Fv1XGySRWaEqJ+/1mVUyOv4XgISkIAEJCABCUhAAk0ITKiwPiIEkj6cv63rBLYmYxqo
OpnAPEb4zAaKWEx68HK0b1YlicYIwS27uqLtEIoRYjmfHnEdgTgXmvvqKx9Ig/ekPp+/YH5yfMYu
5fivJoV9AY4QywXm8n0xfrLE5c4GIe4ijpejzzmaDVG4vK4YJzY/6ffryrJTlxUnn3JyvV09Og+1
wvrI9xG9f8YZZ6TMY+W+QkS//fbbW+I817DdiAbvVhDWyQYYKfRT/Wx9lFPgV7VHsMhuu+3W+ors
aYjLiNFxjnoVW27oxL7VYIc33N9JWG+yLtgj4Yx1fodwLAknlFxYL5+JHhkhENbJhJDvneQR8FVD
hzXHAxqxXkXHaxKQgAQkIAEJSEACEhhLoE1Y51xjjA68hTFmMAi6FVJZkUaaQoRx/gd8t3s31fch
bnYS1iMVNmPab7/9kqd0Pj6MEwoCJ0ZhlKq2wzkBYw2xlEj2PIK7376iz6avGOec6ZdHYXe7N18D
bJjUHQUQQnUuxHYSSeuEdcZDNDTRzBjAvMY1jEjOP6N0mju+7yasx5xwxhp1ywVPbs5658z1ENbj
GsI6Uel8zxluVQWPbzy9W5tDo5Wq1kfV/VwLpqw/vPCJMIgSDhtVAjR1gn1dRHu0U/ca9+fzmdcd
z7roV1jn7EH+sXly0003paMV2JThmAHmiFI33nzsvpeABCQgAQlIQAISkEA3AhMprGNTvOAFL0gp
vW+44YYksHbrH7saO5xCpqaBs6szcbOTsB5pzHkOxEGE0rwg2nLte9/7Xoq+Td9VtT1yLc4259xv
bAKY5sJ6X33lg2n4nrO8jzzyyI4iebmpfA3UHgUw8owhVOdCeSdxt05Yp3+ioRG0mR+imuMa6d+x
syujwVOt0R+j89BJWI85OfWUU4tlpy3L707v//nPf6Z55Vx0bFh+r+Ian8l4t88++3S0q8kk12ZX
V62PMT2PXhhlSgAADh6c5U7QQ5Rw2OgmrNdFtEc7da/dhPVG62KkcdLd8wznn39+ek9//Qrr2NTs
uZA9jsh1HDqwqwkMiHPl837qns3rEpCABCQgAQlIQAISkMD/E2gT1vFSxYBATEVY32KLLTpyQnhE
BEQQpXAf3uSPeMQjOt63qb9sIm6GCI2AihhdLkRV82/+/PnpNb6vahsjco899miJwmWxs9++os+m
rxh14eldF6n93//+NzkLIOLOnj07GWsRpV0X6Z47BvAsGKWUEGfLz8t3dcJ6nFGO40I5PR6GI+ef
sb7GK6xH/zgZIMyS8iwvbB4cccQRbU4IGJw8yzXXXJPSuC9dujS/pe09hmp+Xll8WbU+4rv8NRfx
iVjII9ept2bNmuK4445L48mdNKKNYM8xBjxr+XcXhwDE/7oS99cJ1cxFv+uiibBeXjOxxnA24Az2
cglHibrxluv7WQISkIAEJCABCUhAAp0ITKSwTlQsdgzpvBHWy3+bl8eB8IiDO8IXhfuuu+66wbKr
G4qbiNALFy5MAuqJJ57Y/qgjbRBVfdry04rFixcXnAudSk3bOFkjsobzdVns7Kuv9hE1+hRRxgjT
dZHa2NXMO3Ymjvh5lHZdpHs4BtAugjkOBJQQ1svPy3d1wjo2IOnDOXKOtZQXxkIafs5r7+QU0SQV
PP0jWBOJz3olo0Be1q9fnyKs80j9OFecc+RxIMdGris4B3AWelupWR9tdUY/5CI+QRE4x+cFsRrR
uoot9YI9exPsQZR/d7vZ1d2E9SbrAgcbnGsoHGkX66KJsM7ccKxhOOZEW+wHLV8+NpsBc8E+l8J6
wu0PCUhAAhKQgAQkIAEJNCLQEtbz9N5NxaoQ4/Keugmged3JfM9Z2DwTZ35xLjqpuDF0SQnGdQyk
OA8MUTTOUafO7rvv3vqOMWIks7GBZzXCLCmqn/rUp6Z2EDvXrl3bajvESzzpFy1alOrTZ6RG77ev
flmFsMv9bF4gDrNphJB7/fXXp3PMiMhm8wYBGSaRPp57OBf88MMPb525xVnznOmGgYbnN/dsv/32
VE2M9tprr5SuHCZbb711us6PSy+9NHn546GOtz+bB5QQvDnvCyMd9lH+9Kc/FaQyo6/yusKgve++
+1JV5pJNG1LvI5rzfMwxJZw8QqjlGnPI/HBOH+sEUT9E87LwHuPjvrPPPrs44IADWizuuOOONO+R
Wp5NDM6zo9Auxmx57cWYH/7wh7cYUD8X8YmqZzMKof7WW29N7MIIJmIdYZ3785I/Xzgp3HPPPSnd
HZH/nNnO/CNIR2ENUJhzfpc505z5WbBgQcG9FOYwNhP6XRdwmjNnTlpzZacG1iCCPc+Vr5n8/xY2
P/bff//WOGB76KGHJoeQpv9XpYfxhwQkIAEJSEACEpCABGoITJSwnqf3zqOQa7pNl0PMizpdI4uj
4iZ4Dbsa2wZnARzpEUg567lsV5PlKs5Rpw7O5mFzM1Ts6muvvTbZHQivV199dbHzzjsXpDFfeNTC
4sILL2y1HXY1NgJ/+++4447JaTxSo/fbV1/IRoVd5pOC8y929qMf/ehk4yBYY7+R6pyjvLBxeG5s
MI6GYz4RlDmqLc6ypg7nyBNBjDjN51iDZOfCQR4HdhzAc7v64osvLg4++ODinHPOSUechV0dgjc2
JM7rsI+CrYjNhZBfFtZzu5oxY9vCGNH8MY95zBi7OpwBaJs5vPzyy5MNzDq55JJL0t5BfAeXJz3p
SWkYMT7Gi4jLMXHBAgcKnMtxdOd7np/sBBTa5Vp57dXZ1SHiXzVyrj1R9ccce0yyq2+55ZaUVj2c
PWCLAF22q+P56DOcFLCNyTpA5D+2KfY6YnSU3K5mb4WAhRUrViT7u8qu7rQuyHiIgwTrAnZ8jnUB
J9YFzgPsTwVbxhHp79k/gXWsmUgRTx32BdjPCPsetgjx7IEprEPIIgEJSEACEpCABCQggWYEWsI6
Iuauu+6a7mqaBj4Xv6K7JmdJR93JesUwQPytKxi7eL1jsG3cuDEZtOW6GJKI53mkbl7nggsuSMYH
QnNeQujjvoi2jmhc2GA8l0u3vhBSq+4rt1P1GWMpRMiq7+MantDh2c6GByIsYngURGgKBn+U/Ezx
iCCO73hlHcGQdnNOCPKk/kNMz4Vr7mFuEOfvvvvuZPhxbdasWSlFWRjedXNC3XLB8EXcpoS4X66T
f0ZYx2A977zz0hpiYwyP9pwFWRr4fWGjIArPwuYRY8WI7zZffI9hHp7ktBOZDKLNTq+xzqIOm1rz
5s1LTgJcYzykfMtLno2hzD2vl7/P56qfdRFZMPI2V69enbzuq9YMm2txrnxspnAvz8O5imz28LsX
hY2huuMKoo6vEpCABCQgAQlIQAIS6EYgxKtu9bp9/8c//rGYOXNmEgObpoGvEtabnCXdbSzj/R6B
tZNdw7nVcZY2thHOtHlBnERoRDzPI3WjDt+vW7uuWLFyRRIQ8+vhlBDR1tjMEWWM03U/feFcHbZh
9NX0FfGU/tlrqCs8z9e//vXW2BB/sdGI4o4SjtiR9Y97sJtTprkRAT9SrUd9vmcdYfNgHyG0RkGQ
x87GVgrhOr5jbvbdd9901Bl2JwXbnFToYVdXzUncn7+meRrJVBdnfSPuH3TQQXmVMe9xhMCuXv2J
1cW8w+YVCN6I6TkLjgrg9wVniyg4BrD2d9ppp3Tud3meo168YiNGEENci9T98bnuleeKdRZ1sP9p
E4cGStmu5h6c0UOgL3OPdsqv+Vw1WRfcz55JZCAkuINgkLywnhlrRJ3n37FvE+fKP/3pT299xfPg
mIG4Tpr8KPye5vXiuq8SkIAEJCABCUhAAhKQwFgCLWE9hLamaeBpCu9b0pphWFGIdMXICA/YdHEz
/KgS88rDID0bz0xat3J6MMRV0oZxZnwukOdt8MyrVq1qnfUc3+UiOKIfkbik58aTG+Omn77wpN57
772ji55fEV1pgwj6cmHO8JzPz/OOOhs2bEjpxzGI84JBzbzn96xcuTLNfdSDIcYfm0pE+sfGAd8T
3YBHOgZ9zBUG3jbbbNNKnx/tVPVVNydxT/6KVzZe21FwbiCdf/5MCP9EHbz//e9vjTOfR/ixqUS0
Qbng+Y/XN84AkQqec8qiTxwScmeEuJ8xnHnmmW3COv2wpsgSkBfmh40LPOPxmqewWYB3eV6I2kA8
x8DOCxkHqIvnfJTgHp/rXmeNOArAbNttt21V6WVdVDkZxHo+66yz0hnp0TBrBmcN+swj8KsYMmds
ZsTGVLThqwQkIAEJSEACEpCABPohMFHCeghtTdPAM1bsG47hwgGVwnsiXje3XY2IjLN4p4Kti9CN
YIudlxcimhEHSWudC+RRB5HysssuS88aZz3zHddzEZzv9txzz3R0GBmwiNbtpy9s8m7PE2OresVe
wxkax/VyOXrx0cXx7zu+7TzvqMMzEtEeKe3jOjbhspHU+PkZ4KSax6aLEpH97E3AAAeDKHxm3wK7
OuYKu5rPTfqqmpNoO39lPnDEz50smHPs4Lwf9izCmZtxlucRfkS1c1+5YE8jvCMeh12NLYm9TcHu
y/cU4n4CAs4999wxdjUR/djPeWEPY8H8BcWixYtSVD/jY19n7ty5ebXkjHDsscemuc6/4PeSAA72
kqIE9/hc94pTA0EduV3dy7pgHwBGecEuZz2feuqpbWnecWrg9w7nBLL/RVr5KobM2emnn97KEJC3
73sJSEACEpCABCQgAQlIoJpAS1jHg/iuu+5KRlj+x371be1XSW9O5G2v97W3MjU/DRIb0ryRAg0v
7C233DKlrotU6XX0WReI0LxyH+edhaFbd0+v10l3PmPGjGR4w4uNJaKj6Wcy1hTPQmQFbdMPKfya
FO5j44B0cWQCYNNiMsYHg1g3jA2Hg14KY8Pphd9J5ncyNuQ2xboghTzjZ2OIZyJKBO9+Pk/Uxmcv
XK0rAQlIQAISkIAEJDB1CUzU35f8nXznnXcmm6FXWyFsgF7vm7qz8uCTDRIb7Oqbb765ZVfvsMMO
rSPIHhxx+7uwJXnlH8epjTlLvP2Wnj9h6+P8jmAML4Rz7F36mYw1xXPcdtttLbua1PFNCvdhj4dd
PVl2PwxwPifrGWPrx65mbyL2uibLrmaPYTLXBfs5zH/Y1aSSD7u66V5Ik3m1jgQkIAEJSEACEpCA
BKYLgZawPl0e2OeUgAQkIAEJSEACEpCABCQgAQnkBCZKWM/b9L0EJCABCUhAAhKQgAQkIAEJSEAC
U4uAwvrUmk+fRgISkIAEJCABCUhAAhKQgAR6JKCw3iMwq0tAAhKQgAQkIAEJSEACEpCABKYhAYX1
aTjpPrIEJCABCUhAAhKQgAQkIAEJPEhAYf1BFr6TgAQkIAEJSEACEpCABCQgAQlIoJqAwno1F69K
QAISkIAEJCABCUhAAhKQwDQhoLA+TSbax5SABCQgAQlIQAISkIAEJCABCYyDgML6OOB5qwQkIAEJ
SEACEpCABCQgAQkMPwGF9eGfQ59AAhKQgAQkIAEJSEACEpCABCQw2QQU1iebsO1LQAISkIAEJCAB
CUhAAhKQwEATUFgf6OlxcBKQgAQkIAEJSEACEpCABCQggYEgoLA+ENPgICQgAQlIQAISkIAEJCAB
CUhgcxFQWN9c5O1XAhKQgAQkIAEJSEACEpCABCQwPAQU1odnrhypBCQgAQlIQAISkIAEJCABCUwC
AYX1SYBqkxKQgAQkIAEJSEACEpCABCQggSlGQGF9ik2ojyMBCUhAAhKQgAQkIAEJSEACvRFQWO+N
l7UlIAEJSEACEpCABCQgAQlIQALTkYDC+nScdZ9ZAhKQgAQkIAEJSEACEpCABFoEFNZbKHwjAQlI
QAISkIAEJCABCUhAAhKQQA0BHNTNFgAABE5JREFUhfUaMF6WgAQkIAEJSEACEpCABCQggelBQGF9
esyzTykBCUhAAhKQgAQkIAEJSEACEhgPAYX18dDzXglIQAISkIAEJCABCUhAAhIYegIK60M/hT6A
BCQgAQlIQAISkIAEJCABCUhg0gkorE86YjuQgAQkIAEJSEACEpCABCQggUEmoLA+yLPj2CQgAQlI
QAISkIAEJCABCUhAAoNBQGF9MObBUUhAAhKQgAQkIAEJSEACEpDAZiKgsL6ZwNutBCQgAQlIQAIS
kIAEJCABCUhgiAgorA/RZDlUCUhAAhKQgAQkIAEJSEACEph4AgrrE8/UFiUgAQlIQAISkIAEJCAB
CUhAAlONgML6VJtRn0cCEpCABCQgAQlIQAISkIAEeiKgsN4TLitLQAISkIAEJCABCUhAAhKQgASm
JQGF9Wk57T60BCQgAQlIQAISkIAEJCABCQQBhfUg4asEJCABCUhAAhKQgAQkIAEJSEACdQQU1uvI
eF0CEpCABCQgAQlIQAISkIAEpgUBhfVpMc0+pAQkIAEJSEACEpCABCQgAQlIYFwEFNbHhc+bJSAB
CUhAAhKQgAQkIAEJSGDYCSisD/sMOn4JSEACEpCABCQgAQlIQAISkMDkE1BYn3zG9iABCUhAAhKQ
gAQkIAEJSEACA0xAYX2AJ8ehSUACEpCABCQgAQlIQAISkIAEBoSAwvqATITDkIAEJCABCUhAAhKQ
gAQkIIHNQ0BhffNwt1cJSEACEpCABCQgAQlIQAISkMAwEVBYH6bZcqwSkIAEJCABCUhAAhKQgAQk
MOEEFNYnHKkNSkACEpCABCQgAQlIQAISkIAEphwBhfUpN6U+kAQkIAEJSEACEpCABCQgAQn0QkBh
vRda1pWABCQgAQlIQAISkIAEJCABCUxPAgrr03PefWoJSEACEpCABCQgAQlIQAISGCWgsO5SkIAE
JCABCUhAAhKQgAQkIAEJSKAbAYX1boT8XgISkIAEJCABCUhAAhKQgASmNAGF9Sk9vT6cBCQgAQlI
QAISkIAEJCABCUhgQggorE8IRhuRgAQkIAEJSEACEpCABCQggWEloLA+rDPnuCUgAQlIQAISkIAE
JCABCUhAApuOgML6pmNtTxKQgAQkIAEJSEACEpCABCQwgAQU1gdwUhySBCQgAQlIQAISkIAEJCAB
CUhgwAgorA/YhDgcCUhAAhKQgAQkIAEJSEACEti0BBTWNy1ve5OABCQgAQlIQAISkIAEJCABCQwj
AYX1YZw1xywBCUhAAhKQgAQkIAEJSEACE0ZAYX3CUNqQBCQgAQlIQAISkIAEJCABCUhgyhJQWJ+y
U+uDSUACEpCABCQgAQlIQAISkEATAgrrTShZRwISkIAEJCABCUhAAhKQgAQkML0JKKxP7/n36SUg
AQlIQAISkIAEJCABCUx7Agrr034JCEACEpCABCQgAQlIQAISkIAEJNCVwP8BpS/DSsET5JwAAAAA
SUVORK5CYII=
--Apple-Mail=_277CF6E9-B803-4E58-97B4-D110E8DB14EE--

--Apple-Mail=_7C4B94BA-E26C-47B5-924F-3DC4C73F4713--


From nobody Tue Oct 18 10:54:22 2016
Return-Path: <ben@nostrum.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBBCB1297AC; Tue, 18 Oct 2016 10:54:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.711
X-Spam-Level: 
X-Spam-Status: No, score=-0.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_IMAGE_ONLY_24=1.618, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.431] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y0ia06agmFy2; Tue, 18 Oct 2016 10:54:11 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B049D129712; Tue, 18 Oct 2016 10:54:10 -0700 (PDT)
Received: from [10.0.1.21] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u9IHrxP6093795 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 18 Oct 2016 12:54:00 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.21]
From: "Ben Campbell" <ben@nostrum.com>
To: "Dino Farinacci" <farinacci@gmail.com>
Date: Tue, 18 Oct 2016 12:53:59 -0500
Message-ID: <303ECCDE-3441-4423-8F29-1EDFE32D4161@nostrum.com>
In-Reply-To: <89EA6A5A-A4BA-40E4-9044-0D5AD0027770@gmail.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com> <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com> <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com> <A7D2111B-594C-4EBF-A07E-26077A845677@gmail.com> <96848257-D21D-4ACF-A76D-975503C7A0E0@nostrum.com> <89EA6A5A-A4BA-40E4-9044-0D5AD0027770@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_70145BFC-BDCC-43B8-9588-99B9A549D359_="
Content-Transfer-Encoding: 8bit
Embedded-HTML: [{"HTML":[490, 1592], "plain":[72, 821], "uuid":"5F2ED67E-0B3A-47D6-BA9A-B381A91A5EBE"}]
X-Mailer: MailMate (1.9.5r5263)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/FqdcuflyHEoT75H9bMJVYOjEP6M>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 17:54:15 -0000

--=_MailMate_70145BFC-BDCC-43B8-9588-99B9A549D359_=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Looks good, thanks!

On 18 Oct 2016, at 12:05, Dino Farinacci wrote:

> > I can live with that, with a couple of minor comments: I think it 
> might be improved by changing "examine" to "consider the applicability 
> of". I say that because I do not know for a fact that RFC6820
>
> Changed. See below. Please ack so we can publish.
>
>> really applies to lisp use cases; I hope people who understand lisp 
>> better than I can reach a conclusion on that. But I'm okay with an 
>> experimental RFC pushing that analysis into the future.
>
> I assure you we will address this in draft-farinacci-lisp-geo.
>
>> One other point: RFC6280 and BCP160 are the same document. I think 
>> these days we prefer referencing BCPs by the BCP number, but the RFC 
>> editor will do the right thing.
>
> Oh, I didn’t notice that. I’ll change the occurence to RFC6280 to 
> BCP160 and apply the RFC reference. See below.
>
> Dino



--=_MailMate_70145BFC-BDCC-43B8-9588-99B9A549D359_=
Content-Type: multipart/related;
 boundary="=_MailMate_0E3957BB-8117-452D-80AB-7ED28E8575D1_="


--=_MailMate_0E3957BB-8117-452D-80AB-7ED28E8575D1_=
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/xhtml; charset=3Dutf-8"=
>
</head>
<body>
<div style=3D"font-family:sans-serif"><div style=3D"white-space:pre-wrap"=
><div dir=3D"auto">Looks good, thanks!
</div><div dir=3D"auto">
</div><div dir=3D"auto">On 18 Oct 2016, at 12:05, Dino Farinacci wrote:
</div><div dir=3D"auto">
</div></div>
<blockquote style=3D"border-left:2px solid #777; color:#777; margin:0 0 5=
px; padding-left:5px"><div id=3D"5F2ED67E-0B3A-47D6-BA9A-B381A91A5EBE"><d=
iv style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space;"><blockquote type=3D"cite" class=3D"">I can li=
ve with that, with a couple of minor comments: I think it might be improv=
ed by changing "examine" to "consider the applicability of". I say that b=
ecause I do not know for a fact that RFC6820 </blockquote><div class=3D""=
><br class=3D""></div>Changed. See below. Please ack so we can publish.<d=
iv class=3D""><br class=3D""><blockquote type=3D"cite" class=3D"">really =
applies to lisp use cases; I hope people who understand lisp better than =
I can reach a conclusion on that. But I'm okay with an experimental RFC p=
ushing that analysis into the future.<br class=3D""></blockquote><div cla=
ss=3D""><br class=3D""></div>I assure you we will address this in draft-f=
arinacci-lisp-geo.</div><div class=3D""><br class=3D""><blockquote type=3D=
"cite" class=3D"">One other point: RFC6280 and BCP160 are the same docume=
nt. I think these days we prefer referencing BCPs by the BCP number, but =
the RFC editor will do the right thing.<br class=3D""></blockquote><div c=
lass=3D""><br class=3D""></div>Oh, I didn=E2=80=99t notice that. I=E2=80=99=
ll change the occurence to RFC6280 to BCP160 and apply the RFC reference.=
 See below.</div><div class=3D""><br class=3D""></div><div class=3D"">Din=
o</div><div class=3D""><br class=3D""></div><div class=3D""><img apple-in=
line=3D"yes" id=3D"9D5335E4-8583-4067-8ECD-EE9AE5C111F1" height=3D"182" w=
idth=3D"749" apple-width=3D"yes" apple-height=3D"yes" src=3D"cid:33733F49=
-3C6D-4E3D-A8CB-4C2403AC1B75" class=3D""><br class=3D""><br class=3D""></=
div></div></div></blockquote>
<div style=3D"white-space:pre-wrap"><div dir=3D"auto">
</div></div>
</div>
</body>
</html>

--=_MailMate_0E3957BB-8117-452D-80AB-7ED28E8575D1_=
Content-Transfer-Encoding: base64
Content-Disposition: inline;
	filename=PastedGraphic-3.png
Content-Type: image/png;
	x-unix-mode=0666;
	name="PastedGraphic-3.png"
Content-Id: <33733F49-3C6D-4E3D-A8CB-4C2403AC1B75>

iVBORw0KGgoAAAANSUhEUgAAB9YAAAHmCAYAAAAm1WW0AAAMFmlDQ1BJQ0MgUHJvZmlsZQAASImV
VwdYU8kWnltSCAktEAEpoffeQXqXKh1shCRAKAESgoq9LCq4drGAqOiKiIprAWSxYcHCImCvD0RU
VtbFgg2VNymg62vfO983d/6cOefMf+aeO5kBQNGWlZ+fgyoBkMsvFMQE+zGTklOYpB5AAfIAADsg
z2IL832jo8PhLzDW/13e3QKIuL9uJY71r+P/VZQ5XCEbACQa4jSOkJ0L8TEAcHV2vqAQAEI71BvM
KswX4yGIVQWQIABEXIwzpFhdjNOk2FJiExfjD7EPAGQqiyXIAEBBzJtZxM6AcRTEHG35HB4f4kqI
vdiZLA7EDyC2zM3Ng1iRDLFp2ndxMv4WM208JouVMY6luUiEHMAT5uew5vyfy/G/JTdHNDaHPmzU
TEFIjDhnuG77svPCxJgKcQs/LTIKYhWIL/E4EnsxvpcpComX2Q+yhf5wzQADABRwWAFhEGtBzBBl
x/vKsD1LIPGF9mgkrzA0TobTBHkxsvhoET8nMlwWZ0UmN3QMV3GFgbFjNum8oFCIYaWhx4oz4xKl
PNHzRbyESIgVIO4UZseGyXwfFWf6R47ZCEQxYs6GEL9NFwTFSG0w9VzhWF6YNZslmQvWAuZTmBkX
IvXFkrjCpPAxDhxuQKCUA8bh8uNl3DBYXX4xMt+S/JxomT1Wxc0JjpGuM3ZYWBQ75ttdCAtMug7Y
4yzW5GjZXO/yC6PjpNxwFIQDfxAAmEAEWxrIA1mA1zHYOAh/SUeCAAsIQAbgAiuZZswjUTLCh89Y
UAz+hIgLhON+fpJRLiiC+i/jWunTCqRLRoskHtngKcS5uCbuhXvg4fDpA5s97oq7jfkxFcdmJQYS
A4ghxCCi2TgPNmSdA5sA8P6NLgz2XJidmAt/LIdv8QhPCV2Ex4SbhB7CXZAAnkiiyKxm8pYIfmDO
BBGgB0YLkmWXBmMOjNngxpC1E+6He0L+kDvOwDWBFe4IM/HFvWFuTlD7PUPROLdva/njfGLW3+cj
0yuYKzjJWKSNvxn/casfo/h/t0Yc2If9aImtwI5ibdhZ7DLWgjUCJnYaa8LasZNiPF4JTySVMDZb
jIRbNozDG7OxrbMdsP38w9ws2fzi9RIWcmcXij8G/7z8OQJeRmYh0xfuxlxmKJ9tbcm0t7VzBkC8
t0u3jjcMyZ6NMK580xWcAcCtFCozvulYBgCceAoA/d03ncFrWO5rATjZyRYJiqQ68XYMCPBfQxF+
FRpABxgAU5iPPXAGHsAHBILJIArEgWQwA654JsiFnGeBeWAxKAFlYC3YBLaBHWA32AcOgiOgEbSA
s+AiuAo6wU1wH9ZFP3gBhsA7MIIgCAmhIXREA9FFjBALxB5xRbyQQCQciUGSkVQkA+EjImQeshQp
Q9Yj25BdSC3yK3ICOYtcRrqQu0gvMoC8Rj6hGEpFVVFt1Bi1QV1RXzQMjUOnoxloAVqMLkNXo1vQ
avQA2oCeRa+iN9Ee9AU6jAFMHmNgepgV5or5Y1FYCpaOCbAFWClWjlVjh7Bm+J6vYz3YIPYRJ+J0
nIlbwdoMweNxNl6AL8BX4dvwfXgDfh6/jvfiQ/hXAo2gRbAguBNCCUmEDMIsQgmhnLCXcJxwAX43
/YR3RCKRQTQhusDvMpmYRZxLXEXcTqwnniF2EfuIwyQSSYNkQfIkRZFYpEJSCWkr6QDpNKmb1E/6
QJYn65LtyUHkFDKfvIRcTt5PPkXuJj8jj8gpyRnJuctFyXHk5sitkdsj1yx3Ta5fboSiTDGheFLi
KFmUxZQtlEOUC5QHlDfy8vL68m7yU+R58ovkt8gflr8k3yv/kapCNaf6U6dRRdTV1BrqGepd6hsa
jWZM86Gl0Appq2m1tHO0R7QPCnQFa4VQBY7CQoUKhQaFboWXinKKRoq+ijMUixXLFY8qXlMcVJJT
MlbyV2IpLVCqUDqhdFtpWJmubKccpZyrvEp5v/Jl5ecqJBVjlUAVjsoyld0q51T66BjdgO5PZ9OX
0vfQL9D7VYmqJqqhqlmqZaoHVTtUh9RU1BzVEtRmq1WonVTrYWAMY0YoI4exhnGEcYvxaYL2BN8J
3AkrJxya0D3hvfpEdR91rnqper36TfVPGkyNQI1sjXUajRoPNXFNc80pmrM0qzQvaA5OVJ3oMZE9
sXTikYn3tFAtc60Yrblau7XatYa1dbSDtfO1t2qf0x7UYej46GTpbNQ5pTOgS9f10uXpbtQ9rfsH
U43py8xhbmGeZw7paemF6In0dul16I3om+jH6y/Rr9d/aEAxcDVIN9ho0GowZKhrGGE4z7DO8J6R
nJGrUabRZqM2o/fGJsaJxsuNG42fm6ibhJoUm9SZPDClmXqbFphWm94wI5q5mmWbbTfrNEfNncwz
zSvMr1mgFs4WPIvtFl2WBEs3S75lteVtK6qVr1WRVZ1VrzXDOtx6iXWj9UsbQ5sUm3U2bTZfbZ1s
c2z32N63U7GbbLfErtnutb25Pdu+wv6GA80hyGGhQ5PDK0cLR65jleMdJ7pThNNyp1anL84uzgLn
Q84DLoYuqS6VLrddVV2jXVe5XnIjuPm5LXRrcfvo7uxe6H7E/S8PK49sj/0ezyeZTOJO2jOpz1Pf
k+W5y7PHi+mV6rXTq8dbz5vlXe392MfAh+Oz1+eZr5lvlu8B35d+tn4Cv+N+7/3d/ef7nwnAAoID
SgM6AlUC4wO3BT4K0g/KCKoLGgp2Cp4bfCaEEBIWsi7kdqh2KDu0NnRossvk+ZPPh1HDYsO2hT0O
Nw8XhDdHoBGTIzZEPIg0iuRHNkaBqNCoDVEPo02iC6J/m0KcEj2lYsrTGLuYeTFtsfTYmbH7Y9/F
+cWtibsfbxovim9NUEyYllCb8D4xIHF9Yk+STdL8pKvJmsm85KYUUkpCyt6U4amBUzdN7Z/mNK1k
2q3pJtNnT788Q3NGzoyTMxVnsmYeTSWkJqbuT/3MimJVs4bTQtMq04bY/uzN7BccH85GzgDXk7ue
+yzdM319+vMMz4wNGQOZ3pnlmYM8f9423quskKwdWe+zo7JrskdzEnPqc8m5qbkn+Cr8bP75PJ28
2Xld+Rb5Jfk9Be4FmwqGBGGCvUJEOF3YVKgKjzntIlPRT6LeIq+iiqIPsxJmHZ2tPJs/u32O+ZyV
c54VBxX/Mhefy57bOk9v3uJ5vfN95+9agCxIW9C60GDhsoX9i4IX7VtMWZy9+PcltkvWL3m7NHFp
8zLtZYuW9f0U/FNdiUKJoOT2co/lO1bgK3grOlY6rNy68mspp/RKmW1ZednnVexVV362+3nLz6Or
01d3rHFeU7WWuJa/9tY673X71iuvL17ftyFiQ8NG5sbSjW83zdx0udyxfMdmymbR5p4t4Vuathpu
Xbv187bMbTcr/CrqK7UqV1a+387Z3l3lU3Voh/aOsh2fdvJ23tkVvKuh2ri6fDdxd9Hup3sS9rT9
4vpL7V7NvWV7v9Twa3r2xew7X+tSW7tfa/+aOrROVDdwYNqBzoMBB5sOWR3aVc+oLzsMDosO//Fr
6q+3joQdaT3qevTQMaNjlcfpx0sbkIY5DUONmY09TclNXScmn2ht9mg+/pv1bzUtei0VJ9VOrjlF
ObXs1Ojp4tPDZ/LPDJ7NONvXOrP1/rmkczfOTznfcSHswqWLQRfPtfm2nb7keanlsvvlE1dcrzRe
db7a0O7Ufvx3p9+Pdzh3NFxzudbU6dbZ3DWp61S3d/fZ6wHXL94IvXH1ZuTNrlvxt+7cnna75w7n
zvO7OXdf3Su6N3J/0QPCg9KHSg/LH2k9qv6H2T/qe5x7TvYG9LY/jn18v4/d9+KJ8Mnn/mVPaU/L
n+k+q31u/7xlIGig84+pf/S/yH8xMljyp/KflS9NXx77y+ev9qGkof5Xglejr1e90XhT89bxbetw
9PCjd7nvRt6XftD4sO+j68e2T4mfno3M+kz6vOWL2Zfmr2FfH4zmjo7mswQsyVEAgw1NTwfgdQ0A
tGR4dugEgKIgvXtJBJHeFyUI/CcsvZ9JBJ5canwAiF8EQDg8o1TBZgQxFfbio3ecD0AdHMabTITp
DvbSWFR4gyF8GB19ow0AqRmAL4LR0ZHto6Nf9kCydwE4UyC984mFCM/3O23EqLP/JfhR/gno8Gz+
GcRuRwAAAAlwSFlzAAAWJQAAFiUBSVIk8AAAAZ5pVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4
OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4w
Ij4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJk
Zi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAg
ICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAg
ICA8ZXhpZjpQaXhlbFhEaW1lbnNpb24+MjAwNjwvZXhpZjpQaXhlbFhEaW1lbnNpb24+CiAgICAg
ICAgIDxleGlmOlBpeGVsWURpbWVuc2lvbj40ODY8L2V4aWY6UGl4ZWxZRGltZW5zaW9uPgogICAg
ICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KCe6dMgAAABxp
RE9UAAAAAgAAAAAAAADzAAAAKAAAAPMAAADzAAFmnjOSJI0AAEAASURBVHgB7J0JoHXV+IfXp1Ki
wZeSShONNEuDQpKSMlWEIpShGaEQ/WWmUaIiDRo0odJEEUWzlCjSpFkiXxLi/s+z6j2ts78z33Pv
PffeZ9V39zl7WMOz1t5nv+u33rVmPPjggyPJIAEJSEACEpCABCQgAQlIQAISmKYEnvnMZ07Tklts
CUhAAhKQgAQkIAEJSEACEpCABLolMENhvVtUnicBCUhAAhKQgAQkIAEJSEACU5GAwvpUrFXLJAEJ
SEACEpCABCQgAQlIQAISGCwBhfXB8jQ2CUhAAhKQgAQkIAEJSEACEphkBBTWJ1mFmV0JSEACEpCA
BCQgAQlIQAISkMAEEFBYnwDoJikBCUhAAhKQgAQkIAEJSEACw0NAYX146sKcSEACEpCABCQgAQlI
QAISkIAEhpWAwvqw1oz5koAEJCABCUhAAhKQgAQkIIFxIaCwPi6YTUQCEpCABCQgAQlIQAISkIAE
JDCpCSisT+rqM/MSkIAEJCABCUhAAhKQgAQkMFoCCuujJej1EpCABCQgAQlIQAISkIAEJCCBqU9A
YX3q17EllIAEJCABCUhAAhKQgAQkIIE2BBTW28DxkAQkIAEJSEACEpCABCQgAQlIQAKZgMK6DUEC
EpCABCQgAQlIQAISkIAEpjUBhfVpXf0WXgISkIAEJCABCUhAAhKQgAQk0BUBhfWuMHmSBCQgAQlI
QAISkIAEJCABCUxVAgrrU7VmLZcEJCABCUhAAhKQgAQkIAEJSGBwBBTWB8fSmCQgAQlIQAISkIAE
JCABCUhgEhJQWJ+ElWaWJSABCUhAAhKQgAQkIAEJSEAC40xAYX2cgZucBCQgAQlIQAISkIAEJCAB
CQwXAYX14aoPcyMBCUhAAhKQgAQkIAEJSEACEhhGAgrrw1gr5kkCEpCABCQgAQlIQAISkIAExo2A
wvq4oTYhCUhAAhKQgAQkIAEJSEACEpDApCWgsD5pq86MS0ACEpCABCQgAQlIQAISkMAgCCisD4Ki
cUhAAhKQgAQkIAEJSEACEpCABKY2AYX1qV2/lk4CEpCABCQgAQlIQAISkIAEOhBQWO8AyMMSkIAE
JCABCUhAAhKQgAQkIAEJpBn77bffiBwkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQk
IAEJSEACgybwqU99atBRTkh8CusTgt1EJSABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAE
JCABCUx9AgrrU7+OLaEEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCYyCgML6
KOB5qQQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJTH0CCutTv44toQQkIAEJ
SEACU4jAP//5zzRr1qw0MjKS5p577rTAAgukGTNm9F3Cf//734l/z3jGM/qOgwv/97//pf/+9785
rn/84x/pL3/5S7rzzjvTOuusk+aff/563Pfff38+d+GFF05zzDFHff8wfqAcDz/8cM7aXHPNlcsx
55xzDmNWzZMEJCABCUhAAhKQgAQkIAEJdElAu7pLUAM4Tbt6ABCNQgISGCoCCutDVR1mRgISkIAE
JCABCTQn8K9//StddNFF6fLLL284AdF6u+22S4ssskjD/nZf/vrXv6Y//vGP6brrrkt33HFHevrT
n5523333LNS3u67dsVNPPTXdcMMNs52y2267pYUWWijv//GPf5wuueSS/Hn55ZdP2267bXrKU54y
2zUTvaMVa/L1mte8Jq211lpDme+J5mb6EpCABCQgAQlIQAISkIAEhplAK1tPu3rwtdaKNSlpVw+e
tzFKQALjR0BhffxYm5IEJCABCUhAAhLoiwAjvL/5zW8mBPFmAc/1XXbZpcEzvNl5t99+ezr77LPT
n//853yY6zbbbLO0wgorpHnnnbfZJV3v+/vf/54eeOCBdNxxx9WvQVAnX4jneMUfddRR9bQR83fd
ddf0tKc9rX7+MHzAc+HII4/MrOHzlre8JS222GLpsssuywMbyOOLX/zi9OpXv3pUMwUMQ1nNgwQk
IAEJSEACEpCABCQggelCQLt6/Gpau3r8WJuSBCQw/gQU1sefuSlKQAISyNMgM21yhG6nFka4euih
h9LMmTOzh2lcP17biU5/vMrZazrUZVmfiIjD6IXba7k8fzgIPPbYY1msZmr1bbbZJi266KLpnnvu
SaeddlqiYyDC5ptvngXf+F5uGSl+/vnnp2uuuaa+G3F44403HpWXej2yJz4wbfpXvvKV+m7i33DD
DfN37pFjjjkme8izYxBe8vWEBvSB6fXxqr/00ktzjG94wxvSaqutlj9z7Nvf/nY9/3j48yw2SEAC
EpCABCQgAQlMDIGqHaZdPTH1MKhUq/WpXT0ossYDAe3q8WsH2tXjx9qUJCCBiSGgsD4x3E1VAhKY
xgQQpw888MAGAu95z3uyR2TDzsoX1iU+/PDD8168KHfeeee8tnLltDH7OtHpj1nBRhlxs/psJ3CO
Mjkvn4YEmF79nHPOSe9///sb1kG/9tpr0/e///06kVbt7m9/+1s69thjG7zdmXZt7bXXrl87qA9/
+MMf0gknnFCP7p3vfGdaaqml6t/xlGc6e9ZiX3/99dPSSy9dPzYMH6pe9e973/vyQIbI27nnnluf
ir+b53Zc51YCEpCABCQgAQlIYLAEmtlh3byfTbRdO9HpD7YWBhdbs/psZd8MLlVjmk4EtKvHr7a1
q8ePtSlJQAITQ0BhfWK4m6oEJDDNCbC28fHHH1+n0E0HwPXXX59OP/30+jU77rhjWmKJJerfx/rD
RKffqnyMhEU03GSTTdLiiy/e6rQx3X/rrbfmPEQidgAEifZbvK0ZLDKM04G3z/n4HsVzA8N0nnnm
aUj46quvTmeddVZ9X7N2x9TxTCFfera/9rWvTWuuuWb9ukF+KNdQxyOdaeBHO8X8IPPXKS469I44
4og6r5IVzxoGOFx55ZU5mm6e253S87gEJCABCUhAAhKQQP8EtKv7Z1e9Uru6SmTyfNeu7q6utKu7
4zSIs7SrB0HROCQggWEmoLA+zLVj3iQggSlL4MEHH0yHHnpovXzdCDS33HJLw9rFVU/KemRj9GGi
029VLNY9Pu+881I3DFvFMdr9TCnG2tH33XdfjqqZwDnaNKba9XTcfPe7301/+tOfRiWsw55/ITrT
qYA3NGJuu6kgMarjXATgueaaqyPi8hqmJXzqU59aT7fTxdVr559//k6XdDz+y1/+Mk/vHidWnwmU
r7ou+0te8pI8CCWuGeS2eh+84AUvSFtvvfVs65BTP5zLzButAlPXw3fGjBn5FL7HvqjrVteOhjXr
wB199NH1deCpJ54tz3jGM1K5Rhz7mUFg2NaHb8XE/RKQgAQkIAEJSGAqEtCuHlytalcPjuV4xqRd
rV2tXT2ed5xpSUACEnicgMK6LUECEpDABBBgreSvfvWr9ZS7EYUxmG688cZ09913pyWXXDItt9xy
9evH48NEp9+sjPA4+eST86FuGDaLYxD7qoKiwnp7qrSln/zkJ+lnP/tZXme7F491ZgdgOnE8sRHl
77zzznw/bLbZZukHP/hBfXADOXjHO96Rlllmmdkyg2fLGWecUfdKRljHg/vmm2/Oa5cvtNBCCZG6
FNt/97vfpbPPPrt+TUSKeLzuuutmERhBd8EFF2wQWynrb37zm4bZJriW2Sbe+ta39u3N/fvf/z6d
eOKJkY1UbXOke+qpp6bf/va39XMwuLlPKC+fQ7SunzDKDw888EA67LDD6rHg7b366qvn5xZrr8+a
NSvXD3l/5jOfmZezgDHX3XXXXemRRx5JPBthzaAAZuVYbLHF8tTxl1xyST3eN7/5zWmllVaqf48P
g2DNvYzHOm0sAs9b6oo2e/nll+fdVd5xrlsJSEACEpCABCQggfEjoF09GNba1YPhON6xaFdrV2tX
j/ddZ3oSkIAEHiegsG5LkIAEJDBGBJj6iH9zzDFHXgudLcLSs571rCweNRPWme65GvC6xWDCy7P0
wMVjllC9hv2ch1j16KOP5vRJM0RCxD/EozJEGohJ4UnKNSG8kXaz9Ktxkc/wMqWTg/SJe5FFFqnH
VaaLByoCKddxHoJft9NGl8Y/cbKWM1PBE08ZyDd5gRPlWWCBBRrWqS7PbfeZfCIOEgdeqjNnzqyX
qSqsx/TRXINYCJOSZ5kODB566KHMl/3zzTffbPlrVce0J/JEID/NRipTfvJBOrAh76QRdZsvLv4Q
J+2WdtQsL8WpTT9SFspMoM3BO9oe+6jrn/70p+niiy/ma65zxF7qvTwvH2zy5+c//3m68MILmxyZ
fRftqboueXk9xzfddNN06aWXZsF34YUXzoLqC1/4wrTVVltlRrRx1jG/7rrrcgJc8+53vzvfX6Ww
HamXSzTA/LTTTkusO054wxvekMv7ne98J39/1ateldcZz1+6/MM9etVVV9UFXi7bbrvt0vOf//yG
GG677bZ0zDHHNOwrv1CON77xjel5z3teuXtUn2HEgIUITAOPoc/MBMEgjr34xS9Or371qzPj6rrs
nINH+Nvf/vZ05plnpjvuuCMuy9sVVlghIa7HM5Cdg2T9ox/9KLeJhkSf+AK3bbbZJi09ZGvDN8ur
+yQgAQlIQAISkMBUIKBdrV2tXa1drV2tXT0Vfs8sgwQkMHUIKKxPnbq0JBKQwJAQQDgMb9xqlpZa
aqnsRYthWBXWn/3sZ2dvT46VYaeddsrCcClYcXz33XfP4tPXvva1LJyW1yy//PIJr9AICK6IVAjP
Va9SzkEsQvwt08ajdtttt80ib1Uw4xrSR3QsPVTZz9TPiN546UYop1NmH0L0FVdckS644II4pb6F
AyI0nvnkGWGuGpqVIc4JUZvvCHKIeni/luFlL3tZ2nDDDWcT4ctz4jPC9bnnnptuuOGG2JW3lGmH
HXbIgnZVWF977bXzObEWM18oB3UZAwe4BoG59MTNF9X+UE+UAxacd9BBBzWUgfwjQrOedRlKUZf9
Va/mOJf2gBAL4y222CKLq6SD2I3wXAYEUATg6oCF8hw+4zl++umnN7ShOOeVr3xlFpARQpu1pTiv
OpV57K9uo/4pB4IqYY011kjrrbdeZlK2/ZJJOXU615Ie9YJX9ymnnFJPhjaMuE4ohXi+hxc8AxaO
PPLIuoc8AjUDSNZaa63cfhkMceyxx2ZPbK6jzjbaaKN07733pm984xvsSq2mSs8HK3+qA0nKwwwq
4dkSgWcQad9WE9cjcI+/7nWvywMHEI4jRHnie79b0iw95OG688471wdLkJdS6K96ndP+Sk9xZuT4
z3/+k5jec5NNNmnw+K8K64NmTV6+/e1v1+sumMBwzz33rJcp9ruVgAQkIAEJSEACEhg8Ae1q7Wrt
6sb7Srtau1q7uvGe8JsEJCCBiSKgsD5R5E1XAhKYsgRCOESEwbMVT+KbbropnXTSSXUhDbGoKqwz
5TFiHaIbXql40jI9NQIgoRQF+R5TnyM+IWgivEUgbYRZxGumvY6wxx57ZCERr2JErlJIR+RbddVV
s4doCNFMiY3HL6Jqq/TvueeeLIhFGmxJnym4S3F94403zmI2xxGU+UdAECWvMIpp3dlPHAjriMvV
gJiKkMvU3FEG4sDjGOGafJdesCFgcs23vvWtHF1VnKumwXe8IxD74BFCId7vIYwSB4MPqLdYY518
B79qnCUDRGwGYHB+eFVH2+E6hHs8fql/4qO+yumpOQcR9+qrr+ZjDjFwAwH7lltuSccdd1zeT94R
kYnn0EMPfeLsxzd4La+yyip5AAJtiPQQo0mftaZZN770Lm64+IkveLkfcMAB+RvG/gYbbJBnZ8Az
O9adx1t7tdVWy0wRvqk7AuV//etfn8VKhOkYeJAPtvhTcuIU6hcPc8od91pcGvcJU8gjNkcoxXMG
KMQAB8qPIIynPbwOP/zwen2WfP/2t7+lgw8+OKLLbZj7lUAnINPSX3vttfk7ZSROtnjHh7BNm41r
8olt/rC+N236mmuuSbcVgjmXkOcYJMB3plWnPZYhylvNW7TrbmYLKOOrfi7XH+dYdS338vlRzS/n
07YZJESAE+zZcm9Qr1/60pfyMf7EIAU+V8szCNYsMUD7jLZLOhF6qbO4xq0EJCABCUhAAhKQQO8E
4p2f9zvt6icHrZc2pXZ1yoPDtau1q7WrH3/Galf3/lvjFRKQgAT6IaCw3g81r5GABCTQggAiz1ln
nZXFrxAoEXsJCHfXX399eu9735vF4GbCOmtOX3TRRdnrOzxmIylEnq9//evxtS6sswOP6lj7l44H
hFEEs6r4F4IUHpkhBHM9Hu54kDJdfSlIcyymmW6VfjUuPE2ZKhmhDm/xEPxDyEYUx9M3BPGIvyrM
7bbbblkgJw/NQtVjuPR2rsYVXsvUT5mnN73pTWnllVduFv1sgh1rLMOpXMcvyoTnfskToRfv4FYM
yAeiNQIoAVEYcbtaXyEKc061jvGWp21ddtll6bzzzuOULESyXvk888zT4D0c9U66pVdxiK2lCB+D
EJgqvkyzXX2UbSZEfNp/eX2wQiQty0l7ZfYDzu8mUIZStOaaMm/cZ6UnPwyZAYH6iYEJpZhcbROl
eB6e8ZEvBrvgFU+oitflmtsI3wyEiMBAAwYcMKAmBjZQ7hhQEed1u2XAClPhlaH0AK964JNWuY59
WS/VY2WcvXxGjI5BK1wX9zWfYVx60DPwhUEjtIUIDEJgyn0G0oSg/a53vSuxvnl0qsa5ZVkHyRox
n5lBYjASdcaAAPZHoJ3GwIvY51YCEpCABCQgAQlIYLAEeH/Urtau1q5+X7aTS/tNu1q7GhuYoF2d
MfhHAhKQwIQQUFifEOwmKgEJTGUCP/zhD1M5BTiCG566iEhMTb7ssstmga0U1hGF8ag9//zzGzxf
S06loMv+VqJrKYxWp1fGCKt6WBNX6YVZin8cC8GwVfpVYb2MqzQAI1/EU04fH4J4NZ4QfclDs1A9
v+RRCotVAbPMU2mUVtMoxV+ORT5L0T68Bap56cSA+EqBO4TCKvuyTGW+yzXAq2VFQGWARCkkt8oP
o7q33HLLeqcV+QphGWG9FLBLoZTzylAOukC0jjyUeY76J96yLfUq7DIwgxkDYmBGGW9VJEcEpd5u
v/32LNpGnt/ylrck6p5Q1iffo73zuSqsx+AK0mEwQwxm4dyYUp1BFswUEMYuecDDhvuf6cVDpI3z
ubafUF0HvMx39RgzDnCcQN7LeiV/DPZhZo3RhNITnzhpA/PNN1+OspzRgB1x30R65Km8H9jPbAws
U0AoRXm+x8wbg2TNkg8MXIr62X777fMSCc1m5CjvJ/JjkIAEJCABCUhAAhIYPAHt6idnt2pmV2lX
b50bXWlHaFfvmp72tKd1dTNqVz+OqWo7a1c/PiNev30Y2tVd3X6eJAEJTAECCutToBItggQkMFwE
yimPy5whxjDteVVYLM/hc6tpt0sxkvNaia4hnpNOVUQLT12OlR7WpfFQNbAiP62mr6+KymVcZQdA
5Iup60vRN7zJSfeb3/xm3as4REzK2ixU0y15MDMA0+MTqsJtmafqsTKdqqBWxo+gR/qsS0+o5qUT
A/g/8sgjeTp7vNoXXHDBhMcvU9iFYEy8ZZplvoMl8TQT1vFYDw8P4glP62p7CE/qaqcV11RDVQyt
HmeafcpEG2PNa7yMS+G5zHPZltvVQTUNvpdrlPO9nHWAqfsPPPBAdufAdPasa4/QHd7q1fSqntZ4
kcfyA5QDsTXqJAYX4NF8/PHHRzINU9GXZYsTWBaBgTMEZkhgzXrqfDShrHfiKdtctT7LNdir9zc8
Ypr6fvPD/YCHPgOHCDE4IzzSyxkROF7mh++0G6aBD1E7BkTQlqoDXPBgZ7YG4h4Ua+6Lc845pz4g
KmZ4IG+EX/3qV3kwwuPfUioHtsQ+txKQgAQkIAEJSEACgyWgXb157huAajNbULt629y3ol391Xzj
Ve3cTnejdvXjhLSrtas73Ssel4AEJNCMgMJ6Myruk4AEJDAKAghXCHkxzXcZVSuRujyHz7Eedbm/
KiJ1I7pyfWmEh7GFmNtKWK+KxAiijPxGXCy97CP96vmlwFemXQqr5Vpw4U2LVzEevRHCKzW+V7fV
dCM/nFcKi1HmGLld5ql6rEyjFOfZHx7r5TnxuZqXbhhwLWLvFVdckQU9xETWFw8Rl+Nlmcp8lyxL
Q7AsTylmIlAy9TZCcSlg4rn9vOc9r6EtMN09U2AjNsbgDPKCWM+6460CDH73u99lT24E0pVWWil/
j/PLPJdtucxznNtuW4qcVc/o6pTh1APlK9tttGeEWcpYekPHwBPujwgMGGDAR6vAWuIvf/nL87T/
nFOdIp59LI8AV2arYLq2QYTbKtPNh+hP3GVbqfKtDhipHu8nb9UBDTGQI+Iq17AnvaqQXy1LPCdp
fzfccEP2Zo+4ymfjoFhzX8Rgn1LUjzRp20cccUR9cEbZhuIctxKQgAQkIAEJSEACgyWgXd1eWOdd
Wbt6Rm502tWzOxR0uhu1qx8nVLVFtasf59JPH4Z2dae7zuMSkMBUIqCwPpVq07JIQAJDQwAh5te/
/nX2Gq5mKtYWLsU+hKhrrrmmLtxwDefF+ux8L8VIvncjunJeKTKHIISHaSthvXwZ5voQiVul34+o
TPp0ArCmPKEqwr7tbW/LYmQ+2OJPNd2SRynGVYXDdqJjmVTVwCoFvfI8PlfzEsw4VqZXisssF0Dd
EPCsJv9wKT2uyzK1iqeVsE68CN2sKU94znOekx599NG6cI94jihMh0wZN8IvwifTyXcbmO6L9bVj
UMBrXvOatPbaa+e1zlnznFCWvWxL1fpplyZCeDnVX7RnRPJqHYSAi8czbT1CKfpW6xgem2yySa6H
8La+++6705FHHpn54akMQ9Ji3XaEcsT4MlQHZJRtgfOoY7zkl1hiiZ4Yl2nwuax3xOBy3e/ynq96
j1c9f6rHIx08YCgrccfMDHGsur3pppvSSSedVN9Nu11kkUXy84xnGANmYqBRtIP7778/t3sGvJQd
gkQSs1hQ39Vp65linjZL/bLWfMxMwXX9si7bDvcisxbEQBziJZT3SNWj/fEz/CsBCUhAAhKQgAQk
MGgCvKdpVze+i8b7NO/E2tUz8iB17erehHXt6iefVNrV2tVPtgY/SUACEuiegMJ696w8UwISkEBX
BBD+EBWXXnrphDiFyPv973+/fi2iE2JVKawjFiFoI+BFqHrP9rP+dikYEW9MYfzf//63QVgv1wyu
phPHqvtD9K2mUYpbpRhVdgDABVH95z//eV5vmam3ETJZkxlhd8455wwMLbfVdEOMo2x/+MMf0skn
n5yvRYBDKHvGM56Rv7fKUzWhanmZgpp1sZsJztW8dGKAAH3ooYfWkwzRvjrtdTDmxFb5Lg3BqkiN
8HjaaaflJQhWXHHFLEjiFY8ojAd6hDPPPDMP7IjvZbrswyMZ47uVx3qZt7LdlvvL+m8lrMOxXd2z
Hvphhx1WnzK85FwVd4NpVeiOdffKKdHhhpc95aaD6jvf+U7afffd89TmJ5xwQsbCWu7E2S5/nFgO
6uB73D98JoSw3W4GBM6j/SFWw561xldZZRV250BdlFOXl4MFOIHBDHiJE8o16Ol4K6ds53g5Ip/v
hKqXfnWQz+NnPfm39Ein/inbRRddlH7/+98nlnRgloQIMOReOuSQQ/I0/rSLo48+ui68l+2nOkX8
mmuumRC1DzrooDzFP/cLz9sI/bIuBxPRFqh7ntEReKaUeXz961+fVl999TjsVgISkIAEJCABCUhg
DAhoV3f2WNeu1q6OfqWyL0C7+skHknb1XLMtvaZd/WT78JMEJCCBfgkorPdLzuskIAEJtCDAaGmE
mC233DKLdJx27bXX1sV1PEvxAD344IPrMYTIVgpiHAwPWj5Xpz2OazhWCph4XHIMARWv0MMPP5xT
cnj729+evWyrQjDi21ZbbZXF7XI6bcQlRH8E71bpE1c5TXIpbpX5ClGfjITXMfEjiMf02AiGCJvh
Lfx4rpv/rZYBcXHVVVdNX/7yl7NA+r3vfa8+A0Cs6Uz8eHDfeOONOdJmomKkxrnlNOHsZ8pvhD3y
iDjOFOGI7TNnzuyJAcZdGMDEG8JoyZ79pcBdeiEHS/JRCsrUPSIoXMup3Zjynam8IiCwlgIxAxFC
QOYcvKm5BuP8vvvuy0sbvPSlL03rrLNORNGwLfPGNQxkoA7hx/WEso2VwjrHqB/yQ91E/tlfDdU2
GPWKAItXenjMl1OJ31aZMh1BdMMNN8zCLyI4gTwjrL/oRS9KrJ8O34022iidffbZDQMOOHeNNdZI
DFJYfPHF64M12B+B8rIuewSEYvJJGjwHzjrrrHxfM2MA9dcqMOjkwgsvrB+mnbFWO6FcFx5hmsEC
5T1THi/bSpVfs2tpG8w+wLkRygEMsS+21fvw+c9/fn7GXHDBBbn9zpo1q8GbnbiuvvrqtNhii+VB
B9VBJuUz74EHHsgDKSItGD73uc/NgzwoM1M+DoI193o8k0gr2lWkWw6yKe+xOO5WAhKQgAQkIAEJ
SGDwBLSrX5sQwAja1c0ZaFf/paFfQbt69ueQdnVK2tWztwv3SEACEhgtAYX10RL0eglIQAIVAmH0
IsAi8CFy4p3Nv5h2GTE0pujmcs5FuEQgxDMyBEKOISAhiv7iF7/IYiD7CFtvvXUWKxHnIs3Hjzw+
tfgrXvGKdPHFF9fjKoXNqhjGdQiOiF14wkYIQY3zW6WPKHviiSfGJVl8RTTEC/SMM87IQiUHERgR
BxH8Yz3j+kWVD5R34403TosuumjlyJNfiR9RrWTF0SjnHXfckb1z2RcCIiLrcccdx64skDL4oRQk
84HiD8Jd6W3LIaZUx+MbT2jqd7PNNks333xzVwwQ5XbYYYcsDJbCepHkbB+pAwRVPI0RfwkI37QL
pquOtsV+2hrT6CM+IuCyvECrwCwBiMeIxNUBB9Vr8DBmUEYpxpfnVD3ey2PlZ4RRBmpQDjzPq6Ec
lFE9xvfLLrssr+Eex6g/1lBHFA0hGOG7rFeE3QMOOCAuqW9hRfkxtIMrB1kLfdttt83tohycUL+w
+EBbY+r4BRdcsL4XYZo2RltrFmC5/fbb19dkb3YO+6666qos7Mdx2FHneO3HtOuI0Nwn1TZMfcYU
6lz3rne9Kw/mIV+0aQJtiIEl5cwF7C+9t/lOiOfA498a/zZ7lnBGzBhQDvyIK8OrnTqozihQDiCo
dgBwPeWJGSgGxZp4y9kiSANPe56HDE5i9ot4zpSDXbjOIAEJSEACEpCABCQwNgTCxtWu1q6u9i1o
V2tXa1c/3seGU4129dj8BhmrBCQggXYEFNbb0fGYBCQggT4IIPIhCLHudCnY4cnJFMJMQd1MVH3T
m96UHnrooXT++ec3pIrIg1CNUFYNMUVzdDpwnJdqBL9SVEUAftWrXlUXRqtiGGmwFnIpBpYiZznd
eJkHRNzS0zmOMXU1U1gj+paBgQWIeXh6hydzebz6ebfddqt7s1eP8b3q4U25EVVDLCQNpkIPMTHi
QAzH+7qdx3Ccyyh4BkFU88s64ng4V0fJx3XtGCBSX3rppQ0DJfCAJl8IvUyhTaDDAF60qWoZKCv/
TjnllEgyb6lLxGtmPyCNTgGxljXuESkRrvE0LgOcaH9zzTVXubvhMx7oDAgp2zt8mOkgpuTnAjzz
11133SzkM4AD8TgCaSAUt6qTZjMIxLWxjTqpxhFT4sd5MIIrMw0wJX/kG1GdASuxpnh1SvS4vtwS
Vwi9sR/xGw8b0i0DMx5ssMEG9fuwPFb93CoOzqO+GIjDII9WgWkhmY6dqeergXqgXquCPOfBmaUr
WMsyArMXMDilVbjyyitzeeP4Nttsk9sm33kOMgAmGDNoBtGdATaEcn11WDKjB1sCz0qeFdH2uUeI
uxzI0IpTL6xzYrU/DMJglgBmFqgGBmwwWIk2bZCABCQgAQlIQAISGHsC2tUpLwmlXd26b0G7+vEl
wrSrWz+PWtmLXKFd/aSDQCtO2tWt25ZHJCCB6U1AYX1617+ll4AExoAAno2xFjViEgIXAlYpBg06
2VJYj6mfEbQQphAJEWjLUBXWY81gvDY5hrCFN/RYhU6ewJFuN96hGAD8w5u6Ws6Ihzphen4Ca62H
8B7Hu9ky6CHqkjhCfO3m2lbn0D7IO/mJNeARuBHriR8RryoSt4qrur86JXn1eHyveiPTZkIERfzs
lhV8YUQo+SBWwq1ZXKRDeqQRQmvkq7qtrre9/vrrJ/7RzuP+alcnpAVb/pFWDBSAP/nDC4IlCeDN
dzryYoADg0wQdZmdIdYuL/PHoJiVV1653JU/0wlGgA0DXjqVMZ9c+RPtjvYNK9pEL/HAn/sawRxO
zLbQqU7JL9P4M+sDTBC755hjjkrOGr+SDtfx7Ai2cQb7OU4Zop3HsU5b6guO5L3d/TAI1pEX2gr5
Ja9seZ73wjzicSsBCUhAAhKQgAQk0D8B7erO7LSrH2fE+7t2tXZ1uztGu1q7ul378JgEJCCBXgko
rPdKzPMlIAEJDCGBUljHixmv23aCbFVYL73Tx7p45ZTLeEsvvfTSWewkv/xDVMbLnI4U1l9nympD
bwTK+mXqxPDOR6REoKTjAU9hPKqrwnpvKY3f2cymwHT4EfA4ZxaIsQhlBxX3EoNVIsAQj2amv4+A
B/h6660XXyf9lnuU5RpoJzErxqQvlAWQgAQkIAEJSEACEpBABwLa1R0ATbPD2tWjq3Dtau3q0bUg
r5aABCQwvAQU1oe3bsyZBCQgga4JlB0ArF/MVODtPEzxID3yyCPr05szVTwC63gEPEuPOOKI7BnP
elDktwx45TKtOOIenrLh/V+e4+f2BGB84IEH5pOaTeON9zKe10wVz/R5yy67bPsIh+AoU9uHtzje
32PVNmBTrk/fTFjm/vnGN75Rn6J8Kg0Aufvuu7O3PgNbWJudtesMEpCABCQgAQlIQAISmA4EtKun
Qy13X0bt6u5ZVc/UrtaurrYJv0tAAhKYSgQU1qdSbVoWCUhg2hHAWLnxxhvT2WefXZ++Gwgvr63l
zJrAzURphGvW4PrRj37UwOuNb3xjXkcZ0XIsA1O0Ieoj3BHwpn7uc5+bp+K+//778zrf7N92223T
iiuuyEdDjwRoFz/4wQ/qa0UzTTnrh+OtznroF198cY6Rdc2ZTp39wxxKTwHyidi7ww47jFm+r7/+
+nT66adnJHjFs3Z7DABhmvjrrrsui++csOaaa6Ytt9yy7QwROaIh/4N3Ou3iiiuuyOujM9Am1jof
8qybPQlIQAISkIAEJCABCYyKgHb1qPBN2Yu1q0dXtdrVL8gOLNrVo2tHXi0BCUhgGAkorA9jrZgn
CUhAAl0SYFrqyy67LK8JXV7y6KOPpqWWWqqpMM1a1XgqV9ejZq1qPNcXXnjhMqox+YzHL56x9957
b14/GbESo3XmzJlp0UUXzf/GWuAfk4INWaR//vOfM2fEdNYQhzPr0C+22GLpOc95Ts/rXU9E8Ziu
/sILL6wPxIg8sOTBWmutNSbe9txXeMhfdNFFkVxeI532ec899+R9tE8E91VWWWXSi+oUiOntKe9W
W22Vnx31gvtBAhKQgAQkIAEJSEACU5yAdvUUr+BRFk+7uj+A2tVL9QfOqyQgAQlIYOgJKKwPfRWZ
QQlIQAISkMD0JXDrrbfmwQFzzTVXAwQGjyyxxBJjIqxHQsyu8OCDD+ZlCfCa59+8886bB4AwAGXY
Pf2jHG4lIAEJSEACEpCABCQgAQlIYPoS0K6evnVvySUgAQlIYPAEpoywXuv4Hhk8HmOUgAQkIAEJ
SEACEpCABCQgAQlMDgKxdMnkyK25lIAEJCABCUhAAhKQgAQkIAEJSGAiCMxQWJ8I7KYpAQlIQAIS
kIAEJCABCUhAAsNCQGF9WGrCfEhAAhKQgAQkIAEJSEACEpCABIaXgML68NaNOZOABCQgAQlIQAIS
kIAEJCCBcSCgsD4OkE1CAhKQgAQkIAEJSEACEpCABCQwyQkorE/yCjT7EpCABCQgAQlIQAISkIAE
JDA6Agrro+Pn1RKQgAQkIAEJSEACEpCABCQggelAQGF9OtSyZZSABCQgAQlIQAISkIAEJCCBlgQU
1lui8YAEJCABCUhAAhKQgAQkIAEJSEACTxBQWLcpSEACEpCABCQgAQlIQAISkMC0JqCwPq2r38JL
QAISkIAEJCABCUhAAhKQgAS6IqCw3hUmT5KABCQgAQlIQAISkIAEJCCBqUpAYX2q1qzlkoAEJCAB
CUhAAhKQgAQkIAEJDI6AwvrgWBqTBCQgAQlIQAISkIAEJCABCUxCAgrrk7DSzLIEJCABCUhAAhKQ
gAQkIAEJSGCcCSisjzNwk5OABCQgAQlIQAISkIAEJCCB4SKgsD5c9WFuJCABCUhAAhKQgAQkIAEJ
SEACw0hAYX0Ya8U8SUACEpCABCQgAQlIQAISkMC4EVBYHzfUJiQBCUhAAhKQgAQkIAEJSEACEpi0
BBTWJ23VmXEJSEACEpCABCQgAQlIQAISGAQBhfVBUDQOCUhAAhKQgAQkIAEJSEACEpDA1CagsD61
69fSSUACEpCABCQgAQlIQAISkEAHAgrrHQB5WAISkIAEJCABCUhAAhKQgAQkIIGksG4jkIAEJCAB
CUhAAhKQgAQkIIFpTUBhfVpXv4WXgAQkIAEJSEACEpCABCQgAQl0RUBhvStMniQBCUhAAhKQgAQk
IAEJSEACU5WAwvpUrVnLJQEJSEACEpCABCQgAQlIQAISGBwBhfXBsTQmCUhAAhKQgAQkIAEJSEAC
EpiEBBTWJ2GlmWUJSEACEpCABCQgAQlIQAISkMA4E1BYH2fgJicBCUhAAhKQgAQkIAEJSEACw0VA
YX246sPcSEACEpCABCQgAQlIQAISkIAEhpGAwvow1op5koAEJCABCUhAAhKQgAQkIIFxI6CwPm6o
TUgCEpCABCQgAQlIQAISkIAEJDBpCSisT9qqM+MSkIAEJCABCUhAAhKQgAQkMAgCCuuDoGgcEpCA
BCQgAQlIQAISkIAEJCCBqU1AYX1q16+lk4AEJCABCUhAAhKQgAQkIIEOBBTWOwDysAQkIAEJSEAC
EpCABCQgAQlIQAJJYd1GIAEJSEACEpCABCQgAQlIQALTmoDC+rSufgsvAQlIQAISkIAEJCABCUhA
AhLoioDCeleYPEkCEpCABCQgAQlIQAISkIAEpioBhfWpWrOWSwISkIAEJCABCUhAAhKQgAQkMDgC
CuuDY2lMEpCABCQgAQlIQAISkIAEJDAJCSisT8JKM8sSkIAEJCABCUhAAhKQgAQkIIFxJqCwPs7A
TU4CEpCABCQgAQlIQAISkIAEhouAwvpw1Ye5kYAEJCABCUhAAhKQgAQkIAEJDCMBhfVhrBXzJAEJ
SEACEpCABCQgAQlIQALjRkBhfdxQm5AEJCABCUhAAhKQgAQkIAEJSGDSElBYn7RVZ8YlIAEJSEAC
EpCABCQgAQlIYBAEFNYHQdE4JCABCUhAAhKQgAQkIAEJSEACU5uAwvrUrl9LJwEJSEACEpCABCQg
AQlIQAIdCCisdwDkYQlIQAISkIAEJCABCUhAAhKQgASSwrqNQAISkIAEJCABCUhAAhKQgASmNQGF
9Wld/RZeAhKQgAQkIAEJSEACEpCABCTQFQGF9a4weZIEJCABCUhAAhKQgAQkIAEJTFUCCutTtWYt
lwQkIAEJSEACEpCABCQgAQlIYHAEFNYHx9KYJCABCUhAAhKQgAQkIAEJSGASElBYn4SVZpYlIAEJ
SEACEpCABCQgAQlIQALjTEBhfZyBm5wEJCABCUhAAhKQgAQkIAEJDBcBhfXhqg9zIwEJSEACEpCA
BCQgAQlIQAISGEYCCuvDWCtjmKfLL788/f73v0/rrrtuWm655cYwJaMeLYHbb789XXzxxbme1ltv
vdFGN+2uHxkZST/84Q/Tww8/nDbddNNkZ+m0awIWWAISkIAEJCABCXRNwHfFrlF5Yo3ApZdemn73
u9+lDTfcMK2wwgoyGWICt956a/rxj3+cVlxxxVxfQ5zVocwadvX3v//9NGvWrLTFFlukmTNnDmU+
zZQEJCABCUhAAhKQgATGi8Bswvq1116bfvGLX2QxasaMGWn55ZdPr3vd68YrP6YzhgQeffTRtNFG
G6Wbbrop7b///mmXXXYZw9SMerQE9t5773TkkUcmRPUzzzwzzTHHHF1Hee+996b3ve99WUz+5z//
mVZeeeW07777Ju7p6RJuueWW9KIXvSgX9/zzz09rr732dCm65ZSABCQgAQlIQAIS6JHAoIX1q6++
Ov3sZz/LYhTv4CuttFLaeuute8yVpw8jAewr7AyE9S9/+cvpQx/60DBm0zxBYCSl3ffYPX31q19N
L33pS9NFF13Uk1199913p+233z4ttNBC6ZFHHkmrrrpq+uxnPzut7Oqbb7657pTxy1/+Mjtp2Lgk
IAEJSEACEpCABCQwnQnUhfUHHngg7bzzznkkbwkEUe+ss85KT3nKU8rdk+IzAvJJJ52UBwrMP//8
6fnPf35affXVsxcwItu73vWuSVGOQWXyscceS2984xvTJZdckr70pS+lHXfcsW3UeLZ/5jOfSTvt
tNPQjuy+66670qmnnpquuOKKNPfcc6dFF1005/Wvf/1rQlx+//vfn+add9625RzWgwcffHD69Kc/
nTbbbLN0/PHH99QBELMSRNn6iSOuncjtaNrgfffdlzswyf+FF16Y1lhjjYksimlLQAISkIAEJCAB
CQwxgUEJ6/fff3/aYYcd0rnnnttQWkS9n/zkJ5PSrkZAPuaYY/JAgQUWWCAPvkdYxguY/gJsrukU
/vOf/6RXvepVuV8BwbbTgHX4ffzjH0+77bZbHug+jKz+9Kc/pRNOOCH3ncwzzzzpOc95TnrFK16R
HnzwwYS4/IEPfGDS2tWf//zn08c+9rH02te+Np1xxhk92dXUHYPUI/QTR1w7kdsbb7wxM+inDdKv
QnsgXHnllfXB6xNZHtOWgAQkIAEJSEACEpDARBLIwjpTTmMY/vnPf855YdQ1hvLTnva0PDKX0bmT
KTBV1YEHHphHErfK92QVGluVp5v9cPna176WO0TwZsZQbhdOO+209J73vKcrEb5dPGN1DLF5jz32
aBv9ZBZUmcb82GOPzZ0v1Fev3uYMLmAQxTve8Y70+te/Pn3zm9+cdB15o2mDf//739MnPvGJxKAh
OlOWWmqptm3FgxKQgAQkIAEJSEAC05fAIIR1ZkxCaEZc5939sMMOy96dDPR91rOelf9NJsLYj3jn
MvNVqzBZhcZW5elmP1wOOOCA7P2855575r6UdtchWOP13I0I3y6esTp21FFHZbu/Vfy0ZQayx2xg
rc4b1v1MY85McPR50X/Qq13N4AIGxTDjxJvf/OZ04oknTjq7mjy/7W1vy8+kTgNBqvWIXc3ACvoL
DznkkLTMMstUT/G7BCQgAQlIQAISkIAEphWBGTWvzpFXv/rV6ZprrkmLLbZYYsrkxRdffFJDuOqq
q+rGLR7XeGkzSIBp7hGKMQgmq9A4nhXzgx/8IL3zne8cSmH98MMPz6IpPPCox0sC7wlGlO+6667p
tttuy6gms7CeCzDKP3fccUeepYGBJN/5zncmXQfAMLfBUVaNl0tAAhKQgAQkIAEJDBGB0Qrr//73
v9MGG2yQPTqf+9znZs/fJZZYYohK2HtWLrvssjxQACESIXnbbbfNdjX2NiIdAwgmq9DYO43+r2CG
NTgNo7COQ0JMZb/brrulPT+wZ1pwwQXT9ddfn2f4Y7DIZBfW+6+5J69knfZll102e71/73vfm3R2
NQPWt9lmm76E9Scp+EkCEpCABCQgAQlIQAISgMCM2lRYIwjPCy+8cB5xPdlFdQr1f//3f3kk7Sc/
+cnECPIyMIDgla98ZS7v5Zdfno3G8jje+yeffHI677zz6rvXXXfd7PW74oor1veVH/71r38lvItP
OeWUxPTTrIW9zjrrpM033zx3rMyaNSt9+MMfTkypxhRcTJnH1PpMW/6GN7whG6pcd/rpp6e55por
MbUc9VCubU++SCOOcy31xrRc5Pecc87J1zHV/Uc+8pH6VF3k87e//W2uW6ZKJzz88MN5tDUdPu0C
0/198IMfzNPBs0wAU8kT/ve//6WnPvWp9Uv/9re/5Sn3KTdGN/mfOXNmTmPOOefMaZOHSJ8tHQvx
vR5Rlx/++Mc/1tfLbjalPUbvWmutlWNjZPlqq63WEDPrgsH6hhtuSPPNN1+uC4TnLbfcMs/QECfj
iYDRfM899+RdG264YfrHP/6Rvv71ryemymMmB5YToJ6bhb/85S95GQXaUrQL4qBuGTFPxwrtpAxc
893vfjfXM/tpWy9+8Yvzv/K8Zp8p169+9atcPyx9wHW0uTXXXDNPJ99MWO+lvY+mDT700EPpggsu
SHTO0UlDG6G90CH31re+tWVb6LYNljxI5w9/+EO9jZIW9QSLdoG142gXDMagM4l2DkPuM5aRKAPl
oEORwHMBb3hmBMCTg3K96U1vys+MZm28n3ZRpu1nCUhAAhKQgAQkIIHBExitsP6jH/0oD+5+9rOf
XRfXB5/LcYyxtjb13vvsnQdZf+5zn0t77713Q+K892LLUF4GN1f5YZMx+xbLykXYcIMN007v2Sm9
4AUviF0NW2wf7C/sFmww3qsZrIBdjK2D5yw2Pu/12HJMt49djYMA9iW2KPYx3rnYqwx2WHLJJRvW
tidfpBHHuZYBA6RHfhnYy3V4Z3/qU5/KcUcmsWNwRAi7AjsfW6bTzFjf+MY38rJ7X/nKV7J93cqu
ZsYx8hB2NflgpgPSwK7Gzrnuuuvq6WNrvP3tb29pS0W+W21ZdmuFFVbI3JqJ/rG2NlyxfbAry/Dz
n/889wOQJ+xP6gKbequttmqYnQG7GhuXZdwIzJz38KyH00EHH5SwMemLYqB82f9RpsMMZNhptKVo
F8RBfwb5/ta3vpVe8pKXlJfkWcuOO+64uk346KOPpvXXXz//azixyRfKxZTn2IMM3iduWGMTMkND
M2G9l/Y+mjZI3wv9QsxMh+MIbYT2gr2LU0Qz+5MiHnHEEYlZ8BggQx9PqzZY4iAd+q8iTuxq6ina
f3lu+Zl2xT3IvcJzAY6w5z5bfvnly1NzObCtCTwXGLzATB+/+MUvcrmY6QHnmMhDeXG7dnHooYem
o48+erZ2UV7vZwlIQAISkIAEJCABCfRLYEbNMBg588wzs4HKtFgYKhhOCLdsJ2NAxMa4QgDFwC4D
Rh2jsp/xjGdkT+dy7Xiu4dpWAe93DImSCx7BeL/f9oSHdLNrMRRDxMfAwKOaUO5nFPt73/ve+uVM
IUi9YCQRyuv4TprbbbddQycB+wnkEyE8Ap0gCLllQNyvGsYcx9jFSI1lAcprys+IjcQJP4wtDKUy
IFhj6CFQMjL6oosuKg8nxPFq50vDCW2+xMAJOnIwrulkKAN1jFGJqI5BFoNF6IjBKKNDolVgkAJT
xBEQ0TsNPuC8L37xi7kt8TkCHFdZZZX42nTb7DoGSFCvZWg2eKA8TucRjOlcahWazdDQa3vvtw3S
ibHJJpu0zB/1SFtn0AihnzYY5cbYZ/3Km266KXY13Gf1ncWHeCYwzWWrQAfe7rvvnts75zdr09Vr
GaxBZ07ZPvttF9W4/S4BCUhAAhKQgAQkMFgC/dom5ALhiIGVrN+MCP3Rj340r0uN3cjaxKX9ONhc
j2FsNWF9l113yTY1Yi8CVxl4J6as2H3Yt6VdzfJjYfOW1/AZFgjMTC1dckFsZAA8HtKtQinif/vb
385iIueW+xHly7xiG2CLhl1dXse11BuiJO/uZSBviJDkM4caj9332D0LuXEe52Dnr7322rGrvmUg
NuI8Xv3twlve8pb6zGK/+c1vZrMhEaxhg13NgG7Eygikj7jIoPaewxMDJ7BJGbyA7VzaLcQX7ZpB
I+QtbGMGTTNAGuG1WSBf2Omvec1r8mEG9tNO2gWuQQytths4MjiiVWh1HdO/48QQgfOaDR6I42xZ
S57ZHBko0CrQv4RdPJr23m8bxK7Gdm6VPwYAUI9hV995553Z4aBTG0TwZrmCskzY1Tht4CARYZFF
Fsl9P62elfFMYDm2VoEl2nAEIS3Oh3fZpptdx2ANnq1l+6Rs0R6bXcM+6rvanlqd634JSEACEpCA
BCQgAQn0QmBGbYTySIhQCL0hqPKZ6aI6iYO9JDZe52Ic8o8y8DKN8YGQHsZ0s3xgFIYBjrC52267
5Rd1eNAxEMI0HrSMUiYgvGL8Bz8MBF76MUAxTOKaUkDH8MUQ2muvvfL1Ibg/8sgj2duYUfocw4gp
18RmNDyeAIzoLgV48sGACMRwykCadHyQjwh4yGIQMbKYzgGE5VZTpPcjajJKGhGdfMCC8mJIx2hk
hN+PfexjCeOWY4wcRojHuO01YExuscUWeekCpoPHCGwWEO7hvPHGG+fR8xht1C/CNQHvA4xi1jsk
z4imUY8lG0bpI7YzGIPAYAQ6kDAmaWMYeHg54EFRdhZQRuqRUfecz0AV6pDzGSFOaCaYU/94A2A0
0jb222+/puflCGp/qm2QgSF4WVOW0qCtCuv9tPd+22AI6wxCoR3QaUXHEJx33HHHXBSM6eiQ6qcN
Bg+21D2dInih4MFBiPssf6n8ibpiN/VFHukAZZBR1DHHyvqiTePJEPcidU975HnJzBXUOeFnP/tZ
euELX5g/8yfS6rVd1CPwgwQkIAEJSEACEpDAmBBoJRZ1kxjCITZniFAIUCFmIfoygxX23aQKNeEV
W+T/Pv1/WbgOr2Dee9vZ1XjzMgibgGCNjYxH93333pcOOPCAbJ9jBzKwHM9mQpUfg1o5hl3N+zM2
PaEU0LHTmY2OAeXYROE1j12NtzE2CMewMUohFJsGz3ME/LD/c+S1PwyI2HTTTbNHMl6z9IdEWTgH
W55rWWaOwezYlq3WHu9HWMeuJu8MBqctUd6f/vSneYYs0sfGQejH3uAYXuAMHOjHrv7nP/+ZXvay
l2Xbkz6OsJtIpwzMBAZnBFBEfuoEJnj2ky5CKdc+/elPz+I7y7SRd46VbPBipp8i7CRs1oMOOigP
CmDgPDY3QmnMKhd5wMZiTXAGQHA+dhoD5k866aS600MzwRy7Gk9o7Gq8u/fZZ5/cjlqtL15tg/vu
u2/2diY/MVU+eaoK6/20937bYAjrDLSg/dHnw3OL5wsDNAj0SzDjImE0wjrXU/fEgV0d9wFOFa2e
lTi2hIMHA9H333//7OSAfc+zhDomcG9FPWBzM/AlnAt4vjA4neclg2SoBwL9TeVMhJEW6Rx88MH1
dkEaeOYTynTyDv9IQAISkIAEJCABCUhgQARm1KZbGik9XZl+qfyOx2+rKdAHlIeBRxPrSlcjRnxG
+MIoKAcMhPBHuTGm+VcN4SW99NJLp0svvTQb06UHL0Z1GDBxbXgEl8I6xxj9S17obKkKfnFsueWW
axDWI86ybBgdTInGSPgIGJDNpsmK40yXx+jyUjyOY7H973//m0cQEzdGfQiKnaYLi/WwKS+MmLaO
gKjNQAV4RVyRVq/bUkiuipbt4iI/MdgAI5wOkzIQL2InnQZVT+NgBmeEcQZpEJiGjQ40OnXK+6RT
eekcoQ0eddRR9c6kMi/xOeq6HTOmFUQIpi3g9V0amwzCYJQ+sylQppgKvt/2Xs0X33ttg3QWkT6B
jpkYBFMtY79tMEdc/OG+pd1V77M4hSn6V1pppfyVwRUMuCg7pqhLOgHorKm266gfGNAZ8LznPS/H
Uw7iYHBMdEIMql2WT0kFAABAAElEQVRE3t1KQAISkIAEJCABCQyOQCuxqJsUECmxBUtP0lVXXbX+
nfdLBNlWU6B3k8ZEnIOAx9TM1YAthfDFIOdywEDJgXdo3q0bQuElzbtziNThwQsnbDw8qMsQHvCl
sM5xbAuEc97pQ1iP6+IY7/qlsB7Hy7JhlzD4HNsuQie7GtsXW6sUj+Pa2IZNQ/qI+CEAd7KrGXSA
kEx5YYQdQkDUfve7350F6ogr0up1G0Iy3FhOrLQj28WFLbvRRhtlmwn7k0HvZSBe+joYIIBDAn0K
4WkMMwZ8MzsfvMOufvDBB7NNhl2NZ/zKK6+co+xUXjzpaYs4NYSwXOYlPlPXtLd2zBBnGbRAW8Dr
u5zdj0EYzMDGtpwKvt/2XuYr7q9e2yDtm/QJTFeP3cs9VxWTow3SB0I/UBzv1AYjj7FlFkTu01bC
OgPPGfRAYDDNF77whdnsavrZvvzlLycGHlHP0a7pr1hmmWVy38LVV1+d6AsjYD9zj9FuyH84VbCf
QTsMCIny5Aue+MPsjNQX9127dlFe42cJSEACEpCABCQgAQn0QgCX4Zp5+7hAhmjI2tSMKN16662z
1yuGDwJgu1HpvSQ4XudSBgyn8BqvpsvI15jWrVyzm/XLGI2NIR2BqbQQZomLl39EOowXPLQRK9nO
1mlQuxhDkJG4nH/xxRfXPZpD2GwmrMexVsJ65BUxD8E3jM7Ia6dtiN/thPWII86tip5xvLqNvDNA
AW/p8MzGOMKwCXZ4K/cbyjR6EdYxqpgGDCOecoVxX+YDUZ0ZCKr5DA6HHHJIg1cDBl20gSrPSI/4
Mb65r2gztCUGZ9BJEkZ0mYfyc9R1K/6dhFriChG/FNYjXo53297LOovre2mDjJzHmwFvgWahVRmD
favjzeIq99EBgBdBK2GdjiSmzKPOy8EgZRwMoKBzCIO/9KwPDtXZALgW75ZyUErEN4h2EXG5lYAE
JCABCUhAAhIYHIHRCOuxVjW5QSBD8MMjF69l3sPx4MXTFQFwstnVeKzyLo5tXQ0I4SynhDcwoeSw
ww475IHL2G8R8HzFPiGuEMkXXGDBvO46g9J5d8dmqAbEQZb6YjAzIjB2CCGEzWbCehxrJaxHXqkv
bJRy4H01/WbfEb+p03bCelwX57YTduNctpF3RHU8kxlITcCmYQBHsBtNmy3T6EVYj0EQeMpjAzez
q2HCIIVqPoPDUUceld6947tzmfgz8r+R3AaYnaDKM9LjPGYxIF5sU9oS9jRiLmuftwvUNc4irfh3
EvCJm3uaJeNKYT3aEMe7be9lncX1vbRBZk1jRgfuo2ahmdDMedineHe3Ot4srnIfg9CZIaGVsB7L
GFRF8zKOv/71r9kphAEKpWc9nvHMdshgEgT0ckp67OdyQEDEh6jOM4HQb7uIuNxKQAISkIAEJCAB
CUigVwIzaoLSCCODq+tyD1IM7TVTgzyfkbyMgGbaNjx4KWdM+R1exiGQdZNuKbrG2uXtpiRvFmeI
w6MR1sPjufSubZZWdV8IlVUhuHoe3+PcXkTN8O6GE8I3hlVMwV4Vppul2Wlf6bGOkUVHVadQCtDt
8kCHF94RCN/lQIh2HKINVHkyPR0dLXR+tAqd8h/tshX/kgVTuzNooBrCq7qVsF49v/q9bO9xLPLV
bRvE6I1BFsSBEE2HAh1FTHtPaFXGduzzhR3+dBLWQwBvJo5H1HDecMMNs7BOR0Z4GgWHkm1c0yrf
g2gXkYZbCUhAAhKQgAQkIIHBESgFr15jZYruNdZYI89k1bAudy2iQYqhveZrkOdjV7PEGDYswhgD
qWPK7/AyDqGwm3TrouuCz8xrlyP4YTe0mpK8WZwhDo9GWMejlQEPvdrVIRJXheBm+YxzWwm7za7B
nsBGgRPTYGNXY3/hJV4Vpptd32lf6bFOWjG7W7vrSgG6XR6YuQEPeLzEy4EQLTnUXD1Yv542UOXJ
eu6s1c4g6GaBeuuU/07CesmCfgBsv2qIGQ5aCevV86vf6+29ZgdHiPul2zZ4xBFH1Kc5Jw6E6Jkz
Z+b2wbT3hFbC+VgL6yGANxPHc8Zqf7CrmcmD58evf/3r/JljIazTBlk+sBTWW+Ubu3rzzTdv2S6I
l3ulm3bNuQYJSEACEpCABCQgAQn0QqA+FTxrYuO5GQFj6OUvf/ls3rtxPLaMHke8I7B2WvkSHOeM
55ap1BFyEUcZPV/1CMATHQOVDg4MO9bgxqCJadxZz4k1szEamwVGxzOaFgOO9awZWd9KFGx2Pfva
CesMAKAe+FeusR5xtRPz4px22xD8qkJws2vi3HZidPU6yhZroMMFsRfDFKYMZGA09mgCIjkjkzGS
2omh1TRibWvWfKtOSxbnRjuoisnBoVk9txLWuS8w9vBypqOJDgECa4ixHhihmk7eWfyJum6WLqeV
rDFA8RqohihTKf7GPs7tpb1H3JGvMs44Vt2SR6YKZDALs0Swpnp4mHAu6wOyBlqrMgb7XtpgmYdO
wnrMUsDzgs4a1kushrIM5X3TjkPku1quQbSLav78LgEJSEACEpCABCQwegKjEdZD4GXgKNNIs3Z1
BN43mb2qmbAW57DlPRHbgcC0yBNtVyOkI+Qijh544IGz2dW8IzPbFzYey6JhGzAbFDOqYSszBfgS
SyzR0q7GLsSLeEbtv1123SXbSL0Iz3AK7s2EdQYA4IWOLYLoV+WJTbTCCis0eCATZ7chROKqENzs
+ji3nRhdvY6yxRrocGEAONPusw459uVo7Wr6OxBBqafquuHVvJTfY81zlnrDRms2ICHaQbXNB4fZ
6rmNsM59gS2NGMsAA2YTIzCYhTXXCdV08s7iD3XdzmO9ZM004sxWVg1RplJYj309tffavRGhlzbI
/cZzhMEsrFPPbHylXc1MivSDdRLWmY0Sm7zX0Mljnan/maWDWQRon63s6igD58eShv0I6920Cwaj
tPKw77X8ni8BCUhAAhKQgAQkIIGSwIza2lEjGPus1YxhFYFOAQy5duIfI05jXWquYwouOhKe/vSn
RzTjvi29eMMjvZqJEEPDYxhDHFESz/1WAiVx0LnAv1gLrFx3vfRwjvQQgZleHyMQw3OeeebJhzCK
mBq9mcc64h6jaluJxiHmtToeabfahuBXCoSdzi2ndS/PfeSRR9K8885b7sqfmSYN47wM/QqjZRzx
mTpiTS0CI5ibGb7MUkAZEfbp0IlyY3ziSc8gkGoo67MUWePaqkjK9dGWqjzZzzRmDOBYdNFFG5IK
L/J29xYXRF03SzcixMDFiGZKPAbHlFPxlZ76ZXvpt71HmpGvMs44Vt3Guey/+eab84j6OIf8xWwG
rcoY7Httg5FGJ2GdezMM+ngexLWxjVkY+E7HWUw1GGVrxiHyXS3XINpF5MutBCQgAQlIQAISkMDg
CIxGWMdGRPhkNiYGrm633Xb1jOGxy3rN7cS/cl1qLkTwZQa5ibSrSy/e8EivF4oPhRjKuy82LIOI
EX+xq1sJlFzaYFfX4tl7n73TF7/4xdk8nDmXgN1w8sknZ3uCwe1hV7cT1pkqG1G9lWgcomar44+n
3PpviMS9COvltO5lzK3samYlK9cwR8BFGGWd9UEEBjlTfuI977zz8lTn1XiZpYBjDJZfcskls3MC
/UYI+wjdDAJpCJX6pF8pRNZg1rWw/kQbO/bYY7NAGmt4R3rhRd7u3uLcTsI6bXnHnXbMThPcx/Rp
lXZ1eOozo0LZXvpq75H5J/LFvV7GWRxu+BjiMztxxlhooYXqx7k/Yi3yTsI6ziextEA9gtqHVm0w
zukkrGPrx9rorTzF2U//IYGB9zisEKJszbzdW3mskx/qg3iq7YIBSrRLhfWM1z8SkIAEJCABCUhA
AmNAYEZt3fAR1gJG5ONFlxd7XqpZIwpjuN2a1CEslfmqCozlsfH4HKI163wjmGGAMz1WBAxsRt4T
SpEsBFKEV17Q8daP0de8mBMPIlkphoZASlykxdRcYVhiWGCwwJA4MTqjs6YU/xEMGW3MGmF0umy7
7ba5I4IR/3ish3DNiFy88TFMN9100+wRwHGMKAKe+dHBkHc88YfrYEKYe+65s9CPhzBGOqOFiZPQ
rNMmBHLKfMEFF2QxGi9s8olBj2dCMzGSOFmnngEbBLzVWUOrHFGdD/T5p6xjojj00EPzuloY7Ixg
pw3imU74+Mc/nj70oQ/l/bFONuVh3e1Yn572zswDn/rUp/I11UEA4e1OR8j73//+ert47LHH0kc/
+tHEum/VqdhjNgPaBXHjWRCB6cQxKMu2FMdoGwTqk/uLDgzS5R5ltgUC9RiGftQR+4mTMjCQgM4s
uNAmCbQn8sm1hH7aez9tMGZgID9wpGOI+wrjGaOf9kOoss07a3+ifN22QTrpok3DiHvw7LPPThdd
dFG+/+J+ifbO95133jmvF0eaxx9/fJ5SLu59OpFYh57Ac6P2vKx7u8RyGVW2nMv6c7SVarn6bRfE
aZCABCQgAQlIQAISGDsCYav1mwLTiSOoI/IhzLG2N+/2rGvMQM12a1KHyBtp8y7ajWAb54/FNkRr
ZrKjT4BBvKWYx3s6a06TV7xCs0j2hBCKcIrwiiiGV3u8WzOo9dhjjk2f3v/TDQMNQiClHKTFOzme
8gSEsw984AOZIXFybtj3pfjPe/dee+2V7Wq8YbE7GMiOhzEDnqt2NTbt+uuvXz8edkK3djVxvuMd
78hLiDHIOWyQsDNy5p/4EwI5bQO7mD4D7GryCSv6YWJwQnldDNjgPAI2Jf0cg7KryzqmjuhfYFpy
7GrWw44Bxhzbf//9s23NAPa11147Ow9QHtpBrE+PXY2Nh43MNVUPfbzd6ftguYQ999yz3i4e+89j
abfdd8u2a8NU7LX2xGwGXEe7gHk5QB4bjxkImwnrpV1NG2KpBtLF4aGZXR11BGcE3s9//vN5IAFt
iEEf2NYE2hMDErJd3Wd7D7u6lzaIPf3CF74wt2lsTWxTGFO2L3/5y7kPi/zFUhQcKwN9N0ypj9jM
tPHVNkj7KwXxql1NfeE0wuAhngNxv0R75zv3A/cugf4W+iciHzw/YEegz4vnZcwiwbOOe4jBOQy+
iD4LziU+loeolmuXXR5vF8w8SV9d2S54/tL3o7AOQYMEJCABCUhAAhKQwFgQmFGbQmskpu5ulkBV
MCzPaSas4w3MC/9EhVK0jjwgSjIlFXnDoCAghvGSHlPFIwDSMXDbE9PvYaxipOG5jBETgRd+DIoY
dV16T3MO182aNStOz1umwN5jjz3qhgM7P/3pT6eDDz644bxmXxCJ4VkK1c3OY18z9iGgtrom9tMJ
RH7CuGE/xj4DDIIJgy4w3MrQysO/HMDQ6xr0ZfytPt9+++25vsq6qZ5birEcwwikjiOwVjbiK+t7
RcD7GPGU/Qj41Xtj6SemDCddvDHKUAqvIaDGcQw71pmDX7TB6rT04eUc17TalgMVMGDpHAiButU1
sT/aSK/tHR79tEHyF1P3Rx7abasDc3ppg9RXTDvfLg2OlW2yGQueF0wvGO0L5uSNThtCzG6Qvzzx
hxky6ACkrunwilDWVz/tIuJxKwEJSEACEpCABCQwdgRGK6zHdNIhgpY5RVxqEAzLg7XPzYR1RDfs
h4kKIVoz9XQE7A68UnkvxnYhIJZhH4ddjRCJCIqITsA+xo7APuRYBDyDGbwddjViIYJbhKpdDUO8
bRFt6zZrTdjc52P75KW+4rpmW65FvGN9Z9JtVkdxHefOxr4QUOO8Vlu8ycvBuJzHVObMWhBMGOBd
ciXNVh7+5QAGHAB6WYO+VR7L/eSJ+irrpjzO53JAAN8RZrkmAlyxF2NgPfvxwmZmNfY3uzewm3Aa
uPfee3NfTcTFFnGfa58y4yl1YT2O42QAS/hFG6RdltPSI86WszHGtdVtOVCh9Eqvnlf9XraRXts7
90k/bRC7mkE6TN3fTaCNx8xsnI9dzeCCVm2Qc7ivsWWxq2PKdva3C8wmEG0S2xmhO9LgHuZ5ceed
d9bbF04A5C1m9aO/ioELZcCW5jryz8CeCFxLvRNvCOtxrFm7YBAHAyKoL4MEJCABCUhAAhKQgAQG
SWBGbcTxCC/ZH/zgB7NBXEbOyM9SiCyP8ZmRvhi2THdHQMBmpDjG00SFqjdzs3ywJhWjacOIj3MQ
xJkSn9HJ1YBoiviMp0HdkH/iJF7899lnn3TJJZc0XMYIXaaowoCpBkZz0zEQ621zHCOG0fgYFyHM
4d2MoE3adDxUOxjKeJtNfc964njadwrkE2/nqtGBEMzoZKY0j0AeaC+I0OXI4DjONqa0X7omRDeb
Jr88t9/P1BfrqjUboNCqju+66658Pl7kZUCEx6ArR1XTviljWXaMOzygmU692tHFvcA/QgiviPdR
l2V6sOZ+KdtgeGeX5zX7DFME8liSACObQSLUUxne+9735k4sykCg3s4///y8vhzfe2nveOf32waZ
RYCZGUrxn7zQ/ukUYdq6ELCbteFu22CzgRCUs1mgA4AR8RGqsxbEfrbUFYMgwsuFfawzybMuAu2H
ARNMj1gdgFAOxumnXUQabiUgAQlIQAISkIAExo7AaIV1coaAyuxg2NERsK/w1sRbtFXgPRZ7jFnB
CHzGQ3Mi7erSm7lZvikXtljVpuHcsNN4j64GxHPEZ2zfql3NgGdsGkT4MiAofuQjH2kQCuM4A+sZ
yB7rbbMfkQ2bmsHtCHPklRnkmEUA2wPngVZ2Neci+GLH1UNNWKcseNp3CtiD9CcQTxkQBGGFnRxh
/vnmTx/7+MeyCBwz38Wx2MKCwcMI0Qj+5HvQgfrCfqbvoAzt6hixlHIyYLkMiPB44W+99dZ1BrRv
Zi4oy44wT9kYzFwt+3777Zd5M0V7LBOAeF+KrKRJ/sgD90tpV5fe52Xeqp9hSrso7WruQezoMhA/
A0goA4GZE5h5IGbA66W9M7NBX22wli6zCNAPwwCLCLQH+kOYRYD8xQAJlm9oaMO1C1gTHru2rAeu
Z5Y/BiJEPVBf9Hu1G4AS6SP001cWAbv6a1/7Wr5fY19saV8Mgijtatod6UfAy5x+taVrfR4veclL
GvLAd/pMqOsQ5Ju1C+IirWq7iDTcSkACEpCABCQgAQlIYLQEsrAekeAFjGHKKFoEotI4iXOabRHm
MYrDIGl2znjuQ4jDoODFm7xhgNAxQLkWX3zxjvnEGEAMpDwYFRhOzaZZr5YJz1c4MLUX7LrhQf5I
g/hJZ1gD+aRcMOyUT0RYREsEaQYOMFp9LAN5Y+03BGY4Yox16oTC+KXji/riXITRaufHaPLM1Gm0
IfICN+4r6hk2TJ1WTm82mnTKa2m3lAkG3dRTXNtve4/ru91yfzBYYa655srTN3aqo2q8vbTB6rXd
fid/tKUITDPZzb0f53faTkS76JQnj0tAAhKQgAQkIAEJpPqyXYNgwXTleHzzvotANFntaoQ4PIpf
9rKXZTuDacCxHSgX3r6d7F3OxRYPu3qBBRbo6t2aQbdhVyPCdUqHOsNWwObn3Z10hjWQT2xC7LVO
+USERVRn8DEDg7fffvsxLRZ5gz12NW0WkbyTzYZdTR1THs7F/h20XU385AW7mvsq7OpnPetZY2ZX
Y8uHXd2pnqJS+m3vcX23W+oo7Gr6FjrVUTXeXtpg9dpuv5M/7P8I5HPQdvV4t4soi1sJSEACEpCA
BCQgAQk0COvikMAgCDDynFHLdCIhriOkGiQgAQlIQAISkIAEJCABCQwrgUF4rA9r2czX5CQQ08Dj
Wc0gB+3qyVmP5loCEpCABCQgAQlIQAISmFoEFNanVn1OSGkYcc/Ue0zjhkfBaaedVp/am6nwWNvq
6U9/+oTkzUQlIAEJSEACEpCABCQgAQl0IqCw3omQx8eaAHY1U5szzTp2NUtpxdTe+9WmR99rr720
q8e6EoxfAhKQgAQkIAEJSEACEpBABwIK6x0AebgzAaY5Z63sWCe7vII1u1i3zI6qkoqfJSABCUhA
AhKQgAQkIIFhIqC9Mky1MT3zwjTneKeHmF5SYDk2lhhgqSqDBCQgAQlIQAISkIAEJCABCUwcAYX1
iWM/pVK+66678rp2rK1WBtb7WmaZZQa6zloZv58lIAEJSEACEpCABCQgAQmMloDC+mgJev0gCPzp
T3/K69lX183mO6L7INcvH0R+jUMCEpCABCQgAQlIQAISkMB0I6CwPt1q3PJKQAISkIAEJCABCUhA
AhKQQAMBhfUGHH6RgAQkIAEJSEACEpCABCQgAQlIoAkBhfUmUNwlAQlIQAISkIAEJCABCUhAAtOH
gML69KlrSyoBCUhAAhKQgAQkIAEJSEACEuiXgMJ6v+S8TgISkIAEJCABCUhAAhKQgASmBAGF9SlR
jRZCAhKQgAQkIAEJSEACEpCABCQwpgQU1scUr5FLQAISkIAEJCABCUhAAhKQwLATUFgf9hoyfxKQ
gAQkIAEJSEACEpCABCQggYknoLA+8XVgDiQgAQlIQAISkIAEJCABCUhgAgkorE8gfJOWgAQkIAEJ
SEACEpCABCQgAQlMEgIK65OkosymBCQgAQlIQAISkIAEJCABCYwNAYX1seFqrBKQgAQkIAEJSEAC
EpCABCQggalEQGF9KtWmZZGABCQgAQlIQAISkIAEJCCBngkorPeMzAskIAEJSEACEpCABCQgAQlI
QALTjoDC+rSrcgssAQlIQAISkIAEJCABCUhAAiUBhfWShp8lIAEJSEACEpCABCQgAQlIQAISaEZA
Yb0ZFfdJQAISkIAEJCABCUhAAhKQwLQhoLA+baragkpAAhKQgAQkIAEJSEACEpCABPomoLDeNzov
lIAEJCABCUhAAhKQgAQkIIGpQEBhfSrUomWQgAQkIAEJSEACEpCABCQgAQmMLQGF9bHla+wSkIAE
JCABCUhAAhKQgAQkMOQEFNaHvILMngQkIAEJSEACEpCABCQgAQlIYAgIKKwPQSWYBQlIQAISkIAE
JCABCUhAAhKYOAIK6xPH3pQlIAEJSEACEpCABCQgAQlIQAKThYDC+mSpKfMpAQlIQAISkIAEJCAB
CUhAAmNCQGF9TLAaqQQkIAEJSEACEpCABCQgAQlIYEoRUFifUtVpYSQgAQlIQAISkIAEJCABCUig
VwIK670S83wJSEACEpCABCQgAQlIQAISkMD0I6CwPv3q3BJLQAISkIAEJCABCUhAAhKQQEFAYb2A
4UcJSEACEpCABCQgAQlIQAISkIAEmhJQWG+KxZ0SkIAEJCABCUhAAhKQgAQkMF0IKKxPl5q2nBKQ
gAQkIAEJSEACEpCABCQggf4JKKz3z84rJSABCUhAAhKQgAQkIAEJSGAKEFBYnwKVaBEkIAEJSEAC
EpCABCQgAQlIQAJjTEBhfYwBG70EJCABCUhAAhKQgAQkIAEJDDcBhfXhrh9zJwEJSEACEpCABCQg
AQlIQAISGAYCCuvDUAvmQQISkIAEJCABCUhAAhKQgAQmjIDC+oShN2EJSEACEpCABCQgAQlIQAIS
kMCkIaCwPmmqyoxKQAISkIAEJCABCUhAAhKQwFgQUFgfC6rGKQEJSEACEpCABCQgAQlIQAISmFoE
FNanVn1aGglIQAISkIAEJCABCUhAAhLokYDCeo/APF0CEpCABCQgAQlIQAISkIAEJDANCSisT8NK
t8gSkIAEJCABCUhAAhKQgAQk8CQBhfUnWfhJAhKQgAQkIAEJSEACEpCABCQggeYEFNabc3GvBCQg
AQlIQAISkIAEJCABCUwTAgrr06SiLaYEJCABCUhAAhKQgAQkIAEJSGAUBBTWRwHPSyUgAQlIQAIS
kIAEJCABCUhg8hNQWJ/8dWgJJCABCUhAAhKQgAQkIAEJSEACY01AYX2sCRu/BCQgAQlIQAISkIAE
JCABCQw1AYX1oa4eMycBCUhAAhKQgAQkIAEJSEACEhgKAgrrQ1ENZkICEpCABCQgAQlIQAISkIAE
JoqAwvpEkTddCUhAAhKQgAQkIAEJSEACEpDA5CGgsD556sqcSkACEpCABCQgAQlIQAISkMAYEFBY
HwOoRikBCUhAAhKQgAQkIAEJSEACEphiBBTWp1iFWhwJSEACEpCABCQgAQlIQAIS6I2AwnpvvDxb
AhKQgAQkIAEJSEACEpCABCQwHQkorE/HWrfMEpCABCQgAQlIQAISkIAEJFAnoLBeR+EHCUhAAhKQ
gAQkIAEJSEACEpCABFoQUFhvAcbdEpCABCQgAQlIQAISkIAEJDA9CCisT496tpQSkIAEJCABCUhA
AhKQgAQkIIHREFBYHw09r5WABCQgAQlIQAISkIAEJCCBSU9AYX3SV6EFkIAEJCABCUhAAhKQgAQk
IAEJjDkBhfUxR2wCEpBASeDyyy9Pv//979O6666blltuufKQn4eMwO23354uvvjiXE/rrbfekOVu
+LMzMjKSfvjDH6aHH344bbrppskO++Gvs2HO4axZs9IPfvCDtMACC6TNN988zTHHHMOc3SmTt/Hk
PlWfuf7uT5nbYcoXxN/pKV/FFlACU4rApZdemn73u9+lDTfcMK2wwgpTqmxTrTC33npr+vGPf5xW
XHHFXF9TrXxjXR7s6u9///uJ9/ItttgizZw5c6yTNP4pTIB2dOqpp6YFF1wwve51r9OuHqe6Hk/u
U/WZ6+/+ODVWk5FAlwSmnLB+ySWXpP322y8tssgi6dnPfnb6whe+kOaee+4ucXiaBCQwlgQeffTR
tNFGG6Wbbrop7b///mmXXXYZy+SMe5QE9t5773TkkUcmRPUzzzyzJ4Pj3nvvTe973/uymPzPf/4z
rbzyymnfffdNM2bMGGWuJs/lt9xyS3rRi16UM3z++eentddee/JkfgxySps499xz049+9KP02GOP
5RQWW2yx9MEPfjAtueSSY5DicEQ5qPcSRPV3vvOdaeGFF04IlXQEGMaeQL/cb7zxxjwQ4uqrr86Z
fMpTnpLWWmut/Ls377zzNs34aJ65TSMcgp08/1/xilf4uz/GdXH00Uenc845J9HO4M3vr6F3Agrr
jcx++pOfpo989CNp0UUXTfxeH3LIIdrVjYj8JoEJI4BdzXvFb3/72/SVr3wlfehDH5qwvJhwZwK7
7757+upXv5pF9Z/85Cc92dX33HNP2m677dJCCy2UHnnkkbTKKqukz33uc9PKrr755pvrThm//OUv
s5NGZ+pT9wzaBDYK735hVy+xxBLpYx/7WFp66aWnbMF/+tPae8lHHn8vec5znpMOPfTQvt5LTjvt
tLTNNttk3QCbzfe/8Wky/XLnd+6UU05JV1xxRc4o9s4666yTf/da2dWjeeaOD43eU/F3v3dm/Vzx
9a9/PT9faWc4SO2xxx79ROM104TAUAvrP/vZz/KLYychhheJ9ddfP/8YMursve99b64+O5+nSSu2
mJOGAPfqG9/4xoTQ9KUvfSntuOOObfOOZ/tnPvOZtNNOOzmyuy2psTl48MEHp09/+tNps802S8cf
f3xPHQAxK0HkrJ844tqJ3I6mDd53331ppZVWytm/8MIL0xprrDGRRZnQtBEXN9lkk6Z5+PjHPz7p
OgN7aReDei9hdPKWW26psN60FY3dzn64I3LutddeTTN13nnnpRe/+MVNj43mmds0wgHt7KW9V5P8
z3/+k7baaqsExy9+8Ysdf/er10/H773aPwyyefe73509ueD16le/Oh133HE9/WZPR87NyjyVO1Yv
uuii9I9//KOjEMO7+ktf+tLsDfid73wnbb/99hkVA9bxjJ3KjJq1CfdJYFgJcK/ybo3QdNhhh3Uc
sI54hOi222675YHuw1quqZovHH722Wef/C7/ve99r6ffaOoubEr4YA/0GscwcB1NG2SANkIq4cor
r6wPXh+Gco13HhAXERWbBfrOsK0nU+ilXZxwwgl5kAnlw5mOa/t5L2FWxpe//OWjimMyMR6WvPbD
HZFz5513bloE7Eu0oGZhNM/cZvENal8v7b2aZq+/+9Xrp+P3fuyfN7/5zXkgB7wm6+/tdKzriSrz
0ArrGP5MaXXbbbd1xSZEun//+98JL0EergrrXaHzJAmMGwGm8Pra176W6DTGmwqvqnaBEY3vec97
uhLh28Xjsf4IMI35sccemztfqK9Og5yqqfz1r3/Ngyje8Y53pNe//vXpm9/8Zvamq543zN9H0wb/
/ve/p0984hPpgQceSJ///OfTUkstNcxFHbO8cd8zsvxb3/pWWnPNNdNnP/vZ3GF/1113JQYf0IEf
HSVjlokBR9xLuxjUewkzfQQ72tPTnva0AZfK6JoR6JU776+vfOUrs4c23kX8hjFtP++mtAVGPbca
WT/aZ26z/A9iH4ND+A3oRxjv9Xd/EPmdzHGwdAjPxG7sH36To07wYOPd6q1vfWt6wxvekI466qhJ
93s7DPXWT+fsMOS7Ux5oV6uttlp+DnU6l3aFVyWzSvHM+sMf/pBe+MIX5pngFNY70fO4BMaPAL+v
BxxwQKLTeM8990yvetWr2iZ+4oknpre97W1difBtI/JgXwSYxpyZ4KgnvN96tasffPDBPIiCwYpv
etOb0kknnTTpfudH0waxqz/wgQ+kP//5z3n2lGWWWaavepjsF3Hf77rrrunwww/Ps+EddNBB6VnP
elb605/+lPBi33jjjfMMM5OpnL20C95LmL3gBS94wahEcd5nGIAAO2bj0a4enxbTK3fsagak47H+
rne9K+GFjl1NG/jXv/6VRc9WdvVon7ljRaSX9l7NQ6+/+9Xrp9t32s+qq67alf0DmxikiF3NuxWi
+mT9vZ1udT2R5R1aYZ0pLhiBO+ecc2ZvVaZgoBOeTmU6BvBgZR+erzyYQlgHZlx7//3359GM888/
f+IBFKGbl9jyfK7r5pqIP7ZlHO2uL8/rN61Is912UOmU8bQqV3nOWJYpylum1ypPcS7b8ny+d3MN
5/UTmqXFvk5pNruuU/r9XNMpzok8HlPwlvf3RObHtHsncMcdd6TVV189e73j+cRzezKFydQGy/u/
0/OFOijP5zvXsK+bazm/24DHKkLR3XffnRilvHQP09OVeew3X4OIo1rWXtvFIN5Lqnno5nuzso9F
HZOXiUqLtLtpG2X+ymsGzSOWgKCdX3bZZempT30qyU3qQMcEHtEh4k7qwgx55pk6n073ueacK+24
0475NzPsn9VXW72+D/uHTvWyTm6//fY8Mwoe68wyM9l+b4ehaqaqsE67WnfdddNcc82VO+RpG3TC
M/iPqaTppGcf0xMzoDKEdeokrmUgHLNXzD9fza6u/UeYUfuP/9uG2qlxPud1dU2TCMtneMtn/oDS
apL87Luqac3oBGL2KNgT5WrHJc6JGFqWP04Y7bYoW1dpFeeTdFfX9JnHkkUwY1/bNKv566bd1vLX
LK2c7Vp8Hdt9n+WLyyLtKGPsH802puCNjuPRxOW1E0OAQXfLLLNM7uzn3Wyy/c7bBkffbrCr6Vvh
N/zaa69Nyy67bHeR9vkcrEYezyb2t33uVi9s873XdoFdjcc+sxgw+K/n95I2eWl5qMrvid/8jr8/
LSNsc2A806plo6xTctVNvZbXNPxODfj3MZaAoJ0jyo+1Xd1XuVrUV6sa7rW9t4rH/Z0JxLMCXZHZ
ekr7B4ef2If9c8wxx9SFdWKe7L+3nel4xqAIDL2wvsIKK2SvCx7uIdAwlTSeGOxjvVZG3pbCW3Rg
4y158skn19d05SXk5bXpXphGBG/2ZoGb57vf/W5iqs4IdES8/e1vb5h+iWOMYmGqRfLBv//+979Z
8GfkFC+6Z511VvbGwxNvrw/tldZca82IMm97Savhwh6//O1vf0sXXHBBXpP1+uuvT3BglBdeLfyb
Z555GmKkY+7ss8/OnS+cS/5hzgjI75783XTOuefkOHihwwux9DTkfOqE9U/oCCSwFhRTabz2ta/t
a/2bhszVvtBRzfRPhBVXXDF7geIJyZRIlIu1cvCQrZaL8/mhZE2mM844I91www1pvvnmyw9XPMgY
jcSIxUEFvFRpA6ytTGcUeWMWBtYopP3SadVsCqd+2gVt/pwfnpNOOfWUelrETefqVVdelWY9PCt9
+MMfzkyYeubHP/5xLjdrJuLZRPslj6effnq93hdffPH0ute9ro6DdoE3HZ1y1DPX0i54oeU+Y30n
9jdrF4wwZMTX3HPPnePDc2brrbdOz33uc+vxN/vAjxvrLzOlFfctU98Q/ve//zW8VNHG6WCGMWUh
HzNnzsxp8CNK2uQh0mdLm4zvzdLuZh/3Okxo71HHcN98881zG50160nuZXy0QViXbZCp0mmD3C8R
aK9M88a9R6D9MOqO6ZAwpjiXkZuk1yz85S9/yW2Q51nkjzioW0bMN2uDXMMzkHomUEZGibaaurhM
l3L96le/yvXDgCau4T7kpYXyNRPWaVe0n+ozl3uY+7sMo2mDDz30UH4O8vwon4P8fvAcbNUWum2D
ZT553mLkxYs/7ZF6avZMKq/DcKBdMG08U/vSzmHIffb85z+/PHVUz8F+n00NGejiC/cldUanPPdv
PNuYTpbR5njw8+xq9hyAH8/pKgueV8stt1xD6qP9LW6IrMOXMLZoF6xluf/++zd9NvEcKkO/7yU8
87hvuA/j2cZvbjy3yzTKz2Vbov3xrHjphi9N/3nsP/n5T/6ph0GEXtJiSYBf/OIX+feHdQC32GKL
/Jv861//OrcFntsbbLDBbHUc+aRN8UzkeU+5CM973vPylIAve9nLMqM4N7bxu4/QyO8fgbUpeSbx
nnjNNddkz6Ell1wyLsm/Nb1yv/POOxPPT9r5O9/5zvyeyW9DBJ673NNMW1gGruEZWD5z+R3p9Mxt
9bvf7ven3+fgt7/97Ty1fav2XpYnPvf7u1+2p26eg1dddVVOMt4HmRkl3gcZYc5vSavne+R1mLYh
rFMefqe573mOspQIXmqxj3cupuguhXXY0W74TXv/+9+fbZRgwW8d5/NO1Cz08lvc7Pqpsm+qC+t4
eDGNKu3q1ltvzR3yb3nLW+r7GDTG70szYZ3nJXYN52Dr8TvOIHje06vPtdweah2Nt9x6SxbqsSsj
8IxngDxe8GXg/Zb7l7zxD7sawZ/fP56lvB/xPsyzdN99982eevXre0yrfl0fH+DAuz+DW/jtggP2
B+95O+yww2zverfecms643tn5HdCfrewA7fddts82JBBDGeeeWaO40UvelH61Kc+1eBpyPkc5/eL
934CfRj0S/A8GMSz7ec//3l+p4T5yiuvnNsEwivv9JSL5wb11ewdlt9Xruc3mXdr3v3ptMSe4d21
VX9LH9izlyptgLZEOyBvzHzGu8RXv3pYOvrob6WXvOQljVH32S74feVdg3sl0qLd0pcBF+y7T37y
k5nJb37zm3w/kB/qFvsSllyH8we2APXIOwa2b4TRtAtY078QdUJ+eO53mhnriCOOyLPP4OXOfdvK
rqaN0zYpE2WhjdNHQhr8hmDnXHfddfX0aYe0ydG2R+51uPP+VXKnPwLueCwH9+DINtogeSrbIPdI
2bdDe8XGjT4q2g99Enj88htIe+W3s+z/KNPBfqIN8hyM/BEHdgzrPLMMULUNcg39hWET0raYWbPV
1MVlepSLPi/eHRdYYIEcN3XOey/3WDNhnec6dUceI9B2mT2J538ZOBfe5I06jmcTZSMOnvXsb/Zs
4n08noOIu+VzkHfgVm2h2zZY5pN0eH+POLmfqKdo/+W55WcGgnEPcq/w2w5HuPP8XX755ctT8/Oc
PgICnBDxeA5is8RzEIaRh/LiftpFeX23n7kvqTPsXt5tGcgLG+xC+DPggnfIZs8BZt866cST0vkX
PMlivfXWyyzoby8D8Udfe6ffYgbndbJXyrirn8Oupl1Qp1/5yleaPpvIRxm4j7CVmMWB34Ru30t4
5tFvHHY13HiniOd2mUb5ObelE2ptqcaPa3hWbLTRRvnZTh8WQil9o4MIvaTFOz5OC/zuUu+8v/Hc
wN6mLfD8I58rLF+r40aEOau0KZ6J3O+Ui8C9wWBqZj6ocud4/O7zvkZfJgEbhWcS9UGePvrRj6al
l146H+NPP9x552F2Cto5/fu8Z/LuGYHnLvd0tT+D+5HylM9cnsudnrm9/O5HHuJ9kOnoy+cgz0D+
VZ9Rzdo7/UmtfosjHbb9/u6P13OwzOswfY5nBe+3/B7Qpumr4XnJb0Hs412b3/5y4CH9kdwPO9Te
7Zkthedi/Cbwzs+ytq3s6l5+i4eJl3npk0Dt4TcyjP9qD9KR2o/8SG364JHawzHnsfZiWTOP0kit
M7S+r/ZDkPfVhPV6OWpecSO1F6K8n/NrN0/9H99rL40jtQd0/fwoP3FwvNk17Kt1KI7UOkDr19Ve
8Bvirf3AjtRuyJzvMg4+115cRmo/DPVre00r8tjrtmRRcuAz+aq9kIzUBLd6voi/9jBpKBd1UJsG
tIEN1/KvJnjWr60ZM7OVPdLkXPjUOrDr5/daFs6Hf+1HPucv8sC2TIfvtJHajAUNadUebiM1L6CG
clSvq3UMNFzTTx65pvbD1zSd4E4ea52hs6XVT7uoCZkjtReX2dIr+cA+2nzUL8fL/bUX2gaO1TYb
10UZum0X8KgZIg1xk3ZN3J+t/MGOfJX5b/a51mFTfw7UfuBmaxM1w3rkj3/8Y73NlHFQBo71W79c
1yt3rum1DfIcDN7V/Jf7m7WlfttgrTNjtroqn6/NmNVeqps+c8s8l8/yiKPX9t5vG+z1OQi7Xttg
lInnaU0QaWBY3mdxXrnluVabiqze5qnb+BcMP7nvJ+vtfTTPwX7bRZnfbj9TX5H/VtsVV1ix4bex
VxbkZTS/xd2WhfNG0y7KNgiLqN+4j1u9l9SMtNnOrT6bq2WoDUioc6+mE/VQ62Qa1fMv0uw1rZrB
X89b5KXkEftqg/Ya2gXp1YTE+rVluYJhzRgaqQ3AbCgXz9CauNr0ukiLbW0AR8N1vXKn3ZbvF2Xc
5Wfu82AX236eud38/tQ6IOq/+6RV60iuP6eb8Vt3nXUb3gd5p+vmOVjruK4/m6JM8Kj+7pNmq999
ruNdv7b2a9u6qnWo19Pi/FqHdr4/SsZRttjX7H0w8jmMW9ow9g/3Stg/tU6qzKU2WLK+rzYYI5e9
/H2O86LsVRb8Dpe2COWnrjr9FvOuz3nDyGvQeap1ek3JUBPeRmqdSiO1zuORmmCdy1jraM/tqiYW
1vfVOqhzu6ot21TnUOtkH6lNo9jy3qx1bua2Ub+g9qHW2ZntyWpbpE2yj21N3MvnxXW8S5ZtttZZ
OlLzIMn5jmvi+tosOCO1jsh8aT9pRZq9bksWkdfYkseagDVS65xuiLY2MKmhXPwm1TriG3hG+WoC
X/3aO26/Y7ayl2nB55Y/3lI/v58PtIXa4PKcP/IQ/8p02FfrMB+piVkNSdSEtZHaQK56fcY1bKM8
tKdBBJ6L1bxFepFWbTBIQ1L9tgvs5ZqoNlt6kT5b2PPsIUT9VvdXf9vLNlteF7xatQviPfDAA3Na
8Wf33XZvaFOcw/O/WeA9iPcBzmn3r9bBXH8O1AYLzNYmsKv5HYArv6tlXJSBY6MJ3XCnHMGdtGiD
r3nNa3Jeoj3ENvJXE5jr2aqJ6LOVi/Oq11TbEhHAMeKM82Mb+5tdVxO/6/FzPudiH7ULvK81e+ZG
OmxpL/Esj7hKuyvyFmlyTU20bHjmRtuNc7ptgzXBrp6/Mp2IpyZiNTwH+2mDUSaep/TrRjqUo9oO
4tzY0kbptw1ecW3kj/2f+9zn6vyiTZfHOSeui3iaPQf7bReR11621FfkpdWW3/n4bSTuXllwTW1g
bEPZ4d3qt7jmsNGQHtd3G0bTLso2WNZV1GFtwFXDs+L/2TsXuFuLqv6PAiqKXIQKNUtMU/NKZgqF
CFrm3QrzQolQhApyjoqp/IVz1EwKb2nlXUsTUTEtE1RU7GailaJpF4tD3rrnLTUF2f/1ncPvYe3Z
8zz7mdn7fd/9vmfmfN4zz36euaz5zZo1a2bNRTQxF6d6Vdh5Zbj44osj7j6e4qoemItYhivNC51O
NHhftOod80hXXblbZxKdZoDv4iq8fOKZMXuC7ugdMtSuOcvGU1742G28K8UdvpVs9+mmz4xPUlcj
c2v6H8+Dwk0+dC5TDlJG21nd4S4c+vp9woMh+ChszrerBafkIPpgLpx/l5OD5LeqDp5FLvo+0xYb
xHJSFvWjtkgpvvP9s8L58vtn0vTyVhgwhvLh0ud0/KN4zd+8CLCqKHY6q+Z7I7omgfw7TTbpnTeI
+glshNu55547YZLUVph0DG530kyV21aCd99sZfbk0ksvnZCOrUSfnHLKKd03FBphheGWSUJboTZj
2KSRMuGM0gYNDIA0KVWTl/Is9SmD7QiYMBhCcDIZS8dmK8y6MqUT7LZiNw74MbR6IUA5tm/bPrEV
gRETfttqsIiHx5y8bMVuzMdWA01sFVDEgLQwADNYKC2HD4+y52kjPzCljv2krN012eUD9n7wv3PH
zqg0Qh/lxxCmsqYT7D7vsc8MXEiPiX4misifvBgYgxvf/GQo6dbwBQopE7CkR7oYI1CSbOViV0d8
84Y9OgjxrH9vu+0mDD71LTWE1vCF8LLVXpFvwFrGhz6cMV6hwFMeYaVn7/vJfNs1H3kWI53Ka6uO
u/qHZyiPvlFOtUfRWOLX4F7LgyhMtqsg0g79dmRnLCsyCgx4h1GO+vFlqOFB4tsq9cgHtiJ0snPn
zph+yqs+nxQLOxkhLsRBkVP9QWPKTzX8XsuDpXKwhgc9JvRLyEkwpI35dubD6Zk+CoyEE3XLJKKv
Y775eqiRg+RXyxeitcT/4Ac/OLEVzxNb4dn1kbTtM844I76zXexxcsm3xRosavvikrIQdhG+8H0k
7WKMXiL6kJUYlZmkFY9IB1IY+V7OYISkzaBD0Q/Z7oaOz/rkr9IZ49fkxcAVGSF+x4cnmIx8+ctf
PtUXwyeiw3Yld3EkA2kjtkM3LlKTrLFddZ1shz4N/vlOf0wfRN9wzjnnTMmnHB4luEMneo/dQz6x
HRcdrSwEFL/TFuh7VCb5i8rcvn4fXMFb+aB7SR+k/Kk+CEZeH8SwXtoXKy/8tN8n/RzOiqO2Tzj6
Cy8HWUgHr/CtVA4Sx+uDym9Vffp8aMaIrvEP7yi/N6wrnB//KJzaFcZ3dGPpEKTLQkRfdttJ12Gb
jn9YHCHc7ZSLqXg+ja30vHmH9MOUY0Sn/jGiaxIoZ1hXOG+MSo3JjKEZS2p8R7qMB73Toiu+Ifts
t+GESUjGQpoc5BtjDjkMt/Awcig1bCIDmHB+8YtfHMuB3GPSEFeTl/Is9cHCrqSL42rboRplrO1Y
mtAO1VbSCXbbZTux3UxdH044hX36058+sVO1Iia24yyWBZo85oxzWeBOPhgSWcQPdqRhO1dj2NJy
+PDoJ9IvSJP8bBdrrGMZp8gPWSLHRCS8pHKwwJd07FSUKGO0wYF46MSLOk1SMolJX0bdgwV6A3nw
5ydDya+GL7QAReWyEwTiXBD9JXxLPnzzhnV0UPGsf28nMEzQg/XNL2qBvjF8YXfJxjxtlzRROkff
AN/AazI+9OHMOA26hJPKpt/y7eSKboLZdnNGnmUymvDoAnYEb5c/dU1d6BvlVHvsAhU8aOJbtO04
+1rchYHyor/BkR96neKg1+R4kO/IFTlknJ8vst22sazIKDAgPEY56sc75B7fMDbleJBvKQ8S33bL
RT6wEy6ivtoXTnmlWGAQYyGOn0MiDW8kIK74nW+pzAVD3vOHLJGr5UFkueSg3U09IwfJx8vBGh4U
jfjMXcHvYAgv8ic+8OH0LHkBHeBE3dK2fR3zzS+EGCMHiePlIPnV8oVoLfHZoMTYGf5VH0nbPuuZ
Z8V3jLeZq/ZtsQaL2r64pCyEXYQvUqMm5dzl9BLqKtVLRB+ykvlSDLDiERnXFEa+lzPMpdNm0KGQ
AVpATBp98lfpjPFr8qId2Ak+XfuGFniCMSlzbVqUwns7XaAjgzEa7/iTDKSNML9Au1BfZ6cGdfwE
fcgW4vDdTmCJ/T19A/qQ4vA9h0cJ7hDKBspt27Z1YxjSZVGX+J22QN+TukVl7pj+hzzXSg76RW6+
bCX9PvEkm8CNfsvLQfLgPX++30rloJ3uO6MPEieVg57OVXuWcRz7nMY//p3avt758Y/eUWb6HRaL
Ime8DsFCRO/Qn4Wt7WrPjn/47sc/Pn573pwIrKxhnUEKDIsBVRM2CGOYEIGqSWU6BQzffrISgaAB
HQyr+PgyFGH00Xsf3o4t6d7rOz5CnbxzhmF2KCo/OhQ6Fh8Xo59+L5qX0in1mWBm8hZBwB+/KStl
8pOUPl0EJt/5Y5Btx3515SAc6Sm8HZUWw2FAwvig9/J9WsuYnFN6CHv4Qvn4iX4WD+g9/KGy+ElI
fUexY7KeMIvuboIGOyotpsVEA7+VDz4DH/iEhR56X8sXdIQqF4YXpSdfE9WpYU88m74nnr6lhlCl
KezH8IXieF+8MjTBjuIAbnbkaSyfeBS5wJ9vUz5tBhPQRbnoCPXN14nS0rcavwb3RXhQmNlRbFM7
MjGaUFbK7CfLfXnH8mAOB9X1EGYsHoq8cOP942pmnw4TUXbMTvzu5XYtvytt0VXKg+AyVg7W8qBo
lE/fkWtn+s5ghHLwt+30bTPyAppZmMX3lK+Fw1g5uCy+EO0lvgw0nk/T+ItgQVqSXWA1ry9O8x77
u5YvPM+P0Uty9Kh8fbKZOPRlWmzFwj/q3KfF4BtshurBhx96rs1LfEs9Yfj2ugT0+tMbdMqN+IeF
WeCQ0iUZSZrSCRhs85u/nAxj4QtY8H2oPxqDu6dH4VnwxII1/23es7DJ0au4Y/sfBoDesK74YJzK
QYxUYJHmK37XiTb6Pq8vVl7ytXOvD2cWCqmukJkp36LzyxhHuXz/Tj9DXPRU1T35EocFlZTL64Oi
aVV9sKUNoP+IRhnMvWE9N/5RODACF8WnHtlJCxZ+8QQTgxq/5MY/1IPGP/TlhFeaW9XfnMP5+VQz
Uc7YF1kplzOswysYYfxkpYy84h/Fx0fH5L3fUavwtEvG3aljchaZw/ecYRijnnZrkjYTxN7xXW7R
vJROqU8ZmLzF2M3f1d+5eoIRFnr9JKVPF3ksOYe8YpGXd6Qnpwl/JshZRJY6pUV+y5icU3rQhXyV
Y8IR4yX5MH6WY/ciZeF9blc6E/R3v/vdY5iHPPghM7vdlc4YHxrsGM4OW7CX45n5iZS+Wr6A11Qu
DC+pk5GKekEGyoln0/d817fUsK64wp585/GF4nifhbzEpf/rc0wmg5V0JfEocoE/36Z8GjqxkD6F
vkmOtKgT8lVa+lbja/xOekO4Q4dw9zqenwhX/hioMRiRZrrDTpjZdY9TOzJJmzyIw4JUOV9ejE78
9o5FP/Agi42G3C6bg5uHGYuHCAMv2HHOU8nBK8hMlUkGAW9kzMlcEtG8HwZZ2od3okv5DskmHw8c
puSg/WbzSq6MtTzo8+OZcng+SL+j35I/f34BlsJBsxb4pnwtHBhXezlIHC3i8HKQ92oHi/CFaCvx
pROnRh2fxiJYkA6nBfi+2I5Q98n3yo2pQHN+1PKF53n0Wu/QS6h/r5f473pW+dJFKvqO7xe6oGNT
595pE52XF/57yXNtXuJbyozh2+sS0Ot3LXNiJ078w8Ks9JQdvktGkqbaAmNyfvOXk/ssfEEO8n2o
PxqDOzTIKTwLnliwVuKETY5epVPT/yguPhivtxxU/fThvEjbF2Zj5aDHYhWf0XFYJMpchBw8DZ/6
Heu58Y/C0VfQ/8rR99oV0zENv4jMy6WavljpN3/zIbCyd6wbo8846wjifWpmoMne1asIJtjinW82
AIj3Epliqk/xzg/i82eruOKdOUqXQNwdxbdvf2v3HSO823ufveNdCtxraIaNeFc5jN/oeAAAQABJ
REFU9z7KKT/rUOOdLdxt0ucWzasv3aH3NoEebBVvvDsoF84mSuP9EOk30WpCNd5nYquW0yDdb1tx
H+995AX3SHn8uM/FBFq8E8sEVujLr0tsxINoMwNDvI+Pe2XkbIIh3iPl8+HuDO7psyN04x08ubsw
TFkI973vfbN1rLTH+sqP8NzHxh3T3I3FHaq2OCPeBcP9WHIqD7/H8iDp2YRnbAv4NqGj5DrfOvpY
btv5FWwAGu+U56N4ljbCtxw/c48xd+d4bIkrWsfwBeFTZ4pAvHPGJtjjfTzpd/9bYX1d+u/ps8pF
W+TOJ+6Pw3HPEPdA5tpvmsa83ybmq3AXT9TwoHCwVeHxrkPR6GlJ8VR+hB3Dg0rT+6rrPvzJ3xTz
eDdNXxj4jnsWvdxWuuQ1lt89jyp+CQ/WykFh31c+j1fuGdnI/XVpO1NYMybHO/PgTe5n8ncBKozt
yon3SNpOr3hPnE1Wxk/CYawcJNIy+EJ0lfjqI1I+9WksggXp+PbP/WlDfbHPt+a5lC9E21i9JEeT
0uiTzcTxbZLfZriOdwVyx9eN97txuMX33SLeBbmMe+Bq8xLf9vE8+oIZEOPd57baOsDfyG/kuhmr
gy0YC9/8xjcpXnToaGbkj3fu8kI8Jl3g1re+dWxbusN8d6zd/9tgOt4dTtvjTuucG4O7j8c9wci7
XP/qw+WehU2fvPEyf16/bxNAwYwfXb9PXBv89eqDNhkydV+3p8+MPPG+PZusyuqLPmzuWfFtsUe2
3zfDeuAOUBu4Rl01JwfNeBXv+7NTGAL3GUoO6l5x2jt3n3mdxYwC8T7ZWrpzZdmIdyoj7YKxiy+j
p0fhuFfWFkNMhXvZy14W9SKPhcKTRl9fTNsAV+rGJtun9EWf91Z53qp3rOfqxyaMgi3Eijoiekof
X9lEUTADVLBFQ4E4flwNf9B20TNt4XAcVytd8jSjQ/yGHJXj3kt0Q5vojOMh+n6Pu/KzhdrBTl0I
NumtqDP+onnNJDjnBXLUDH/BdjSFD/7JB2dCI0fNwBJOPfXUmW+iFfy4n/1Od7rTTJj4wqbqTt92
ekyH9LjT2ePHO/pJOw0l3j/al18+8fxb0WbG36gnel4wY2wce/h86Du5X9KON499bm5cTR/EHbhm
bA5pHeep6H9ri/Lj2JEQyDfSZRwML5mhMN4xjG4kp/LweywPHnjAgeHkXz45zuWgs9ruRCXX+TaZ
Gk468aTwob/8UNRRGIfgxLO0kbSs+nb7299+BlviilbSoj318gWBMw5dh/tnbYI93oWdCdK9Ulja
Xo5Hu4DXPMB3dk1MuOwTl4XnPve5wTa9xC/LrFvalJ02FHE3o2nUUVI6mM/gvlrwsUVjUa8RT9gx
zsF2M2fvOQUT7n+m/7Ldep2cEQ70bdyRKudpSfFUfoSFB0mXsWkfDypN79uCuHhfax/+5E+7Iq++
MOhR6MRmEOjuWFe65NXH79zDTBtOsSCO4pfwoJ0EFOeekOU510e/sO/7nkvLv7OFX/FOaF+f/rsZ
mmMbopw8M9ZIHfok98aboSTqxfRvOOFAn2MG9Kk+kfHz8ccfP1Mvy+CLlL4xv8GB+kz51MddBAvS
of0ja+0Eq9gX0z+slSvlC9Fmm21ivXm9hDkf7tSmjaDb7LXXXlmylQbjv7S+FcG3Sd7RPu20hnh3
Nu2Fe5q525x77hd1tXmJb/t4Hn0BPOAV7h6Hv1WvZqwOtmAsMHaVQ6Yx1uLub5x4TG2AO6fhrdy4
2k6RCbaTPN4Hbgt3leSUPwZ3HwHauB+duu5r9z68fxY2ffLGy/yS/kd5bJQcVHtR3Yge+Yu0fWFW
IgeV72bxVUbfj+ZoVzjuYkcX9rqxLYKL96573lJ40qrpi3M0tHebBIHNtOPABEdcFWITlt2O9Rz9
2hlmitTMbh0dJ+p3fCldq7K4ysoGrL2+dVgzaSq/3HHMKX2L5pWmN+83K/Uol8rGnY0cScEqcsrJ
e5vAze5AEa0cv5fuHkrz1bEwymcIQ1YMpfFLf4u2HC9o1ZnKBe02YRjLynFVfXmxyg76b2nH1XN8
bl+4Me856pBV0MKBdNM/Vo0rLZVnDH6eB7WLj6NelNYYXzybayP65tuIT1O0juELH0/Pqh8zfsyl
WWFVl0pjyNdqfMpmkxuRd3UNwFD9D6WZfivFfVEeHMJBtKR4lvJgWkZ+q6778Pc7VrmXJpeGdmD6
tqp0S/ld6Sv+WB5cRA4OYS96hnzqJ9fOFEenMvS1N8KBM3IJvNjJobjCwWOrb310L4MvlEeJ38en
Po1FsCAdya4xfbHPt+a5D9++tERbjhdyekkuHaUxxCvEY6cJ/URf/wMNy9ixXpuX+Hao/YpfkD2U
W7vwx8gM7chVHbErXqcc5XCd924s7kpH4XN1rTB9vrDpk7nEEzal/T73eYGfMEQftInqTh+EX/ry
ZRff0Pe+8ui94qf9lL6Pafvs2kQOQoeXg+wgoUx+N7fSVb595VK4VfeHyuhpHwqXw0LhxROSGTnf
654+z632bJNse4zL7VjPFV67f3O7cc0oGNuf342rdMfwlS3yijqNz1f5cXd7ehyzD8fzonml6c37
bQtUOhlKO6HcXAFii2a7Ptcm2bLJiFaOm2aHU6+zTxxxCn5jMES2L+pEG8e7axes0nzLW94Sy6Zy
8d0mDOM7Tl/rc1ynB/3ssJ1Xj31p6D3HvnNfaSqbPEYckS+n8ozBr+NBw51dfOTRd4Sw0k998Wyu
jeibbyM+vmjlaNZBvvCR3LN2laM/zHMKq7qcF57vtpA01iN9ALvgoFG7d4fqf0zaCqPdk2NxhwZ4
kPodooErbQjDLm3Pg0M4iJYUT6450Mkvng/Fg/hgNeQkL/vw9ztWucIm57Sb0O+0U7rQ4GnLPed4
VPHH8iBXMPi84G2uQZIc5FtfGYewz5U3fUf9wIvoHjmneSAzCs3IMoUHZx2ljpySEw4eW33ro3sZ
fKE8Svw+PvVpLIIF6diioLhjPXc1gs9nGc99+PalLdpyvGDGrcifQzxAukpjXjjmE2k3aXuCz/mD
hmXsWIemmrzEt0PtV/xCu6TcuuYjLVPut3bkqo6wJaR6ArSPdWNxV3oKn6trhenzhU2fPCKesBnb
/yivjZSDqou0nxJti7R9YVYiB5XvZvGHyujLMBROdeB5S+F9/5hrU7zL9cU+7/a8uRDY8jvW012C
2g1khohu17s1gLgS3xpA3G3NjihT2Pk541iZxiotawzdN1ZdsXJ0zO6kRfPqMh3xAF3HHHNMsAFb
3MnFilzol7OBctzJYxOOU6t19T2Hlb6lvh2pFFca2zGtcUcMeeccuLFT2+8+zYWb926IttxOQptQ
jCv7WRHN7n1ff8pLdWOT4b27SxV2nm/HGgUbwMXVfqwYM6U7RmGlHbuGTExM7Z5W3gRix/9YHhTu
fXXYR+cQz5oBIq5qZGXj0I5134b68sm9V/1oV2EujN4pbLpTW99zPmV70IMeFHcSsDOLHeLsqABT
VrD6Fa25+GPe1eC+CA8Kh1w99+0ELuXBXLnVznL5Et5jzY5EcE6deNvzi94RtoTflbbo8mnqW+pD
4yJyUNiX8KCnYd6OdZ2UYQajuBNj33339dHjsy+DbzdDOIjutO6WwRczBI540cenPuoiWJAOOI3t
i32+Nc/CdyxfDNE2VI+eNqUxtGOd8ISj/2HXFCtn+Y1jxzf9Pv3PmLYTI835ryYvlZfV8nZ858wu
I+izQW53EoYZIeJpMugynETCyTJ2LFyWMlbZsyuMVfSqo3llJb+cTqAMxuKehh+jEyqOfGGTtlt9
x6/pf2xSIp56AYZnn3123H3u9UG7xy7uMPC7mX2e2nHO6my7h9t/GvWs+H071nWqDDs/2MmZk4Mq
A/2HT0e7rnO7uZVvX7lEPKcp0WbQTQ8++GC9Xhl/qIyeyKFwOSzgB3Qk+J9dLGN1T5/nVnv2O6e3
WtnS8tCWSnes0694jHJpEIZTzuArdluzI6pvXI1Ozm4xL4Np69ohn+aXlmHRvNL0hn5DF7scydOO
f407fr0c5TSJE044Ye6OdXb3D50QwFT9qaedGjixhfGMHePa9eMpfeCGTuDrJA0z5neuHhXPJg+D
Gc6mygVt7HjmNDi7Am+q/hRPdWOThzO7uBVmrI/uyljajIrBFuwGTnLC2UK2QL9EP+7zUd5FPGhH
7IE743S/Oz9LI+aUa6eCBnesowuwC52xCDv+/I4n0hb283ZOZemwl/N2rvl4Cpvu1PZh0md0IMZ3
NoEfcWGH+F3vetfYrtErlzGuhpfgKZugHt5J73CnntgZOcSD7G5EJzSDzNROR+GQy69vJ/B3rvpO
+PJXvhx58LKPXxa+9OUvRahssUF40YteFHkwzSfFUrvZcvkS1mP9/ve9Pxx7n2PTJGI5KJPnF5WT
wJwcUipzRZdPcybja15Ao12fGDhpCDkI/l4O2nG7UU/sK6OwL+FBT8u8HevwKacJcJIFc3A5fdKX
gfDIddwQDqI7Ldcy+MKXb+xzH5/6+ItgQTrgxFitZqewp2PMs/AdyxdDtA3Vo6dFaQztWCc84eh/
4CfaGroAjp388Dv9z5i2EyPN+a8mL5WXuVtOkEhPkIE+fxIGO2lpI7RhTiJh/DQ0rr7jHe8Yx9Wq
o7lldXI6V9yxuCuuwtfwobBJ263Sxq/pf6BpI+Wg6sLLL1+mRdq+MMvVs/IdwhM60HtoM+imuVPo
PK0b8TxURk/PULgcFov2xT7v9rzJENhMOw1MQCCmJ/N2aw3tFsqlYYOv7p5iG+h2uwFTbFilm9vJ
PJRfmsaieaXpDf1WWcHMJtumyqW7J/lmE7hT35Sm4s/Dm/C6u77v/lPCsGuXVbYmaLP5Kd8x/hBt
2qXmy6V3pvhPuB8ml4fukTQD18L3SLKjjLxYvZjmpR28fjdbLV94mtmJmuZFPbMT7BnPeEbc9afv
QzzLiv+hdjaEvdIf8lUXfTvXfFyFNWPKTNngJ3by+vB6NiNBLAPl0N+ydquTRw3uKksNDyqu52mV
VbsXUzxLeVDpeV91nctX4dgNCsY28Jq5+xj+02kRXo7U8rvyFF0+TX1LfYWFxho5KOxLeVB0UA++
reu9fO1Whj5Wl+q997kTSHzMDkN9U9lyOIjutO6WwRfKv8Tv41OfxiJYkM6QXPP5LONZ+I7liyHa
hurR06o0cvWtcIRhd7cdfz7THgmjFcxmbJ5wl5Ti1fi1eam88LQdoThDA3dVit/RyZAj7BLi3dln
nT0TXrRLx9Bv3w+w80fvvc/dsOwMtMmS7HfCjsHdp6nwQ+3eh/fPwiZttz5MTf+jnclmZMjKQXZ7
860v39e99nUR/7H87unlWbul035K4VRuaDDDw0xdULeSg4TxclBlYwc+vKI0fb595SKMGcM6fiNt
diz4NFbheaiMnr6hcKoDjwV328OnlNsM79lyg33f+MfnvVWebQJyj3G2sCLyft9OWgGhHbe53RW5
NJCB7CyCr2jzWWe7g21icmoXqcIN5acw8hfNS+mM8VVWyoWs8Y7dW+z25ptNOPpP3bPiz8ObCLYY
KNYN959e+e0ruzT8A7t22cltx7z611XPQ7SlO9bJQDt1zKg6sQVhM3lCG/cb02+zY506rXbX7CQn
ry984QszyXDvJfl4/qziC8tH91BDs00Kz+RFPaNHPfvZz467/hRgiGftSpbBdibs5+2aVF6pr7qg
H53nFNaMKTNBqTN28uYcp5JJL5Nvi+9zQaveCXd2EY/FXWVhXJ3jQQjx6XoeVNxcW9XuxRRP3pNX
jgeZ3wKXeTsqbRFFDJfLV8DpFEhOaOBuYe+u/s61O/U9v9BHkzc02MJDH+Xa5wGZK7p8mtdGnH5S
WPLKyUGdZtBXRmFfyoOignoYwtkMIR2v2gJbRZvy0XfEx7Q/OZUth4PoTsu1DL5Q/iV+H5/6NBbB
gnTMgBx3rA/h7fNb5Fn4juWLIdqG6tHTqDRy9a1whGF3t22sy/bF8Bi8ZEbIiS0AU7QqvzYvlRc6
zNg3k7dtNOz4HflAP6b7obkjvs/RJ9i1Cd1n3w8wnz3jTMbYlRMTu4pz8vnPf37ms16MwV1h8RW+
hg+FTdpuffq+nxjb/yjdjZKDai9pP6VyLdL2VbZcu1C+Q3h6+Qo+tsBWZK2MP1RGT+RQuBwWi/bF
Pu/2vLkQCJthIgTjGUosx3vSOJkQ5h3HQjLhk5YB4wkTy0wWcQSUvhPW7mDq0mDQpW+a9EdhpkNC
USQ8f7aTphscphOl0GArU2Kayk+08U3pe782L5/GmGcEATSBmd03GyfZMWrb/VSdsYtvHM3uJyMJ
A952h2WHlS8T39L8EepMJpAehjaUVOEHDkxw6yhXP6mXpjPmN+m+973v7Wjz9cg3jkdNy8Wg23ZC
xfdgwjGioo+yaWEA8ZZhgNWgyFbATlA8lBe+OpuUl2r4grSFO3lhmFJeKFG2sy+Wef8b7574EL6U
WfXBRDmdAPFQtsQzameKU8MXxCUePMCf3T030TGKGDTIV9/IX3nJl2EEmlgQQRgGr7Yae6Lj3XOT
8ORj99rHslOntgsruyhG+ZT6NbjX8iBltjuFZ3gamiknR/lSRvD0GNbwIGmqPmjnGKPUlshL33gW
ZqojwjGYRl7yHUPVKaec0tUB/OTbag2/1/BgrRxMyzeWBz1PU17qh7j0RV6OKn3qjElW8OPPdvBP
9T8yhPLN7vTrZDXxSuUgedbyhegt9Wmv8JLnU3ARL3mercUCmkivtC8uLYsPL74fyxc1egn5eZ5R
GpLNwtD3yWAr2U4bA39w1R/9PbxEGssyrJNeSV7oC8TRHzoBBj7q79WvenX3nj5bixm1kIE4hGfA
rjKhb/jrHujHwA4sbJV9TI96uvDCC7u2RV4M/EUD+o6v31Lciau+jrS9DurT8nno2dfjGJk7uv+5
xuBBPmAEBugLGFiR0dCLPsixxMLBdkZ2Mkb04YvfmdRI+2IZ5X1fLCwoG3nR75N3X7+PDio5SDiM
3V4PX1QO9pULHlJfJAwoj9eJPQ7r/Qzv0L7HjH8oywfenx/j8E26MVjwm7L48mO0YvLD405/bick
RP6g7tFj1huD9c5vcw3j66jFeIaRiStB4HsmhHn3ta99bTKxidHU0VcwsYzhkjYtx6Sr5DlpMPkZ
naWhSX/4Cl2FiVzC80dfdtZZZ8W8vTGUvKEBPQq6+EYfINoifcpcfm1eil/gI8toB8goZCJGL4za
6Lu2Uz3SzDeOZqe8coQBb+Rtijdl8gY/xUFmkxbh0dvIW/gRhwlu6oQwdj+qolX5pMtRr6Ktq0dL
jW8sNkrLhezQUcrUE8cpiz7qSwsDiLewAdbqWEfjc83arl27Yl7wC3myeEP8gryIrpIvLjcZJ9zJ
i8lplYu+Hd2JvOBrMJCjTlQfGIZYNEI8xuLwjLAFG7kaviDuVVdeFdsJecKDjBtIH4MG+fKeP/JP
nQwj0IQxmjAszmBBowyi/kh9xScf2+EY8yGvMdc0KO4Yf5fV6RDu9MsRd5vPEO7UNQsgeE95+niQ
7/64eMpMm+F92lYpJ1c78A08PYZjeBA6Oh68puCqD9o5+pvyJS9941lOdUS4hz/84VFe8h2913Yp
x/h8m5K5Fvn0J+7+xlwmOkMqc1mYSjxPo3gw1xdAW042od+RBmmdf/75U3JQx/Pz7fnPf/6UHEzL
RxpjeNDzNLKJ+iFuX99AnT3mMY/pcGLOyGMhQyg0ov92stqaC1dp8T7FljSRg7ly1fKF8Cj1aa/U
i+dTcBEvsfhCbhEsSM92CMcyD+GtvBb1xfdj+QJdFZlLeK+X0C9ooX5aj9Do9QmlQTj/3vM92JIP
dY9eA/5RLlg++PC5eGZZhvXSvGT8Ix5/GD0ZA1N/jM30HnmpKzFkFFR4u8c8locyoW/omHO+s2gX
BxZ2v3xMD9yZT1fbIq8zzzyzywt9xzuP7xjciau+jrRV133t3ueltjBW5u7aVd7/rLccFBaUjf5g
Xr+/SNuvkYMef+n/4jvaVydnfcANeIYP4Quv84o3kR1TbkCWgK/vE/gtV9MXK27zNy8CK29Y14Bd
DTP1MeKiYGvixU++Kawm+9LJM77TURCXDkmGV96jlLIrjIlIpYPCzyBLk9ha3aTvOT9npK3JS+Ur
8cFFg6SUNsqiAYy+MTClI/UGSX1L/dzuLxQLn+axxx7bGXaJrzzf9KY3dfVVUh6F1W4tTxMDAmi/
wx3u0NUX371BlYkdTx9hpRyIPnY80VEqr1pfxivRCBZPetKTOmMw7+1Y+inereUL7UJSXvCunvEp
M4MplBhfnu3bt0+FUxyPEe8W5Ytcu1Ne3s/dg8sufN8uZTBSPGjt22XFQErhmFD2ZV/Gcw3upTyI
Upy2R52ooMG5yojPncWq5xoe9MYrn2767NsVcub444+fals+fMpPkh2l/F4rm2rkoOePEh70Rk2P
Qe7Z82QOC2ST739ufvObx3u3RFutHKzhC+VZ6o/hpzPOOGOqbdZgUdsXl5bHhy/hi1q9ZJ7+4/lK
d05jiEvlJLoM/Q+ygzi0SSa6fXlqnmvz8uVK5YPKxPtLbJeX6EKucXecD49+w4IyH4fJbn8qDQN7
H4ewvl3x7X73u9/U6SeePqXd5wt36NTpHX1hec9EhsqEP6aNEM/LXOKN6n/OvrbfBz92U+ZoAwOP
Ec/0+55OJh3G9sXI3LH9vh0r3/VZGJJ8HugyXg5CF/c8cuIJtJFPKgcJgz7IJEyqDyJDtVBDZSON
VCauimFdu89zdcY7sIP+PixoCx/72MeyWICzxjI53B/20OHxj/Dbiv7mHdKPo5z67uMp3tu1YVPG
JC0GVhzaWDS82RxSOnnGN9LHobPJ6EVc2jNGIiZjfVqcRhInsS29HTt2dN8Uxvukz+Kr1BXnlSYw
8jcTgyxw9DTpGdr487/pS771rW9N7n73u3fv9d37xEOnTx16ok+TvkqGXeLzzY4VjwuW0rijfxvu
qQ5Fupy4Bu13vvOdp2j3BlUmJj19hPVjFr6xYArj3ULOaJTxSriBhV0x1PVr5AU/+snNWr5g0YQv
V25c/bznPW96othohB7R532fFs9j+YI0cnyRtjufl3/O3YPLbjzfLmUwIh608Uf/n3P+NCEmlJft
xuDO7ko/QY8BwOM7jwcxDKXtkQUiyCD0HI8fz+idyi/Hg5wIqLk26Eh50Buv0rT9b3+HNTzMYmRf
Lh82fS8eYf7K1y18y47DPpmLcSbFwuejZ6Wv+oa+4447bgYrwkNbSh/87l0JD3qjpujp8z1PCgvR
AhbIJmHBe2QZi7jkUjlIPshBcErloK+vGr5QnqX+GH5iw4x3NVjM64vBxi9W8fnVPpfwhV8cIX7Q
gqCcfJRewhyDws/zWaiDw+jm5STxaFe0fS0ug5+Y317U1eblyyWeT8vHexbLyiHXWIDiw6OjYetQ
XL4xlvAngnzyk5+cikNYtSueiWNX2ETclJenT2n3+cKduOn4LBfnoosuUjbRH9NGSMe3YSKW9j/r
KQehL8fXOTx8v1/T9mvlIDTKpTLxIQ9+SNePKsxG+PP4EH7zOmSKBf0Iiy9zfYL0CMol3FU/8/ri
jcCi5bl8BFbesI4yh4Du+4Ph/cSOhKIPL8Pb9m3bp9KhE2DSSfGZcKOT9HH1zEAaQ52MVsRh14e+
9/l9k9eleYnGUp/GL6OXaKSDtPvQJnaPZewI9Z7JSAQBg1XeEU7fUp+wOVrYEWb31MzEA2sGQ3TG
uXgl78565llT6ZM2SjsDaLvrZOqbXwhBHuTPpFFaHtJgolqTlCX05MKK19gtl+bF7507dnaTmj5+
LV8wuW93ns3khUElnSBXfqx8puPz9N3nPveZ2J23cZef3pP2InzBUYBKa8jfdvq2LP5M3FCPPi68
CYa+/apc8ikHHRrGpHQyXWEW9WtwL+FBBnxp2RkEYzRA8fSY8OzlYQ0P5uRnmge/mZRndbDwo93Y
HYcz9LCaGvmrNKg3LztK+H0RHiyVgyqX/LE8iGE9lUEqe+ozAaD08WmPz3rWszqsfHh4ne8+fK0c
rOELn2/J8xh+oh9N0yzFYpG+OM275PdYvsjhMEYvmaf/iEdoV/SB0I7MUL9jd2DO8NMy+7ravKAV
2Ywhmmdkvy8LiwAY/KR1gZxBp1JY77N4jUme3JUopMXpGT48z+DDogev15FnDe7EG9PXsSPDlyvH
Gymd/E5lLmmU9j/IQa7m8OnDO3aXbEwL3uAbhhovp0Vv5Pd7ZPrinbN98RgsyAvDuNe7Btu+5ZPK
QSYQfXnYOQlP0UemsjjVB1Uu9FalccABB0wufu/FU3WkcOvto9+IrpyPEcfTlGIOFugbOSzQ8+mv
FL+kL1acreovf6i9WikiB3L8pHfoId4hs/QNH/nAyQgTMySic/pvhx56aJx0Unx2RnFktg+jZ3YK
6khShWf3qL7nfPJmh2TOleaVS2PMO+QVuzI9fchRxpDo5bQ7vkErO9mZgOM4d94RzsfTs8Lm8kfO
s0hIYeWTD4v3p3bq5RIY8Y4d1koXn3qk38Swzi5l/61bCHFNuiywS8eSMY3vOTQuJPOTlCNIyQdx
vMZiK0+PntkhHxdoJCnU8gV1yVG5Sl8+BhX6mJxjxx/6i8LisxDC7ryNi8T4TV2T9hi+IDw8lLod
Z++YysPn559pnzn8OSGIevRh4c1zzjlnqv2m+bLYEd2NCWTtekzDLPobbOwu+inaoHMId3jQ7sid
iUMb4RoDjwG7n9OyH3HEEZHX0R89JjxzoqGc5F0fD4JfyoOp/EzT128M4uxElINmrvLTd/noTMzr
6Df1hvFXbh6/szhCCwVY8IIBjLT6ZBPfcjxI/y/jv6eFEzI5oU1ysC/+WB7EsJ7KIOWX+ulxw7RH
TrhKw/GbuuK7d6kcpAzIQdpqSoOXgzV84fMteR7DT5zglbpSLOb1xWC4DENySudYvsjhoAVB6Ma+
zqlH9B7crl27dyb777ln2gN1j0NmqM2n4wri5uRMjFjxX21e0IpsxqjKs3gS+igLO8mZR0sdcoZ6
zGHA9a5sTswdjU5anJ6RxgMfFj1Ixii/GtyJu2NEX8eGHe9yvJHSye9U5pJGaf+zXnIQ2sZgQbnS
fr+07dfKQWiUw8YkzOE/FsCtgpvHh76/h94Uc9o6+kauT6Avpb+SK+mLFaf5mxuB6yAQTBA35xAw
pTjYMS9hv/32C9bBBRMI4QY3uIELsbzH9crLJo6DDZDDPvvsE25yk5uEvffee3mFyKRkxwYGGzwG
67DD9a9//YhhJtiGvbLBSzBFIdIIFraDLVgHsDR6TOBGHrKJ6mDKRbBOLfKSHREUDj744IjJUGa1
fEE9gzt57rvvvpGHh/Lhmwn+SBs8Dq+vqoNOyrXXXnvNpROc7diZYEfwBTuCNtiOiTUtVg3uq86D
NYDBt7QreGlMPSmPWn5X/LH+onKwhAfH0pSGQ07bxG33Gnm9zP5nUdnUEbYOD2uNxbKKsB58UUKr
6DnooIMC9U37MmU/tsll93U1ednK92ALhIJNOAe7Nzv2WZQPuT1GN6EfsEF9uOENbxjLZiuBi/o6
9CAc+GwFV9r/NDk4W+vS0+CpMTw4m8LWeLNeffEqo7VV5MIqYQxf2T2d3bjaFrAsVa/xZV2vvBjn
alzNuG6t5QZ9nh9Xg+EqOcY01DG6P1gw/l32uJr0bWIzjgVtZ183rj7kkENGjatreFDzGfQR9A/M
Dc1z6EXoXOjuq1ZPnnboRO+izubRSThbaBDsFKBgR9AGOzHFJ7X05xrcV50Ha0BSn6xx9bx6Uh6b
RQ6W8KDKVuojp9F75ZDXyx5XLyKbRNd6+GuNxbLKsB58UUKr6GFOhnE187oaVy+7r6vJy64sCXYH
fJz7tIX7VeNq26DWjauZDy7p6zSuBp+t4Er7n0X1QdX5mL64Ft/1bvvoTOhpN7rRjdZcP67FZD3i
rVdfvB5laXkMI9AM68P4tK8NgYbAJkLA1jlFam13QLBTJoLtVo/GdSl8m6gojdSGQEOgIbAlEbDd
seHwww8PdnVFsB053eT7MifhtyRwrVANgYbAmiPQDOtrDnHLoCHQENgMCLitNxe/7+JgOxiD7VYP
dtd83KixGYrQaGwINAQaAlsdgSt2XREOu9Vhwa6uCOe98bxuXB2Wt2dsq0PYytcQaAg0BBZCoBnW
F4KvRW4INARWAQFW0r/oRS8KdrRpXG15wQUXBFYP4uxInHDaaafFFXOrQGujoSHQEGgI7KkI2LG2
4RWveEWw47cjBCeffHJcyczpQE95ylOC3SW+p0LTyt0QaAisAALNsL4CldBIaAg0BDYUAcbVdo98
sOtX4rjajgSOJwVB1M6dO8MZZ5zRxtUbWkMt84ZAQ6AhEIJd0RHsWphgR7BHOJjz5NQYxtV2XVa4
+c1v3mBqCDQEGgINgTVGoBnW1xjglnxDoCGw9ghwJJPd69MZ032OHBNsd5VumWN/fdnac0OgIdAQ
2EwI2P2Q8fj3HM0XXXRRsHsMc5/au4ZAQ6AhsC4INMP6usDcMmkINARWGAHG1XYHbWdM96Qyrra7
SuPVgv59e24INAQaAg2B9UWABeqvec1rspnaXdfhyCOPzH5rLxsCDYGGQENgeQg0w/rysGwpNQQa
AhuIwBe+8IV4Xzz303jHqs3DDjvs2mOR/Mf23BBoCDQEGgLrhgB3YH7uc5/L3rfFEaNrfU/tuhW0
ZdQQaAhsSgSaYX1TVlsjuiHQEFgyAuhqX/nKV2b0MvQ0jO7t+p4lA96Sawg0BBoChQgwrr7iiiuy
13Pc+ta3npHfhcm34A2BhkBDoCEwAoFmWB8BUgvSEGgINAQaAg2BhkBDoCHQEGgINAQaAlsXgWZY
37p120rWEGgINAQaAg2BhkBDoCHQEGgINAQaAg2BZSHQDOvLQrKl0xBoCDQEGgINgYZAQ6Ah0BBo
CDQEGgKbEoFmWN+U1daIbgg0BBoCDYGGQEOgIdAQaAg0BBoCDYGGwLoi0Azr6wp3y6wh0BBoCDQE
GgINgYZAQ6Ah0BBoCDQEVg2BZlhftRpp9DQEGgINgYZAQ6Ah0BBoCDQEGgINgYZAQ2D1EGiG9dWr
k0ZRQ6Ah0BBoCDQEGgINgYZAQ6Ah0BBoCKwjAs2wvo5gt6waAg2BhkBDoCHQEGgINAQaAg2BhkBD
oCGwSRFohvVNWnGN7IZAQ6Ah0BBoCDQEGgINgYZAQ6Ah0BBYDgLNsL4cHFsqDYGGQEOgIdAQaAg0
BBoCDYGGQEOgIdAQ2MoINMP6Jq3dr33ta+Ed73hHOOCAA8IDH/jAsNdee23SkuwZZH/4wx8O//iP
/xiOOOKIcJvb3Ka40JPJpItznetcp3veUx4av+8pNb27nHs6v2/12vb1S1nXUqb5vNYyn1WqM5V5
TynvKmG/6rSINzydm51PVKbNXg5fJ+154xBohvWNw34jc/7qV78aLnjrBeHAgw4MD33oQ9u4eiMr
Y0Tef/7nfx7+/u//Phx11FHhtre97YgY00HUb/B2T+w7GFe/5S1vCQceeGB42MMe1vh9mj223K89
nd+3XIWmBbJpwon9k1szmZbmE2xOcg+YllT7WTNcVXHN33wIJG2CAmx2Pmn8vvnYsFG88Qg0w/rG
10EVBX/4h38YTjzxxPBd3/Vd4dJLL40Do3kJISQ3u6CfV8ZV/P5///d/4Zhjjgn/8A//EJ7znOeE
U089tYjM1772teHCCy8M+++/f/j85z8fXvrSl1ZNIhRlukaBa3mwht/XqAgt2TVGYCvx+xpDtXDy
te1xkYyvuuqq8LSnPS184QtfCDe84Q0D8vGVr3xl2G+//RZJdibu3/3d34U/+qM/Cn/9138dv133
utcNd7vb3aL8Jd/N5sbWldoP5T322GPD4x73uM1W1JWidyzuK0V0DzFXXnlleOpTnxr+7d/+LbY9
gv37v/97eOELX7hyOsVY3F/zmteEiy66KKw3v4+lr6cq2usVRqAZ1le4ctaQtLe+9a3h537u58L3
fM/3BPSHUXyAHWMPMCqsIexVSX/zm98MP/IjPxLr6dxzzw1PecpTitL5nd/5nagfsjnhs5/9bEBv
uv3tb1+UxsoEruTBCy64IDz84Q8P3/3d3x0XKIzi95UpdCOkBIGXvexlgXmULcHvJQXfiLCV7XER
UhlXP/GJTwyf+9znwo1udKOAfDzvvPOWPq7+1Kc+Fd76lreGj3z0I5Fc9O4f/dEfDWeccUY3plik
HOsdd6wer/ZDee93v/uFbdu2rTepWyq/sbhvhkLT9p7whCeEL37xi7HtQfO//uu/hle84hUrp1OM
xX2j+H0sfZuBLxqNeyYCzbC+Sev9L/7iL8KDH/zgUYZ1BNVv//ZvR0F/1llnhRvc4AabtNSbk2w6
3Z/5mZ8JrK7/jd/4jfBLv/RLRQX5xV/8xXg6AfWIe//73x8OP/zwojQ2OvCiPFjC7xtd1pb/Yghs
BX5fDIG1j71oe1yEwq9//evhXve6V7jiiisCdJQsDhubL5OkDPRx6WIyjHBMBGwmx2knv/qrvxpO
PvnkuDtriHbffn7qp34qvOENb2g7kYYAG/hWgvtAMivz6X//93/D0UcfHdseRNH+aB/ve9/7Vkqn
eM973hMwcp199tnh+77v+3rxg374nQljnu9///uH17/+9WvO7yySfO5znzuqPfYS3z6sLALNwLSy
VbOmhH3wgx+Mi6DHGNYnV0/CC174grhA8HnPe14bV69pzcwmziKxn/zJnwx/8id/En7rt34rTmzP
hsq/oa945CMfGfsY9YEf+chHoqE+H2M130L7C15Qz4Ngd+9737sZ1lezepdKFfzO6QTwDO6jH/3o
puP3pQKyBokt2h4XIYlx9V3ucpdw+eWXxzpei8UyGNswIOLScTXzm0ceeeQiRVj3uJx2cuaZZ8YF
CWx+GnK+/TD3/va3v33NxxlD9GzmbyW4b4Zy+rYHvasqY9/1rneF3//93w/oq7e85S0Hod0Ift9q
fDEIcPu4ZRFohvVNWrVM7P3ar/1auMlNbhL9fffdt7ckCP373ve+4X/+539G727vTax9KEaATpaF
DX/2Z38WTjnllLiLsCQR6u/LX/5ynAhgtehmNKwvyoMl/F6CbQu7eghsBX5fPVSnKVq0PU6nVv4L
ecauWQbiyzasq2zIjF/4hV+Ixi+uSmHC4dvf/nZcbb7Zdqyzs+iXf/mXRy3M+sY3vhH7mkc96lHx
eM9Xv/rVcTdveS21GCW4bxa0/uu//ivuZmHnxQknnBA+9rGPrZRh/eqrrw7bt28Pb3zjG0fRBb//
6Z/+aXj0ox8dfvqnfzq86lWvWnN+x+jPSRC//uu/XrxQcrPwyZ5MZzOs75m1zy71Zz7zmeGQQw4J
L37xi8PQuJpFSve4xz3Cf//3f4/f3b5nwrompZYR65JLLon9xU/8xE8U5YOeyJzIgx70oPDJT34y
bEbDOmVgkSh9OpPSpXKrhN+LwG2BVw4BeOVLX/pSvDryE5/4RDOsr0ENLdoeFyWJ+mXX7B3veMel
L5ZR2T796U/Hxazsjmdc/U//9E/hW9/6VtzotdnG1ezoP/744+PCrHkniTLO+MAHPhDLyak2b3rT
m9Z8nLEoP6xq/BLcV7UMKV3/+Z//GeCRvffeO45DWbi0SouX0JfYmMEJb2Po2gh+34p8kfJJ+731
Edg0hnWtAFKVsFpO79KVcwqDrzB6NxRWYfri8H5MfKVT4/u8l5UXR+0y6PyP//iPlTas+7KDnco/
D/e+eGPw93GVX188H1b06d28uH1plrx/+tOfHo9MHjKsix6lW0OXT2Movg8nPJRv6m8ED5bQl9Lr
4w5hoHi58LwbE1dpjPV9XsSpycOnMRTfh6vNa2y50nBrxe99ZeL9EBYpffN++3yUrt7pd18aCqfv
88IrnI83FGfR9ujzIe+hvERb6rPjiKPKl90vYUDniFBW5H74wx8O17ve9dKse3/7ctWUiYSXkUZK
oK7CGHviCUeb3vWudw3sWGeFsi+Lf07z8b99OXg/Np5PYz2fPb19tPowY8pUirsvb2lexO2Lw/u+
Mg3F8/Skz6T5jGc8Ixqix+5Yz9Gnd0P0pXkP/a6h61/+5V/ijnt2rHNCg6fFP/flqzL470Px3vGO
d8TJxVU3rPtyqTy807Mvr3/28Xg/L7yPuxWeSw1Um7bMtnlx5k7W3RsardIHSpWLNxA8fuqLQ35D
ec1Ld8x3l/eyeJmjdu95z3vGqzRGHxs/htZlh3FlJ+mu/HNwX0QGKO51qNh5dZujD9pw8+LuDlX/
v+Vz+rbTo2FlyLCu8iijDkO9GOO7cvbGd2FIch5+6PEs7mCRao1hfQzZaZhFsPBxezFQhikWNueH
I425cZXGWD/NawzfZtIeVb4l5ZXJftSr008/PV4nOGRcmSrHSCx641h5l9qOHX7iA+Wt31kgXDy+
z2tbU2m4uEN5LNoeVQ7lPZSXwqQ+42rGv8uWCRjQb3Ob24Rb3epWcSHZ6HG1ww5ai3B3hRM2tfFd
Ut2jrsLgxJN5hnUiccreYYcdFo3rjAGue53rdvrTqLpaEhZdAdbhYRTuabmukdV95JXi7tMRPXpX
hbvoM7qHZFNVXpbkGBkr+qOfww/acEvUgUrpWm9+X4QvdoO1Dv/n6sqyhVcGeTGNR8UusW7XoeQt
i5EIbArDOgMejjDSXal0bD/+4z8eO3eUiOc///lxlZAvM0z+V3/1V+HNb35zF4/VdQ958EPCIx/1
yLiaz4fXM4OT888/Px4vxjvyus997hNXsL/3ve+NR3r/2I/9WOB4b1assarnG1//RnjEIx8Rbnaz
m8Vk3vnOdwYm+lA8oI9jwG9605sqizjZj1J7/etfP670Y2DEquO//du/jfRypA60PvhBDw6Pe/zj
YjgikyeT5KwOpAGTNumyS6evQROHlYZMsLM6m6Pu2CHoO4x99tmno42jTzmGE9pw5HW7290uGuZJ
CzxZFamygc8DHvCALn7tw1jcffoose9+97vj/eMYU9iB9b3f+73hoQ99aCyvykAc6oP7dnl34xvf
OB6n+7YL3hbedeG7Io7snOTOHI5PyrkaHmRlJ0Zw0fH1//16OO7hx4Vb3OIWuSy6d9zNQjxwpl5R
ZDm+FT7/zd/8zeyOdXiBI45pJ9xdjDv44IPDIx7xiPCQhzyko0GZYHCq4UHi/83f/E3kEVb5Qyvu
Tne6U1wNh5+6Uh5U/Bp+J24JX9B+OToW953vfCcqzNQ1HTx3z/7AD/xAVJLufOc7xzDpfww23va2
t8U6oQ7A/F5H3StcedWVcbfd7/7u78b7GtN4Nb9LcKd9v/0P3h6++K9fjG0V3kNGIS/gLWimzdH2
n/D4J4SH/fTDpkhCoaKt077kmER8zGMes/Q7g2r4nR0aGL0oC7uQ2QHNYBJZiCzNyUMw+cu//Mto
eKHsOPgV2UhbA19kAEcPkx6rJ1l9Ch+edNJJ8ahP5CFyXzIYmcOuaNq4l/tf/epX48CWI8kf9rCH
hV/5lV+JfQp9y2WXXRZPGWEHMvG9K8FdbZj4yOjv//7vj6tR4V/6D+5OZEdqevVHbXskH3DhCDQw
gN9xtJGf//mfjzKqD3fw5joHJqPpO8CdVfX0jdwJd+mll4YDDzwwplf73+c///m4ewwMTzzxxNjP
IQ/lbn7zmwd2w+Zk/Gc+85nwB3/wB5GfoINw8BH8xGSCd/Qlf/zHfxzbjvpgygEfv/n8N4cLL7ow
YoNhm3r3fb9PZ8yz+mnkCHeIPuc5z4lH8VGHOOgEzxT3f/7nfw53v/vd4y5edtZibBRfsLMXnvX9
vqelhAd9vLHP6HEf+tCHuv6aHWO0S9oFsptTeNDvlom72j51zKkv6AC0Pe7K41g/dih6V4s7aZT0
Pz7PtdaBfF48U8axhnXCoi/QJyAncWP08Biw4D/4mnqh3bzuda+LMvWII46IMljJ5PiWfpj2Cm/D
7/Tp0IscZEcK8ikXj/bLcbjoxbQPyTQW/HDEvHR65Z3yBdczPP7xj+/o62uPij/W9/0PegnyDDk+
1P/4tMEDHYYdNpRJesm3r/x2+MD7PxBe97uvm9FLKBuyjT6KMYDcWvX7Sn8V/a1uWKeu0R9oJ/A9
7ta3vnW4tx0LzTgUnuEOavQf74hHX/17v/d7XTza2HHHHRd1DY5Qn3E2ofTpv/t0oA9DX8OR1/1/
6v7hkO86JHA8JcdOMsah/dPu0RMYt6Jv0m/jkN2M89C1oI84vn1yIhhlUjthTHfkEUeGyz5xWSwn
bRxaf/ZnfzbucNa47Korrwqvee1rOp2OtEmXsVPar0ZC7D/o/NrXvhb7KXasIxPRKyQfCOflDYZ3
dAbpYrTjO9zhDvHqCtKifyYdlQ18GLct5Apw9/nQf6HLouchR8AMnZhdevTVwo04uy7fFS542wWx
XAfsf0C49zH3jnozujl6OVf+sEA2xxe1PMhuW+STsOTkAOQ++u+QYycn4xlwpo9Bv2Bu59nPfnbg
jnbaAWMI7+AF5g2oH/RUHPMn8CV85LHgWy0PmnUmfPSvPhrzQg/SGJ4r30477bS4SJL0vYNvKDvz
UYyHOHlmiAcVl3jsWtMYhnqijQ3xO3HFFxiU0JfFF4wz0KE8FoyrOTkGR35ghc7HmAo9+Qd/8Adj
H993pR3zUOe98bzwnve+J/IRmHNUM/VBHdK3HXrooTH9Rf9DT3jnH70zfPyyj8/FHZ6lf6R+KC8y
gDEW8gKepHzol+jkT3rSk2Kb8fQhv17/e68P7/zjd3av0XXZSch4aJnO8ztyDH7n5ErGECwIpNwp
v7PrktN4wBi+YM6Q/h/eQJ7m5CGYwPecjEXZcdQrPEF82tXTnva0cMtb3jKOs+kHNK5Gd5K85r14
knzABIy93Ecvgn84khx5tGPHjjjPQn+EDOaUEXZSp+PqEtyZf2U8gkNGM//GiZPwLzyPLsnYXfIn
BrT/atsj8Zl/QLemHOCOo42ggyKjcrgjMz716U9F3ZX2BlaMOfmjntHlGFMsqssg9+ALMKStI2OY
a5RjPhO9NyfjOTXuTee9KbZj6CAc+jx9921ve1slEf1du3bFuqbtSCYRDj4GF+Qw7+FZ6t33/VMJ
jfihfpo7sOFB5laf/OQnxzokep8ej9yjXh772MdGHQKeF1+go3PNp+/3PSklPOjjjX2mnTGWgffp
C5m7oF0y3kafYoyLDL3tDxruzqC3CO5q+8hE+uX9998/5o+egMxHbntXiztplPQ/Pk/m4eEfFo/j
0K2Y84M2r3v6OLV5KY0SA7bmJNGrcWP0cOUz1kc2wRfIRvR6+OSoo47q+J10cnxby+/o1Be/7+Ko
7zPvJ5nGfAsLWKTTi/5F+EJpjPGRs6X9j0+3Vi9Z67bvaWzPK4CAKT6TVf6zO8FNfQgTUyym/njH
nwnHiTHtVBlM8ZrYwGcwnimPU3HAwJTNGCfNT3nh246xGM+UjYkpGF14M3jG96YExPfQq3imcHd5
2aBuYopSLIu+m6I7sY59il5983E//vGPz2BgSsrElJ4ufV+Xdj9lR4PSy/l2jGYX/6UvfekUbYQ3
o03MIy2z/+bzLX0uwV1pW2c0MUV9CjPxCHTBF4RR+Fy5FF51RRwTnF0cxa3hQeKa8t3Vl3C3zn0m
feWDb51eV2eiT3Hl2+TUVBqm0ExMSR3EwgYdXZxFeNCOZ52hT/hBnw26u3woTw0PCo9SfideKV+Y
UjzD75Qjxd63Q9FnA75BLEgnF0/xS/xS3NVWfd2Qhg2Qp/gEGlMZiozjvcfBp4O8godK6O8LW8Pv
ZtQdpM8W1kxssDBFH3jYQHwwHuVV20r5Qu9t4naKN4Qdct8MTV36HjthqXf6bQreFI0luOfasNL3
dWUDiIntCO/yWaQ9XnjhhV351D7kkze4207pLi/qHFxs4DoTTxjgC8M+HhnzHjzsvs0uH5++f/5/
/+//TdFHPN4pjMrjMTz7rLMnNnHZxbPV7VM8YAsnJugTPg09m+GtizemHD6MLVyK2CitPt+M+lP0
kYZNmnX0EE/lUhrQnNMbSnjQ01rybAP+KdpEU0qjGVenaKzFHVngeUP5+DpGpqgMi+Be2v8oz/XQ
gZSXfHhfOorkm755n3B2PHKsM4+dxw9dONXDfRpjns0Yk+UL8Yf4WLq2T9Mmlabiik7FzfE75bKr
ebp4iqNy2STRBF5QPuhZyCql2efbhNJMe1QaY32bjIhtVmVW/cBfopNvOdxt0VxHo8KqTEov1UvA
Yl7bR5YRbmwZNnM4m+jZuu7qyeS5z31u5BHPH55HbJI81rMHwSZnJzZx3BuP+PCVdzZBPWHspbbi
8/PvkO04M1RNyFt8asa5+N4MB/G9aMSnLcjZ4pOJTdpNtRnG1NIvla/S9XGRW/qu9M0gPLHJSCU/
5dsVbF15VIbUJx3GL3K2wLKjTWHNkBbz8GXWNzPo9OavNIf8UtyVlk1CT8yQ1OGf4kLdEEYuV65c
HHTQKVfJg3av/cQmh7v6Ai/yQ/73ObCwifWuzkSfsFYa6EzeffZfPjv5oR/6oUEsLv/ny7soi/Ag
42bRI/rw9Q75753dkdp9U5ic73lQ8dGH0jxskn2Q3+bxBf2Q5wtbnDPD79CnfEUr46zUXXzxxb2Y
K55vv2n8kt9e5xBtQ7jbQoYpOQQ9pGELVado5j2Y0AfKIeNEfy4v5BW8ugw3j9+hI+V3W0yTpU94
mFF1YoaJKfLAwwzN2Xgqq88r5QvRYAuPpnhD2NHn2MLtLn3SEnY+ff/OFl1M0ViCO/gzZlaZlYdP
n3e2aGBiizy6fBZpj2b87MqnfOSTF7jTR3gHLrZwYyae6MUXhj5e6TN4PPCBD+zy8en7Z3RD74jH
PJHCqDz4ekc/isyUswV1U3XLfI0t8OjC+7gvfOELFa3Y19yY6Ojzzag/RR8ZMT/sw6tcegfNOb2h
hAeLC3RNBM3tiRb5KY3MZ5jhs8umFndb5NLxhvKQr7yRKXKL4F7a/yjPebondEr3VJzavBQfHx2F
tCXf/Df/LF1SuMkXfstow3ZVzhTPKu3Ut0UinrT4XMvvtrCgy1NlwidP29QQ5wmV2SJ8oTTG+qX9
j0+3Vi9Zj7bv6WzPG48AKwpXdqKEAa8mspj4tB2k0UiAMs6glEaam5SXUKMh0+EjKGm8DE4Uj7gI
PZX/la98ZScIEGa20y1+t5XKUUGREGLySXGgw1Zjx3jpe4wQ+qZJMcWzVZ0TW/HXfVfa0ItyjWLI
QIeJPU8j8UmLtG3nesyXCUM/6a888HecvWNKUSEfL+T07A3rYI7BRzSRPvgpXVv91hm0bVXkxFZZ
dd8UpsSvwd3zBWVgcM8726UXaecd9HveuOKKKyYYQr0xHt6wVd5TcdJJW59XCQ+Cga32ioMuJps0
sZ/ygsfqta95bYe7reiK5YL/4AWViXL5NDBcMQnDe/gFLHbZwJny2urpLh7ltlXWXV3V8qCtqo1p
whcoTeDDpIZdNRBpYFDiDTY1POgxKeF3X1dj+YIJH/KAl8XzDJJp29SbjKUYr/ykMs92UkOMg7HS
VgfHcoOrrWDv0vJ15ctV+lyKO+kz+YCs8GWjjMg3+Ape4Zkyijd473GgfcNjtotiygiBMl5ahjR8
Db9f/N7dky7QSBth4AX24L5z586O3z0fUlca/MMXGICpW4zk55xzTheHNFVf4MEiGGGn95SBuMLV
yxhkia167vCj/fkFEWCNcmY7ZGIYbxCtwR25bCuuu/xo/6TDZNqZZ57ZvffyvbY92ukvXXp3u9vd
Iu4Y0W1HU1yQJvlkuwy6dgLutuI+xuM7BlX61Ze//OVTfarHMOWRkt/ws+1WnTLks4jtjDPOiJMQ
0ILM8mnaTqWuXMg0+J1y4WMgU1vw/Tv8Bt957EjAcNcAAEAASURBVAlHGbdv2x5lPgY7fjPB5fMr
ecaoB8+QDn/KQ7/l5wx56A2inTRsRXnkC8+fyDhPTw0P+vhjn5HTT33qUzv6oBMaGQTDGyzkE+3U
ndKtwd3LafDauWNn1GfoH2nHPi+18Vrca/ofyraWOhC4Qpcw9D7YjDGso1fRRsGvTwcaysfnOfSM
fiaeVv3rt/df8pKXzJTHG9Zz/E78lN8pv51QEvPE5zu6E3xBeaEBHVE0Y1gnbdHCdz17P9celcZY
3/c/pC3eJL7vf1LcGQtIL7FdPVN6iV9s7NMjTdu5HMtLXug/vt+HR1TWdDHY2PJstnAbPzRfOwrg
e/Gx7aKe2G6SaCRg0ukud7lLrOvUsM5EObJYfMDENnohhhX6GsWDf5iMk9M4lXi2wzTqTXy33dBT
BnQ/uQkdz3rWs2Lb8u/R8TBC6Bv5ekebsd2G8Tv56Q+abIdjbDe2Y2tywAEHTNFIGqRF2jJwMknt
J/19PhhRSJM/n4fe4dvuoCnDOvzPuF7hSR/85BgryqBN+7WdhvpU5dfgLr6ARsqgzQe8h3aV1/PG
V77ylajTinbCvOhFL4p9juLwTgskVBjlxbexPKi4jC/tJI44vsHoQxopLygsPmMnlcl2V0YdFP6z
0xm6MqVpsJDDTimL8dCrwQKjIsYE2znZxcPoR1i5Wh60nXMxTQwzdrJC7HNst2cnyzHkeYPNGB6k
TDnDOrSm/E6+ffwO7yIvhCE6PO9SviAM73EYHcnDrmbpeB79mzZMPytjKcYrZIscz4zPyIsy2slf
sdzgKl2Fb0P1rbTG+KW4kybjLmSFLxs00S7gK/Dh2fOGX4QPDrRvjKPood4IAZ8t6sTv0OT5HdkH
T/A+xZCxsN4Th4V9YA/uLPpUPM+H1JUf39mpJbFuMZKjoymOz4u2gq4m7Hw9Ml8hXD0vob9qPEua
tD+/IAKs0Vc0lvMG0RrckcteftL+qdddpht6Y7FvW7XtEbkv3O3EpYg7RnT0OL8ZyE6t6NoJuD/h
CU+I8cCDvoT5CMZvYKH0PIaL8BT8hH7sx47Mr5z1zLNivUALMss72+Hf0YFsgd8pF/6jHvWo7htl
lIPf4DuPPWWhjMylI/NpK/xm8WitwxYATqTDn/LQb/nQmcpEb2gkDfou+EL8SVroL97V8KCPP/YZ
2atNYOIBaGReBN5gnljlZaG0XA3uXk6TJvNotBv0AeS75qShQ4veanGv6X8om+cjcKCNpLon9Hkd
szYvYSlfNigv3/RNvs+LeSnp4fSR0qeX0YaZcxRPiy/02/uvftWwYX0sv1M+2itp20klsT2gO8EX
pAENfmFMLV8IxxK/pv8hfc/vJXrJerX9Egxa2LVHYKUN61L2mOSi80KRRxjxh5EdYyVGIb9LDmVH
woOBncLLJ94P//APxzAyAqDcyuDK5Lrf4Uc8FEUZ2PwEO99kOEnf+2/pJJZoUVzoJX06ZH3DT+nw
3ygHnRf09hnWCc8glPKxoxkcKQvvSFt/Pl09azINBcrTobSgua9cSmOeX4s7BjTy3//GswsPyBMj
EEKdMH5iVJjxPjV4ICx5jwHO81kND+bKrbruw4wOX5O5DFY85qRHOaCPP5+G0iWu310lGnx7yE2K
Kj7pjuVB+A2M6BAxrKFQsSOeNKAjnciv5UGVAV91N8TvtXxB+uJ3FHdf/xhXKRfywcsZyq5TAgjj
45AeCi48iDLhy7HIcynuyktloxzsOOJED32jbvRMPUohRiHSe+8zwBIeDLr9t5LnGn6n/HZsXszf
jgObqg/l7ZVpJk14z6APmvnLyWkWOUle+LZFXGGXvte3lN/VnlhsQRj4wo70jHlrolJtUsb/RXBX
WqwCRYknT+UrAwsrUfUev6Y9Cgf6XNqiT49nlRuMRYdWePKOiW0fx45tjzvM+JZi6MPVPEtW2FFx
E/LpS4O+kPz523b6tpk2TN2d/sTdK2+hEZ71aQl74jP5YlfFTH337czHK3mmrqBDxlfxr/puu0dv
Kk+lTR0IWxZ86L1vQxjo9H4RHlQaJb7Hjj7XY0V5/SkC/rQV8vBx5+HOgFV17Heli1bkOAtFCON1
nRrca/qf9daBVG58cKZdI/ty8k1hmfAEHwb5qR4O/yETMKz4/lFxS334Gh5FB4Iu8eg8fpdhHRo9
v1OP9Bk+rZQmcCB9yobuQv4sRKHMTACThuKIL1hUQ5pj26Pil/hD9aNvlNfrW9QBekms0/e9f0qm
EQe9BKOf10vox4f6feKp30dHXKTfLyn/RoZd+6H3xuWAYQjeZpILQ+Hk6mtpsaN44y4kO45yapcc
PEYctaNrY+x+Ip5dPRLDPPG0J8aJKNKWwZXJf7/Dj1j0OXwnTT+5yTcM3Ln3/lvfpKWM49BLOdAB
vEvp8N8oBwbVIcM64TFyMlnIjmZwpP/iHWnrz6cbnw1nTbimOx7BirQoc1+5ZtLreVGLO5PjYEaf
iq6TOt5BH38veMELus/CjPdMJHrHQnXSZNzB5KRcDQ8qrvfFJ32YoQsiI6HBjiCd4UHKwbcUd/EQ
dYtMTZ1vD8wzpU7xSXssD2LEASMWq9AHYXhlURtpUAbkoXfwm/iG76N40Cdgz0zmw+9DhnWdpsN8
S44vMA6CH3R6viAr8TunD/n6V39N+/e7cSm7TgkgjI9DeuzwIy+MD8typbgrX5WNcsNbdnywPk0t
gqAetUgDHTHnGG+TDnj4hRq5sEPv0GPE7xg8U1knficvtRnKzyIT3nECpq8P5eX5mYXaOM35EC+V
33xnkZP4QnnxHifs0vf6lvK7DOnM0+HgCy18ZvyO22X6G7TI+L8I7kqLcbXnefLVwg/GE97VtEfh
wAIh2mLqVG7KJTpYRMBv/lgQ6Z1dnzKxY7jjtxRDH67mWbLCrtuckE+fQw6JvrTdEwcMtbAaGuFZ
74Q9adAXMQfrnW9n/n3JM3UFHZq3EP+q76ZPyznqALqgmz5Azrchf5rGIjyotEt8jx1jKI8V5fXz
yPQt3vm483D3c2qMsVOHHGehCFh5XacG95r+BwP/kO4Jj2pxl+qeMtTklZad32rXOfmm8Jp/gpfo
x70eTltDJkBjTh4rjbE+fE39a0GOeHTZ/D5Fj6l7pE/Z0F1oIyxEEU/AC3I1fKG4Nf5Q/fAtlZ01
esl6t/0aHFqctUFgpQ3rTHrKoI2Cw5GyCD5WRNMhsoItnTh/ne2kpOHyhxJud0lNWImjP4yLMs7I
sCHjKXmwKyU3oSPjCzuq/Hflpwm23Le+SUvFxUhEp+bjznvWRPiQoVFpKGyJAYOd6cIRpVpp6eiS
MfkqTp9fgzuTfHafWqRNxqtc+jpaX3VMGI8DE9o+nmjx4flew4M+XT2rrvt4QZPX1BEDVcWTzwTB
Pe5xj1hun4YMXtQVSrb4PPpmUMOgRZp8H+LRsTyIYrnj7B0db4hH5PfxmMcehVTlGusrfh/fLcIX
0CAc/e5e3suAnpbL50fZMQ4x6EM2gT0GASaPxpZvXrha3H3ZWDTAhE1fXiiBqkfaWMpPyE7hlOLR
l2bf+xp+90YoFLRc2tSLDMpaVCOjJBNcOaMw6TDhwCSANzjwXuX1bU758i3FQe3cn3yhNDiSibjC
GVlDfeg32Jfirri5dqFy59q92lNKv8rmfYWFPozV9L1ezsAXfiW/sFL+0OaNU0qbhWSkOYYGxRnj
02YxFM1Ll9Xxyp/2lUsbWaVFdzLyKZywR29gEknv18IXX+XqMpefaPOnIiicjgH2aSl8DQ8q3RJf
+VFHOexpp1oAyXG+Pm3FHYM7g2bKxIQhEzg+HT1r8VSOX8bi7vuDEr1EekeJ7lmaV2ocVrlJB9mE
3FOb1TfvY1hQG4BO6eF2n2WUBZd84JIZPdzHL30eS5dPVxP1ud3i8Dtl9PyuuExSnnTSSV2/B6/4
P07ZyPWZ7ALpS1NpL+oP4aBvmuBTXtAq/ZhyjNFLhB3h+/ofFiHzPc1P+W41f22G26uRKhN1mnSk
PW/fvj3ujmOxCBP5LExOJ87ZhUn9w/PoNiw84UQe/WFcvPfRu40zLCRkokzGUyZpOW0k59ihyEIP
FkR6R37k5Sc99V3f6AdyTrQi89Oji3Ph/TuMWmMM68RRWIyv8P8Ypx2KlA2ZG51NQDJuAN95Bv0x
edTgzqTnY094bMQcA3uf005E1THhPA5MaHsnWnx4vtfwoE9Xz/N4AQMsuFJH6KCpw4Bid5THcnf8
ZPWhiVfqicUC4nN8DGqMjZCFQzxKvmN5EN1Ei/uJl/6lE70qhyZv+74rXJ+v+H2GdSbj7T7hSI+M
mrm0dOWCjJoKIxxZDOmdJqpTun1+YEDfjLxBNoE940bGI8tytbiTv8qG8ZD20+fQb1WfYJnyE7JT
aaV49KXZ917tjXRy/I7BBn6HHvG7N0LZ3bvZpKkXGZS121BGSbtzOmsUJiHmn2gj6S5elVc0+Ez5
luLAonRo9idfKA3mKnHCGR6kPvSbeKW4K26uXajcub5J7Sml35dPzwoLfRir6Xu9nIEvcgshlD+0
eeOU0mVOnDTH0KA4Y3zaLH3jvHTZ4KP8U6O58qG/lA4iI5++CXuNifR+LXzxVa4uc/mJNn8qgsKp
D/dpKXwNDyrdEl/5UUc57Gn/WgDJ5jLvFHcM7hoXc5oqxtOc07gixy9jcff9QUn/I6M1ZenTPbXw
h938uNq8cmWXbMrJN4WnPcm4P1YPV9xafwxdPm3xxFh+V1xOppARH95P/3Jylbhj+UL51PpDOPAt
5VnPG5RljF4i7Nar7ddi0eItH4GVNqzT+TLgRjHTX9pA052LEviEU5w+/8gjj4zKJ8KP8BgNEMIl
k0TKLzdpp299k5b67o0wY/OWsSNnUEnTUNjcxHEa1v/WLhVNSmNkIA2wuuQaI5EPX/pcg7sMnfNo
QLkhDBOLmhgdwkG0yNjly1LKgz6unlXXfbzARC30stsoZ4QiHRnofBo6iou4fXyu9xi/RI980TWG
B72RiTTpfDh6mTug+A0NfTw2hL1oGfIVv4/fF+EL8s1hy3vlmysXRhEwEL6U3/8RJzXUDpWx79si
uPuypYsG0vzUBsbwEuWGrjSNsb9r+F1GqFxdKF8MDtohLoOceNzLAoWf5/fxBfH4ltKivHx/kKYh
nCVr9LsGd8VVWr48OVr0fYivFUY+YXU6wxgaZYCWbGKXpNLyfgkNPt6857HpesO/+og0beSKjIoY
Afx3YZ9eE+HDLOt5qC5zeYi2sXyh8GPqd9G2D73Kbwg7tRvflsbGJRyyQEbGof6NATblpp5T/W8s
7rX9j3Ao0T1r80r5RMZZ+i+vU6Th+O11ILBK/1I9PJfG2HcldClNTeKwiCBty31GcHRYlQMMjj76
6LhogB340mdy6ZFnX5qiZxn+EA76lmuLTFQO6SV8I4xoFHZgIV2mz8/lp3S2kr/8ofZqpchi6bSO
1Rbw73nPe07tlJGxegyP6H5yjrImPEcLc9xoiZPB1E9SK76+ITtzTt+9ESYXLvdORuIxBm6FLTGs
T8xoq92pmpSmLau9ykiUo23suxrcMXRrx/wQDa977e6NC+h2MiYO4SBa0MkVXuUo5UHF877quo8X
dCw2Cy1zRijqg4lU2kKXhr3zk8JpO0l/p7u0oU90jeFB6l9GJtKGn5h7Of7447t+CP5AvqZOxrm+
72n49Lfi9010ywBOOx7ki2s2tDDh7Ou5bwJb+eboxigCBinO0MAfcZaxYx08a3EHR5UtXTSQYuwn
2NMypb+LZEmakf2G78CItpzld0e3+F1GqFxdKAsMC9ohLoOcjCBpnSvOkC/sRIMPy7eUFuXl+4M0
DeGcM6ynOKe/U9zTtDx9OVr0fYivFUY+YXU6Q0pP7rcM0JJNbHLKuRIacvH73o1N1xv+vSzw6SJX
1Pa4ZtA7YZ9eE+HDLOt5qC5zeYg28ZgPk0tL4WmTuTr171Ie9GmPfVZ+Q9ip3fi2RPpj4hLOGxmH
+jc2KVJu6jnV/3JYkXbqavsflYUFK2neaR76XZuX4ntfGOfkmw+3DB3IpzfveSxdSkc4juV34vmT
TOBvrmN80pOeFE/S4Dc8kUuPuGP5grCLuCEc+Jb2P+RVqpcIu/Vq+4vg0eIuF4HroFxaxa+sM6EY
TOAFO94x2KRnMKEerIMPNikWzNAS6baJ12BHjcVnE1TBFL1gBo9gK5GCrYbvLdtNb3rTYPf0BjsS
JdgqrhjHdrCEAw88MBvHoA8mGKa+2SrDcOKJJwZPgwKYYSfYXSbBJi3D4YcfrtedPxS3C9TzYEe8
BLvXOtzmNrcJdtTvYDkV1lawhaHypVnZTqVw17veNb62Y32DrUIKJnSCTYYHM0oM5pmmlftdgzt1
AN52z1Kw0wiC7SjKJR3EB2ZYiHyw1157hSEcRAvhbRJ5qmylPJgjSHXdxwt2IkKwgXSwXenBjtYJ
e++991QylBvsbUXrFD/ZkUoRB5sMjrxGGXMOvrXVcTO8Lbpy/Jumo7C0LesAg61e7YKA0f3udz8W
6mR5bAj7LpGBB8Xv4/dF+IJs7U6YyNNp/SjfXNvhG+W2DjfYTpTIX6Rlg/5gA9wATTl+IkyJWwR3
8ukrW0qDKQLBJlTja9uREczYE+VtGo7ftsIy2Er1GXmYC5t7V8PvdqRQOPbYY4PtXA9mDAi2Az2X
dFCbEE8Lv3l1QX2l8r0PO/ohu7M2mOI8xe/KS3lDYJpGKmvsOoVq3NO0fH+Xo0WADfG1wsi33WvB
7poPNkkaZQzPtvJZn6f8613veuH2t7992GeffYLdhRrMoBlsR0fEYCqg/VC6fTIjDT/299iy2QAg
lssMqsF2r4d99913JgvSsrsJY9lT2TCE/UxCC75QXYKn3YE8N7Uh2pSW59H1bPsQL/rG9HeeTh93
XnsmrBlAg90NHGzHbbCdeDPtmzAqO/1aqh8Jq3m41/Y/yLJS3bM0LzMOB+Q5OpB3pPOMZzwj2ORI
sF37WR1V4ennzPgSbBJ5Wg//gOnhl3444mqnSXV6uOLV+J4uO5Uq2H1zc5NBhtrRg4Gypno/uqAZ
goKnjzzoJ+APW6wXbFd7YDwgZzu/gp1slU2PMErTdu2Pao9Kt8T3OKT1YxOW4YQTTgi2uziOg/yY
pU8vsV1jUW8jXY8Tct0Wz8Y6tEnzNe33S8q/kWEPOuigjcx+zfOmPfMH/9gCyW5cbdeZBFtoFHnB
7j8NdsRxpAV91ozNwSZ/g+24nJElnmD0RjOmR7lqC/JiHHTkXkyZgZgeVkc+JT9Pg/KwHZNRpqMD
2oIeve58xiZ9cbtAPQ/MLaADo8Mw1vL6VBpFYe10lTgG6C1fEtFOpws22RwxZg6D8QJzFnan68zY
M4k66if9WSnu6LNmXI11azuyI365zMQHZijv+GAIB9FCeLuneArPUh7M0aO67uMF+m/kO7KcOaN0
XE25wZ7+sUvD+PHU004NzN/YscrBTr7qxnYpDYwXGJOmdS+6cvybpkFYsKdtMS7yc0VghGy2xWJx
/iXNB1mPDmVXsmS/p3mlvxX/dre7XaDeU36nr7CF88HuNI7fzWCTJhF/qww2YR7rWbqGnZIW2zDj
JN9WlW+Obr7ZLupAf8WcE/yFM0NNbB/QRD70wSm9MeDI/2xHcCybTaKHd7/73UW4k0Vf2dLsKQPy
BIfsNGNP77jaTvcI1EU6Dk3T7PvNvJjtLA+2Kz3Ycc0z/A528LudMhbHrtSJneoR64Z+AF2AcX3O
0RfQJswgF/sF4Te3LjLyvQ872iPzi2ZEnuJn5aW8oS9NgzkYaBc9yJ5a3NO0PJ/laBFeQ3ytMPIZ
/6Kzomuif6KTDY2r73jHO8ZxNfMJ6LJ2MlYcYys9+Uq3T2YoXKk/tmy0dcpFH0cb7htX2xVcseyp
bBjCvpTmeeFVl4yBZEMYijNEm9LyPLqebR+6Rd+Y9u/p9HHVfjzPp5jYSRTBFniE0047LbzkJS/J
yiuVHfnKs++7hNU83Gv7H2QZsiCX91RZnGyqzUt9nU83lU3+m3+mf2dcTRvI6eGETevJxy99Fl22
SC7YiYBzo4ufcjyhOkzpUz+B3sD4mPGAHPLgTne6UyejUx5TmvP4QunV+sIhlT19/Q/5lOol4n/i
rnW/Tx7NrRACGNZX9U93aXIfS45G7ai2idfuu+7UZCchxyLl4rFCmF0/uitQ+Vi1TDjqLBfHGmBc
ocqR8P57344mds3oyHmbkJ+Ko/h9cfV9yNeuvL4dvD6udjiBCatu/DeeOTKm74jk7du20/VM/c3b
+Zqm3/e7FnftZONoZ+5KSdOnXnWMLEdYUt+EEWbgYJ3YVDzql3KmeIrGEh5M6eG36rqPF5Q/NNgE
xBRtxNeuOr77NHSva9/dx8Sl/DaZkz0KV3T5NpSjn3fagWqd0gx93C8MbTlsibsIDxJfdZfWj6e1
li9IQ3E9tj7ftFzQwy7evuPFtWrXjD+9JxB42oeeF8F9qGxpnsgGytnHgwpPm0t3durbWL+G38H8
dre9XaQvx4Pkzf260M8fR5TzTrtWeNcnuzhanpXgpvhN8bb4Ir0/+zP/+JmIVcoXufakNMRbKrt4
eRHc07Q8/jla9L2kPfq+7Oyzdt8dr3S8Lzmjd8ofjHJXrHBMIHWSYqj4tb5kxbx0OfJWvEJ7zeXH
Tl2FsYnXqTBD2OfSWuSdsLSFelM0kKb0GZ/+EG1Ky8v8RXjQ5zv2WfSBrdqpj2sL+Trc0/5QcdV+
fLz0WWXlqLX0rnaFlR5pCyw6nVDfFH8M7mrnJXqJ9AtwKNE9S/IirHQglQufd+hHNok7pVP4MDxL
puZ0INLYdvq2mIbnpzSNkt+kSZ8HXTZ5nuV32rhPk7YJhrmj23O7y/1d5BzN6tMi/3PPPbc3PcJq
5+YYvvBplzxDB3UHDmn/Y5PGUW6yst7rsui+6CVm7Mnq9JJnNonb6SWMk5CVfXhDM7Qso98vKf9G
hrVJti3r4BfaCifJzDjbrcvRxvCCTZh1n3W6A7uqaHs5Z5NS8X5odjDjlA9paZfjVDzLCz5GrjC+
8Y6dlykNfGcXJkfO841+IOf64ubCpu+0+3rMjnXt8gYT2kbqOCKVo1dnnJVbu9apB/4oD33BMlwV
7kaTdvEgP2wScYYUsNExsoSlvnHCDBxos95px3qKp2gs4UGfrp5V1328oPzBF/07deyWFP4+Da4c
5D33nF757fxRt5Sf+0NzR+GKLt+G0rzjb4NQO1Bpd6nTKV3I+RRbwmqXHd+LePCajMxoPfeOdfGF
GSrm88Vp1/IFWSiux5b3yjctF+/ZxUteOdxtoUSsF5vo792RTfpj3CK4k35f2dK8qRfKCT9x7VDW
GR/Q5szQkv089iXylHz68tIuUr6rToQ573I8SN5qr4Qx40ck513veleXV1Z2WZk4Wv7JT35yvCrI
l0HYaRe2vjEXCVYpX9jCjZiXb09KQ+VQ2XX6wiK4p2mJPvwcLfpe0h7Zza277ft2n5MucsZfaaL8
wYh5mNRxTQX1lGKYhiv93ddm03TMGNfxBe0159DroZE/ZLR3Q9j7cMt4FpZcF5U66TP+/RBtSsvz
6CI86PMd+yz6fDv1cbn6Srinskhx1X58vPRZZWVcbYvk08/xt3QcdqxLJ1RAxR+Du9p5Sf+za9eu
rpzML+Qc5U11z5q8cmkrHcmmXBjReNYzM3q4RRB+np9y6ZS8U5+X04Xgd9q4d0M8oTr09En+wWPM
4aROVwn18ZjSHMMXadolv1U/Y/sf9ZElesl6t/2S8rewa4vASh8Fj1BSJ0CDxPjLBA9/GAYwJvLd
T+jx3lZ8xvdMlNJwFAdGpzNhQpZ4HHGuY7e9AZljQ5mgIh7Cj/udREd6rC2TdnxjYoqjYhUHZVJx
MNrwXhNF0EFZEB6E4YhufjPZxx/fFdb7lE1hbIdOnEDDcOffa7GAj0faMjSTF2VGgeVorx3X3JfN
ZHA6WUkaui9HZeHoVgwtPv1Fnmtwt5W4cSICmrj3yVYGdXXMEWHQyDcG096QhgIHT1BX3tBD3djO
qBgHPD0ONTwIHuCrugJ/GZHgBepX38QXvLMVnB3P2G78yIPQgmFB+ON7foI+ysl7jrqmjKTJH3lg
VGSihO++ndTwIHdWk47tWI18QR4oVTpSmW/CVuUSb9TwoOfrMfxeyxfQpuPDPbbQDp7gp3KpPNSL
cGXyGzkh3PF15/QyDOu1uIMf8oCjOamblPdy7VgGGxRmBtCEUbmQFwy8Vc8MtoVHqV/L77Y6NuYP
DRh5uU9M9NHWad98s5NIOoMDdWWrvTu6L7zwwq5cyA4vq23nwlSZtKiBvkZyBtlBGxAOkiXQ4WW6
8BWm4A9Okile1ihMCe7kpwUtPi3y4BtH4UMjvChaVE+l7VEGRtJDjnjcaSPcu8c3/uhjyYfJFskm
2g+0ki9tRfeRET5tW6Kx1JfMpZ58m/VyxKcJRkz4im4mJDy/a3EM3/3dzeRDu4JX+Ab2Po9cH+zz
rXnW4hCwwkAM7eCIUfABD3hApIP7+Uibb339WcoX/BY9NTyouKW+2oCwh6cw8FF3r37Vq7s6Oeyw
w7pFPDW4I6NIg3zATjoa5abOtDCN7+h9aTlKcK/tf9ZTB6J80j1owxhYaaNp3+BxkNGacMgU2jD4
8UdadnJSTANjtI9X+0y6WuyAfkcevIM30MWR8dzbjMGfPPj2gffn9Te+SQ7Sj/KbOOjAWvhKn0Zb
4hsLq9DxxZdq22lZxBdMXqbtUZiqPaZxx/6Gnr7+h+P1oJH81f+QLrJnjF7iDevko7YPrrY7cUoO
0u8zAaX8Fun3x5Z9o8Ot7bB7Y1Onv6Yuac8YvKPx92qjyf4wFtOf8I0xt5yMyMTjXkhkNRNx/GEQ
QkZwJRTfdRQ86WlykPQY0zDBShwMklrkwbf0/kwMk6SFsRbjp+LYCRsd7RhteC8HHZQF3YI00Un4
De385YzFxGUyUGGQCxj2MNz59+nEMPG4nxtDs/LC6I+RlbGK7sumLaaTlcRFplE+/dlu9akjtAlT
7Spxp51TFmiiLm03ccQXjJEr0pUI4w1phGPynLqiXHLEUz8Pnh6HGh4k3auuvKqrK+oWnQ164AXq
V/UoviBPLQYgHHxFXfIePVX4Kw3Fgz7e8R0ZTJ/HN/7IA6MifEIY305qeFC6MzIZnYQ8kMle/0TO
g63oE8ZgoPJxJH2OB5kM9th7vkbfncfv9G/CIscXHDsMToTxfAFtOj483t19bVONeJKvyqXyQCfv
SY/Jb+RELLPFxX/+858fvy3DsF6LO/jBQ3Z6WqQl5b3c8denP/H0GJbxHVdlEYby8Ie8YCxLmcGD
vq/WwX+2WzimRXroKTl+55uXn8hm3vGHkdd2PXf0Uae0b75xrYfoo67sNKH4HrrRrVUuZMKZZ57Z
pWkngk0VSQYeFq5IzmAkpg2QzxRfWN1rvAiPC18ZRyJvWeoyAnlZU4W75acFLT4tCkB90WdCI7wo
WlS40vYoQxLpYaDyuCNzXv7yl3cY0sfidu3a1bVHcIJW8qWt+LnqKQxFYIUvmUs9qc1SV16O+GTB
yE7z6+hmjCq+4JsWx1Bm3+/Rd8KrXJ/IN7D3efBt2U6LQ8CKuUzoA0eMgow9oMNOgdidrfGFFuPP
4wvSkaviQUUu9NUGoJs/eIr5L+qO8Yjeo8NpEU8N7sgA3Q8OdtLRKDd1poVp5Ge7j2dKUYJ7bf8j
3RMa7FTfyFuqX+mefPOLWmrzooDSPeBT8U7aN3ggfF1h/KcNozPzB4bIRujzhmsfv+ZZmNCPQy94
wBvggYynf7r88st3J210lPI77VyLhejT1H8z1wDOlIc/te20DCV8kcYt+V3U/1jCtXrJerb9kvK3
sGuLwKYxrNMYafRMAD3+8Y/vGijKPAqHn4ihU9RAgHjcr8UEmRo1Pt+ZUFM8O5IzGl98PCmNCk8H
wkBRcfAxPPs4yoN3/j35M4hJDdUK733u20S4+Xw0QPXh+p7Tu2BJB+HcFx46uW+eiWufp57t6KEu
bi5thavxa3FHwfb4UldpfaH4iiZNhHoM6PD5rklc/03lTHEfy4OaqPRp5p79vc9+Yj4Nq7Jq0tQv
cKCc+k48Bnwy/PGbb/zZUW+xvLU8OIY+0S1+F/74JTyY4q50c77qijxK+YJBY5omdUJafmJDYZik
5xsTIKoLfWPBDnfJyLgL5ih0hF/krwZ3BjOiq8/3PCT6UPZkiCIe/E65MEopHcrFHZyLGhDHlEsY
i1ZkFBM50CB6cm1f93yrXAzsfRzipmWyqwxivSoOvnaeKC/5aVoYBtM2T/rIt1NOOaWjlUk43/4I
g6yvwT0ntxiUMiCnzxOt+PQp6SkDJe2RvivFncEDdysrHzDBMMPgRBiyoCjFyofnWfWQM2wqnTE+
7VZp9/lMZPi0crjDT6KJdFikoZNewFaL1Pry4L1f0OXzq32Gj3y7VLsQDWCs3b0pX9CGMULm+AJZ
pXacw2Kt2r6X70P8wU5JMFsEdxZ0+DxoG6muwE7nnP5Tgjt0lvY/xFlLHQh6PM9pp7X4JueDlW+L
MqwrrHSgxz3ucV17syPdZvRwn2/pM326rzPfHnmPEQfjHgaIlN9ldGfCIJWDtCHxuybWVS7v+7x5
9osSKcuuXbtGt8fSsvvwY/ofTx/Gl1Q20Ia3b98+pZcwke7zwZDk5Uvs9x+6Nv2+z3dVn9d22L2x
qcuoKX6nrjFSwCN6R3smnHdM4Pt2YVdBxXsTFQef7zt27OiiMbGGrPXxfP/J+0MPPTTqP10ke4CP
fRzlwTv/Xnd3E15h+nxvFFJeKRZ9cckzvQuWNFhw6Onx8Xl/9L2Ozu5oZvL0WTufFWnuS1s01vi1
uKf6GnWV1hdh5FiQlZaZCXzKp0lcffflTHEfxYOWpoxpSrPPxxguo5dfMJCGhyb+ZMz1hh7GenxT
HMYHfh6Jb7QTMMDV8uA8+pQ/PhPSKpfqYB4PstBFu+rR8Xx6Q8+e38fwBXjJ0T+maVMnOG9YUxid
aIFBQXWhb+xuY0GNjLvgzlzGos4bUZSXfF/vvBPu/iQlhU19xklpHaFbyhBFePidcjGnqPjkyWK/
RQ2IY8oljEUr/IEx1Jc71/bTHX65+c+0THadQjQU+fpicbvPy2OgZ3zGqGmbJ327KmDCqXUKi2HK
tz/CoFvU4J7KLfJgww6GL/o85Ymfu8O5pD3CJynuGL2YX1E+4IRO63cGa0GRwnhfuKoecoZNXxfz
nrW40+eRPnOSq3fCXbTA7/CTaOI9/TEbLHB+QUKatv/tF+74/Gqf4SPfLtUuyBMa+dPu3pQvKBNz
Nzm+QFapHQsLlWMt276X78Je+crnPX0ObhHcc/pgqiuwGE99j6+jEtyJV9r/EIc85umejCPBzLua
vPwCGeGc831b9HVFWPgCWcccsuJSV6ke7mktfWYRtucLtUfy4z14sBADV8vvLAbyeagsysP/Rr57
V8oXPm7Jc0n/Q7q1esl6tv2S8rewa4vAShvW6URpoPzZXd/ds96xa0O749IJGiaSH/3oR8/EIS4T
CLmJbzp5u4dzJg5KDcZLJkDTfPiNUoGAEl34TEwycad3di9qNKwzQa+w7KzXd+8zwZUaQTwWPmz6
DK1MWqd0MgH57Gc/eyY/jCNM3jFxncbRb62mxXBBOnq/LL8Wd3blHXXUUTNlyvEFhsYUKxmaWWDh
v1E/Mg553Et4ME3Tp++fOUbVY8oKsbRM0EPHbXeXdHRixMPYpTqgo8jxE3FZKcYASGFreZD4559/
fkeDysHELUqWL7P4XXnil/Cgx1355Pwcv5fwBbioPSp96gR6WYyhd/LFM/Asu6B5n+ML0uQ0C1+3
HovS51LcuRJDNOfo41vKQ6IJ2cNEhuJ7nx0ItCXPe4pX49fyOxMxab1B5wknnBAHwTlaUGQxcvvy
8Aw+LKLoKxPGcB+HfOED8tJ7lEl2nuo3PnKclZosTNJ7DBrkw+kUCiNZX4o7R0gpXXzoQvYjy5W+
vucWQpS0R/AkPAtFlKb3WczDoCHXR2LwTesKGU2/6elcdBGKlz+eNv/MitiUN6gjuw8+W66dO3bG
OlQcFGUmWEkT2ePT9s8scFCcZflMalGPPh9ogEbt3iWvFAewR87l+IKyMJASjaU8qHilvgzr6BQ8
6zhx4crgkvaqdBfFnfLbHXpT2JEX2MyT02NxF60l/Y/irIcORF65Ps3zE88YC9j5ItrgLYXJ9SU5
fUtxF/Hp81K5Qf7IY7/wNOV3JgeobwzrXr5QBs/vffKP8QH6H4sTc3ioTJEv7pFpjzun26PC1/p9
/Y8mZH196XQW6M7VFXgy8ZvTS9ar7dfisJ7x1nbYvbGp03bUntP2wXuMh9odl1JKXK/3KB18dEb0
9tSxi5KThnxYnum7mMRkMi3nOB6etqx48Dk6hibueI9MxzgB3yssi2kUx/ucyqZdWsrPY+HDps8H
HHDAzAQsabDjh5M60vDHHXdc1G+YuM46MxJrBw9lIJ1lu1rc0cnZdZSWKccX2sSgsJ2h2YpjdwBP
pcECChmHPO6jeTCTpvJNfSaFPaYcT5yWCXo4degpT3lKRycT294oygKvHD/Ba8zxYMyTq+VB4mOc
T8uA4ZWx+o6zd3TfxO/KE3+IB5kX8DyIwTvNJ/ebtpkaHOCLY445ZiZ+ji9YeK72qPSpExw6uN7J
Z7yKg2dlDMnxBWkyX+XrNkas/K8Udy0Gh+4cfbxPeUikIXtyc3DEYUEHbcnznuLV+PB7WldgB7+f
ccYZHf4prZxWk9Yb9DFXwILEnEM3x8hNOP8HPiyi6CsTxnAfnnzhA/LS+ze84Q1T42feYwhlZ7cf
s6Erkg+79RVGsr4Ud06dU/740EVboB0pfX3PLYQoaY/gSXjmE5Sm9zkpj4VKuT4Sg29aV7RF+k1P
J2kv4rz88bT5Z+bTU0cdsSDVh9Mz8+x8l8P4ygIMvg+NqzlRatmOBbrUo2gTDdBIPyWX4gD2yLkc
X1AWf0pIKQ8qz1IfPsVwedJJJ0WeReaqXODKKRK0V7lFcaf8fl5aeYHNPDk9FnfRWtL/KM6QDsRC
sFy7Im5pXrk+TVh4H3km5/viXF+S61cVdxGfPi+VG+TPuJAxllwtv/fJP+ZB0f90Iha4eDyUbylf
KF6pP7b/Id1F9JL1avul5W/h1w6B69CQTBCvrDMjRLjRjW4U9t1332ArwIJ1xsE6g/j7oIMOmku3
rdwO1sGFG9zgBsFgDNa5hL333nswnh3xFmziKey3336B50MOOSSYEBiMY0odixRiGPK4/vWvPxh+
oz6aEhBxBAswBZchZ5OTwVbxxSBmLAhmvB0KvtC3GtzJ0O4fCraiKNbRDW94w3CTm9xkITrSyIvy
YJremN/gTv1QX2P4T2naUYbBJjeCdW6RB+HFZTtoAhMcbaQ0j1IerKV/rfnCOsxAu0cOqUzImr32
2ivYDru5MqO0XIviXpof8hb5SR2bYhHreZ68KM1D4Wv4Hezhd3z43SY/R/Ei9UZ59tlnn5j9mH4E
LJAxxDnwwAOXXrfCAX89cSc/8e7YPgG8bXAWkLXQaittI4+QVp8jjhl2Yzg7rnLpMrov35L36n8U
h35krfhdedT4kjvImVLZOza/teZBG2AFO8I02OAx2DFksc+CNnhjnn42tgy5cHb8WbDBdMyPfErk
dCnuNf2PeLBE96ScNXnl8Ol7txE6kGihD0I2IXvBZdmOeuUPvammzZfyRQ39Jf2P6KnVS9a67deU
f73jjNEJ1pumZeaH3kRb0rga3Ubj6jHjJ+SNH1eje82T28g25Ihk2xjZi97AWBxHHqs8rmZuAjmF
XjRPbzAjbLCTcKIeacaCboy9zDpWWjW4E5f5DPpL5j6Ygzn44IOV5FL8RXmwhghbwNaNq8fwn/JA
3/Xjanhx2Q49HExwtJHSPIhfwoO19K81X9B/aYygMmlcbQvDlj72WhT3UhzpX5Gf1DHjUOp5nrwo
zUPha/hd4zt8/hjvjuFF6o160rh6TD8CFsgY4tDnzptnVblq/PXEHfrEu2P7BLBmjKxxNWM7eGTI
EYe5E8LRZpYto4fyHvtN/Y/CQ+Na8bvyqPEldxhXj+H3mjzWmgdtQU2wqz+CnbARbEPDuo6rkWlg
hx5YIqdLca/pf8SDtBOex/b9NXmV8MVG6ECij/pCNl3vetebK2cUp8SnXhm7wxM1bb6UL0poU9iS
/kf00K9JtpfoJWvd9lWm5m88AitvWN94iPY8ChC2crbiMNh9KcFWpIadO3fqdfMbAg2BhkBDoCHQ
EGgIFCNgu2PD4YcfHuyKh/DKV76ym1Bby4m1YiJbhIZAQ2CPRGCrG9b3yErd6EJfM6ye2DWTjKVt
92qw0zbi+HqjSWv5NwQaAg2BhkBDoCGweRG4YtcV4bBbHRbsiodw3hvP68bVYXhf4OYtcKO8IdAQ
aAisGALNsL5iFbLR5LA7wI7AiavOWE1rRy5HktiV+LznPS/YkVXXdtYbTWzLvyHQEGgINAQaAg2B
TYOAHa8a7KjxYMeURppPPvnkTt+wY1nDzW52s01TlkZoQ6AhsPUQaIb1rVenG1kidiZhTGc3F7tc
7Ej7SA67Eu1I8WDH67dx9UZWUMu7IdAQaAg0BBoCmxSBSy655P+zdx7wltRkG48KKiKsnxXEAohg
wd5RWBRsoGAXsdAsoDQFBRRYxN6RoiKggAVUEBVRAUGwd8XeaSoqWFEsIPfLP+xzfE/uzJxyy557
98n+7s6cmZQ3T95k8pYkZS6Rj18oNdh99917cvWBBx5YdshZoFUz2UbACBiBBYOADesLpqnmh9Cf
/vSnaZNNNmksbKONNkooxdnaw8EIGAEjYASMgBEwAqMgsNdee5Xt35vSfPrTn075fMCmV35mBIyA
EZgXBGxYnxeYV5pC8rmRaeONN26sbz7DO+Wz6S1XN6Ljh0bACBgBI2AEjEAXAjioH3fccY1RvvjF
L7bq9RsT+KERMAJGwAiMhYAN62PBtngTcWbPhRdeWM5WituycoYxq9Y5F87BCBgBI2AEjIARMAKj
IsCZipdeemnxpq/Trr/++o3P63j+bQSMgBGYKwRsWJ8rZFfOfJGrf/nLX06Tq3nOea63u93tVk5g
XGsjYASMgBEwAkZgRgggV1900UVp1VVXnZbPBhtsYLl6Gip+YASMgBGYfQRsWJ99TJ2jETACRsAI
GAEjYASMgBEwAkbACCwgBGxYX0CNZVKNgBEwAkbACBgBI2AEjIARMAJGwAisIARsWF9BwLtYI2AE
jIARMAJGwAgYASNgBIyAEZgMBGxYn4x2MBVGwAgYASNgBIyAETACRsAIGAEjYAQmGQEb1ie5dUyb
ETACRsAIGAEjYASMgBEwAkbACMw5AjaszznELsAIGAEjYASMgBEwAkbACBgBI2AEjMCCR8CG9QXf
hK6AETACRsAIGAEjYASMgBEwAkbACMwEARvWZ4Ke0xoBI2AEjIARMAJGwAgYASNgBIyAEVg5ELBh
feVoZ9fSCBgBI2AEjIARMAJGwAgYASNgBFoQsGG9BRg/NgJGwAgYASNgBIyAETACRsAIGAEjYAR6
CNiw3oPCNwsVgampqfTJT34y/f3vf0+Pecxj0qQoxaCrDte73vXqRxP3O9I9LL3jpJm4is+AoEnl
wRlUyUmNgBEwAkbACBgBI7BSITApMsRKBborO1EIINOcdtppRa5+3OMel25+85tPBn1ZrJ7K/2IY
Vk6Naeb7fhwZeZw0812vuSxPPHjllVemxz/+8ZPDg3NZaedtBIyAETACRsAIGAEjsOAQsGG9pclq
gUa/J0WAEz0if1LoEj3zef3Vr36V7n//+5cizzzzzPSABzxgPotvLOuaa65J++67b/rd736XbnKT
m5Q4v//979Nb3/rWtNFGGzWmmYSH73nPe9KnPvWptOaaa6Zf//rX6YgjjhhI79e+9rV0yCGHpLXX
Xruk2XPPPROKmJUpTCIPrkz4u65GwAgYASNgBIyAEZgpAjaszxTB5vRRbi0yq+yjk+JvHIy210uZ
qEmhqxnOOX3685//PG244YaJdvryl7+cHvzgB89pecNkfvXVV6cXvehF6be//W1affXVS5LLLrss
HX300emud73rMFmskDjveMc70ic+8Ym0ZMmSdMkllyTk7EH0fulLX0r77bdfWmeddUqal73sZemJ
T3ziCqF/RRX6i1/8It35zncuxX/lK1+ZCB5cUVi4XCNgBIyAETACRsAIGIHJRWBiDeu/+c1v0ne+
8520yiqrTEMPo+XDHvawdLOb3WzaOx50pVUCjJ3kcf3rX1+PyvXyyy9Pp5xySvrc5z6X/vSnP6X1
118/LV26NCFkItQddNBB6cY3vnGJ+/Wvfz398Y9/LIJnXyb5x2qrrVYEItLXZdRxR/mNYuKCCy5I
p556avrpT39aDKB3vOMdS11+9KMfldXaz3jGMxppGqWchRQXg7WE1HPOOSfd5z73WeHk/+Mf/0ib
bbZZuuiiiwotUijNBX0XX3xx+v73vz+tr2zykE3SmkvWHAmLXXbZJX3sYx9Lo9D7kY98JO266669
NG984xvTc5/73JHKXeiRJ5EHFzqmpt8IGAEjYASMgBEwAvOJwGI1rOMs+41vfGOarAC2//3vf4us
21b3rrRqm5uuftO0dPOl02TeP/zhD+mDH/xgOuuss9IVV1xRjGVbbrll+slPfpL+85//pNe97nU9
uRoDGnJ4k7M4cvvtb3/7tMEGG0wrQzSMc0Xe+fa3v11o/PGPf1wMoOutt156+MMfnn7wgx+UlbLP
ec5zGmkap7yFkAaD9W1ve9tSZ3Qdcl5fkbSzK929733vhCMzgXaDT+aCvgsvvDB997vf7esrlIVc
j+P5sAEat9tuu4ScPAq9H/jAB9Kzn/3snlx95JFHFqeCYctdDPFYmIDDPoFxaxJ4cDHg6joYASNg
BIyAETACRsAIzC4CE2tYR6hg5SsBYURBwvanP/3p9MAHPlCP+64xLS+a0vMcb9ioRGC1M0Zpgsrh
XulvdatbJVbnYtDHcHq/+92vKAD0PqbTM9J8+MMfTve61714PaPwr3/9K+2///7pxBNP7KOPTGN5
onFGhS2gxH/729+KwwMKm9e+9rUJR4NJCNDzz3/+M93gBjdIKGVQ3MyFYR2h/eyzz+7xgOp+4IEH
ppe85CX6OdQVvv7LX/5SFAE//OEPh6IXxRgKDwzq7373u8t1ZTOsTyoPDtXojmQEjIARMAJGwAgY
ASPQJxcuJjje+973JpxnCZIZuZe8+8UvfjFtsskmPJoWYlpeNqUnH4zicdtwjuliG2eCyuFe6W9z
m9skjNnI4sgRGM0xxOt9TKdnpGFnrfve9768nlFArt5jjz3Sscce20cfmcbyROOMCltAif/617+m
ffbZp7TnYYcdlnA0mIQAf1111VVFrn7Sk56UvvnNb866YZ12h2fhMYL4AP599atfnV7+8pePBAVy
NQs12MkNJ/hhHAGQq9kC/ZWvfGXZOW5lNKwjV6PDoM0niQdHanxHNgJGwAgYASNgBIyAEVj0CEys
YZ1VuJ///OeLt/BJJ52UEPhf+tKXFuGOleMIKNEoHlvql7/8Zdm6DGFo1VVXTUrPFuEoFRCkb33r
W6dHPepRPa93jIkPetCDygQeL+Hdd9+9eGtfeumlCQPlueeem6JhnfJ4xkpV5f/0pz+9ePzz7lvf
+lbZ7gsa1lhjjUIPW3qNG1iljxAJDgh3GDHBgNXw4PT85z+/CH81jbE8CYd6FpUcetZ2jWmHSRfj
k+cwaVR2TDtKOqUf5hrLIL7K4bnum/JpS9cUNz7DIQKj81wY1n/2s58Vhw8Zd1Uuqw1Y/QH/jRrG
oRdnl2c+85kjGdYjnrONe1Pe47TvoDSjYlvHb6KzjuPfRsAIGAEjYASMgBEwAnOLQJtsObelzn3u
rMI995xz0yqrrpKOP/74dN5556WDDzo43WmDO5Ud2dhqOhrFI0Xs2nb++ecXOfOGN7xhL/1DHvKQ
9MIXvrA4EbO6dKutturJ1RgT2U0Mw9jOO+9cZPjb3e52ZSevF7/4xcUhOBrWKY9V7ayWFn04JW+x
xRaFlK9+9avpXe96V6GBVcOsJmcF+7gBXcKjHvmodN755xW576ijjirbbSNXI6shzzA/r2nsKy9s
H8/zLjmmL13+MercP8af67JqWof5Henr20qftRFt2+rX+BGxLW4kIqfbc689EwbnYQzVMekw9+ym
gL4FBwOOdVOA33A6H1muHpNetpDfdtttSz3ZBn+Y0NcOWV/UFmI84gzk3bqtludNPl1pYznii0Fp
2mge9rnKVHnDpnM8I2AEjIARMAJGwAgYASMwKgITa1iPFZGRDwPyxhtvHF8Nda/0nBN2l7vcpTGN
jIIY108//fS+7b8wunO+GF70TYbRtvwx8KNkQKkw0+2xP/7xj6eddtqp0I4XdX3e2RlnnFG2DcOY
ijAYt8mHfpQVrGTHWxplAquot99++/Knre3JHGHktI+eln572W9LWZtuumlZnY8yAyeDW9ziFoWO
rbfeuryv/8Np4TOf+Uzx9Ga7NhQUKFIQDB/zmMekG93oRr0keJ2z+p7ANoR4iCMgsxU/Dgt3utOd
yq4F97znPXtp4g07DKDsQclDwPkA5U2sT4zPPfXD2Py+972vbEPIs3vc4x6Ftj//+c9lVflee+2V
7nCHO/CqF1htTnngh9KHQLrnPe955dqL2HIjHmnin5YkIz+Gv3G2WLrZ0nTxJRcX5RXbz0kp1ZQh
dYEm6o5grKMP3vzmN6e3v/3tjfyO9/15WSGn7fhuectbljLYNo/V85HXIz/RTv/4+z/S07d7etne
jXI50gAFBg4wL9zthekJT3xCH5nw7mmnnVacV+BbAnzxrGc9qzixNAnz7ERBvuRPGnh2s003S1df
c3X67Gc/WxR2KMpigG/pI6yugafoH4w17DRBPo94xCMKb8U03I/CgzgLoSShD6CUoW+desqp6YxP
nVHoZKUQvIfTT1OgLrQxysRrr702rXPbddKmm21adt5g1QZ9bb28qoQxx8EIGAEjYASMgBEwAkZg
NAQWq2G9h0Iw8nHk2sg7qoX0zEfvdre79bKON8itT3jCE8pRZRyvFo92i0b3aYbRkD8y193vfvde
tjgSM3dGrj7iiCNmtD028tHTnva0IvugX+B4uBg4FgtnA4ypHMEW+QKZCbkbeZt3rDBGbkAG3XHH
HfvkUOSgk08+uRxTh8zCFvOszmcVLnIBDvG77bZbkZNj+bpHPkEvgSyEfEM5yKjQjswX5WrkM1bf
E5CrcchHbmArfuQ9zk3nvO62I9OQgZDJlCdyNbQNkqu/8IUvpGOOOSZxJB2B/JHpaWfal/PC1113
3fKu/Jfb+Bvf/EaRicCPI/wIpGNhA1u+d4bAI9P4pzPhaC9xJtl8882LDHhRPtoN5xR0MOgz2gJn
wKMH4ahA5DLOCUcOP/TQQ9Ob3vSmRkcA2o2d55A/CciBlIFsRxvHFeuRn2gnVrbvsMMOZTEIMilt
jfEfmRsHFvgkBnj3Qx/6UDrhhBMK3/IOvmDhCXQ2ydX0uw9+4IPpzLPOLGngWfgYuZS6ordZa621
YjFlEQt95KMf/WjhKfiWdmWnCdI8+tGPLrzVlyj/GIUHaQ/Khj9xtoEm6s/YQ59k6370L7XMrzKh
n76P/gK5Gn0VGHDUIo48tB+7aKDDcjACRsAIGAEjYASMgBEwAk0ILCjDOgauNmGwqXJ6NoxREwEa
gRiD3eGHH66kvSvCAYqBQw45JN30pjftPeemK/93vOMdZcV7NDb2JR7iBxP/xz72scXoi0BMeXVg
tTJb46+/3vrpo6d9tCcEI5A/8pGPLEJWLSwhnOFIgLEPwyYB4Q6BnXcxKK2ev+ENbyhG5RgHQYSt
9BE+FV/vSYeLplUuAABAAElEQVQgRlkbbbRReYzw/tCHPnRgWQiK7DYQA5gsXbq0CD88V/5d2+BT
N7a2Y2t+QqRR9eJ5zWdyumhLA+8gvHWFLh7pSjfsO+jH8QJ8MXojBLOLAYI5TgQItHVA0cNKE4Kw
iDjwvMaCc84QhgltaSKvg3l9ZAJHNUAngn3Mo95tAaFWRmLFKwXn/6ATQRfFWuyP1B1FEiGmifWq
+Qle2mabbYrjSUxDHkrXhOOoPKgjKpRnE41g8KUvfSnhrBADCjGUIyhLlC7mo2f0LRRcTe0d8/O9
ETACRsAIGAEjYASMQD8C0YDa/2aR/JqpUXLI9Mha7OSGwU7G3oggshMOrcgMcR6fBuT/1re+tawi
nolhHaMbhnRkmmXLlhXZPtLGPauVmVNjGMXoKeMyR3zh3P69732vT84gDfNy8mVHO8nVGNEx+jXN
2ZUG2QPdA0blGNiCHsMqjsxN8gkGQ3QT7AxAwNEBZ/RBZSFnsNtADGCC0VPGcfLoXK2fEyPjveAF
L0jIN4RIo2jgWW38ltNFUxri4wSNQ3NrGMAjrelGeIGh9alPfWpxaGAXQtqCXQxwGMDJoZazqC/y
NkZugrAQDnpWY4Gzv45gaEpDumhYB3MczOORCeCJgZnyYx4Y6NG1aEzDEQTHFNFSbpb/B53U9z3v
eU9ff6Qt0CMpX6WJ9aIOccEH8jFGbvisLV0TjqRDzxd5sK6DyueqIyoiLbE8npOefoF8HQMOEOjW
Yj+O+RCXvHAcwvmjbu+Yl++NgBEwAkbACBgBI2AEVl4EbFhf3vYIDvLqRcjHy37JkiU9D/s4Ua/Z
pctoisCO8B+NjXX6Qb8vueSSnvd216p7DJEoAhCA8LIlYFhny3vyOOCAA4qhldXsGEx1DnZtaMQj
HqMrygsChtHXvOY1RTCjHqwGrrcZj1vpg9Vxxx2XNs9e3ggpGPow+nIfjad4wrMa4XWve10RoimL
bfjxjscDe9dddy3e4RhK8YSv24AdARCM8Mpmu0BCm2GdslkN/P73v7/kgyEVozJtjDEWbCRQ1cZk
FCqsxMaQi4KI1ROcn/6KV7yiKFuajK6FmPBfF4+EaGPf4u3PCvp184oA+ACPdClaUBwhhMfwsdOy
I8kuO5dHHFHwqle9qiiB2K4ewbsJCxwnpIhBSQRv44RB3yGd0tS8TjrogZ+Iq4Cw+5a3vKV4vIPP
6quvXspebbXVihLp/ve/f4kq/kO4RfED/xGf8tgx4PWvf31pU37DP6wmOPjgg0tb3eQmNynKB2jC
O59Qty+7EWy55ZaFp1EEUs6///3vohBAyUC+bW08Cg/i/EJZnBkn5xNwZ/cHhHb1EXYKoB4K9GEU
a6SlDxx04EFprbXXSj/58U/SEUce0Yc7SoKZHDmhMn01AkbACBgBI2AEjMDKhoCMUIu23jM1Sg6Z
HqdknGOZt2IYZD6N/MnK9c4tmjvyZz6OgzmyA3nKOXjUtmKlKzt0QVu9Kj7mhTyEXM3cWnI1hnVk
IfLgzG3m5/AMq3BxLidPZPVoaMTZGRnkta99bckeR/i3ve1tZUctHPaRuettxrWqHwMqeSKfsJoW
DDCmSz6Jxm/kalbfIgOBP+lYNIDcQT2QLZBbkGlZ2cv7GFgx/etf/7rI1cjevG87Xx7DMzIYhlji
PfnJTy7lgAVyMzI3tPKuNiYjp4EbdaANcQZgF4K999670L3N47cpiwRajZkdPBLrM5N7dulDxkV+
xtDLCnR0H9QHuRaHixjkSMJ7Vj7DozhXINPpGIUaC7DVjg/I1SxaWC/vPAY+6I7AjxAN6/wmHfTA
T7SzArzADoMYqPfYY49iIIe/kavR7Yhm8R+4I+9ypOGee+5ZysO5AycPaKV8dm3AcI+uhu3okavZ
VZDz39HNEAc9g2R2aOE3ZYADdUE/QTnggDxNmibDOmlrHuRZdA7gtwJyNbyFc4ecT8AdHR4ys/oI
dErnRVrkahZEQCf1RMeF7IzzOrsKRNzRF83kyAnR6qsRMAJGwAgYASNgBIzA4kTAhvXl7cokm0k+
E3FNqHmFERXDHsYvvKebhDwZTREYtFU9BkAM1jvmLeEIg7bkLpFa/kMIZsU2Ah3COsLXqIE6QRP1
JJAHxkaEuNoQynut0kZQYhsvrSaIBvRo5EcIQzmw5hprpnPOPWeaIReBhzpAB4qIqAwRfgh1GGsR
cgi0BQbPdbOxmK26REN5Wf2HgIeSoM2wjkcyhn5CU31JhwII+mrDK2lQIEAX29cjHCJY/u53vyve
/dFZgLhNQXVsyrsp/qjPcBgAv4itykTBgrJCAacAdgpAiYGjAMJy3KJRuywQX/RSf5wXEJAR+uEP
DOMKKHlQqhCa8OW56OEeARejsrYbZMvC2LcUF6cQPPC18oO0BPEn93IcwIsffkHhgQEfr3fxEvFQ
YoEPHvTxSAi8/NtW9+OwgCKLVfps2xjzI88YBvEgcVF2MI4gvKNkY8xROProo4uDB7tmoIhRWXL6
gc/ijg+ki6v6xz0qQ+X7agSMgBEwAkbACBiBlRkBG9YHtP6QRk0M0MhdzNGjXI0xj93SMNgxx49z
/1JyyJ+t6olPQIZlm+inPOUpZX6MHKAdtEqEEf7D0M1qdAxmrGadiVxNPQlL1lySXnnoK8uW302r
6bVKG6M8K/Ul08qAjkwWt9ZHPkcWgja2BJdRVNXEAKkd4Di+C+N5Ccvxgwa2YEfGkzyBERLsMRZj
gBcNyrN3zXnsf8D+5eisNsM6Mjr6EfJucnLAKUG7udWGdcqJcjW6CZyrkbnYejs6C/RoijeBR5ry
jlHHvWeBAI4DOIUXGTqUiUGbtlHA+QHjMVeMz8iLUa4mD3bMAyvRi9yL3Axf0B7IptRbAecE+geh
NqwrDnI/7UygXIzKbXK14qLPYsV9LVcjX2rLc/oH/IZcjYEcxwLRLV6iTHiLRQaRb3mOPqZvdf/1
8655y304cNxAt4T8i1N+zI+0MYAxq9LbDOvERa4mP/Q8ON5r1zreoZvCwQNdR1ygwdiBzgc9Bosr
tBCBNHFVP31k5KMyyMTBCBgBI2AEjIARMAJGYKVBYMEb1hFMWLX8fzf7v3TTNfq3aFcrykgnI6Ge
11eMphgoWb0cgxQCCDjHH398bzs4xVH+GMzk0a6VuQgMCLEITrUQo/SDrjM1rGMAZ1UvwkJTaDKE
Qi8raOvVs2Chld/Ck2d4RiNI1UbcWB5e7fvuu++01b/CrzYMylCK0qHNYK78yQNBsS2ejKcI7Aiv
TW2B8AZ9teEVQ/QH3v+BojBRefG6og3rCJU6KgDBWAZltiLEGF7vLqCV59ANb3AGeQzkp63R1cZq
C9KiEIqe6UqLEqjNUYM4ameEe/hEfUXpdUXBouMLoB3v8X9edZ3iijirrLpKYiXBQQcdVJKIxsiH
vMBAjWMM2zeucdM10u3vcPuiRKvPgUNphKMBAQEab3qUG9B3xzvesWzLjtDdRm9JmP8bxIPEU91Q
vqBsjMo8FBmscKlXx6Og4Wy+6DShMrmi2AAj4RDf+d4IGAEjYASMgBEwAkZgOARWdsM6cjXGL2SD
RsNrMDDK2NaGLHI1BkrkxhgkV2Pk0xnJvffL88dgiOGcuTfxWRFOQK5mzh63W++lHfJmJoZ1aGEn
tmUHL0vnnX/etBKhr8mwjoM9W+NjTIyrZ6euzbtvPf+6ld/CE6PzLjvvkk448YQyx8dA3hRwhMag
isyGE3xxUgjtg2NCNAyyLT06CVY7txnMSznL82AVdls8tn9HzsK4z6roJrma1dPQh9ETeUwBJwL4
ota36P2KNqzjxMGW/jg0wGcsDKBdWTCB4bbeXQDDM/WDbozM9XFe5IeOCJlbbay2AF+2Uqdd6oDD
NosWBhnW2cUBWbBNTkX2JH/agVXkRx11VDGaqzx2/rv44ouL8Z9nyKfI+fA6Ox6g+yJwDz8VuXqN
NYqjPXLy2muvXd7rPzDA0YDA8QLsQMBOa9DHThHoHza++8bp+je4vpI0XtEXcGxcl2FddWOxA84m
Ua4mHfJ7vToenRi8h8MD59DXAR0Fzv/CoX7v30bACBgBI2AEjIARMAJGQAgseMO6jFFMgBHemoIM
eoMMTwgQCE4oFdheCsEPoz0esDo/DI9XrcxVWcqftDEgfKBMwCu2SeCMcbvuVcc1shCD8RkhZtiA
MCQvduhjeyyURgjBCIzUucuw3vRO9RWe0ejKyuUoxEc6MbyzxRiCOMZCCYB1fkoTjZBtBnPFJY8u
w7ocBeqylb7tygp9hGFt3Y0wiFCNUgJlEPitaMN6XI3fVo+4YwLnGiIcowzB2WLaapGcSd0mkQc5
a65WGlCuVpE38QzvlWftQMG7GGh3zmbDiE+o+1WMyz3KNpQeBOhEwUTfJdA+MdBW8EJcsU4cHAIw
ThPqNDxDqfXSl760x7M8q8MgHiR+F0/LgQbDOg4+UibKkaU+skHlC3f1Rz331QgYASNgBIyAETAC
RmB4BFZ2wzqGPoyEzIlZZTstBMOtjITT4ix/wHxacjVbkeNUitEemRr5lHfcs4V6LyzPH+N0Pf/H
SIdBjHn+TORq6sgW3BjhWJW6Xt6Ja9iAsZgjy0Qbx8jBMxzpxC5ShC7D+rR3DXhGoyuyOvVuCse/
9/i00847lRW5GOyLXN2Qn9LqfHi28m4zmJe4y/PoMqwjV1J3VgP3ylZBHVec5ZHZtHU3q4a3e/p2
6fIrLi9bksMzK9qwrtX4bdWg7dnBDXmNoG3g6TeN53E3tEnkQbZpRz6tg1aRDzKsD1pZjezJ7gI4
AIhv67LibxwAdJQBxunN884T9N0YJCvTfuh+tKU9cXj3ykPy7g2vOjQm6ZOvcUw5eFm7kz0JRzWs
1wZ4DO0bbrhhMayj+5BczU4EOHbUZ8OLWOFuw7oQ8dUIGAEjYASMgBEwAkagDYEFb1iXMarNmEfF
ZdDrMjzh9X3ssccWz2TOgKuDVuPiFUx+MSh/hMxNN920bEvFe7Y1m40Qjbv1CvKu/KOBktW9eMhj
nFdAEOQc8ybsZIhueqf6Ck8EKFa3I4ggqLC9X1OQQbdekVvnp7RdRkjF0ZU8hjGsR6Ol0sYrdYlC
p3BA4KV9tSUhaXC+YDXFsCvqUTwIs1jmTO/xaIcv7n3ve09TDqHAQjCMmMsQi/f66aef3rddHbSA
gXYgEL2XXHJJyR/+QZGG0qMO2hWgiWeI29bOdT7RUePAAw8s27vj7d8U8LLHG10KNniGdkFhgUDN
bwJbr8Pv1K2JB1D4YYxHmSLlAfmceOKJvd/CookOng3iQeJ08bTGspo+bc3fNPY0tRXlNAV4ARzh
5TgONMX1MyNgBIyAETACRsAIrGwIrOyGdRxUcT6dZgAWIzQYCfUqXtmW+p3vfGeRQaZhmvNg23RW
42JgO+SVh/wvacgf4yXOzeykRZgtuVrGXc5Jr1eQ/4+Q6XcYplnJi4zBduA49Mf5NEdX7bDDDo3Y
IUOyYn0arqG+clRgxTpGa1ahc/416ZqCDLptK9aVn9LOhWGd1cAyWqqcvmuun7YB57kM8siRyKPs
sqaALLbJJpsMvaIeg3NdR+U19jXTu9/++xXdCMZodrqLgZXdOFDEVdDoCli4wCp3jMxxG3jS0p44
tCNTil54j9XbOHfgSF7vpkY6bak+yLA+yACMXK0t3TlPnF3uuuRqjjWMcjXtwip0DNc6+gCnfpzA
kUObeADdFfI09WU1OeFvf/1bevcx7y5ntPN7EN1zYVinXI6GY9HJwQcdPG03QuqjVfqd9GU+ueTS
SwqO8HIcByjDwQgYASNgBIyAETACRmDlQMCG9eXtzGpUjMIYsbbbbrtprf/xj+Wt0bNXOJN8FAEx
yGDYtVo7xh/1nkk+RjXowyjGytV187njdcCQiGEQAYczwGWoIx7e0De/+c17SRDydGZ2kyFUBuWm
d6pvNDTqGQIoW+TpjC8ViCAGXdCHpzDbcMmArbQxP9J1GSGVr67k0WVY56wyKSbaVkzjoY0Sh/Pf
2YKcIL5oandWEXA8AG0yzIr6uTCsy+kCoZl61QZvdlxAQCYg3NI+kS/AbOnSpeW9/sOjHeUAQW1C
W2gVOYLo3i/+35ntxEPoxiCMcqCJZ4jT1s68iwHeREHBavqmshSXfoHxe8mSJeWRaGTHiabt/uVQ
EJ0MSKjnTViQ5+Me97jCt8JC5dfXQTxI/C6eVrtQd5x8tKMD57/pzDgUbPAcfYf6n3zyyb2dOtro
Ix79TSvyEf7Z2pAz/RyMgBEwAkbACBgBI2AErkNgmhF4sQGTDUJ77rVn2V5aRr5YxaEM61kWPvKo
DqNmLuNFu7+oGNZPOOGE9OxnPzsWUe5lYGVHKOaovQB9y/PvWq3diz/GDduv777H7kXmR25C/sPI
GQNzZ7DAuMYcHLma3+z2xRwcZ9x4lBayC47lOCxPM57njEcxrKflbUQ+lMcq6Ca5GvkN+nCGxsG6
yNUBv7p9Z9OwjrzMVv6UWW85D47ghz4AfQJGzHXWWSc/vI4v0LWg12DRQi/kd1/92lcTZ9DTJgNX
1A/iwV7Go93I6QK5mpXgtcEbJ2W2gqfeGJpZER35gqMAcQaJASM0u/mRRm1CW0QnDWTIGORkgEw+
U8M6vLnFFlsk5EkcQtq24KfNKFcLTJBZcS645ppr0g9/8MNyFFukUSu7o5MB7/UcLCg3BvLcbLPN
Ct92Gq5zotkyrOOkgvwsuRq6OHKOQH8VH1N/nB923HHH8q6NPuItW7asbBdPRORqdvPjXHoHI2AE
jIARMAJGwAgYgZULgYk2rCPUsE31K17xisT515/85CfLBF+e67xD4GByXBvzSMvElzhsMYfRUel5
jjdx9CiW0Q8jKUKgBGfisg04279zjSuy8fbFiFfnD32N59LNgLfYMo2t06AHGjG8ccYcwhKewKd8
5JTelltsjY1nMmeDEwfhH7oxECLUYYDnfC08oQlso8+2dhI4KIPz0DEq1++oG1ipPRCAyROhEcMr
abfddtsiLEMnAfpYMY/nPXHPP//8nrGX/DC0I4TRPsqPdNCNFz5CLkZDzgVT+Pe//91bwUA7wiOk
Jx5KMeggqB0Q5DBI4nENXSh6wAh6KAejN2dtEYQf91otvOWWWxYPZwzuGLMp5/nPfz5RSn78RmlA
fgps5UeAB6kjSgjxoHhY9CnNKFfqeMYZZxQHCXBj5QKKn0gDgjsOBRiptZ05ZcMLCIEEeANjM+lw
EIg7DsQ20VnepDnowIPSjjvtWPDFaQMsWBVOqHmGvghvNfUT4kOzeI/fBDl2cE/f3n777dNqq63G
z8LX1FtHHCAgs00ibSzjP/SgOIhnrdGW8GFtWFdZCMZgCF8o/OY3vyk8SN+njePKilF5kDzhNXY5
ABPyE0/TlijOUMZAH/2PM+wIKDToB9pikjou3WxpOunkk3rb5ROvpo9nBHDRmfXXPbkO03jGo577
agSMgBEwAkbACBiBlRWBxWxY13ycc4WRezC0sXuVZBLkFeQ5ZIraOCy5mvk6MgRplZ45bJ9cjXE3
G+/JAyMpzpzsLoWcQdxf/fJX6VGPflRi1S4Oohi+CMjVzHnr/KFvJvJSEy8jCyPrQw80nnzSyWmz
pZsVuRqnZLaof/nLX15oRoZiJTUrcDk7mrk8dCMvUSecinFeRbbk95vf/Oa0995792QbymD1Pseh
sZKfI54k91z9n6vTHnvu0WsPdr4jDxzRdc71U5/61IIl224TLrvssiIDcf40caNhGwyRt3AWpn02
23Sz3opxtoBHzuA4M4yGGIgVokwDH8AjrETHEIwDAXUgqB2QLx/y4IekC753QcGPXcvACHrACUM/
ciO/hR/ptVqYVdPwILLzn//85yJ7P/OZzyRKyQ/6kJFIryC5WjIlRlHxoHhY9CnNKFfqSJ1xpKAd
cLxe/SZ598H/kZCuuuqqtPVWW6fzzj+vLLRArgRzGYuhl3aRzgVHb3QIBN5Bb2njnClboSMz85yV
5C94wQuKkRZDPXIvfZEAP9Ee4hn1Y8qgb6FXif24Sa6mfeAjAoZ6dhqUXA0/wy/sYkigzdE5IT9q
C3mcN6AVufp6+d9U/ofeZN999+1bvU96lYVcDYaFL5aDyCpv5Fj0WrXhOvIg4wl1RndEvCYepCx4
jfEK3sARp8fTmV2/9e1vlT6E4R/5PsrV0ABfEpCRcQDAqI5eUaGmT8/BRWfW61mb84Pe+2oEjIAR
MAJGwAgYASOwOBGYWMO6VpEOC3s0rGN0a/KOV16cgcVEPK4y1spkxcGQxflSGA0xchEQaDFu4cnL
5B8PVwTfphDpaXo/zjNWxD/lKU/pCbd1HghmGI8xurNdHgIi21lhOKwDcQkSlLnHMIfiA0Et1mvd
ddctK4ARvNhuPAaETwRjhD2M7QhYylNnrWMwJFAmigdoImh78fJj+X+cgX744Yf3VhHHd9pNIBpQ
4/ume6XhHd7vrMQWfTzDyE69CDV+PIsOA/yOgfgxLwyiOhtbxtoYv+l+lK39Y3oUCCglYjvxPu4G
0EQDbYmTCQItQmWkX/mrXiicUBapjVkdvtVWWxUPfcXVlTQE5Qeu9C+8/UnfFZS/FAbExWEEBRTK
CeWJwwaGbgRnAmUitKOkoF4oGlBeQLMCq7/XW2+9ojDAOE6aY445po+mGifGB4RsFD0oyQjkgQAu
JcQ4PBh3TRB90ILTjrbz13OurPSAFgIrCOhbKBjqIHy6DOuPePgj0k9++pNe0nH5rpeBb4yAETAC
RsAIGAEjsMgQWKyGdea6zImHCcyVo2Edo1vXXJ5jsvrO7c5GLVasI4MpMNfFoMgqX84pJ7AaGEMW
mDOvlnFSaXSt6dHzmV6Zl+Psqnl0nR/lIutjREeuRjbBCeDUU0+toxb5gofKi7QYKJnHa2W5ErFj
1Pe///3ieF6vlMcoLlkSnNhFTXnqrHXJfpQBxjKIantxlcMVJ1pkjbr9Scs59+xep9XT0agY89B9
TMMz6oCsL/p4hq4EHQuB+BE/nkG7HAb4HQPxY17oYuA95EPtcBDj1/ekP+bdx6RdnrtL/Wrgb4zj
6AgwpsYQdwNoooG2RNbFGN5VL/JExwLGamMc9eF5OabHcqkLQXiAK30Hp3hk1K7Azos4htRyNcZ0
jitQnhjaL7300p7jNmUiV+OoAV8iV2sLeZUH/1Nn5HN0CaRhoUbc7VGGdaVhfEB/wEIJdEYE9YEo
V8uIr3RtV2Rz7boIf8UALeDLIpC+HRFyJPRROtIP7Olb9O06CJ8uw3pNK33MDus1kv5tBIyAETAC
RsAIGIHFj8DEGtYRduMkfVBT4Akuj/dh0iL84JWsCT2rWzXZbyoLgy+T9LXXXru8xqMeAYVVyE2h
Nt41xRnnGUIMRjhWEseAIRPPYYytEsZ4j+CAN7VWp/MMoenVr351WeWLokSGZbyqMSDigY9RVAGs
8ApHaVIb1tnKjZXQCgiXbI8lL2A9x0MejKUU4DlGUjyEVT7P9txjz7TskGWpqQ2pAwoQlC/aVp40
XQGlAXEVWMXPaoG6rVEM4FxB/lEQJd1ZZ51VhDTlwRUjL/yAoVNbbMMjeOKTvon+mF73kW/1bJhr
NDzH+Kwk1zbtokEGcuJFvoeX8AaPbQUfsZsBxmopxDDWs3Uc9bryyivLCoSjjz46FpsOO+ywsloF
Yzhh3WzoJg8cE1CMEMBYThblwfL/Yv7xOYItChXe1wGnAARnlAtalY6zC79RUDSVRd3YbpK2i31E
ONEv8GaP/Ei5CO/wufo+z8bhQfBAsRiDeDpu1c57aGXnBHCMAaUK5/vh3AM+rChgJQPKgzbDOulR
pLB6hkAfROGilS/lof8zAkbACBgBI2AEjMBKjsBiNawjr+I4PUxgjszqTa0gHiYtq0bZQarI1dmw
vtfeexXjfFt5OFkfeuihvaO3cBjG0McOZnWQ8U5HetXvZ/IbB3rm+OgEYrjNrW+Tjn730UWGjDID
xsF99tmn53hLGuQH5CCMbTi4Y1gmDTIQBkRkE2RsBbDCWZ6V8bVh/ZB83NzBBx+sqMWQimMtq5Jj
QF4FP+QABYyk/JZhm+fUDRmjbkPoA2sMkxjWN99882lGZeWrK2kwmsadzZCZWMnMit0YkDXQB5B/
LVezACLK5qSj7dFvsGU3+RF22WWXhLxJ+pr+EqH6D/oi31avO3+yAyF6HZwaFMiPleTI+wTRcLe7
3a23sjnyPbyEzBrbit0Q0EUga2pnPGRl+EVy9YEHHjitr6BHYtU2NBHgEwzeOCYgAxPAWE4W5cHy
/2L+8TlyIwZxVsPXAR7dMW+BTntFuVors5vKQo7EAYdFH2ClIJzoF4wHkR+JA0bwho7d4xlyde2A
wvOmAA+iv2K8ob/FAE8zzh2y7JDeTo68h9amIx9wdEAfwrgPPrQn/AcvthnWyY/d/qSfoM9RLm3t
YASMgBEwAkbACBgBI7ByITCxhvX5bgYMrggsCBAIMmyThhERQYGJcjyffL5payoPellBDH140Q8y
khEfw+Oqq65a6kId5zKw2pdtuaCPLckmDT+wQ4gDD8IgRRqe7GBIYJs5CZ3lwQL/j636EXyp4y1v
ecs+4bitajhsYNxHESGDdFvcmT6nDIRy+Igt+Civbas/2pX4tCf1IT4KI7Y1xFgdBf9IF9sqsnKG
9+INnGdo57ayYvoVdY8SgN05UGJ0GdahDxxQXC4m3l1RuLtcI2AEjIARMAJGYPEhMEgeWHw1npsa
YXBlhymOJEPm5LfkVhxV4/nkc0PBaLlCH7tDIQcw7x9kJCO+5GrqMtdyNQZ96SWQ+ycNP9oWOUNy
9SC5HxkNDAngvWTJktEabIJjI1NKru6SPWMV0JtIrkZO07blMc5s3SMns1hCcnWXrEu7Ig/TnrQZ
q9glV6N7apOrcRqhn0uuJg350M6TLlfjOMIOD12GddqCOoHJYuLd2eIx52MEjIARMAJGwAgYgZUF
ARvWV5aWdj2NgBFY8AigxGOFAwo8FBScGcc2hQS2nNxggw0WfB1dASNgBIyAETACRsAIrAgEbFhf
Eai7TCNgBIzA/CNQy9XsWKAjCzlabsMNN5x/olyiETACRsAIGAEjYASMwIJBwIb1BdNUJtQIGIGV
GQG2lGSrxqbAFvPaLrHpvZ8ZASNgBIyAETACRsAIdCNgw3o3Pn5rBIyAEVgMCLBTJVvcNwWOm8PI
Xh9j0BTXz4yAETACRsAIGAEjYARWXgRsWF952941NwJGYAEhwIr0xz72sdMo5vxEzk+/0Y1uNO2d
HxgBI2AEjIARMAJGwAgMh4AN68Ph5FhGwAgYgYWMAGeuP+xhD5tWhWUHL0v7H7C/5eppyPiBETAC
RsAIGAEjYASMQI2ADes1Iv5tBIyAEZhQBK644orEOXycrc75e5xvN5fn8E0oDCbLCBgBI2AEjIAR
MAKzjoAN67MOqTM0AkbACEwkApdffnn605/+1JOr11prLcvVE9lSJsoIGAEjYASMgBEwApOJgA3r
k9kupsoIGAEjYASMgBEwAkbACBgBI2AE5gkBG9bnCWgXYwSMgBEwAkbACBgBI2AEjIARMAJGYAEj
YMP6Am48k24EjIARMAJGwAgYASNgBIyAETACM0fAhvWZY+gcjIARMAJGwAgYASNgBIyAETACRsAI
LHYEbFhf7C3s+hkBI2AEjIARMAJGwAgYASNgBIxAJwI2rHfC45dGwAgYASNgBIyAETACRsAIGAEj
YASMQEbAhnWzgREwAkbACBgBI2AEjIARMAJGwAis1AjYsL5SN78rbwSMgBEwAkbACBgBI2AEjIAR
MAJGYCgEbFgfCiZHMgJGwAgYASNgBIyAETACRsAIGIHFioAN64u1ZV0vI2AEjIARMAJGwAgYASNg
BIyAETACs4eADeuzh6VzMgJGwAgYASNgBIyAETACRsAIGIEFiIAN6wuw0UyyETACRsAIGAEjYASM
gBEwAkbACBiBeUbAhvV5BtzFGQEjYASMgBEwAkbACBgBI2AEjMBkIWDD+mS1h6kxAkbACBgBI2AE
jIARMAJGwAgYASMwiQjYsD6JrWKajIARMAJGwAgYASNgBIyAETACRmDeELBhfd6gdkFGwAgYASNg
BIyAETACRsAIGAEjYAQWLAI2rC/YpjPhRsAIGAEjYASMgBEwAkbACBgBIzAbCNiwPhsoOg8jYASM
gBEwAkbACBgBI2AEjIARMAKLGwEb1hd3+7p2RsAIGAEjYASMgBEwAkbACBgBIzAAARvWBwDk10bA
CBgBI2AEjIARMAJGwAgYASNgBIxAsmHdTGAEjIARMAJGwAgYASNgBIyAETACKzUCNqyv1M3vyhsB
I2AEjIARMAJGwAgYASNgBIyAERgKARvWh4LJkYyAETACRsAIGAEjYASMgBEwAkZgsSJgw/pibVnX
ywgYASNgBIyAETACRsAIGAEjYASMwOwhYMP67GHpnIyAETACRsAIGAEjYASMgBEwAkZgASJgw/oC
bDSTbASMgBEwAkbACBgBI2AEjIARMAJGYJ4RsGF9ngF3cUbACBgBI2AEjIARMAJGwAgYASMwWQjY
sD5Z7WFqjIARMAJGwAgYASNgBIyAETACRsAITCICNqxPYquYJiNgBIyAETACRsAIGAEjYASMgBGY
NwRsWJ83qF2QETACRsAIGAEjYASMgBEwAkbACBiBBYuADesLtulMuBEwAkbACBgBI2AEjIARMAJG
wAjMBgI2rM8Gis7DCBgBI2AEjIARMAJGwAgYASNgBIzA4kbAhvXF3b6unREwAkbACBgBI2AEjIAR
MAJGwAgMQMCG9QEA+bURMAJGwAgYASNgBIyAETACRsAIGAEjkGxYNxMYASNgBIyAETACRsAIGAEj
YASMwEqNgA3rK3Xzu/JGwAgYASNgBIyAETACRsAIGAEjYASGQsCG9aFgciQjYASMgBEwAkbACBgB
I2AEjIARWKwI2LC+WFvW9TICRsAIGAEjYASMgBEwAkbACBgBIzB7CNiwPntYOicjYASMgBEwAkbA
CBgBI2AEjIARWIAI2LC+ABvNJBsBI2AEjIARMAJGwAgYASNgBIyAEZhnBGxYn2fAXZwRMAJGwAgY
ASNgBIyAETACRsAITBYCNqxPVnuYGiNgBIyAETACRsAIGAEjYASMgBEwApOIgA3rk9gqpskIGAEj
YASMgBEwAkbACBgBI2AE5g0BG9bnDWoXZASMgBEwAkbACBgBI2AEjIARMAJGYMEiYMP6gm06E24E
jIARMAJGwAgYASNgBIyAETACs4GADeuzgaLzMAJGwAgYASNgBIyAETACRsAIGAEjsLgRsGF9cbev
a2cEjIARMAJGwAgYASNgBIyAETACAxCwYX0AQH5tBIyAETACRsAIGAEjYASMgBEwAkbACCQb1s0E
RsAIGAEjYASMgBEwAkbACBgBI7BSI2DD+krd/K68ETACRsAIGAEjYASMgBEwAkbACBiBoRCwYX0o
mBzJCBgBI2AEjIARMAJGwAgYASNgBBYrAjasL9aWdb2MgBEwAkbACBgBI2AEjIARMAJGwAjMHgI2
rM8els7JCBgBI2AEjIARMAJGwAgYASNgBBYgAjasL8BGM8lGwAgYASNgBIyAETACRsAIGAEjYATm
GQEb1ucZcBdnBIyAETACRsAIGAEjYASMgBEwApOFgA3rk9UepsYIGAEjYASMgBEwAkbACBgBI2AE
jMAkImDD+iS2imkyAkbACBgBI2AEjIARMAJGwAgYgXlDwIb1eYPaBRkBI2AEjIARMAJGwAgYASNg
BIyAEViwCNiwvmCbzoQbASNgBIyAETACRsAIGAEjYASMwGwgYMP6bKDoPIyAETACRsAIGAEjYASM
gBEwAkbACCxuBGxYX9zt69oZASNgBIyAETACRsAIGAEjYASMwAAEbFgfAJBfGwEjYASMgBEwAkbA
CBgBI2AEjIARMAJpURrWp6amek17vetdr3fvm4WDQGxDqF5R7RjpWFE0LJxWM6XjIhD5jDy6eO3K
K69MH/vYx9KSJUvS1ltvnW5wgxuMW6zTGQEjYARWOAIXX3xxOu+889KGG26YHvKQh6xweuaTgDj2
d43780lTV1l/+9vf0sc//vF0s5vdLG211VYT8/2JOIr+hYCnaB10nVTcB9G9EN/bsD691dS/rpey
TG2xejpAC+CJ2lCkrrDxMatopvI/wgqjQSD4ungRCHxGJbt4Dbn6wx/+cJnXPOEJT5iYec3ibRzX
zAgYgblE4MILL0xnn312ustd7pI222yzuSxq4vKOc52ucX9SCJ/U70/EUVgtBDxF66DrpOI+iG6/
n1wEFp1h/Ytf/GI65JBD0q1vfet0m9vcJr3+9a9PN7rRjSa3BUxZHwL/+Mc/ykTgzDPPTH/84x/L
OxS4u+yyS3rQgx7UF3cmP/hYDPo4XHPNNWnfffdNf/3rX9Pvfve79IpXvCI97GEPm0mxc562/ggO
quOcEzRLBSzWegEPfLbffvul3/zmN+kmN7lJ+te//pXe/e53p5ve9KaN6GHU2GmnndKtbnWr9LWv
fa0oAhojroCHw/SrFUDWCi0y8u5i6Y8rFFAXvugQ2H///cuYh1H9E5/4xEqj1GRe8fznPz/d4ha3
KHOMY489Nq2zzjoT3b4f/1j+/uy8U5ljf/WrX52I78+vf/3r9MIXvrDgyBjLN5TQ9R2daJAbiJtE
3BvIXBSPbFjvb8bPfe5zZY661lprpbXXXjsdfvjhlqv7IZroX8jVn/rUp9Lpp5+errjiikIrPP6i
F70obbLJJrNHO7byAU4XV199dSn3L3/5S/rtb3+bXv3qV6fNN9989miYi5yCgbbPsWSI+s4FObOW
Z1u9Zq2AFZcRcvUee+yRLr300rT66qunf/7zn+mDH/xgq1x9yimnpKc+9allXvOTn/wkTdQ3YKHz
2RywgeTqvv44B+U4SyOwUBHYc8890xFHHJE23XTTxBxuZVmEc9lll6Xtt9++6EiZY5x88snpdre7
3UQ34yR+f5Crn/3sZxcckav5hhK6vqMTDXIDcZOIewOZfrSAEJhow/r555+frrrqqqEMoA996EPL
RPgjH/lI2nXXXROTrkk0PC0g3ph3UjGkP/KRj0wXXXTRtDbfaKON0he+8IUZTwzgi6OOOirx4T3o
oIPSjW9849Z6oozAyw+vP8Ib3/jG9NznPrc1/op+8YMf/CDxkfjRj36Urn/966f11lsvPfjBD06s
dOID+eIXv7izviua/qbyaa8LLrggnXrqqemnP/1pWnPNNdMd73jH4uBAPRF+n/GMZ0zjl6a8JvWZ
+Ay+H2bc+tKXvpQe//jHT9z4Bp+95jWvSfRVDP8L2YiMk8N3vvOdtMoqq0xjGxQ2ONjg8NMV6HOn
fOSU9PVvfL0ooVFKk+7Pf/5z+v3vf59222234khBHuSJUxgT14gbae5973s3FnPBdy9Iv73st33x
myKS98Ybb5zWXXfdptdDPRvnWzxUxo5kBDIChx12WDr00EPTYx7zmPS+971vxt/5hQLqz372s7JC
n3GfcNZZZ6X73//+E00+49Q222wzUYZ15gbRQASeONdOiuF/Nhp0EnGfjXpNYh4TZVSZZYDOOeec
xJwzzjOaivjvf/9b5J+b3/zm6QMf+EBRsNGvcFj/8Y9/PFmGp6YK+FlB4PLLLy9y4K9+9atpbX63
u92tyFczVbhPXTuV3vLWtxTn4Ne97nWdcubf//73Mqf95S9/WehB8Y+BfxID/P69732v8D/yNXL1
ne50p2KowOGenXZe/vKXd9Z3EuvFZgHf+va30kknnVT0Bex+hr7g4Q9/ePr+97+f6PM77LDDNH6Z
yLq0EMUYd6973SvB95oPdBnMkXFw8GDe0BWvpbg5e4xczaIO+iq6zUHj9pwRMgsZIxN/4xvfaJWr
wX/Qt/eSSy4p/fErX/lK6Xc4esG3f/rTn4qjzkte8pI+uZqdsGo98m1ve9t0v/vdr7FG3/rWt8o4
Nghn5Gr4a/3112/MZ5iH555zbvr7P/4+sE0pa+nSpaVfDpOv4xgBEGBh4QEHHFD0haeddtpKI1cz
fjNeMu4TkANnc2FeyXSW/5vE749wVFWH+Y4q7kK5TiLuCwU709mMwMQa1pkU42UVjawaJKmKJj16
JqPnf/7znzKRRslmw3pzo0/qU4zCrN7CeIqi/Z73vGdCKYDwyhaxbQamUeoDX2255ZZlEj7Mal+E
mre97W3p7W9/+8Qa1q+99tr0lre8JaHQIKhvcK/+sRD7AqvOWMl44okn9tVpodcL+uvA6g1WLw4z
bmFEeO1rX1uELK6rrbZand0K+Y2RCEeOxWAcQ5GMty9BfYh79a1Pf/rT6YEPfCCPGgM8u/fee5d3
SsOPmBcK7vvc5z4lTjQMxThrrLFG+uY3v1m+ZSXi8v/oG494xCOKs0mMH8siqt696lWvGlt5Oe63
ONLreyPQhcAZZ5xRxnkUawtdedhVz6Z3f/jDH4p3/be//e0Ux4SmuJPwbBK/PxgBwZHxDoMHjraL
zbA+ibhPAj/OBQ2DlPtzUeZ85IlRU8YmzRU0R6D8+Ix7GT2Rq3/+858XBz0b1uejpWavDOayz3rW
s4pczY4ozDlx7ES3whaxbQamUSiAr1Bc4xw/jNMFYzTyKnob8dgo5c1HXORqVtMvW7asFKe+wQ/1
mYXYF5AdkG2OOeaYXn8XnqrXpBmXRd+oV5yYWbGIY/GgOsG3Bx54YLrlLW9Z9E+TIldj3LjrXe+6
KIxj733ve8vuk7SjeI179S2cB6ODJO9igGfRERKUhvuYF4Z7OafSpne/+92J0hcHufoXv/hF4Yny
cvl/9A3Ssmgj5hnLUnzev/nNb0777LOPHo10Ra5Gx1k7PKlclanfRx555Ngy/EiEOfKiQYAjI+kz
LFjba6+9+vrMoqlkS0WY47AAifEgjgkt0Vf440n8/iBXgyNjEDrqYb6jKxzIEQmYRNxHrIKjTxgC
E2tYZ4LDx4AVg8973vOKpzCrCFkRiWJAz5iIsS2FDOvgq7Qo2hhQMdRqcsJ7TVi4bwsxPnGGSdOW
12w/b6JNz7roVBzR0xVXcca9jlOWtoPFKPW4xz1u3KI700XeGMawTmYY0Z75zGf2eCzWbRgMY3zy
GyYN8YYJ5P2yl70sHXfccSVf7p/znOcUj10McqwEoB8MMqyPQ+M4aYapE3Hw0H3Sk55UVvGCF/0b
nmDFwOc///kiXFF+V73GpS+mG7etxsmDLRIxltJew/LmsHgq3ih0xbhK34UHK1Ae8IAHJM6nQ4FH
W40S6vK6yiLfpvh6NijtILpw5oHP+P6wqoPvzEtf+tKyqoN2ghfblO/siMFuGNDAdwpDIStCmMCx
NaF2wIhGNPidLbBRYPM9ozyFd7zjHWm77bbTz96VHTxQuiDc44Ak+siDsOqqqxalEt/M+H3sZTDk
jcbMcb7FQxYx69HEB8p4pvygfOprLIcy6t91fP2O8Xg2V/SpvJleI71dtMZ4c1mvpnL0bBLoGxVv
zX00JqguKwLDLvxGrZfix/rEOvG8rbw6TUynfJuu7PrxqEc9qoyJC2HFeqxnGxZN9ZyrZ5EelTEM
XXU6peG57pXfpF/bvu2TTvcg+ugbOD8yN9h9993LHI2tkjEoYWDVM7YNPeGEE/qMnkqLog0nyjXX
yHK1zslm/+8BW4ATVfGh83rDpBlUodl8X9OXv+fLq9ddt6Z0s0lXyKutj4UofbfE32vPvdKRRx1Z
dv164hOf2Pd+tn5E3mCeO0z/4Ugr6JFhPdZtqPFiDnHHqE5feOc731nGLozrzOU5qotvyo477lgU
zp2G9Zq+Ifm9D4ch0wzbjsgZ6NVYxQvGGOuQs5HVmHug56D8LiN0pI9yx2qrMesVyx6q3Ewf8hrG
UhzXkZeG4c1h8VQ80TXUmDYiX+DQxMKSpz3taUUWHUmuHrGsUp86zbDjoMDouCL7skp7lVVXSccf
f3zhQ2TlDTbYIF39n6vTE5/0xNZV2W9961uLEZt2p2/iuM6ucewksfPOOyf0D4RoRIPfWbCDTIxR
H75XOOH4E9JzdniOfvaufPt++MMfJpzR0cUcfNDB6U4b3Cn9+9//LnFueMMblh0g+WbOxNiNXI0z
EnI1egHaVd/i+973vr1n0ANWMymrV7kZ3ojPlc2wfVDxh72qnF5/CjzZWWaIR1mdcYclZi7jBXq7
aBUeIqUrruKMdQ30kL6Uk5+V0DW/a0q3PNmKvGgrfI0JEce5wrCvjOXfOZ7NRXlNZRW8abO29qrb
ashvscarufyOziav9GHDN2xFhzFx76tHbKuuNl7RdV3Jy594wzrbCsuzli2AWLWMIKBntdGT9pQh
AG9VztYgztlnn10m2JvnFVGcxYhBringxf2hD30ofeYzn+m9RhGBsRKv0ZkGJvbQwiRq7bXWLhNJ
BlyUFUwAUXggCHAeyLbbbjutuK9//evpwx/+cGK7IsJ6661XthdGmCUdRhYmajHQMTGyUi+lY+u3
bR6/TdruGdtN89qMaUe9B3uw4zw3PDGpp+rCStb6vHsmvKzEIR4rwz/60Y+mV77ylWVVOds3IbhC
P+eOEmcmgUk2XqLQwbZRTLLhgzhwgX8ddKb1G97whrK9zNFHH10mwJyL+oIXvKAIqnUafs8H7vAD
9SGgCMNDLwb4gtVbbQbocfidM/rABEGc9sOTDcEVJQmreGdjAiHMqQu8RB+MgRWOnP3Cll4YIeO2
3KPyoPJFgIX/qBf5oVyhPtTrzne+s6KVK7yplfTUF88+FC8IX3iJcpYhfZptyvbdZ9903/vdt5ce
vmAcYEt3FFIIave4xz2KNyBjG8JVbViHd9///veX/CmPvk7e0NaEN4ZhDLX0N7yz2f3j1FNOTWd8
6oySFq9wPFhRoNSBvNkehz/o4DcBo/8uu+xSMI9p1H/YMpEt2Tgnma374/aS0FiPS8pjHB4cZxxU
eaNeZfTC0I7HZleQcwFxmozZKBa0QgiBGSexGOA5HBPgaa7wEkoHeKVpbKJtaBe+dWCC4o9Am4C5
vplNtMRyu+71PR3lWwyf4JDAOAt/E6CVYxvYZpIxn22v9T3gHecbwvtf/vKXe98NHBjY8o/jIKCD
tGynX/dH0U8+fO/5RuKIR2CcfvrTn162r1Z5ij/Klb7N6i/KoD/+95r/lm3+GZ9Q8lA3HJzYco3w
rne9q/SHWAZjJfWmX7HlJnnRTzgPjL94NAnGizPPPLOHEeWzwgzFKOXzPafdwZd8mAtstdVWsbiR
7lEYI4CCEWWh9GH8Q3FFWfAktD7+cY9Pu+62a48uCqEPgzvHJzCOEvjmcHQK9DaNUaxuY34mvo5l
lgxa/hun78/1tzjyxlX/uCpt/8zty/eDMQPlHOUzf+RbrD4aq6cxBt7BSYazwWlTtp1la0u2tVOA
h3C+oS3AlXj0C/oPY+y5555bFIPidXgK/tdvvt98n+AtvlHkw/eBbynzagwd9bZ59feH3xxT0fb9
Ea3Um/7Lt5I+T+Bbx5wF3mWVPt+hO9zhDkpS6sO357w8P6OtqR+h7fvTS7j8hm/qXBjWOT6I+QH8
ylyU+Qernug3zAfAkXkQf3GuCgakIz19lTko7cH3m7kG836wIV9kE8Z9hVFwZ5tV5k3qT6S9/e1v
X+aErBBlPIZf1Bd5T/tBBwGcx8GdcZn5GMdwiZ/gn8c+9rHpm9/4Zrry71cWpy/4r/4mQANOY/om
IBvpe8G7pzzlKY1zFOEzV9e5ML7MFa2j5CsDKKv4+JbBC8xJ2M6W75eewUfwhoyelKG09FvGD+Iw
5iMDMMYzTjXNJzFO/+rCXxX55JOf/GSPXL7jzJkHzal6CTpu+EZBC32QcYz+Rd3oc4yV+kYyzsBT
MdA/6cOMUYw3BOZcm2ddAfnSL3BurOevpOM7jtyldJRP/myjjew6W4E+BuZ8HxhzKIe6YGxjjqSx
XeXRJjoSjF2tmA8xB2TcZaxi7IZ+xoc4Vin9KFf66ZVXXlnmZXzTGdPhA/JX0Jik31wZL2gneAwe
YFc45BbmDXwTGD+awnzgznwb/oSHkGXoCzEwd2PuTj2nORKMye9898EE/Qntx9wZuReMkNc0bkc6
Rr3nW8M8gYBjLnWMAXmDuqKzQZ6L46B4kDjM8cSD5IfeoeZB5cu37aQPnpTOPOvMkh8yDjIi4z4y
RQzwpnR71Be5GiMq8yt4mLagT6MPwrDZt2tYxv2HP/phmTeQD/SgL+SPXQrhrdqwDu8yZyd/ygN3
8tb4EWnjnrESDJlTsWAHeZfxhbGQtBwdyFyuqe9fc/U16ezPnl2++fAX8QmPfvSjywIIyo1B/Yc5
NTIjczRkB3BXgOZ6XNI79G8nnnBiOv2Tp+tRae+uMZe5GkcxMa4RhhkHe5mPeCOj13e/+91pcnCd
lZwLeN5kYEbuhlYCOk4M0zHAc1tssUXhDcZMeAlnBcb3prGJMZ95HH0Q/tWcnTYBc+Qd5K0mWmK5
Xff0J+ZJzO3hoZgvfUPP0OOgC6Ys5od8b5jDq7/BRztmRx/kXMYivrGSI3nHbiXwPnM7xnqOUqSP
0//Biu86uzTAyxttmPtjgw0KPKAD3kBGJzBOMwfmeydauurb9o6+9573vKd8ZymHPgkf0qfoS9SN
xQrIoAT0YMw3YmBOwhyUfgU/UW/6CUcS8ic8SMMYwLdUz2gH5kPIzpT9/ve9P13xx+vwJR/4qkkX
H8vvukdupj6UR1nIgIzn6DTAEz0QtKL747jOiCV9GNyRy6GbwNjCginohWfqAG/AI5pHxzLruPH3
WH0/j7lf/dp1cyeNGdTlyU9+ctoxt1vTOBjLHHQfeYNdcXCgoS8jN2HgpT8yd2Cupj4a89QY89nP
frbIJsw1aFP6Pke4IIsqwEPHH398aQtwJR79AmczxljGXtpMfEM7Mc9Te/H95vtE/+MbBQ7IrHxL
KRcep+1jGPX7o7TUm/7LAiacgAjsRMR3mDGL+eh+++2X1l133fKO/0b9/vQSLr/ReDXbhvU4Rwd3
vk+MufQbZGXGLPoLY2Wcq4IB+iP0fLQBc1Dag/k/ug3GT7ChH9CvGPcVRsEduZqxR/0JvgBXeBxd
DH0NutUXeY8sBR2EcXEHb+b7yGTiJ+ZrHMNHX6W+Bx98cKn7ON+EmfZNYelrAwK5E05N4l/+eE/l
SfdUVjJN5Q9FoTF/XJDUprJw2HuWGb48y0Jjrx5566ep/KEsz4mfGb73x+/M8FP5g9WLr/qTB++b
0vAsezBOZcFxWjqlH+aaJ0eFFvLLE5MeHdlY20djFjym8kDdV1b27JxGG3UTzTE/0ZI75FR2CuhM
l4W5vnKUdtRr7uxTecBpLQv6iBPz5bfob7vmlRFTeeLcly7mMcx9HoAGlkP5WRE+rZzs6dqXVvwk
erNCYFqa+cAdXsyTq0JbnpT1+kSNR17JOpWFgKk8ue6jcxx+z4rRHhbCIfJgnoBOZeGzr5yankG/
s3J2KgtGpZy8Ar8xryzYTGWlxtSDH/TgKfq78hyHB8Exn2HWWa/stdyHL+Wo/vABvJ0nwGXM4nd8
F/sytOaztaeVJV5SXvX4lIWFXp7CO+ar+uuaJ3IlfsxXNCk9NGfjXQ87pc3OItPoU5pspJ/KSqVe
mmw0mspGjF78WF68n80xd5xxUHUb55q3niv1y5P5Xr3b8skKwRI3TwKnwKaOB69tu822U1kp04ej
4mXht6TnGweP8w0Ex7ay9a2jLYlPPlm4Lt+4PLmeyoJz4QO+XSpj1Os432LSiGfEB/zOSsNCR82f
epcF/lJfpdGV9zE/xoX6+5gVgT28FF9X8gGjrPQdGwfmH5EG8qx/189oA+GttlIc0aY84BnGPsWv
MSJdNqyXeoMv4x/P9Kd3Sj/KFb7Miqe++sAz2VGv5C9aVVYWXHp0MjbpueKpHRykCAAAJi5JREFU
TjzPCtBe3EhTVpCU8mLcOI+LcXU/Tt+fj29xNsz0YSc8uMb6wYNZIJ6Gh8YYpROO+p2N5b002fGk
L0/iMJ4wR1I7Kh3XLIz25k/0Eb1TGbrynPvsQNgrS7hn5W55F+NmYXdaH1R8rvBoVro3lhdpiGMb
9Hd9f9rGzVhuFrTL/J/+UX9HY7xR7zVHF+3xCi76nZX4U9n41cMwOzeVvqo4XLOwPJUF/ZImYlrT
PAruUbaAFvLVmNDEM7zXeDwu7tCnOb/KJF9hwVV1Aof6XaShHu/iu1Hbaqbxs9JmUYasjJnKivyp
bDiaykarUsesxCrtlRU2vWdZOVjaKiu0ezhkY9VU3rq217a0j/5o52ykLTzfS5BvshJ0Cr4UPyg+
V55xzcdYlXgx3aj3yGjKMyuMenTU35hs+JrKSrX/ZX/t1FTe0adHS00fNMb8lDAbI6ay01hrOvLh
GzkbIRvIp7LjQ2tZ0EecGLJCscQX7k1XxlL6/UxCNtoPLAcsmCPUIRu3+tIKe/FFNrDWSabmA3f6
BXIsdGQFaa9P9BGT+Ya5SDa6TOXj4nqvxuL3nFc29PSwEA66Qgff0az475Uzzk1W+E7lHcVKOehD
mkJ2wCr8ng0ABWvFGcSDjPE1D4IFc0jxnurDVc/gH41DlEUeikcc8s2GpzJm8Tu+y4bmXl+GL7Ly
vJdvjKeyyIvvQgzoKhSXK3FjvjEu99k40htnlG+dnnKQ/eqQjTzT6FOZyNV8HxWygXFq66237sVX
WfU1G22m1Yk8usZc8mBeT/vEoL4c6yP6SNOEX0w/6n1epV3qh1w1KGQjUYkLX4JNHahLNvCWeXDE
UfGYp1CHbHiaysaQHj+1lQ0/8a2jzvQJAnIEePO9ZH4HNuA4bsiGwkIH80D1AfQxolPPssG4PKNN
SRPbhLj8zgblQkbNn3rH95649R/vY37oubIhqK9K4MmcQWUpjdKBEbLHuIE6Ky/RpzL0W2XrN22g
oLZSHKVVnvAMY59CjRHpsBcwLwBfvqcqJ75T+lGu8CW6HNFCfvBMdtTrw1PloVdUYGzS87pOPGfe
0hSy41MpT2mIC+90hXH6PrhnI2hfPWKZlIt8MZOALitiJzy4xufwYDZ6TytKY4zS1fTlBYe9NNnJ
pi9P0miOpHZUPipf8ydkXb1TGbrqOfJNHWhjxeNK3K7vD+nh0ews01ieyuJaj22jfH9qOvmtfjbb
3wHN0SPt3AsXPc+OlkUHL9rUV4Ub8bIzzlR29unjSZ7XNI+Ce5QtRIvGC81X9Jwr9Gg8htZxcEdv
oTm/8oz15JnqNO43QTj6OvsI4N1SJmaTdmVQgHn4KEmBHp/VxnYMfqpDrcB+05veVAQ7BDXy5I8P
m+JzzZ5jvXd0zOx9VQx2DNZR0Ucni+lGvWcSkT1eizIKJasUf9krpghXehcdCiiDeMSHduqKAp7J
Owqz7LFVnsf8RJc+LHTKfF5YEVz4CKDMVDryBFulGeca6aMsJi88Y8KVvcB6H6yaRvAAX4QiGYlJ
z0SaZ9lDc2rfffftM56OQ9+yg5dNG6gpp/4bZFhHMAU7cM9ekwV3jIa10Xo+cIfPZXhj8j0KLuPw
+9lnnd3rI9m7ukyaqDdKnEMOOaTXxrHPjkKT4kZDDTjreX3NK0VLX9BYMC4PMj5oXKDf0fcRJrhm
r7Teu2j0oe9lL8heX1Z6+AnhLa9Qm2Kyyu8999izKLCYhOWVvCU/nmNERLmUV7aWj6TyqPuI6g3f
UWcmIsStxwjF44qRFRqk9KY8+j8CZuyPTU4he++1d6E7byFZ+JxJCEpCPuSUSz4qCxzyqopeP1Id
KC/+wS+0j9JxHYcHYxuPMg7Gcke9l9ErGoCa8qA/yiGk/r7E+Iy1eZVEzxAe30mBwHueyyEIASbG
072+dfAMBjsEkezlWNoJelEGwGMzNSjTrrFfD/Mtpv/g8COe4Numvgp/RuVP3nJzCoMY7YsjkNJw
he8QSugnGIr0ju9CjQPvEIb4/sC3lJM9Vwsv8o7+QDlKN+qV7wOGM/KCp/MKy6m8w0qPprz6pPQZ
1Tv2L9qKby705fNFS1+Exux13EsfDdZgQV9VfenvTORFM04T6t/QBN56N86VcTyv+pvKqwR6ZVI2
/RhlAO2H0Af9cb4gpx/aCdzhQRQfeQVjyQfezCtOptEGb6JQpky+H5QVx9i6DuP2/fn4FkMrvKG2
Em6MHdmbeApHEHDkOUpUxuFYP40xvGc+hEMGxi0c4ngGP/H9IE32GC/f3rtsdF1fAF8M+8oPHoFX
SEebgLHS6lvHe9qb5/SRvM1mb7xua4P6+8P3S/1ZZevK8+zpX2ig3hgq4G3ofP3rX9/DgndxXIUe
nJN4zpXvP32EtNSTOsXvj8qL17kyrIM7Ywk06A868zbBpY1RXvKbd3lHjT4nGRRmfLs1dig97cN3
kH7DPcJ0PT4NizvpIn18M+QEx3caYT97vBf68gq4KeaMKmsc3Jkjaf5Jvfl28Q3COQx+FhbUi75L
G8VvAu/rbwLjPNjwjvFe9MX2nY/72Re1JyNHxmWwxYguAzPPwDwa1hWPsUMhGtbJgzkOfVPfV54x
1sXAHFTtydw3r7oqCjrGnDguwwczCfA3YwT9JxrC84qXqfPOO6/3LjoUUB58D39CO+MtCngMNyhZ
84rkQnvMjzQoWZl7qF6MnXzbUXDxXVQ68kS+nUkQfSpLTvA8BzPK4F1NI3ig0DvggAN6RmLiHrLs
kPIM2RrDMMrSmQTmMeQrOkSnnnHFsWuQYR0nYbADdxSo5IOjRm20ng/c4XMMSdDON32UMA6/802k
vqoz4zT1ZuzDyU3YIleqz45Ck+LSV1UOOLcFxnD6vQx7jLf0EdJCC/IEz2oeJA7PFXDKUXkYD+n7
OPZwxWFB76LBgb7H3Ed9WXEolzkQ8+3DDjus0MGcir7IH3oi0Ucf51vLdzUayWr6RCd8R50xSJFH
NHQqjq4YWaFBSm/oov/zfYv9sckphHk18flOgj+OEsxvRCP5KIAD32ri8xdx0DOuTc5M4kHS1GNu
VPIzlijENqbtNQ4yR9R41oaf8hj1qvEf/LsCY5QcQurvS0zHWJtXMPYM4fEdczTw4D2BcYvfeTeE
GK13H41I6ICRVdD3kAZ682rCwmMzNSiTX+zX1EHP1P/0TN9i+k9e0V7iEZe+orjwJzpqnvOXd2GZ
YjyjfeWUrHfwHfNO+gmGIvEZjtAKwoE0yH30ffgW5wQWkigN/YFyxg18H+K4zzwROUS05l1ZSp9R
vWP/gkZ4FPqQt+mL0BgXAUWDNVjQV5U3/Z3vtwJOE+rf0ATeMwmM43n1bZ+egLLBjjkU7Zd3Cyj0
x/kC4zVxaCdwhwfR++eV1oV2+iO2kTrAm8x5KJPvB2V1GdbH7fvS00AjzpFNcyDKjnWqaR3md9QH
CzfGjrw6fEp6fZ4jV9P2MWiM4T1jH/Na5JO8E1zBBX7i+0HIq+OLjCQnEvBFl6FA/eAV8uIdGCst
7chzHOBob57TR5Bh1Efa2mCU7w/5Rh0yzkR8Q6Dz8MMP75UFLfW4Osr3R3WOV40Fs/0dAHfGEmjW
H5gxRtPGLAwVhnmngT4nGXQdfLs1dig9fQY9KP2Ge9q7Hp+GxZ10kT6+GXLe4juNjJ13TCi0851i
zhjLGhV35AjxIPWGx/kGoTOCh4VFbIdxvgmxbX0/uwhMrGEdwZAPCKtEGPj5oyPQcVDwS6GHwhZF
JJMOxWMA1Ip1PqB6zlUK3Kici/GZ9Mb4utdKxJkq5smPjyP0oSjkQ6Ay4rvaaCbhizQX5g8uQo3S
kR+rRlHC0uH1PH6QahxUlgxBKOFinspj2KtwZXU57VSnwzNMA0LEPsZjFQ/tG40R8f1M75mEoNBB
GQiOfIx4Bq/pr6kMTVTrFYXwHvnwx+RBaecLd3hHhpWonBYdbddx+J3+JqVs3iKrj89Ujgy+tOGo
hn7lwVX9HIcF2iu+67ofhwfhAX2MMSTXfYDfGMaJU7cztKgv8x7+ZnITaUQZr98I5CoLQ6Kec8Wx
BqOcyqnHhRhXZdZjRIzDveKRJwJpfC/BEs/Hus7E4xl9grEGWmh/hFLyigbWmCfCi96rP+kq5yjF
H4cHSTvOOKgyx73K6DWoj+GwJEMDk6tRy4PX6c+Rzxg3xRPwap1nxBH+0xhLmkH01nm1/aYNx/0W
i37oQXEdy2CcF7/oe877OH7CnwiUSgdfxt0l5DCgbwfYyZikNHWeGKvju1HvxQ+qj9ot7uYgepqM
lNSBOtG3+OO3HCqa4qs8+h1tIXr1LZvNtiZv0U6+zClQAqpMrpGG+Jx60AdQNuFwhYDJN3MY+tTm
TfVXGeP0feULDXM9B4JOzRPphyh3RTtXxkeEIWihTeM7tXE9/8Tjn/hNY67mJXG8IE/aIR8rUNJh
SFc59DGeQxs4E0/vuEeI5R2OHnredOWbxvy1y7DOKjPoJr9Ig/IDG97x1zROQQ98Rv+ovz8I0fX3
RPlyhe+gD6y7vqMxzbD31F1zZhxr6r4hZR71QqkZ86VOamfes+I1jm1ddSKfYXCPZdTzA9ofxQ9l
5/NF+2gTnaPgHo3gNa+Tn5w46nbQ/A466nmivgm0cfwmiL75us6umD05uaEIQv5ijFdoMqzDiyhx
UB4qoCxiFR/thjI4BhkAo3FI8RkHmJvXASUhxjHeNym+6viDfqOggz4UafBJDHpXG9ZRzFE+aVCE
Tl37v1SkYdUoq5IxCCowpmhsq3EgDulkCNpj9z16ylelH+WKExJlYTRoUlDzjPbgD+V2U9AKtmiM
aIo37jOMvRgyUAaCI2Maz+A1/TXljdKTuiFXxhWFjPuMGeTFvcJ84c4YiGEFTBmrhg3j8Ds4SSmL
c0HkM5Urgy9YjWroVx5c4RXyYNWtVuHG9233Ms6g22niQfQgYEXe4kF4gN/8yQAe86fvyzBDW8d2
Jh78oN0xyBtH4xjoYwoY4VQW39wYcKzBKMd7yqnHhRhXZXYZ1omveOTJnCkGfb8wflDHaSE/ok8w
1kALBlHkCPKKBtaYTmMU79WfdK0dLWT8IL+mMZd8JWtEY6j0IGBUj4PUl3GQMbqJPyOto9zL6DWo
j0VDA/P5UQO8Tl0jn8Gz4gl4tQ4RR/hP/E2aQfTWebX9pg3Z0QG9mYL6KG0tY3nTt1j0Qw+GwhiO
O/a4Urd81GcvD95fmOfSxOcP/sQAqwCvMi/QezkMsAKUZ2AnY5LScI15Il/NJIgfVB+1W9zNQfQ0
GSmpA3XiW8Qfv3Ekg/6m+NLrqV+JdsqVYWu22pq8RTv00JfQ+cUAPzQF6kEf4LuEwxXfGVbhk88g
+tQ+TfVXWeP0feULDU1zIMYMzYEwRFKHmQSNWfRDDKkxMD4yV4AWeCgG8VQ9FuK8RvymMReHI97F
8YI8qUPe3r68i3jG58hEdV3R+0I3DqhdQd+Vru8P+i5o4y/SoHxxptBY1cgbY3x/lLfGRHDp+o4q
/ijXyC84i9V9A/ue6o3jWB3UzsTJxyT0jW31N7JOOwzupNF4UbcP7a0dBFrHwBFwl16HutS8Dh1y
WKzbYZxvAvk5zD4CE3vGemaqaSF/7FMerMs5YXky0nfeQoycP67lDJY8WS9nk2ShtPc6e8OW9FlR
Wc434RwM5UukrHgs7//z7+vOP+LZKquuUs595dzLrMQs5w/FM52JM0qI9GWhYNr50JwfwxmynJ+h
MyU4a4Lzm/IHrZyZnDtyykaYcu5D7mDlnETODYnnjOQPeTlfBtry6tly3klWHPRIpV6UwVkWEY9e
hCFvMlumPLCVMy0484HzZptC9o5M2eO8tSzRm5W+5WzWpjxm+qwL+7a8RVcWmsqZQoqXB9SUvanK
GeBZOVzOOOGd4nM/l7hHvo3l0x7Zi62cTwYNCvkDU842y8a40o94Piy/w4dZAZCyMaecIcOZJ3Wg
XM5cykrWlCfp5TwoysxKvJQnhHX0vt9ZUC7nw2TDZK8/ZsN6qUfsv32Jwo9xeTALMr0z6PNkq5yp
E7Itt1nQLGflUPc8iexhx0vxU/bsLme1ZWNDnbz3O390U1aslzNUs5KrnMHTe5lvaBfOCxo0xqjM
eoyIeXGveE3jIPXm/L6mfp8/0OWM36zMqLMsv7PCvm9sUiTxY9t7xeOquNwPy4OMueOMg5Qxk5A9
DgsesY8pvyz8lnb7v5v9X/lOMHbDC1kBNvLZoZwDlSdtpY/mSbiKKGdokmf2ii3nEvZe5Bu1cRZ6
y3lknFWbJ/LlTF/OWuZ8wbkIaj/4p+tbTNnCLxtZy9lmnFdFn+J3VhqU87I4H0pBedMPmvpkFkDL
+ZtZyOhhojLIg7NS4/ebM+NIw7eJ8mb6fVFZ4ge1Af1M33N9A+qyGJezsrx8c1XfeK3j845vPmcs
ErKStcwDuM/e0OWcsGH6G/GHDaKdMwazkJmWLFnSmZT6Z+Vg+dYxRjYFYdX0jmdq86b6K804fV91
IY+5/BaLRvGGvn96rit9Mxt3ytwtK5DKXI53SlePG1mZUs4XI454i3uC+I6xgfNGOeOYwLmJjENN
3xHGFc4sJXBW1/3ue7+05pI1yzzyjvnsxaygKOe6lwgt/2UBu5xhznyT75jmqDE6fJMdXss8lvll
0zmWWYAsZ2/zPu9E0UvO9yc71JYz6XoPww3f2LZyiSb66OvZGaNvfh2yGetWeWdlTuH5bAyZlk92
WkvZqFzOtsyr63r4MEfJK0jLtyQ7YKS8gqj3blomDQ9UdhfuJMuG0vINyQqWMn4KW/FFdpZJ2WDa
4z0VNQruzH2Z5zP2c2VsrQPfRngtK3jKOZJZQVqiRBzyUT7pE6d/opxhmJWhZU6SDeqJb2H8JtR5
z/XveLbwXJe1ovNnLsi8m/GAM/2a+jM0wn/MGbPDZiJNnJfznc4G0pJHVnyVua3yJW1WSJZ3jFkK
nFkIH2YFYRl3soK370xnxRv2Gumr89K7u971rkVOVR2zwrqc75uNtqU/ZINDGf+gjXPIs/NMIk2U
qxnbmKfRv+jfjJn0BwXSHnnEkem888/rw0Pvh72S5y4775JOOPGExJiSlcuNSZkXcuYq7SfsY0To
5ZuTlb4lXnw3W/fCF96osW8rQ3ShV8lORr1ojBucX5lXCZWzQpmHEOYLd/Et7Yu+SOUzbvF9hr4Y
kHHzTj7l7GH6EWFYfocPs6NWmePRF9Dx1IFy+eYxl8mOK+W8UMpEn5KNQHX0vt/0N85AhocZ3/l2
cOYrc4bYf/sShR+Uzbm22Rm18CDzlKaQHcWLvJ8NFWUMgQc4vxbdVHY+K3OROh3jPdjS97LTYRlb
FAe6kQ84551zVOHftsCchnNw6ZPco9OLITvalTpDS17Z1TrGqEy+l9lBrnUcVLzs6FYwjTiSP1gL
h0gL3+XseF9klkif7qG/qVy1W9t7peequNy38SDzTsaCiAdz67zqt8zD+U4PMw5SxkxCdtwqdDA/
UB9TfvSxbFwp54YjL4oXsmF94HnsykPXvCNWOY+aPpoNNOVcZt4tXbq08Fd2MkzP2eE5il6uamNk
r0MPPbTQQT60T3YW78ljfYlm4YfaD/5B1tN3qinrvBAkHX7E4UV/xdgBTvQp+Fc6n4ir8m7rk8jI
2WBb5mt5IUbRbaqNKJ9vC7goMD6SBp0u5fEd5zs0blBZ4ge1Af1M/RYdWnYOnVYW4/KyZcsSODSF
JtqQOTk/nXDOZ89Jj9jiEeUePS9z2mH6W0kw5H+inTkUvDTIhkD9wRw5gTGyKQirpnc8U5s31V9p
xun7qgt5MAdirjRtDpT5gfZoGgtV9rBX8Ya+f3U6dM7Z+SdlB5rEGCFZQ+nqcQMZIztfl2zEW8oT
3JFLLvjeBSlvt190LLxjLsA4xHyvnuPwfdxpp51KFsxdHvjAB5b2ZS4ITWuvvXaRhVVG01X83vX9
0beO7zjf1Sa5Gr1Q3sEl5QUmvTpS3rjfH9Eq+mJ/1LuZXpU333v6MmN1HZAxsyNS+TYxZ4xjo9o5
O/GVeUp8V+dT/1bZXbiTRt927pk/Zecbbst4SXvXvFde5v9GwZ35Vl7kWmwJzPfRFdaBfgavIXPl
Vew9XifeqN+EOm//niUE8DxZKH/5I1K8VrIyv3M1g1bxZcXitBUrWkEXV3Mo3wxp8fbJE4bWa56U
TMtzVPy66NO7SJ/yx7Mx0ga98S9PovpWEkfPl5iu6X7QeZmioekaV2qyUqkpDs/yx73Qi3dP02oU
0ZuV6615tOU97HPh28QbbXl00aUVSNlw0KNZ8Yfhp5ngrrpQTiyf9ohtHHmEFXDj8HtcLZgneb26
RszwqGQ7ScpjaxzeQcu6eRVupKHtHu9d0qgsPFXrLXNjefF+XB7MH+hCW1N/U/6xDniQ6TlXtUHT
cQAxHvd4CVN3tuSq38W8BvGmyuyieVB+4oF6LD3vc+f12goeysJn2WaP1fT8hv46jerSlqfex6vi
kl/k1ab7eswddRyM5Y5z39THlY94Fd6NPJgnwI1trHT1Nfadtv7Byil2IYhpxQvwH16evMOrHxzx
JI5xZ/Ne7dfGC7Es6FGdWH3DO45J4FkTDyvvuP11zI97tYm+Fepbw/CTxpk6z2F/q2yNuWqD2G/1
DRB95M1qPuFA+7DiNysti2c3v3kX40d6tBKaVU1ZiVHmIJRHmq5vbsxj2HvRzuqbQWki31KHrGQs
Z1ztsMMOxeNb9RVWbfmpzdvqr3Sj9n3VBTqgr+tvJt9i0SfeyMJhI3bqC5FXSKt0NU5NvKWyuGp3
AfLLwn5Z1aAjdZraLysKp7LSoIeD2kdX8Bk0dmlFOPzbNI+DLraYJM+2uV6sQ7yHlyMtfH922223
siMTtPFu0Gpm0Vd/N2I5494rb1ar18f/KE94VHSy2kjP6Su0M/Vo4w/Fbbqq7C7cSUebaB7GakE9
Y/tdym7aQWBU3GNdNNdrorntGfM6MIIevgnkp7OuB9WvLc/ZfJ4VHCtNyIqf0hbwTDZotNZbK3JZ
HQTWMWRjZMkjrghXvmpn2rrtLytmp+UZ8x/mvos+vYv0KU/4r6YLmvXHUUdxpaZWWg9Tr2lnuqvQ
Ia6Uyco5aOPYl7bw3ve8t9DKHKip/aCXPJC/5yoI3ybeaCuzla68uocVSNDMvEBhvnBXXeryaQ+e
6U/8we+s5CzbzMZnitd0Fb9rNXIXblmR2juSTFths4KRVbgqr+uqc6CZHxAPuRoZfpgQVwt38uDy
7aeZz8KDmpdk41QjT1J2rEN9Pm521Cgr1lldH48DaKJZ28AjUzQF5cV8oB63YnzF66KZ+IrXlJ/G
wWxM6qt3XGkIP2yxxRblqENW0/ObdqnTiLa2PPU+XhWX/Jr4Lj6reW7UcTCWO869VhnGPq58xKvw
buRBtuQdJcS+09ZHspGqb8cM8lcbw3/Z8FiKZO4MfnFb8VFoGSau2q+NF2Ie0KM6ITcQOCaBZ008
rLzj9tcxP+7VJvpWqG8Nw08aZ+o8h/2tssUPaoPYz7JzVamf6CNvttuO9PGNR2ZAVlbfivEjPVoJ
zRFn2UmgjA+UR35d413MY9h70T7MzjGRb6kDcjU7XCE/0G+hjz9h1UaD2ryt/ko3at9XXSLucWyJ
9zOZA4k+8Qbyc1NQX4i8Qjylq3Fq4q2Yb3ZiK/iSHzta0B4cZ0Z9m9qPXQ7i0R2qv9qJK3l2BdHU
1HeVTrjrO6vng64z+f4ob9FXY6z3M7kq767vvdqEsTE7FvYVp3Zu44++yNUPld2FO0lin8xG/pIL
z7IDW+GLpj42Du6qi+Z6FbmdP9UP4Ldhvgmdmfnl2AhM7FbwTUoSBkcYZpAyv0sZ2ZSHjCPkzVZS
nKVz1llnNf4xqUIJ1ETfsM+66ONDiJK0yeCQV4OVrSc5EyeviJrKnpTlvDQEf2jnLyqmpdwkPwyq
bXXiedP2ucPWBzykyNPZwE1pRQ/tFxWOiisleKyD3s3WtQv7tjK66GpSiKuec407ddHW09ljq8eT
tAcfYLYl5cr5PfAGhiq2Ex2H3xHEZSDnDLQ2rGTgUhsyKeE8T000uq7QS76xrCbjQFPZ4/Kgzs2i
biium/KOOI9q+Ij5yTgmZXd8x70Ms/ANGNTv9Vs83DRGKA5XxWvKr2kcJI3aj0lk9srrowHlEXzU
Nv4qz0F0Uc44PKi6jToOKt2416Y+rrxUZ/g98uAwGCgPrjK4gS9pMS7EP57zx1gd07W1cfb8nGaE
j+lmeq96t/FCnb94n/go3DWWNBmYlHf2Di5G5DovcM67HPR978S3HIlCnm3fOrbl6upbdVlNv2t+
aGqD+ptBHI3VONbURjkpBzRu1uVG/qAO2oaZMb3NuFnnMezvmvaudGoreJN5CUZ/xY/tVI+biqOr
8mmrv+KN2vfn61ss+sQbGAH0LF417tVjstLVODXxVsyP99qanC1b4X3aou0YFdqHMwQph28rc0j+
UETxbSYtgnNXHxnGwCtjz6DxAR5RfbhHYQANjIH194dt7ng3CYZ1FF1tc2aOrxKdcZ5L/WhncK7b
WRh0XYfBXenziphCAw4A9BmUhGpbZAzF4zoO7qRhzKUug/psLEv3pI/fhLwaoHwTyK/pm6B083Ud
W6JegAllAJ+JYb0pDxkNadO88qqcncz41/RHXJRUMwkyiNYGI/LEIZFxrcmwjlKUuTdnMrKVNY4n
jIk6+gr6o9LsQx/6UOlLlMOcuKk+eta0fe6wdcRAmVc/lT6ms4Gb0ooe2q9WOBK/1YDdlNmYz7qw
b8uyla7MBigXwZ15gYLqOde4UxdtBYyspgB/okdhW1KueVeYwgc4LLE1+Tj8zjiIgZy60ofaggxc
4sO8ymoqr5Iq6Ujb9Qe9BMZOGeNxKB8mRGUy8nlbkNODlN7oCPjeUB54NgUU2sI5tjNxpeweRokv
45iU3XVZMswOyktlDlKwK15TfjJk1YZRtZ/O4I00Mo8AqzqN4ijPQXQRXwZp8ht1zGUcxDm7bRwk
T/GfaJvJVQaEuu3JU3WmvMiDw2AQaZKhgf5BWsb/+Eed+GO8jqGtjZHb2Dp4roLq3cYLdbnifeLz
jVP/bjIwKW+2EceIXAdwro1E4luOAiBPfdfqK8cxML7MJNT80NQGMiyKD4mjMQTHmtoJB5m0i2/F
H8ShDpIXcT5oclKbSf1q2rvyUltBF/0xtldsp6a+E/NVPsIrvov3o/Z9jfeMgXM5BxKN4g2OnGoK
GvfqMVnpapyaeCvmy3ttZY+uRfoXDL9gVYdrrr6m6GEo59hjji1zSOaReRe58m2mHWva6jxEU9cY
Jx4aOD5UU2n143G+P6JT9A2qh+KPclXeOP1dcvEljUnlsE7d63luWzs3ZlQ9VNlduCuJdODig7zr
RRlfwATdSh3GwV1pBvXZqaqNVfYo3wSl8XV2EViQhvVBRosuZSQDH4NczINBGUWnPmJtyhuMhLVC
vC1u1/Mu+vDIrOkjLw3snEvVlLeUVFHJpXMpqBtCX1M6BDuUCm1GxaY0Tc+kGGZVJTjVcchfCuC2
89xHUejX+Q/7Oxovafc6HYNjvSq0iy7VOypK5xN3zo6BX/hrU0jmLVnL+7wNcanvOPwOz95lo7uU
fKIRP+KnVUjQMpNzjKW0JR94F6+vWI7umQhzVrlW6qotRuFB7WBBWXjZK+941QedOLVTQVdfjnlw
Lz6iThg+6/fURXXuMmyozDiG1XnxW/Eor86vaRxU34AGhPI6TyaKvGsrV3lqVW1MT5syLnDl+Tg8
SLpxxsFIxzj34qvYx5WP6qxxV4IZODEJVrx4zdtzFS/ryANazZy3dG5Mo8kSY2fMq6uNY7zZvle9
23ihLk/tBi76azMKK2/iNY0jGJaVB0InZWkcxLBej9+iBd5DkI7GX70b5VrzQ1MbqK+LL2KdMGzG
8jCMa5Wx4sf3ut97r7179Vb928Z8pRnnWtPelYfiMuZGIyJpEOrlQNHUd2K+wqer/uKhSZ0DUR/x
BvXWd0n1pJ1R6tF2rBqPfKh0NU5NvKX8dJXBQTzBtckhDf6nHIzCtdGavPT9Rkisvxcqi+swBl7R
hEKziUehhbNFESJ1TjlGKJxPSFN/f4iv78+gFc2ib1A9Yp2GvVfeYMxZbrVTC4K2eJ4xO+ZLHRi/
qV/dzjFe273KHlR/0jMG4phEWbQFu3RAc00TccfBnbpI5shbyxfjfU032GDAydvfl7lI/V78FvkW
Q2KNaZ1uPn7Prpg92bnJKN5kdI6UdxlPm/Jg7KIPit9jXr37rBzCSFgrxHvvR7jpok87MtR1ZJyD
/3B2mxYybRhWoT8quZQXBl7q2BRQfmPQazMqNqWZ9iyXL4Uh4yI41YH8pQAmLuXWodWAXUecwW+t
rgcT5vl1wDBQG6Ra6Vpeb3BnXqAwb7jnAnWuODQw76gDOHPmJu/5lhLG4XfaT4ahaMSP5YlH4dO8
BW98NdI9NEtpS7/kW9UUcHJigYlW6ooHWdk7kAd3v44HkXE0rret1GOVpOLUTgVSdkMn431XkLGB
uOjn6kBdKGdQXipzkIJd8ZrykyEr5iHDPjQgu9RBZ6bGNDGO8tSq2vgO5Xppk+Xdnr4HXZTFooHG
sDxNHHMvvPC61c8HHdgwDuZMJH/GcbAx7xEeiq9iH1dy1VnlyZBHvXBqaQrIHxhSL77ofzwgh2V2
w2kKefvwghXnQMfQ1cYx3mzfq95tvFCXp3YDF/21GYWVN/GaxhH0acpDvKNxEMP61f+ZboyHHsaV
fLRbn/G3pnOY3zU/NLWB+rr4ItaJeWMMGMa1yljx43vdi7dVd65NY77ij3utae/KR3EZc2sjInKj
HCia+k7MV/h01V88NErfz1u8F15hrJnTOdDyyog3qLe+S6on7ZyPIC301E4jSlfj1MRbyk/XM844
o9cfxBv56Fy97rtSDkZhZLQ6CN+m70WMK5q6+n6kqZFH89iej/ooBn30D4SZfn9Eo+gbVA/FH+Wq
vMF5n332mbr2v8s/aMszQd4Uzzc50LW18zA0qOwu3JUP81h4DDppCxxxuW+iaVzcNR5R3yYnDvgd
WwXOv9BeB/GbeJZr2zehTuvfs4PA/wMAAP//SqQDnAAAQABJREFU7J0JvHdD/cdHdgqhIrJmqWTJ
FiKUkr1NllK2KPKg/rI+j6UkFYpWWylEhCiyk3YVbcr2KBFFpaIs+f3nPZ7P8f3NnXN+55zf/d37
u/fOPK/7nPM7Z5bvfOY73/nO9zszx/3tb3/rDPvfvffe27nvvvs63/3udzvOuc7mm2/e4dkf//jH
zsMPPzyC/jvvvLOz0kordV7wghd0fvnLXxbviXvttdcWedx///3Fu/e+973h+fOe97zOBRdc0Hno
oYdC3qT52c9+1jnooIPCe/K8++67i3RtsIN26KMuhx9+eOfPf/5zKOvqq68ONNs6Kv+f/vSnIT7v
PvvZz3YefPDBgj7ye8Mb3hDeH3/88QVtPF955ZXD82WWWabzwx/+sEhDmZS33Xbbhffrrbde569/
/WuRVuXWvV5//fWd2WabLeS17bbbdn73u98VZf3mN7/pvOUtbwnviHPjjTd2lQOd1Odzn/tciHPM
Mcd0HnjggdC+tLFtp7r0lMWjnFe96lVFOdT5L3/5S2jjGdNnhOcvfelLizJpf0uX5Tfy2nXXXUOa
yy67LNSXcscS9zvuuKPzwhe+MNAAb8C70Ki/mTNnFrxxzTXXFLi34ffPfOYzRTnTj5je+dOf/lSU
Q5vCY9CwxBJL9N1Hbr755oKf6HOXXHJJ6JO0FX2a8imLvyuuuCLUqw0PgtM73vGOIq+zzjqrq++f
ffbZxbu3vvWt4Z14C96Ez6FBsoa25zl/iqfrLbfc0lWnK6+8MvA9bXTiiScW5SgvpeNq85V8s3KQ
8pCRNs3vf//70CZxftQ5JQeRea95zWsCHcg76CLur3/96y68Va4ti3vqpza56KKLQlr67g033NDZ
fffdw7sPfOADBY1teLCNHIzprPsbzKHf9nHkptoXvK+66qpQL8ld4q+yyioFDp/+9KeLfnLXXXd1
vvSlLxXvDjvssIAFOL/iFa8Iz5Ej8LilETnzne98J7ynLX/yk5+E98Qr4z+bfjTvwaTJWGzL/vCH
P1zUHT6JxwHFtW1MPLD97W9/G+p62qmnFXksu+yynT/84Q8BC9Jo/HnnO9/ZgfclA2mv8847rxhz
1VYqr8mVtlAfkcynzWk/2gY6ye/MM88MdDKWQcftt99ejO2nn3566Pe03/e///3OTjvtVNSJ+PTD
FE2/+tWvinjgwphaFjeVvtczeJv6ffSjHy1o57f4nfdxHpdffnmIS93pC9QVPC699NICb2gVVja9
8oWf4AXiUX9bJvdKY/liGHUg6JRMoy7oGdddd10Hef2jH/2og17Ec/5OPfXUol7U0coYMFSd4eOU
Lqv3XEkvnYa8X/ziFxf9wsYjX8nhtdZaK8hrnunv4osvDrShT8Q6btf4c8cz+rXGAduOKo82lUwj
P+SXdGpk1gEHHBDKos9q/EYXU9+Kx58jjjiiwE7lqiyu9CXRcdttt4W+RrnoCpZ2m6bNva0XWO+5
556dn//856GNqYd0IOr1gx/8oGhHaEBf2mijjYKcoj/YsaSsH1va76yBu62T1V2gFZqg1cbhvi3u
v/jFLwqZCz+hs4mXfvzjH3de97rXhTZbYIEFOox9cbn8tmMC9JWNCam0g3zWmQLh3//+d+exxx4L
fAp/bL311h2e/etf/+p0nh4JAHzy8pe/vPOiF70o9DXFePrppzuSzeTxn//855lXPg/0PfKGB9B3
//e//3WIzx9yUf2aPGnPfgJ0Qx98xBj23//+N5QDL2qOpDqqHOSr+sZXvvKVzhNPPPFM3T3t5LfF
FluE/BhvFFQO6ZZffvkw5qtOlIl+9va3vz3kS39/6qmnlLTxFdsD9aEs8mRerLKQRZq7EAf92wba
kvpQL96fcMIJnccffzzUizoU7WQTtbwn37XXXrsohzo/+eSToY0/9rGPBfoZx1QmdRBdn/rUp0Kd
VPQTjz/R2WuvvUJezB3Ei2OJO+MJPCnegHehGVq4/v3vfy94A94PoSW/ow+qHLB69NFHizamTZdb
brnw/iUveUnffQR7gfiJPsE8kD5JW6FLH3vssaEs6EE3JTBmKE2KB3fYYYeCfvEgGO2yyy5FXt/8
5je7+j7zecrgb8cddwzvhCHtDJ/zDhqhS3KJd3GYOXNmQR/x0bXg+3/84x+dL37xi0U5vENHsMHm
yxiM/JCMoCz+kJE2oG/RJiPy8+3PGAjdVg6C78YbbxyeY7eALvBBH7B4q1xbFvfUT1hhsyMt/Yjx
9/3vf39493//939Fsv0+sF94hi0Tm2ksc2U7gX7JXOYnKuPLX/5ylxwEoy233DK8P+WUU4py2t6Q
H/TvvffeIU/6OHLT4o3Mhh6VR/zVVlutoPG0004r+gk6h9V1PvKRjwTS6KOrrrpqUQY8bgM88r3v
fS+8BwvGAgLxyvjPph/NezCBz7DRin/Em5J/ZeUdOePIAhfSqg/G8W0bC1vmatT1nHPOKfJgTPvn
P/8ZkpNGfZ+5A7wP//FHe337298OfUb5xWXW/U1bqI/AD+Jx2o+2gU7CN77xjUDnJz/5yRAHOc17
yv/6178e+Jb2w2b1nve8p6gT8ekHqYCOTXr9Ic/K4qbS93oGb1M/2fgY7/gtfud9HG666aZAD3Wj
LwgPbJzIKNEqrGx65Qs/wQvEjcukfAXLF3X7Pryp+R2yELuH+EI60Pbbbx/K3nDDDfvSgaBTeiR1
Qc9AL0JeM9eTrsU7+FiBOloZY/sRfAyO4BuPCTb9OuusU2DN+Kt+oTi6Sg6/+tWv7sz08hospCtg
d4c2ypK8VTr1cdqszvhj5SD5Ib8k3+nHhx56aEGvxm/eq281HX+eevKpgk/JnzL56zUmq351r9RL
shqs9t133zBnBBPqIR0IWUTfVpDc3HTTTUO947GkrB83xV3lcbW6C7Tyx/w2Dm1xh38kc+EndDb1
LWwnb3rTm0KZCzxvgTDfjsvld90xIZU2P+sfATdI48Ro5K0Juxg4vmJER7FSWVbBUlyELe+t0VPv
5KRgcMFQr+copTidMRjrGcwOozOhVXltr/vvv3+Rr/Lnqg6lZ3KGxjhAH/V53/veV+RDWtVHdGHs
tnkyGGKYVP4qE0Om0rS9MnjbslCErTLMOxQcm39cL0uX7nF0MxDadP3co6wr7/gKjeuvv34w1Mph
YuOIFiks9h1GVvHiWOJ+nTfex7jDF1psIRqZZAm3NvyOEovSGZcVt7EtR+W1uV544YVdZakeukLH
G9/4xmA4V/5teDCFBXWyfZ/FAihxKscahEVPfMWpqvi6fv7zny+tk3BVuUpfp4+obBQtysKRqGe6
ypkzbdq0Ee+UDuOb4sdX0afnsYMS3n/zm99cpEdGKS5X0h9x+BEFJince8ncGIu6clD4172mxhFb
l/jeYoHBA+UzjqPf4MB74mFw0nN7pZ7QigzSIiz7HoPRuuuum0xLPI0bdetbJ16MvaWH+3gsjvNk
8qU0xEVpjuPw25YT85zS8xy5Z9Mzttj4KNuvf/3rizJ5x9+5557blc7mUXWfGg8wvMfPmQhb/mG8
xSlhHauqB1fRZZ+Vtd/BBx9c1Ed9tormuu9ip72lRfc4bO++u3tRIb/LeD2uF3JN6bXwQHmXXa2T
2PIF8ev2/bEci6VjxnVX/Xi+xx57FIsYU3qEFh9ZHlJ6DB+pNrVyhIWAqTjIZznWlR99BF1UkzXo
ow7SY8gHnVLxq66ktTyJcYhnNo3GNp7xLh6/644/pJXMhVbhbsuK70kTy4wUTlXPrGOd/PhLlfOF
L3yhaAP0mDhO/DtetNcP7qIfg5EdO971rnd1tavicW2DO+nOOOOMLgxSY/706dNLZT2LboUF9JWN
CZbWsbjvf2o93DnIoSzs4ysyKhgHZ1VDi24UD77/1re+FYyH1ujJe97JScG8DUO90sEfGELtmEF8
FtTEDqzGCHpbph0fVaZo0m/KYywhxDhAH/Wx8/PnPOc5RX1EE8478lGeGAW32mqr4rfKnDFjhpK0
vsZzBhZR2YVU0EEcG+J6iU57RTZYA7tN3+aeMd1iYsvi+Ws3em1wWtHO1ohKPNGCfmDTcU97iBfH
Ene7uBs6wHz/afsHh7popF44wxTa8PuTTzzZQfZZ7FJtbMtReW2uLBKwZakuuvIOXsb4rFCHB9E7
bMBeQN9XWfQt6qW+z3OcFSwwU6C/iI6yK/PYOLAgXuXE6fRc5So98884btnvW2+9NRSJIzGOI2dO
yiagdOgDoiNOHz+XM1l1hPe1gIa0qTGWhUQKwl3lEB8nl+rPc8q0MjfGQnJQCyCVRnJdZTW9ppwS
ojN1tVggG7TYJRWXOvGeeOj8qTjUk4AjxzooFfdrX/taZ4MNNkimJY7Gjab1roofYy9adEVnl/xL
5cP8U3F32223UqewLSfmOaXnOU5LG+jXNj46u+YLpOMdfyymbhNipxp5MleOn+NUsvzDQhQWcL3t
bW8r6q96WLrss7L2O+qoo4o81Gfb1CVOEzvtLS26X3LJJcNcwaZFxy3jdeGt9PRr4hO08EDvyq6U
KSex5Qvi1+372DksXzCm0ya2TN7P8BvW+g3SMeO6qyye77PPPoUDH+ek3umqxUeWh/SODWmpYOUI
CwHLghzryo8+csghhxQ2H+izegz5xLgrbepqeRJbDfnZeLFsj8fvtuOPcLdlpe5jmVGGU9lz29er
2phxXsG2TYomnqUWybTFXeWiF9mxo0o+t8Ud+71t49SYz6K8soUDdccE1SlfRxeBoXesY3hUR0td
UWatoUUMaeNiFCAOkyL7HGGEc0PpWYWDMLRxdI/hC+PlaBl+WK2KMFb+XNnhgXLCjkc9l6HS4rD6
6qsX7xWPtKxmVV3slTqyK05x7RUDwmjuEmEFNCvUbBncl9Fn6xWn0W+cdUwWbJ36uccQe/TRR4+g
EWXu/PPPL5z4CKc111yzKx4DJrSk6I55cSxxZ7CI+Un4sVvkyCOPDCukLW5t+R0Fg76j/HV997vf
3cFQasvo9x7jBsqaytCV8pkEWQeAymrKg6SjP6JcK397ZfUX75U/V1ZF2zipe1ZV2zS6Rx7F+NE/
2P1p+U3pU7yWKo92ZuJAOciqOI4ciiyise+gRTvZyvoGspM4m222WZHWOg9UNya1O++8cxFH5bBy
NOUsbMqDFoumclA01rmmxhHVJXWNsaBeyNZUXBQiLc5CZsdxaA+NSykZRHyMOUyi47T6rXGjTl3r
xrHYqxx7jeVfnC8LU6QA292ccTx4mHg437mftt+0op7wOMYe5F2cjt/sjOWUFksX92AK7kxKUunq
PEu1BTKPlbwsuKMc6MMRqckPz+QwSvUN4nMSCE5IKxPK8NFuk16LGOrUx8ahbVR+Cj/qYU8IsGkx
+MZpyAvHC3xK2jh93f5FmTgIKc/yX9O+P1ZjsRy87EhmnGSRnuqP7ES/sNjZOikehgji4FjXM10x
ANj0ukdvpM+wYxrZo+f2imxnURV5WR1TeXNFT5BsUlqws3HK7hdccMFi/FFa+imYxGloP3gj1qdL
xx8vSxl/WChDXji7WFykcuIxLS5Pacr6lfLpdZVjnYV28P1xxx1X9BvKoK+zwt7mQ9uInhTf8g6M
Yiz6wV3lY5hW3av0/La4Uw5jDUZ61VFXFsmlxnzRxlWLrUjTb9vYfPu9H91p9vDlxlikdkpd0YVt
wKFk49H/rr3m2k7HO7MZ9+27xRZbLDg3lB4Dbmq+RRp2q6IDlRmIlEfdK7t90Q8sPSxsY6cXi2V5
Du0yVFocrO6t9KRlPE8F0jL+K669YkdAto9WYB7EriNbBvdl9Nl6xWn0G2ddvIuzH3px/nziE58Y
QSOOD+Y2cuLjWGcnmOjgiiEYWlJ0x7w4lrgz1y/T49HdWNwFz9nQlt9ZgIUzxeLCPWMD485oBnZB
ceJRXBblMz9NOfLgwU022WREmjIehF6wAaO4HH4zdsbYaWF8Kr6eMY9NBcaaGD9oQ7e2/Kb02hmm
fMuutDN6DEGLNG1cORTR2+xzaNFOtrK+wUIg4uhkDNJ/9atfHVE9xjNONbL5c48+l3IW9uJB6mFl
rsWiqRwcQWzFg3gciesT/46xoF5lNtqTTjqpWJyFzI7zoj2QHQQcOZYnFJc5C5tS9Du+atyoqGLj
Vxb7uDx+o5NXBRamaF5td3PGaeBh4mE34N6O2/A4u12Rd6mAjsemrJg+MAX3sl2/qbziZ6m2QOZx
Cor0SuhjUQeOatGAQwseTvUN4nMSCCdWWZlQho9OjqhyksV01/lN26j8FH7UxZ4QYPNEN47TkBeL
g+FT4WDT1+1fpGGXNMHyX9O+T3/iZADRYq+jqQPJwcuOZMZJnfxFechO7D422DqJJk6DIeBY1zNd
2QyWCmBNn2HHNLKnLKgvScdUvroy1sULR1M0Kr692vFH5dNP99tvvxH1oP2on5XtpGk7/sRjmqXL
3pf1K9Hb6yrHOgs+4HtsYuo3lMNCX2xqNuiEWt6n+Jbn8E2MRT+4q3wtIqWMKj2/Le6Uw1iT0rdY
JJca80Ub17pjgk2T70cPgdkYlLzgyMEg4AWg88c1uec+97nOH2vivGBz88wzj4kxerdeWIcyyJ9y
qoI3vLn555/fzTvvvA4a/aTE+clo+P385z+/Kml4R528AAt18SwUyptjjjl6pmsTwR/D5PzKHucF
j5tvvvncwgsv3CabgabxE/2AI1iA6aDaeCxxh5/8qnnnd4a5Rx55JPDwIossUoljG373g5XzuzAd
Vz94OG9U78m/lUT0eAnvUzf4iT7gHTc9UjjXhge9Mu+8kbnIG74dBF+AG+2EjPGrboeuf4A1f94I
GWhrigE8BZakp716yZkmPNivHCwadwxuwBB+QsaAIXzbC4sxIGtcivAGNucnGM47hZ0/jSH05RQh
3tDk/HFfzhvFnF88E3iIePSTutghm+A9ZNPcc889UNmUqkPVM/iXvjHnnHOGvlW3Tt6B7/xK2ZC1
d0I578yuKmbM33llvuDzQY33/fb9QY/FflW88wYd5428bo011ghtgKyn/9dt56YNR7/wi8+c30Hg
/M4y5x0mpVmg84ABcgi60CHRcckDPYG+MoiAHKQceJ7QS1/td/wZRB3IE53W79YJuo833hZyBfzQ
TWafffZBFd0qX9rYO1HcXHPN5bxxqGce/eBO30TmUib6NLpNVaBPMCZ8/OMfd35BgvMG2tIxoSqf
QbzrxZ+DKHOy54mOh06ueTVzhqZ6ZV2M4GPNdSmnKqArQJPm1fRxzavrjGPUSWXB05Q3KFnv7TXO
G8SLeVCvuV1VvQf1jjGGcQUsmPsPqo3HEnf4Cf2GcZPx0+8gcosuumglhG34HdnpjeZBhnK/0EIL
BX6qLKiPl/A+dgLGLvqAN2b3zK0ND6LvMj4owLeD4AswQ0+mLtJpVOYwXOEj+Ac9oQ0G8BR6FOMs
dewlZ5rwYL9ycCzxBUfoRcYgt+HbXliMJX1jWZZfeOS88915p7DzpzGU6lDogSuuuGKYK/jFM63m
1cgmO6/uNbaOJQ7wg+bV9K26/IBc9yejBVL9xqBijj2WtFeV5Rf0F/PqQY33/fb9QY/Ffje68ycn
OO9QdP6zUwEuZD39v247V2Gcesf4sfHGGzu/UNr5ndJhjpKKxzN0HjBADkEXOqTm1egJg5xXo3tq
Xt1LX+13/Cmrf7/P0Rf9JoQwdiOn5Asb5nm1P0EjtKs/xbhn9fvBnb6peTX6NON+r1B3TOiVT37f
DoHsWG+HW06VEcgIZAQyAhmBjEAFAkx8CBi7/OrrYJD0q47dMsssE56n/vM7boNT0u+ocf6b9IWh
AOPfVAvCj3rLCeVXKgdDylTDYtjrS1v5VfqBZ+Fxvys8kDwovhVv+JXbzp+oFPoUznVNsocdr4lI
HwYUf7pMMOr64++C44h6DKqNJyJGvWgW32pMwIgCD1eNCb3yHO332bE+2ojm/DICGYGMQEYgI5AR
6BuBWdvh7v/z/c6fnhTm1bf84ha33PLliyfvmXmPW3a5ZZ0/Htmdc/Y5z+qsU29a7fcgP9sCLEo4
6uijnD/1KizyfPZNvhsKBHxb7TdtP3fyySc7f4qXW3211Z8haxB8a/jiqquvcv5zqmFBMk7UPK8e
HDf4z+G4tdZeK9gJ/SkIbv755h9cGw+uGuObc4sxYXwJnrylZ8f65G3bXLOMQEYgI5ARyAiMCwKs
isdhwokF/hjnsKMWQvxnSRw7e5deeukRdPkj55w/4tn5o73Cuz333DOsSGb17wc/+MFiZfmIhJPw
AScdsMOfFdnU3x8tHmrJbil/rJnzx+g+axyZhPWfSFViF+GJJ57o/PHtwenqj6oLC0lYic3pC/7z
GKNWHVZxUxY7GVjB7I+HD2VSgD+Szu27776hz41agTmjgAAnabBrwh8DF377o87d4osvHnZn0hfX
XXfdjFQPBC6+yI8JN1wf+BYjGQtBCFVjQo8sB/I6O9YHAmvONCOQEcgIZAQyAhmBlgj4z0k5//mU
oOOzg5cdtQR/JLebPn2685/PGpGzP9I6nBLnj4kO75gjaF55+OGHB+f8iEST9AEnZ8yYMaOoP4v3
Ccyr/RHUzn/eJc+rh6TtmVf7Y/rdGWecEU5y2XTTTZ3/lnuYc6233nrOfx5j1ChlXo1dxX/2M8xP
/KfKQpkUwOKLD33oQ3lePWpoP5vRnXfe6U444YRw2h5P/VHnwc6H7YS+uMEGGzwbOd8lEWgzJiQz
yg9HBYHsWB8VGHMmGYGMQEYgI5ARyAiAALsScZZceeWVSUD8Nzed/8bdiHf+m4Hh+PcRL/yDsjSp
uJPhmf+mXDgeK1WXlVZaybEIYdiOnk7ROhWe4XRN8TN1H+22YsLpvylWONMtvhiHcFhmx6BFZXTu
/bf9nP/2YzKzww47zB144IHJd/nhMwjwWQ7GBP991yQkwyTfc/9JNlF+mBHICGQEMgIZgYzAOCDA
vHqbbbZx/lvaydJvuumm5JyRBep8oioVytKk4k6GZ7fddltY9JyqC59a8982zvPqFDjj8IxjwZk/
p8JotxXzav/t+cKZbstkXu2/zT10n+y0NE7U+3PPPbd048ExxxzjmFvnUI5A2zGhPMf8pl8EsmO9
XwRz+oxARiAjkBHICGQEuhBgZTjfB4qdvzhYOPY39Y1FVijfe++9YTV5V2b+B98IHtT3tOKyhuE3
3+piMsfVHjUNfkz0OAIwh+FBAOe6vgkmqmgrnHR1vl2qNHWu9913n+O7XXHfon+wY8XyS538cpze
CNC2rK7ne2c20D+XXHLJ0Cft83w/EoE2Y8LIXAb/JDvWB49xLiEjkBHICGQEMgIZgfoIMKd+8MEH
R8yF0UNxDJbNq++5557kcdZ8I3iqzauZq8Xzan7zzXh0+RyGBwGc6/G8mrbie/OLLbbYqBKK7emR
Rx4Z0R/oH/StPK8eVbhDZrTt7bffPmJezXNOtcTWlUM1Am3GhOoc89t+EMiO9X7Qy2kzAhmBjEBG
ICOQEcgIZAQyAhmBjEBGYMIjkB3rE74JcwUyAhmBjEBGICOQEcgIZAQyAhmBjEBGICMwcASyY33g
EOcCMgIZgYxARiAjkBHICGQEMgIZgYxARmCYEciO9WFunUxbRiAjkBHICGQEMgIZgYxARiAjkBHI
CGQEhgOB7FgfjnbIVGQEMgIZgYxARiAjkBHICGQEMgIZgYzAOCGQHevjBHwuNiOQEcgIZAQyAhmB
jEBGICOQEcgIZAQyAhMIgexYn0CNlUnNCGQEMgIZgYxARiAjkBHICGQEMgIZgdFHIDvWRx/TnGNG
ICOQEcgIZAQyAhmBjEBGICOQEcgIZAQmGwLZsT7ZWjTXJyOQEcgIZAQyAhmBjEBGICOQEcgIZAQa
IZAd643gypEzAhmBjEBGICOQEcgIZAQyAhmBjEBGICMwJRGYUI71f/3rX+7iiy92Cy64oNtyyy3d
7LPPPiUbLVc6I2AR6HQ64edss81mHw/VvWi0RLWl1+bVNg9Lx2jnZ/OeaPcZi2dbLGPxLBbDcGfb
A3qq+j5xL7vsMvfvf//bbb755m6yOEqmsg5k27+q7YeBVyczDf/85z/dJZdc4hZaaCG3xRZbZD18
Mjf2FK3bZBkv6jQf/fmCb1zgFnr+Qm7bbbfN/bkOaDnOpEdA+sZQ6xp+6t/x/2xoS6/qS15t87B0
KL/ZnLdLDK9pwpI8sHthQQGjge3ACB2LjA3PTnksxgLvHmVY3iRqVZsQ96KLLnLMQ7feemu38MIL
98h9YrymPueff36Y02y33XZTSwfK/XEomHRK8+BQtEAmIiMwOghMKMc6xrxdd93VveAFL3A//vGP
wyA4OjDkXIYFAavkVSl4w0LveNNxxhlnuO985zvuOc95jtt0003d3nvvPd4kjSj/qaeech/60Ifc
Aw884Oabb77w/sEHH3QnnHCCW2mllUbEr3pAvz/yyCPd4osv7v70pz+5/fbbz2211VZVSSrfffvb
33Znnnmmm2OOOdzLX/5yd/jhhwcsKxON40v6x6D6BW2y1157BSfkfffd597//vc7JhlTMYhnH3nk
kcC3hx12mHvNa14zFaEY9zo/+uij7qqrrnLf/e533cMPPxzowam3++67u3XXXTdJ39133+3WWmut
8I50a6+9djLeRHs4GXWgOjIt98fh4dRLLvZ6+G67uhe+8IXuRz/6UdbDx6Bp6vSRMSBj1IsY1npN
Jcf6N77xDbf99tu7F73oRe62226bNIvQRp1ZJ3KGs4znXU5O/LFT3OFZ1qSf+9zn3Le+9a0wF3zj
G9/opk2bVhZ13J6jEzFHu//++938888f6Pjzn//svvjFL7qXvexljej6/ve/7z784Q+7JZZYwv3x
j390Bx10kHvzm9/cKA8bmQ0wX/jCF8K8+pWvfKX76Ec/OmXn1dg9dt55Z7fIIou4e++91x1wwAFB
3lq8psq9ePYf//hH4NuPfOQjbuONN54q1R+qejKvxnZ46aWXuoceeijQht6DTNlggw2StN55551u
hRVWCO9++MMfule/+tXJeBPt4QUXXODe/va3hznN7373u0mhA9XRrXN/HB5OnYw8ODzopimp00fS
KYf8adbtx7WBJpRjHeWfVXLZsT6uPDOQwp988kl3/fXXuyuuuCJMPhZbbDH30pe+NDg7b775Zrfh
hhuWKnsDIWiCZIpziUksAwQ7M7/61a8O3WpLFPiNNtrI3XPPPQFVaCVcc801bo011gj3df/DCMji
AeVx/PHHuz322KNu8hHxjj7qaPfpz3x6qPET0bfffrtjIrrnnnuG/qDno3Ul//XWWy9kB779Yjta
dI1HPuLZmTNnhuKnMhbjgb/KxJG+2WabBdkRLyhhUc73vve9pLxjkYiMi23kjMoftutk04GuvPLK
sFNg+vTpbqmlliqFO/fHUmjG/MVNN93kttlmm+xYHyPkf//73wfHxKDG/TGqRlcx6Bef/exnHY6g
I444ws0zzzxd78f7x1RyrDPv2mSTTbJjfbyZbgDlM69mUSJOYhymL37xi8NiZpydOEZYjP3a1752
ACVP3CyRTTvssINjrsk9Y903v/nNpJ45nrVEJ1pttdUci0gJ0Er46U9/WiwqDQ9q/Hf22We7d73r
XUUep5xyittnn31qpExHOeSQQ9zHP/7xkB82O3a5DusJkzjSDj30UPeBD3wgyMF0jdo/JX8W7RNo
o36xbU/J+KcUz951112BmKmMxXi2Bo50FqUjO+J5Nbx66623Jvsri0TY1EJoI2fGs85VZd9www1h
gQeLhSeDY50NQ1/72tfcxz72MbfMMsuUVj33x1JoxvzFZOPBMQewYYGDHvcbkjMq0dEvPvWpTzk2
xtH3h21ePSqVnACZTCjHOgamY489Nhw/w3XeeeedABBnEnshwM7jHXfc0f3mN7/pUvI0UST9sDqN
e9Vt0O8fe+yx4FwCP3YXn3baaUO5MhxF/j//+U9Q1nfZZRf385//vJVj/YknngjHO+Po/NKXvtS3
8/d///ufu/zyyx00DTN+8BErGt/73vf2XecqnvzrX/8adi2BxVR3JnNE6oknnug+/elPT3ksqnhm
kO/E8wsssIA76aST3Kqrrurg0T/84Q9uxRVXdKuvvnqyeNoOhw1yB11h6aWXTsabaA8nkw7E+M5O
MAwAdRY/5P44HNw6mXhwOBCtpkKLCXFU9LOIsLqUsX3LJzpYMPX3v/99KE89mEqOdXapc1LToosu
GsbYPK8e274wqNJwpOPU/OUvf1k6rx5Wp/GgMKmbL/NqdBLwecc73uHOOeecoZxXowtDKyeuscMc
Z1cbhxfzao6iPeqoo9zJJ5/ct/OXeTWLOd7ylreE3dnnnnvuUOIHP9C27CgfpJP3L3/5i/v1r3/t
Xve61w20nLr8PZ7xOAUOoz/6zCAxH886DnvZ4nnm1aeeeqp71ate5ViMzkYCFqSvueaaySowBzvw
wAPDHJz5+LLLLpuMN9EeTiYdiHk1i3BPP/30WmNB7o/Dwa2TiQeHA9FqKiQDJ9MYxEKZddZZJ9g9
J8MCoeoWHN63E8qx3gZG65wlPavzeBav0rN5t0lj0ze9T5VXlUcqvp5V1asqz/F6hzLHbmYmiCh5
OEsRDEzymIwdd9xxgbQqp6fqrjq0wcDmUZXexqO8qriip801VQ7PUuVhQMHBxOIDnBQ2jr2vosOW
VzdNVX5V7w4++ODQznWcKWX54AxnMjwazt8YP47VbxosfqQdBIY6BrpNnZvQp2O025RD3ZuURXwb
bNpBYGjLqnMf81lT+mx8ymtSJ5u2Sbo69VIcW4alj+dVZZalU75VV5u2qgzykKw466yz+vrkQxU9
w/CuCSZt6B10/m1oIo3at+5YMJ79sUkdU3jrWRXPK44tqyq+jTcR7m39hqleli5whDaeDYLGpmVx
IhEnE7VxrKfK6sUnSqO667dw6ZW+znsWWb7hDW8Ien+bzwlYmkaTLtE+lRzrqnOTq8Vfx4vzTDyT
yqtNmlQ+tZ75zbv229OisTJtnMbLgOLz1RPsyHROgmBOiEOPeTVzaU6jwjHyla98xc2YMSNAUeU0
tu1F5Kq2LcPV5lGV3sZrW1YZDfa5LUc8wbMUbTiZlltuueBcZ8f1c2Z7TsFTqfi2nHAf89OAvzXO
Z9FwirdxrIt2nOHbbrvtqDg8OaFuWe94Y3EHY9iwzqt1BG8rA3vcxsiMkqBjtFuV4/O0vEsRtXhw
Fi02bZN0s5KP+iXms6b02fgQ16RONm2TdE1A6CrD9nvPL/wsC6XpyhKY50oruWZejbiVrOAkjn4+
+TAi4yF7IEwgayBtbfr/QPJviafat+5Y0G9/RE/q0rcq5GDLKj2TzJQjvNXG+p3M36TjfZ0+ksxn
SB8WGFhZMwS0ii5IEeY8q2yrlnQ3Laufcd+WFerWi98N/6nuNg89a1n1Itl///vfcBIJJ4u0cax3
0TRkvFRUcgLcDL1jnW+A4Cx8/PHHQ2fkaDOOokEZqGJGdqrx7Ri+r4rzlmOoOE6co9BYoccEJP4+
K0zJ0aSXXXaZu+OOO0KaVVZZJRy3heGXY9N222230KzQxWSV1cKPPfqYe8cO7wh585Jy2VE311xz
Oehl1a6Oz7E8wcTjvPPOC8ef6znfrGH3rI6x1XNdf/KTn4SjU3/2s5+FR8suu2z49i+rnSjrk5/8
ZFi9rPjDfpVhnW970Va0jw0YAGirlGMd/DC0/+IXvwjtRTo+E8CuHnbDWP5AYFz0zYvc/X++P7TL
o/9+NLQZ7ULbXnjhhUEQzTnnnO797/Pfln5z97el+SYUk2vaHJwJyy+/vHvnO98ZjtKzZYWXLf9r
woMqgmO1+IbwTjvtFI5J5zh4+ASe5xlHvFGvVIDPUa7BgO8WP/3002FhA/1L31IiHfVnhRcr4+F9
+gHHjNAvwUT9k8kz5c0999yp4sIztXkdZworsDiqUsfdsauGVd+33HJLOK6vrfPXEif8aEu++w52
nJ5AWyy44IJBbtDPUgFegAfPP//8cPwKcfiWGgYrdjtU4ZDKL/VMg92Xv/xl98EPftAdc8wx4TtY
tAOBNkPWpHiQdkOm8W36X/3qV4F3xRfwRuqoGOEhbJFxX//610NayqDOS71kKbf1Nlt3kdsEC/LE
WUpgdwPGF3BH2UFe07eYHLBDuZ/AMZjssAQfAvTTNhgbFa699trQ3mor4sDDYKPFDDg1OCKN7xfy
nTzamO/RI2dSYRixsHTCUxwFiqxAASNwPCiLc9hFyIkS7CaOj+dmXAUT+i67XOAvvmWOvGBBlOVB
xkAmbOD6vOc9L/SjCy+40H37O98OPLT++uuHMjh+zQbypc2QJZwYgHxiJ83rX//6MN7yLVjoZ8yI
jXWMIcg0tbeVVbaM+J5V2/ABp6dQB46ZRz+4+qqrw5hBeRv7bwG+5CUvaSUHSd92/KEOTXQgHFVM
qAkrr7xy2K3P6nWNCXxL7t3vfney75OmLhbwS9tAnWg7vusJbehcGP4l08g3NWa17Y/gzydl0Lek
OyEHt9l6G7fDjjuEY83b1oV0VufDecHE5owzzgh6C98r5Zg3ZChHLHKCAiePWN5FXhCHP2Q1vwno
nDhVrV7EWMvRrcRBjiLHGQNuvPHG4EghHfoj/Wu++ebjZwiikR/owshYykOPIs9lllkmPEeHikPM
g/zmcz1lejh50qb0Q2Tta17zmiDb+aYjdJf1fZVreRCc6I/IF+Q5TiMCRxj3w4Pk0UTf4lMpjKWS
Lcgp+hdyCTzgLWQn7/mNzvCmN72JYkJoOieBZwka9/kMzPve976ij1SN+2Cc0ks44pixVmMdfIru
S1+DbxmLke23//52d/wnjg/1Y+wjL3iRe/imnwA26N+bv+mZsea6664LervqS96pvs/zJuMP8duG
ye5Yf+rJp9zpZ5xe6O3wCzIG3ciO4TF+LICGX+jb9ENkKHyx5JJL+nnaKV7mnT7ik130MY4mJR3j
Omlw+rJLjk9/8Q1r+JoAb5x55pnhdCt0f+bCjPME9ADmAfAu9MLLVi6GSL7L3D3z7uA8hkYF5A+7
uJjPxwG+Y8xEH2WMJPAZMsZ7dplSFt/cZu4zEQL1QXfGgYe+gp4nDAP9HqODPnyQ+8QnPpHcjQ3G
6G1gQXsR0Ln23XffIM8sf1AW4xpHT9IunERBm9Eu6GKMU7/97W+DTGSnI7qHDchL5CbOfuQpgZOI
mMPDV7Ysm67pfRMeVN7Ie8ad97znPW7//fcPdiOwhH+Z/zIup+QUmJCW+TLjBbIEWc2YR/8iTwXq
j3yHt5C9fOaMeQf0gomdV4OJ5LbS22sTZwp9i7EUXZmADo7uj4601VZbjYpjnbxpS3Die+s/+MEP
wukJLKrC1kD7Lr+cH0sSjkb6HDzI/IT5FgG9hHnZ2972tkocQuQa/9FOBOZ0yB9sZ/AoMohQNb7S
bsg0Ps2ELQLehS923XXX8JeaVwsPOdbR3Whj6gqfkwc62Fvf+tZQvv5rggV5Yt8kUA/yAnd4EXlN
e6CPNv0En2jRFT2Ofi1+hH7aBnuJAryPvissiAMP81tODWx76HCcCsd8kTaGj7fYYgtl03UdRiws
gfAUnyfj5EhsSASwRuf629/+FmQqcx7a2QbGVU4mYjyED4iLLRh5gdywcpAFP+AHjujWfMaF9mVu
RFo2KmFjQ2bbwDvaDH2aEwOQ29h40FHhG/R56GfMsHMT8mAsxU6g9oa36DNqW1uOvUePZxygbakD
NhTGYvoOYwblYUPhRDnJQZs38o/nkoPkwTguOkhvxx82ZDG31fgDLrQDOvkBBxwQTs8QfZTD3FN5
gw/jZJkOxCewkP+EV7ziFWHRFZ8zon/R97EfMq8rw6QuFmWn8Inuqit1ou34rAU6C/M75no8V0iN
WW37Iw71H/34Gd2JeSsBLJA77/HjZsyDoqHu1ep82JqQYZ///OdDO+IbuPrqq4MMxV7FCQrU2/Iu
eu5VV18V5jTIatqYgM7Jp06sXgQfMGdHxqDHMMYzBjAfYp4Er6E/ohfaebVo5D22aWQsdGFHZRxn
cR7PYzsXdDTlwbZ9n7IIY8GDlCN9C2yQG/BEmc7Pe2wT6jekpX8xBoDP1776NffQww+FPk/7oZuz
+E+hek5ycmjTDTbYQNFDO/Kjzbhfd/yBX9B9kTtgjm6HbEcWITPgI2yayGx4kXHQ+lsKYhvcgBV8
S12ZJ+MXg+fgS4VU3+ddk/FHeeVrBQJ+AO8M859XWjt+MC3+fFU63gDb8YxQSrd3IMFJ4c+m5V7P
vYGoK7135nS8Ib0yjZ94FOV6Zb/jmbbIzyuGIb/7778/PLdlecWiqyzw9gpNkdbSKPq886zjvy/b
lc4fbVtJn1dKO35S3JVmmNvWtpNXKpN0X3/99aHt/WSg6z18IaxS+PmjDbviq71su3jB1/FKVBem
5Bnj6CcRybKUlxfyHb/ruau8Nrg35UGV4Z0oBX3QLzyEj1+UUPCt0sBbhx12WJFOaVQn0k4/YnrH
C+hQL688hnyVp1c2wnNvkOoqL8ZO5dmrVz5DucrDvrP39BuVJ/r0W1f6kU3T5j7Gj7zj8uC/WOb4
IxY73kgSaFR8XckDLLzC1xd99BHyUX3Lrn7xTtFWwgBZ5BWUUvqQd/Cc4usqPISt7WvCxjsUuvBo
ikXMT6qXxY9nKdkpOntd4XGv0HZhR/5e6S3qrDg8Fw1+strxSnGI4428xXPV3caV3Le0DCMWlj5k
4fbbb1/US5jbelHXuH/6BTSVaZCDXvEvsPXKYpfMsPipLHjbGyGLNNDpJ69FOWqT+LrA855tI9UN
XoYvVR/S1JFHdeQMeSIvY74VRr3kYD/jTxMdKMXPFnfhiC7jd7N14Q6OTbAQ7k2v3mDas32hM9W3
2vRHPxnveGN/KFO8oavwKNM/6tQNOeudqF11ivNXG6g8byzqwt4v0inSKy1X4vtFKR3GAdFC/9A7
5aerfY5+6o18IZ03Yo2g0aZROq7ewVSUpTL9JK3oV4rrDX5dY4Dicq3T96Ev7vukrcuDsY5ny69z
7ye/PXV+b3Qs6piqk8ZB9D87HwBbvYMWxoQYb3AUllztnIT4dcZ9b8AaMe73Gn+gU3qJN8IXNFj6
dK+r6ITP4aU6+KbioFMqz7IrZflFIiPKaDr+pMqv+8wbIyZ1YJ4IzvqjLbxBvuONM6X1hsfVZkqn
K8+5p4/Y4I2VHW/oCekUV1fl5RegFuV6w3jHG2OL+PAnwRv+w3PSqizkoA3eCNrxTqskjUrjvz/Y
IV4R/O1HP/rRIk/RpnJIBz3wzUQJaifq4BfEJMn2i8tCe3njdNd7+ELtEmPBb7CyQe0lvLh6Y2HH
Oxm6ME3hSB9PlaW8vBO+Q/79hqY8qPL8ooKCPuiELtHGb3TouL94A2oH202qXsrDO7U6xCMwritP
rsy9CN4B1lVeHR70ToVQrvIIGSX+s/p1XCfRTT/qNzC2Kz9d4/IYD7zzo6so+Nc74EJaxdeVfBi/
mJ/1E6SPi66yq1+8U7SVyvMLAzp+wXcpfcg77wBQ9OIqPIQtcyVbLnVkvm55qikWfiFQwU9x3uSv
Z8xj2gbkJ/MH5cWVvP1CnCJLxbFlMq9mfkJA347T27j+5MoiL90MIxaijat3ahRyT5hQJ1svnsf9
0zuVCiwUX1fiIwf9Qo6iKO/8G5Gn4qss+gjzOxuQKRbz1D3zarWR0sLL8KXKIB359xoT68gZ8vQL
Rjsx3wojv2GsslwwRzaq3tDG+OMXeYS6VtFM/9N7pfdO6K7+JwxS/ExZSi8s/QKKjne+KVlxbYJF
kajhjV+g2rN9odMv+hiRc5v+iBz0ixy6cI7x8M7EEWXVfUD+fhFvV53i/OM28AsEurL3i3SK9ErL
lXTMq5EpCuI1taW9Kg3P4H2/YCgkS9GodCpPv/3CUhVVXJvwIIna9n3SjgUPUg7yopfOTz/ROJeq
k8ZB9W9hyFXvKItxXO+Et656buck/Yz7TcYfv6CnSyZBi+Uh/dYzv/gizHGoU5uATqn6Vl2xJcah
6fgTp8+/RyLAyrgRBoxhe4bxGuem37UVmAdHoRx+KVr9ytMQD0O/XyESFAW/g6bjd6MWzC2nkdLj
bIEh/Uq3jl+ZFjDBIIugFvNbxzrpUE79ysCQzubHc+jVOxnfVZZfhRvSUB4KgF/p1cE4i7C2BlaM
yErDhFeGNgxMOBFQnCjLr34J+dVxIii/Ybj6leqBbr96s+NXNBZ1tbSh5OEAjx1scjYwyCGYGRSZ
CPsVxwUWfoVwV54MLLSL32FU4E8bkAdtQj7cW+OhX8FdxPXfHeqgKCBg/bFewRAq3kDBgFZLe9P7
NjxIGSihEqbQ71dwdsBHWPAOPrH0+N0KRRr6EzxIvbhirFV+4muMqdAn7CxP0zbCtQ4P1nGsWyWA
CRkGMZQ/+ocwh0bRZ+vW9N7iR57iKfqZX1VflPehD32owNA6raEP3kFJQs7YQRXe7scQjeEFeqiz
6q17e00Z2KER2QB9DLw4R6ARxVrtG/cry0/wCL+RgcSnPGSqX4XY5ehpgwWyCx4SP5E/shA+hSY5
qlgw0E+/om1RxMjf75zosFCHsYM8tagAjFF6hQmyQGVaR54/FSLQDI1+lXWIz3hhZdcwY0FbUi9r
9KQ9wRvHsP/sRsFjYGH7+FVXXlXg41f5BjlIvRlfjzzyyCKdHSPpC/AKfYD84B8m0fAhjkV+8zx2
oGKAop/7FeYdv2q1SOtX+odn73//+zv0RbCO+zrtzcQagzKyqJc8Qk6q3ekn6A5+pXcHxV/0MQFD
92AM7kcOthl/VD/aoq4OhAHFr8btqhc8TV0PPfTQ4nnsvGqKhWhreoUnwFb4ijf0TNeYLyinaX8k
jQzO5Av/gQ8TLDCV7gQN8E7Tuig+PG3HW8YA9BbxFjLc7xDrHH300eFZvBBq/2n7Bzym7TctyEDk
NP0S/iUP6FZZXP1OhCJv4ce46ndAdVgEJmzhaWgjDQ5Xv0u0SEccFh7hvGIcVRquqYUGMQ/63eql
eniq7+OUsX2fcuI25r0ws/3R76Ir6OO5+qPFpOk97UFZyLMynd861un/yC3Rh94EL6lcdEXJOsYH
dCm9k75FmtScBCysLkNbtRn3kU8a78CJ/gIvxXqJdFwWF8Crtk6Mb/Anz6CLBb1gRd34HcsN1bHO
dfr06SEP8lGZ3Ns/v+NkRBl+91sRf8kllqw1/tShpyzOyKny5HuCvGPhjT+mOWDLImM5/FK19Tst
QjwcivAZxma/i6jjd6MW7SenkdLTB2hnvwsuyB+e+x0pQbaJB6xjnfcY2f1ujpCnzY9+A716B/02
MK6IZ9H1/E6YDoZPeN+OAdb4ij6kfuZ35QWjIIZxaFhttdVCfnWcmpaO8b6nHuCAUdqfQpEkh7ZD
T0InsQEZR7ss9qLFwhiADQQ9WXoDWLDA2AZkIO2CrFSf5koe/pS3jj/NKzg//E6jwngoJyPx/Ekk
Hb+bLDjR0c3tAia/S757IYQtuOZ9Gx4ka+tYpy7giiwVFuAEnxTh6U5HfYR39BN4kMUBXHHSUl/e
ia9ZMIJDEux4bnmathGudXhQPG7zKGibdUNbqY0YH/zuvyBLcUBQvt6Jvjh9k9+2jcmXOsALGHL9
Z0CK8lggp0B/ldMa+oiPUxE5w4JM0divIRr9D3rIT3nq3l533HHHETIRGpEN0If+Qp+BRrvwK+5X
1E94wCME9Dvxg9+FH8ZY6+hpgwWyi/a3fRFZiOxkXJejCl5EBrQN1GW1VZ+Rj8zHWKjH2EGeWlQA
xnbcRhaoTOvIY6MUNNOXNN/zJ6B0ya5hxgIMqRc42/YEb+ySn/nMZwoe473tn8y7ecYfYyRyEJnN
+MpCS/GmdUT5HZCBV+gDKg/bNnxo7dValKY2xuZCP0d+Me9X2iNnHBmeMd8+4vAjwpipNLrS3v5E
t6AnM17yh+5UFpCTqhf9hDk1cxP0StWJeTW6B/lYOUg6i5GVg6lyy8Yf+rcdf+B9yrGBcqwOhMwu
04GwN8gHAY3Ui/ypq11MxTzahqZY2LRN7tHRJbuEvX7b62mnVjvW6/RH6Pq///u/goewz4IPjlAw
le4EHfBO2wBP2/GWMQC9RfWjjRnfNb+KF0Lhg6Hu2I6QL8hp+iXpyIN+Y4O1gfCetIyr2AdnTJ/R
xbvQRkBmYxsUTaTBDsa8inGU33qHDScOTXiwbd8fKx6kbugz1BcZzjyWEOv8Vp7R/2VjJh19EF5S
wNciWce4hi6lgFwhDYuPUnMS3lldpu2433T8YTGn3UBCneA/6YDQhT0E3lXdYrmhOta5Yt+Hzyyv
6be9xmW0GX/q0DPV40wIx7qMH0zwMBpVOdaZKPujMUNnQzGRg0R5yKiL0qFnXFkhCbNbx4Dey7mF
4yfOT8ZTaxRTOr2zDgoEhgxfCHvFtVd/BG+gxTrl1AEwtCIkLR3gwkQFYxlC3uY1zPcykle1Zy/6
wQFhyQpmHD0IV508YHG3+cixS3v7o6k6GA/0Pt6VrLjgK0ec4nJVG5MXA6R91/S+LQ9SLuXDGzKi
UzZGCn/sUnjHJE70oOwTnz8M+ZaXiMPv/T7wzEo/8kQxUlrhkcKWd8RH4VD81LUqD+JDtyZY8DQD
qc3HOkFT/c7GrXMv/MCDyRETEJsOp4bw0k4vtTv1RT7Y+NxbBS3enRjH7fUbnqRNxB+qM3Tyh3G8
Kg/SwuPIDckOZA91Ul42vfDA0YoSTjwGZ4wwMa+Qrh8sxAtM+GzeWmSCDOxXpqE8UwcUGeilHJ1U
waSKZyzCoS0x/tn2l4yKd/crftw/hh0LFhaIl1Ntj0Naypn6uJUj/tj3ZHvYCac/5q3gR43ZlMnE
2vKZVlni6Ldtb+MIz9gBZ+OU3TOO9pJHGmuZGNE3bF6arLF4wh8R3/VOfCuMbLpeclBpwaTX+GPz
5V549hozJX8wXthxCZwlW1lgY/Nvi4XNo+49fQxaZIzS+NRLpjXtj8IBrJm8xfSBp5zN/S6OE6/i
PKQc6ofTiLLlqBY9KT2T+NQfPmQMpd+xSI70TCitbkJctRf9lQm7rRvGA3iftPCb3qmfkoZFJHrO
lXK10EmOV/te94w36LBVjnXiKh5lnfWV7l3wqb5PnbTDoKo/4giP+6Noa3LVeJpqCzm2Y50fGtV/
SWfHCvDjBBvqa+UC7cichOfIXPIQndyjz/Au7o8a91kko7Skq+ojal8MkCm9RAsXyE96Ce1EHyCN
dD2NE/440lCe6k06WzfVo8mVegkrykQf5ZnqZTElX95Jj4UvUvqA6g19dvxpQpeNO5UMAxiBcGZV
OdYxNvujPQMfYqiSgwScuMeBAvY4l2yQTCwMaU/PeuuvtCMGTsZAmx8xMLiTnzWKKV+9Y1xTwGAu
hxwL/eJA/iw4Qh5aA7scjdCB864j+nwG4LLlllsGnXA0dk7HNA3qN85I6lnVnr3KBi+M5PR7HD3+
6PCwC4k2sbgX+Xjc5Ngljj9mNRhT9V67k8JvHxeHOTSCrxxxikvZWuxBXv0Y5smzLQ/KsQ5vMB4r
UBd/HGzgT+tAxbZDnaCZ+VXM00//7+nCGUGeyLkQZmGXxHbWO+Ijn6qC8E+2j09IH5ZDjT6A3LfB
OkFT/c7GrXNPu4EHf/BDvJMTZ4zeawe6nCaMC8iHOMyc+azDzi6QiePV+U070kbiD9UZOvmj/1cF
0uIwwFnDH79xUlIn5WXTCw8crVrMRptzQlDMK6TrBwvxAjLP5i2nB8b8fmUaC6qoq/9cV6gm5aAv
8Uw7Ohm7aUt/PHJX+8uxHu/uV3zSFP1jAmCBXUi8nGp7Fm7S1sRR/6Q/Ikd4hjMz1R6Sg8RhQaMC
MlPjHfqjDcyVic/cyra9jSPeip3vNk7ZPbKN9qmSR7IvUS/6hg1afITjjXHFBvGtMIrfVZWrtNS9
cvyxmc66FyvTolcAAEAASURBVJ5VjnWizpwlf5hX23EJnCVbYx2oLRYJMns+Qm5BC4tdwEHjUy+Z
1rQ/CgfKYO4eB/CUs7nfxXHiVeaMBOqnzV86kUf0FHqmJciPodQf/Q6epd9p8WEqvtqL/op90Ab0
RcZi6g2/KYhGnmvhlN7hDJfNBbkbL+5QvLo8qHiUVbfvq05N+6Noa3LVeFpg6/FXkGM7pfPL50A6
2ksB/HSCjZUL8AFzEnBgMSa/bdBCE8ZaG9qM+2pf5E9dvUR9wI5lmn8z7qmOklu2bpbeuvfUCx4H
K8rE5s8z9X2Vp/z6GX+UR76mEZhQjnU5pXsZlVFs6Gz8Ydhkoo3yx3MEKgxsjSjcs1JQaVhthSDC
IeO/2xFWpSFgMZDF6c70O0JIl3JS6J01RFG2ysHYhlKN80p/GLtkuLNOAQQSxk7SMqj779uEFY3U
C0HGasLRMDbG9Rvkb+HTqz1TNMALGEa1Q0iY2qvF3eYhfDHiptpUccVv5IlzBZzVTlxpK7tSsaw8
5dfr2pYHxVPxLjjKw5kI/ZY/VU7sFLT0YUgQtnJ68F7YperKO8uzNj97X5UH8eB1HbHOZN+m1b0U
BVsvvWt6FX5ltDPB02INVsiRv+oAtnEfxkCOE5r8Yuyb0mbjq780qTPyTkZpaIn/UnkJDxuXvmZp
sff9YKG08S448UBZm9jye91rUZKc5nZhiY4TljIop5jyFOaxYxe5IWXZ9gXVB+ya8oXSDhILOZPA
IrVQiHpj8GJSgXOO3+z4kiyAn4SNvWKAFR52d61kKO1IPjaN2iXl2FI84Z/iU8Upu4JnFf/Qr9U3
rIxTfnK6pvJQW9m2V7pe5Sptr/FH+dmr8Ow1ZqoPp+KJByym/WBh6Wt6LyxSOKbyEj/U7Y+KT3/0
3zbv+G/qjRjDxQNVfJiiJX6msixtqt91/pg+4qtdKMvqHqxc1iIDK3d1HzuxraNTC4ZieuSUR2/U
qRqcrEKesaNeaTXxs/1f73Rl8WIdx7riMcmL+z4Gn5gO+httQdmp/mgdwOgnoqftFWOn8LU6P+3H
TpQynV+nGEEnhk+VL10rbivex3OSo448KsxJMMKUzUmUL21GWba/6p29iieoE/Grxh+bn20n4SoD
vOqivElXt69a2uL7VJlxHP3GaMb4Q9ll44/GY+LY8Ud5NL2mp8uT86mc0r0csZJv8BeGTfiRRR88
5wQNa2gWUixQUR9j8QZzcRwyGPRZPIkDBgNPHHAO05YpJ4XeIUsV5ASlLIxtLKDHoKY/nHBy5lon
Jc4M7RhhXu2/pR2MdNQLYxp9PTb+q8xhvcqx3stJkKKfnTnowsJEbacrbWJxL/LwNk0ZCJmbpdpU
ccVv5IlzBZzVTlxpKzldS8tTZjWubXlQPJXatYzdJeZPldPlNI/oQ46CLWnl9OjMwi5Z11nvLM9G
WRY/hX+yfXwsFkrIQI3unQr0T9ol1e9S8aueyZHM+I/8jQOGXh0Zy6JbguoADXEfxmHFmEZ+o0Uj
Zcqp1KTOyDs5RaEl/kvlJTxsXPpaWegHC6VlIacN4oGyNrFxe91rHi2nOYZ81Q1diCCHhJxiylOY
x45d5IYclJaPVR/yb8oXSjtILGQ/AAscKqmATYg+rlMucBhJzsJPqYCzSHjY3bXaQUk7ko8NapfC
sWVfzroX/ik+TUTvegSeVfxDv1bfKGScycE6nGK5oLayba+kvcpVWhaTVI0/ys9ehWevMVN9OBVP
PGAx7QcLS1/Te2GRwjGVl/ihbn9UfPojPhLmmvEYLh6o4sMULfEzlWVpU/34pA1B7UJZtu3ZlKVF
BpJN9ppqR+Vt+5uliYW75EHf1YlAorGsrsxhVK76v82T+7o8qHh1+/5Y8yALulXXoPP7xWbo/Nid
Cp3/qZE6PzvTle6aq68p4IG/eJ5qq3hOwmbaXnMSZaw2s/1V7+KreAI66o4/tp0k58Snti7Ku25f
jWmzv1Nl2vf2vp/xx+aT70ciMCkd6xjx2GmBEsOfOqu9MghaYwsTHh2hWZaGCaM1hpJeHTtl9NI7
a4ii84gO0Vd2RXDK0EVZ7MqwcZWPrmW7CW09h+leBn6cPBja6tJGW2knGHhwJA8rZd/97ncXky4w
sbjbvGXsjh1YNg73ODHk4CU/i33qPmUMjvOs+t2WB8VTsbGessSDlj+Fe8rpIvpwbMqZpl29vBN2
KWx5l3JCKU9dq/IgjhxuWhWqdPYqJdbWy75vci/8WJhAG6TSimaVZ50gKV6wz1h8kcqz6bNUW1bl
oZ3a4l2M5LvttltYSQp9PFd9bD7CQ+m4witljth+sBCuMT/JgViHnyztqXs5SKkHR+LhNOGeP2Qm
TkV9giOmowrzFO3DjoXqwy7xeCxLYccz9ceqtrAyWYtPSFvVjuKzlNwSLaI3xaeKU3alfaporrN4
o2zXe6rtRUevcpW21/ij/OxVeFbJbuJXYZvCtB8sLH1N74VF3O/K8knRrripvBSfvm5lcuq+6pvh
KqPqqrIsr8Y0pdrl+uuuL+QRdL32ta8NxoA3vvGNhf6KI9z2V/obeRO/jI/kJLd6pJy01vlv6ySH
J/mWtYniyOlq09t7xbPl670ct7ZerARH30rFJx11ZjFK2XvlXfdKfm10ftLptAB2ADB+sOMOWQNu
WkRh6cCw8up1y+ckpMMwZdPoXm1m+Urv7BW6mow/ckCn2iluH/IWv5XxhaWl132qzLI0WoRR1e70
DeYE4GjHn7I8ez0fOVWevE/k6OzlWGc3BI4wMLZ/0qV4xvGHNrBL1x7/r3RKw3WG/863NYaSXs7z
lNFL75ClCnKC1pHziy22WOhnSqsd8KKNq6UPW0JqN6HSD9tVpzcgS8t2R6Vopg3sJyCYV7OziJNc
tEsLbCzuRT7GORw7sIo4s26gSQ5ei3nqns9CpJwzcZ5Vv9vyoHgKuVKHP4W7NZrGdGkhB3XVrt6x
cqzL4ca8mjErFeQITfW7VPyqZzIiVx07LqOyyrNOkBQ/2GecuDMaoYmBnfK0U1u0IDfZ6IIuwDNk
h+pj6RMeklFc4ZUnn3h2d56N3w8WwjXuq00M75aW1L0cpNSD8VynzPEbmYlDRycQxXRUYZ6ifdix
UH2wr8SyIoUdz9Qf0WvQR1LB7s7V4hPiVbWj+Cx2Mtr8RW+KT2281D3tU0VzncUb2NJTeaTaXjT0
Kldpe40/ys9ehWeV7CZ+FbYpTPvBwtLX9F5YxP2uLJ8U7YqbykvxJcskC1PXjTbaqPietvJsclVZ
lldjmlLtYk+RgC4+e8bnDuxnxVJ9RHmX8ZGc5JZ/RaN1/ts6ir/Aq6xNFKcXDyqeLV9lpXAYax5E
ZunYfMsP1F1/vE/JSW2Y23DDDcP4gVyknqTTIgrVlSvOYS3GLysLnSYV1GaWr1LxeNZm/Em1U6p9
xG9lfFFGU+p5qsxUPJ71M/6U5ZmfP4PApHSsM2lg9QsGIAyIfNeSPzoHnY9OmjK4IzAxKKE4Kw3f
clXHJl1sVEoZU2W00RHSNo2cFOTF6luUUXblpv6YUGLQUn4sGGC1E99LJW9oPOSQQ4ISS3789TK+
saqaVfjawaS8x+Oq4yah+7prn9nRVYcOBJDqCxa0t9KBlz4FYHHXe66xsdu+s/dyNlAWO1uhN9VO
PONdmePR5tnrvg0PCo+UgyrFn5oA4ThnQpSiyS4qsDiWYYdhkx2rqX4V51+Wh+Kh0IA5BgCEv57b
qxYH9OJ3m6bsXvixK93ykuLDU/outcqTAZtPBODYKOMLjqOxi2OUZ5ur2rLMKWLztO3HN1Lj/i7j
gOpj0woPjgVmh5hOygCDFD79YFHGC3Ig1uEnS3vZvXZigKH9NhQ8xoIYVlbG30snL2GewilF+7Bj
ofqkZIXFzo478K8W2TA+2nj2XnW3WFW1o/isihbRa/O0ZVbd0z5V/IPMov8iazDWx3ndM/Oe4OhL
5ZFqe9LXkYNlaePyU7+F52g71vvBIkVn3WfCIuWMTOVRxQ/Ky45XOCVpX9rwiiuuKJXTyO/U0dkp
GsqepWiLaUrxvPoNO1NY+GPz165q64DmPf2TvNFnmSDaNLpPOSSFBw5lxbNXObfJF0zsO93LKTra
jnWOAaU/ltUJ3ajK8S76mlx76VvQYvlJeWvRAu8Z4zmKDj5jJy99SfF0LZuTYJAnD9Iyz0jpCnKs
9xr34QnxUhO9RO1pyx8mxzqLFrRjvWz8oe4YtcGyzVihdtJ1KhkI6jrWcZTA28gwDIh8KoU/jJXi
4dTOWo6CxUnJXE1pmE9VOWvlPE8ZvXSiDnQo6Eh36GBHCXzCXDv1R1x7bCTGOeZ6LLgkb2hkbq2T
TMgzRYfKJi/0az4PpB1MejceVwyQyBPoThkjy2iSI5l0LDagvRUwgrJwnXcWd72vdA4XkZ65wbmM
Y5282NmKATzVTjzjXdkO0Cjbyp9teFB41HWs61vu9lMDMVFaVNCFo1mUEGPLUZ7oBal+Fefdy0DL
WAdfMOdhd3EqaMF6Fb+n0qWeyYhsjz218eg3Gq9UngzYfCIAO0AZX4A1sno0ggzsZU4RWwaGay0K
4QSkuL8j48BY9bFphQe6HDuU4RPiMm499eRTNmq47weLMl5oYngfQVDiATsEqQMY8n1u7uFteAz9
k+Og4++lk40wT+GUon3YsVB9Uo66Lth8X1eAf7VjHVlTFlR3i1VVO4rPqmgRvTbPsvLj57QPumJZ
/2OsoP/CC6lvStvjiuM8Um1P+eSJHKwqtyxtTH/qt/Ds5dSswjaFaT9YpOis+0xY1B3/U7SrLOVl
xyb0M9qX9uAE1DI5zfPU0dnKu841RVtMU6pd1G/0/W1blnZVp/qI8k7xLnmkHJKikUWkqSDnNpiB
SSrU5UHFS/WFFA7jwYMpfYvxQTo/OFh+Eh7SUXjPGC97BYvzqEccGDc1J+EUYc0vDjzwwDAOiUdj
OUM+arM64754qYlekmqnVPuI31J4xPXt9TtVZlmafsafsjzz82cQmJSOdQyOKHaxkRJGktMuNpZr
QsHkmnj2D2M2jhc6aWxkSxlTSUtn18TcpkEoUzZ5pcpSuUx8rDNMdOMUUhx71Q6aMqMShic5lCgb
fOjINo+xvseYsfJKKwcscGqmnLzQzdEr7ObhHhqFOTvdMcZauhFccgJZ3G2c2Nht39l724bTj3jm
u6n2ve6hiwFBv9te2/Ig7UibppwtwsryhY4yJQ1lpujV6nviWGOmsIuN7nfc/sw3quN+lcpbeZS1
D/1NJwWkcAdrvbf1SpVV55nwK8NDzg3e6yhSOWoxYJctqBBfpJzRdeiK46gtdXy5fU9Z9Cc9s3Vi
kZGec4WvdWx3Cj+llSGfCTKTZerPCnT1Q+XZDxZlvCAHYh1+Eh1VV7uIh3qwCwcDLPf641mchzBP
4ZSifdixOO+884r6lu10hcdRJFnEBR60heQ07R9jxG85msBS3+5VWo6NTrWj+Cwlt1RGFf6KU3al
fVLl2vhaIUs8jr4Xb1NnnF7UJ5WH2r6NHFTaMvln6Yvv1S+qMCNNFbZlmLbFIqaxyW8ZVu2R2kpP
W1Bf/eZaRjvvUrheeumlRRviULF56V6yM6V/KE6da4q2mKa4XeziPeRRXA4TRXgwdmJDs/Jm4VP8
GSBkPEYi0uo72eStiSq7Ee24zjvyROaThvdlCw3kiI1pimlXPAwAscOYslP1Eg+SJu6Pe++9d0iT
yi8uu85vnQCV4j1oR+dn3Ev1U7CSzk09+CNuSqaqrcA0NSeR7Cyr15lnPPO5qTrjfpvxJ9VOcfuo
DmV41MHbxtECDuqcWjyJziS9Cvqk75WNP9qdAn1f+fJXRvQjW3ad+6lkIKjlWPcOAQxA8DDtEQf6
N30gdgBqNzh9KA6Ui+OFNkMu2lDmWMfRuPFrNx6RhnECXhJ/2ryKe18HvolsnWGim8WnI4KPrxMt
yhwQ7IamX0oGgA9z0PEMclxDE05NcI4DTk1kFeOjFhnIWE5fA2cb6Is6wjxuqxAP/tj3AyPaxeah
+9CGs75RHh8RrThcoSv+Pq99X/e+LQ/KsZ46ySHFnzKawoPxyQ2BVo8RtGisKJxpYOf7Fuliozty
EL6O+1Wq7r0MtBhdrVM4zkMOL+gr4/c4TdVv4UF+qV1jOjqf9zoKW45aDNhlO7nhC2i1Cz+q6Oj1
TgZ2HV9u41MWThEFWyd0LBvk/CvDT2llyEcfpc2Jj5xRP1Se/WBRxgtNDO+io+qqcZc68MfnNlho
qN96FuchzFN8lqJ92LHQ8dDUF1vtiOD7ODyOwwddnWD7I+2fChqfyJdPZChUtaP4rMpJXIW/yii7
0j7IJPSosnCkP/4ZmomHzivehm4W4uldnIfaHpuTDZKDVeUqbXJ8spkl7oVnFWYkq8K2DNO2WCTI
rP1IjsCU3kVbUF8bymgnTgpX2dNoD3SvVJDsTOkfqfhlz1K0xTTF7WId2cijOPAJLngw1d7KG30n
/gwQMp7TcUlrF4yJRvwqxbhuCuXzoKThfdlCg7o8qHipvhDjIBLGkgd16g0b+OIA7ej8YFHWT2UD
II7+kjLVZ05bgWlqTjJz5jMLCVM4QZfarM6432b8SbVTqn3Eb2V4xBhW/RbfU+fU4kl0Ji1UhT7p
g03Hnyoa8rtOZ+gd6xgeEUT84SBi0scON/ucTmWNJTLWcswvHRKjkP40sYmN5TKK0kkvv/zyIj7p
mACUOWtlqCQ/jswmPh0aBUpCAUcFz0WjDKKUhbKEgi76WGEGk5PW0kinU34MCkx0lQYstPMu5QCi
XBnklQfXsriicyyuWuELPbQXTl/qhVBgJZx2ny/wvAXCcZvQRPsQH3wYNIlP/TASyADH+xh3cIJX
OJpG7ylH/EU7xHUWXxAfvFCKhTsDqD1um4EkTt/kt8pqwoPQcu2114b60C/AQWXyjmMxoZ3jyPnN
O64YC3jOHycnWB6Ug5938Q4s9S34je/XkBf9g93NxKdN+C0adBXG4C+nLu1j8VdcrnYRCCvd2LUE
z8MTOOpEO/VKtZvNq9e98FOeOBc4HQKaZWziHQ4MyRr6oybF7OSGF8CCP9LhwBQvjlY/k1MUjJnQ
UhayBoeMMNVxsgzgxINuvisMdkxObJ/iXYwf8djBzTtLt0454DntQT8gLti2xYL0+qRD3FfBE/zK
+KlXm8bv6ftqD2FCGwsjnqFo2XTgm+o/xIH2XXfdNeBkaR92LJAPq6yySqCburMqV32f/mzHLXb4
Co/PfOYzIQ04sdjFykEMtBofl1hiiS4nGu3Iu7gdwVb9LpZblEl7gbHFn28sS45YOScarSzhPe2j
cslPaRWfqzVuUTf68qGHHtrFF+SBgcOmayMH24w/lGlpr6MDgS0Of+oTYxvztJWdbbGwuDS9l3OS
3Qi0D/TBh3wnC75hLMTxSL4x7fxWeWX9EexWXvmZxXvkh8GGdPzBL8g1FimAFUd5xgv1lH+vK/kx
QSMfK1Ol6yEjyEN6nNoF/LUAE70PeU5eLGqhn5Gf2pG6iA7iKG/e4wS+7rrrgo6McV5ylTGKSb3S
SV8lDU4gxhR2WuJE5/QjlYfxgDKUrosH76inh9OOYM4kz+oE5HvtNWmdBSOcxlVooT9CF31QtJFf
3B9FZ5OrsACHWOfnmF5oh5aUY51yqJNo4hrrSqKF+kpeVM1JyuqlcZ/38bjP7jdo1LiPQ1z4Vekl
xNH4ftedd4WxUe0EvXKsi09VB9JhRFbd2l6R5VqszOlb9Dv0E+Y/7PoAzxVWWKHQZ7vGH/++a/y5
oXz8aUvfZDcOYIDBAcsf2GNgYfeOfd5lEH362eMQWaiDnArGcv+cK32ENosdgNKf6WMsULVp0L/K
nLVKR370RdLhTJOMgg9xVIT8aCxPhwxUlMX4hxGU9/wxbuI8j2lEP+EZ+XHUbjA6+bzID2zQq3nH
nDsVwGjVVVcNeSiflLMolXaQz1i0D93QRHsh48GBhQXIenaf8w6s6NsE7Bc8A3N2CxEf4xtGdBng
RuDu08EzGKA32WSTUCbtQjnir9ROIxk1hS3p1VaM5TpRi/fIon6CeKkJD0KLxmr6BTgo8A5egTZO
OOA3wRrdeUcbWB6UwRmMu77b7pPLEYJDGdlInn+45w9Bf1OboB/FQRjDh+hQxI3xt2msToG+QtvD
8+gblo85Zj3VbjavXvd2AT90oYdwOgQ0M+/gGX92hz/zVrDjOWMmvAAW/JGOsUe8OFr9TE5Rxj/s
DJSFrMG2JEy1UEIOPujju8Jgh7Ea/N7znvcUdYrxIx66J+ks3RpneU570A+CDPLgtsWC9Ogi5Akv
IMsUwBP8qGuKnxSv7lWGfMriD0zAjvz1DN3KBvCl//AenPitAO1aQGlpH3YskA+rrbZaqBN1R5aq
79OfmVMKD2wwCthm9JwTEKwcxHatHe0veclLgs6ldLQj70a0o4dS/S6WW6SlvcBY+CO/Hn/88UJW
Wzmnsqws5z3tQ7ls/LL6guJzZf6tfkz9OJWBU2AsX3CPfmZDUg76ctBzyWdEfX1iaED+bbrppiFO
LP/K5JilnXlYHR2IuRV0xNjGPG3LbIuFxaXpvZyT7NZGbkIffMhiYviGefXdd98dso1pr9MfwU52
WPLDdkA6/uAX5JoWdnOsd7xQr3Z9PD+feOKJAXN4VbhK1wsywmeGfLDtQjx9450xD5kEbcwb6GfE
VXzqYoPy5j1OYOYk8AcLgMFTaZlzKUif4R3YMt9Hr2beDN8rDZ/Wsfg25kFfYJu+P5Y8KCzAwer8
jEPIDMk09KtUADPhxbVstzppJS+q5iQpOUPaJuN+m/EH3Soea2M+tXUQL/OsbUC2a+EC/YV+h37C
/IdFrOC54oorFvps2/GnLX1TJd1QO9Y1sbGdrOzefgdaRizFZcBllZycTzxndyKML8OLnJpKw6Cx
//77d949awLKc+tYUzomqVaBUHqe2ecYqGTEpnPpeGXiI4Aw7lrjIWkRFtaRp7yVBsOqdtXxjDQM
aKLNXhGs2nWofLQj1cYbj3scdRYr0acr72ZMn1G0FwqBVdAUjytxbV5yisS7U20a3fN9ObWRcOA3
gt3myWQLA6nS8Y5JO0ZPpWtzbcODckyIFngJRwSDrxQfvcNQLH5K8SATA8uDOMni3UQYKSwWyjt+
JqMtOMT1Upr4avmRNpZDJI5HWbY8tXEbzPW5BnCjHJuvLVdGGVsGk0IbHzmjBQbKi/fnnntuX3yh
MjFEWrlhHcUqj4VDxEe2yShg66F4lm6eYRhlImfj2jZEztl33FuZ1hSLuCzywxEA7XZhh8ocje+m
2r6i3ZAaE+Ahy+vIy7j/cEIG/SpFux1Phh0LJvZx+9t+zzu+72wdeRiUYjmIvJAxgXYiHYsyxK9y
CKkNubJbg/e2LfReY3idcV9tobJor7g/KN/4GvMSBi/6FfTHf6RNyZemcrDt+FMHC9VP+KWwhd9T
Y0L8+YM2WKgN2lyZeIG56hDzIeM8k/Z++iMGUlsG/RrZpTK58h7Hdps6kMY6ucmPeiCv99prr6Ic
nDNWjoqv7OI8S5Poss8kk5HvKlM8a+MpLRN5u1hAzuSqNPQFJmLCwhp/4zLsb/IUD2Jgjd/R96E7
5k+bjjLh1ar+CE+gH4i+tlftBBedQeeftn9nl112KWiHDulMqXIOPvjgEDeug41LnVNzEuYXMhiS
nvYkrk3L/cyZM2uP+8RPjT98X1D1pCz+0EvituU5ephdNIAeiEHK8pv4MKa1yW8cDKIpvkLH+uuv
X3x6BtnFYlCeK248/vA9Zjv+NKEljjuZDQByJgvHsitY2+9Ay4il+OgI8L9dxINR0hoO5dRUGpx3
GH3Rl3hGGYzlXU58Dz5OH9vWSs8z+9we0w2P6Hhl4qPTYwi1c0XSspBJ5cVYkIY60DdVJnxFvFQg
Hzn6VB8ciMMQcNRZrFQfXXl33HHHFe2F7MGprvf2SlyblxZQaAGfjRvfdzmRZwGDwY/FWzZP2gqb
h9LzbsEFFwzOzn7wbMyD3gAsx4RoYf7HmIMTyjqgeW8dw+JB1Qt+YgGReJDnSy211IjdRDialUZl
crXPuLdOWRmwbfzUvXZIgyFyLp7XKA352/KgmfhtgnSaOvNqxhob0M8tHcgZjZPChPdspBiNgLPf
yo24P1MW82MCsu1tb3tbwaPCztJln6G/M37bZ7YNYycC8XDayYHUFIu4LPJD9yDYhR2iBwdrv8H2
Fe1Olu0BHmIBqwKO2bj/YOjHIZCinR3wGk+GHYuULVj9HrzhI77vbB15OD3QNy2/Iy+06FDpmJcp
yCGkNuQqJ59tC73XGC6njp6nrmoLlUV72f6QSqNnMS8xb6NfUbf4jzQp+VJHDpJWfYi5ncovu6Yc
c3WwUH7CL4Ut/A7vxjwdf/6gDRZqgzZXZKrlqZgPGb+ZU/fTH1l8Z8sAA2SXcOPKe2z3bYN1cpMf
9UBec3KVyuGERPRF/RZfsTjP0qf3XOPn4ifoVJnEieMp7T777NO1WEBjcVUa+gL+BIU2PNi271Pm
WPGgsBDe8AXzBM0feW51JuFhr0cddVTRnup/9r3uU3MSFt9q/KE94jmJ0jYZ90nTZPxJtS16mOVT
ZAQLqcRv4GL5UHQ2veJvSfGteJeNpYw7hDbjT1N6pmL8oXas48CQoKq6MulBgZVxZH9vHCM+O/NS
6TgWIzaW4QQgLnkhmON0ONgZRFWGvbIiM06DcYrJhfJhEmmdtqzcQQDovb2y2hRDvI1vsVh99dVH
pMNw1mvHNDSpnDXXXDPsDLP1GM97lP6UMZV6MamJaUPRxPGq+nClDVhZjJKp5+QJ1kzC9CyFH+8Q
/BZzlYnBAWOJ0tsrzlQEJkZ0xW97bcODOAMsPWCAgs8Enza275igokyJPoylDGA2ju7pI7xXXHvF
QaB4XCkTIy19RM9RapRG9dK7sqtNQ1rajdWxcXz42NKgNlZ5Ta7sjFT+GJD5dnvMhzhHMKyl8mUi
EPMh+YEJKyNpi1S6ts/ge4xPopkrMov20s5O5Y0haOeddx4Rl91fOLSgUfngzMCxbJ+hSCgvK3+U
Ztp+07ocAU2wABdbFnmSH+Wl+GU0FiewA5tyaF/JfxQZnmG4sX2ffpLqPziYU1gw6RJWXIcdCxQ/
+FptqSuykYUNFgtbLybPcbuRNjU+MoYpX13Vjim5pYVJKXyVXleOoaYtRFuqvRQ3vlIHpdOVvHDK
sDAFunEQkicGDjlAFVdXK4MoA1zK5GDb8acOFpRtdSAtVFO9oQv9KDUm2MV7qlcbLJS2zRUnbMxT
8CF9Uw7UVPsyntXtj8hGTr8RJvaKEyV1hHeTukjnVL7IGMZPJpR6xupg+pXkisYt9AtWtSueruRJ
n9hss82Kd4xX0EUa9BXisjoenmbHvdKShgluXAcc68RhDEVfZFeB0tAGJ510UtjZYNOBneJUXXGC
SA+P+z7OKdqZfOO+j5FHfV/lpngQmS0nhfhC8dtcNc600fkpjzbQLth4h7+lh3gsJgC70jnJkSPn
JDaPMO6vmxj3fbp43Cdd1fjDynXpJXHb0k7wiE4OgGZ2GLDbRYuJePb5z39+BG9Zeuvcl/E9RhHK
Ql7F+TQZf+K0TX5PZmMAfaeqH+sd/Rk9IYRZzkbesaBBceyV4xLlsBZ+GAKJQx+jn9v43CPD6Nep
gI5q08CbzLVkMCU9C4fkhCIPjnlPyVLi4uBF5tn4FgvJZUsjC7BYfFIV7Nxw3XXWDX2lKv5YvuNU
oJRzg3ohq+NAv8fxajFYbLHFOtf501CYW+s5iyHAmud6lsKPdxgOLeYqE4cZ+pLS2ysnovEO42e/
oTEPel7n1AxLDxjgBMWxvs4663S9w1mGg0IBYykLj2x63dNHeJ8KOAgUjytlojeyCIXf8D87DhVU
L5smdc+pgDbQbhqPbHz42NIA39jPJtg8et3rMyvkz25b5hQxH+IcQcanAvp3zIfkhTxARxmN3da2
XJwOLLixeCCzWHiCjLCBcYTTsOK46Hc4tKzMYic7jmX7jDFMAWeyzYd75pJyJhOvCRbwqC1L+ZFP
il9GY3GCFmpbZ4mM+3bhEzTQT1L9BwN/Cgs+bWPDsGOB3gpfx22KbMTGmZKD1O/CCy8c0W7kkRof
tVDYlqF2xIlpn8MLnMJASOFr43LP4kU5XUiTaq84jX5ThziQF7YlbLjQjZOMPNlVyXyDvhQHK4PI
mzpQP813eCaZxmkqKr/J+FMHC/JFBkgH0kI1lQddvMOxHvO0Xbyn+rXBQmnbXJkXxrIAjOibwj3V
voxndfsjspGTOoSJveLfwH7RT7DzZ/JGxjB+Wrs180r6ldpA4xYylE+pWZq4J0/6hE4j4pn4CVrl
6GQHMTyNI1J5kIa5VRzkTEY/RV/UokHS0QbM29EdbGjDg237vsodCx7UONNG5xedOlWARWF2LNR7
XRkrwbhsTsL4Hc9JlJZrk3Gf+HXHn1TbwqfYscRL8Ck8AT/pmdUNKK9NKON7FgRSFvIqDk3Gnzht
/j0SgdkQsH4lw6QKnnGcP/rD+YHbeYHrvCB2/ngS51dJu0UWWcTNPffcyfp6Bdj5yYzzTO78hKJI
4wWEe+5zn5tMo4eU47EMP4lfVobi6+o7faCV/KGRtPPMM49ed129UdbNP//8bt5553Wko15eUIbf
z3/+87vilv3wA2lIQznDGGgDaJxjjjmcN+yEvyo6ie/ZOmC28MILV0Xt+x1t7BVnN9988wX8/Wrs
nnzRtNB+eLBpWYrvhbvzRk79dOBYxoOKBP/5lbduzjnndAsttFDoM3o32lf6sh8sQl8G8160jUb5
lAlfUb9efZ/y/K5A5w0fgU76/qD7F/IJfpx99tl7loXcoI2pC21L3xpkGGssmtTFH0/s4CG/iCIk
Y6zwiyacN/4EPm6SV524w4wF9GucgzcIdcYR+I56caVfIqcHze+BuDH+Dxmw7rrrhlL96uwkf4yl
HBzj6ncVVweLrgQtfjSVuS2KCLoW+gVjCPIdvh20PKxLJ32RP8aRXmMwtHsHtfNOUOedRW6NNdYI
xdAneVdWp0suvsTttvtuzhv4nXdKFaShG5elKSKN843/3q7zC0GCruGPZEz2x6Yk9qNvkdYb/wM9
3rjs/AK70uLbzkniDJuM+6Qd9vEHGsEGOQrfMrfppd+NxfhTZxyE9qkUaCf6oDcUhrEf/V/z6kUX
XbR0zuuNSW7xxRcv5tXIX+QNekMv3Zq21tyE+E3m1dCqeTVpy/iKPkI8zaupl+bVdeeU1Al8KGcY
A21AH0PGM1/jryoQn/4IZthMBhloY+9gLebVjMm9+KIpPf3wYNOyFJ85F3MvBXAs40HFoY380b1h
roYMwhY1qED/0LwazHvRNhp0UCZ8Nddcc9VqY+wtdl496P7F+IpsYl7dqyzkhubVtO2g9aexxqJJ
e/sFOUGXZh5NQBZ6p4Vbeumla80pm5RF3GHGAvrgI8YEzavrjCPIQerFlT9kdC8epKyJFrCTv+xl
LwtkY49J6VpjKQfHE786WPRLX1OZ26Y8yrDzavh20PKwLp30RWwLyPQ6Y7Dfje78piLnFx46fzJt
KIb+WDWv9p/0df7EHec3AzjSK0yEefUgeLAffYt5tT9JMUDIuOJPzBCcI65t5yRxRk3GfdIO+/gD
jWCDjxC+xWfVS7+bKuMP2Aw6TErH+qBBy/lnBDICGYGMQEYgIzB5EMBJIMM9irbfdeT8zkznP6Hh
cJxheJ8qIWMx3C3NZMmvvHd+l5nzK+uDgxeKqwzxpPGnKzm/mt75XV/Of3qjqGRVuiLSGN/EPMhi
AL9b1fmd/s7vZh2X/giGCtCDjPA7lNyRRx6px/k6CRBIGXsnQbVyFTICGYGMQEYgI5ARyAiMCQKx
Ho+uzPzDn4Tk/IkO46LHj0nFE4VkLBKgDNMjP73bb9p+7uSTT3b+NC+3+mqrP0Ndj/Vt/jQf50/a
cv7EU7fnHns+W6Me6Z6NOHZ3Q8mDz06rw1z6qKOPChsHmGPnkBGYaAhkx/pEa7FMb0YgI5ARyAhk
BDICo4aAP7oyOMjiDHE4YgTAGTlVQsZiuFuaRR8nnnii85+8CTuS/VF1wbHO6mR/xKLzn/8YUQEc
wv64O0fb3nzzzc5/3sD5o8HCjlN2xrD7XYtKRiQehwfQ6o+rHVEy/dEfY9+1KGBEpAE9ePihh91x
Hz8u7MRgd8ZZZ50VSlrgeQu4Yz92rPNHTVcubBgQWTnbASCQHesDADVnmRHICGQEMgIZgYzAlECA
E7X8cc4j6ooef+qXTnW77zHy3YjIk+RBxmK4G5KTYvwR5OEUOHYk+8+8Ov998LDr139mzfnPf4yo
APNq/wmQ8McpapyS7D85F+bVzCFmzJgxVPPqYeRBTvUBJ044wOnP4gQCJ4v6z5Y6/5nJPK8ewXn5
wTAjkB3rw9w6mbaMQEYgI5ARyAhkBAaKADthDzvssK4yUOxxqm+33XZdzyf7j4zFcLfwnXfeWXyi
IKZ0pZVWcv47YOHYO/sOR7D/7p+755577ONwzzGw/hvnySMZR0QeowdlPIhTnZ0B4xE4tnKDDTZI
Fl2GezJyfjj0CGTH+tA3USYwI5ARyAhkBDICGYEhRQB9/YADDuiijnm1/xa123777bueT/YfGYvh
buE77rjDMY9LBY4jv/XWW0fMq3EEr7LKKs5/a35EMvjcf2s7fNZtxMtxejCMPHjbbbcVJ+7FsJTh
HsfLvzMCw4RAdqwPU2tkWjICGYGMQEYgI5ARGHME+LYTq5YJfONT34Udc0KGoMCMxRA0QgUJd911
V/gWqD3Cne+l4hDkG8ip8MADD4RvJPOtORv4DiTHqw9bGDYe5BtkGEq4xrhjRFliiSWGDcJMT0sE
smO9JXA5WUYgI5ARyAhkBDICGQGPAN9b5pQtAnoy30+2+nN4MUX+y1gMd0PjXOe76JY/me/xbfbF
FlssSTzz1IcffnjEN+WZVy+//PLJNOP5cNh4EHyxZ8Tzan4vuOCCbskllxxPuHLZGYHGCGTHemPI
coKMQEYgI5ARyAhkBDICGYGMQEYgI5ARmEwIZMf6ZGrNXJeMQEYgI5ARyAhkBDICGYGMQEYgI5AR
yAgMBoHsWB8MrjnXjEBGICOQEcgIZAQyAhmBjEBGICOQEZggCGTH+gRpqExmRiAjkBHICGQEMgIZ
gYxARiAjkBHICGQExhGB7FgfR/Bz0RmBjEBGICOQEcgIZAQyAhmBjEBGICMw/ghkx/r4t0GmICOQ
EcgIZAQyAhmBjEBGICOQEcgIZAQyAsOOQHasD3sLZfoyAhmBjEBGICOQEcgIZAQyAhmBjEBGYKAI
ZMf6QOHNmWcEMgIZgYxARiAjkBHICGQEMgIZgYxARmBSIJAd65OiGXMlMgIZgYxARiAjkBHICGQE
MgIZgYxARqAtAtmx3ha5nC4jkBHICGQEMgIZgYxARiAjkBHICGQEMgJTB4HsWJ86bT2mNe10Ou6y
yy5z//73v93mm2/umhqqSG/DbLPNZn923fdbVldmE/RHjBfVqMIsruYf/vAHd/3117sVV1zRrbfe
evHr/DsjkBHICIwpArFMayLPxpTQMSzsX//6l7v44ovdggsu6Lbccks3++yzj2HpgytqPMafzF/t
2vOf//ynu+SSS9xCCy3ktthii0nDg/fcc4+78cYb3QorrJB1oHasMWlSNZ2vTJqK54oMNQKMWRdd
dFGYV2+11VZu4YUXbkRvkzGv37IaETakkWO8ILOJHnr33Xe7a665xq288spuww03HNJaZrIyAhmB
qYJALNOayLPJihHz6vPPPz/MabbbbrtJM6eZOXOmu+qqq8L4s9FGG41J81n+ms15u3256X5M6Jko
hWQenCgtlenMCFQjkB3r1fjkty0RYEK51lprhdTf/e533dprr10rp0cffTQoAqR5+OGHQxoMuLvv
vrtbd911k3m0LSuZ2QR8eN9997n3ve99bpFFFgmT/v/+97+hFl/60pfcc5/73Fo1Ovjggx3xcap/
61vfmjSKZa3K50hJBFCQ86QrCU1+OGAEPve5z7lrr73WLbDAAqGkP/3pT26//fZzGJMnQ2jbt3Bo
7rrrru4FL3iB+/GPfxwMAZMBj7Ecf/785z+7yy+/3F199dXuqaeeCvC9+MUvdgceeKBbaqmlJgOc
terQmgcv9jy4267uhS98ofvRj340KXgQLA455JCgA62//vph4cBkWbRSixlMpLZ8YbKY8LfZsT7h
m3BSVuCOO+4Ii5/Ry3/wgx+4V7/61bXqybz6O9/5jrv00kvdQw89FNLA4/vss49D3qVC27JSeU3E
Z/fee6/bZZddgq4F3v/5z3+8j2A2d/Y5Z9ebV/u9AftN28+dfPLJDqcG+uxUHVMmYvsPiuY8vg4K
2ZxvLwROPPFEh22VhdmEP/7xj+6ggw5yb37zm3slnRjv2Y/VwpF7wQUXuLe//e1hTvO73/2u8Uaw
YQUHmwnjD4u6rrvuuoGOP/fff3+YNzG31rx6ySWXdIceeqhbZpllhhWi0acr82AXpmPJg10FD9mP
PO4PWYMMkJzsWB8guFM56wcffNC97GUvCxCwYnuNNdboCQeO9M0228yxcyh26K200krue9/7XlIx
aFNWT2ImUITbb7+9a4cVAryp4+Wkk05yRx99dDhd4Ktf/WoS5wkESSa1TwSuvPLKsIJ3+vTpU8rZ
1CdsOfkoIcBCKnZmE5BnhOOPP97tscce4X6i/kddPvvZzzqcu0cccYSbZ555GlXl+9//vtt6660b
y/dGhYxD5LEaf372s58FHYMqxjoGBoAPfvCD41D7sS2yXx686aab3DbbbDOpHOu0ADx4zDHHBB3o
rLPOmpI6EEbXb3zjG26qj/vZsT62MimXVg8B9AYWgTF2/eQnPykWr1el/utf/xoc8CxAj8e8l7/8
5e7WW29Nyro2ZVXRMdHe3Xbbbe4Vr3hFQTbj5ote9CLH87ry4bjjjguOBXS2b37zm0mciwLyzaRH
4Nvf/rb72te+5j72sY9NLWfTpG/ZiVHBHXbYIdh1oFbz6lNOOSUssJoYNUhTSV0+9alPOTYZ0bea
zqtvuOEGt/HGG086xzrjDwuGGX846WZQC7vQRbTxLdYxmFMddthh6YabRE8zD6Ybc6x4MF36cDzN
4/5wtMNYUZEd62OF9BQrh+NCcRywOv7YY491Sy+9dE8EWDX43ve+N+xSxMi56qqrOowCHBPLEeWr
r756Mo82ZSUzmqAP//e//7m//OUvQVEGC3YgNHWsI/gxJqNc7r333iMMMBMUmkx2CwRQEKdNmxYM
AHUXxbQoJifJCJQigBzjb84553RnnHGG+8QnPjEpHOvsHHv961/v/va3v7Xacf773/8+jKccAcu4
Ou+885ZiOJFejMX4g1xjd8bpp5/u1lxzTfeRj3wkHKWLMYbFeewqW3zxxScSbK1o5fM8LGD8+9//
3mrH+WTnwU022cTttddeU04Hevrpp93+++/vzj777HCaQ53FsK0YcAIkqus4mwBVySROIgQeeeSR
sPiLeTFz5GWXXbZn7ejP73znO8O8+rTTTguL3BnvWMDOEeWMhanQpqxUPhP1GfNqcEJvYKx85Stf
2dixzuLQU0891b3hDW8IJy7FToeJik2muzkC8NGee+4Z9M+f/vSntRbFNC8lp8gIlCPAnPof//iH
m2uuuRynwuH0nAyOdebV66yzTrA3t9lxzmKpww8/3C266KJhXJ0s82qNP8z3sOkNYvxBru27776B
n2iDE044IeDIiS8sznvd614XFgOWc+XkeJN5MN2OY8GD6ZKH42ke94ejHcaSiknvWIepbWBg4Vmv
ASaVzuYzWvepcurQ16b8VFl18rHphNsgaNRxsDh4B33kr60TGAyyXnUwTsWxNIq+VDz7jGPgUaJw
tA/6qOAUfYPgC1u/Qd/bOqmsutgrPlebT1l6G4c0ZfF4p2DTED/+rXjx1cbjXa+y1BfbONablhXT
ym+bRxmtNg5pLB5laYjXJrQtK5WuTfmDStOWvrbp2tSDo8V23nnnRo71NvSVpeF5FT+VpUvVdSzl
s8pvQp/S6GrTVmGg+GN9bULfk08+GZznHFnHDoVlGhxPZ8uhjm2wsHmUpVccvdfvXmXaeL3icqQt
hn6cM2N1lHsT+qDfBptWuNj343Vv6YIGaNOzQdGp/FVer7rb+L3SEJfdLTiC+ExCdqz3Qnfqvrd8
pe9o8qyS7/1UvOP/KSidfo/mtRV9bQmI6+XlQJ3QRaPSAE+95HWKCPJo2n7T3CmfPcVdeOGFAz/y
t6tOVER1GeV61ap8KlLcVpbGVPxZzxgzOXYfR3uTHesVWZa+6sJwQHxRWvigXrTEPSYnic2ISJGc
EYZxPPNb+RYyydDbSKb1KEvH4rZxrItGkV1JlyLF1zr1MnFIHsrxz0JQf571s+9Ly7JGBYu+ia/I
IFWviuh6ZetV8KJejvKVTz5uu+22jRzrlj7IqcWDZVjAU2X8FKfpIaeZV7Nj+oEHHnBtHOttoG2F
xayCbNpaGLYhsI80TehjXs2mNxzpt9xyi1tuueVql9xVTo82Lsu0K4+U/DW8JKx7pplVmI3HI6VP
0TIePIg63aVTp+qfItY/s3WrqldJ8sE9TtXJPwuhTF70SU1TLGx8iu6FXz/jfp9Vy8nHAYGhdayz
qu6cc85xc8wxR/hex2677RaOd3n88cfdueee67jCzM95znPcu971Ljf33HN3wcdOab4nxtGGTIY4
AoXvjHCMGoYjvjuio0tsQlZxn3feee6KK64oHjOh4ltbOtq8eNHHDUKY45Yvu+wyx7fMoG+VVVZx
q622msOZtemmmzrqTEBZYFLM7j3qDC133nlnMIo+9thjAQO+Yc43zcEjDgiBm2++OdSLo1AJlLfN
1tu4HXbcIRx/E6fhN4ZXjoVkxRGDJ9/w3vA1G7q11l4r4MNq95122qlLqIA39WFFJIFvrajtwoPo
vyeeeMKxAwq6+f4Px6UdddRRYVcfdePoNehfYoklRtStaVkUTV4//OEPHcedo4ARWIm++eabh1Xp
P//5z8PKvn6+tQrfscuestgFt/zyywdDPrwF3y6z9DJuw402DLvKAwHRf+AHDvAB35dnJxErAfkO
0gorrBDF7v7ZxHHD0ftf//rXA1+RC7TRJyirKtTlC/Kgr7I7U/wAH+24445hpyDtTh9Q3+WdvnNU
VX7qHbSzM4M8Hnv0MbfTzjsF3G688cZiNz/9d4MNNnDzzTffiCxIh7OFPxYk8JtAP+RYauSGDfAm
C0Doj/yxu4HV6P/P3nmASVkkfbzMOStmxYQeBoxnFsV06pk99TsV8xkQ45mznojhTHjqGTBjjndm
RTzBhAqiYkAFI+YsKqD71a93/0NP7zuzM7MDLPD28+z2O52qurq6uruqA3jQX+AB5A4nIP9+1N9t
1dVWLWRHtlFv4Lz66qsBFv2RvsSfrrGK60Q/+m3sb/bCwBfCW4mcLIOOnL7kiifcFVdcYZy2i121
fR849MVjjz02lI18WnvttQtvJlE2cijLQTOMoLfffnu4kos0yIxddtklXB2sdlZejDooGAiPee+1
114Lsoorh6HL1n/e2g486MACn5Cfq6eAI3m2xBJL2HrrrReUXuBx/vnnh7FDsFrj1wKLfsgYwruW
XMEJTXlvioUssialRWvwo41ff/11g9fhQ94l59YKxk7g017A4xo4wa2WL4Qf4yrvfCObkN3wMuMO
sgm5QV+ot9O74pVcBV8r3RkLkIX0fxz8xE5rdrDTV3fYYYcgO+K6MVYwBtGH2ZmNYyxBDuCnjr7F
rmbaH5nYr1+/MAbQFnJZfYt8XB9JH4G+8DdyBZqXo3c1tJA8Aw94iKvj4HtukUGOMYaxOOAWmXq5
asYfaHTP3ffYJyM/CeCZy0FLZB4LeuQMb89vtdVWzdCDRxmPUY4ffPDBxjjMHI+5BTzMbTrQatFF
F22Wtxp+Fw1pE/5aGhMWXmThQF/a/IcffgjpMWgyLsLrjFfnnHNOkKmMQ3zTDrGjLsjcQYMGhXkX
cdxWAw9yM0LKH4EHf3Qe3KJxvsO7e6SvlgcpZ4EFFmiRBymX+Rbz16FDh9pss80WZCF9gM2T9C85
0Y/fzHmIH+88+KXPgW4bNweCH5Bj5eZA1IlxCx5CBuDqPf4AgzkgcoU2ZGxL+Z159ZZbbhngp/9K
9f3tttvONt9888I4oHy0J2MUNzpce+21Yf5S6bivMiYnf3I9sc7J2+uuuy7MDZBP3E7FfBN+uf76
6wtjDLzAsyuaL6htmfvTl5kXwpvMz5BNzG169brUb5e5ptk4ifLvveHvhfLJJwdPI6dY99bLUQ9u
PwFH5Cj4ofRdddVVw3wM3j/ooIMCODZYsT5hbaL6kod5J32NvPQB1kTEp44+yhweuiGncOTZaaed
bM899wzjS5qH32x6Zq3C/BV5g/xl3o6egXUD14/vtddeRbIbujFHUXvQX6mH1gopHMpF3oI3N9sA
izEFuYucRXaDP2NeWrdqYQGbsniqDd0KcHFszGEewVwH+rCmaN++fYir5R/ykLk0Dp7jFjvGy3ff
fTfwLQp9wtu1a9esePDjyTR0Sszn6N+MMcyTWZ/w1Fw5V41hnT7C2lBrXuZtwOGvnKuULygDnmNu
In6gveEZ5kEY/mlD8QZx3FjAfKdaB+7cGMWck5tuGHOgG/N/9FLQlf674YYbZq6rx44Za489/lhI
zzNG4IKjH3br1i3odWKc4E14KJ5DcRoSPOBh+jVyB30QJ0zjcRrZRt8HDgYeYNEfmRfyJ3rEdaJe
9CXmKKwz2FAOHXmuifEdx9ybwwpFzmXac88/F9oZGYAD1o477hjyp7TW+Nq9e/dwspN1BnNYwuWy
5v7EgSNGUHRWzHVxyAz0nsga8UCI8H/IL+ojuY7OA97jyQfK0FvLrGmOOOKIovzSjalOSy+9dGhb
1uTgwSln1pX1cLXAQr4jI9GxSG+Krg69EbImpUWr8PQ2fmXIK9a3b9/QTrxL3rlz51B/4NO/gYes
L8Ctki+En3Rq6AzgW2Qm4wGyibZL5/HK1xpf74pXcmK9VrozFiCrkNM4+IkxCP6lr6KTgKaxY279
n/v/Y4NfGVzQIzGWIAeybi2lDyGb4HNkImshxgBkk1xW3yIf+jPkAfSF7sgVaF6O3tXQQvIMPICH
fHjmmWfCOIQcYwxjzl3PTazQAJpr/AFfyQDRQz40Qu/BrW04xk9oyW04rJlpJ+aIrBtSh7wdPnx4
mE/QBxibaVN0E9CSNRHjZtZttdXwu2hY6ZiAPGB+Rf25dYd5Lv0KHRlynfEKGwPynnEIW1CqV6cu
yFx4UXYCZDpjFmuulD8mNA/Sbsy3aLshQ4YEnR/zONbM8BjtJif68bst8qDwxK9lTIjzt/TdGn6n
7Gr6PumhN+1Sy7hP/txNohTwAbyhLf754NPgwouRMfz5RD7g6caYEK44FyANLgSL6uCK7kI+0sV/
Ks+VlEV5oIEvPDPzKY9fm9PgyuBm+aqlnyuqG3yxHmDFuKlOwPPJR4MPPgHWv//97yJaCB/8OI8r
Uhvc4F6Enw/eDW6ILwvLjedFeaiPTxzL0iLFkTzUy43tBXqTJqt9Ynq5IC3AiesVf88+2+wNvngu
wrEWWL4oadh5550L8GLax/DEazGelX67sqbBJxQFGHG5gqcwn/wU1Qne8rdoCnmVPm7jU04+pcEn
TkX5YtyA74qZFulOHl8wFrUVeNEH4vLS72r4AnrHuFM+v32SE2D4hKYoPo5L4bb0W3JBtI39GAf4
0SckzeroV7+WpLsbAxqQKTEO8C3lqmzK9YlYgytoQjlxnCvnCn1Z7SNaKJ3KQS7A28DySV2hfNVH
6fRb5ei3K7AKeFbb98Ff5ZTzL7744gIM0cQnd83qrrpRFvRxI0QhH7zuhssldUsUAABAAElEQVSi
+iFf3SDejH7kdwNmIa8/MVGUJoYjWOmYIDyr9WuBBW+4ArEkjtCCNNXikpWeNnYFa6HdUlqoHQmX
DK2WLwTXldDN4FCuYPimgQZfaNWlXoKJ74aeAKMl2VQr3ZkLqA6iX1wv4lLYvnArmwc5GdfB3ywu
pBesLN83RxTlowxXEhZkjfCKZUoMR9/V0iKdbwk30UO/434oWLX61Yw/WWMJOKX4Zc3rXHHUIu2X
W3a5goxWfarld2ge49PSmJA1r1P7it6qIz4yxRUgBf5wBVKhXoIb53fFcyEtdWLuEJeb9U3+LB4E
VgrDFX7NaCba4SMLXCFdgJnm57crBgo4ukI8wEjxUj7C+R6fPEj5aV+P68S4BV2Fi3DDF96u1Gu2
JonLqOT7gw8+qIgWWfzeUt8HP9IID1cwFXBXHVKf+mWN+ypjcvNdATNZOuax4lV85pg4V4CHcMW5
EjHwR0wEeFJ8Qbr4j3B+M6ePnRvhGmL5m5XH30ZtIF1rnSvIG1yBXLZvbrPNNg2u7AqgNP6oTvKF
o35vscUWYc0V4+cK4wbfeFASFmUgp1LH2lLlCg6+wvBjHMlPvVjTKT1pstonhuVK5KIy4/L17Rsw
gz4jzlcLLFfEN/iNQgV4wjOuF9/itRhepd+uHG7wTWUFGKoDvuDp2w3wRcW6Yr2BtYXyKL3ww/d3
eRtIV8oB3zcVtkh38jP3i2HwTR8o56rhC+gt3OM6MX7i3BBeFE9axZXDISvOjfRFZQmeaK3fjClu
uG1WhG/GLEl31tXIlNilcohy3RDc0LFjx1CO6ApcN0wX+jL9kfYRXkonOiEX3NgTQPkGi2Z1UnrV
R+Xot2+4KaAJLN8QVBIWedBxyIG/yinn+zMNylLwoU9a9xhX6MO6Tg45iu5Q9QYea2o3iBfhKzyY
B8j5BpyiNDEc0gOLcb4erhZY8IZvnimJI/iRph6ONvbDC4V2S2kh+hHOnBBXLV8IT98o0AxODM83
DTS4EVPJ6+aj96UeLcmmWunOXCCmU1wnhaew47mo0uMrPXIydshtxZXzWUOnjvVJCiOWKWl6fldL
C9+QUtQXhaPg6jfr73q5dPwBRkpnwcoaS0if4pfO68gvvYzqkOUjuzTfEsxq+R2ax/i0NCZkzevI
H+MXl4dMYXyXgy+UVuni/GeddZaSBn9C86AfFGjwAwQBxxi/GEdoLNfWeVB41jImKG+lfmv4vdq+
35pxv9L65OnaJgXYGVdQsLSlbxSIvsutAWMxQi42drJg9ZN4IQ7lZWpEkXEGRT8LTCY+frKnwd/+
KAxyqfLMd3IWhKnvBG3wHZsNGMFYLMRGNwaT1tKJelEnPwXb4LtLQ3kYO3wHYQG/2LDuO4MbfKd1
AT/yIkRPPeXUBoyzvuuvkM93BBYMc+DpO2VCPtL7m6JhYoCSGnr6zq1CmSx6VS8m2/HAwqBKPMKa
iYfiwDE18pKOyZGfogrGtKz2ERx8FjnQ13fONvhOsAKuvrs9hPkJs4a///3voS3ifHxXAwse8F3b
hfLhDfgIg2zPnj0L9KNuMa+lMCv5jfLKT0gU6ATtMSL6TuygtI0HQN+FXaC7vyNcyOM7BAMPsrCC
F30XWiEu5d0YJxluW6I7eeA52pS2Ou2000L55cquhS/A3XdGF3CHx8Uz9EkmfOKnyy+/vMhwENer
km8MAioLHzr/7W9/C33Ed4UW2pgFPYaCuMzDDzs8xPu1iQ1McplcwR9M4iiLvhOn99MFQT5RHxlR
BdN3Tjeg3GGiAA6Hdj+0sCGH9qHfodRiQgYewGJRLdyBK1jUSTLQd9M2PPbYYw2+27KQ1ndcBnxF
41j5XW3fB2fwjflTv2M/hgGe4jnwp14odqgT7YvcUnmpYQjZDO/5KYFCfURDZDi0Rd5QpuQTsh7e
Jh2GLzYh0Ba0meRZJbwv+pbza4EV56He0IIwlB9+UqxAi3rh6O9mBVoAC+UmChR4VTSHTiiBoI/q
Wi1fkO+xRx8rtBF8iOLIdzSH8RXZIXjxuCV4rfW1gCsnm2ql+5VXXlmoF30deQyvMR9Q34eGKWw/
zRLqjJxGhgKfTS0yJKZ0YKyGRqKT+Fxh8rOMmtCPMYk5D4tG8gJXcjSlby20oA8BQ7IGGMyD4Bvk
kTaLIWcYS1OYtfyudvyBvkceeWShvfxt2MCH8fjInAq+jPHxmwEa/NaRMJ+QrKZtmVcw72COwTgU
16sWfq92TKD+8byONoXekuW0ARt7kPnCO+YPGbupy7W9r21ACY4CWDQi3E/1FGjB5g7xGWXzp9/y
fXd1pmEdeqY86DcmlORBeBODlGAgI1iYMibAT2zAVJzmWykPglPMg6LB+ORBYKZ9PeYl5Diym3Sl
xh/oTh+M89XyXY7fxSPI4pjfhZ9oi+wEl3T8iXGsdNy/5JJLWl2nWugwMfK0zeV667FCgQhf0Tfh
YcY6Oeb3bDolLstw66d9Qp9lczLrc4w4KPn81pCCHEkVuPCWeBEZ7Kd/ggECORDPQ5jrtdYxDgDL
T2E3sNET5ydMgryhrsTFRmuMyOlmUtKxHvSTsUH2KB8bZmWYo96MHaoXegXmwCjtoKffOleIY30r
Fxu7KZe+STzjk5/4DXmEY2rkJZ2fnAz6AvpuVvsIDj6yFKOmP+3QwFpXuJ526mkhjHGPsQVjUOqq
gQWefoq5UL6foA1jGGMR8kL0w495LYVZyW/knN/MV6ATZTLPYgyF72JYrCuC+72hQXxLPLwLD/oN
McFHdyLapLwb41SNYR2eo03R7bDxCbjlyq6FL6iDcAd/xlTxjJ/SC7xFOH9+er7IcBDXq5JvjFIq
C5/60HfpI5rXEs66mrEmdqztSI8+BwU/BkLmOPAveeg7sfNT0UE+UR8ZUQWTMY+5kJ+mDGWypqcv
4uBj+h1rRdan4AGseHNkbESmTpqfIC+QHYz7wOLPT/4FfEVjdDdyRx99dEhDvdgUlNX3KUN9H5xJ
y5/K1+/Yv/qqYsM6ddJmAerF2oQ6IXORWyovNQwhm+G9WE8AXNKzPoS2fkNGoJVwZIxFrpCO9Qyy
jraANyXPiCdda10tsOI81EN6M+bsjB2iRb1whF9FM7/tIOiQaGvBIc5PUAf6iB7V8gX50D9SFn/w
IRtg/B30ML5KdhCHTik1UApurX4lhvVa6a51KrjT11m7wmt+u2Kh7xOXykU/8RxojJxGhgKfNY10
wykd0KHRJnG76HfsZxnWoRtjEnMeHRgCruRoStdaaEEfAoZkDXVmHkS/Qg5qsxhyRrIshVvt73T8
yaJzXCb0PeGEEwp86LeABD5kjPFbMUO430gU+DLOx0EZ1s7klaymrU8+6eQQxhyDOU5cr1r4vdox
gfrH8zralLFHshx6YBxH5gvvmD/QXcI71AU5wzodPaNohIzh0KPchORBaBnP55irMv4w5sNPbMCk
fvwxz8dNCjwY963xPf7Uwu8xfvBGJeNPreO++Cr3J10KtFnDOozMH4YxhISUbwpXXGqgYKLl1ymH
PExMYmUpeaREYqKssmLDEBMqhce+DBipcShOU+m3lPmp8p38GGUR3CgUY9wR7DLWokxjoIjhxQsI
FlLExQsiJp9xer7jMjG+AC+mXxYcFuzaLZWFfwwDmqXtE8en3zoFmBru0nRZv1uCxSRNA06W4pSF
OAKzFK9lwSwXprpQHgbzOC1KJRlgxE8oIoQfxt247cnLbwy0pIGmTFLjMvUtXq6G7uQVr2TRRvDV
r6rlC3+GoFA3v6KuCG/amjrBS6UMRapbJb76KW3JZD7Ow8KavgU85Eocxzc0hr+ZWLEwBx9O1Ak/
3SAR56MPaTIDzFT5zKaYOL2+gcWEDVj88VuLubQNJANFO/gHvolP0ovflFftCe6V9n1wo/7gwuSf
vCzCFU5cVn0EG55LT/aTN8YF47JoIF/5gYcBL5VtwFVaTcyBJbopjrbwt4NDGWxIUXitfi2wtEGF
WzZYUKWw6QuSM+lmjTRtS7+hNTTjL739gjgZQ2N5GrdFpXxBP/BrWwMcv/Y9nDJJcYsX0iyO0/jW
/GZxRh3F21ll1UJ39SPKxqgZ8xkwkMmiYRZs6EJfYaMaN8Uge1lsUl6W/EV+ABMlPfGUTxhw9ZdV
tzhM8qacYb0WWgiGZA1KeeqmcG0GRO7Uo2+pXPniyyw6Kw2+ZEXKh8hraArtWWDGeeJv1a9cmtby
u9oIXFoaE0jLvA7cNab7NaGhHtxeIp4U3lnzYPEgxlOMDx999FG4EQnYaXr4DbkJDzIW1sKDjAGM
eeUM61JsgEN8Kl1tAQ9pPsvYr3pSF9WVsbyIBx9r3JBKnxwfPKiNCuV4UJsLoV06/kAXxh+UNfXC
T3IVg1Jcpgzo0Dfm5VNPPTXwTrwZTTTHZ0wiD7wZjz/QH75n3Ce+knE/Lndy+550l/QVYP57QzCM
0c7wQ5FrikOpSJvKoWz2K5IDb6AMj5WlfPv12iGOdaicjJHwGmNS6siHcYx4FMzxqaE0bSW/NTYU
lO9el+Dcp+9QJ06Zx7hjXJexFsMGsjN2KPkkx9Ed4BhrFEY/SV1cZvdDugd4gX577hXyZcHBkCWF
aWz8T8tu8LqwTkjbp1m6KEAn2GLjYBRd+rMCWP4UU4EWGLBTh9ECPsvktTRxBb9lAKE8jISxw+Ao
A4b4iTmZ2gq6xW1P3t9/+71BBjFoihzMcuLlauhOOfAKuKYGJMFoDV+waY668cecIXbXXH1NCPfn
/koaiuL0LX1rbUpdaNPYsWEOuoAHBvdmzvkI5T7tg0yhzqxlSV/oq0km+oOMysD0K5uLUtDHshzt
i2EFAzR//GYzCbDSNtDGHtEO4wRjd3ySXidolXf48HGnGbP6PnhLnmB4Fb9Rf74xRIGLjPyE85dV
H8FmroH8Sl2MC2u51Ck/8OgPqWwDrpz0T8CinZAzctQJnR9lsCGlta4WWOhyqQfram0GiPGgL8An
pMEA3hrHeo5y+GPzSOyIgw7ExfI0botK+YJ+oA1V3ECWRVvJO+CxqbaerhLDei10Vz8CZ79WPfB3
jDd6L9FQ/SqOhy70FTaqMSdlgwnzXcqDP+N5CfnYcADPcjqaeMonTH0r5vMYTvwteVPOsF4LLQRD
sibeDEQcxk/qhdzJan/lr9UXX2bROS5TssKfHyjCA1pDU3BkM0App/qhuyvlWsvvaiNwaWlMkBwG
d43prO/Iy+0l4gnh3Wwe7JUQD7IGZbMLcwDdiJSmn1A8GNsxmJumjj7DxgjqydiqepJOdW2LPFjL
mJDWvZrf1fJ7rX0f+lc77ldTjzxt26TAZGdYZyBgEEGw8McilUW9v98dwpnQIxRJpz9+Kz3GQwzT
7B7VH8YgKfuyFOYqp1KfXYmCx25QFi3s3GUnLjv6WLgwoYjLk8GUfKUMF1ogcjKb/DJIkIfTsyxO
VCd86iWDiYzkTBx1nTVKkhgHfTOx5cQRxv8UT6XBh2bV0Ev4llNsxuXH3y3B0maG9ER/XIZ2pMaK
yji+mm/VRXRN88qQQNsATzwRK9jTPCzSMWyQR4rPNI34pBq6U4b6QCnat5Yv1H9iYwH1AU/qkxoA
0npV+ltwYqVxnJeTpsCDjvFJL3YvyphMfPpXypAlepOe/hXDKvWNDFK/S+HwO20D1Uk0Esy4jcVv
yqvflFdp34/xTWHGcem30gIrlZ2cxOcmArWz8IvLEK4Yy1gIxHHpN3woYycKEK5BZ9KDfEexyqke
FAhpvlp+VwuLCbg2n3A6tBRM3ahSSjaUypeGS+lbqhzxekxz0boavogN0NrckeJC3bWrXH2PBQ3t
wsmJcn/sBEbRlJap38I5rofi8GuluzZOwEeccIvL1Lc2XHEqT2H4jIGn+il06Jj1F/fNOF9W343j
W/pW/lLyqFZaCK76cnwymjjJ/1L1Uv5a/ZbGH5UrXog3ixBHvXUjjeSk8sS+6lcuTa38LjhqI/ii
pTFBaWO6ihZxG2fhTV7mNZoTpHyI8iGrnpxowjCO0oExWHhX6it/OcO6roHkunjkQFbZ7OgG5xgP
2pG6gnvKgyiXtSGgFryzcIjDUHIBt5ScIS04iN7x+MPcnfHnyb5P1m38AZ6u9U35nXk3/B63MWE6
YXKqG9jjusXfuhkJI1S8WTCmfRbfxGVM7t9tc7leJ6zcaIKSDd5B1hS5prgsA6JkL32WG7ToJzxn
QTjGqdTgwckQySSM8himOV2sP4xBGJ9IkwWvCK8KfjCGCx6bdlj3M25jAGFjGLfPodyNnQymkjdx
XPh2eug5IIzy5Oe0CnDIQ79k45DqhE+9Nuy8YUgjIzlKcxT/5MlSiAJLG7IEpxkuBJRpn8z0Hgi+
wG1Jud4sfwWwtPEHuYwyO8sx/+cmlHJK96x8WWGiveiapmFcUNsATzwBf0nBnuZB7mHYgEYyeKZp
xCfV8il9oBztW8sX2mwfGwuQzTKGNOvfacUq/C2lfHrCXNnRSUF36IgRQo5TjzImq2/GfilDVnxa
m/5ViUMGyVAZw9B3yv+qk2gkmNAOGuJS46N+UyZjfmbfb7p9ImvTQAqzXL2UFlip7EQ3x1pb7ZzW
LcYdYxmbDMo5DDIydjKv4Rp05nDId4wQbAj/6aefyhVRcVy1sDBMMH5AB06HlnK67j6L7qXyZIXL
eFWqHPF6TPNa+CI2QGtzR4oPddeGK/U9jDW0C+Nvub8zzjij7NX4wjmuRwy/VrrLSAYfoWPLctyo
gFzkZrjYIaNpY/XZ1I/7Zpwvq+/G8S19K38peVQrLQRXfRm9b+zoC9oQIJkTx7f2mzkZNCzVxipf
vBBvFiGOeksvKjmpPLGv+pVLUyu/C47aiPq0NCYobcwvokXcxll4k5e1HGNZyn/6nVXPLJjCvRJf
+WP80nyag3OTZ2w0j9Nps0Zcd+JV17bIg9WOCXF9a/muht9b2/dj2mfxTS3453naNgUmS8M6ilEm
kwzc/EkYxj6CU8ohmF1xylPKR1i1VqnHQo5dQ4Ih2LGPsT02WksBm3XVqepBnShDhhYJYcIEq5Sv
9zIFhzwY+FV2LT4K0lhh3FIZwrecYrNUGS3BUtnadFCqnHqFC16qEFX5MZ1RYsrwHyvTlVY+xg0p
dUu1jcqthu6Urz5QivYqt1a+iDcSsAsXmHpTpVydVfdKfRkgUqW88guPmD79nuxX1P87d+4clAFc
s05/UZ+K+6PKE13K9UulxWdxRHn8UTbGCa5SZJe7YKVtoDpJ2S2YcR3Eb8qr34JTqt8Trr4f45nC
jOPSb028K4HFW4dpfuFaqq+k6VHmxfURPeWnp1nT/NX8rgaWjI/g8eSTTzarp+CyyCFNa2WRZIYM
2SpfvnhdPEG4aA38mIZZ3+ILGaBjfhMM+YxpKDspFwUH4bG8IrzcXxZfqGzhHNdDcYKjzWDV0F0y
r9K+K5iM/5LD0I05wYEHHtjAW3j8pp6laJXVd1VuJb7yl5KZreXBUv1ecEvVqxLcy6VRW5RqY+Ut
xwulcFde/ErS1MrvgiNaVcJXShvTVbRgHqcxJ8WbcE6jwWvwHCeU2ejYtWvXgrKVcI0Zwg1fhvFa
57LKX8qwDm5sMAJ+OZnOHAb82SilTW7ljLuCWyveMQ2yvisxrJMvHhOyZFo9xx8Z1tN+kUUnbTyA
7uXkoDY9pONPVplZdJoSwtr2sr2V2DUZTOETZE2RK2NM5VQYBjzyxX/qA4RxU4VcbFiP02d9L7DA
AmHOoLy1+Jw+jp+7EBzhh8+Gk9i4LoMpp8hjg2AMX6cGZcyVcZfyBKOUv8EGG4TTc4JDuqy3qGN4
Zb/LtE+pfOPTsC5asAaI6VoKl9aGqy6pAUDlxnSGt2X4L6esxrgtw3qptlG59Tasq9xa+YKNyOJv
xnocBl/CytVZ9KrUL6WUV37hwdjM+IDT7U3qJzyHx/XAXLNOfQnHeJnFNzIyZF1BLJixzwYawaFs
Tsqy6ZqTwIKVGpdUJ8lAwYzrIAW88up3DIvys/7U92M8U5hxXPodb0jIKj8OY7N26oRrqb6SpkfO
xWXyTT31l55mTfNX87saWDI+ggc3ZJRyWhugT8niqVL50nDpUWXITuPF6+IJ4kXravhCBuiY31JY
GHX0DCS30uGgRzmjn9oLP4svBEM4x/VQnOBg9K2W7jJgVtp3BRO5oXrBe8habq3iiTvxYilaZfVd
lVuJr/ylZGZrebBUvxfcUvWqBPdyadQWpdpYecvxQinclRe/kjS18rvgiFaV8JXSxnQVLeIxJ8U7
7m/wHOtqNjqy/oYf1bc0Zgg3/CyYcXxL38pfigdjA285ma7NhPSleE6b1lX4CG5MK8XVwxfdW+LB
asaE1uJVDb+3tu+Daynat7Yeef62SYFJ1rCO8o4TcrFCUgofdr1xNSsLDRR77Nzjj4mqBug4nxSp
CE12gbK7navtsv7Y0YwCSrBq9ZmcochjQSD8eLcN4SbhHStFpYBlF2DWdcvgIUOLDOso5SiLuvIm
blZ9FKYyY8V8DL+WejIYxXRuqQxNjFMlYkv5iG8JlsqOldVZ5dajbSlX8NhAkQUnpjNtEF+1iwI5
Kw88IANSqbYRn1RDd2AxUYBXStE+xrcU7Cyc4zBd004boHSTcaqUETzOW+m3DBAoYLLyqK/H9JFh
mJ3BXHcU59NNAqX4php6x+3HKRgZEwRPyoG0DVQn0T0LpvhNeWvp+8IDXzDLKeiVXvTjGlzaUjIl
9TmhmLUpKcVd5Zby2TjFaRR2O2NURn7yliQLf8lO0aFUGZWGVwML2SHjcrmTqmobyelKcUnTcZqa
+nILR9apUE4KpX1asKsZE2JDMmNWiod+iw9Ee65k4x1sxtyW/krdjkLZLfFHrXSXzItlgeoS++mY
IHzIp3fglB5+QUaXKjOr7ypvJb7ylzKs10oLwVa/l6xRuOCWqpfS1eqrLcQ7pcoR7bPSlcI9LquS
NLXyu+BUQ6ustKJFPOakeGtXOv0K40Hc/5kbc3KZuLQdwbG1BmrlL2VYB4Zu5dATQ6JN7DOXRj4x
59W4AP9S1yzcBTdOH5fX2u9KDev0cebLzcafNRvHH3DP4s9a8ENeZ5WXRaew2cI3N5G+3PhDHHQv
d2K9knG/lvpMKnna5nK9Tlg1GWfhE2RN7LjSknlwlgGREzLwGHlQ7HHzAX8YyygLnorzcUU0YcRx
4pL+xfw764+0KA5b6ziZydqCvin8TjrppIJSNK2zDJsoULOuWwYfGWdlWNdNQNSV9UFWfRSmMuOT
ySnNq6pzU9vFdG4pv4zRLSk2m5VTASwZ1mNldbNyCGh904ZiBY8NFFkupjNtwE1k8CCncWnrLEe4
bhMo1Tbik2roDqxqTqyXgp2Fcxyma9ppA249kHEqPZkW56n2W4phnlfLcllGExmG2XDK2B07xk/a
pRTfVKPsJ60MgGzWj40JwEQWACvlf9VJdM+CmSrgxX/MQSrt+3G9BbOcgVjpRT+uYactJVNSHx5n
XE1dinsan/7mRCm3vXFrJrc3Ij9ZW8e366U0TMuo9Hc1sGJjV/zUSApLbQNPMY7V6jhNDb906NAh
81QoOuKUnwS7Gr6gzdRXkROlnPhAtOepA657Zixr6a/U7SjAaok/aqW7DGnQIosvC/VMxgThQz42
5cQOfil3sjur78b5W/pW/nJGTW1wqIUH1e8la4SP4LZIK2Wo0ldbiHdKZRfts9KVwj0uq5I0tfK7
4FRDq6y0okU85qR4Kw39GzkYnwqPDdtpO4JjFkzhXomv/KV4kDJ0K0f8zEhadtZYTJq0rsonuBOb
B6sZE4R7rX41/F6rHIxxE+0rGffjfPn3pEmBScawjpEGway/YW8PC8rrLEUvijkM0KmRjLw6xRfn
QxDxW8JUMFIfQ0FqDEvTVPJbOyIR3Gl6FK16ezJWikoBC47dunUrnGRSft6gkaFSxlxdFUzdUFwo
beyjoMNoysKHcL35CRxOtMRXRSofikWuwWUQVliWTzvEdM5KE4eVU5rH6bK+W4IlZQj1KmXI5Zpj
JrEY7bJgVBOmusCHWcYoNnyAizZKxO+Qx7cpxDCl4CFfVpmkFZ9UQ3fyMVGg3FIK4XrwhfoecPS3
ww47NOPluM7VfsMHlE1fSK8ERynITnbi13IlOMaIeMMAyr8UHotL0pcyZFVDb9GY8tj4E8MCN12l
nbaB6iR5kAVT/Ka8tfT9GB8ZSdlFGIfzjcwAB4XrTWcM6/CJwmOfPGwmig1Aik9xV3iWLx7i2Yus
eG3eEB2y0lQaVgsstRXGbsaLFBZyVvK9nNEpzZf1GzkFL/F3ysmnFGgLrXkqQnExLWrhC9p6uWWX
C+Xx9nYWLnq/Cpg8MZKVptawSvijFrqrfcGZ90Gz8KPPMilmE4Pi1TeyaME8hfJKyV/JG+KZd6hM
+fSPUn2INOr7peQRaWqhheArr2SNwgW3VL2UrlZfsjHm1ayyyvFCKdzjcipJ01p+r4ZWWWlFi7iN
U7yv7X1t4LNlllmm2RwN5QDjH0q3tB2hhU42s5CuhQdl4C5nWFc7YbBCSRa3Ad/IKPoPfYUT65p/
Eo5czMJdcMFbhvi03Nb8rsSwLjmXNf6A+2GHHhZwb4mPK8WzGsM68MUn8EVL4w9pySNc+Ea2QftK
xn3lmxz9SXM5XyHWrtBmTKOdMdLEjvGH/tXMgNiUh/5MP0wd/ZG+HOdDtlGW+nKaJ/z2cjEUpMaw
zLQtBOrECzIvdRhGdSsU8lVOBlNwP+qoo8Kb24rDZ14u4wen3XFsOlFdqWOWQxnHSRfKx8XvrocT
lWN/a5YNxWLPnj0bkJ0lXVM7xHQumbYpAqMPbZClNC+btwJYuhaZ8plPpQ46cM3xkUceGdZjaXy1
v2XAgg9TYxSweHqKttFGCSnKwS++TaEA1+sI35CHNGmZSic+qYbu5G3JsF4PvmBdBf7x36677tqq
U7uqt3wphukL6ZXgnA7mthzg60r6+JQXG6pTx3yb9KWMCNUo+9XGlEd/jR246SrtlP9VJ8mDLJip
Al7XhCPXKu37MT4ykmbJKPgXHOT0riuG9TGjxyi4yCcPN4nEBiAlSHFXeJYvHjr5pJOzosNzldA3
pWFm4hYCa4GltsLYzXiROsl3cOx+SPdWbdJCb4QsoCw2aoi20FqbQVNa1MIXtLU2hKCzzXIaV4HH
EyP1dJXwRy10V/uCM7qALEefZQ7NJgY59Y0sWjBPoTz6HfPN1EneEM+8N3W0YamnSkirvl9KHpGm
FlqQD6e8kjWNoePglqqX0tXqSza21G/L8UIp3GOcKknTWn5XG1VCq6y0okXcxineogNyJt2cw9xY
c8G0HaHFhOBB4YfdAJtPltNGO3DV/JN0aV2VN4tWiquHL7qX40HJjAkx/lAn0TELpyw6KazW8Uey
rZJxvx40z8uYuBRo84Z1KbEx2vBeE8ofrrrYZJNNwkCLopffsXJHebiSkcUeefSnRVSqIJZCCoHF
BIYJuvKwy4TBnoE9zRfDrfRbSkdgobAXHHzqIgN5rBSVAhYc+EP5iMISAx2n0ZWHCaHeCEeJz1vo
pCdep+2Bw+SDU9Iob4nnyiwZ0WX4JxyBggAnDzhgfIYGxGFsUR7qTpkobfkj7d577x3SUidwUVxK
J+IwJmg3FtcCf/rpp4X0lJXmqRYWZaywwgoBb/Bn57XaGL5i4U+d+IOeKbxqf6uNKY925k2YYcOG
hZNOvCksWGxeUPvL6Escu2KFH/Fxm7BzkjjhxIAv2lIX6sdfS3RXHhRlbDYALrSnLRQXG3liHKrh
C+GJr0Ff9S+1ySHOU823+jHlY8BECUYfYWKuBTZxnLihXOioHdn0cQZ46I3REmOl8OT0IHwa4wKN
oDdpKqE3EwzSkZ5TY9CWtmPnu97mJo42UPuSRvjR99QPeSOXsrRhRvxGXtLU2vdVPxmooRn1pEzq
ytteyBJ4GiMD6ZlkaiEKP6NMIj1/5GVTi25aiA0O9GHqd9ZZZ2XyHvHCRz6w1CYoZ8gvWNSZcYL4
GI7yVuvXAosFtmgB7aCZ8GOjFxtJwI809eD9mEfhB36zcBCNUlrUyheXXHJJoUxgoHxQvaiHxp+F
F164LkYv8IR3aF9tbiknm2ql++GHHV6oF5udkIXUCzkAr4uO3DAh/uGWBMKZg3DyhvSMkboxhjjJ
A+KUD5/6aGMF9WH8RAYwx2CzGnnZlBGPeaIF9ECW0ZckjwjjD7wFp1ZagJtuXJCsUZn0aZ3ET+db
SlOtH+NeyfgDLWNekIwELrgz34B+Ke7E057QKE4DjYVD2k618jvlVTMmwDcpXSV3aGPxgea0GDLA
lfkLdUXJ8Phjj4cw0rJxRrIWGZNFC+ZW4kF4OeZBTgJSLoZZwYZ+RTw4rGUepF6SCeDIte/gzR9l
aTMWOEJr8Q64ccU94aqr4qArdaO88cGDGICoOzSBn8QbfAsHjO+kAT/mq8SpXqTfdNNNQxx8qjy1
+pQrfgenlN95dzSlE/MdwsAxa/xhM4TwT8cf4LU07mOw0rhfa70mhXwTd1k+nqH/3lB49xijDX0O
o8H7I94P4wr8gQERfi64KA83AyFPycNJZHzWqspH+wbncVJIwTdsOsPQRXr+GMv0fnm1BssCXtFH
bHRFYR/jx2ZwFI30DeSrnAym4M4fJ4GQXfQ15uVSpJKPNQFOp6JJz0lonbYHHkYfZASndImPr4Pm
rWLBwahAfyMPis2n+j0V5BrxzO1jpS5lApM/8D3ggANC+7DJH2Wu4lQn+cRhTOAKYfDnamMMuUoP
3NRVCwt8Oq3UqdD2yHm1MXzFTVLUCfjQs7VObUyZ8BTjG+MXYwqnawWL61uhbWz0BQcOMwg/4uM2
4ZYX4uTGjhlboBVrEcYd+LQluou+0AZZKdrTFoqLjTwxDtXwhfDEP+3U0wq8BQ2yNjnE6av9Vj+m
bDaoMF+lj7AxT7xOXJ8+fULR0FHvnbNewPgLvVk36Ak40nN6ED4tOJcZ0AjeIR6at0Rv5s+kIz16
FmiLIY3+qre5ieMWHbUvaYQf47764UorrRTKYu6DkwKevKQBV/on5SEbsvq+1l+8gxv3Y8qT/gOa
UU/KpK4cmqA81tUYU3HoC+AdYDH/Y65Bev7Iy/xIhtnYQEAfpn4XXnhhyMvpc36L94hPnYwfwMIY
Svpwy4S3B3VmnCAuhpOWUenvWmCh6xQtoJ3GLGjBvJ6NJOBHmnrwPjwqePAWv9FtAEN/MS1q5Qvd
HkSZwGDTitqYemj84amSwrhaKaEz0oEnfED7anNLyh+h7Zvy1kp38Tn1YrMTspB6IQfiA0LUWU7P
JHKTEvKc9IyRsd6RtmBeQlzswBm5BDzqQ79DBjDH0JvtGMXiMU+0gB7IMvqS5JH6CnjL1UoLcNNp
d2RN6FdNhdKndRK/aL4loDX4Me7wkGgCHoqL2xhaxrwgGQlo0vHMHWVITsYo0Z7QKE4DjQWH53li
VxO/exGUV82YAN+kdJXcoY3FBzJ4hnZxRHVbBXzGTSDQhrToVCRrS9ECWo1vHkQGMOcEB3Dk6Rpw
5A9+1mYs4uPr4sGtLfOg2ga8x/f4Uwu/19r3xfuSh5WM+8qT+5MuBdq8YV27relw8Z8mPQqLDSlS
QiquS5cu4bo6nQglPD0tSMfm5IzyMMHF6CxDGOHARKkQK7FrURLJCCZYTNQPP/zwhj333LMAPz7F
Awwm+prQg0daf+HH9b8xTuwWjtNSBgpbwVY+jIrKx6DEqfg0X5qHRYzygJ8UunG6rG+9wUteKZGz
0ikMQ0Os3KwVFgv7uE6Un7Yv72ozqVO9avXVxsBLYQKXMNqYiZ9gZPFgp06dinDEcJWeMouNyaJZ
lo/SVbCEX1a6OCx+J7YWvhA8+SxEVT4LlVhZrDSt8UWLcnRH6RJvCNGEXnjFftp2kjMaKOO06Xf6
viz0i437cfosfNl0oz6vtMiwWBYQzgQwXnzQv6FrLX1ftGeCGdc97SdM6mTUJw+Khzg9Mlebn8BR
9dOV37oKUPXK8uE9lAzCCT+VF8hp2pz39FQGsErd6BCX1dJ3rbBY2MW0oA/zF+MHvVqCX0k8PHXi
iScW6Cs6ywemeFbl1cIXKK9QXrRUL07KC06tfkp30S31xeeCUwvdUbiz4Sqtl2ARDq+Dk+DEhmul
kx+XQ1iKI2WgkFH61Cc/b9tDb9JWSgvKQaktHKulhRbgMT7IZ8qLZYvi4zFcMKvxqx1/kHkyBgsH
DLfMxbJwj29CqQQWz/DE+NfC79WOCVlty5gRy0bGe5TR8bhGf8b4A1+KFrEPD8V8SLpUjlbDgzIm
xzCyvoEZ8yCyIMaDsSyVgxh6xes6DR6XzUk42iVWxhFPua3mwd7XZtIvhs83baCbqlJaaPyRYon0
U089davHH/g65XetCbLoFG+2rKTvkybmd33TfnGbpeM+hqV43Fe+yc2fdJf0lWHOxpy4ncXzcRjf
BeOBKzelhFRa1krHHXdcYTMW6THAobiSY90mRSD56C8ol2LZRT42j8ZKbOWvxo+NrsDCSIZMZq3P
b+Cwlozh8E06xZOG7/iPMK6Tjh0bdeO0lMHb0Wk+nXInL0pmNnCn+eI8yA4MZnLgFyt047TxN2Xq
DV7yshEujs/6Zr0eK9hrhcUmp7hOwErbF9qg+G2tUxsDL4UJXMJoY9Y/cuJBpYcHka3CkfDFFlus
+KSjs3BsTM6in+DF13sKv1LpFY6hTLc01MIXqpt85kcqu7VvTKvM2BctoJXoKHj4hKEzig3JPG2W
lVbp4/ySM/SXODzrOzYYgCPyZqeddsrMl4Uva1v1eZXPuhwDShzORr5404OuEGa9HdeLPMSpLHzi
2SiburSviAeVh/GVtpRjjhPDQuZieBQs1Y8NlTh0V4or5fNGMeN17GLDBvnoI7Q5z3yoHGAhV1rr
aoWFbjOmBX04niMRB73q4eApNjOKvqkPTcSzglcLX2D87dq1a4v14lBUa11Kd7Vr6ovPBa8WunP7
CnP9tL0Ei3B4HZzkYuOV0smPyyEsxZEyWOel6eL8bHKD3rhKaUF+jJdy1dJi+PDhhf4jXLBP4GLZ
orh4DBfManxtBFJ5pXy9U47MkzFYadnMwVwgC/f4JpRKYPEMT+xq4fdqx4SstmXMYOOC6kj92cSi
cY1w+jNyEb5UutiHt2L+QnancnRC8GDW3DOVgxzSE69ntWNb4kH4I22z8TX+tIbfq+37Md9XO+7H
efPvSY8Cbd6wjuBiN5WEGj4CDQMNhmiFM4knLX+cQiNcCnOlkc/u3izjOMozdlgrXeyjuOKq6HoY
AjnBSdnsuKYuMRy+qVd6jb2MaRibmGRxZVycFwUkhmPRIPZRxHEiNoXDbwz66ckV5YXGMQzlh77p
iSHwq/Q9XSYPgoFSXOWW8mPlK/lqhUVeBDg7/lNYK6+8cjAg1KN9gcMAy6CMopybARjoBBOaspuY
HXiig3yU6KeffnohrfLgw7fEK618NkXE6Up96yYD8okHS6VVOMpcJiSChV8NX8T5+GZTgCYrMT5p
ulp/ywDBSQb4DCOV6sJpMhQfadkYJzntoHTy4XMm+zqFRrjkTLlFl/KzUzeFhYFjt912K4KFHODU
Hgv+uL+xESLtU8gG+IYNPsAhL8p+jDGCiywQH9fa98GbjTMxPpRPP2ECmhpqSI+ylhsyhId8ymBn
MjiKHvCBys7KQ154TwYN5YvlBbgIhvyNN9449Delb43fGlh9+/Zt4MSC8JJfT/ziukFblL8Ys+66
664GDMZS8qWGdfLVyhf0KbWb6oSfNWbF+FXzHdM9hpF+09fF5yq/FrpzGonxNC2fvsUGCGip8uXT
N9L0bMRj0RPL47gvKm8peYNyjzaLN5FVSgtwjY3/wKqGFvBP2q5ca005WWOFNsioTtX6WWWm9OS3
xh/aSDJP6VAIIAtRfChMPgYV4VQJLOS50sd+Nfxe7ZiQ1bbs6MdwqXqg5KCO8IXCWOCBI/PAVHbS
hlx5y8kxpaeMVI5Ww4PICpVVzp9jjjma8SB8xSI+zQeezJHAQ/RmTtmMBw/L5kEMUPHGTpVRjV8J
X4A39NMcKKbF+Bx/mOPyXE1MN/F7Ft9g4IzrTt/HWBnn57uS8afUuM86LGvcj+FOLt+T3lK+eow5
GRLzxwILLBBuvNBTDPQxNrQE54ZGZCrppTCP8/LNaRkUsqnDgJg1vyYPp4RZH8WnpNL8lf7GIE2Z
jIUoR1P8mC+w7o8d+GIYw9CJ3GUeHudlEy4yLMvRF5j3pHD4jR6BfprlMILFMJSfPoycjh34VfKe
Lm2FfkIO3FRuKT9WvpKvVljkZXMUSuoUFusXxqN6tC9wNA6iKGfdw+Y/wVxg/gXCrUGcyk8dSnTm
wUob+/Bter15g/M7t7fE6bK+obtuMgCmeDArbRyG8Z9TeLGrhi/ifHwzP9K6OsYnTVfrbxkgONnH
+gIjlerDZm/WfqnDOMmNK0onHz5nYyD5FKaNK9oUpvAsn7ln6hh3uI0oTo8cYD7FvCLub2yESPsU
sgG+0ZhJXozIGKpVJvMY8TH9SzfGKF5+ub4P3ugmYnzIRz9hPkQ9UsdmNzYlqnz5lHHRRReFuYny
wAcqOysPednopE0dyofxReWmOgfC2SBMf6uHaw0snkzcaKONCrgK53riF9eR9ueWC+ba3LiCwVi3
RaWGdfLVyhf0KbWb6oSfNWbF+FXzHdM9hpF+09fF5yq/FrpzMwLjaVo+fYsNENAydfSNND03QKAv
YqOK4hiXUxxLyRs23dBm8SaySmkBruiMY1cNLeCftF2ZR+GyxgptkInhVfOdVaZoFvvIAMYf2kgy
T/HcXossRO+hMPncNCZXCSwOLWW5avi92jEhq21Z07CmUj2oP3WELxTGWh/HPDCVnbQh+ljmMkqf
JUcnFA/CVzr8KHzwwZM5EnjItXUeBM+4zcbn+NMafgfPavo+6WNX7bgf582/Jy0KTMVEzifkbd75
os98x7NNN910Nuecc5oLkZI4+wBqfkWJuZLOfPA1XzSZdyjz3bQ2zzzz2AwzzFAyLxHAIv+ss84a
8vngajPOOGPZPNVG+gTYXJER6uGT3AJ+wAJu6qiDTx7NF7DmCnQjHY46QYtpppkmzdLsN3XyHTuh
Ls6moYxpp522Wbo4APoBc+aZZw50mXvuuVukX5y/rX6L5vATbq655qorqr4b0XyhZ76YN58EFsqm
vVqiOYl90DdXOhfyQfd682Ch8Bo+auUL6OFGLHOFiPmmg7L9uAa0zK/SM19Mm19NaausskooAlzh
95boDk/w58oSG9/0doNgaGP4D1gt4VYLLeI8tfR95Scv9APXLNmkdPL9NoBAQ5/cBVkhWaX41vrQ
bpZZZrGZZpopyCRko+/ODL/r3Y9bC+ubb74J4xYyGhlKW08o55tAzJ+daCaDYvi18AX9iTbGp43d
oFYYj+KyJ+Z3LXSXzIXH+Z533nnLyifmGfAHjjzV8jn5mWvQt+Dl8SXfa6HFxGy7tga7rfM7c0l4
CP6pVr5MKB50JY65Ii2MC4x1fhK6bN9qazwQ49PaMSEua3x/t6bvVzvuj++6TMjy6z2PmJC4VwOL
8Ye+ydyOOre0roafXHkXxn7W41pXM1ZWsq4mP2Ml+Zg31HvMc+WpLbjggqEezOVZ77LmAlbW3JU6
+LvQ5pvZzBXohTG8mnU1dYrX1cBqaT7PmAJMrasr0UtU064TK61ornV1teNRS3j7KTnzDQHWq1cv
c8VyIXk162rN2cgM3evNgwWkaviolS98M7650cPc+Gu+6aBsP64BrUBrN4YF3ZM/sRiKANdK19WM
Jeioxje9WZcwd4f/gNVSP6yFFnGeWvq+8pMX+k0//fSZsknp5KOHQzehdTVypp4O2iEjta5GNmpd
Xe9+3FpYrrcO4xbjFboA2npCOfRWfiDJ3LBeJINi+LXwBf2JNsbnDz13vds4xrGW71roTn9E5sJb
fLc092dNAn/gyFMtDciPToi+xfg6vuR7LbSoheaTa562zu/MJbWurla+TCgeZO6OrGFsZazD5lVu
Dt+Weam1Y8KErFtr+n614/6ErFcOqz4UmGQM6/Wp7qRbCoLaT5uEiZefog0TBmozqQrRSbclKsPc
r/E2P5kcjMcYkeWmxPZicoLzk3fmOwHNr3kx3/lu7du3D+H1+gcc3y1u/tZxKN9vrAhFT4k0rxdN
83ImDQqgWIT/pUjyHfbm128G5P3mBPOrsSeNiuRY5hTIKZBTIKdAToGJSIEpxbA+EUncJkCzrvab
IIKR20/R2iwzz9KIV+l9+20C7ykRCea3fmLM/Aa7sMbbb99xG9ZtSmyvpiMxn4z8xPy5krCuHjxo
sC251JL1ZQ+Hc+hhh4bNDH5ji63caeW8j9SXwnlpbZQC6brabw+wzp07B2z95gTzq7HbKOY5WjkF
cgrkFMgpkFMgp8CEpkBuWJ/QFK8Bnl8vZOwW7t27d8jtV86GXfnsyvOr9GzNNdesodQ8y/igAIt/
vz7R/Goz82tDwu5Mv4oonNBgB6pfE9ziyY7xgdfEKvPee+81f5M47CpmQ4i/QxVQ8acJwunyxRdf
vC6osXPPr9c3fw847Hb1q+qCEZ8+guKMTQ65yykwOVKA0yD+7p751YXNqofCDWUAsid3OQVyCuQU
yCmQUyCnQHkK5Ib18vSZHGKHDRtmflWpcbMPzq+cNX9qLZx28yvew0n2yaGek0MdWFezQRQdiD+3
E05msYbk5gP6qr/DOkWtq/26V/MnFMK6mhsM/RnA0Mx+Pbn5FfbmT+jUpdlZV/szXoHunKbt0qWL
+dMJoY/4lcHhVr66AMoLySnQxijAyUK/Jtv8auhmmPnTIeZPUNX9pstmgPKAnAI5BXIK5BTIKZBT
YJKhQG5YnwSayt8jMX9rJxNTrvo96qijMuPywAlPARb6XC3o79M0A85JbXZ8TylKO5QhKD/8bapm
tCCAU/3+1llmXLWBnDYpVdayyy4bjIuVPJdQLdw8fU6BiU0BrllDAaDr04QPG7D83eewCUthuZ9T
IKdAToGcAjkFcgqUpsCUMkcvTYHJP4YTh6U23DJvYm2du7ZBAa7aX3HFFY1DBqnjCR7C631ddQqn
rfxmXb3NNtuYv3GbiVL//v1tnXXWyYyrNpDNJ6yfs1zHjh2DcTFfV2dRJw+b1CnAehqZw4aS2LEB
iw1ZbMLKXU6BnAI5BXIK5BTIKZBTQBTIDeuiRBv2uY7onXfeCe8rxWjyRskiiywSrgCLw/PviUsB
rjzXuycxJrz7Va+d5HG5bfkbox8LlHTxzTthXAVfz/ePMK7TV+Kr34GDkpR3IXOXU2BypQBvW9LX
4H+ug+fN02rf/J5caZPXK6dAToGcAjkFcgpUSoHcsF4ppSbddMyVeFedd4tjRzg3abEROndthwIj
R460r776qvDckTBjXb3UUkvp5xThs6b+7LPPmtECnRC0qOe6GuN6uq4GDu/OLrDAAlMEvfNKTpkU
YF2NYV3rat4Hr/bN7ymTcnmtcwrkFMgpkFMgp8CUR4HcsD7ltXle45wCOQVyCuQUyCmQUyCnQE6B
nAI5BXIK5BSIKJAb1iNi5J85BXIK5BTIKZBTIKdAToGcAjkFcgrkFMgpkFMgp0AmBaZ64vcnGjJj
8sCcAjkFcgrkFMgpkFMgp0BOgVZR4OtBG7Yqf5558qTA3Kv0mzwrltdqIlBgKvt6UOeJALdykJMG
v09lXabaqPJKxSl/vyj+lX/nFMgpkFMgp0BOgZwCOQVyCtSZAhdMfVidS8yLyymQUyCnwMShwJG/
XzxxAE8oqFMfPqEgTVQ4uWF9opI/B55TIKdAToGcAjkFcgpMzhTIDeuTc+vWXrdJw9BYe/3ynBOS
ArlhvT7Uzg3r9aFjXkpOgZwCOQVyCuQUyCmQU6D+FMgN6/WnaV5iToGcAhOHArlhfeLQvd5Qc8N6
vSmal5dTIKdAToGcAjkFcgrkFGiiQG5Yz1khiwK5YT2LKnlYbRTIDeu10S3NlRvWU4rkv3MK5BTI
KZBTIKdAToGcAm2FArlhva20RI5HToGcAq2lQG5Yby0F20b+3LDeNtohxyKnQDYFeKhhquyoPDSn
QJumQM67bbp5cuQmHAVyw/qEo/WkBCk3rE9KrdXWcc0N6/VpodywXh865qXkFGibFND7h/nSum22
T45VNgVyvs2mSx46ZVIgN6xPme2e1zqnwORIgdywPnm0am5YnzzacYLVosFn9ixGg80sX5WOV7p/
MnykDXr8ZVt02UVtpQ1WGq+w2mrh4jfwCzzHR853UKHNugZvtP739Leff/jZ1tp6LZt97tnbLK45
YpMQBVwASAaM9/GnzrByw3rb4bM3Bg2wj0e8YR1XWd8War/sREUsN6xXSH46vFxL4381aVUmfi35
askTw6zrdxsyrDNxk5tqXINNGvyeG9bVdLk/YSgQ9ZYAcFyPmTDwpyQo7w3/yh5/4m1bbtl2tsH6
S01JVQ91TXlNBMh5TpRomz7r6nvufdV++OFX2/rPy9vcc8/cNhHNsZqkKJDKg/EpB+oNq2bDekCk
oUmf4DUen5WepLhh0kIWmUjT0ZxT8ZW346TVgBMD2zbc93PD+sRgiPrDzA3rWTRtlNJZMVN02KsD
XrOrjrvS5l1oPvv8w89sl6N3tfW3X2+KoQm6wkhHON7rfelhl9o9ve6xldZfyc7ve75NM8005WGG
AcOTTCaTi8H9XrErj/23LdB+wVBvDLV/WHM52+OUPbwdJpNKlm/R+sROYL74+J2PrWuHrgH3Xs9c
ah3X+kN96pGXMkVT4P7L77cB9z1js8wxSxh/jrnmGFvsD4uNF5rUG1aRYX0C98fxQqBJtNDRv/5i
x+6+hn303lDresR5tvXuR07UmkwahsY6kMh5vojtGb6LArJhMOd6+6W37NWnX7VRP4wK4/5if1jc
Ou+0QbMMpP3o7Q/t1f6v2leffBXSdli9g626yWo27bSl506jfx1jg/sOsmEvD7Pff//d5mw3p622
6Wq20BILlZ1L/fT9T/bkrU/a159+HXBZc4s1bdnVfaPGRJuatA3DOhtXbu51nM3dbmH76tMPbds9
j7Y/brRdoNGkwe+5Yb1Z52plQAVdvZUQJt3s/Qe8Z8cd919baOE57MMPv7Vjjt7Itt9uytlIPSF5
A1iHHXa39br0aTeqL2l9n+jm6+qpyzLPhMSvLCJ1iuz31Dt2zLH32xLt5wklYqhdc83F7ZSTN5vi
1tVq23KkLTWcK2+p+HJl1hL3zrtf2DIdeoSszz5zuK3lbZa7nAKtpcDlVwyw++57zeaYY0b74MNv
rPc1/2d/WG7+1habmb/esIoM6xV2yN/GjrW7Dz7YRn37rX3/yUjb8h9n2lIbbpiJb10DA37+L9dd
1oWs340caX12391mnmceGzNqlC244oq2ZY8eU9wYVhditlRIhX2rpWLGW3yF+LX1vp8b1scbh0zQ
gnPDekLu5x54zh6/6XHb7+z93KC3QBI7Zf98/OYnrGfXs41dYrjuvbrbdt0aFWaTO2U+ePMDu/qE
a2z77tvbKhutPEGqe0vPWxzm1bb21mvb6XefXtawjpK394m9bfGOi9vWB249WUwuxG8iNnxXCS2U
fnLxqfcgV/z/OurXklUaO2asdVhtWZt/8XZFach7xz/vsC8//jLItOlnnL4ofnz8wNDwl4X+Eoq+
/IXLDeNG7nIKtJYCZ+56pj11x1OF8ecy561lxxNv1RuWDOv0x/tv/Kd988Un9tdDetj0M8zYWrLk
+augAAurfxy8ub32Uj/b99he9qedD64id/2T1sPQ+PmHX9hbA9+0aaebNiA41dRT2Rp/WqPZfOHl
J162X376pdncgE1qM8w8g827yLy28NKL2NSeX67h9wZ78dEXjfGlJffbb79Zp86dbLa5ZhuX1KeK
n/kmzCdu7muvP/u6zeDjzzwLzmMr+xzqPRv7NwAAQABJREFUh29+CAbwHY/Y0WacuXk/+Oazb+zc
vc+1Fx5+oQhnbTSceupxBpGfvV6XHfEve/DqBwNsbbyjvy201ELGBq8555tjHF5NX5+9/5kdtfFR
NvK9kQUY5CE/89ttD962WR4CwI187w99P6RVniP+fYRttd9WmXkI/G3Mb/biYy/a77/9HtJAsyVX
WsoWWrJx82DJjBVFtA3D+tMP3my9TtmzUU47Hfc95pJCP6sHv1dEilYlyg3rrSJfkpnV4gMPDLWb
+7xoZ/f4s7VffO4kxZT7E9pAl65d+4T+gs69V68drdtBU8aG9Tfe/MxOPOkB637I+rbRhsuMd0aA
3j3PecJOPPG/tvXWK9jdd+1t00TjSIrAd9//Yic5fh07LmAHHrBOYYxI001Kv2/u85Lt0fXmJpT9
1KYTZeutl7d77tqnxU0Gk1I9W8KVMbvvk8Ns1KgxJZOO8fF6tdUWtcUXm6soDXnPv6CfffLxd3b2
2VvZjDNMVxQ/Pn58+tkPtuBCp4SiB75wpK3ueOUup0BrKbDr/91gt98xuLCuHp+8VW9YMqzTH/ud
/083lH9sW559tk03Y/P1hOg0+qef7PxOK9tX774bgna4tJet262bosebP/S/D9hLN99kWzl+c7dv
P97gTCkFf/bmm3Zex+Ub92d7+3fcemvb+567beqWDqBNKQSqUz1/+f57e/CEE22Bjh1t7YMObHNz
oMmp7+eG9Tox7UQuJjesRw1AB73gbxfYg9c8aONTaR+BnKQ+x4weE653vuGMG8JJ6inJsP5En77W
Y/ezJuhmgv73DrAHr3rAVttsddvh0O3LDmgY/vfuuPdkZXge/eto+/azb206X7S+OfAtO2mbE23D
nTe0E/uc6Mr/cUr1SaoT1YDszz/9bHssvYd9+/m3IXe4wAoNkTsZEPje+8y9bbcTduOz4Mjbbc1u
9t2X39l1b1xXbPQopKrvB5s8Lj/ycvv2i2+t20XdbMEl6mE0qC+OeWmTHgXg5R+/+dFO/POJ9u6Q
d8frGF1vWDKs//LzT3Z817Xsh2+/tIvuGmqzzl6ssJv0WmXSwpg53n9uusBeH/ikbfnXw6zTWptO
1Aq02tDo48D5+//THuodGZTdOHP353cXPcEx6sefbZs5tg51hQa4eOxQWMe1OtpZ/+3heRuN45+8
94l1XaZrQemW5gsF+T/yU16vAb3sD003lADmgasfsAsPuCAky4JH2GXPX9Zs8xVwu6/TPYx5pDn0
0kP9tpo/hA0Ac8w7h/EXuyf6POHzs8bTCtsfsr11+b8u9vG7H/tG0J4BN+YNJ9x8QtFmg9/cuH30
Jn+3V556xeaafy47+daTfXPBfPaQz//Z1Ajccx87z1btskoMysh3zGZH2+AnB4d8p955mr3i39ee
cm3Ic4nToNQtLR8N+8j2Wm6vUJ5o9rfzDrCdj2zciFYEqOofbcOwPnbMaPv5px/sjivPsIdu/1du
WK+6HSevDL+7IPjb32633tc+by88f0RuEEqad7RvWvr++1/tjDMesUv/9fQUY1hnFOoTjLw3TbA6
A/O++161q65+zjbbtIMd2n2DonEwaRrD8N9x+Z62jRue755MDM+/jh5rn7mRdoYZprWBAz+wrbe5
2nb+y8p2S589pqh19U+jRttSS/3DPv/ih0KzN02NnCcKQXbmGVvaiScUzxPJ+8c1L7Avv/zJ3nzj
eJtrzvF/Lfv3P/xiRxx5r335xY920UXbm24cGIdp/pVToHoKwMvffPOzbfXnf9uQISNtfBrW6w1L
hnWM5Rf9cU376csv7Zg337BZ5iq/rv7lu+/s8bN72pPnnGMTwrDOXP+O/f9mz19zjR0+8AVbdPXV
q2+oPEczCoz6+mt7p99Tdv2OO9rKO+9su93SZ4oaw5oRZDwEsIHh3D90bLMbFyanvp8b1scDA0+E
Itu+Yb1RB9hImmiyyzYlRYXgOC4mZJSO4LJpPf7SQ/367UvvqUxpLwQKBfPR5MrFkaRUfIRvM1yV
p6muWgRQXLwQ4Hemi8omvln5mZk8UHCbMj1z/7N28nYnjR8js2A11TGgVC5MOCt9WkeFK538NB3h
pdJ61FN3/s/O2Pn0yuuchTMwFM53KXhxmnLpiGtyKGz3XHbP2gzPldIixivGPQ4HnzhOCOJnwWkM
bpF/Px3xqe225G5h48AZ95yRPXlK8QBmjEsaH8eRto2638b+ZvS577/+3qbzU4lffPyF9T6pty2z
age/QWE7P034W6Dfan7l7fyLF1/hNfqX0dZtrW7hutoJYlivlcYRb6hZKCp8K6C17RPjFpcZw47D
Y3hRGoIrxatIRiuj8GgtLJXThCc/C3hF+BbCSJeRh2CNH8K3KA8JYheVTXBLaQtZSRjlLZtPmWJ8
QwYfo5ueyCi3+U31UDGqn35n+jXCyiwrCZRhnavIT9hzbfv2q09rM6wXVcwJ0kSTBFzrfwZaJAQp
BYtkpeIqwSSF1VJjFaVvokEcVip/jGf8XQmOpIlpXwpGXFacnvCMPPUwrF9yyCV23+X32S7H7GJ/
2vNPbvj9zdov397BFTfKG8+9YV9+4hs6Dr7Ixvwyxg7712E2y5yzhuvPX/Pr028///ZghO6yaxc7
7sbjghFaY88Hb7xvvU/uHco81PNNO900BXJMN/10NrjfIHv0+kfHGcmdvndceKdd8ffLQx5uNtrx
8B0d3iw2/LXhdv4+5xvG8yzD+hhX/B+23qH21otvWbtF29klAy6x+dzgXc49fvPjwYh+4PkH2k5H
7FRIOuC+AXbK9qcEA/jVQ672U+tzFuL0ZMkss89iV796dYAVIh3360+/3thAyrMze522VyEPH+8N
ec/2X3n/gPs1r14TbgniZH+vQ3vZfZfdZ9Dv+JuOz56jeP4Rr4+wqXxj4OM3Pma3nHOLHcLNTyVO
xhcBbvFHhmG9Ah4sWWycN+GlzDz0KVwT2w3sd7+d+/cdcsN6I1Xa1H81lZCSpCgVrnTy03SEqwyl
kU9art++9F/9KzKsx2XHZcbhlB3H8btcfKm4OJzy4t+UiUvhNIaO+1+vPPff/5ptv8M1dTcyp/il
9Yzrl5WWmpYKH0eF5mkUF5evMHzKvPPOwbbLrtdXVOcYh7TMcnGCGachLC1D6WL/7WFf2LLL9bBd
dl7F+ty8e0mZHufRdwqP8CyYcbo4Pg4vlZfwNB1hcnF5Cov9Ee9/bUsseWY4sX7v3ftk1i+rfJVb
Li6G0xa/x/o86f77X7evvh5l0/t85qOPvrWTTn7QVl11Eb9BYQMb4+tuhr1NN+ngJ9aLb9n4xZ+P
WXOtC+3TT38Y74b1WmmclS9uB7VhHFbtdwpDZabhlKu4GEZWulJpla9UHsVnwSEuK1+aNitNyOgJ
SVuI56MprFTZhJfLQ3zsCmXHgf5NGamL0xbBaEqYlScuI85POOkPbXoio5RhPc2j8sYHLJXdki/D
+phffrGL1/QN659+WpFhnXJfu/9+u3bb7RoN6wd387YdV8MW3+sOSeMc0NApUYYY9xx6mPXv1WvC
GNabqhJjWBK/cdVuxN9/t5gvzqNGiuuexsdxSl+Ln1Hu1yNG2FlLLNlo+L33nswxjKZtsU4pPll5
4jSqU4yTwpSuVFwc7mmFW6GNItiFMJUZ+1E6gkumjeGBY5QvoFxmfffFsGHWs8Oy1W9cCDBVsybc
AmjfhN9CX6EulbrJqe/nhvVKW71tp2vThvVPho+0Aff0NxR3nJaeZ6F5gtIK5eBjNzxmA+4fYGNd
CccVyF1P7epvfze+GRVI7p166PNDQ7o3XngjBE3tb2ltsOMGttmem9nc8xdPlMf6JJpTsJd2d+WY
Kykv7HehrehvW6NYlAvvNDYJTsIfvu5hG/2zn87w00Cbdd3M5l143pD06XueDldLTj/D9AFvFG3g
LscbkCg5uZYZw1fHdZa3FdZePpzCe8yVbYP7DfbrTBzXHTawHQ7fIdSftxypN26VjVYJMO+86C77
/IPP/PTOnLaNX/+97rbrZg/sVdJCeHK95suPvWQoIHEoJVf/0+r29otv24lbn1i5kVkFlvF//O4n
e/GRgV6fz0MdFvd3NFdYb0V73q/mD/X2Oqyyyaq2zMpL2y+jfglXfqKU5Y+22O6Q7Yy3Mp+6o5/9
786n3ZD4ldN8XtvjpN1tuT8uV4D8g594pMzX/L34d155J/APtN5i7y1ss702D1eVFhL7h3SL/73y
P3bRQRdZo+L2LwW+4E3O6Z0/4wnVcw8+Zx+88UEYvELbevvi3vY3PHnLU+2+kl+butwa/iZn5DhZ
/OgNj4Y2J7jAH01lREnDp/B7Z9AwO3D1A21Fp9k5j55bdDIL3DLfGHWafuhvkva9pa8NfHSgzTbn
7EHJvvw6HW2jXTayRTv4VWNN/M61rSjOp/G3SqE3182HevipcsLHOO2DIt/Tb7nfln7FcfGV45xe
fvrup+3Z/zwX2gaaw8fzLTpfuP3g79ccbSuuu0JavcJvbRzgKvgsw7rwo1zwQF5wqm3jv24ccKZ+
w4cMDzhTKKfgN+26aTM8CwDb8Ic2GSBXOIUX6J7i622L4uCXH3+xQ9frHk6s//vlf/v7sb6T1+Pk
MJDUy/GMBjcnqO25Pnibg7Yp0DwLzq8u/1544Hn7n/PGh299EOTeUp2Wdpm+jL3w0EBbY/PVQxlZ
eSsNY7fwk7e5/PTr8MGNt3qDvHb5MNBlzuN+2vH9oSNs2umnDUaZDf+yYVHRyIx+tz9pj1z/SJAX
RC6yzCK25b5b2iobr+r0L0oeflAvxi6eM0AWwZcrrruirb3N2kH2j/p+VDDaFF3NX0V/jMeYH7/9
MVypfP8V91tnx31PHwu59hl8eTeYWwOQj+8Mfrcgf35yeRvkqJ/OXNCvIT7g3APCafCbz7454Led
n/rc+4y9bVY3hMWuGlowfve/6+nQ/jPPNrN12qiTPXnLk9b/vv6BjlzpvOtx/+djccbucqfFlyO/
9DHhRfv+q++DHFrEr6lmDLjpzBvt1nNvzdz8xiaTZ+9/xh71cfSLj3wsccf4uNkem9r6/i7z9FlX
NtYIK6ZLS99fv7yhX/881n7++Uc7aZ/1w4n18/y01hxztQvGTOWfZjofSzLc9998Yc8+fqcNeuZh
30gz2n78/mvrsMJats5mu9hyndZ2+mQwYUY5lQR9/tF71u+BG+3F//2nkHy5ldezTbbf3xZbunEs
U8SwV5+3oYO8jadvunrP8ei81e4+js5i/3vwJvvhu698M9AMNnbsaGu3YHtbc+MdlNV++v4be6n/
g/bm4AE24u3BoV5c47bRNntbl633chndWOaY0b9a3/uv9XFnTNPfWHt7yLM28Kn7bbu9jrWNPO3D
fjL2mcduD2Uf6vyx0lqbFODw8cGwV23Qs48U8Px51A+2/hZ/tfkWXLwoHT+QFwMeuc2+/qJx3rPC
6l3sF2+3B/pcZF+MfN9mn2s+22ynA+2PG2ZfE/7bmDE20Gn3P6fhl599GMonT+et9rC1N97R5cwM
BZj1MKz38o0m9/3rXjvyyiODTCoUnvGB0frgPx4UrjK/6d2biq5g54ryYzc/Nhihrx16bdHtJiO9
L+++1O5h/s2NMXLMP2C9Z+57xk7Z4ZSCYZ15BSezGZuyrlSXUZv4ywde7pvEllGR9pLPOY/Z/JiA
x2UvXDbO4F1I0fyD+QUG65U2WKlIsfL91z+E+n46/NOi0/SU8L7P0fZZfu8AJ6XFAOqz/clBXp9+
V/QMj9f31vNutauOu8pl6vbW/ZJDCsiozpx+T434hUTRh2g2Pgzrn3kfpv++8/pA+3jEmw51Kptz
7vntT7scbKuss4Ub9sfJi19/HmWP33t1wKzB5wx/7LK9veX9q/9DfeybLz+1hRdbxt9JP8baL5f9
BBK3cAx5/nEb+cGwUMacc7ezTmtvbu8OfdF6HrFtbliP2rwtfL43/Cu7595XXRZOY6NH/2YLLzSH
7bLLKvbJJ9/ZDTcMdGPTazbax1GuGj7llM1DvPB29rfnnx9h19/wor3wwvsheJppprKddlzZ9txz
DWvXbjYtGcI0k9sdkA/dD73brrjiGev3ZDdbf72lwtxUZbI2ETdizLru+hfs51Fj7aeffrWue6xu
Cy88ZyjrnntesfeGfx1O2o5xvHfddRVbaMHGmyvAq3//9+y559+3GWec1n79Zayts84Stvba7f0U
3sd2w40vWr9+7/i6aCrbcYdOdvhhnX2NNY3ddtsg+9jrDfyNNlrafvxxtF140VP2wQff2HzzzWoH
HriubbvNCgX8hDN+NbRQPvKM8no99vjbNuydxvV8u3az2p82W84GvvSBbeOnh+t1FTywvv/uZ3vk
0Tft/Q++De3AlebrOl0efHBoqDeV2MQNhyt3Wtg4TXj1Nc8FmU2b/Tb2d+vWbT1fV4/1q4Jfsbvu
esVGfvq9t8ccdtKJm9kf11hM1bJvvh0VrvvvP2C4vTL448A/vF2+z95/tL32WtOvym58pkQZwI1x
9sorn7WDu91h55+3rR1x+IaNfOGR3HIwvc/HxRekB2dOkIMz7Uo9cC+97GvYJ98ptHvnzkvZGquP
w400X3z5Y+ABeB4n/ljHy8lywAPOy4M+tNXXuMDW9/fYH33kQOefcTelMXZNG/1WOeR9++3P/TT+
y/boY2+G08zUB1j0sw4d2hXq9fU3P4W+NO20Uwd6c938jDNOZ784za/3fvCr8zltMbX/22+/tWwG
p0nsqNdddw+x//7n9dA28PdGGy1jiy46l/PR/8J7yaJTnE/fw975wjos26OkYZ12ve76gaHe4IG8
mHeeWWy3v64adArw1pBXRwbaUyan4PfsukYzPAWvLfvaZLCrt1Gfm/cI/SDFl7ZFpv3446+27noX
hxPrg17+e5B78LPcdC7T6uX+689ovPnWZ4G2lMn19AcftG7Z6+fhH57fuPvuVzzv50Hudeq0iF9r
v4g9/NAbtvnmy9lBLtta46jvrU3yk3b/wU/U77nHGraQy+tHHnnT+f9Fe33oZ2GcoW9zK0Ls4K3b
bh8c+By+wnVYZj7bd9+1bOONOxT6SJyHet1zzxC7+eaXCvy+7rpLBhn97HMj/OaPX+xUH7Piq/kL
/fEW74/Or9wu8LtvhFx7nfZGW8f98W4vm/GR+nz77c8+Jn7v49aAgPupp/7JHn/i7YDvyy9/FG4N
OMTl42CXd5I/37m85WmBa1yOLrnkPHbeuduE0+A9zn7Mnnvu/fDkxRlnbGFzzjFTXK0gPyulxXDH
707v84xzs882Yxi3+njduIkDOm6w/lJ23HEb2/w+FqcOWowc+Z09/PCbYUMJfXqZpefzMWAZO+PM
R+3cc10XmPHMAOMym1BuvHGgfegbUHDzzTur7eHj8047dcrs77XCCoVX+O+CqQ7z/jjWRv/4o/Va
d71wYv3IQS/brO2K19XTZqyrX7nzTrvhLzvb9m7sXnDFFex/F19s377/gc0y37y2vhvB/7DFFkyb
m7mv3nvPXr//P/aBnzz/4s23Qvys87fz6+QPCXniuTVjCPixkfaeQ7rbM5dfbgc/1c+WXH99l/fj
nteadtpiHXIzoFUEjPrmG3vjgQdteP/+9skrr9hvo0fbVL6u/uPee9sae/u6Oromnz48+Nbb7NuP
G9e6S3fZKNDyfxddVKDFOgceZCts62vdJlqQ58Xrb7Af/XaAaWdoXMsCY/U997RZ553HPnvjDePa
+2mb4BC36m672ewLFB/6qaJKISlw33va9YQDX7QG17vPNMcc1n7ddQKcs5deJtuw7vT//O23bFCf
W+ytRx+1mebyuaTnbb/2OrbyrrtYOzcYq14xPhhrX7vn3nB1/w8jPw30W2LddW15p8P7zz5rXI++
2amnBFoOdVpTZ4wF7ddZx5ZwnHAfvfSyDevbN+A31stbasPOttgaa9jYX361F651fYbrCfj73flg
xLPP2Ov33W9djj02tNGAS/9lg29v1Gf89aabbNlNi/UZ8NWI55+zl7wdPnjhhQCPNl7JT+6vsdee
Nls7p3VTe43+aZQ9d3Xj+g5YK+24g4145ll7uc/NRt3m7bCMbXTMMbbIKquEcvQPeuM+GjTILlpt
dVvCefaARx8JtFAa5kDTTFs8JyEO+sGDQ+6+K/QRcFu4UydbZLXV7I2HH7LlNtvc1jn4IBVTm9/U
tyanvp8b1mtjhbaWq00b1h92w8D5+5wXaEYnx2iwxT5/suO2OC6E0anV+Q/650GFkyoYNTh5/qBf
Q0ma2Cl9z4d6utFmjRA1uN8rdlSXI+Nkmd9HXXVUQXHJVbFcz8xbiziUmrytiCH0r0v8NVxhKVi8
76irIQk7fsvjw7uVisdYyxuTnCQSvoq71PO2X7G9bT371oW6Crk0bfdL/OSLG1BiVy0tlHfoc0PD
VZz8TuEoTb2ugq8EFjjsfeY+ftX1X4PRep8V9gloQKc5280ZrvHk5JbevCSSOL3HOY0Ldp3e5cSR
6qS6kHb5dZe3C/peUHir9IuPvgjGal3BrbSpH59Qopy4fWNDsN7tJT/pYp5VmSh0T3UFtRzpStEZ
AzensTBolnOc9rrqlauKFOWcsOpzdp9wCo28MT2Aiduvx362y9G7BKMgSuv9VtqvwIM6LYohdZ/l
i9siPRn9udPx/xbbNZQZwyFAsLJ4N2Ro+teSYT3Fj2ycRLvpvZtCvWkTjKhy4HH3F8XX5Squrfst
0QL8ucr26hMaJ1Pl6nPloCttqU5LlUtSURxG9ANWPSD0PzLQrvTLlBfiwshzpMvd1we8XsR/yo9P
/zn97siwERdQ4bdkNf1Y/Hbmvf5et99C8fhNjxVgZ+HMJqjDNzg8QMri3Q126mxH9z7aZp513EIZ
I9TRmx4dNleRUfkEm7CUNtX0R+i274r72ifvfkJRwWXBiMNOveNUe9qN3GwwEB5xfFY5jGeMa3LV
0uLh63z83ve8AjzKEUy+RW9OfcYnSYlj41zPvXryWcgjvEOg/5MM0m/emj5ui2OLxgDFCVavZ3r5
e8YLKTj4tcAqKqCCH70Pfd5uvvSEFlOe5wqS9h06FaV76ekHrOfh24SwIvoR4v1s7U12sgNP+rfN
PNucRflq+fHw7ZfZNed0D1mLYDWNCV2POM/+vNsRoU2gaY9Dt7JXnn20qI173viCG5/ntYP/vGQB
BcpaZMk/2Pm3sGnQx+Kmk/vvDxtCA2sNGNJT7rKd1rHTrvRFqSscRn7wjh22w3JFMCgvjFJNeJEx
hDX9vvjuN2yhxTsU4F973uH20G2XFsrn4+wbnrOll2+cAxYS+geGwq7rz1EEj3jRQ3y4z9EX2xa7
jjOskuarTz+0f3Tf0j56b2ghPeE48s3hRsce1z5j7RZZIoTV07BeiYH2V98Iesja3cK8NTWej/px
lB2y1iFhI0saJ6Nx/BQLG0D/6dfQX/PaNWHT3Nm7n91ovPYr2688/iq7zTe/rLDeCmFOxYa82CHv
ztjljGBEj0+Lo/DkZiA2Du13ls8/jtnVNw196bSc2uZecG43mhfP5+Mys77ZWMSGQ4zdjHVzLzB3
IdmXn3xluyyyc2infz3/L1t2dVeyuGOz5Dl7nePvwj8R5mictC84ZzrmmWxiOumWk8INQYqDtget
cWCYn2Zdb6908p+64yljTlhJuylPeb/xxPrnHw+3btssHZKKZ/kR+Nb7zf8dfKbtsM/xhaI+fOd1
O2rXTmX5nXL+0ftp67CSb+KJ3NtDnrMT925U0AuW+kdI5vnyN9Yjgk3kT2QmBrt99r3Vv/w0iQfs
vPPKtvdef7QttrwyYEc70obu2T//6QbPwzYM4ZzSxEB+tV+jTZxLxBDOP6V/6MEDbHM3EgMHQ3aX
jf9VSJP1QTlXXbmr7bvPmiH6Rzc6L73MWeGqauKu/Pcutp8bWn72GzY4Wfv55z82wZrKnhlwmK21
5uIhH4bLLbe60g0nbxVwOc+NtTPPNJ0bbu9swhc8G+U4eVdYYQGbfY7jQ/oYt5iPweGSi3ewQ7qt
Hydxw2fltFBGaPKcG3/WWffiENRIw0aclIawehjWK4EFzNCvz9zCTjh+Uxv6xme2worneGgjX2CY
ufXWrm5cvzPExfhusMGS1veJbuF9ctpmrbUvDNcIN6bxSgTXWM566y4R0k7XtIkXw8zqa/wztGVT
wkzv/3b1TZQ37hY2So1r3zdDG3I1+z1+whqDxa7/d73d4YZ/8MbFPMtvQu/zzSI77NCbn+4a05Wi
M0ak7bfvbQ+4Ib+cW3TROX0TwdFF14CDZ48ej9nJpzwUsoqX+KE+0uOsP9vRR28UaPfa65/aSp3O
bYqbqnCjAxsIll+BtmjMN//8s9kbQ48rggUdF1v89JAmhkP94HNcr0ua825jTOP/lgzrrw/91FZc
qRE/5Zt99hlt+HsnOy4zhT73sBtR5cDjyy/+YXPPNbOCJhm/JVpQkZ7nPGHHn/DfFus0eNDR1mml
4nVGi5kyEsCLq6xynve/z0MsPMRGnHLXz2N436jLpTbgmRGhf48rdhxfbE3/aeXTBmzEWWppv0q/
SSYD57579/NbKAbZjTe9VCRz2XD15hvj+Lf/gPds/Q16BdSyePcvbqzt3fuvNuss4w5oDB/xtW2y
6WX23ntfFeWDJnIpbUJ/dKP2ySdn90fy9eixlR1zdJewYQH59+67jeUTF8s8fuMa8W2k5Z137OUb
job4BoOXC31OMjDGKy5n//3W9nFt58bC/H+1tLj2uhds3/1uKcBrxCn893+NeEGHV4ccY+3mm42I
4KAShvE99+oTfsc4NaZo/J8a1pEzf9riChvqmyRUt8aU42A9+8zhtuQS4w6P1QorxqOS763O/dke
PL7ldfVRgwfZQm7Yi50M6woTH6rd/nLllbbW/vspOvg6HR1+ODEKI10TD27xj3/YJieOw+fdfv3s
so26FJWR9WPnq6+yNffdNyuqqjCd3h05pHhdHXqI49jejcMHP9nXtIGfa7RPmG32MP7EgFJabHfJ
JbZ+98a1bmYep0X3/k8Hw/IL115nt1EX9csoLoZRzfd3n3xiV22xpYV6kbGREcfB8KD0KnjWmI/3
6GEPn3xyAKU68UNtvKXHY1SeOtog9/XwEXbFJpsYGyhwyqc8hLFxgycHZp5zTrva8XrTjfbUN7zz
3nRq/sZddrVX7rijcbbhcdtccIF1PuJw4wT4OctWp8841q9jb7dsoz5jjBvm7+3evdFYHvEgeAnH
/R9+2JbbfDOC7NPXX7fzV1ypEBcC/V9ar+4DBnj7Na7v2PRx7Xbbu3H8ASXP9OdYZBE7asgrRU8v
sFkAnh/h5QkGmcWDfAc63XN30AXxuxb3RM+ek13fzw3rtXBC28vTpg3rnCwc/upwG+mnTc7eo0eB
enRWFG5r+NvT/e/tb/deeq+desdptv4O64U0Vx5zpd12/m2hUx/gRusuu25kM88+s334xof+HuX5
9u4r74Z01711vS3qJw9ffvzlcEKGQAmmWCCExP4vPRGEMe9/d/3Prj/t+iLjJ8bdH/ykzMt9Xw5x
qQHgK1foYXzhVCF55YDJNZsL+QlCDGMoBS8beFk4HfnR2x/ZIzc8Yn169AnJl1tjOTv4woNt9nlm
txtOv8H63to3XJfZ+/XermAft6iplhYUrpM8fGOc3P+cv9mC7RcwTmJDa9GolMGXfJW6kX7F9+5+
xTcOWPv13N9m8k0GnGoc4G+MA4v6HHfD8X4aacVgJMWg/M6gd4xTymxGGPneyJAf+q27nZ8wOGhb
Gz50hF1+xGW28993sf177hd4AcP6IWsfYpxe2utMf4/8z2uF8gY+PND+8dd/hDLiTRAY1g9a46Bx
b1s7Lll8wenu+OpP2vb1Z4YGno0N61+N/Mo+fPNDP4H/VYjLoh/vinObAYro1555za469qoi3gpI
Nv2DDjJMEqR2SXHEsH7l4CuLDOv3X36/XdytUcHT+S+dw+lUblzgVK/4iTKF468//2ojXvOTKs6v
zz/0fJFRC3zBBUP9Wy+91cyYKljA6XZht6Ag58RuXzfyXey3AIB3916H2nbdtgVkpmvJmMwJdW5S
uOBvF9gIb3sMl9w6sdhyjScXoP1lzg/9bu9nc7Xz91RvOzmcbktplQm8jQW2RAvQveWcW+2aJsN6
Kb4gHafY62FYpyzw+vIj38XqpypO2/E0lnjNeIF0cm8OfMvffz84yK2zHzjbllhxCTe4jbYhTw0J
m6fAux6GdeBxgwQnn+FR+FcOg8vhlx/hO0fHhqt8Z3IDOacNZ5hpBvvIb+rYs0PXkJRbLw6+4GBb
cqUlw+0Mff0GkUv96l9w5JrjQ/zkIryEEZ837bXBZ/eT9/CbR9YPxpqHr324ID9Tw7r6CMAq6Y/I
mAf9tHkYD3x1d+a9Lr985soTHTjq9Y/7/mFDnh5i/z763+Gk6SG9DrGBD79YGEsP9M1oK/hNGD12
6xGuZSbfaXf6JgaXPZSD3MBohlyuhRY/ff+TvfXCW3bBgRcEGQ19gLnutuvYOy+/Y6e7AQ36aVMa
8HH97uhnZ+5yZvjmKmg2nk3jTyDcc8nd4T1k8XM8rsabpsCXTXCrbbpaaJNX/jfETtnu5ACL0/kY
8mnfWmGFjFX+633Y89bn0hNDLuGfJXvO9VNO7TusVCj9nVdfsOP3alzszLvAonZ4j1v81PgKfqLv
B3v6wZvt5l6NhoHVNvizHXN+6xYqLzx5r53390YjYpdt97Ftux5t8y64mH339Wf235sutAdvbVSE
HXXO7bbWJo3pvnRDMqdVrzhz/0Df+RdeMlxxzwmBGy48OrxnHtr95Cut46qdbYFFlwp1w7B+4l7r
2OefDLddDjrDVl//z85nc9ngZx6xi3zzHO6sawe4IW+t8D3i7SHWp9cJfmL/IYMOR51zhw19+Sm7
8eJjQ/xq629lu3XvaXdfc5b1f+RWO9DhbbzdOEXF9/6m/QfvvOY3FswU0oTNCjc+b0t1XD3kT/99
8v4we+qB6z3t2SFq6RXWsL2OvNBmm2Mefzv69ABjnvkXsQvveM1mmqVReRVvFph51tkdh6tspTU3
CTw49OWn7dwjtyvQ6ILbh/hNDjPZxDKs/+i3cFz7xrU240wzhvqx6H3MNxmds2fPIDtKGdbX2mot
n6MeGm7UYWPSzWfdZNf7PPrXUb+G+WrHtTt6vWawIzofbm+/9LYde92xtqnfFpHlGC+Yx63xpzWC
jCENb8Efslaj/OQ3clIbG5FpZz/Y05ZZpdFoTHw596srIE7f6XR7/sHn/eT5Onb6Xaf5ya1pCllQ
vJyz9znGLVHIDOTQQkstFJ6C4hYe+JYT8x1Wa1RokJE8l3S/xP5zxX+ajZ3E9fIbrzC6T1zD+gg7
ZNulwyaOfY65xP7gt01ggHrwlkvs7t5n25zzzG//dP6bfc7GG7ZQoox4a7DddsWp4UYM6s2tEVvv
foTf7vKd9Tqlq33qJ+DX23xXO9TbW3Lro+Fv2BE7rRDoCb/vdmhPa7fQEjbINwLxtnqQc15Wblgv
sFyb+Pjhh1/t1ddG+sm8L/3E2c0FnGjXY4/pYptttmw40f4vv7r9Djcc7LCdK+U81THH3G/n//PJ
0P7/PH8bPzG+ajgxh0F2//1vtVeGND7t8P/sXQWcFVUXPyjdEhJSgiAhIEhKiYRKCIuS0iC1SzdI
Nyzd3R1LKCrSCoKAtDRIw650l993/nf2zN43+97ue48FdnHuD3bm3Tz33JiZ+z9xjH0Ov8eah+vX
H6PPPp+s6nf1zOMmFcjQqKGxzyMzwDxoR/fu85MDyPzXkSt0nc02b9x4gtN+NkFI1QD/ucSaeGdY
o30DaxX26v2TRCt6x4//mjJlTEKDBm+gvXsvKK08aOodPxHIgga7aOCg9Sp/gQLpaOQIH0qaJC71
7vsTA8t7Wfs3MR0+1IUSxDfeGTzlRWbmBQLoF7AU4OSQIRXp3QxJFIA7btyvvF6M82JXgK+qxM0/
4EPG94x3KLQ1eDA/X+PGopWrDtBKtlaAthA/Z/Y3BJAcWpyw2reXtS9v3LhPzVsscwCwfHxysobr
x3T48FXl57ljh5I0eFAFxVsA64ULjyIAX/0ZpK9QIQcl5voAuNaqNUfl0YUgANTkLzAiGFg3wBnM
A+69Q+9gkWDeHANYR8KZv68xWHhGzVkB1mFl8PKVW3T0aKDSwK9bd77DnJEKH7GmK6wZQDN8G2vV
d+m6xmk+5AeY+emn4xUwid+u5i7mxb69HUywG/Ni4sTfyNdvuepz1aq5qW+fL5SG/8ULt3g+/czz
6U9OA+D9Ffm2KMoWjJ6otdib5yv49cfOtspSBNoFvQBJBw1eT9CQtQLrE1mTFkIjaGfUSB9KlTIh
3ea1DZCveXM+0GeCxo012kF9zkJ4YPJj/i7avfsCfdtkkQLWANht2exHWd9PoaqDBYM2bQNoCWse
Azxdsrgea8xmVP131l5kjguPF6B98NAN1K2bATa4mhfIBy32iADWURfogpl6WHCo8tVMjvlfmMD6
rt3n2P/7SEqTJjGt/aEJ5fwgFVs+eEpbtpxkgHSKms8RAayDNgiAXLt2n/fPX+hH1oSXAEGQSROr
qvkLYaz48WMy0NuZ4rA1BuEz8sp+mysX08hrdCGvj1acH3MX1jLGslATnkt37z1m0/sjgsHdaAyU
l2XLI7mU5vnMmTtpbPD+aQXWJ/AagWAQAjTmoS0OixsXL96iPvwMQXsI2HP9eD1ij4HgGJ4HWKcQ
FMA4V6o8XeWDsNHq1Y1p69ZT1JGfh9B4HzfuK6UBXrvOPJUHgj2wElHrm7nmHrp8WQO196AejMvh
Q53Vs9MbXtxmywCwFtO02VJVP+hEm5Ur5VT7RNVqsxT/pk6pxkJpIYKQS5YabjdAJPau4f6V2JrY
mzRmzFbazHMDPEfQgXVdaArPi2lTq1OZMu+rMQEP0B/wB9r5GF8IsiF405Yq6OGfCkPZemk3A8gO
az1Ciz0sYD194cLkM2Y0xYgTh77v2ImO/PgjATTs9Ndhip0gRDgBwPrAjJkUsFqZNd0zFjPerX8d
PYY2MEgLwLXjoUMUn7XeEY6v30BTyhoAZ1j0fQ0Qv3HI96qHbDCzK2C9UGG6ceYMfd6vHwOYFVhL
+y069tPPNK9mTZWv1fbtlL5wyPtW4PHjSgMd9COkLVCAKo8cQXGTJqV1vfvQ3kWLDF4wQBs7ocGL
wGPHzDSUafLzT5SZwWg8j6HNfXDFClrUwFC4qjlnDuX++ivFW+T1NDy6e4/N/Bekq38Zwuqlv/uO
tcKL0BX+vaZ9ezX/UKcVWN82YSKt8PVVzeWuVpU+79uXEr3zDt1i7fx1fbhfCyFcSspiQVE/I5+1
rTIMyudkDW9ouf8xYyb9Nm4cXghMYD0e8/Ya8xoa4Atq13YA1m9fvkyBbNEAQgFIqzJuLFs1MNqB
JYEfWCDkKM+zxGnTUr1lS+nUlq30PYP8CNnLl6fyQwbT+v4DFP+rTsX8aKzS1vD83Ozvr14Wv+Rr
npo1eFwSKq35xY2/pctcN0IXHqPkrI2O77tL+/bRTz17qfaQVqBhQyrRvh09vHWLFtSpS9dOnWIN
/hpUm7XYsd+izMRgcBz5Xc1dBazv30dxmQ8Szu3aRaMLFKTEvH4ar/2BrUHkpKePHqn+Tf38c1VX
RADrGwcPee3Wvg2syyyK2tdIDawLa8X0MX7jAGzIz0MoG2vFSAAYI+aHdaB28E9DFPgu+XCFtl/r
oq3p6K6jDoAIgEFILY31M0zBC8CKeARoscAkvTWE5W9c0nQAQC8v6YjDgR6AQDEnjzi0rWv6SP7s
hbLTUDb3DRAIAQBz/Wz11QHkjEMzlM9HxHvDC2ygvav0Vmb2QdOY38aog1bUhyBmOnEvoCvuvQ0w
qQmzvujToLWD2PRwfLOqVQz+jmHwFwDPrKOzHMyWIhPGEsC3aKB3mNaBPm/wuVkeYKuzMcMLJNJg
xh8hXqJ4NJf9ac5mv5rWPsFfKV4WNrIJ44G1B5jp4c0LmbM6sC6ESZq1LUmXq7v5kB/AYQM2a6qA
SDZd6hD4xVs/UL5+5TpVTV1VZYFf1m8HGf5CpQzmAMZl8bDF6mBb1yiFJYiAcQEOwLqUQ9omNpmt
aymjrmGstfoza6+iv5VaVHY4PtnDwiWd2exr13ndqFRN15Kd7oDJoGMrH/YDsMOB/LQD0xlEN7Q4
QcdQtn6xjq1gtBzHIH6E+DSVnr/cq7u8wNyFKfiWRQxT8FP3TaVEyRPhu9wM+v5iRkbADeYPXGXo
c8Fa7YYFG9WaKlTBMO//Jq8zCfAjj7VdmNMAeMhhvqR7e5X5i/KVeA40G97MfHaAX/o6kbwFyxVi
9wN9TEsW0rbsx/gNcAnm4dHnYcFWVkZvHa00NiU/rrKn6cC6t+tR2odliZpsUh1zvG+1vkrYCwBU
AQasZA8RAYUg1ur+hgWZlCWPDf7q+bJmsuHmog4LAdTvU9/cV0GXjJ83vEB/9T0aoL0IvyFtxdgA
Gs9mrMs1LEftphpjDJPO0MYHmIbxgRl7fY4qv83tJ6K4wx60nc2/92DwHHyFaWkA8nrQn4UQwiv+
VTHyti29Xnfv4WP9X6xHNinevUFRZQref+FeZVYc4yZBN6uFd46+zUrT4T1bFMDcY/zP/AwMeT6i
DMyhD23no4r3nbaZsuUpJlV5dNVB4WpNelHVpj1DlZ8/piutnD2UAJ4LMCyZAK739zU+mmqwRuwH
+UoySF+FYMK+/dClVJDNSzsN3PcnbNr+8aMHKjle/ES0ZEpfBq/7MiA3VpmulnIzhrZWWud9pm5i
kL44g7C3qVOtj+j2zSCm56AC3HdvWUNDGMC2lpU6cJU8g8MA1vV8APd13t+9fYPafJWdBQ4CGVg/
yJr42VX1u9mn9JD2PgrQhNY+BAD0EHjpb/KtmElFgSeF2Cz+qwLWlXAhr/XY8WIz75/QJhbMPLzd
sBwCq0dYd/qeKxrrIF7iMW8BdltBeAHH8U7iqeCWaNTjnU7aypgzI50+eFrtb2h7Kgs+vZsjg0p3
9Qea72MZAIfAEspAWx1CUdYAFzafxwl5Z5R0lGk9oTVVbFpRotRV71so8JyXsZjlD5XmUIvx40Vp
rJtN8fg8fHif3W484j00htIO6NfiM+VGYdAcCJV8ZGbFO8GMYcb6qsxm32u1HGiO88lDu6hrvUKU
Mk0mgkUN7EHYy/w7fq32H8T3Y212APYSDuz4hfrxfsCV2MC6MCWSXQGEZswUAr7C1HXBAulNKgHG
iOlpycvDyaaEm/LhelYzH24AABYtNpp27TpPfn5FacwoAxCBOyJ8P/m1XK5MwQvAinjMOWgUxmSh
OT1wtDJH78zfeEjaDAcQUspLemWf6SrqvUzJWHPez8GcPdqOHixgo+eHeXHwIH48A0CHme5s2YdQ
UNBdOnSwE2XPllLV6Q0v0M+vGBSD5nQmpmnbb61MU72g4ZdfIIQwCcvFJeArfQzvivoAHMOsL/oE
cE1MDyNNwF+AK9B8jRsnpkOVcAOQv8DwYA30aDR9WnVqwObcJQBsdTZmSH/McwZgMQKAmL4MJvft
93OoPj3jdxvssQt5P6lTd56ZHta8QJ3Cex1YRzwC0jKxMEF4ggnu5kOdEBrJ8cFgQnsAx/SPV9Cv
f7MAZE79Ti81hp06lqJBrAmLPBIwB7p0WUPD/DcRgEdolMKcMsakNfs3HseCLDqwjnKSBqBKB9bx
7G3YeBHNYu1V1V8GBfWwYcMxKvvZZJo/rzZB899VEGAPQKsrH+sou4wFXQDYWTVhFR2NFhLMxYcH
4ruiIbLEu8sLZQqegd6Pi4xSpuBhtcAYR4yWEWR/kd8RdcW6hsZyWBrrMAv+Te25VJEFXAICGqr9
V9q/yAB9PhZqgfDLVNaa1uen5PHmKv65UbZFiyI0Ynhl89kBfukuFCRv+XLZ2VR9QwXu6m2uWXPI
BLKPH+umTJXDPUiDhgtVtl+3tiJYwdDDhEks0OK7XAl3iGb8lau3KVXqXipbJxYYGzzQEASScpi7
nZmfw4ZtUvP6EAPDcP+xOrj9QZy/S+dS6r2zavVZSjP9x7VN6PPPspG4DRABBQgLwaIKXEZsXN9C
uUmYPGU7NWMBl549PqM+vT9XAjuw1HHlyh1z/LzhBeiH8A/qOnDgstqXqviECGOPYRcQrdsEsBWY
QmwNxhhjuIyANj6sC2B8Ro/yMZ+BqG/EqM3Uvv0q3DoA68ILrPvdbCI+DbuY0MPZs9dVvxG3bGl9
5WbF27b0et29h491vIs+gin4j4soU/DtGeiLnzy5GjepR/+uljjRWLdqccPE+bAcH6hsHQ4eZLPa
hmCclMOmDKWRx/f53ZoBQ2h/v8HmsCeXKau0dNuwifi0+UIEtgFSwkrbCpiCnzCBWrHZ7/SFCinw
EnUCtI0e0/EZbLblzU0wfU/ZBPvTB8Z3dWw2m76uT18FKOsAr1Qv/uZBV9Nf1lGs+MY5A8zKD82a
je4EBlLHw4coZXbjWxflgk6epMGZs6gqWmzZQpmKh5w97Jw+g5YwEJyjYkWqv9KF33NpPJzrr2yi
f2Wbtgo8bs7a9mnyhjzPAGpPLlOGgeHTjqD2lSvUJ1VqVTM00ssPHuSw12Htf9+5C20eNkyB5DLO
u2bNMgUC/H7dSu8WdXyuClgvGusA1hEgcOHKz7ukWfkewO4GfmPhDN8t7BqgeHElkDAiT166GxSk
eP0WA+4yLlJW6kKb37IwQ1aec3qAtvhYpvk8g9tF/HxZWGSM2W9pz8oPAcKTZsxIWDsy9lIvzNwP
zZ5D8bc+m3bXA54fmNt6+JPN7s9n0/8Q6qgfEMDvSCHpNy+wCw02h5+9QgWCsMDzPn9et7VvA+v6
TIq691ECWBcgCZrLAHqh2egqQIsGpiQRcDgIX+o4oJYAoBXA4P4t+51qQwqA4AoMl3rkKu05A0kl
zVVdku4MVJb69avkt2r44SEBTV1oMOptSX7U4S4vlOZfsMbluN/HOQgwCC1zAEJbtPQlzZMrwOmO
ZTvRfjYpCpP32QqFCEugHhGCuHL2ignw6PXrWoo9FvagT6p/oieHvucXDmhwzuo1S41/6AyuhQWE
l87G2Vk9MmedAeuSFl5d7uZD+5JXN9XqjC7EnT50hr5ls+4AoXTQXM8PYQ0Am7AGoI9NWOsDaVZg
HXXCpcOwBkNV9cVYexdCMRCggGZzqndTKQ12gJJhBemfM37q5ZRVAjZne+rAKWrYH64DDGsIR/44
qjThoK0OTb0EbxmSl3rZqHLvLi/QH1kjOkj6Mvrpai7obZ/heQj3AgjwsftxxY/VXICPKswLmAfP
wACKbqZJL+/NvcxfCJQAkMahr7MgfAPAA8GeViyM8fDeQzMrniNXz12liRrIC7/wsg/X6FxDCayY
BYJv8CwaymsBIBZAJzzTvF2PsifpzwPp36TdkxRPrXMF5uPrvV9PmTCGr2T031qP9F3mDLS7fVmL
1BNevJ/P+ODS65pzfI6pmQp2wI1Eg+zBwkDB5v7FWgr2JgiJJUrGgiBawDOh/aft6dC2Qw7POuk3
ssInMtqVgJd3lJvUcZIC7GXf9bYtqdeTK4B1BAGwb167ojS747OWtqsgwPHVi6epz9TNDCaHfLhK
GTz7h7WvogCueu2Gs5l2w22BpLt7hX/kVj4GWPJJxXqUr8SXbJkhZL5HjxGT/mKAH+bUYc581PK/
yEo7BAB6Ny3FJwX8oA0ObQctZD/w1eSnwxVa3EtYSxblnAUrOC7AugDizni5Y8NyGt6pWpjAuuSR
epy1jTjJZ9V+B88n92tCG1bNIL0OoQ9lO/gvd+CfmoPsI37uqI4KkJe+vSpgXYQRQSv6o0I0UubX
q3Wo5iDMgjQB1rPkzUKVW1bmZ3cMWjBgPms03w9lDUfAcVib8hRYl3bQJoRoIUAKayFw89CVXUDB
Gg3ecbrN7+YgBIX8EtCdhYMX0PTu09WHO9xg4L0jVOB8S0YsZYseALSiKQsXeA4tYmsv4AmEBsbA
dQQ/iyTAtZLSxmfrOKHAc64vMgDrWBc7N62gxRN60lU2C28N6KsrYP0n1jS3Ws14eP8uA+uF6e6t
azRy2WG17o24QnTxzFEaMGs7Zf6ggGMz4C0EZKZCQGYMfV6thUp/7vnu2MoL+hWNPo1W0ru6/x3l
XblXUOr4iSB6P+tABYD+9msrpdnojAweSjbvu5+qMbjAU4dGsnZsSgYGIbwiAb6roTW4ZcspBUKu
0MwMI5cr4FDK61dpr3qNWaFA0pC02aFASNQh6aDVCirrbci95EdbYnZe0gCENmmyhGawRqQAnpLf
U15A868ga5EeYc3q37e3dhBgQHuoty9ryPdhIDo8YFjoc3UF6FK27CTawhqFIsig5wVwDiGIc+x3
XQdrJY9oKR48eIWB7zpUvWoeSXJ6Be3QXuzV+0c1/tZMmDPO+iS8dDbO1jrkt8xZZ8A60rJmG+i0
LSmPq7v5JC/WSPVq8Ltd2+X3AvIePHSJzboPcwDNEa8HCGvkLzBSWVaQsQEfXK0PSbMC66gTYHaD
hgtU9dDeLcBuERKzefaYrIUKDdJUqRLSe2yVgdnvMrgLJsP1QcFCoxjIu0T9+5ej7uw6AGEna84W
YmsF0OQ9opn6dtlgJE5wlxfogsGPkQ4g6cvoGoDYxUv2msCsszYPHb6szPcjLW/eNATwF3MBbnRg
rhvgcY4cKR2EQpzV40mcAMQAsAcNKO9ynQjfAAhDc3v8uK/pHrv/kACt/LPnrjuAvB9xH77lfXj6
jB3KosrgQY7CjiiL72oA77BosffPjsq6iPABlhQgGAXhB2uAn/d8+UcozW+YM4drEREi0TW+pX97
drenvHnSmFr3IpByis3TZ3l/oNKKX7igjuq/tR7puwDrcVi7u2Ahw4WGu7zI91Fa1QW9rhPHuyvt
d+nb0WNXWSBssBp3MfcPywLZc7BFIeYFtOWTJY0n2dUVz4ySsNLB1jx0jXXpNzKtWN6ABTWfmuWw
rz958i916LhKAfYiWONtW2bFHtwAWEcQE+h3GFCFiW4BPMOqSoB1XRsY+TGXZlf5ig6tWkVWkBzt
HFwRoMyLi6lwaxvWMpIuwKardMn3XFd+YJxiQPjnXr0JZuidBQFp9TRXvMB30NJvm9DO6dND8QLl
pU+GcMImZVnw3nUG47Nlo7sMxj9vX9H+4oaNCIB3FdYWL+JrfEfotMMqAMB13Qz7ZbYaAPPnAMA7
HGLhCBa0sAYIDYzKl1+ZfIewQzrWipe+lmRf5xUYjLcGzI1F9Ruwhvp2as9WEGIFWzOAeffB7K9d
p0HKSpqV78I74ZGzOSzjImXlN+quNGoU+61PqQQzpK03WUADWvUYe6tWuLRndYsA0/6jWMP8HguU
OFs7Qr/VIoC0ab0K7xEPIQjQkTBVKmU1LQmD9wnYmkMKFlyJqHNdZ3yz0mT9LXyMbGvfBtatIxU1
f0cpYB2+rHGghoMhV0FAAqSHlQ/pOYvmJP+NrLWnSdzIAb0OUCOvqyDtyWG9nk/SXNUl6Towope3
3kt+Z205o1vyox53eXHxxEUFdgDwmXtybijft6hLNCWd0YF0d4OYTb71zy2nwDnqCUvzVUAbmN23
msB3RoNoZuJLE95xYHI5QZIEyjUAzJnjIe6qT8LL8EyWS7tWQEsH8ABu1clcx2Vb1jpc0ST5cA2r
PT0f7kVT+JOqn1D3hQa4Zs2Dsfk2N5uVYWAdms6i7eVsnklZpDkD1mESulv5bgpMlLy4gt8S+q3q
p4BV+W29etI/mZ8A56Yw7Un4gLynTy+et9tYM7Y9lW9Uzlp9lPrtCS9kjQhI+rIEClzNBZ3RGP/Z
7MZiXr+5erTDvKjLZmjr9DQ+VB0yeflD5m94vuXBN/jmhUl32S/CanLstrFKMEjqhwnksnXLhlXE
TPN2PXN3QDIAAEAASURBVIbsSS2V9RVUKO3LM8c6VwRY1wVUrPVY5wyAdW94AXqsdenzz0ob9sjN
S9nvMPteTp89PU3dP9Xh2Yz6EKx9RNwY3zFsDWAVbsN91jUZ1pSqtavqdVuqEQ//eAOsX/z7KGtG
53AJZIMErKERDCTv2LiC/PrMohIV6nhImZFdB9bDe1cAsC4Am7WxH9jc9Cz/topm+HwfteQQS/OH
SCxL/nXLJtPUQfyRzO9yeJsrXKYqA3ZJ6O/j++jEwZ2qXwI+SxkBrgXMflnAupUO0GOlBXHTBvvR
z0sn4jbcOVinzVA2td3ulWms37h6g3qz5YbosWKwlaYxyoITxn3R+cWULHVS1Qf9jwDe+jv4tlXb
lC/y+afnOwiq6VrdfVfiuR5ijlKv09k93OQ0zduEbgXdCuXf/MjOI8qVjzMteakLrxTzB86jmT1m
qjFoymu9Kq91ZwHuNGpnqq3y9WYz8UUrG9oJt/l9EiA+rFpV71idmrArJDNw/QKej985gf2yZzGT
oJnV+6te9Pua30OD7maukJsXobF+bU8xGt65Ou3k/QDjCTcFhUtXVYcau9m6xc1r8JMZNrBuBd0f
P3xA3dhtA1xCyLoHoN7m6xwEE/BjVx5XljdCembc7WILDkPZaoUNrFs5Ezl+C0gJjVZotrra9/GW
LsA6KHeVT3pVrJjhU1u0eVHeFXAoZfSrtOcMcDXSYNJ2jgl2uyprBcr1fHIfXltWuiU/gHUEt3ix
3leBuQA2oMV98kT3UCAP6l3N2uzOtPRVQx78gZ96ADYw0XzkMPs1tvi7RlvQfIUJ/LCA9Rs3HjiY
wHdGAuqaPHk7m45fyrxAjmgKXHorSRz2P36JzZn/jUinYLfw0tk4q0JO/sicdQasnzz1D4NbA5y2
pVflDbDurD29TvRlwYI9BHPQ1RiEX+gChMfY5P5wmALWYUY+V87USqjCOs+kbtSLNGfAOkxCly8/
JdhkPXIaQfusVqasQbur4AmYrGuvwoc4hGt82G89rDBMncKCyo0KuWomSsR7wgsd2AxLezyiO+4O
sI5vArgd6NdvHTfvfF707PkZ9WJz6vq51PPQKgBseL7lwbeP8g134q/beesifCL1z55Vi+rWye88
syVWNPdhAl7AbksWgp/4XLmHKmAdlgewHgUQF6AYZaR9AZ2tc0WAdQHawVdrPdY5A2DdG16AHmtd
cOUhwUobaFm6bB8Lxs2m7NlT0IF9nRwsCEg5ax8R7+u3jCZM3KayhPesGza0IrVvV9LrtoQOT64R
AawLaKm3KyCkgJ5IU+dVVavSweUr8OBXJuJz82+4WTq8ejXduXpVVaGXCa9OPT0i7n+fNJmWNW+u
6MPjGCbQ47yVhGB6/OyOHeiEg0lyaVOARnd5IeV0Deqm69dTllKf0q+jWMO8bdtQptmljCdXAX1h
Bt536xY2vV8sVHGhQQe1RWs6LDAYdfvnyq2AdWhqp86VyxQUqDl7FuWra7iBDNWgkwgBn3UaJNs/
p07RoPcyh+K7dY45A4it4yK/UXd46zED86rFxg2mRrm1PaHPWbuShmtYfdPzyT3WCVwI/MKuCEKe
PpyqvZiU7dmTyvTqGSHPn/DoF7r0q/DR3fn+sta+DazroxR176MUsK6DAa5YLgfzANX6rugbplRM
Uj5AtJqMlUN70fhz1Y7EW0EJicd12chlSqNRQA49DfdhlbXmDS+/0K235Q0vxHQwgPVZR2dT0lRJ
QpGyYcEGNuE8MFxgOFRBSwSkv3pU6kE7fthB8LFc4AtHrZe7t+5Rq2Az1mKSWK8iLNBGz4d7HShr
xJqq8OeNPkqAf9HBdQe77JOMlbtCEAIaOdMgP8Taqq2LtnLZltAkdXgCrDtrT+qT6zH2bd2CfVtb
/Q1LOq46vyb+MZGyBB8gO5tnyI+x7FWlN/2143AoIQlYJsBYXmXf9if3n6S7N++hCF279A8tH7Vc
vbBivTobY5WR/wgv3NkDQHvbEm3VwTh4BwGaJnma0Ntp3qZph6Y5aM1K/fr1RuANusf0AgS0aszq
+V7Vvae8gLZxZATWwT/MhZvM76NsUeA6gz0I4P0PU78ngD8I+p6mIp7jj6v5a61ShH4ArMPyQcEv
Cir3EdZ8+A3t9QwfZFCm4scwSLVqwqpw17Z641QHkUTerkfZk/T9wdo/61zxBliHZQnxG+8JL8Cb
sPZoK204ABChmBxFctDITSNDac7iBVdcOujzQvgOH9CgEe06C/gYeSfzO2pte9uWs3rDi/MGWIfJ
8S61C7DW6WkavfwIpc4QAuLp7Qmg26gzm04P1gzV0925FxAfeTuytnWSt9Pwvhxi6UevA2DdOxmy
hvqwA9jWq0lJusXm3zG1MVbw017Lb6DDexgA8c6189OF039x2gCm2df0U452tv7ApmF71guldW4F
syMbsD6dgfWfGFjPW7Qc1fQdwPtFiMa/zj+IEqRM957S/H1uDV7+chWg14+fdeG5OBFtcuytcF8B
rXAAyW2Lt1Ha4Hi+wuKD7n4BtAuwrj9/4YLp5tWblDwta8UZqIrqJnyN92XhmK3LtzpYxtB54Ope
6IO2+/CNwyl3idxm1hN/nlACPq6AdWjQzuo1k/2+G37img9vTl+1+cosb72B1YvWxVpT2vfTKss9
ep/xPMJzU/Ej2JqGKs/8xl4DP+p+YyDQVMmsFu84zT5qSjCz746mfsQD60SHVqam1lWyqfGA1YSP
ipbnsYxukM7vaBP6NqYt388JU2PdHWA98CK7NfgykwLWsTclTpbS5IPc/PrjfBrTA+vY1lgXnkSm
a1ggpU4nDseWBvtnhQlrQxs9+OVFzxh8nzp1IkrL2ogSUF6Aw9272imNP0lzdkV+APnOAFekjRy5
mbXkVocLrDvTkra2F15bQreuse4NL8SEOYB1AHHwh60H0AFgVjeLrqd7cg8z6/B9u3btX8oMPEwX
6+HmrQdUpMhousb+6sMC1q9eves0Xa/rAb9n5cs3QvlaHsiaqr6+xRx80c+bt5vq1Xfu91znvTtC
EGhX5qwzDXJoqxYrPuaFAOvO2tP5gPs/dp1VWt2ZMrG/4f3sTzrY37CeL4Rfgeb8BR+s80zKYCzh
QgD+1q1j9ZQFuW7xWJ45c5327b9IN28aZn8vXbpFo0ZtVe9fVp/TUq9cnYFwkma9AswrXmIcu3s4
p3hcrOi79GEefwef0dYy8ht9DAq6w/Q+ZEGPOJQ0aXz1jijpkeHqKS8gvCLaxzqw+SL7AvAzPI11
8BrzIjDwDvviPk8wiY4A3k+d+jtdvXpH/RaQWP14zj/OQFlnVQLILlDQ8JU+oH95+uKLrOw+4pmz
rOxT/k36gP3Dx2DBXAF4safDF7qzgH4jyJNJfM1b/X8buYy/sM4Bk+p//XXV1NS2AuLIae2fda54
A6xDO98bXoAeT4F1EYop8nEG2rTJT/EU9UjAt1rDYJcO+rwQvpcvn50wXg+ZX84C3v8zZ05GWAfe
tuWs3vDiXiawLgAjaIKJ6+wVtHdr5t9i9lu9a9Zsl1raAmy23bPbwZx5eH10N/3Jg4c0kk3QA4Qu
x/7S4TdcNKpRx56582gBg8XOwERPgUadpu+7dKVNQ4awZnIFqjZtGo0t/LEBVu/bG8qvvV7OnXuA
puOLl1CmzQW4t5a7euQomyrP7qAtrps3h5n3mHHjWIuRzi8Rhlju66fM9fuwiXbxux6qoHWj4Qwy
N5wB+X9v267Ms1v5LvNB2nYGEFvHZd/SpTS3WnWlid8ggIWnNaVQK50JU6cmmJOXYG1P4p21K2m4
htU3PZ95z/x5cOumch9w/o9dBCsSCPDnvmPq1HAFUMx63LwJj35n1Vj5qudxxifhAfK9yLVvA+v6
SETd+ygFrLsDGsLEe7uS7ZSZ6yl7pzoFhgFqPLj/UEnLxLL4F5MD+mHrh1HeT/M6jCw/O9mU62OK
FTumGe8M3EDiv/zR06F0B2VyXAcAzIJ846qsnke/Dyu/FVBBOW94AUCieb7m6pBV+e7tXDPkTZXr
FLAbgJMO6Oh0enIPjdU57NscwOqIjSMofbb0qvgj5vOMbtNp2ahlKs0Z6BoWaGOlQUAcxAcEBVDC
pCEHGzgI7lnF0Gh21SfhPUAbMS8ubWBePOT5FIf9lUqQ9uA/ut9KFvBg0EgCfMpDE99VW5JP6ggv
H/JLXoDIOJDWD4kx3x+zT/mYDADiq+PiyYtUN4shjdcPGmVffixNmtftq9hnsU8P9Xs2C1ikyWKY
apd5Nnb7OMqume6/yRpmjXI2VPmtY4UyP7M5+JlHZoXShhNBDneBdXf2ABCxc+1O6lahm6JH/rSf
1oH9OX8hP51eoYXX06enmdZ7WW/nZmTNHC//RsbaHV4IQAyrENDeT5pSE5TheSE+DaOz+cCIDBhz
Z9YL9DYE2Bz2C++1pRz3WqztNiXaKNDZ1f6p1+Xuvczf8OqEoEjH0h1pH7upcLYPqvaYf/xPCQLE
T2yYVpvadaoyJQyhlcl/TmHgKkR4B2UA/sCfMQBuaEPG5GeJt+tR9iR9f7D2zzpXBFjX5461Huu+
Gi9RPK94gf5a63Kmsa7TIvSirLN5AV/LsKSBoI/homG8p3aeSgXLFaK+AX1ZyCH0fMY+DesZceLG
ZpNlb5p7JurypC3k9zQIsP7wwT3qWreQ6WPdAZBi+v599lQdiMJvG4DjLgxAn2cAGgB17VaDHZ7F
oEEALtyL327cexpu/nOFOtTMo8yU95r4C31Q4NPQVTB9T548omfsEz02g+t6uHLuJLX0eV9FNe4y
jv0356du9QqpvnxZtwN94zfIBNd17fgZGwIpQeIQDWn4mxvW4Stl2t6qKR7ZgfVVs4fRvDFdFLDe
yZ99i1l8Byvm8CS8x77hY8eJpwDPVwms677RD/52kNowuI4Dsq7zulKpmqX04TWBdX2tOmSw/Ni8
dDNbnuin6hv04yDKX4a1jOTEE3l5Lt26dot2/byLchbLRSnSva1qeMI+etsw2H1s9zHqPLszlald
xqz5xF4G1j9q5tSvO/bVYY2G0rrZ61SbXWZ3odK1S6uy8CEPDfhk7yRVaVKhaMA7A9bFdUwoYJ0L
i2AphHiw18i71kEG6kF76kypaRr7gYelj7BChAPrzNMf/P+hEayxnjrD+zRyyUFTWwF0QOClO5t0
D7z093MD69Bi71ynAF04c4S+YSGSyvU7O4zvvTu36LuGRTj9qA2shzUJXmFaWCClThZPKzbxfVKZ
igWwvvfPDqGAYeRHvvv3H6lvnTix+VsjOCAeB/STJm2j9b80p09LhgiIIQ3h0aOnFDtWsAAI/zaB
9TFfka8GpABMLF1mApseP20Ck6qC4D+obxlr51WvMTtcgBVFwsqPNCvgiThveCEAzhH22T1wQAXq
zL579e1QwG6Y0XVHIAC0uwqgsU8fw6w8xmvjBl/Kli2Fyg5gpFu3H2jU6C3KZLkVrEUmZQqeQcOr
7I/XWbqqKPiPzCE8N4Ku9mPANMTE8DPek6t8NYPgM9lZnwzeGwIU/fuVp25djf0aVSMN4T4DcXHj
xjR5Je0p38bsn1m3ijB06Abq2u17p20ZtRl/UYc7JuORW9rTfSdLXaARPuUBkGEsBWyDjNnKlY2V
j2t9jJF/1eqD5OMzQz2H4As6S+a3VV9lnomGrrQRGHSXzXoPUfmtYwGwD76nIaiROlUiKaKu4gPa
XWA9LK1eveK1P/5F5StM1aNo2tQa7M+5oEOc9Qe02iv7TDejl7G/+q80v9Bmwiu8kfFzhxcCEP/z
zz2ClrYuKINxhvUagJUAhSMyuAOsC7CJvbbUpyF7LegwhCPGsnDEeRNIjgj6rMCzqzrxXV2qzETa
vPkkDRxYnn2YlzbXtpRRa5//3Lr9gBInMgCxLryuhwzZoFwc4PmTMEHIWRvKwW3HokV/EqxWdOr4
KT9LYvB9EGXOMlBVuwrrkS03WNcjrITIvDx2tKtaj54A6zJXBFiX3+5orCdiIStveIEOuQOs67TI
3EZZ9QzmeSG8AL8PHbqsNPeRrgPrQ4dtpM5d1lD5ctkpIKBhqPmsxorL3Oaxwj6N+e5tW2jb0yDA
umg2w5x1+3372PS0JujJRD4L/q6Ozt/VEjwF1yR/8ixZqNNfh0Perbn+u/8E0ZhChRWgLECptCNX
AW1DAcRcHj7b4a89RmzHeS1l3bnq4F+foCCKn8zxu3pmlSp0eNXqCAfWRWNcpzFPjRpUa/48h3Nv
Pd2T+yWNv1Wm6GFuHj7W9THE2b0SaJg920FDXvf/3pBN+sPXuznh0TjzXPkvr1xZkdL52FF6m8dV
hATgb7wdm3qPnTAEJ0BG7F/7Fi2mf9i/fMlOHc3xEt5DuKBBwErzrAPtbBw6lH7o0iUU3wNatWIf
6+NMQQxnALHMOQHlT7Ev+wmflFTAOky6w8R6qMB74aP795UlhZhxQgQKnAHGKOusXb1O6du7rAHf
fMMGx3MN7t+TxzxvY/K3bvCGIn7hQ83z4LZEUMLVOtHbduf+dVr7NrDuzohH/jyRGlh/ypquz548
o1P7+NCWNZcBUn638Dv1wgrWwoS7FRgHkORX0E8BwwA3BqwZQOmyplcj8YTBxTPsM3ex/xLawgd/
ufhAz2oKXoCR4l+XoI4zOjJYGoduBF6nvev30kzWhsEB3ZR9U5QPYFSKwzFo5wAYHLZuGPt/z6gO
7xczeLpg0ALV7sjNI9XhIT64EHDQhxevVRNW0oS2E5TJy8p+Pgq0R3p0PpCNyS+GeuC9ktawlsxo
39Eqf5XWX3EdRoVPmUfjWo0lmDpHW+gXNjlveTGr12ya22+Oar7RgEZUoWlFpd194fh5GvDNAOVr
F4nN/JuxRtDXJh06ve7eX7t8jaqnqW6O6ecNvmDepqSAcQHKHy7qCQW6Mi/u8zg/5P9VU1VV6RP+
mMBgeSKznrg8brLRo46bQTcZ+G2k6oQ/9qLwuck8unDsvJoP6xj4RXDVJwFqQctY9ruZ6t3UapyP
s/Z3wLiVysx4v1X9TbOn4j8YdfbneMxdaG7/ylpc/Wv1R7TTtmBGFQFzG/yGpjU0r/T5ETNWzFDA
kQDUKAuQKA8LhUAI5Dz7MV47da0ykyxmTfHBN6T+EPpl7i/IrjTUPq5UxDx0/n0Ng+qVDVAdpl9x
0C6CASJ4AgCrw/T29NbbSdj/6VUa1Ww0/fHTTjUWE3dNVNrhwn8x05yNgfjvFnxHKdKnVEk8jLRv
014lgBJqjDkN6wS+kcGL0+wz3a+wn1t7APqEcq2LtlZa6/gNbfXph6c7WClAvDUIMCnxuoaexL2K
q86LU6z13/LjlgSt3sE/DlHkqDmBj/jgPUZo1PmAeeTTqopaI4Fnr9LWZVsJ+x2EJmDuHyCvt0Ho
Q3kADRN5X/s14FcGP12vSwF0YTli0NpBlOPjD0zyr/Kcgi9tuCLQLSZ4S98D9o+OOdytQleec/vU
Ppm1YDY1T1AnwFb4dtcD+NOnWh8VBR/rn9X/3ARLbgbdoG0rt9HIZiNVOvztvp//fcI6hHlhrDHM
965z+NAr0zsqD9bzhLYT1TpBn+efmU8JkyRUeT1ej9HeoOVjlpvPD3keyPyV58CFkxeUT3XsPz2X
9DSepTx35DeExGQcsPdVbVtV7Rti5QCWW+Bj3hteoNOw/oC5+oD3NbUvpDUANHxwHP/zODXP39yB
FuxZbYsb1iZQvseiHqw1yoI/PDSHGbjqWKYjolWQPiINgHz9rPUVL79oWI4aDWzIbkwM/+V4Dh7c
eoAmd5qsTPuLOw9v25L2PbkKsP6U/Wz3aFSMTh7aRXXb+lP5mq34I+9/FHT5LG3fsIwWjO1GqdJn
If+Fe/kdIDZtXDWTJrKWKQK0u8vVaMWCfcbH0t8nDpI/g9DQaE+WMi0N4zJWv+ee0DhzWBtau2is
0h7vMHQp5SzAh//BLy1XL5ymzT/MpWVT+zmapmfaL509QT2/LaFA+S+q+1HDTqNVszDpDhPSCNBK
r8OCATHjxKXbDPC1q5ZL5W/DPtgLlfRR7Vw8e5xWz/WnzWtmqzJ12w6jCrUY7OV1++zJE+rn+5ny
x678zecpyofajxi8L8zmra+Q/4I/ebxTmX7RUbbiN2153kSjf/m5++ix8VyNGSMW/bZuMY1jjXjU
A9/QGBOEOAx2I78K3K+fl01S5t0xThVqtVZ0IA20TB/Wmn5ZPlnVkZ1pQbnLLFzQukpWNQc/rcQC
eDxeCd9Krqp7wAIVR9in/NzRnZSmvlgXeJnAOt6n8f7aJM+3it8wZQ6LTarLvB7Vuy+/t0IjfOSW
kZQmc1qVhmfIsV3HqVXRlkqDuzs/w7G/OXv/Vp3lP9A8b8nP61P83MYcas8uWEryuwTA5js3bvMe
uIsGsdUjpDXs15BqdaslRU3gGnQM3zCc0rGwJd71+lbry+X+oFzFc5M/C74KoI29ZNXE1axJbsw7
PLPbTGzDhwv8wc/v0ZsWbVKCjFaf6Lop+O4LurN2fUlFw53rt6kLm4IHuO/D7+W+o30VnUJg0IV/
qGb6GuonXFOVrP4pC1fdpbaftCVo2tfpUYfq9a4n2V1eXwSwvm1mDOrZuDglTvo2dR6xmt7LkU+t
kxOHdvJc9uW5d0T1pc+UTZQteN6CwKcsLDOq2zf0x6YAMtKM92OkwQR876alWKj2Og2es5OF89Kq
g6nFk3rRsmn8LstjWKtFfyrzVROKHTcBr4PjNLr7N3SW9yek1WszjMoHr5/nnu8g6IWH19vHOsBp
CLDsZVPdRYqOVoADTOXyklbhzTfZhYDlXVDMi0OzLxP7b16z5lvKmtUAax8zKL7/wCXyH75JabYX
L55Rgbk66NmVTY8PGbqRqrJZ3hnTa1C8uLGURuX6DcepZ68fyQCoOtC7GZJiOStzstXZdC2A4XU/
N1f+3wG0DOU6Bg1er+bw5k2+VKxYJvOd8RH3iacbTZjALp/ar6Th/pXIjzWoEY8Qg4XpYjEIqgf0
eeKk38iv5XKVv3XrEvQGKuHwmPc9AEZTpuwgvS1veIF3z1691lK//r8oGqH917RpYdbujk3HjgfS
N9/MpQMHL6s0/2GVqE2bEDp0et29v3T5FqVJ20ft0yjTsEFBypAhCY0b/6vyh4s48FYHa8F3+Du+
e/cxpUrdU6VDUz9p0rjm3IgXL5bJb9QRyFrIOXMNU9rICxfWoyo+OTk9GsHPL+YDzM2DnapP4K32
jo32ANRWYKAWtABUfpd9QN9mbdtdu8/T2HG/KlBegWIVcqA5pRkPk/qoc9WqxlShXA568vQpLV9x
gGrVmhvSlsY/6RfKv8ntHzseRHk/8g81P2KxYIcVCBVLA2jvl3UsFMKA1CMWTjh6LJCmsPbvRDaT
3JGBvKGDKypwr36DBTR37m5Fx/LlDanSl/xNg8JMxOrvGcRjSwIINWvmpXlzvlHfJKDPL9jkMjRD
p0+rQW8nT0Dnzt+gZs2X0k8/HVH8AeAFX8xcmwqiTVqoUHo2dV2X0qcPEZretOkElSrNz3f2qQwA
X9eoxnp4wmdGWOfwdQ0f6RWZvwsX6nvAG7wHOJ5BoVH4Yi5adAxr559TNMAyxWF2N5AgfthCZAK8
qkL8RzeZLXGv4qrzYv/+S1T449EErd6ffmqmyMGciM7fs8JzoRF8KMJ8gPb+8OGVqHXL4mrfOnv2
Ou9d+6lr1+8pS5bk7A6howJ5pZynV6EP5aJHf4PatF3JAOcBBX66WpcCDCdIEIt+XNuUPv74XbPZ
8zyn4Ev79OlrDgCqmcGDG8xbQ5AqGq/habSR59yWzX5UkP2UY34hAGyV/VRF8B+hD7/HjfuKGtQv
wO/extkDrBoErDxIzZotVdmx/+TPl44gKJIxE5sW5kYx3+fOqU2ZMiVT6+r4iUBqy3z5kddJAgbc
/z7Tg5Kw+wu8o2I9zuH1iAAf4ZUq8f6E9chhzZrDbNljmrqHO5R5c79R7/ijx2zl+gLUuLYJfh7I
/EX/8Mw5eTJI+VTHulmypD7t23dBzR3jdz015tJPf34OtWv7CQuPPVEuOmDlAL7a07yT2CtegO/g
E+bq3buPaPcurit4X0Dan3+eV37jdVowj4oXH2uu28WL6vEazK54Ab/qpVnYQYL0EVwCSP5+1oGK
7w0bFqJBA8tRct6bEPCsgIBbx06rlMa/mM73ti1VqYd/BFjHN9nYIkWVZnPF4cOpWGvju/rG2bO0
f+kyWtu1KwEQh8lvgNeYG9DgXliP+eDvTyXatTXnxVOua2XLVvT75MnUYstmylSsOL/HEp3Zto3G
FS2mQM2Ga1ZTuvz5FRh+budOWt7CV2mKg3yUgclymWfSJQFtc1X9mmrMmEEx48VTfshPsI/wn9g0
9l0Gw0Ff0ndD1quUded6h8v7f5BT1Vln0SL6oIrxXR107BhtHuZPuxh8RkB/i7dtY57pghfbJ06i
Fb6+BN4Vb9PaTAvNC3wXYGY4Bpj+/rlPHzPS6sfbTPDi5sjaH2la+fKqJHhXftAgSpwuHd0LDKSN
Q4YyOD1WpQHUrrtkiTm+C+vV5zGeq9Lqr1hBOSp9aY7JX2u+pxmVDGtjuhCAEhLImEmdyaQvVIhq
zZ1DSTPxbw5Bx4/TKjZxf/THn5QlgO/+PkNxkxjP3KtHWWs+W3aVryG7BYA1g2f8XgK3AfNqsnIi
B53v4OuUsp8pX+gyXyBYMbogK11cucLCIQZoLsC6zNEnDJiPKliQrh7+iwD+N/p+Db2dNauq/+nj
x3T5wAHazOO7f8lSAhDeggUR3uDzc7QHOkCPPqfx0LoTFEgTS/I3LAultN29ixKn4e87bYh1wQmA
5Zk/LanmfSD3eceUqTx3JtInHTtSxaHGWbTQDGsJ3/64ljJ8/DFXZ1R44/w51da106dNgQJF/HP8
eZ3W/oD0q5+DE1Gg6BttogCRz09ipAXWdUAorG4685ULM44A4fDAQIB/6LfTpaAd3/9uVoWHXm0+
AKtvOQDDwdi3H35rlgXgdzPwpiqHMvgNM49JUxnSYEEXgviQraaZXxqQh6rQIADdNfYhWSOdcSgn
ea1XABnwLyvafdD6E9PWklfMeMOk5zcZv5FoddXBUG94cefGHaW99Pfhvx3qxQ9rv5wBoqEKhRNx
7sg56v5ldwWiWbOCf9Y2ZveeTXP6GsC/Nb/8bjeFfWk3Lic/1fjgYBbmSa3B2iekW8E8aDpCWwoa
nwjwAaz8L/O9lDcA7TwqPaz5i/wyL/S+CcClKgjjD+aH1ac86utfsz9tXrJZlQRwd//OfbMWtNkA
2vZdjQNsCBoA8AJwibLIDxPJmM+Y78iPdsbvHE9JNC3nP378Q2mCC/3SgN4nxAl4hXsB43GPkK9s
fsqSNzMLvzCYxH7PUbYSm1T1G+1n8hJz3vTrbBRz+lfnnzXDnvV/UqeyBhDXeVYX9nldxpol1G8r
rbJuRbAgVIGXEGFo/fop4QJXzWE/qNmllsOcl7ywFjCs4TBzzkk8ruA9rBz4b/APASr0DG7cuztW
qEofB+t8xz4Nk+swTQxT8Ajuav+pzC7+6PPARRbS90zJA+nUoQ2G0vp5603eQeAq6EIgHdlxRGUD
/7B28EzAGCBsWcJ+wmviEMB4/jhbiw1ZYKlGp+rmB4yn63Fc63EUMDZAtYc/WAdzjs+hWT1n0Yox
K1R8p5mdWcDmQ/V8QgQ0z2FmXw/QrLzMpot7VPpORZeqVYoFZjoo4TSAYgjYC9/L+57HvNjBViO6
W6xGdJvfnbVhPzVAvCGLVP3yB8IdmAMn955Ua1/4J+m4yj4j+68+bqsnrWFf66NNvmOfwbqFwI+U
xRUCUIUrFFJx3ralCnvwR4B1FAFwPL5PI/XxZq0C/QPg1XPiel6P0dXHGYD1rWvnmf16N6vxjDlz
dK8qjjL9Z26jLDkLWqvz6DcA7+71i9CVC8a4w+T7hx9/Tn/t2aJAcFSGtt7P/TH1GP+zOoTq0bgE
nTq8y2wHZYbO301vv5NRgf672K+zBPhmH7X8L4rHvtehVbtjw3JJMq+oH0Ef+37TtyqA++yJA2a+
/CW+JIDyANYlfjTXfYnB+SHtDCn0fMUrUsfhK2g2+3xfu3icWdbVzadfNqCmPaYokLHnt5849CsF
92fEkgN0k0FG34rGh7bUU7RsDWo5YK6aa+uCwXihP3dh9mPJQjB7t/9kZOf+oYedR66ij4qVf2k+
1sXE+mkWLNWD/nyDNaLmeMc5bbzjIK3V+FZUM51xMKCXw70rk+yS7xK/W8CVD95RnQWMdeIULKi4
DYKKxt6JfKC1HYPU8HFuDShjCKrmNJPgl716mmrmb2c3KAeByGwsTCUB2g7j246nlSwYKeOF/Qdu
U9Q7EIMws/6aZVrrkXI4jIAlpYntjcNIlBG+gif4JtHfmcxylpsIB9Z5Zp3bnJPaVv1A+VK3NGe+
W0lfEydNoXym32ftcph110Opyo2oGa8F5Se9vY+ZBD769plJJcrXUUA7BGrOn/rLTJcb5EOwtpWu
xH7JEomvry+w/vgJA2PFRiuNRVcDgLGDVmDuXKkdsuz846w6zJcxzZUrFaVLl4S+//6wmQ9le7Lv
3t69PjfjcAPQ+MM8Q3k+GNHQpA1kjWgETBUAq3/uCdGEP3/hJqXP0NecP0YpIy/upZ4vK35AASsa
0MVLtyld+j6Szek1bdrECugSkBGa2SU+MbQ3pYAy432gszLxDCBHDwK+4J3CG15cv3FPgRuHWTjB
GoKXi9kvK+htze/O779YO/7LSlMZRLvO2YMZH3zAiTHU20Bqb9Zy78u+mV0F0DgFvrQZYJEATVH4
m1++POTZLGlGn0K+dTE3xKS+5IGwxEcfDSdofCJkZ8160I2A8iijAO2SmVWcMX8NQFNFaH+QX+aF
9C0xmyaG9QPQGF7A/Dh8yBEkRv9q1prD4Nk+VRxg5Z07j8yqQN+A/uWoa5fSKg6CBh+zmX0Al6AF
+TO/l5wuXLyp5jtoTJvmLdrJgCF8lCOA9wAFK1SYYtKvEviP3ifc65r/AqxL3s/KZqU8ed9hYYmr
yu858vv5FqXRo6ooPiIfNF3Fr7OUc3Z1BshLvvUbjlGZspPUz9mzvmGf1/kkyeXVtyX7amaBFwmR
AVgXrV8IF7gKMCPetUsp9h9fOFSWWSw00rDRglBjhozgfbGiGWnDhhYUnYENb4K7Y4W69XEQQFfa
xD79xRfZ6Tq7foApeATZ55wJT0i58K76PHCVt0aNPDR/bm3zOxf58F3doOFCmstuImS9Vv06N2HP
37HjrKoK/ANIvvfP9pTx3WQqbgm7I6lRcw6XMfYyp2txQDnqzIIucl4T9M9dfmaNclyPmXk9clt4
/qAdgNJ/7Gyn1qMA6KpB/oN1cOJ4N+rRYy2NGfurip41sxYL2GQ2nzeJEsVWZvalDK4HD3RSLhq+
rGQA97VqfaQEymD6XeYbBGXy5nnHY144sxqxYH4dwvOpS7AAm06L+I7fy+D/R+y2Q/in5wEfwFb4
YIfwnD5uEydvYxcfhstGlME+AwEp7FkIKMt/afUqVsIqbwhAedsWavIkCLCOMjDDvojNsZuTSq+I
iQTY3WzDeha0fqoATICQEgC6dzx0kG5dvEgD3s0o0epaxM+PfMaMpgc3byrwVHyp65nwHFCzMnhu
xn/7bep09AjFe+stM9tlNknun/tDkz7kuRsYaKRz+QT8G1rSTrWQzVpc32Bc51StRgeWh/6uxiBh
mPSxh8Zwyg8+ME2tS80AbMEL9NPKCx2Elvy43rp8mfqmfkdFFeAxqDp1irkG9Xze3IPmxQ0bGYIB
wfzV61G81+IF1IeggZilx5wA0Js8c2a6eeGCwXfmSeI0aajNHzspQcqUZpX7GJSexxr3wiuUe3Tn
jpmO9r4YMIBKdu5k9lGBuyx0cf6PP8x85g3nlzmJMW/HoPnUz79QILjk+YBB/tqLFjrMy848fwKP
HaeZwQIA4r/9wu7dyjqC0JeKfcO/lT4dQVhAAmgs06MHfdanN+nAuKQXbNSIzfZPNbT2KxnnJZJm
9S+PdubVqEn7WGgBwSk/+venUt26qnQB1tUP/gP6sn3xBd2/fl2Zgkc8hBU6HjxAMTSNesnvzfV1
Wfu9Uxg89oYHUaKMDay/2mGCdi9MMkNT2ApM6JQBGMiQI4Mepe6hjTK371xaN2ddqLQanWuwlklJ
ypTb8TBJMu74YSf5Nx5mAuqIz8xAYGW/yspstgDekh++Gnt/3dshP3xxwxzU6OajVLYv2AR128lt
VR5oIePgTsABqUeuAGgA1KDfCNCsg6be4W0hBxjQhhyxaQRdv3w9FLBet1c9qtuzjlTHwInnvAAo
O7PHTAfwBhVC8wiaSkMbDlX1W2k1G/XwBuMNX8OPHjwiHHgCKIImLcxBX2XtWt28+FL2XT+5g/Fh
56qZ7gzglKxR0iEZAgM4DIW5UAngcYuRLej9fO9TRwZhRYjC2byCAMDwpsMdxgHla7GmT4mqxR0O
h1E/QGr/Rv60Z/0eaY58WvrQR2Xy0XcsSICg8w9zvXtFI94s4OQGZXB4Gyd+HIdUZ/1DBrQJk6ri
J10KwXz9qgmr2YTyFIkyr40HfcvzvRJrIMU24+QG/JPxRxzGqv3UDgRN97XT1qpsuilWaMItHrpY
gWZyAC114Yq2fFpWNrWBEaeESfhwHXMirKDzz5pv35Z91L5ke0qdMTVN3huynqz59N9YyzCJi4Cx
HfLzEIfDeD3vy7p3lxc6YKjThhejpSOW0RTW2NVDMbbagH0pb+m8ykqGnubJvbv0oc5eS2Fav6iq
XuY7+ByTJdZl7Unb5Vgwph7vZUlTG0JMEu/pFS4xoP2OgH0cvnqtAYIdvqN8zRdlSQfvNi/erCx1
SJxcPyr9EZWt/xkVKl9Q+SqWeFwxz8e3Ga/ccejxxb8uTjU61gi1FpHHk/U4tes0XlMhwDTWAYSx
lgxfSnNY8AgB1iGK874EARqsI4A+VpAL+2rQ+SC196EM9grsh9PYDYfUj70G4JGnvPgTgi2fdUK1
ZpA5OotpnNdvrhmPPUQBbNwPBJjHH9FkhAP/kKcLC8js5v102QhDo8E6bod+O0Qjm480hZ6kAZSt
yUJFxXyKKi1diX+etvQ6wrvXgXXwcc28ETRvdGeHYgU/rULQdM5ZsBRrp8RwSNu5MUBpnN66HugQ
X8qnMVVt0pOSJHcEQRwyefDjwT0Walk4mpZM6h2qVJGy1akk0/dB/pJqnUDTuw9rsh7bv93MC/B8
AIP8yVNnUGA4tLolAJweyn5kAb7Df/yckR1M7XTkQXy9diNYyzY/9WtR1gTzB8/dRVMHN2eg29A8
QV70G76b+zQrrdpH2UFz/lDa/M3LZ0AWKgmg/LvJSssemvbhBeUPvuVABaz3bV7GoV+ZWWgBmrw3
/rkcClgH//FfwtF922jKwOZKM13icAVvfBp0oQIlfZSFAcQ9twYvn+a442P9EQuqdcI75PaQd0i0
j3darHc5iDy+5wS1KNAcSVSuUTlqOLARP0PbhVpPSE/FJs8n75lkvqcizhru375PCwYvUO4xHNL4
rKHFiBZU/tvyDs99yQOQH+/OmxZvkiic3dGA1QPY3YOjAIkA8dAwdxUA4E/eEyIQK/lgEWv56OU0
xfIOBKHCfqv60XsfvidZHa54R4VFqpk9Z5rx2GNGbR3Fmv5pzLiwbl4EsH59bwmllT6iSzV1lfYx
9yCI8oDdEAwNBsplPd6/c5O61C1orjeUwVr4ptUg+vO3tTS4zZdSDV+jsVDISiUUgsgHd+/Qook9
6EcHwZVoDMpP5jkVnSb04YNODtLWO0VD3oVVQqT88/oC69C09Kkyg/1vQ7vPESSUocA54IH9nShH
9pDDRkk7feYa9e23jubMCRGmkrQubN68evU8oQB5pOPQGT6/GzVeZALqiM+bNw1r6xZjzd4cDlq1
SPtt22n6uuosMz/omjypmvqubt5iGbJQo0YFafLEqspseZ68/ipv9mxvMzjr+JxEXoBJAO9Fu/Yh
a9qXYbPy27b/jWQVChdKzz5ofekSA/UZM7E1Bi307vUZCw18ZsZ4w4vbDMr26PEDa2P/ZtaDfgGw
hgZxw4bGO52VVjOzhzewUgLt7wcsrMR4FgNF8dkXbnIqUWIsa0TfNDXWMT4jRxq+6101ATrnM4BT
o5oh2Cf5IDDQvsNqpZ0ucZhbI0dWpnwfpaOyn000QSxn8wpAetOmix3GAeW7dyutLBzAioEeAMBh
Hq1ff9yMbtWyGGtdvk9ffmkAWcK/+PFjKa34ihWNeLOAkxuUgUBJfNbK14Oz/iEdbdaunY/7yBpe
WoCZ8AkTfmMTyiEH3ZI8eFB5Nd/jWlwQgv+z+f1Fxh/5U/BYTZ1anX0WH6Zp03YoAGv27G+oNoN0
CDCPDQsOAE4FrFMJwX8GcVutWJNaB08B1pb4BH7Sz+tZQ91nzJiEedHRXCt6hs3BbiEAOsMMuqwn
PY/1ftv2M1SMNWYRMLbrfm5GBQukt2Z7qb/d5YUOGOoE4j1+OK+ZTp3W6NH0VZVcPI4FqXTpLKEs
IDhkDOeHu/ShmmVL67O1iFyqRmUFguc7+BwnTgxz/5TmGjcuxIJPn4VyHyDp7l63bD2ltN+RH/v4
n39eCFXUz7cIjRrpY75fSgbwbjELq9RiSx3WUIb5Vp+12GG9wWry/cDBS2zNI4A2bzGEf6UsgHlY
jrCuRaTf571vPNZj59DrEWukJT9/ZD3KmpJ6sQ6wZ/kP30y9e/+komHdBe0VZgEarKMUKeKz3/q7
UkRdYSXi/PlbLIBiCF+2almURo7woa7df1BrFpn27e1AuXKmVt/VnvACVl7KfuZ4/ilztBcLR/Xj
57ME7Pfbt7UyhRNgHr9JkyUO/EOe2bNq0S+8n44YsVkVtY7bb6zV3qz5EgW6S924omxXduGBuQfr
FXrwti29jvDudWAdc2rL8BH0fSfHM4ecX1WhggzMZi5dis1Yx1Cmr8eX+IQu7Ap5h8lWvpzynXyL
QdeBGTM5NFu2Vy8q28v4vrt65AjNZvA6kP2YSwBYCg1xgK+iBZ2Ewen2DJIDhNTDkR/W0mIGNU1A
nRPfyZuX/Xn7KY3quBoQr5dz9/7+jRu0ul172h2snY5yoOHLkSNZwz4fTS5T1my7AwObyd57jyaV
LkN/sza+hHSsqd1i8ya6zWD5QIuQgc4LyY/r7ctXqA/79EYAKJ8yRw51H1F/MLY7p7Fr2KZNHaos
0rIlAZSeXLq0ikdfW/6+nVKyz3WEx6zhvW38BPqhs+NZC9LKseZ70ZZ+7H89Ln46hEssdLGqTRvW
KN/iEA+N+ZKsnZ2WfdlbAwD7JTy2x39ZbyaBvqxly9J0mKLngHkB+qZXqOgw/wo2bkw+48bSpFKl
1VigH613/aFo65/OeE7mb9DAFFi4duYM/dKnL+2eM8dsS24+5b5+WIPdgeXOraJA16h8+c1xRyQ0
zCsMGUywBjC9QgUpqq6ica9HOptXSEf/8tWp7cAPqRN9AHCuz3WUQV/L9u5FiYLnC+KeN7wua982
Bf+8MyFylI+0GusRxR6AjY/5xSoGzFrx1wu09kwTkuE0grJYsDHYN7UVxLQWffbsGd2+dltFow2Y
Zo5swRteKB7wISL6Fy8h98tiIvBF9hGaqw2y11dN6MD687YJ7dAn/IEJk/vwte7ufJB2ob0OQQAI
GGCswwu32bQo8gOkDm8ehVeXO+kA6AB24rAc7YXXPwhu3P7HmLuoHzwJb5zRxoM7D/hF9U1lWQES
cq4CXDDcvXFXAXuYRw/vGvSBJwmTcVsvYK2g7rYl2yohiC6zu1KZOsaLlysa9XihMXY89sUM8+qv
ScA4PGST6NjTMBfDG+OX0W1Y8EiSKgkfGkVTrhWwV2PssK5exlpxt4+YEzev3qRYbMIUJobjsu90
d+jDXoN1iPLurn9v1qO7/YiIfN7ywpu24SoE5qMxdxMnZzOYYewzev0wQQ++QzsC+4s7+7S3bent
urrXgXXJA/PL8LnOC5LXIguXsOn3sMK/PIdu3QhkP+zPuF+8RhIkprjxE4VVxOu0Rw/v83q8wXM2
Pgv2PVTthEefN41BSx4+ut5kQYIEiZLyNbo31UTKMhCCiMZzEH7j4YPM2Vi9LGD9VTMI70wwQ49n
D9YzhHzcebZCKBTvC8ibIkMKpyB8RPQN77l4FgEwj5MgDrurSeHWXgPhSTyv8FyFcBP65m54UcC6
tH89iC0PqO+X2JQgsSM4JXki6gpBGcxz7Etx4uGdzvle9tzzPaIIDrOe1xdYD7PbHiTeuHmfwdon
FJu/q7GmobXnrmYmynIR9k39ZigQ00oChNOvsaYlAtqwmnK35n8Vv73hBcr8q76r/0cJE8Z6LnPR
nvb52vV7ZJhTj2YC657W4Sw/tEMfPXrGJvffUObj3Z0PUtftOw/ZLcu//F39BsH/cHjh+o37Kn/c
uDHCnUfh1eVOOgC6hw+f8ntlNIofn92x8fd/WAEmkeHiQAJMd8P3c1gBbUAjHm4L3kocJ8xnEFwV
3LjxgAH4BErY5O490Mfu05iHyZLFeyFrBYI5JUuOU0IQcxjkr8OCBe4GrGXQGC9ejHB5526dkSEf
xuEe9wt7GuZieGP8MmiGKwj4fcf3EtYV9mrMC+yhVsGRl0GPqzYwJ64G3lEm4++zQEpCXvfu0Ie9
Buvw2TO2tujm+vdmPbqi+0XEe8sLb2i5fOW2Erp4/PgZJee9wt3v6sAgg+94dsFNgjv7tLdtudMv
HViX/DCJDb/L6t2XQdPn8VsudVqvty5dUu89qDteUs/frQFUgr43Y8akWPHjW6t/7t/Q1n7GpsUh
SBCX6XvR39XrGOT9uXdvgiY0tNXdnU+edhRAOSwHgO8wcR47kXvnHzCzfpdNnUvAmLkzL8BHdY7E
Zy4A4N0ZK2hmwwy8u/mFJm+umEdPHjxQfVHnusyPFznW4P/Thw/VuUZMnreu2sL6gOUFzIOHt28r
GsGTOEyfOzz0hhcoE9XXvg2sezvykavcaw+sRy5229S45AB/lDxigFdAVhzEQvMS2kTQOJ52cJpH
h5Yu27ETXl8O8BySACsB0JbFYTfMuUa3+FaUfPbV5oDNAZsDL5oDzoD1F92mXX/k58BzA438zBON
dVhEKteovOq0m/InkZ9BryGFOIBH2LJsC/Wv0Y/8xrakyi0qGZHP9TcaQWM9Mofnnu8vpXM2sP5S
2Gw38sI5gK0Gvn1jsXIAAkyv9+79M40es0X5KIbJYl2jWWWy/9gc0DgQ/LhSMevXH1PastBWP/JX
V4rJAgB2sDlgc8DmwKvggDNg/VXQ8Z9rU3so3Lp8ifq+k0Zpxrfbu5eSZXI0pf+f443dYZsDXnLA
Bta9ZFwkK2YD65FsQP6r5Pw440c2v+8fqvuQeIJZfZgltYPNAVccgNYYTLMGXfiHtSxj0YaFG0zT
4jAnXrVDVdakiuOquB1vc8DmgM2BF8YBG1h/YayN0hU/L9AIDWu4TFg7Y61y15D2/XRsreYRwRWO
OxY1ojTzoiDxsMI0qtlINp71P9q6bKuS6LeB9cg2kDawHtlGxKbHcw7g7HvGjB3U+NvFoQrju3rq
lGrUSPOXHiqTHfGf5wBcCQwcvJ59Ut+ieHFj0oKFe0zT4r3YnHjHDp+q+P88o2wG2BywOfDSOWAD
6y+d5arBfYuX0In16ylmvHh0jn1+iyn5/PXqURk2m5/03XdfDWF2qzYHojAHbGA9Cg+eRroNrGvM
sG9fHQeWj1lBE9tOcCAAvpfbT2lPJaqVcIi3f9gcsHLgwb0HVOe9OiaYrqdjHs07PY8SJkmoR9v3
NgdsDtgceCkcsIH1l8LmKNfI8wLrcG+0etJqGuM3xux78rTJacreKcpFixlp30QKDly7fJ2a5m0S
8p7CHnQ6z+zMrmrKRAB9tsZ6BDCRq7CB9Yjho13Lq+QAgPUxY7ZS23YrHciA6Xn4dK/29YcO8fYP
mwNWDsBffKb3+ptgup4OH95nTvegJG+F9lGr57PvbQ7YHLA58CI4YAPrL4KrYdcJk+MzKn7J/rnX
Os3o99uvlOHjj52m2ZE2B2wOuOaADay75k1USrGB9ag0Wq85rfBxCRPwCABDk6ZO+sJ8tbzmrPxP
di/wfCDdu3VP+WPVGQD/rKkzpbbnks4U+97mgM2Bl8YBG1h/aayOUg09N7AepXprE/tiOWAD6xHD
XxtYjxg+2rVEBg7A3/Lt2w8VKQkSxKbUqQzfy5GBNpuGyM+B8xdu0q1bDyh69DcciMXvTBmT2d/V
Dlyxf9gcsDnwsjhgA+svi9OO7cD3+N2rV+mN6NEdEv7HvsiTZsrklv9yh4L2D5sDNgfIBtZfj0nA
wPpGCDbbweaAzQGbAzYH3OaAvW26zSo7o82B/zgHbGD9Pz4BXHTfBtZdMMaO9oIDNrDuBdOcFPEe
WP/fv6Od1GdH2RywOWBzwOaAzQGbAzYHbA5EFAdGvtEqoqqy67E5YHPA5sAr5UDbf0MsD75SQlw0
Hg0mEp8nvNHmeUpHmbLRlu559pycijJ9tQm1OWBzwOZAhHDABkQihI12JTYHbA7YHLA5YHPA5oDN
gUjCAe+B9RHPe/AQSThgk2FzwOaAzQGbAzYHbA7YHLA5YHPA5oDNAZsD/20OPLdGvQ2s/7cnkN17
mwM2B2wOuOKADay74owdb3PA5oDNAZsDNgdsDtgciIocsIH1qDhqNs02B2wO2BywOWBzwOaAzQGb
AzYHbA7YHLA5EHEcsIF193hpa6y7xyc7l80BmwM2B0wO2MC6yQr7xuaAzQGbAzYHbA7YHLA58Bpw
wAbWX4NBtLtgc8DmgM0BmwM2B2wO2BywOWBzwOaAzQGbA8/BARtYd495NrDuHp/sXDYHbA7YHDA5
YAPrJivsG3c4AIcr0dzJaOexOfCCOGDPwRfEWLvaF8oBe96+UPbalVs5YAPrVo5E2d/i6M5+94qy
Q2gTbnPA5oDNgVAcsPf2UCyxI2wO2BywOfBacMDe3yPdMNrAuntDYgPr7vEpcufyZAPyJG/k7vXL
oU7xK5hp0bw/nTmydxtd/PsIZc9TjFJneP/l0G638sI4EKHAOk8vWZYgWM0y76faC+tzeBX/T5YJ
Z5T+PMeSCa+5KJH+P2bKbwG/0YM7D6hQxUKUMEnCKEG3lUiMLaYkxvU/MabcUdXX16DPr8sctM5J
+/frz4FLpy/R3g17KW3WdJSrWM7Xv8N2DyMBB2xgPRIMwnOTcO30GTqxfj29nTUrZSxezP368ODn
8L/gt1jjVZz/RqF3cjzzQ97XohDhBuvtv5FpDqp3YYOgaJhV9nSy5+cL4oDDvhXGXEO+gwEr6fGd
O5StQgWKlzTJC6LIrtbmgM2BCOOAeowYb1aR+Vki+xD6Hfwo5nMvLx58wc9OlEQ9XtUBIv5j4eHt
O7R/6VKKkzgxfVC5Er3x5pueceC/xvfg/oJJL3Jd2cC6e9PQBtZd8Qm7oLEVGjnMndFVAS/iuY1/
nz2lwMtn6cShnRQzZmwqWKqKexVx2cCLp+ng7k0UdPkcvRk9OsVPmIRK+zSmGDFjOa3j+MGdtH/H
Onr25AklTZmWin9Ri2LFiec0rx1J9OzpU5o62Jfu37lJ14MuUU3ffpTjo088Zs3jRw+pc+38dOH0
X1S37TCqWLtd+HUoJMuLB3n4NUdMjshOX8T00mUtEQWs/3PpH/p99e+0Y+1O+vfpv6q9ZGmSUa1u
tShVhpQu249sCUEXgmhQnUGUKHli9fL46MEjReJ3C7pTnPhxIhu5HtPj7XS/ePIi1c1SV7U3dvs4
yl4om8dtv+oC546eI/9v/SlZ6uSEce0+vxvFTRD3VZP1QttfPXE1bVu1neIlikeB569Sp+mdKF22
dC+0zRdV+eswB18Ub16Her3dm15a39W7NLfm6esMlxvbehytHBdAuYrtVxSHAABAAElEQVTnIv8N
/vSmpx/YL62TdkOvDwdsYD3KjyXvHQGtW9FvY8cxqF6cmm/c4NbhHA5UT2/dSodXr6GzO3dS7IQJ
KFb8BJSt3BeUr169V3sw6uY+euvSJZr/TW2KlywZ3b58meosWkiJ06SJ8kP6X+nAy5qDBnjAD+Vw
nsvbJ0ykQ6tXUbQ33qCsZT+jYm1aR+6h4HUSIhRj6ZzlZ+TuiIW64H4ZXbB0xPLTUjJK/Dzz2zb6
vksXSvROarp57jx90qkj5fLxcUp70MmTNDhzFpXW6vftlL5QIaf5Xkmkm/v0K6HN00alL87KuTvn
guvAmlSgj7Uuaz3O2rTm0etwll9Pl/uw6pA84V1fZlvh0RLF0nGevqJFC7p/8ybdvnSZyvXvR5k+
+STS9eLmhQu0oE5dipc8mXrfe/LgAdMYjWovmM/vgvHdphf9DWjZkm6eP08x48WjJw8eelyH2429
Zhn3L1tGc6pWo/hvv02djh6heG+95XYPXyu+y34Tzt51avNmWtOpMyVImYISpkpFPmPGUPRYznFA
txnpJKMNrDthipOoKAOsX7tygU7+tYsB5BiqG5D8yfPx56E+lgMvnKEzx/eZ+fQ+x4gRk5KkSEtp
WGMYHwnOAkDn/TvX0+6ta+ify2fpreSpKXX6LJQ+cy46duB3ypmvJGXPV0IVPX5gB926EeT0YztW
7LiUjNtKmTaT07bu3r5BSyb3oR8XjTXJyMbazL0nh38AABoXT+lDATMGqbIiBZUoyds0ctlhBthD
b0IbVk6nSf2a8PPBeLXBR1XSFGlo6PzdlPCt5CYN1psr507S2ZMHTX6ChzkLlArFd2u51+H3wwf3
qGONPHTlwinVnUadxtLn1Vt43DVs9P1bfEaH9mymRp25jmph1/Hnrz/Q1rXzqVbLgfR26gwet/ei
C1z8+ygtGNedvqjhRx/wevgvhogA1o/8cZT8Cvkq9skaFl426NeQvmFwPaoEgK8NczQ0ycX+kvjt
xDTryCxK8FYCMz4q3qBv07pNJ5+WPpSn5IcedeH6letUNXVVVWbiHxMpSz7jMMCjSl5x5p0s9NG9
Ynd6ncY0PJb2q9GPtizdovqMvBN47N6PgmMH2l+HOYh+2CE0B84eOUczvptOlf0835tC1xbxMXdv
3aOZ382g9NkzUMVmFZy+K7tslT8qFw5ZSNO7T1fWPvos72MD6y6ZZSdEHAdsYD3iePmKauK9Y8Pg
wbS2e3fKUbEi1V+xPNxv1n///Zdm+VRhUH21+Z0M6nG2FTthQup++hTFTZLklXTowa1b9ON331HK
7DmocLOmYe6jV48cpWE5cqh3F3xXtATwVLDgK6HbbtQzDrysOXj16FFa260bFeOD//dKhv0NP7d6
DdrH2mM8oSg7r6UGASvCXUue9TqCcvNCvXX5Eu2eM5eFY7aoShOlSk0ZihShOHwwf/yXX6hU926U
+J13IqjBl1QN9+vG+XP05/wF9Dev5eixY1PClKko86ef0v3r1wmCNCXatmXwJmoLO+/h/i2sU8f8
5qoybiwV8TXOR6ycvnPlCvXmsUVos+sPSpsvnzXLK/mNb+TN/sMZOLxI5QYNohg8VlE1PL53n04y
YPM/fi5aw798ppkqVy5KlimjNcnh91M+qz7xy3r1TL1x7ixhPSZ7/31KzWX/3r6d3uM5/N4nJcwy
5/f8STfOnqU3Yxjn/Eh4M2ZMylKmNL3h5Mz++pm/6cLevQ75zcosNxA0y1DYewGMywcOEgQ6dNos
Taif4E2KbNnYUo5tmVTnz+N798g/94d07ZRxnh7W+tbLvex7PBuH8XuWBKxpbwBe6e/106fVnuZN
HULDf+16assWmvBJSUoQDKzH9QBYf134/vD2bX5H687v/NmpcPNmYb7z68/OFznPbGDdvZUYZYD1
SX2/pQ2rZqheCQg1Y0MgxU/k+KE7smtN2v6L8REQnNkUyMUGiQAAuvfkjZQmo6P24LUr52lQmy/p
7IkDDpNYyqFsvuIVqaP/cnr8+CG1rPQe3boeZL4IIl1okzJoq9uYtZQxWx4km2HnxgAa3skAXBCJ
/IXLVKU2Axc4fYGQgo8e3Kd+vp/Rsf3bVVuV6nWi/J9UongJEitNdWdA7LF92+m7RoYpvFp+AwgA
/vhe9RkwPk0fFa9AnfxdfygBjN8YzHfQiP6MWv6XU/BeaHydrvfv3qKAmYNp5ayh5C2wDr6tmTeC
Du/aROVqtabchcq4ZBHyTmaeY64PnruTMmWPHB8MOsG//bSQRnev7TU/9Lqi6v3zAusY57F+Y2nV
xFWUNX9Waj6iOSVKloiCzgfR9cvXKU+pPJQ0ddIow55nz57Rzas31T529+ZdapSz0WsDrG9YsJEG
1h5ALce2pMq+lT0ak3u379HEdhPpZtBN8h3lS6neTeVR+ciS+RwDeA1yNHhtxjQ8vj6494Du3rhL
3St0p1MHTkVpYP11mYPhjdl/MX3D/A00qO4g8sPe1KJSpGMBgP+GvG8UrliY+qzwHBj/beU2Wjvt
B8pXJh/5tPIx368jXUdtgl4jDtjAepQfTP7UP7hqJe2cOo2ylC1DxVq1CnfvuHrkCA3lA1V8w1f0
92cQsQI9YO0qHN7HSZRI1SPf9y+bP0Jbji8hJOD6e13oun3lKs348ku6sHs3tf5jZ6QBnoQ+++qc
AzLOL3oO/rlggbJq4A648fj+fTqxcRPNYFD9w2rV6JuFYZ9ROe/ZC47l9X4gIIBmf/WVakhfp/jW
lhCZQFihKcwrk75j2jRa2oSVYji8Nv1y0umnjx/TIzbtvq5PX7Y0MpbCmpsAHVa1bUf3/gmiSqNG
UdJ333VS48uPAqgzqkBBpusfjzUtXz61Ybd45fBhGpYzl5FJW0M8CVXcF/36UWkWVHEVoKk7rUJF
unzggKOgmlaXLqgD3g3M9B7dCQxUQjx6vS0Y4M9Uorgepe6XNm1GO6ZOdcwfTJ9DZm7z3WLFqMWm
jV4LBSkBoyVLVF/MuqUvepvS1uZNYZ7lm3X8h24esoDg+kGDadOQIWGu71fJkn/5LPPO1avqLPMh
v/8N+yCnV8A6+nD/xg0Wsrn0XHW8Sl68qrbxHgRB0nhJk1Hl0aMoRhzPrJ6+DnyHgMfQbNndEmbE
s/MfFvoZluMDr+eqO2NtA+vucIkfEUv3PAt563SvzCvJNW2wH/28dCJVrteRSlSszybUn1HaTNkd
XjRB2MW/j9FB1jhfNq0/g96BBCA5yduGhOrZ4wfo+/kj1YaZ4p2MNGLJAYoZ21iwN4OuUIdaeVSZ
uPETUusB8ylLrsL04N5t2vL9HFo8qbfqtw5+79/xC9345zJtXj2bDu/ZTCXK16GcBUupfCfY7Pq6
ZZNUW3HiJeC2DlIyNr8uAVrMVxnYTpT0bVVH268/cAtYh5b70il9Vb/7TN3MIHlRqdLpFR8VE/o0
os1rZtMX1f2oQcdRqiz41Oar7KrMsIV/UoYsuZ2Wh2Z90KWz9PjRA/quYdEXC6yrmahPR36BM97h
nNLmMlJedpBBf+HRC+h50Ii0g+blPjj/7i1raEi7yiFAsl7WVf3Sll6ffi/pTq4zhramHxeP8w5Y
12lD3eHRhzyK5eoPfoWUcUHvjg3LWSikWgg/jFJh/3VWl8TJNewaQlKR3yCar9rYheQw7rzihao8
uKbgulGPhY/PC6w/ffKUmuRpooD0yXunUOqMbgKuTIqFQsUCa9fN36EyB6do9Vi6Zhb19ubxw8fk
y5r40JR1W2NdowftqiVoWYeh6HFVRvrsqryrcqEaMCK2LNtKfav18RxYFzqkXlf0SLpcPaFP2pC6
tbIqSuKlbi+vTsdU2kad7rSj0WYWCa+cVkayoll1LxGozBK8WfqhFxbRODZFHTA2IGKAdeGXTrez
OEtfnNGlslh5o9crdUj98ttZHkkLK29YaZbyela39hYuIGUUefjjEBHcgMRJe3pfwkqT/J5cpT5X
bejxer1STuIkH8frSS75Ys2HeqQOqVO7wqoCrCt4Bax72JZq1lUZ6ZyF1vPHz1P9rPXpk2qfUHd2
C+JM60TrTsit1Ccxlnol2ulVo1EVc1VWbyM4j+wbYZZz2qgd+fpw4D8ErKu1YiwEYwloi0W7ddy8
gkdaXz+I0vM7mwxaW0Z2LuBNGb1uZ+U9pQv1cRllfpKBw+Jt2lClkSP0VhzvrfUjVafDmq6nOdbk
9q+g48dp8PtZ3Qc2mYYAFibYNn68Aax/lI+7aBCmyHH5AAomibNKfiEyQn036jzS+aPHo2E9TQjB
1UKfmBhW5obD6puzcq7a0Nvz5t7Ttji/23PQG3q0MmJqNSzwUstO1//+mwa8m9E45F0ZQG9Ee8Oc
H27NC095oTfuxv2+JUtpbvXqKmfualXpsz59WDs2FV07c4YW1m9Al/fvV2kugfVQ9CE7T4yw5gaX
QdDXiVu8MIq59XfziJG0pn17piOa0t4u3rYNxWW/s1cOHaJFDRuZ2p/u9yucPhkdcr9PwTwwOyP8
UvEhnHHJFyflD7HFkJmVKjsH3qz50bC0aRKh3ej5kY9/C1WqWFh7BapR5aWEUa/LvnDyk4cPaXTB
QgSNek9NGOu0oSWjW/zXuDEat/7V+mOUMTKDYl0Iw1rMnd8QXoBLFGisn9y0iXbNmqWeP9nKl6en
jx4xUF2UUmTN6rSq25ev0PAPP6S7DJLD2kttFuRJ/3FhQp17Zs+hn3r1UuWsgjonN22mG+fO0YU9
e5RwhVReoGEDqsoAuvX7IejECTq1ZStbc5hPMIeciwVrcrBAGehTgcf3GYNO63g/eI/Njj+PUFBA
q9aKB5/37ass1zy6e1fVC1PhEgdhAgCCZr94nwwV9PFU80vLIWl6vLM4FJF4rbjD7f/Zuwpwqaqu
vT4DRFABAUlBpQQBAeluQZRQpLu7u7u7u0tSuru7Q1pCGiQl1H+9a+46d8+5Z+6dGcD/k2/289x7
aufacc7sd613OY2NsNK4ZeDlhVM5nNTTGHSb33XqSjwtKbS5JXFELsHz0dUc/u/ULicZIhPzPq6d
0uI+B7/msy3/P58/o4FfpfNvTXBVw/l/CFnYGmK7tDLhdMESRPM5YihxrXSIY6QNNR0SeaifjAtP
ZUoaq0TXiae62aLZ+9UruRvtQXauovi/U5n2umkcex5hvVPs9fZwjbWtV+IkwWuJA2OHmdQcq634
90IEXne1n8PsK2Rkb4dk7i6LALBuStzz+b8GWFewsVb7MZSnaFXPLeInAN1blP2KHty7TYPnHyfQ
sms4fXQPta7gokXrPX03fZo0jTzS/KPFjEvdJ26zwHhNN21IS/p5cj/KnO9HathjutsLXtMCqI/3
WTCFyG9Mo96eLcUB8Idm7fzbr6eoQbGkLuvx/vyjxcMEAohfo4DLV1rHUWvoi3S5tHoej3dvssJA
aZfCwJAFJyjWx4msuBP7NqRls4ZRxcb9qHC5xtZ9p5Pn/HJoVS493b119aVbrP/JIOOhXWvo8K61
dOLgVnr+7KlU4ctMBYQ2XRUjtF5P/nhEaxaMkw9HLBh/sp96KA08f/ZE2AoA/EJWSPdD1XaU8It0
mpQXj7/p2P4ttJbTXzx7VO5/kiS1MBFgvJw6souKVmrhRsGuQHKVFkPo44QpaNnMwezX/oJQ6Bcq
1YDSZC0YnL9x9uupw7R/+0oKF85FB/X40X3Kxn7to8eKb8QKPgWFEFwUjO/TQJRIoDiRjBUnoISh
wRMNEdwD7Gb3BZuWTqWb1y5KdFD8Q9kjU57v6a1wzv42Lp49ThtZ6QLyR4gZL6G4WEDavUxJn7VA
SUqWNoc8g+wQVs0bQ2N71nH5iy/b2KrfX3//RXAVYILQ+7Yso0vnjouCSdKUmSnJl5klj7PH99Hh
3etENmB/SJ4mh1s/Xb98jnauX0BvvRWOnj9/SlGjxaYsX5eiO+zrfgMruuzeuEjGCSz6S9ToQFHZ
ZYMGf2Tx7MkftJfrunPdfFbOOSFarQkSfynrw4FtKwhjMX+JWloE+Qus379zn66eu0p/PPqDelfq
Tb+d/Y16LOlBUWNFpedPn1PMT2LS08dP6aP4H1ll6QmsnjcxyLtz+S6Je//OPfo8QzLKVTInJc/8
hSl2kff62evp5uWbFC58OHp0/xHlr5Cf/WRHo90rd9OaGWvpwrHzPC7eoh8a/0A5S+TUYl746AjC
esqVhxTAl3Uz19HuVbvpvcjvE+gQk2dGu3JRvMSsjKQfMEYed67foXVsSb7+p/Uiiw+iRRaa9s/Z
h/n2xdspQfIEVKBSAbcfl/fZAnnn0h10ZOsROn3wtKR74803qGDlgpSf44Z/h8euERRkWTJmMQ2q
PYhq9avFsirB4/1PiYV6hgvHlGUO9dvB5YBCHrJHgCLFd7W/Y0Uu9zLkof7zURaHtxym4zuOS+r4
yeJTLFbO+Hn4z3R0+1Eev29QvnL5qFD1b0K0S4vz5ah9ev/2fRp7cBwrhFyn47uO08O7D+nt8G+z
7/hkTHPPLlYcZOGr3FGvJ6ycsWvpTto0fzNdPPmrtOezVAkpcdpEtGv5bkpX4CuRp70Nz5/9SdsX
baNVU1fTjUvX5THGRv7ybLX2Q3buD+4ve2C53/ztJu1ZuYfu3bon/Rk3YVxKnTcNTes6lWb1mfXC
wPrmBZtlruPjNXXu1BQncVzav2YfXTl7hSBbMBmApSJKjChutbty7jfaumALs9G8Tc+ePhMWi9yl
ctPNKzdp9ZTVtHURvy953UicNglV6FiB53cwy4UvY3Azy/k3LkvHK8pCOWDN2L9+P53ae8oau3gW
M0FMylY8m1VXtAPz7sSuk9JfeBAlRlQqUvc7ylAwA7/XHAYGy+LQ5kO0dNwyWYuQJuGXiSgzWzff
47XtxM4TVKplKSkLc2nHkh1WHSCz+MnjS96Yj6unrZa+Q/1RvzgJ41Dm71zvGuTrS4CLjsObmLWI
6/zRxx9RlmJZ6TDX89S+U7I2vx/tffoy55ch1ias6cu4LdjQwh/qVbReUVZKfMZuBTbw2r2ZlY1u
sUyjUfl25ShpemNTyse5L2sT/1s8ZgkNqTuYavat6fXahLTHdx6jVTx+TvAcRoDv8mzfZ6P8FQuw
uyT3Maiyw5q7dvo62oA1l9ezyNEjixyC19xPeM3NL213rZ1/s8xOU+10tShltpTUa2Vvdyp3HhJv
vfWmZm8d7974nVZPXSVjHjfR18kzJ5c/K5LDCdaMHTwGtyzcQpdPX5Y1A/2Xo0QOylg4k9vcf/zw
D1o+fpnkgn7CWD667Sit5fciFMLw3vmxeUlKlDqhQ0mBW6+3BF5/YB0K1xe276C9U6fSr7t2SXdG
S5iQPuXN56uHDxN+ixQfMZxdgL0lGy6wBr3FlJb4DZAoTx6KnigRnVq7lm6eOUPPGUz48NNPKWGe
3PRe9Bghv4d4vUHaPVOm0LElS6yhkyBrVspUvTrFZNpyp28o+KQ8wiDe3mnTZVPyP7xGfZI1i2yc
o+5/sHVj/g7t3eh2H9zg9ziXA/pYBNTtkyyZKUFmz+8CWObhN9aJ5ctpWes2BOCgcO9e9Iw358Mx
le87DGS9GzkKvf1uBAYZ/pb8H7BFovow/It/r6Zl/+uRPvyQrh07TseWLhW6ZpSPZ6nLlqX3Pwr5
PY/nYQW1tr20bz8NYrpjWN3VXLWSIAsNeNdIP+kNHFnmANa3MLBekymwH1y7Kv7mATJET5yY8rRp
Q7FSfGGmsM5B33uMwa09PDZ+v3hJ7keMHp2+YprmFD98z997zr8lrQzCOHl4+w7tmTyZ3uCx9Tf/
ds/EVodvR3iHN7GfyH0BRbhNb/D7N0O1apacNdsH12/QIbbaP7Z4sTUuEubOJX7ktwwdRiUnjOc+
z6LRXUc/x6B7Jl5e8Ry5xhubB2bMpJOrVjENeWQZNwkYWPqSadVjsPzt492XMehlLRyj6XjaMXoM
za1dW5gZcjQJ/g0PEO1tzB2Wvxl0kzcdj3OAuzuYCeLC9u0yDtNXrkzpq1Wltwz6Zist5H6O5z6D
aW5zn/snUw3MfR6D7kVZSb09wZzv+8UXAuLlatGCKbh7uO2hAcwbwvP/2tFjjrThsG47OPsn2s1j
EvMDIVriRJShajVKzGuaXRZ4Djme3byZDsycRVd4vXzn/fdk7yY5W+im+L44RYoW/YXbdeMX3lhn
2myE4sOGMbBeR871H9bengld+3mN9+6huGlce5nynOV+/ZeTtN9tDP7FVNiZ6ctSJXkMcr52uXOa
B2wBfnDOXDqxYrnI4hHPVbiRQJpPsIYa4wIyODBrNt29fFnmKKzNv6pQgan2Y9OJlasE7Lx27Jis
xdmZqv5LVngwwxO2UAZNOMYWAmh/k3xdgC7u2UvjCxd2BNaPLVlKsOTTtRd7PVnq1HZ7B2gZoDKH
tT8C3mcpuV/Ob9tO+9hX8n0GftHHGC9xU6fWJG5HvLMALP/KVPM3TpyUZ5E+isH9UI8+L1jQ/TcN
yw77kE8ZbB2aJatYrDfZv0+sB3XOIQPHOcL3/RmDD27coMPz5tPRJbwOcnvwToBbh8jx4gkoXXI8
r4P8vnwZQcHQEmPHUEZek8MKC+rzu4fHbOR4cdkVyfYQ7hfgD3hD374eQaN1vfvQ0latKFWJEjwe
51D4996j5jzPosT/2LFogN5gOWh+5LDre4JjQe6yPxwEbEIJ4EWB9QOzZ1NbXs/CvfsuYewBMIU7
hlYnT8g9VUBSYP3U2nV05cAB63sA77bPv/6aYn6RnB7yurNnEr8H8S7neYVvFYD/sVKkoF0TJ0r+
AO+hVCDKDZzXPVbYQLti8Xr3GVPoox4hwj+w5mqZ/oxBVeoqxv2Fb5BNgwfT3Qu/ik/zbNyPmFsh
1iYuEMDhscVL6DB/E948dVrkFvnjeDxGfhR2IfO7BO/T48uWy5r8QezYsn7hOwkKH2Brwfch1voo
H3/M6X/Q5oQ4mmBlmIoyLPerx46y+4SN9IxZXrBGxf4yFcVhBZNRefOJi4Mw8whRAw83eAyc4fcP
GJmwxiKgnGSsVPKYx+OFnTspd6uWFDVBAnkm/7h+vrwTzm7eQhd27JCk+Eb/8NNPeE4Pt977acuV
o4z8DndydwG5HV+6jL/T5snaibUpTqpUFDdtWjrO75ak+QtQZl63zYBv8F3jJ7iUYriv0D9m35lx
3c79lLsva66+SzCGMFfxPslanzEnns+HWKnv4Ly5sga/z+++fO3a08fp07lV0ZcLfV/AxcUgVoj1
9ptfxyrWo2r8Tjjy8yL5TQM5Jsqbl3I0bSLvWKe6eCuLALDuJL2Q9/51wHpoALU27ymDZG0qZnIE
gRUgBt17j8nbKNEXGejWtUtUq1B8Sd526DL6MnMBzco6njtxgFqW+4p+qN6OfqzZybqPEwXWnai7
l0wbRJMHNn0pwPqqOaNobK+6DOQWomZ95ojiAF64ET/4kMETl+W9W8X4AiBho++Tk91CH/EUMFZ6
e3nB2zMIug5Nph6SeH17Yt9GDPAPlfiycAWlxALjZO1/6dwJalLCtSmAOKCnb9xzFo3rXY8unT3G
695/sK8gm0DJmPa+Y5DfetDoj+5Rizaz/3IELUvjyk3+Z+9HlZM+t9Jx2Qg1242mvMVCfmyiXbA8
R9DFsueUHZQwechF9+jejdSpBv+ICyPU7jCWchep4hYLLgy61S9ktd18qPLpwcoiMeJ+Yj7iug3n
sdtA7mmbcKF1xbnON8yRluXSiZII7nsKWfKXpAbdp8kPW+TTo8E3dHD7KslT3A70dymOwGXDdrhs
4IB4FZv0p8JlG1nZgmEBTAv6HEwRebjd3eq5lBikj4Pkb6b1RxZYEyB7da9gVYJPVBZ2lwn+Ausr
Jq2kvlX6mEWEOE+QLAGNOTjGDYQAqNT2u7YS1+wr3EAds/+Qg5qOaUqRIkeUOKCyLp+wPN297qJn
x82uC9lvNAPzaxiE0jyQ9mX7QlcQNiyLdWxSzug5gya0d3fxgbqq3Kv1qEYlGeAAUKxh/7r91Cxv
M7nUduBC0+DcTj2sdTp76KzVdsRDQLrkWZLTgHUD+IcvbyRzuHHpBtX6qpbIT254+AfwsfW01m4b
OQCdaqapyWDhBUnljYx9lQXybF2oNe1Ztcet3SoPlQUApS6gYHYAsDw0yfG2KT+NYC8rQ6GM1HJy
S2ZheV+jCCgG9gJv5Y6EkF+T3E3o6Najjn2FOPb+xb3r7EahVcGWInetG+4jaB8M3TaU2SFiu24G
/QdA3atSL7nSdCo/jfgiPtYhO7hGuHLmimZnHe3ldZrbyQ2wXjF5JfWr0lfio045WAGmYJWvuZ2t
5B7Sa11r968tSjJ44MsY1LXizrU7kif+Id/BmwcLmImyzHGGZ1DkGHPAtUZdPX+Vyn5aVtJqe3Ch
9arSrQqVbeN6LpH4H4DNgbUGMlDrUuhySoe4Knesm/2q9rXyxDMoz6AOkC/WOrP++gyAsa8BFuAb
ftoQIpnWUdtVvn15wp/OLbhLqPKF692MOFhX289qT0PqDXEbk3gGoLnfun6yxvs69zHOAVZjbQ8t
OK1NAJ+HNRhqKQCY6VEvtLHn8p6ULr/xjcKfOftYuaK5l2vu338RdSjWnnYu22lmH+I8RrwY0n/v
RXnP7dnWn7dSx+Id5Z5qt4dlkX/h+AVq+21bUV7RftJM0a4orCzQn9f3+J+7NubOHTlH1VNVdxtP
iK9pVRaDtwyh5JmSaVaB4/+EBF5zYJ3n8xr2/7qc/Y/zgHfbw8S4R3iPgeAWx48RfBs+ZYusfrzZ
e+vM2ZC9z+klIB2fV5w7l1IWK8bnevtv2jpiBC2oV19u6PzChZTFab7r15etxBu7ARW3zp6jUfny
EfxTImg6rR/umXXENX70Hfn5Z5pUvLheyrE4b+DaQSl5wP+wcd1T6Wf1pu2Isutt2cLgfCaJ3/b9
D9zWDet5pky0a9JEms2AHEeQXKxnnNbXAIB7EssSG5ShBQApTQ8ekL6y4nHxAqwzuKHBlCHOG7JC
Rbyv0upjOd799SKN4Y1t2azlOEHdaP2ehszrs29cbLL6G64eOUr92MeurrFKVa++4ZEvnoXoX76P
+nWNH1+K1vZIfPnHjeY6FxsyhLLWqytxXLf9G4NWBj6cQNl2bY8etKJ9B0nlVsegOVKoR3fK1byF
9ZvG1zHoQ3Xcot69dIkG8kYtrEhDC6lLlaIy012/4TWeAut6reuGzkdYicMq1W0Pibtji8z9epIs
hCz4LlwuwD+4o+KlVVjoJ9tGjqR5bPkYOW5can70iFjI2lMAZAFY2+TAfvHvrM/P8rweni27XLrV
D3e4v1Iy6FJqwkQKH8n1uxq3HzOd8XRWlpF5acwRVxJuNIeqrPSRrPA3cu7vvyUMLK5ngBE+4usw
rbRdeQayn8KgEnzHN2NAMQqvAwj4nlwjY7C9XLu1C2OQQyF+DlDZ/F0N0Ho80/0juKXBjSBZ/Dhm
DEVgRSMEpe7GeNJxUIXXXwChe6dNk7koETkt/L62PHHcWqPOM2AzlEF+CSxDjec6cf23sykAyOyf
Og1dDwKSUGZo/mQBrvVjKnOtm+atbdP79bdulbVdn+OoAKncM/pY0xTs1s2NBn1tr16ilGXm4XTe
FOOPASYz+DMG77LCU1cGBRG0PTiX3g3q42JDsQ665h6evUhQMNTeJ055mnWrzspqSVlZwh4AGmEt
yt++PbNLdHJ7/Pj3ezSQlUSgpIBvkCUMwu9kJQEAsea6biZSYF3lC5BuYtFilLZ8OUrJ3wO92ef5
+3HiUJ11/lPBz6tblw7NnWcxESiQZbIT6LgBxX0lBhUnsKLNiVWrZP5IfXksKYW+0/jEuIJiDnx8
61gz24l1F3MRAWO/1upV4uveisOP/ok1F+WZ/ezLGNSxpHXWtNreErzGZKzuvp8OavDxLEtR7jTn
IzIJWgewRsK3PcJuVliYVYV/i9vWCMsXNSLxs7DcAzj1MZLaA5QCl7VuTZvYLYUE9BNCUF/hNLS1
Cs+9DU9YYWherZqicIo0lvxwYZRnspj4+k5AX4wrWMh97LoKk29C7Su4S4JrIvPdhHV6RK7cdJ7X
Va2bVM2on+kCArcRMHd6fPqZnOs6Fnb/+Cd3X9dcjD/QrGu90JflWclmPq8J+q3sqnjYY0riefin
69ZxVs4NLXzA3zpNDx2kiIbveR2r4noDiYPmidZZ0jBzT8So7oYTvsgiAKyH1ivBz15/YH3uUcsf
+B9s6bx+0SQBE03Adt/W5dSzQWEBn0GLjmf2gIVk76Yl9D6DuIlTZHB7HBqwPnVwS1o0pR9VbTlU
rK/dEgZdeGOxjvLV9zaSJeI6gG5eQzP2+54hV1G9tI6wFvZEMx/aMyuDoJNXCaxPH9qG2QD6UJEK
zSn7N+XE0vwyg+d9mxVj5YjrbFHPoGu5RlaVsPicO3mAHt6/Q2N71KFrl4M3X9KzDPL/UJtB5qM0
qX8T+q5CMypbv6ektfzF84KTMXdx+rZcE4r4fhQ6tHM1AQTXl0VowHrilBmpSvMhbP0UgaYNbkEY
Ox9+FJcGzjkSYtzcu3uTfj19ROLOH99dLMDteWujDu1cS93quj5AtR7mS0njAcQ3GRu0X6AoAhcG
tdqPpZQZ8soL7di+zdSHKeyRn12xYsvyGTS4XXnJNvKHH1GdjhPEWh1W/GN71Ga5X5NnJrDeqnx6
C1iXOhofOFo/AOv1u021gEZYnp88tJ2GcFkmsA5GAbgjgAU6nmk5ms/jh/dFdtevnJPneh8yKVKx
BaXKlJ92r18oigtNWckkQ+5ibBnoUqjxVRanj+ym1hUzSj+2GbKUWQm+YKvHJ3Rs3ybqzkA+2mpX
PvEXWD+9/zRbaC5lADwSrZ+9gYGAK7Lp/031wsK08eTxE/os1WdiXa79f3zncaqXyfUDCWBEu5nt
6JMUn9Dj+49pNQNT41qNlToKiLog2I8tgB5Y4AK83rk8eK0AyNBoJFspMIA5lEGWCJEi0LhD4yh8
hPAq5hc6KggbFrC+aOQiGszWlgiwKqzcpTJFixNNrOyndJ5C62atk2emb3P12YsHkE/z8c0FFL91
5RYhzYENByQNgNcuC7pY4xB1ggzBFlCpK/v8LZyRAOjsXrGbupXpJmmGbhvGlteuD3MA67XT8TwI
Aq8wBrQ/JHLQP1jV24F1PLp06hLdvMRWTcwI0On7TvxB9neotPj+yOLWb7do/7oD1LN8D6lNxPcj
UotJLdnq9zNaw76XJwYpLMDVQEIeUy8StE8BkCOgrOq9a1Astlzex4oOP/WbLWMwLltijz883lJQ
8FXuyPvE7pNUN0Mdih43OvVc2lPG+tMnT+nQxkMCKKMv7MC6WT/UrenYppQ2X1rps4NsfdyhaHup
H6z6UT8d6xvmbKCuJbuiWMLcAivBm6xcsWDIfDq48aCkwTMFeHHuT7jOFv6df+jMbTshyTGWvsr/
FeVjFgmwWAyrP9Qqq+eynpT+6/QSD0wT5w6fY2vyq1Y/4wHSl2xRigHQr8RCd+GwhdRxDkD5rJIO
/3wZg2DOmNl7Ji0du5Tefe9d6jCnozBAQNEEc+EM93vbwm0k7/rDGrCleHqxsscNAOvlPisnQHL9
IfUpRbYUslE6n2U4o8cMuT/hyAT6INoHkh7917/6AFo+wWXdDWvhEk1KUKQokWgvW/EPZ/p9xEFQ
uUNGB3isdyrRSe6DWrzOwDr0YSyXhT6UFloUaCHAKizkaw+oTfGSuDYaJYEP/1DWvEHzaCqzFWjA
mlm9Z3UB0SGn88fO849YonJty1FlXk8QYPmM9R3pB9UZ5GIo4PvoqyxFs1CR2kXoHKcb2XgE/dis
JFXvVU2eeTP3kUe9IfWoaN2iokBSJ33YaxOA9VZTW1lrIEQ6puVonqs/SbkY67lK5aJ333+Xfj1+
kfpX68f9fEaeTTwxieIliivtgoKQKgygHrrm3uQ1d6rDmvsXe5dqCsUYtgBH0L5EWjNEjxedxvDa
ZAfWMdfBxPEGKwMdZXaRca3HhUp1f+/2PaqcrLKs1Sij/ez2lCZPGin3wPoD7Maji5yjDycemyjl
SV8dOEOTOkyiXSt2SpsLVikoiikPfn9Ivcr3FDYJyLDN9Dby3Kx74Px1lsDrDaw/ZIsG+O57yBZv
VdgyOUmB/LIJc+PkLzStbBmmTT4UAtS8w4Dm5B9+oIu7d0vHY54lKVCA0rKF4uPbtwgWajLP+X41
3hT6vODXsj7CumhS8e9l/qTjjc5czZuL1dl99gG+ccAAsTLjh1Rhzk+UimlcEZ7cf0CDM2aUDSuU
k4+t0lPw5jiUyHcxyAVLOC4sRB2R9jlvcF7YuUOsobGxt6RVawoNWMc3MPx9wnoSlh47eFMXZWbk
jUtYqcMiBX+w/gFwh3D9xEmhgN0/a5bIrcaKFWwRkkfWWYACR3ijEZu6yKcUW8GmgpW3jz4iUQ6A
9ZG5c9OFrdtw6ZIvH5GvGT4AsM6ADZQgrMBrvQLriJ+1fn3KzBavsGyczXXDBjUA1LIzplv5QYFi
SMZM4hMX9L0/srVn4nx5Ocv/0NlNmxiocP2W/PCzz6gZ+80Nxxb8/oRnjx7Tb0xlvbJTJzrJslNg
HXnBQuov7hMoflzet89S7pByuE1bGUTFZmYqpuwHXf/7TPf9B8v8wOxZbIFdR6K59Ten8WcMSka+
/pP6jeD61ROZpmRry6+7MCU5Azq/X7rsNmaKM+iVhduB4M8Y9LVqiA9gfRBbWAoQihv4IOCx4T6a
SKz7yjAwajInmsA6FB5gDftR8mRiMQcQF8G0FsX14QULLSWX9Jj7LTD344v/2o39g+Y+x6vAQCzm
iL9hHst7GwP43/XvT7C+9zbcYKvHXmAP4BAvfXoqyuMpFit8YL7vZ0t0zB/ICP0EkBLzCADFxOLF
6Chbg0F23/A4/apCeQoXMSIBKPupeg22jHd99zSC4kq6r7ytjls8bJIPz55D1tvSvIagDKeAfgGb
BdZbzFmErSNccwTnUHgATbWMQbYsByU22oZgApW/7twlay7uQ1Gn/KyZYjkLVpB9zBgCkB+yAJBS
mdlLVIECgMOjW7cYyO8p1nFIj4Ax8v2oUWJ1u5DXnnCRIrHF8SFZB6FA0yeZS1kRdf6G11/4SAfT
h67tyMMJxEV7MZfeZAavyfxe4RFsAZ1IYwbsE8JaeEWHjlbdMA5huQdfzzPKVxAq/S95HSxnrIPI
Q0EeAChFGdD9NFtWsX7dPHiIKM7gfnNewyJFjyZFruvVm5YxCwiCp+9dPIMVuwms+zMGkY8qk8Ci
u8iggbIOPmFmhv3MIAAmCvSVE8sB0voTFAx16hN7fseWLaPx3xQWFhu8l2Btbg+QEayPI8WITvH5
XW8GKMGMY9aYLKwUgHXyzMaNNCJnLskPVutgjrEHBdbxPYM5B9/Y47gOWA8wf8EuAbZPe1n2fDxd
Yz5CEeARM9XA6hjvWgWyTGBd433B78pC3bvRHaaGB6vFkpYtJWusI2D9gEzgF/nSnj3CcICHUHTJ
0awps/5EpysMgPX/MrVVHaw9mbkdiZiRAM9Ws397yBD5NOUxropu/9Sai4r5OwZ1LCGP+KyMWGzI
YFkXljRvQcdZEQMAYItjR+mdoHEDhps+DJjjvQU5lGNAMzF/b2GMw3XAFJ4DkIUA17weATi8z9+2
V/YfoHk8F6C4ppbiT9mSHN+wz/k3Jp7FYxag0FgMnPoY9TYDysY7H/LAOwHMHOkqVqKHvC4ubtZM
3neIL/XjsWOCoWY+3pyjrDnVqtPOCROkLLBw5GjShFlxogj7x8KGDUUWyMsE1v15J9z77Tc6tW49
zWDLdASs1fiejcNW+HgnLGelGARVZpEL/vcry3dw+gzyvVxt2VJ5j+CdCpcNY5mtAW1wAtaR/iLP
BzA3PLx1W743lfnB/BbRcvyVuz9rLt4ll1kZ6PGduzJuRMEDFeH+TlGsKGXmb0+8939mJcEc3Odg
vMJY9TWgnJFBSglIizYi2PNygeTuyrQ6VgVY57Kx/n9eqCCdZ3YvKAJyZlR68iRhlZFM+Z+vsmj6
9xBN6t/xjWAcz78M/h2pXmtgHQAbQHLQWyOcO7Hf6pW8xatTzbaj5Fotkk3/6VZEL04UWO87A77K
U0qKZ0wBByrt/i1KyLUnS3g89AZYRzwtB+eYaGgbAEidfLAUzvZ1aTy2wpYVM2kwb/4KMNh/vtuP
JW/LRWYKWr4KKnipLK8ffzGV0uPHD7k9bIUf6QPazxTcPRt+GwLU1MaZ7AOQB0Dl3EUq62PemHjK
AE84uUbfwz0AgpOSw4kD26hDtewiSzv4reMj6ZdZxPr9rbdcdMIAzpuUSCF5wg0A6NM9BfXTbs/b
jI9FFT9YxveuL1Tw3SdtZSWOjEJTiHiQi7ZH0+3ZsIh6Ny0mVvu9pu6iaDHdwYTrV85T3W9doBoA
6Ix5itOjB/eoRZm0opCQOf+P1IABBFPjDO4D4MLg6qWzbrKCiwVQ1W9dOUvGlILhqLen+uG+1sEE
1iWB8Uzz0vt61LS4huJAu+ErmWXCBTrhHgDwt4No7v2RBfLQOWJZpb/xJk8wPCFhs4BCQdpshYWZ
QF9w/gLrrlxd/4c1YP/NwxYI0AcLS6cAC4hmeZvTQQaMQbfdZ1UfAcLNuFt/5rHLFoIIAzcOYmtI
15jUOFoOrovUKUK1+teyKJ//5D71x6pT83Y6KsgZGrCOZyViu9bGki0YZGLQSmWLPLGmjWWFgdl9
ZwswBzAUwFxftt5dyVa8MeLGoKHbhwoQr3UAWNK5RGeCxaMdeNU4+E4BVTTo9hEifhCRpnaZQpM7
Tw7hQx2ywQfdupnrqUe57tZzlIOAvgFFd1gB7VgxaYVHYN0fWYCGGUGthQGGjtwzkuIGgWGQH6w+
IYu2M9oxrXeu4Gq6vtWCrz2dBc0BPNY+BbAe+7PYNIQtOQFUaQCA1TRPU7nsyKBs9u+z6yM5+iL3
tUzxD3m7FEW60JuGa5Qbl10KD5nYEr/JmCbWmNnG9O/tGTyHlfDI3SMFJDcr8BvA3yCragDQ2Zn2
Gq4VYEkO5QnMi7qD6gpwqunmDJxLo5ryjyUOCvDqM3+O2xZt5zq2k6QNhjdkoPU7K5uH9x5S99Ld
RQHGDv4jkvYzzqE40JtptT/P4FICwT2AkUrjjmt7CGsMIr5Zxsg9oyhxmkRWNqrsAGv/CccmOI57
9DHo0J8x9TkAeVhyN8/fTJgHTPmdYvC5VtqakjdA+qIsezPAVUOj7C5Ft5G7RrKLAdfmJ+Koz3s7
E8NDBkPrZ6kvluH2NGbe3p6bsgDg2mB4A0u+mFszes6kCe3GS3ZTT09jFoRYVtZgC4BSjrI0NBvX
jL6uzEBTUMD6o+tGmHOfN3LHtnZfBzH3rbWJ50rPCj0t4Dm0tQlU/1CAwDrbc3kvUcrQOmGH8hnX
u2G2BnSSFVtAYV9vcD1eh4n6Vu1DqyavkjkFxgcoP2mA64UuP3pecxWUl/V4XmdN5jry+hLWuwd1
BhuBR4t1rt/MvsxWxGss5sWI3SOsNVALg4IJ/Lwj1Oxbi5U4fpBztHkoK3Es5HdwKVZSqdbTpeiA
hyfYHQCYNrDWAfyH8lkg/K9I4PUG1hXYAPjR8uQJ9sXnUnhC7+I3EwCLaydPUlMGAcIzICKB54rQ
wfKGMdaPYsOZmhgb+EEBgPL00qVlYxTAa3MGXv/m+a1AbQEGUfN36KDR5Qhlw6UMfK/v04ckDYCX
dyKIH1MFpusyoOtGZ8v12DrSBV46WTSbBdw+d466szW6G9BqRrCdS3y2mLEDzrZocqkbUpBFnQ0b
6NPs2VzRuH47mIocm5/w9Vppgftvbqe8vLkHq5g+bDGT/LtvqeK8eW5JUAcFuqwHXA8F1guwRaAp
+3MM1A/LmpWSw6oO9QOri/Tvz2LlB7k23L2LosSNZ2WHk9vnWZ6wKOLyBAzlTV2/Q1D9LB/wvMFt
BTxr2IAO/jTHDViHYgXYAEDZLcB0HQDp+pH6N51cs5bGsrJHWfa3m7p0KcnOVBbwegz6oQSBwrAR
3Tl2HJFPbgZJQEmOvtEAUBYAJSiQIeOmPN4BopjBlzFopvP2XH/D7585kzdby1ngpfUbnmX8VpAb
BTNPBdYBDjTYsV2AUDzHb6BRefKKf+MGzGQQP5MLJIMbByjHYJM3f6eOVIDBTXtYwhZ+UGqBGwmA
8v4on+BbbCaDGHBp4Qj68VgKEYK6RObHUN58ZhCvMivD2N3sHVns8vWN9K2YVh3uL84wze8IBrcQ
nKzSYcU9gpVhLu7aLeABrFZlb8WpHpKLwz+uH/IZlD6DKBfZgQuHFNYtUEV3jhVbrgHUfdOrp/sY
ZHktaekag+jLZgxURoz2odWH6L+abGFrrftBOYNWFoo1CHUZ6LTWu6DnCmziMjPPyyID+lt07Rhz
uj5hvEDR6ihbtmPNr791i8yFoGzY+n4Njc6fXy4d+1Mj8hFKU7uZMltBM+OR26nWzS4PBYAw/sD4
YW8z1kS8owDGARjC+ID7itH58os1pglcoUC0EyDe0MxZhAoeeUbi+Y0xqsHcZ8M9f8Yg8ptdpaq8
J0U5QlwEBK8zv6xdQ2OYarkMr4NpgtZBLd/fo4KhYfUJ8te4oYFinuqBtk1moBQU93U38TjLls0C
sLGW4F37WQ73vQXkpX0s+eqay3m9TOUCKC3cZMUOKAiB5luBLBNYxzq6aeAg6fevKlaQuafxUP/v
WJkwR+NgcOkyg78D2Drf6VsG4xvrI9639VgWn/A7WwMUWgDA3b92TSipwdLyT625qMOLjEEdH8LE
sX6dte7CvQ6sghGwLr3HShcI+D7EmgUlAri8wDpshhunoSCVBJUSBpScrDiDoFT9Zv9oOn0WlnsA
7TunPDQvuFIanMH13is9ZQq7zCmnj2TtmPpjSVEaehnAujA9pEkr+TuN7XNbt9IwMLCwLHR98ued
oLKHglH3Tz4NIXv0/6RixYUhqtzMGfLNrI3ex+5HAOSKNTsrYb2J/fSgIMp96dIxm0thglsJ8/tI
4+DoTf/4K3d/1lytm9ZLwWson2aoUlkfi7KM0/eTFcGHE8zxPsxcoewXZlKnb34dq6hbjZUrKUn+
fFaS9X36inKPXfnQV1n0/Cx09iyrQE8nAWDdk2T+f+4rqOwJgDNrpSAwgHWniYtFAaB0q0FM15Qm
m0WJ/qLAOqxo3/iPi7IYoDACyk+SKrMbIGvWFefeANxmm5CmfpfJYt0Nf+OwzF4zf6yAq4PmHbMs
9BFPrfGd2nb14mmqXzSJmyUx0jgFLf9VAOtXzv/CVPBDBEx2Ktup7oindUI/N+aNboDEnoKCp7Hi
JyaA4AqOm/FXzRtN43rWpf6zD1G8z1watXiuwHqt9mPcrMXxI6Ffs+/F33dogLmZR1jxEFfHui9x
kQ6sBfAVrgFjD8oHUwc1F0tznTvqHgBzALKIFvNjTWIdVdGgHsZZIdZ2MoLKQ/MzHjmehja+9Zmn
vPQ56tptwhaxJncshG+q3PDcW1kg7q+nj1LTki6FmE+SphZFjijRYokSASz9oTAR79Pk/OMwmI78
ZQLrJuiE+pgBgBtoxWFROnDDQEqZ3VVPMw7WMwVRTTpojaPAOgBsUKs7af9p3JdxVBA2NGD9LKh4
U1azQHMFis3yYfkJgAptH8bW5AlSJGBL5roCnnVb1F2szs34OAdY2jR3U1FCaDy6cXBb+bct/DlP
6jhJLJHt6XBtWsabz0GfD/DI03MzrtM55A9f8JOOTwphnYn4/sgCfo0RABpVTFKRYMHbdkbb4Pby
MwWozXoDeFs+YTk9uvdI0nv6hz7MxuC4UidrnwIsHLadN6MMUFfzmAIFhU6TxWd9k7FNXHXxQ+6g
aa7GYwMhEYO7mb/NTFFjReX5+B+xksZYgSKKOR91jCNNZwbwUF8Nsg4yaDiq+SgB0VUeyn4AMN60
qNZ0AEgxlgD0hjZHNX5YRx1HnpQ+TDAXiiSmso32MxQooNQAxgpfQlhjEHlhHRlQYwAtY9/TBasU
Yqt/l+IC7nco1pG2sT/3VpNbU77yed2KBr34FvbRPrHDRMtK2y0CX5jy03EJP9bjDo8TEN4ef/Ho
JTSYrb7BpGHKAZbp5ROVl+h91/SlNLnTyPm8wfNoROMRjvPAnrc31ypvjA30hX19wthomLWhMBC0
ZJaI/Mw8oMGcK+1ntqecJXPqoxDHF5n7yGzjnI0E6nqPwLNRIuJ2KdlFvklh7R/1o6iyMa5RAPZD
0QtMDTpGn7ACUj0GmMF+0m1RN8r4jWsDQdPgeIcVU5qxUk3yTMmp0ahGbmvQxV8uCqjttD6ZeXg6
R/rKn1f22L6/GKwQ4H/KKqreozqValkqZFa8Bi0a5WJH0XYJoM/3Aaz/PHwhjd43WphiNPGjB4+l
3WB8USt3fRY4vu4SeL2BdWz+90/1pVgtY7MyQ9UqDHIkFEDtvZgxxboxxudJ3f138lyRDVG2FBbA
mAEjBUt0NCgoiPdtMwYNAUT0SpJUHqerVEnSwRpFA6wOAVTBSlE3liN8EJnm1GCLnPETxEocFqH2
AABjVuUq4uuxyb69sulnj4PrG7/8Qr2Sfu41sC7xub4Ar0FvaW+fWxksjwVsHQS/rgmyMlXzehdV
MyxtYI0JNgAnqnW3PHy40Lp5DVagfmxxC+DabiUJv6h9v2BWGe4npfsHiCSbbGAD4PuVGLw3+wr3
/mSli8XNmhPSe6us4LGJRv1Mi3WJL7INCayjjrsnT5K+R7wUzHDwMVsav8vU1PCZGpUBMliwR0+Y
kNvgKlnlhitvx6Cb5b8rG6/+w9d2/5SpPILmyARsEYPTpSfMlfrbtoawoNT6ejUGvaqVcyQFN7wB
ypCDAutONPGbBg0WSy0zL42PtLDQTF6kiNt4Qn+dYZAMc/9FAAcTgDbLR7lXDh5in+E3ZZzjGgEb
4/Bh/C5bNQIMwSY0rL++53mCvDSgfrcvXKDFTV3KwgpS7J7kGn+gqK29bq2bQYKmVcDWbBdo1q+y
cgzmnKcA8BZ+0mFlZm6S+wKsgwkC9OcCmrOygl1xA2XDnyqYC2B112D7NvqI16sBqdPIdd2NUBIK
CVziN8BEBlIAiNvBQeSpwCbAa7uPezzX8PQBKwywz3YoCkFBA/7b7WFl5y60qlMnZ0UJIzLKhM9r
b4F1uxx17DwMskI2LUkh/8PzF7BLh/YiF6NY61THhHWDT7TfQgPiNL7G9XUMIr1QXVd2ATqgDv+Y
lTCC18FPgtZBBiA9DzethlfHsNaL369ckTU4UrRoLwSsK704xi/k+84HH8h3xFIGVrFWfFmqpChO
2fewdPzl4/6Kxuv/78zOsYxd3XjrE94rIdgiaf9509eHF7KLGnbrgnbBwvz9WDHl9/ZEvgf2ixJj
x7Lv+qpuJWibnOYbIqplPxRD4OIC9RCAmZ+9yjVXK+nvGNSxZO8b7KdDqRPufHRuYd1RJRJ8C4I5
yClsGzmK3YHUcbOEDq1/9NnLANbhsx1KavJtxswX9u/Gu8wU0pWVFM33gVMbvLmnZUVnphUoo9mV
wZDHtlGjaT7LAt/g8I3uzztBmR30Pe703al1sb93tTzUBe8zAMP4LoNRHr7R3mOWj49YgcLcv0Nc
M3jTP1q+L3LXfP1Zc1E/M305ZqxKXdIz5mS2x5/z0GTvlJ/WDetA61O/WAw2iHuelR6HZsnqOD98
kcXANFudivb+XgBY915W/0RMBc08AXBmHRRwBQg8YM5hej9yNHmMH+S3mXp6+hB+SbPVrdJj79qw
UCxwAbr2Y6vzcKw170vQutk/mgHSFavcir7K8Z0jkKtlKHjoZNGrcaAJ17EG/EBvDWHB/eDeHWpV
Lr1YINvB2KuXzlD9Iold4Hk/980C+JRuVyVbiPy0TPNoytQO3pvxfD0/d5wtydl3PQLk90W6XBQ/
UUpRNti3ZZl8fHiSi9bpwb3bjlTsTc5OdQAAQABJREFUZl0UDM71XWW2bB/jtvlrxnM617ROY0/7
3i53ez6aR1jxkM7bPBF3XK96lkKCffzhuRnKN+oj9Pc63jxR2JtpnM61LU6W/07xtTwn1gQdn06y
RV6aFhTzDXsE0xY6leOPLJAPPt7mjOlCc8d2lWx5/8YV+L6GEjU60A/V21vj5p8C1n898avQ3ALg
8QTMov5dmO5207xNZAd5UH8FHWF5B5r5Vx0UWAoNWFdwLWcJBoRnugPCWj/4foYfXADrYw+MJdCM
q79uXH+a8lONGuZx8ejFNKj2IPmhCfJDUM+/F/U9OnPwjNAOQ4YKuNozU0C0/lC2rq3rbl1rj+t0
HRao6Y8stO0KAAIwMqnvUY/getcXCmncM2WK69BCzb416cemrg9H7dP7t+/ThKMThC7cnlYtsk3w
yh+5oy8mM8X0NGbSMAPua6jQoQKV71Demo9D6g6hn0f+LI/DWgdroF1NStAGgJIMNMJf+NiDYx2t
Z3XumMCw1sHXo/YHLO2/qRbS/6LKGMoL9vK0n/2lpg5rDGpbQGVek63JAeBjvfkw9oeW4keUGEyl
fdxFpa3x0SdgidjMwDrkjnSYW1CCAIuA+j0326NyKFi5IFkKGJqhF0dYcM/qPYtSZE3BfrP7E+jy
K31eSZQmRrGlPZQxXjRY8i7JVOAznKnAdWzY1w3tx9DmitbvReY+8vAHWEe6sOZICviAX9uXNbD/
ZBcadcUdAd4fuu4gD2+CAutO65O36UMD1hUAB/APpgrHvudlY8XkFcJ2AvYBzD/ZmOP7CqyP2DnC
jRlBFAq43Ri/AWDdm556neK83sA6AEr1RR78RuX+M96v2FirsWoV03EGW6zLhmjJkiQ+MG2bwOh9
tQ6+ygAjwFJQRyqwzgtOqHv8kdiCF/SfoF8XgJeBrtIMYnmiQPZmtAlI6S+wDrpjgynHqTxVJEDb
aq1ZzTStuWnT4EEMMjahL1lOoFkPKw+nfJ3uuQGuXtRNgXIni3Dtpwds7WYC6/AhK3SmXIGw3g+F
+/WlnExB6nfggafAvyOwzkoB8NVs1S+oIPi3BsXvBd4odBy73BdVFi4U5QgkUblJcm/HINOq+hy4
MrLRy7SpTpvQmp8qtWDs2P19I47WV4B1b/pZM/bxqOCGk9WbU1a6ySsUruzewRzXwXkNtejtNb7k
FZbcGWyy97NTHTzdUwBKlD3quej18V1q+YhFQmNtgx9j0IGD2ln9o4aFP0IJ4mMGgRXksYNCZt1+
4/WvHytYKOAFS2hNZ8ZzOlefslBqUYt1+C3HePAmqLVgaGMQgDLqB2AdVtVQIoBrkNCAH8gT/twP
scKNnU4W9dI+sIPX9jpfO8E08FwWFLpanzntCPwLM0qRoi8dWFewTutkAhEmOI+2qtU01nZQUoNy
HcDQUaYah5Uwgj0/3POUJ57ZA+L6OgYV8Prj3j0ai3WQLVQd10EuzJdxY6+b/dppjmsctAOWxuLD
nC2QD8z+SSxWAf41ZfpkJ+p2TWs/bmdQUKjs7Q+CrjFuQAcfJb67MZB9/InRE4/x9Kx8oBbMHrL0
+7avfS0MHqzsg/Unb9s2pO4X4GIG/pLtCl32NtkrqtbEOm9BU6/AepjfWy+45qIu/o7B0MaStlnn
liq/YJ2GtTqAWqegID9cPWBtxvsptP7RZy8DWFdXJAV7dKe8zMJiD1qWNwoY9rT2a5Wd2U57HPu1
P++E2OwSBUHf496+95EG6+eqTp1d7gpwQ4PxDgaDUr6OHdy+IzQajiqz0PrHH7kjX3/XXLNecBtl
uisw6/6yzkOTvVMZKjOncSasDokSu32b+iOLwel3OhXt/b0AsO69rP6JmAo2egLgzDoo4OrJulp9
i3/A/tIBEt+4coFpwl30Gr2n7aZPP3devM0yzHOtG+jeAQzDShjhnQgRzWgezxU8dAIezUQT+zSk
ZbOH0Q/V2lHJ2p2tR48e/E4Vc0SVaztwq9bJ2tZI7FNcw4ZFk2h456qUtUApN7/Y+tw8hiVTM64v
5wqGZs5Xgio2HUBRo7torJAH/JM3LZnKBfzbaOzx3Jc6KRjsCaRHfhLwlWr7laVpncae9r1d7kG5
WQfNI6x4SKB59p7OYzFp6GNxPAPrK+aMpDRZC1Hput2Z5jrYIsQqnE+wrRXz44TCZqDjzWlMmGnk
i90mCzzXttgt+N3SGhdanhPzgCp3OMkWWWjasOYG4vojC6RDeHj/rlj1nz66m/3LX5V7jx/cozUL
xlr+5s2++6eAddNqe9KJyRSPwWWnoMCiE/irAJAJbjnl8bLuKbAUGrAOuuE67EfbifZa64F8an1V
y6J3jvd5PMtiPdS26C/NoLFr5lOVLfYBjgMA1LB62mrqVaFXmMC6J0BU8/F0DAvU9EcWSo+tAKAT
cKUApgn8gTK8cY7GQvfsqb56v+vP3SxWAO1T+Kgfxxa8H30cQ6NZx7Uz1jKFew/L2vXPZ39a/eer
3B/cfchA6R2hZL7N4BYC6L6Xjl3iCNYOqcfA+oifxaK2SrcqbhbrVgX5BBvGcRLFEeYAVQRIniU5
DVw/0I0GHmnwA6EPux5Yxa4HQh1vZgGhnGt/lG9fnip1rhQiJpQelJHBzgoQWj+HyMjhRlhjUJNg
Q6I5u544wK4ndLwPZcYF0GXX6l+bSjT+QaPK8SJotpkxAaHz/C4yXkABjwD5qesGU34qB9C5d13Y
xeOPK0/vH9Oyf/iO4eLvHOVA6aD1tNae85NaefdP5e3N2LCvuTpXQlv/tBYvMveRhwLrjaGsUbWQ
Zut43DBnAyuSdBUXDmB1CE1jHAoVMeLFYLcxLsttANfDGXxOYtDyuxViW3P1mQLrr8piHfS6nVmp
bMuCzcLYkatkLi06+Mh1k7azZb+p9IPx9aLA+uOHf9CtKzdZGTc8uydh6kKH76XgigTO/h0SeM2B
de4EbIr+ce+++DS8zQALaLafsY/tE6tW0vktbJXA70k3q2SeK7Kpxxbr+XhT7OvOnUJ0pfpGv84U
hvXZEhLAOqgMkRfoyyPHjSPlhEjIN95hOvoYSZPI7xQBeNk/r+mHOkQaD+uNGe9VA+tYP5TOGrTq
2NAdwjTAdwCaMqAQO1VIdimzfr6cK+AaGmDmlh/XzRNw7RFYZ1ByG/tnTsbU2AXZPyw23pzCf5iV
L1qihCGAAKe4Hu+FUj+4OZnM1ui/7tgZAnCFgQH8IwOYvnzgoPjSRRmwmNw8aJB8cyj7AYAKpdP0
aQzyePUnXGD67yEMvobmgx6yh7Uw5kgIhQIuVPv5nwLWQwOITRmEtsmrm/2m5ZoCqMijIrNbADzC
GuMUsE7ESJpUvs2dnod1TzfYxYqPQTcwYSBc3LuX7l/5jd5g5ozTbB0PWuXI8eJS431sPMN0/wpc
Y6wnLViQ/mSfx04BwHOsL74Q60C1jDT9rtvTqKsNAF4tg/wxw8/3GgbUwgqwuC3Aayu+nRXIhp/0
ckyv6/F7DWth0JBVa3mA+qBTDufgjxqU0QPZ9QLAKgBYGK9qwd6Sge8YSRI7VnNeHZfijZMyhh0Q
c8yAbyoYCIC0FbsbgeWuPeybzhagrKBijid7HFyjTF8s1hWs07w8ARE61hGvEiu3JCv8jcVMgH6Z
zeAdgDx7fojvKU88swcTNPRlDCIfMM/98fvdUNdBBVxNS3x7Hby9dprjmlbbrCAYfIAPDKKrbryH
wdC0oexhGmMXbBKwqoQP7BTFi4WwxgW7DZQahP4+SIFG6+A0/uCaA+4lIjCjyasI2m4nIMupPLUw
R7+ARQb+mOHuxMlaHem1TdXYZ/3nBYNdiWne9nUGsoHSCsKrXnNRhr9jMLSxpG3WuWWug+XYfUlq
ZixwCgdYjlNZmVEA4CD3NqH1z/3rN5jZIwUlzJnzhX2sK2U/1u6vu3QOUb0nzNIxmL8LnJgxQkQO
44bKDjTrlVmB0FRws5JiTiG8wDsBvucRdC30BVjHd/FjXpvuX78uLlEwPxDw3baDmRlCU0ySiPxP
+07XFKd2+iP3F1lzUTetl7dzXtvjz1Fl7+03f2h107zMfvRHFs3fHOFPU4LTBID1YFn8N5wp2OgJ
gDPrGBbgev7EAWrOQLoCi/Bb3aZiRrp45pjQtncYsSqk1Tp/UB0/sFUAuLTZvnH7EaB18wYINeup
5woeOgGPGgfHOWM600+ju7Af8Spida1a5abP7B6Tt7EP6gxWsj/YZ3nrChnp0tlj1HnsBqG+x0Ns
oHeplZeO7t0YJo064oclU8TxNZh1az9iJaXMkDc4C16cV84dKRbZnuTiS52UEh8F9Ju5n+Intm16
cHnH9m+m3Rt+ZqvuxhQ1BvtKCwoKJDuNPe17E3TVdOZR8wgrHtIoQNxx5Gr6In1uMxugFS6/4uHf
kfs/T+5L05iBAcB6i37sz+Ttt9zj44rTPGSQGIoe8PF0/Uqw3/W6nSdSzsIVQqS5+utpWs2gcjpm
W4BveTNoW0rV6UrfV21jPpKy/mD3BKZSiY5vJ6WGhZP60PShrclJtshY03oaA2bh/sgC6fdsXEy9
mxQlJ3ljjHWonpPOMOBu9t0/BawDpKn9VW0Bj0o2L0k1etWwPpi07eo7F9ed5nRiCu8gf49BEf4b
gfXLpy9ThcSucdd1YVfK/F1mbY513Ma+49sH+Y6fzEoFMT+JadEvf83Wrk1hefjmG1Z8nDxkivPF
IxdR5I8i09eVXD9GFCTD8wU3FtD7H76PUwkAZjqwL3LQXJsAtD7HUYFAALZl27i7ReCpJX6lI0R0
zUcznZ6HBWr6IwtY7yNo25yAK623p3Zp/bw5KlgIa2qncQgArmHWBuJXGr6KS7csbdUN+fsidwW8
+65mqu887j/KUY9GORqJYoAJ1s5iP8tjW46lDIUyiuX+W2+7wF2zbegruFaI8O47vE6+6VY/p7LO
Hj4rjAnIwyzLzNOXc+0PKHXAFzSo0K3AdVs+cTn1q9ZPlD7GHxnv5ic+tH628gjlJKwxaCbdt2Yf
+0ZvTgCVm41tRo1zNmZrxKdkrxPSaJswHsFkYPrMvnvjd7F2BuOEKb+dy3ZSm8Ku94YjiwbLAm4b
MP9/aPKDm09vradares1jo55mRF8OFd5I4msqcV5TQ36oYp76oMb5/1W96PUeVLjVILOFW+A9TDn
PssClv/mOqhzH4UJvXupLlSla9hr04GNB6hprqYCrI/eN4Y+jOVSxnTV2vVf1zP8kA0fIRx/azyn
RtlclPdi7T3aac19yGvuYrc1V/NUYD2lWMD3c1de4bY9ffqMwmEj3JCtpsUxLCp4/IgfxnTuoLCP
lyQejWEmk3DhXRvrms+TR09kDJ/cc5KK1StGdQfXdX2/c9oXAdbNMYKy4Gqles/qbr8NtA6B479J
Aq83sK6W1nl5I7Bg587uc4/nBPxAr+/b1yOwDiCsEW9+i6/LoHmLDdCdEyaIb3E8bwaaSv6t0f/L
1EIdXnP1akrMvodDzHMu79nTJwJqwTLQBKsB+IDqHfmZAb9dD8DfKVs85mrenP2yO397+Quse7uR
hTqpLM36pWZf82WmTXXe9DQj+nCugKsjBXWQDN8OFz5YvnzPV2B9Xd8+BMpdAOsVGVB6y/5bkvOE
z2EoZYR7l39L2p/70B70s9avPlufx88YvGfxgDe9+/KmN/Y33CyZg9LsYT+mLRiY/iB2LLcStS9M
YB3gis9j0C1X7y9unIKvVwYlud5iNc/KFm7jnesPpgjQ/0rbAGImTuRWgPazL2PQLQMvL3SDXq0n
rWRBfQy/0uG5j7X+ujHrVC/NywRCsfEMdxPYXK+5Zo13c9+qhG8nZ9jn94icuSSRi+WCf1favieO
Ll5ME74rQqWnTGYfuOXdfMMX6tGD8vCaZ0+DMSrjnQEBBecOzp3HgHcJsbiGdTYAbLfAaWT9ZL/A
eOav73jkeWDOXJrKikwI1VesoKTwPW62i8t6cOsmnVyxUnxRw4pXLdOQRiyWncYgW12rv/SWJ09Q
lI8/tqz4sJ4WFr/OyCE46NzCnQpz51Iqph83A+byFvZXr4CY+cw8x+a/Wgw6yR2MFPBRDtDfHE9m
Hnr+qoB1Hc9Q1IBVokXtDHnfvEFDMmYSa3+ntipYARBNKb+1vhhPf/75XJQm3mJlD7zHRuXJKy4R
nGQh6TiNfQziPtoOtwRQ3PggdmyrCJyo8sL/F7D+HMpDDCReO3qM4Ee75mreT2eA2y3w98LZLVvo
8d3fRXEB6+Glfft5bKQlx3ccJ/5lzVr2b59P5pVdacTb8edWhxe8CA3IcsraVBzQ51D0ac7uG+zf
OHiuILNLSeaQm2seKCnNrFiJ9k6bJjKus2E9wWL9n1pztX7+jEGdX07zW9tszi29JwwIbNn/Nvu3
NwOU1UbkyCkKGVnq1aNiQwbL+9Wtf/h7ISK7/9BwmpU0RubK5WbBq8/Mo1sePNeclFT0nYD5hnpj
PbUCz1/00YwKFUJlBLHih3GiyhmIhvUlhPIml3dm8yY6yq4HsjOjEJRZ/XknxMB3DAdf3/tIo4wj
8t7P445fQJ7Ds+eQvjL7GOnMoHIPDVj3R+4vsuaiflqvfxJYl/VwLbudMb+3uZ/xu8n85g+tbk79
6I8smvw12Owm388DwLrvMnuVKRTA9ATAWWXzgLt35zp1rJmH7t9lapQpOylS5A95oQU1yCO6cOYo
g7V1BWiOGfdT8acN6vddDKj2ZX/ZACETpchADZiGFs+fsV+x3xhkXDytP21YPFl8s49YfJYifRCV
nvMzaFf3avQtHdm9XoDrRF+kF4v1CO8GUehZFQt5AmAZ9QJ42Lx0aqFrb9Rjhnx4hXs7PE8k9w3C
y+dPUqPvXRppLQYspHTZC0um8yb0pFkj2ouiAEDjyNHctUBBc/3T6M5Cfd9r2i6K9F5k2rp6Dg1q
XZoiRHqPBs87TvApHVrwBcQOLR/zGSZ219r56MieDUKzXbhsY4oY6X2h69+4dCrNGNZWogOQhVws
sJb7+PHjB7zZ/5Cq5Y8t7dZ+xgYPgl3+qH/bSpno/C/sU4uZCpr2mUtJU2WSF/Dvt6/T0llDaQHL
EQG+vJPwMwmc38al02hYx0pUoXFf+pbryInkET6UxvdtSKvZN7soLaQO3nz/izVKnzx9LPHQl1tW
zaZhHSq6jRE8jMBgt+YnkfkfgGYAzpny/kC1O46XOKjjoV1rafbIjnTvLmvbcT/HiPOJjM2GxZPK
mIHCRdl63cUnOPJ6zPI5vm8zTR3cQsa7Sd0+fWgbLqO3FFmr/VjK+nVpCs9gPQD4fVuW0pB25eVZ
Gc4P7gzMoEoKkGOPiVulHkh35tgeWsGMCrs3LqKWA39mpgHX+FTWBOQh91kxBZYHO9bNp0FtykjW
kG3hMo2Ebgs3/uLnz5j54fwvB6ld5SxucwPP33jjTQpvc9mAeeqPLFRRAH7c2wxZJuNCf8HevPor
deK15Nrlswys76LPkrmYLV4EWH/AlrfwZzuyyQgCVTZ8pydJn1Q0QNE2AH+gUtawYiLT2FbtK5fw
kV6sQXEGPVwfl2cPnaGO33cUunRYGI45MMby4w1rOgAkbQq3pgPrD0g5Sdk3NvwDI9jLkZt+/oP2
KnwtI/wRROGO8xG7RjCQ/YGMT1y/G8n1AwvztHel3rR66mrcFr/YmYtkkfmI6+2LGUwq2h6nbpao
CrrifslmJalUq9LSXlhin9x1gq0XOwsldIJkCWjMwTEC9MHvetUUVeU+fB5nDQLJLp28SLP7/SQW
ycivVr9a9H2jH1hmwbLHfQUCQcc/dNtQ9vMdWwDaX9jqfsGwhQLKw7o7M9OxIzx98sySMax3R7Lv
581sURlCFhFZFlyUv7LAD/Xju44zeFmPYP3b4acOPCfCSR2wDK5h2faq1MtjuySil//uMQV8o+wN
hT0ASQCuF29YnOn036eL7K4AfQnQHT+QJ52YRHETxRV/9/7IXcFaANA9l/Wk5Jm/sPaTrl28Jn7P
AdaO3DXSom8GyFUpaSWRJfyDV+1Rhf1iu35IwRL88KZDNLrFaKm/WhiL9X72xuInG21qP6s9W7Rm
lj45yn7Vm+drjtsSMEcBDloV0Qc+HLVdSIK2tZ3RVnzVA4hdOWml+CjHs0JseQxrccjyOc8rWP6f
OXCa6mepL/3cbmY7az4ByAYAag++jkEzPepTL2M9OsNriwZRpuhdQy+tI/zPN2TgFXOj+6LulCRd
Uh7/T+nEzuM0uO5ga7xAfqAXx6tT8ucxCzcMSNdpbidXH/PDO9dv04IhC2hGzxlSBvzJJ8+c3CpP
T25cukGlPi6ll25rhHXzBU7soGmDYQ0oa7Gssi4fWHeAupftLrnH/iy2+OcWBgyec494rGH9KxGr
hLTN05zXqoU197fxOtjBYR3U9DuW7aC2hdsKWD5k65CgtekB/bL7FwGbty/eTl2guMRrE5Rf6nO/
nj92nmJ/Gpu6Le5OHyd1bQI8Y4D7HM/f2f1mC1ifMjuo4BkI5/ElwH5QHexrLhQMuuiam5zXXH7/
mMoVqvSFsdxndR9KnSuNjA+sGUvHLqVFrARVsnkpqtG7uqtJQTLExZusNHXx5CWqxa4JsDYXZVAc
YwshXPhwDPy4lGdO7TtFtdPVljkBNwT1htQnuC1AgDX5qGajaP3s9TKfTF/qz1lpoFuZbmztvoUG
rB8QPL+5DneYLaMp+42Hj3UohThZo6vPeimI/0X5iF0lHHN3laDPAsd/kwReb2BdwTssxqUnTqQv
y5S2XJU9efiALX9K0fHlyz0C6+hJbASXZd+SH2fg37tsAbl70kSCVSbyzFC1KtPFj+ZX5X8sP+SI
X4GpvRPlzUNvcByeYgJO7Jk8RSgjTTBUQBz2+c4TWnxQl5k6la0qXQDW9ZO/0CK29DrBQBPybHvu
LPtLDlIQ4kxRf4T/8O8DtHNAmjT0Xf9+hA3XP9mHMcKbvDELYEPDM77/959/CZgzKF06gvU5aNyt
wPUNHzGidel2wmWuZOWEVVBQ4IB17mVbqyNfC9ji/KGkkCg3M+P98YSuMzC2Y8xYoXDPyaDYt31c
v+me83oOsGHnmDFUe8MG+ixbNte3C9f3/vVrNDJ3Hnp065ZsBEeOG0+e3fjlFPukTypyRx+C2jRS
dGbh4ADfyGc3baLF7EMZVuBubAYSw8d/XI95bHWoFvI/jh8nG893f71Ic2vVkv7FmMDmq9YPg0bp
6kGJXG7mDKYEji/jDODT6XXraVTevOLj3ALkOc2Chg0Z9Bsq48XbMehjayS6gB2VKtNeHq+YB/BT
n7zIdzImEOHoosUWoGlXvnihMehHZXWDHmAA/GxH/eQTUZi4uHsP+zIeKn5/qyxiCnIAsyzDi6zg
AqtmWMpV+OknS5kF3y97p05jkKcifduvH+Vo0thqrwIisE6uyGCsp7mPOqhltx9NEYByDIPOp9au
k+SwaM1YozrPcXwX/83f0M9p8+AhtITnhwnm6MY8EhVj/83pK1cSAJCbK8pARxYslLGI52AX+JjX
BvFPni493TpzRsZrrdWrKCYrgSBAGWHr8BGsnNJSrj1ZospDL/7JRjmDuL+xBTDCj+PGUerSpcQK
F/UAoD69rEvRWxUk0B8CuGEMcqg0f77bGDy2eAlNKOJyZ5a6VCkqM32a7BHsnDCRfuI5jwCQN1vD
BlIOruGDdRL7PgZ1fOR48YQ+XmirWVBPHvEeJu8xjC9cWOZfnY0bhDL/L94bQwj37rvyXC6C/uE9
sbprV7kq2L07ZapVUxQVbvJ6Pa1MWSkPDzGesjduJPXDNeaI5vsGK2393KgxHWYFIKwR7374oaxb
iBc+Iu+9Bv2Ef871mMaKTofnzSfU7bNs2YPXwRvXGVzLLZakjffsttaZc0yvPixrNunfKosXSb8/
57J/3bmT/TjXdbkP4HKQ36e8rmLN12CCp9/27y9yxHvszoUL7NpiLi1jqmgBCJmCHwph/oxBlKUs
DY7r4PoNDNjnofd4XoHi3k4xrnX15giZo38PsiIbwEG0KWv94Hcp8sC4H5opM8HKtSyvydhzEp/i
xVn5wnqHTxFmhOfMCnHr1Cna0K8/7Z48Wfq97flzclzepi3f7xfc77w3rv2I/aUH/N7qEsdlUFBt
6VK24i4oTXj6x2PH8WeOA2/a6m0cHYdQooBLBQQdg2C3ML8t7HmeWL6CxhYqZN0uzTLw5O5G109E
jsdrz/ejRlJUft89vHGDljNr0CEeTwj4DkvD6wKCpnnVay7K8mcMhva+wFxdWL8BbR892m2uXmL2
HyjjYCylLPGDfHvgnYEAxblFTZuKoiXeuU2ZCSB2KlefqJILlHTE/UezpvQW989FZlEYX/hbHk/X
5X0GS3jz+w5j7TmPKQSnPkY9EODiA0EUWT79TOqHeuG9GYe/O5/xvDjIbhHm1Kwp8fDMXGfkpo//
zHcC8qs4by4lyJxZ1iC0B++5teyLHqH+1i3yzN93At77F/i9B0WisN775jqtihMYg9WXL3PVL2gi
37nILtt4zcW7xA6sP+H5pLLFegsAHt/96B+9/x/ej1AlHX/l7teai3cd/7bAeOgUM5a8G3TOa91e
9nqjClLoSygpyDc/y+U6K2SG+Obn+j28fUtkBqUut3HGzzx9v/kqi0Fpt6E6/ocAsO6/7F5FSm+B
dQUlw6oDPoa6MSiYmEF0DfODAGosRE4BaQA0FqnYQkD19tVyiCWrU1wTxHR6LkB+U3etTzOeWtOb
1O14LoDo5D7WQmOl4bpVBDgJ4NcW7t68Ss3LpLEorZE3gFq8iDylsWXBG5p/sFV/JqHJfpk+1lfP
G0NjetYJ2R6uAORt9oXKVC337XU0r51oyn89fZSalUrllqcli6DyYPndqOdMAfG1zRdOHbKyjhU/
MQ346RDdvn6Z6n7LL1MjFPyxLlVu4dKWU9p+47HjaW72+V7T5vMdFPjNSn1p1dNeR1z3mbHXUoZY
NXeUWParrFJlys+bV2/Q/m0rXGWyHPHpD1AbbAsIYDnoWD0nnUfbgsb7J0lT07kT++U5ZI9yuozb
RLGYQt4MSNuSGR+uXjort+N+mkyA+6CEUlYHWNuzWwQEuEZoXzUbnT6yW67Nf2YfozyMrXdYKaVd
lWwe55am7ztzHyVI7PqI0nv+yEKBdc0jfqKUlDpLQXpw7zatmT9WbptKOLjhL7Bugmtanv1Yrl05
qtylsnUbH3oA1tdMW2ONCfUlC1ABAXIcunUofZ7xc7ney1anLdjqNLTwMqmTxWpw6ILQipNnpg9k
AN71M9cXpQCMXYBToOkGaHb3+l1pU3Sm1x2+czhFjRlV0iPe6Obsh2vgXEsW8PsLUFcDZNGNQb6M
37jWdqTpEuSDXuPoEXERdO7g3ARscQ0r51ppa9GVM1dwKT65Lxy7IOeaHhbPqXOnFtBQ6eslQij/
Wk5qRfkr5JMY/sjCyWp3wpEJIsPa6eqwTIKBUcjRk2/0UKooj45uO0oN2Bod/QN/1mizKS9Nj/vt
ZrSjnCVzyi1/5W6fI+jfDAUzEMB9UMEjANAcd2icpWCCe4tGLaYhDOZq3b7Kn05+5O9asROPpd44
mhT38CmO/tI0eK5B2wkf7OjvF50v2i4dM/YycR+uEUBvDlYFKMA0zOqyFtY6OR3tltoArv0Zg2be
6vtb72FcQQ72AFcVlZNVtuj5zef2dgJEh9/296K8R+eOnBM2AFMGeI55j4C0GQploHaz2rEyYwQz
W+t8SpcpNLnTZLkey5bKvvr/tjJyODGBddTFrKdGx33TrzfqgjqFFpqMaUrfVAveWEFcf+a+lgEl
rdpYm856WJt4eZO1KVdqSXKcFR6w5mp7ILMY7NZhx5IdmqXIHu4KKnaqKPfA6gGllFDXXFZGgmIF
+swMSAvwesNPG+S2riEaBzIEE0iZ1i4FOztYrfHsRyiRgUFBFRqgoAZFDm2XvB/5M/7U/uD3Y8Ph
DenbWgwUcFDA38wXCi1NxzYVpgRlCMBz1LHlpJaUr7xrrdY0G+dulPeKXgNYn3xyMkV83wMIpxED
x/9yCfyPAOtBvYANsHQMjAGs2MR02gjYTIdVsGVRy3NJNsxgQcnzAV9NOtckgST6j2yENdyxgyIC
6OAAi1VYIAKIQkBZSb/+mmBlio1ABMwvsWxjGnpQt2JD7wCDdwBEtAyke3L/vsTXNAB+czHQi418
pLHqZ8VyPgE41OLoEamLUnNj89VTAIDf7PAhd0skIzJoyHXDPz2DU1AqkDoZcV70FKDttNJlRC7I
y1EeTGmdh4EbC4Q3ChXQnS1RxZqoaNHgJyz7iqzwkBIWqCzDbbx5P79uPUvuSQrk5/55Q4BuSYS+
5z9Yw4Ii2e/AZUF5YxwDclyYezacv3WPzy0Qn6MpsK4JkhQoQHFSpxawC/6PUTcoURRlX/c4R/Br
DGoBPh6tsnjjGG1AP4HZ4e6lS67xznWClWIjBuneixlTcn8ZY9DHagqIPoDpmnVefpQsmQUYsuBk
futmrlKuahloE3xzg959IIPtAF41mFba9xkAAuCmZSBdUqY0BqWzzn2U9QmsWnXua0Y+Hh/wZvKo
vPlcdQmSe7pKlejhrZu0n2nUNQCsVZ/LMOyYBUUItijU8Qbg5veLl+gCr2ESuH5g0mjMgE00tkBH
uMB9h3bp2hSL/dGCneMSU8xL4DRfMn17Gc4X918k3GKXByhL6XND5MVlAUCF640PP/lEHltyD20M
ct81YtBExyAMHeAH3pSF+jPWdmE+wde8+vn+hTf7R+fLH6JK5g0TvNf7UAoYxgD3taNH9VbwkcuQ
ELQmADwCOAwwRS3dgyM7n6kPeBOY0JhQGPpx3FjLqlLv46jpUD9QajvJHDKQ1cpWP9OSVfw9V6li
jSmzDIx3gPG11q6RseHvGFRQU/PGOh0ndRpWejomSjEoR9wVBFnvajxfjk7yCy29ScONeGt79KTl
7YKVwO1pIUsocaQuW4a6fRzf/piZEeYwM8L3cl8BYzMS+hLrzbK2bc3b1rmTywLroZ8nahVqrnlm
VqgPmCyw1jkFzDOwa5xn5Q28B1rwHPAUV9tsH3NWviy/zLVri4W2sipYc9/83npFa66vY9BJduK+
g9mNfr98mbp/4lpftX2m9fm2UaNpfp061prrtDYVHz6c5VFLk8txaes2tK5XL7d7uBCZBs1hXJsg
r8od90MLps/3PaxcNou/ofWdYKbTsrCW4b33ogpXvx05Qv1ZocMsS/OWcnlcJPumEJWfNYvCBSmE
WuPCh3eC/b2PvJvzdzO+Z+zvfXwLgN0DY1mBdZUB3o9QgoFfclDBI4CNqjl/U8v3Pl+rRbU8DOMf
vj3UB7w/cvdnzV3ZKVh51lP1XrRf7fmif6eVKh36Nz+7l8nTprXj+0wVI53GM5hqwErgqyx6JFhs
r6Zv1wFg3Td5verY3gLrsM7Gn6egoFkuBjTtgCHSwHp6dNcaYqFq5gGwslTtrpbFKl6QA1r+KNa5
Zjw9b9h9OmUpUFIvQxxh9duroWuTL8RDvvFRnE8FPIUVrRkw2ZZMH0hTB7Uwb1PFJv2pYKn6Hn/Q
w9q9U41cLkA9KCWovItWaukxjVmAgsye/NabcX05R3sWTxtA0wa3dEsG5YW8xaqxv/EGFkBcr8tk
yl6orLR/ysDQQUNP8r935wbNG9edlrNltRkAKpeo3oHSMPCsmyJoc8caoAHfY0UF8N6833y6df0S
1fvOHXAuUaMD4Q8BDAFzx7q0cq3EDidFKjSnMvV7yIvefLxvyzIa2aWaW3+hjgVL1qOvmJ7drnBx
gt0UjOlROxjgDsoMYDUsztPnKkbRYrJlghFAJQIf4hP7NjLusiUzj7my9XuyFXsZtjB2p2HUiJfO
naDR3WoQfKRrQLpiVVpT5rwlxIpd7+N469olac+hnWus2xivqTLmY8aH7+Sejvlw4SMwe0Rxtpxf
JnV5/DB4Q81KzCf9Zx+ieJ8lM2/Jua+y0LmI+qNsUToxcs3D4xD9GjV6bOuuv8A6rJ/bfuv8Q0Az
hy/jHxq5flDoPRw3z9/C4MEgC3zSZ4UYqKnYsSLBL66GgxsPimUvrgEyKACvz3Eswr7G6w6qa413
85mv55MYVJrWdWqYyQCGJkiewIr3x6M/2Df2IqbxHmPd05NqTKtbtF4RVrR4R29Zx+0MBPWv3i+E
LEq2KEVFan8nYJEVmU8AAI5sOpKt01dZtwHK1BlYh/0GJxHqawX17HVEAvgY7l+zPx3dGrwZgPRl
mBo+R4nsbCkaS/IFqAnqbPhODit0nMO0/cWzWtF8lcX0njNoYrsJVnoAk4M2DaKYCZgyn62IzTqA
1rvPyj5uQLSVMIwTBUERDW2u1b8W7Vm1hzbN3WSl/Cr/VwQ2hYSp3ddEf+SucwRlhWNrbO0XLcxp
vOuzI1uO0MDaAy1Lab0P2ZRm8C4bWx0DlDMD6LgH1BhAmDMaEL8VKz7sWbOX5g6YI7dfdL4osA5r
9ISpEtL8ofNp7fS1kjfKq9SlMhWomF/YLHATCjUdinUQxgTIAkoNTsE+Xl9kDGr+qkwCZgD4rQ7N
dznmBpgiVNkEeaA9YId4yHVWi2soDcBiGG1BAKA8rds09t++UK71H9ar8u0rsHV+hlDXppm9ZtK4
NuPcLPw1jxc9KrBekF1OlGpVipaNX04/9Z0t2aL+GAvf8xodOXpkq6g5rOwzmq2jQwttp7elXKVy
hYji69w3M7jA8h9Qg9cmVoDRgDrCbUV2Y23SZ1fO/UbTukylVVOC10J9VopdOOQqmZM+S+WuNIjn
25ds5zW3f4j5WIrX3O8c1lzNEwoxo5q5r714Vrx+ccpbLq/FOoF7sMBv9207nIYaYrFizRgeSxGC
GFAQ+eTeX2gMK12Z8xj30xVIR5U6V2I2hSS4lHD94g2qk762W1uUyj1EHXivtxszkmT8JqMml+PN
K7eoTaHWBJcRQCLgNuHryl+7xQlc/Bsl8HoD6wBee8AinEOcNKnp8j6XMq32FMDKAl26sKUeWwlp
YDRBNszYj2UJtoIGBeWWIUNp33SXZTc29gp07SIAPayCzABf7psY6FzVsZN5W86/ZKvJ9AxCJMyd
K8Raf+XgIVrYqBGdZRDeDCmZihmUxfG+Sht8m+t3jH2RToCFbRhBKOYZKIPFkdCI5sxJl9hS11OI
xJbToKR/P5brG88e7x77ce4cJ478hgNFbczkIX+T2NP4c/3w9h1azNZZe9jKzQxZ2TI9LfskVnmY
/SvxBMDoTrlbtJQNuElMRW4FfladAe4k+YOVhs5t3kJzeMP+uk3ZAH0M4P4L9n8bhZUTXjhwn8Fq
ET6LNUDW8Pt9jK27d7KFLgAiWPWlLVeWgSqXT/sNTLMdM2UKunrosCazjoV69aRs9etbG7b6wN8x
qOl9OT55+Igt8YcLrb49HeqXlYF/WPJqeBljUPPy5QjmgTk1agrIo+mwMZ6nTRuCX28FalfyvFUL
Y8TDOGjEFr5gFBjKlr2X2C2Ehs95Qx+sAOqeAcowmwYNppUdO2oU6/gl+8tNz2Cu09y3IvlwAiu3
3cyAMY8ZD5xCFh4XsKiH1acG7D8dYKvC6WXK6C3rmDhfXvqKgXeAFFCuMQMUJdb27EXbR440b4ts
irLFfKofvg+xp+MW0YcLyBAg5TpWjLGHIgMHinW+AhT63G49r/dxLMQWjbA6NsegPj88fwFbZdcJ
VnwIepChWjXK36mjG+04lKNgfYgAC83LqlgQlAaHzHXripKL7qnpI7RpWbv2tJVlZQaAE1Dwml25
styOCqCS1+o3mGFkeA6s08FjzUxnnoMdAT660UdgWbCUODgSFIwK9+5FYGyAlb0ZqrBijioLYW5M
LvGj2xqIcQ+wCnVXq3+tnwmOYkxt7D+AlrDSlxlSsPJSBh7vYG4w2Uj9GYNLW7Wm9bIOpuR1MFix
RctDH2drEHId1OfeHAGs94AlrpfBqa9Ps/X8T9Wr020AekaAIsDXzFoAK3eAfhhH9vcN3B/oe0nX
IPSB9md+ttqOygAdAE3zvhZTatIkj9bgGsfXI9YYKPAAGHcKbgqCDhH+Ymac4TlySPrSU6awW4py
DrFctxQQq7txA7Mq3OJvqMF0bvNmeQgFpaz16ouikj2Df2rN9XUMAli3z2G8Lyox68TvPFftYy0/
vzPyd3Ttp6ONF/fuFdYRKGaZAWPJ9b2azrwt51gHl/M6szlIYRQ3ET83u/5Y0LCRNXeasDKEgrU6
1kJkZrsBZcuYyZNbd08xYw7eIzo+8QBl5WXlkp+bNLXWLjAMePIVb2UWxgnmzJqu3WgrM62YAesw
5sXnrPRoX3N9fSeoYozmjzlWl2nmoyZIEOK9b457XVuxJuK9ZMoDeTm9S7xda5Anvj3EDVVQxfyR
u69r7sYBA2lxs2YqCsfjy+hXe8ZQ8lrEY8f+zY9vGawdWD8RVOZmelWM1Hmqz9CPpiKeL7IIUMGr
FEM//mfO3j/558p/f7CA9ZZD6esf67zyCt++cYWtDx+Lf52ITJ2Ov/+mAID47q1rXKX/sOVyTHov
cjCo5qmeoK6/dvmcaEqCSjtG7ASeooa4D9r6dpWzvnSLdS0IVtCPHtzll8GbTLP/IQOcIcE0jfsy
jijv6ZPHFgUiqP3/G8ODe3dE8xW0ZrDkDisAFIa1CSwc4H/j3UgfhJVEfHXAbQLyB9j+fpToXv8o
hBz/Yr9R0Jj0pqwHv98WP1Ph33nXq/aEWflQIvgiC8x3uEOAdqGODbQLbXKSu7/AeijV9eoRXE8A
aMQHOv4iRY5EET+I6FXa/+ZIoPi9d/OeVUVY7IYLojW3btpORBbX7rIvwPBMSfeE3vsQihHum7q2
JALmPWOqdviPRBmgavclAHAE4Am641cld39k4UsbXlZcX2QBENUXud9i0Coq+4DGfEQ58PENuUPm
JpjmqS2gcsYPC2hkYkx401e3frsligegxQZgirJfZlBgXanoNW8ZTz6OQ037Ko/os5uXblK8pPG8
UshAn+EjHfMWc8vboP0Lv/cI77N7gbACQM2ScX+UaJ6s6cPKI7TnCqxnYgr1Lgu6WD9SX3Vfvcjc
92U+ou1QesG8evudtwW0wBwJaz30Z81VOUN5AEofmJeYw2GVpel8Pd67fY8e338s8/ediO/4NBZ9
LQvxHzJrwNvs1z2s95U/eQfS/H9I4PUG1iFRbMy9w8AyNr6w4fbkwQN2OfJMLAMtanVT9LxLoMC6
ZUEc9BxK5t5YZqIcbBQB0H7Om6zvfPCBBcCZRdnPUVd5l/O3L8AgpeC0x/t/uWa5rGIlhJWdOsmG
oVDgv+TvBnu7IEfID7/zwrEsvZG9PQ9vrmF9bf2WZPp89NerCDL+GKwC2BQhSpRQv7tAJfyYxxBA
3b94PGDcQhYYg5GiRaO3bP5X7fX1dwza8/HmGiAMLKk1gMVBAWe9999w/OMe/4Zn+eE3/KvsY8x9
rDkAWLyd+/7IB3K/zdTbWCvQJvwGwHgJbZ5gLMFCGWkwRgCke7POAMRCu0BRi/yxaf2yfzeoDNBP
D3gtxDc21u2w2oR0/oxByAJgCI74ezdy5Fc2LiA77FWhHMj8v21+gI1E5M207crCov0R1hFrFaiD
OQN6m8dVWG2DDLwdg/Z18Cmvg5hX3q6DYdX9ZT+HHDGvMEci8HjC3/9iOLl6DcFtBSiumzLFuamQ
YZeHWoSb1tQYIxiPoa1lmo++617Vmvv/NQZh+fwHr7tYZ2GR7c28xNr5jH2xYw6+qncc5I7+uXf1
qrznMBe9qZv2lz9HbZcq6jh+u9sy9uedYMsizEvMdyiioo+0jpBHBP6G9Oa9GmYBtgj+yt2XNddW
5D96ibn8qr/5vZFFAFj3rtv/dcB6zXajKW/Rqq7WveIfsN6J8H8gFr/IYb3dsnx68Vv/Mqng/wek
F2jiayiB/y9g/TUUZaBJAQm8/hLgDXj4y27Pvqphsf5N1W+C2/xy8fvgfF+3M0MFdHJnF+26+H7v
VUMshl9mc387d5XKfVZWrPVhZW5tlgb66mWKOZBXQAL/hRJ4/YF1X4WOzVxQbU8sVlyozjNWrRac
xf/ammi9h/6m39lavQvTYAIUaswWm9F4wzwQAhIISCAggYAEAhIISCAgAZfvAAZd//pTLLZh7Q5X
KsnBruPp24m/MRY0bEBbhg4TAF79hos0PaUJiDoggYAEAhJ4hRIIAOveCfdfAazjRz1op9cuZD+f
7P84doIkYm3ciOnWnaxJvWt6IJY3Eti+Zi7LfbxEPbh9lfjdDgDr3kguEOd1lkAAWH+dezfQtoAE
Xp4E8P2ybPwyWj5hOR3fcVxo0vOUziPWu/A3Xr5j+TCZFl5ebf6dOf1+83ea3HEy00S+KXJbOnaJ
NASU53UH12UK/QLB4PcLNnH/+v00f/AC2rbIRfdXtG5RthBwlVuuXTmKFifaC5YQSB6QQEAC/70S
CADrZt/8/dfftGP8eNo9YTz7Ht4pVplp2P/5M1a2jhAlKhVgus6wLIXN/P7V57zhDf/vp9hHbrh3
I9KvTEt5fqvLHRZ8Oufr0N6i0P5XtzNQ+YAEAhIISCAggYAEAhLwWwKX2Cp9+4iRYll979pVOjDL
5U4sXrp07JKhByXOkydE3rDGXtu9B+2aOFGYI+AqI3aKlMJ+ED9TJnafUTlEmsCNgAQCEghI4FVL
IACseyfhfwWwjqasmjuKxvWqZ7Xqw4/iUt+Z+0P4mrYiBE5eigSWTB9EUwYG+5ZQP9h23+8vpbBA
JgEJ/EskEADW/yUdFahmQAL/zxIA/XXVFFUJ/srtAcDwtLPTvKI/t6f9X7qGH/cqXwT7YjXbHj9Z
fBpzYIy4ZzDv+3sOP+JQgnAKgzcPpuSZg/2qOcUJ3AtIICCBf7MEAsC62XvwAd0vRQr2k3rOvC3n
4dlSu+3ZM+QNBWWIxP/CG6CVnvhdEfZpuCxk7ZlBrx77QE2QOVPIZ4E7AQkEJBCQQEACAQkEJPA/
I4HdkybT7CrOv1vhYz5v2zYhZHHj1CnqnSRpiPu4ESNZMmp28IC4uHCMELgZkEBAAgEJvCIJBIB1
7wT7rwHWvWtOIFZAAgEJBCTw6iUQANZfvYwDJQQk8LpIAP7b7926J5bPZpveevstiv1ZbPNW4NxB
AvDt/duZ39iH2V9u9Hm4hm/w6HGjO6Ty79aj+4/o2vlr7PPV5fPdzCVOwjgh+tB8/n/snQV4FFcX
hg8E9+Du7u5QHIpLsVIc+hd3q1FKi7uVIi3ubsWlSNHg7sWKS3AC/OfczZ3MbmaTTQgh8t0+z87s
zNX33pnQ/e45B+cgAAKhnQCEdccZfHLrFj27f589hkSyu+UWOUq4c38uMd+fcjxmRxbv+W+RxE71
L5auHUB8AQEQAAEQAAEQCHMEJDbyg8uXKYKb/f9LvuN403FTpKAY7u6WYxZxXfKwGzbj/nv+f2CJ
2R07aVLjGk5AAARAILgIQFh3jTSEddc4IRcIgAAIGAQgrBsocAICIAACIAACIAACYYAAhPUwMIkY
AgiAAAiAAAiAAAiAAAiAAAiAwAcQgLDuGrwIW95t4ahhSCAAAiAAAiAAAiAAAiAAAiAAAiAQHglA
WA+Ps44xgwAIgEBIIPDBP2CHhEGgDyAAAiAAAiAAAiAgBCJ2DRccIKyHi2nGIEEABEAABEAABEAA
BEAABEAABKwJQFi35oKrIAACIAACH5sAhPWPTRj1gwAIgAAIgAAIBBsBCOvBhhoNgQAIgAAIgAAI
gAAIgAAIgAAIgMAnIgBh/ROBR7MgAAIgEO4JQFgP90sAAEAABEAABEAg7BCAsB525hIjAQEQAAEQ
AAEQAAEQAAEQAAEQAAFrAhDWrbmEwqs60F2EUNh3Z10OzjEFZ1vOxovrIBDOCEBYD2cTjuGCwEci
IH/Cw9I/fz4SJlT7EQngn5EfEW5oqhrCemiaLfQVBEAABEAABEAABEAABEAABEAABAJDAMJ6YKgF
dZn3798bPwgbP8xFcP0n4vuXLtP5zZspcdaslL50qaDuXoDr0+NRP3QHYBzmht6/e0/HV6yg156e
lK1GdYoZP775tv05N/Se/9PEVLvyTV+wz+3rW4Da8lU6jF7wZqpHFyEAPHWZIDma+vHJ+hAkAwlh
lchDIsnFZ8SWmT91OX3Bv/Lm/BZ5IaxrkH4fzRglpwVKo4KA5DUK8UlQlPOrX+a2gvvccWzSfkjt
q19swso4/BpjYO7t2n2JTp+5TaVLZqAsWRIHpopPXsY8t6FxbQYGoHnMUj40j/vS5fu0ecs5ysrr
r3SpDIHBgTJhhQCE9bAykxgHCIAACIAACIAACIAACIAACIAACDgjAGHdGZnguv7o2jWa16w5xUyU
kH9UjEBvXr5Qxybz5lLUWLH87wb/Mrm8S2faNX4Ci+qlqd3WLRTRzc3/ch8px+3Tp2lR268pbvLk
5PXyJTWZO4eixo4d4Nbunj9PQzJnoQgszHfas5vSFC1qXQePf/vo0XRu40aKFjeOUoeEaZnevSl3
ndrWZRyuutyWLqd/DQ7NvwLrsTgeeWy3Tp2kY4sW078H9qu7ESK6UeoihalM9x4UJWYMxxKB+m7b
fMEA/WF4cft2Wt27D8VOmoTiJEtGdcaNo0hRowaqzY9WSK8Hqwb8GZ9RhOvw2RziUMj89UPa8m7j
yc2bdPPoMbp/+TIVbdPaZZ5vXr2iS3/vpH/37aP3796pZzNL5cqUunAhYxjmk/uXLtERXkdvX7+m
yNGjU94G9ck9TRpzFgpKYd2MxozM3KA5j/m6nDsrI/f8Kif3dQpsHc7KSbsPHz6jzZvP07HjNylK
FDeKGDECtWpZhJIni6ubNY7Pnr+iPXuucN5b9OzZK0qcODZVqpiF0qVL4HR8uo11606TiEOSMmVM
RJUrZyF395h+ltu37wpt3HSWXr9+S6lTu1OTLwtQzBhRjP44O3Hk6Wz8zsoH5Pqz569JxrZ69XG6
d++5KuruHp3aty9JJYqnC0hVnzSvl9dbat9hKd28+ZhixrQxvnXrMf3+e0PKljXJJ+1bUDSu10RA
18LLV2+oQMGRdOrUbRoxvCb16F42KLoTrHU88XxJbdsuJPm7KPM7ZUpDyp4tabD2Ibgb273nMvXp
s4pSpIhH/157SL17laM6tXMHdzeCrL3OXZbR+Ak7qVSp9LRtSwdyc4sYZHWjolBGAMJ6KJswdBcE
QAAEQAAEQAAEQAAEQAAEQAAEAkwAwnqAkQVxgdunz9DwHDmMWuWH1dhJklDv06cohru7cd3pCf8a
vWXIEFr33XeUo0YNarFs6acT1rkvp9atoz+4HwEeh8MAn9y6RQOSp1DiXZf9+ylVwQIOOby/Mq/Z
jRrT0cWL1QVplwtR3fHjqUSH9tZlHK663BaXE+v27SNHkoiTVQcPosjRojnUFoq/Mrrdv02iZR06
qkHIpgZJfFmJax137aK0xYupax/yIWv+L16vJTt1pIxl/RZBDs2dR/ObNlXrKVbixNT7zGmK6cpz
8SEdDEDZF4+f0IWtWylipEi+SrlFjkzR3eNRsly5KEp03pBgpRgx3IfX/iUPHueVf/ZQJF5PcZIm
o0zlytHzBw/oMa+zz7p1Uxsa7p6/QLeOHyep1zG5RYmiNuckyZaNokSL7qutt15e9PeYsbR9+HB6
eueOKu4yT+7jNY9DNK1qNVtZXhd6KNW5vjI9ujt2h67uP0DjihRR12UdqeeSv3X65x9KW9R2XW4G
lbB+yOMa3bjxRB59lRImjEnFiqa1ffH+vHb9ER08+C9FiuR745EI1nHjRqPMmRP5EpMvX3lAhw9f
p8iRfZeza4C/WLUrz48H92/efA86zeKftJM2XXwqVzYTHT9xi+LHj0HNmxZS7zpzfVJu4UIPavzl
bHVZP4/yZd/erlSoYGp1XX+I1W6p0uPVVxsHH+4zZ3xJzbgNq7Rt+wUqV36idzkbQD1fWza3V/20
Km+U0uEAAEAASURBVDftj71KDDS3lTJlPPI41IMSJXS+Kez8hbt0nIV/zVPYVyif+aMIUXfvPaWi
xcbQpUv3vdeGXrnvWbhMQkeP9P4o7Vrx+tBrskEgT95hPJYHqio9Rwf2d6eCBVJ9aPWftLwIy99+
t5ZyZE9K3/yvuK9nwa/OyYaDipUn03ZexxPG16MOvGEitKXrNx5T6jQDjPdkWJhT/+Zg7rxD1LTZ
XGPMoXXu9DiHDN1C/b5dQzVq5KDlS1uFmveK7j+OQUgAwnoQwkRVIAACIAACIAACIAACIAACIAAC
IBAiCUBY/9TT8u7tW/K8fVv9uPjy4SMaziJcQIX14ytX0L6p0yhzpYpUqnPnAP0o/THGf/vUaRrG
mwUCNA6Hjohguap7d3p27x7VGjOaEqRL55DD5+vLJ0/oxaNHLDhGUcLw5l9+DZCwHpC2Xj19SmOL
FKXn9++7vvnBp6sh+kyPTbwOFG7Vikqx8B2BvR/cu3CR3rK1cnZ2yR8lxgdarLNa6DFvHs1lsdyV
zQ9ebO1878IF3nySk1wWgoORsgj/83gs/AD7tKrVXbnifb3FsmWUy9GDAhfZO20aLf76a1XWLJxq
0UxudGXPASkLFOANKzXVxhVdp3chdTBfa7pwIeWtX99OXBfr9MEZMtry8qfU7yrPsxs30RS2TJck
z3SdCRMocZbMFJEF/vhsgS7W6ObkeecujeD3mAj4ebgfZXv3oh0jR9HhBQtUmz15c0DsxIlUkaAQ
1s0Wq1rkzZ4tsS/RdMrUf+ibdovMqLzFVlvv9RTOn9eUGjXMbwzpf1xmKpfV9+WGeYp1RrnvaK34
8pUXdeq8jKZN+8e7jI+wq+tLnDgWnTndj9zj+TxbspoGDd5E33+/TpWrXCkr9exZjpInj6Ms1jNn
SsTXdV1EwiBHzqFKQE6SJDaNH1eX0qSJTyNGbqPFi4+oLu7f153FeHsB9u5dT0qc9Ed1/4t6ebi9
Sup80KBNtIjLSd+OHu5FSZOyNxBTEmvTkqXGeeetRqXYBXeLlnPp4sX7VKM6C0vLnAtLbb5eSH/8
sU+VlXVoNX5TUx90Om/+IWry1RyKEycaTWUr4Pz5U9Dt20/p8uUHlI3XSIH89jw+qLFgKCwbBZ6z
wC6bQ+rU/YMOHPiXwoIIe+bsbcqWfUigRElZQyNHb6dtW89Tly6l2UND1mCYiaBv4uGj51Sm7AQ6
duxWmJhT/wi9fuNFnp6vaMDPG2j8+J2hdlOEHueKlcfV34mKlbJQl06l7d7POg+O4YQAhPVwMtEY
JgiAAAiAAAiAAAiAAAiAAAiAQDgmEI6EdVYqxNWyTk7jNftk8RGmzNekAh89Q1cnlfskuW/+Lnes
yviUUGevX7ygcUWL0VMW2l2yWA9EG6ohLueLhbkvVn31bstXOYu8luMw99WijNG8OZ++6Fd+nUeO
XPbEqlX0Z506Lom2vuZI6vCnLcuxSTlnya/x+HXPWX2uXue6XZkrozrOf/eCzf1+ggwZqDe7g4/E
VtBBnrido0uW0KyGDV2bI+7AGw4pIJsZPP/7j/qeO0fR48Qxxub0OTZ33BcLuckT7c9cm6twdv78
4UM6vmw5HZozh8RtfaHmzSkjW5tLenz9Ov31/fdKxJbvfc6cUYK0nEvaPmo0re7Rg/sRgb0rdKDS
3bpSjHjx6L8TJ2hBq9Z0/+JFlU+E9VQFCypr9RuHj9CFbdvowIwZFC9lSqryyy/qB3zZfLCZz7Ug
34Y9R2T7vIoqrz9EXI/CIngUDjExvkRJxdM/DwCPrl2ngaltltF5GzagRtyuf14aDvw5g/vfihJk
SE+9WEQX4f31s2c0rngJunXsGDXmOgo2b6a6FdTC+qyZTVg8TUkxYkSmdGkT6KGr463/nrCl9E3a
wgLcsGFbqVWrIlT/izzqnli7Dx6ySQnDcsEsVoqF9Y6/L9LcuYeUVWw9FqBr1shJr157qbKib7/m
8wEDNlKZzzKQCPMRI0akN2xJW6kSW9LuuKDmaMKEulS3Th4ljG/hWLxNvpqtxHorYXnT5rNUia1w
pe4JE+pR+2/8tsLV1sxPn76mIyKEs7guSQT30p9NUALsr79Uo2/7VVDX9YeIQSLQliiRjrZv7WBY
80vfS5Qcp8r9te5rqlI5my6i1lir1vNpxswD1LFjSRo3pq4anxZHJeNhj16UN09yo4z5RATEK+wF
4MULL25j7EcV1rV75mVLW7rsZppfF5bJ2evCnN+cx3xdKjTfs2wggBf12Mxr1a8qHPsjef3rk1UZ
cxtW5Z2Vscqr65JnLHOWQdSgfl7j+dH3/Do6tuVXG+Z6HMvJPWdlzXklj/m7X+XkXkBTb3aNPnwE
v9+9vRAEpC3HvLptZ+PS952Vk/t+lbUq51d+qc+xjORftfoE1ao9PUiEdXP9Urf5u7TvrH/O8jm7
LnXp5EoeV/I61iNlHPtrlccqn25PH52V0/d1O1b5XLmn68HRmwCEdSwFEAABEAABEAABEAABEAAB
EAABEAjrBMKBsM6/FP178ACdXLWa4wofoSc3bqpJTZEvH5Xs2JGS52FhxfTL0bHly0liA4vikal8
eUqUKROd37KF7rHIJTHDE6RPTxnLl6PYiRIb5a7u28+xh/+mCCymSAzhnGyZennnTrp+yIPesFge
i+OnZyhTlhJnzmyUsVpZARFtn969RwdnzSJxAS1J+pauRHF21V3cqmrbNWbhyVakYjF8dNEiFfs4
ZqJE3LcylLZYUTq5ejUlZcvgQi2aK6FEVyTi4em1a+nyrt3M8KgqJ5bMhVu15LwtfAltehwvuFwP
Zi4xz/9lRmJVHpnjY6cpVoxSsmt3s8Wlaov7d4rbuc0CpI6j/c7rDRVv185XG7pvdkcu77JoG9C2
OP/bt1702tOTxpcspSzWu7F7bLH61WKm9CWSyU23uDw/tWaNcu8t92SOkrIlf7aqn9NbttbyYDH2
KVu+y1glDnXCTBkpZ82akjXwidftbRafj8ybT2c57ry4Ihf39eLCPW/DRpZrUObH8+5denDxEs1q
0EBZJbdet9a7DxHIPVVKevf2Hbso/7A4vooTc/xnyu+0tH0HqjliOIvJ3UjclEuSuN2RZT2LmmhK
WlgX1+ht1qymEytX0Zm//lLMMlWoQJ+xK/LYPA9WSdbu0YWL6MDMmSq/5EmYORMVad2GMvNz7NiW
VR2uXFveuQvt4vADvU4cV3OsywjX3/jZv33qFNWfOoVjmrdRt+6e400MWbKo87psAe4YtkDeN4Mz
ZlL3ux06SCnz+1hQq80jtWrb1ScZX/HanNP4S/UMZedwDC2XL7MMCyE8RxcoqLxB+Cesb+j/E238
+WdKW6IEtd++jdwsXN6rTnp/vOM5nFy+gtpk0Iw3UOSpV9e4fXTJUprFFuzSNwlZIXUFlbBepOho
ZekponKe3NaCru6IFnKmTmlAbVr7hDYQobx8hUm0e/dlGjWyFnXrWkYXUUctZJ443ke5rJaLvJxV
EnfUBQuNpKxZkhjC4OKlR6lBgxnq/s6/O1NJFq/NSYva4j792NFehsW61CWWq7v3XKHBg6pT3z7l
zcWcnu/dd5WSJIlFjhsKfpu8m2NzL7Ec0+IlR6hBw5lUq2ZOZWVufif37beahvIGBEcXzf/dfsIu
yYfTnTtP6dzZb1U8dt2pzl05zjBbn44cUYu6dyujL1seRbwXZv/95+nLYt+ygIsXZZPDqdO31QaG
wYM304KFh3kjRU36vEo2tvZ+pazv+TVJqVLGVRsgzNWKh4HVq0/SihXHSMReiZOcOpU71WfBV1w8
R41iH/Jh565LJNyjRYtEL1/yRoHiaalYsXS8Fm/QrNkH1UYMNzcOTVI3D3Xr8hlFjWpf3tx2QM/1
etQirLPyskbvsaX74iVHaf1fp3kTyFt68PAZFS2Slho2zEfFOc68/RvXVpOwWL78mNpQIptSZBwl
SqRXa+WfvVfoyZOX1P/HyhQtamSjaZnTzZvP0WbeOLKHvRpIW5IqsRVvxw6lKEXyuEZeOVHPD38c
PnKN46SPYs8H6WjjxnZ2brRlTUayiFd9jMMJbNh4RrGXujzZnXyTLwtQmtTx5atlCiiLy5fv05Jl
x1QbcWJHo7JlM6qQDit5Q4qMrXSpDNS3b3lKkti2kcWy0QBc1HN6/FgfDhERnbZsOU937j5V/8YQ
N/nlymXytQal+oBylzLCYi/Po6zT/fuvyiXKmCEhv3syqlANXm/e0aSJ9YzNNioDf0i5ffuu0MxZ
PuVkbdSrl5daNC/EG2ViW66nZ/zsbdp0jp+re6qqxIliUZUqWTk8xzWqXmOqr/eMbs/V4z4ew987
L6nnPk1qd95Ik4vk+TzkcZ038fC/rzg8RdkyGTncR2K7/okHiKnT96p/j8o/Pby83lGnDiV549Rb
WrToCC3l97isf1m7339fkQoXSmN0SZ6rmcxPwllIsr0D0lHxYmnVd/PHXma2c9dlY71K3s9KZ+D6
Uqt3zYqVJ4x7Uk7Wfds2RY35lg1Ja9eeol389+no0Rtq/Qn3li2LUMsWRfg59P1ukbkSryRz53nw
WA6rMhKmQ+ZYQqXI38KcOZLyvBWmR49fqM1S8s4TDrK+EyaIyc9UfrUG5FmTZ07edZLkXda8WSGj
f+oiPmwEIKxjJYAACIAACIAACIAACIAACIAACIBAWCcQxoV1/lVJiVC1a6uJNIsGSuTjX4++2bxJ
xTOWDCIIiwvj+yww+kryS5Mk+UWez5uzaJSbLaPlZ0aJ8X2EhWpfyVyGb1b88Ueq+MMPLCjZfoRz
zK8FaX8t1mVcK1fSjLo20Up+PJPkp2ttznR+61aazEKkStw37xHZCcM5aoro5SPI6T6JpamM2ygj
lTCLtCVZcON6zXGf7crYWvMRMIUfp+zVqlGjmTMoZgIfq1Jx+z2KBcQ7p06rPDJHAXInz1W7KqwH
qC2uV8Wx//Zb1S9nH7K+uh/2sG3W4DL7Z/xJC1nAVWvGu1DSnDmox5EjasOFCKcSBkAnEd1lI0JE
3rQQmCSi5pZBg2j9Dz+q4lbrveqgX6lsr97cRkSVR8r8UbOW2jjhrE2pp8rAgVThO7/H76y8XBfx
fnTBQkZ8b2d58zVuRF/yhgOx+NVJC+tqDcpF73WoVhKvkbhsud2DN3zEjO+ui6jjJY4JP7FUaXVu
x0KucLnc9b+gRn/8SVFjxVR5PuRDC+vautyoizu5nMMz7GLx3Cygr+nbl7YNHeZUsJa1P6t+Azq3
aRP1ZLHePZWPy2q1xvle3QnjlaW70RafXNmzR1mj5+UNEk3mz7PjqPNpnuIBwC9h/RlvShjLcyYb
jf63eTOl42f9GW8UkHjycdglvPr1XVfqfRTL9DGFi6iNBH3OsoW+bCbyTnfP2zwimF3QB7Ww7p/I
KF1ZwkJJfRa8HQVjuTeXXYd/xa7Dre5p0UuL9yKA167zBzVtWpCF09zsWnwwpUgRl7Zu6UDveP7E
GvvAgWv0I4uPA/rbew+QtiSutFjpZsyYkDZvamcIlAc4DnzhIqOVJfdhj54UPXpkevbsNcWMGYXi
sbt4/Q6WOvxL0g8R95eyOGgl0m/ecpYqslW9iPtHj/RU8eWlzocsvEq89lMcE/6fPV1ZhE1jNKUt
09OnT0CyySB6NB9hVbN1Jc6wWNPLhoigFtZPn7lN2XMMMfprdRKbRdIrl3+g+O4+7velnAh8VvHY
GaOaj+3bOlK2rLYNRvKMVq02hcXds8bf0BG8oUC8JbRvv8R4PKSsJEeOtquB/9Tr0b81v4bFuBo1
p6qGzO9B+beL9E28NkxhN/nx4kY3OnOZPQpUqDhJsZCLupz6d5N3LitPC114Y8U43lhhLiPn6m95
7KhqvchGBUnq+WFvCSIW+pUcN57ovLKJY8KEXeqr7tf+fd043EFqncXXMaAs/pyxn1q3ma846cr4
zw8n+bDxEw7Hj/WmxIk+XFzXc6rbUi15P/B6DW7ijQe5c9lvHgoId133oCGb6TuOa+8zHtsdzdJq
fp2HtrDNsdSw/q//kYSuMCcRlYsVH6su2dqT/OYc7JljfD3q0N5vzxz2Jey/NWo8ixayeOyYHNv7
4YdK9OMPlY3NGvLcSxgN83wuXNCcOnRcot5/5vKOoT5WrjqhPH7Y2rStB2fjkGdw7bpTxril3oED
q9J3/SoqQVu8gGj2Up88c/fu/qLeUfpdKWECbP3xXhTea1A29Gzb2pEiR7b/t+PWbefVZjFbfepT
Puza0e/qM2fvUK7cw+zuSQiNy5d+4E1f0dW7bv2GM6q8fJj7Z1zEiY0AhHWsBBAAARAAARAAARAA
ARAAARAAARAI6wTCvrB+il0i/8EWkrnZUrJE+/aUNHcuesYxgFexpexptnrNIdaTJsvOh/9eo5lf
fEHXDhxQky8/HmXh+MIFmjWjFw/u0/JOnW0/PPH1NmxdLe6Wnz14SH+PGUObWXzUSQThqoMHs+Ac
iUXZoXT75El1qwK7hv584M86m91RC9L+CutcyuvlK7q6b68Sua7s3k1r+vbzU1j/7+QpGp4zp2pP
xtRg+nQllD1mC/6NAwYoC1O5qYR1ttrXwqbqU7Hi9JDdSIu4KnG2o8dzp7Pr19OcL79UP6512rOb
0hQtquqWDz0OLYRGY9fd1YYOpfjp0rL1/1baMWKEYpiILXZ7sWDvFsVHmBHx7fH1G0qon1mvnvx6
55pbfGmYf6h1VViX7C63xfVuGTqE/vr2Oylm/PAoHO0Sf+/uIcJ6bnVZ1sUF3nQgVrqSROyUePFx
kiVT3yV2ucSuFuEyW9WqVHPUKDtX4SqTqx/cx92/TaJlHTguOvdD1nuVnwdQ3BQpFE+ZY4lxLTzr
jh/nI8hyuSOLF9Hl3XuUoP/36NGqxaxVqij342/fvqWXjx+rvmf4zCZSu9olcz4R1scUKqyEdW5S
IKq+OBCkvI1EWJ9trD/JqoVgvblDBGqx+r/yz16a26SJqqsxb9IoyM+oTnfPX6Ah3qJuqsKFqfbo
UZQsd27y4ljxh+cvUGK39EFcsNdhHr7mUlfk4lEL613271PcpNg7Zndx+w76vWJFVUtbft9krVJZ
jWdi6c/UO6YxW9IXbNbUshVZn9c9Dqt3jDxDOvkI674t3Y8vX6E23Phnsa5d6/slrIvniGHZsqtm
o8aOrSzidR9kU0K9iRPZG4ctVrq+/vopC+tFitDLJ0+o90m2wDP1W4vuz+7dMwT9Tymsi8V6a5PF
ulgfipgo4oWVOKJFr1Ur21ChQqno0aOXVK36FGWZLYKQWEeKsCEi9JWrDyhdetvfA7OFu+akj2J9
+IgtEat+ns1Y8/Pmeyg38ZKnzGcZlSt5nf/XX6tSL461HtnJ5iydTx+1S3n5biXAihVkocKjlAt8
ETBnz2qiHs2OnWyiUqpU8cjjUE9luajr1MK1ldtuv+7p8vqoxaKgFtYlDvkvv2ykmLGisjD2H61k
S1B5Vf/4YxW2wvRi69U3FIvvffdtBWMzw4OHzznG92BlhS/vgoULmlGFCpkVi20sTtVvMJPPbfHg
T5/qZwjyN289VvHaxbK4/09/6aGp98lEtvbNwJsPhgzZoqxmDx7obmfdb2QO5Ilej1bzqqsUK96i
xcaorzKXC+Y3p1y5kinr7jkc2qBv39VqjDWq51AeC8Ra9Slv4ihSdJS3qBiBRIisxxtH3rHnkz//
3EfjJ+xUZayE177frlFhFnr1KkfNeMOJbDQ5zd4D6vAGlNt3PO28Jnjx+7Fs2YnKM4N0UIuKju/i
lOxZ4OgRH48Oemz37j9ToR2iR49Cv/y6UQn0Qc1CNr+INff/vllsbLgYyd4satfKRR5sCS0bdORP
maP3C93HgB71nEo54SAW0iXYo4A8V927r1SMYvMGBdnckz5dAqP6gHCXQvLcZ+WNQOJ1YvWqNlS5
clb1jJw7d5e+bDKbLaJvKsvzM6f7Gp40pFwvdlU/gl3Vy/Mkm0gaN8pPIr7KHLdpu0CVk3xnz3xL
mTPZ/jbod4Jcl7xDh1Yn8aqxjkVmvZbkntU7V667mmRMo8fsYLF6o1EkCYfEkA1F8l4eMnSzeh/I
fH33XUX65eeqKp+sw8OHb/BmoufUjjfEyMYaSTLGOrVzU7t2Jegkv0e6dVtBPXuWpaGDq6u5kTzi
5WTv3qts0R1ReTrpw8+Ts3HIe2kZb3D6pt1iKarWjIQVcefNUrLOzrKwLRuqJEmIjbZtilGunMlU
W/KulOf48uUHPL7PSZ5Xd94UtH79GWr85SxVxnHjjnjtyJHTtsFI1tL0aY2oJHuEuHnzCYctWU/b
tl9Q5URYX7GsFXmxV6KDB69T268XqGdfnu8d2zsqLyySUaz2u3Zbrqz4xSvBooXN2WNDeoOFqgwf
NgIQ1rESQAAEQAAEQAAEQAAEQAAEQAAEQCCsEwjjwrr39Ikb6wgRI9Dr58+VO+4oMWOSCMqDM2b0
bRHNP7ppK3f5MarORBav2BW5Ti8eP6G5jRsrUV5iUfc6fkzFEH7AwvOv6TOobIVbt2bRaYLhzlxc
cW8ezJbE3/+gfoTqe+E8JUyfXldpHLUg7YqwbhTiE9V2hoxOhXVxsS0xmw+yiBePLV87/bOH4rHg
qpPXmzc0u34DZQWfg12Ri5tmO6tpZiLxusXK24ut+iVFixNXuYgWN9GOlvJ6HCKECqNOu3cpzqog
13WeY0RPZjf7DIOasaibRwR0x8T5xKpX+uxSvHkpz2UCIqwbTbrYlgil4m5b4lM/ZxfuPY4cJnGl
rwUBqc+Xq2yue3kXm5tw2cTR3NsFtuR98egx11WC7pw+TV32SxztAnI5UOnJrVs0IDnPKTMt17s3
b+oYZPeDp6xB4bl9+HA1Fz143cZ2EEVlfkX8Fhf+fc6cpigxfKw5A9Uph0LCL0KEiCxsz6e5TZsa
68bsCt4qrrtZWP96wwbKUskmVEv124YNpzV9+lDNkSPps+7djBaVlfh4FuDZM0JL9sBg9qggmU6s
XkV/sjt1SX3PnVUhH9SXQH5oYV2Ka7ft13mThU4SQkJirMtGGy0wi3t4WUMqHIXO6MJRC+v1p0yh
Im1aGyWuHzpEs9ndv2zUqMTeMSoP+Mm4Zz7RPP2zWNcW5rqsvA9TsEeJGzwuWfMypu6HD/O7wMdS
U4vxZqt0Xd6q3U8prIulboWKNnf84vJZBFBJMs6zZ/r5EkHtRS/bqESksRJSdMxoEatPnuhD4kba
1WR2IS9lpD8ictxhYVLaa9WqKE39vb4hxDur1yystG5dlKZMti6j+2pVz6mTfQ0LbX1fC/9akNGb
sOS+rsvqni6vjx9LWNf1y9GZ239zHjkfNnwriSgmluyHDvoWwC9ctMUAF/5Wbu51O1JXhgwJWJDq
ZOf2XMS7SIH0RCJ1WiW9Hp2JyeKNpHyF39TGDHH7vHHjNxQrZlS7qsTitnad6era3zs6siv2DGw9
u59atpqvrlmFMJg0eRd16LDUUniVQoyIw6a8Yy8Lr5QYHzdOdPpr/WnlDUBbx4qAb05afJX7y5a0
5EXvc1f85Djm97lrO9P8g5qF1K5DFsiGm6Xct7p1bBvn5N648X9Tl67LqbU8k7xRR55VScLA1WQa
Kuk5FQFavFiYre9ls04FDlVxkYXfTh1L0bixNo9Fup2AcNdeJ+S9IuEc4vAc6fTmzVuqW+8POsNi
vgj4es2YNwttWP8/qljR3ipdypUsZfPS0ZFdqUv/5O9E3Xp/kqwzeS527+pi5zbfvPHH6j2q++Tq
0dzHVq2KsCv7LwxX5dIXsdL//vt1qrqLF77jzQkJjarN8yzTOG1qI2rFbtZ1es3he6Lw329nSbft
1zjMbUzh9dLWtLFLNvfIJicR9h37Jm3qNaU3B8k1ebYGDFzPQvkGu79DMlaxgJ8x8wCHvIhH//zT
1df7qH79GSTu5x2fSe11RNaG2RODuU6/xij9CvcJwnq4XwIAAAIgAAIgAAIgAAIgAAIgAAIgEOYJ
hH1h/emdu7Tvj+m0rp+1G2tfrsb51yslXLF1saXIzGtCi+jyI2pPFijFhfddjms9JEtWP0XLCSVL
0bWDB6nxDLGu9W2lqgXpgArrqu2s2Qyh0nHZvnr6lMRC9TYLuK1XraLs1as5ZlGx138rV55jrRej
L36f7CPa8A90F//eSRv696eLO3b4Kse/JPtqV4/jv+PHWcT/h9IUKWxfjhlvYGvqjT8N4DjtrVSs
aLM4ozJznuVdOnMs+MXBIqy72pYeW0DmSCzTB2fKpETv/7FrbxXbm8f399gxtLJbd4593pCazJvr
w9yelkvfbjLrkbnzOF1/UskzjlE+loVzWb+OXgbkvqwT2TQQkLFJuQAl/XzxmB03ZDirxyzI9jt/
zs4KWrs+N1to6/yysUPcxItltYjZOrlxHPcHV6/S6h491CVf7tt1xgActbCuhRVzUR4y/yr+nupN
mkTFvvmfspqX51H69yHCuljgx01hcwl8/ZCHzc0+P4/R2Lrc0X28uT+aj3/Cuhbwk2TPTtHixuGY
7cvV+rq8ezdNEBf7PCZz3Hhp48GVK/RruvQUGoR16a9tvmwufOW7WOKJaJQ3j8/GI7kuSYteYsGb
MUMiun7jkXKlbGWtqgXmwAjruh1ps1OnUjRieE0l6EzjOMBtv14ol0msnwvkT6XOrT6uXX+k4peL
RaoIWmaBzJxfXDt/8cWfykWxsGjZsrCKnTt58h4lilWrmp0WL25h5+593V+n2FJ/KllZrIsAnSnz
ICXWiBWkr/e6qfHgENa1SOSXEGQWjKzc5esu61j1jkKU3NftFGUB+691X9u5Vdflg/qo14kzMVms
YPPlH6GEOhH6xbrUMcnY67CIKlb9o9gSuyvHgW/79SKa/sde6tO7HA0ZXMOxCIvl75TwvptjqB/2
6EWx2fpfp7Pn7tDYcX/Tb7/t1pfsjlZrRjLo58XZfbtKLL5o/kHJolvXMqol8zo9f+47u00yWqB2
XBPi8lusnK3+Hujuv2Ir5Pz8DFetkk1fMt4xztarOXSDbHrR7APK/RnHFc+TZ5gS6cUCXjYGZOCQ
FBIrPGmSOOxpIA6HtkhKMTgMhU6asXwfM6YO54utNk7o+1GiRGLX/DvVRg7NQ+KIF/b2frCXxd0i
hdPo7MZxwM8b6Ce2oHY2ZiOjCyd6Hcl7/MTx3iTxxM1JhO0SJcdxiI5/aeaML9mrQiHjtp5n2UCx
YH4zatggn3HPlRPdtn/j0BuTVCiNYxxKw5vxpMm7ecPKEvaiIhunfDZpSNvyb4idOy9S//7r7TyY
mPtlblfmt3ARm9cJ8UhQvVoOc1Z1Lhb0ZctNJHlnmTdd2TiMYc8tN9nzh81VvRTQ3i+SMNvTDp4M
fFUe3i9AWA/vKwDjBwEQAAEQAAEQAAEQAAEQAAEQCPsEwrawLkKiWOA+YAtO+YFTxJ48LOg9Z1fE
YjUrPyo7FdY5n1iEFjVZhOr1oMVVEY6162ctrOdjV9Yikvr6QZV/GVNWtCzyORMUdb0BFTb9E9Z1
vdLf7mIhy4KcS4n7vIdF9qXt2itRWCyr8jSoT9Hd49NNjgV+de8+VY3jeHR7YvncS9xBs9Bnl7he
7RXAMaa7kU94hRFhXX4VXdOvH8fUHkrpSpWidlu2KFfZw1iwlJjVXXmzRcr8AfsR1+AkJ1y/x7x5
NPerr5TLdmextUU4H5knrxLWrdaBnreArj+7vvj3hfsaUK8CfgnBdy+wy/dMme3GLflHFyio4nzz
g2g2frTsndUmA8uMflzUwnpn9gZhDovwnN9B+zmO++pevVRpiTsu3iJ0HPJWK1eq8At+VO3rlha8
5Yb5PSPvt/LffksFvmpCMeLH91VOX/CLp84jx3McV/33ipXUJcdx7fntN1ravgOHhqjBgvsyw8OF
Xd28kccc996T1/qInLlUfdoF/ae0WO/NwmGL5oXpbxYs2rVbLPsElKvfYUNrWq4ZLWTqGOsiMObO
M1yJ0T26l1Xj0h9acBPR6ihbfaYzuW3WeZwdhwzdQv3YpbajOGQWQc0iimM9l9j6vljxMcrNs7hC
PnigB6Vkl9xWSVv6SltiISuuhyUdO36T8uYbrpiI63txPazTxUv3KGOmX9W15Syem62J9/xzRcWW
18Ka+Z4ur49ayApqV/C6fjlqMdAvXmYR6tDBHpQ/X0pzFca5WH+2bDVPWbHKZgrzpgHdjtUmC6OC
ID7R69GZmKzXoFienjndz86lt+6KrKn6DWfQ0qXHDKFR1+soPOoyzo4eh69TgYIj1W15L5Urm5Fj
NienC+fv8saN0+rfW7IurDZcaFHS2X1nberrmn9Qs5D6/VqnVv0Wpq3aLKAZHJ/dv+QYs1uz1+8Y
x/LaKto8p4Hl7hMfnF983knegToVLZqGNm5oZ4j3mrHcN//d0fnNx1Lscnzrlg5qw0S27EPYE0RU
tsL+3pfQLWX0O8ivZ9Rct1/nej4aNcxH8+Y2teynZuzYnp7nBw9ekHnTgl/tme/pth3rNeeR88dP
XlL+ArYNL5s2tqMK5TPbhV+wWsOTp+xRf6P4seLEoZzq5yX3+NE5RMJN2rvvinpPm9vVY5FNAhJG
IXcu2wY8Ke1K0nMi60zWomyiqFOXN+Cw54GpUxpSGxb/kfwgAGHdDzi4BQIgAAIgAAIgAAIgAAIg
AAIgAAJhgkAYFtaVgLeYZjVoqMTzNhzfOGW+vMasveC40eOLl1Auve1cjatyS7hcA6rI7pSrDPjJ
KKNPXnmyBTjHFBcX3toiWwvraUuWoPZbtymXzzq/HEWEWSju2GfNCnZhXVus21yO+8SANvdPnesf
VdWPd7ZY6WMKFlKW7lUH/UolOR61xFrWeQ9yLOz5zVv4Go8WaB+y9WpPFvPdUztYVnI7Hrz5YO5X
TZ16BRCxOMwI6wzM7OWg095/6PbJk2o95OOwAo4xxW2AA/Z5df8BGsexrcX1fk+2hI4Sw8e1q65J
5kXm09k60PMWXMJ6/Sm/88aVNrp7To92Yi27qI/p7m7k1e7KlcC7YrkSu8yu1j//9RfK+vnn9Jbd
3FslsV5PljOnL1fxVnn9uqaFdSvrd+n/8Bw5lYt2uZ+yQAGayaEXji9darchwK/6zfe0sF7h+++p
Uv8f6S3HjZckIS5cSX7xNJfXmxbkme/H4Stis3Cv067x43mjUBdf/Tezd2Rx48gRGpUvv/IioOOv
f0ph3SyC/vHnXmrdxmYNrl1i67HqoxZkzMLHrf8es8VhFF8WyhLvt2Ahm1tfczu6Lr+OWsDKnDkR
nTrR1xCuRbCrUOk32rr1vFPrTi2mSv0iiuzb243SpnG+yWLM2B3UrfsK6s0xsYcOqWHXLW2hbRZs
JINuwyzu6YLajbgIW3PnfGUnPus8+qjFn08trJvF5fnzmlKjhvl1F+2Oi5YcoYYNZ/pynSyZ9Jw5
srKrIIi/WK1HcxPmNSjCepbMPs+vOV/7jkuUhbnuewf+PoktzsePr0cd25c0ZzXOHf6poK7rcvVZ
9BszujYlT+azmeP4iVu8CWWYU08GWpT8WBbrgWUhA/Nrnep+O24I+PGnv9jad5PBy9mJeL8Y0L+K
cVvP6bq1X9PnJkt2nUG7zJeNMDr+eWC5i0eDJyzyHjx4jWQzzjsOF/PixRsW08/Qrt2XVZN6TciX
xbz+G/D6l+d++bLW/F7y/oei7pzpmDx5XOWCXG8EEGFdXM6LNbxj0hbc5rYc87j6Xc9HiRLpaPvW
Dhz73M2uqNr00Jo3PXC4A8f2/Jpnu0qcfNFtO9ZrlX30mO3UvcdKJZCLdfzqNSepVu3pJBsttm5u
b9dv6ZdsWDl16jYN+rUax18vZWx2kLrnzD1ETZvNsRuPebOQ+e+VVV+srkmbpT8bz5b911S90q88
eYdTYDywWNUf5q9BWA/zU4wBggAIgAAIgAAIgAAIgAAIgAAIhHsCYVtYX9qxA+2Z9BuV5ZjT1YcO
8Zlt/lX46r59NI7dnju1WGdhPVqcONT1wAFb/GXv3xDlh7l9f/xBi9u0Vfe1y2UtrIuFbPPFiyl3
3bpiWGJL0h7H0B7HYrxY+og78Ezly/n0x/sssMKmfxbrEjtbuaHnsSjX62yJH9Ec45T79/LJE9rN
VqhxkiahQi1aqB7pMUmff7pzh2IlTGD0WeLWz+Axnly92qmwLq6uFfshzF6z4BpkY8L4kiXpFovu
1TgWeDmOke0rcZ9CorCuNylIjHWJLx0nWVKfrnOf3771UpZ5kSL7uFBVGfietlrXBYSr1JE8j4se
BHRBi+Pd82y5nTmzmJJRqxUrSOK5m5nLRoUTbB39Z506ag325njfiTNnsqspsOvPrhL/vnA/tMX6
5wMHUoXvTCEa+B475abXz59TVJNI7JcQrIX1vPy8akt92cQyuXwFurh9u4o1X55jyztLssEmelwf
AchZPv+u+yWsi9g8gt30S+xzLTYf4XfEbN70I6nthvWUtZLNMtzczlNeY2fXr6f07OXAPXVq45YW
1h3dsBsZ/Dnxi6e56KPr12lgKlu74nkiKXtY0EnegYtat/FlsS7vx2UdO/F7dxLHvR/Bce+76yK0
Y/RoWtW9B5Xo2JHqjBur1uGnFNbNAoismfIVOR719gskLnrFSk+7WdYD0KKXK0KFcOjYaakSKEWI
EjfI6dL6vD91nefO36H9+69R3bq52O1yFHVZu3t27IfU2bzFPJo956CdiKLrMluuSlkR1RMmsG22
ELe/kSO7+doAoMXzH76vSD8PqKqrUsff2UryG7bkN3OSG2bRxrwJwczQFVfKHypk2XXWyRdXBe/O
XZexkLyTZDPDsaO9jbjMutoXL9/QZ2VsQlPHjhw/ekxdtX71fVfb0fmD4ujfejQLcr28N06Y/gyr
Lly+8oDSZxiozpewy/96dfNQX/aWMJS9JsgaOuzR0871uWR8x+twwQIPunDxntqQES1qZLs1sYlj
uVcon0XVKR/8WidZZ+Lm2plwrkVJsXTewpbOkU2CqJSXuNLiatyx/1K/JM3f2bMZWBZSt1/rVPfb
2bikfECSnlNZh+Jm3+yKXbjLO0Xc7CsBdkt7evXqreHyOyDcteD9vfdz78i1b7/VNHTYVrtnf8ff
F6lM2QlKWJf3Y7KkvkVymavnz1+pDTXRo0VW7LQobBVmQcR98a4horHjeyYg3HRePR/yfemSllS3
jv2/rQ4c/Jd5jVbZxUNH+XL8bybv5Nc86zx+HXXbrozjxs3HlDLVT8qSX/42dOi4VP3tkTASVSr7
hAaQ9nS9cn7v7i+UIL7PBjr5m6BDOZjbtbm8t8W7lzjxjh42pC7Pp69o0qRdJF5NxHOLY9IhP8zX
p01tqMIGmK/h3IIAhHULKLgEAiAAAiAAAiAAAiAAAiAAAiAAAmGKQNgW1rezkCNxlLOxxeoXU6co
F8zPHjxUYtXcJk3UTIqw3vXgAYrHsZhV4l8GlXDFQp0kEde/YrfxqThOuNeLl3Tgzz9pPVuySyrS
urWKMSwCqRah1Q3+XnfCBMpVV0TMiHRh61aa8+WX6pZYFPc47GFYfr97+5a82KJVkoi2IsBJfV3Y
sjVmAhZi+IczSY7WqDpmdISIbtz2WRrJlqA1R46kkp06GhasblGjklukSOqXbe16Xeoqw26py/fr
SzHY8tfr5Ssl+s+qX1/FaE7C8eJ7spv3iG5uKu76iFy56endu9R0wQLv8USgO2fO0vbhw+nAzJlK
yK05YgSV7tbVEBrEBf9EjsF8+9QpaU6J66W7duH24nPZMzSveXMVX1rGKa6xE0n8cU6yAeDdmzfq
PIJbJI4/3pVOLF/hPwsWYoWTW5SotHfqVBb2OjpnoWoPfFvGJgV23y68S7G7emn7wZWrdJTF0nXs
8j1RliwqdnbkaNG8W7MdHl27RgNTpzGu5WvciK3V5/hp1Wlk9ufkPQuD4j3gENfHE0Etli2jnLXY
pTWfi7IhGyD+qFVL1eLYrl6Dsv5+K1deeXHwb/350x3nt7kvp9ato+nVq6vQDJ3Zej9BunRqY8c1
3vixc/wEOskbAFqtYhfpsjmAk15PzziEQ7dDB32eVb533cNDuX0Xi/XmixdRJF7zkrT4LOd1J06g
wi1bUuToNit+cUl+guOFL/nfN3JbhXNIXcgn1qq6GIAPL7YYX9G1G/0zeTJ1+HsHpWbPATIfYiUv
c759xEg6MGOGqlEsvxPyO0CL27L5RFKD6dMoP3svkD4+4xAKIqjP/dL2jqryy0Cq+N13Kt9bLy/a
w+EkpL2ao+R576Sed+NZV7msP/Tz9Yb7K8+n8JR3n7xnIkSMSI7rVX60X9z2a9o3fTqlLVGC2qxd
ozYh3L98mTcJFVPvC0fxXFrWLuTF0r3T7l2ULFcuunXiBMm7RNI3m2VjUXl1HtzCuhfH2J06bS+1
Z5FPx5RWzwj3RotN0jERmn/8obJhOSiii8QVF2txEZOLFElDb968o5gxbGK4GozDh443LpdFXF+4
oDl9VjqDsgy9eesxzZ3roVy+y/3du7pQ8WJp5dROpOz/Y2XuRyX1jti0+SxVqjxZ5TEL2nJBLHKz
Zhus3L/Ld7mfIUNCFiTf0lMWUMpXmETZsyelLSwmmV2Yr1h5XLn4FYvSXTs7Gy6DtWWs1KUFVznX
SWIiS2xkEV/FfXq8uNFp0WK26G40U4lFZ8/0Y+HN7w0rHypk6b5YHZ+/eM1x6d1o/oLD1Kz5XDXX
YukpPCRFihTRTjw/fOQ6u2ceqe7V/yIPx4r+ghInssVnFq8E3buvpAULD6v7Zjfdr994UUR+x06c
tJu6dluu2unE7bzybidy5IjcD/4bHERJNjVIEmvhRo1nqdjo5vUo98xr0uyJQYTNLl1KkwieksTd
v7h3vnTpvrJEPXa0l3IXb34OxB34nNlfUYb0CVUZ2QjStdsK+uuv02qer1z+keK7x1AeefTGFFmv
PXqUVYK8rPNZsw4a61wsu2XThd5EoirlD3ObWza3YzfymZmhF505c4em8AYPsaDv1bMsSZgGSW95
Y9/LV17qPCrHBV+w8Iiy2g1qFtKAbEopWmyMeo5kradMEU+1Kx96M4uMa/GiFnZrysjk4om8mzp1
XkaTf9+jSgj7GX9+yewT0K3/ntCIEdtoHG/+kKSfSfNmloBwN4u14vL/y8b5jXedPDtimb527Sk7
sdu8oUae+7Vr2lLWLElUf+Q5ELfjw4dvVe8Bs4v7H/uvo4He1vticf3NN8XVpqVzHCKg8ZezVDmp
ZOSIWtSt62fGvyNVxQH8MI9Lik6cUI83LeVW7zx5d0t7kqT/5s1TMrZnz15TkqQ/qHf1wQPdKQFv
SuI/gSqZnynbFdun+Xk8d+6usuqWvyvmd4CsT0fLeSmtNy/o+qRPJ45zzHXv51Nfl/WXM9dQ9W6X
vyF16+RSjM6eu8O8tynre8nryE+7c5d78uz061dBPd/yXO3ff5W+qD9D1Zk9exI6dqS34RlF8ksy
i/PyXazVA+MiX8qGuwRhPdxNOQYMAiAAAiAAAiAAAiAAAiAAAiAQ7giEYWGd5/Iai25jONayK0nF
+maxLSIL4WZh3VlZEci77NtrE785k52w7qSQCDgiZKXM7+1qln+0U3HXWYT3K9mV4zKu9E/qi5cq
FYnLZRG43rObz9U9eyqrUd1WMo61roU9dY3714YF2GzVbJaLIg7O5A0Gx5cu00WcHqWPEm9eREax
jpc2X3l6Os0v4q9sWMjX0LaBQbsp12K804JcrjGLlAWbNVVZXOEuGY35ZQExsG2pBpm/iKQLWrVS
X60+0pcuTd9s2Wzb1GDOwGU3/vwzbfjpJ/XDqFWcc3P2gJ57sleB8cWKK8toKStzIJsWxPL4Kd+T
JGuiK89T7KRJ1XcR3RexO3axQHaamHlbFsOzVqnsNEtAboiV+Oj8BYx+JmFLaMd5F36ZypUjtSGk
Vm276rXorq3EzTdlo0ZittwXwWFBi5Z0aPZs43Ye3jwiQvfVvXuNa8JI5iFh+vTGtYCcqE0C1aq7
VKTuhPFUgsMp6GQWqPU1x6PETdebD9b07Ufbhg51zKK+m13hW2V4wGEZfk3n9xh7MIfkefLYFdfu
4O0uen+RvvXgTThx9Fryvi7iv8RmF48BkuR9JxsgJEk/WyxbajwbwSmsW1ngSZ/MVq7alblclyT3
Nm06S99+t9Z2weHTbCXocEt9NYvhVvflWrVq2ZXobhZv1q47RdVrTLUsYuUu+OeBG6k/u5/2K4n4
t3ypfUx0EYaKlxhjiFtSvnLlrLSB3UFLErFHYvTGimnbsKIu8sd/t58oEenOnafqkmwc0Oci8HTv
VkZndXr8WMK6o7hm1QGxCBYRy2wZPfn33dSu/RIje/78ts12Hh7XjWuTJn5B7b4pob5fv/GIUqUe
YNyzOhExSgvWVvcDck1bZftXxhx6QMTaVuz6Wrwc6GQ1rn/2dKWivFlEJ71JQn+XjReenraQE/qa
iKR9epczNmpoDwf6vl9Hx+dGNvHIRgFpV5JVe7/+Uo2+ZXFQkrbsVl/8+DBb6waGhdU7Q2J3N26U
35cwKt0ITDxrKWcWT83PktxzTB07lKSxY+p8EHfHZ0R4i9WybDgZPWaH0aRskMmcKbHxff+Bf6lI
0dHG99y5k1EaDjWxevVJ45qciMg/4KfP1TXZ9FOy1DhllW6XyeKLjF3CFrjHi2Fx1/9LjuNyVkI2
SOTPZ3u+9SYhZ3nluvmZ0vlcfR6dCdI6pIauT68r/V0f5dmo32AGLV1m24Snrzs76r9nUq5nr1U0
avR2I6vMl2yAMKc1q9tStarZzZeMc+09RS7IBoxmTQO/AdGoNDycQFgPD7OMMYIACIAACIAACIAA
CIAACIAACIRvAmFbWBfR8NTatTTd2/JVz7UIbJUHDKDDLOxuYnfUksT6/Ispv/sI6w0bUn12mZ6c
xedd48exJfBclU/iDFfmMoVaNKdIHJ9ZJy3wiqt1cW2+b9o02sZW3ZJEvBP3x2LVHTtRIl1EWRKv
79/f6IPPDfszEa17Hj9GSdmaXI3J2+LXPpfvb8o6nsWyqLFslnfKcnnNGiWkaqFVlyrLfS7Rvp2d
y2m5Jxb+q9mds7JO984sVvw12RtA6oIFaXLFikq01X0UMV6s7iVJvhrsDvrsxo10bLGPYJG1cmX6
nF3Ap8yXz7tGWzz3SZ+VIbFa9jMxixZLlijrecmnY5f7WYZvCv/aY8eoH6NFWA9MW7oN2aSwna3V
13CIAXPKXa+eWkeZKpS3jtnN63ELu8Vf9+23dt4OzHV86PmrZ89pN1s0r3V0r8/cqg0erDwaRIlh
+tGa++TfGpS5bb9ju3JJ/qH90+VvnzpNi77+mq7s3q0vqedEXMPn4c0cYsUuyUq41qK7o9BsFqGl
rPywfGThQprT2OYtQq7plJnXbaGWLSh7tWpqnerrAT1q62xn5eTZl/dNkdatKG3x4r6yveTNJ1sG
DaatEi7BIdUeM5qKMiNtaf/3mDHsxcHHtbo5u1iuy/qWubJK/gnr0k8R8M3u3nU9t9nLxHTePCCu
7HWKyx4+/rdpIyXJmlVfsjtKaInZjRrTmb98xN5szLrpgvk+7yMuEZzC+l/rT1PValPs+imCkrji
zZ7NttFE1oy45RXX1ZJEKBMhQmLYWglerogNYrneu/dqWr7iuF3bUt+U3xtSTRa8rebNSlwXa+qp
UxtR3DjR7OqyGptdBv7iTPC+d/8ZdWIX09oiW5dztNzW1/VRhKHPykwwBHW5LuJn3z4+YqvOa3X8
WMK62frZql25Jq67JQa8oyXpIY9rSoySkADmJJsNBv78ORUqaAuNIPfMmwvE6lPcWTsmR8tYx/sB
+W4l8lqVnz3rK/qqSQG7W8uWH+NNA4vt5koytG1TjH76qbJdPHRdUCzau3RdrlxU62tylHXRu3d5
Klgglfmyet+OHLWdevVeZXddxPevvy7GbsyXKUt3uWnVRxFgxTOAbG4xp86dSlFTFvTM7ckmEtlM
4l/qzS7whwyubvd8BYSFWVjUba1e1YaqV8uhNrKY+yDP8z97ulD6dDbrfp3flaO4RC9Vepwhesqm
hRdsOa4tvaUO/b6oVTOnXZXyzgood/MzIhstzJtHpHKr9a4bvXzlPg0YsJFmzrKfJ7nft095asSb
DvLkTq6zq6O4Hf/++7WGxb2+Ka7FRcxv0XK+uvShz4sW1mVDRd++5WkaeycZxlb0kuRdL5sSuvGm
n0QJvf9NzNdFeO7Rc6XK4+xj/rxm1Kihz79XJZ+rz6OzzUkyb1owdya+6/5YPRsynjGja1OhQmmo
QsVJxrMtG4ZysHcSndasPUmt2yww7uvr8ly2b1+SUqdy15d8HXf8fYHd/0/0ZeHvKyMu2BOAsG7P
A99AAARAAARAAARAAARAAARAAARAIOwRCOPCuveEiQtkcWcuKRqLzNHixvW+Y3FgoVFZhLOwXne8
WJi2NzKJJaZyrW5c8TnRwrrZMlru+lXGp3Twnonrb8/btykyC6xv2I26uILWLrSd9UTcZ79la3Q3
jh0eg/M74+CsvAhtigW7mPeTv7MKQuB1WVevOH52BP6BVFg6utJ27PLjmzfp5xQp1Y/8PU8ctxQx
HcsE9rt4DnjKrr51kjn2r386b3Ae9bqQ0ANBEevcqu+O6102fBibTawKfIJrwkHeUfJjuwjpEqIi
oM/Yx+y2PLv3L15U7u0jcf8SsIW/2aW4s7bvnDun3i0S7iIRexJwFJCDU1h31sfgui5WqY8fv1AM
YsWKSkkSx/a3aRGk/v33oXIf7+4e3c4Ntb+FA5hB3Hbfv/+c+0eUMGFMSpokjr81iAtocSUu8dvd
3CJSWrZedTVpa/n//vP8ICtVV9sLSL4HD5+zhfZLNVcxY0axi2sckHpCUl5xn37nrie7UX+vXKnH
Y6tgxw0aVv2VdRsxYgRVLkaMyL68FziWEZH40aMXaj0kSBCDJAZ7QJK4In/5kl3sc5uxmL3j5oeA
1OUsb2BZOKvvY13XLKR+93jRfb0/ze0GlLvMq7yHxPW4tPP06WsOb/GWokePrNz7m+u2Ohex98WL
NxSNy8vfLVlL/s2VlHnHGxNlDcaJEzXAa8OqH+ZrWlgX7xwrlrUy/kaJtwL/+mauJ7jOhbu4kE+a
NLZL71uZs1ccAkHetwnix3B5TLLeb9/xpBgcuuQ5eykRN/dRo/gdokKYlSk3kXbvvkyzZjahpl+5
5v0ruNiF6HYgrIfo6UHnQAAEQAAEQAAEQAAEQAAEQAAEQCAICIQPYT1AoFhYV+6n69RRFutF27R2
qbi2nJb41U3mzvXzB1CXKkSmsEWA15W4gBdX8GXZ0r36UN8WymFrwBgNCPhPIKiFdXP8a/9bR45P
SUAs1gsUHEn37j0LccL6p+SCtkEABAJHQFvii3W5uFZ33MgVuFrDZyntrUEs7sU9vzlsRvgkEoBR
Q1gPACxkBQEQAAEQAAEQAAEQAAEQAAEQAIFQSQDCunnaxMX3vunTaT/Hm5Y4zOL2Pd+XX9IbtraM
4e5Olfr/6NuymwXT89u20c5xY+nkSpsLVHE7LtamUq7C999RvBQpzM3gPJwQeHr3nhLTI/Ja8GL3
83un2mImi8V07bFjqWDzZvjhN5ysBQzTmkBQCOti+Vy4yCjlirtQoVTsMjm2ctktcX4hrFhz/5RX
Fy85QtP/2Ke6ILHcxcX1h8RV/pRjQdsgAAIhg8C27edp7Li/aeXKE6pD4vZdrNRfvnzDbugrUYrk
fniqChlD+KS9EAv1wUO20PXrj5Rl+7z5hwz38T/1r0I9e5almGzxjuQCAQjrLkBCFhAAARAAARAA
ARAAARAAARAAARAI1QQgrJunT2Jvj8iZyy6WsL4vYuh3ly9RjPgOrm5ZWF/Upg3tYzHeMYmo03HX
TsvYyo558T3sEbh96hQNy2EfD1WPMkmOHNTz6BESF+hIIBBeCQQGqPo6AABAAElEQVSFsC5uiJu3
mEez5xw0MIrFosTQdsVdvVEIJ8FCYPSY7dS9h09M4w+NqxwsnUYjIAACIZpAm7YLecPOXss+7t7V
hYoXS2t5DxdtBGSDWvoMAw0x3cxF4rlfufyjSyECzOXC7TmE9XA79Rg4CIAACIAACIAACIAACIAA
CIBAuCEAYd1xqh/fukXP798nsTI2J4ktnjBDBvMl4/zlE096ePUKReQ8jilhxowhKlayY//w/eMR
kNje9zgu9Xs+sums0ZB8lzjz8VKmNK7hBATCI4GgENbDIzeMGQRAAARAwIeA59NXdOXKA44/HtHn
ovdZxgwJXY5H7qtwOLpw7fpDevz4JbOyZyjfM6RPCA8wrq4FCOuukkI+EAABEAABEAABEAABEAAB
EAABEAitBCCsh9aZQ79BAARAILQTgLAe2mcQ/QcBEAABEAABEDAIQFg3UOAEBEAABEAABEAABEAA
BEAABEAABMIogcAL6/RuTBhlgmGBAAiAAAiAAAiAAAiAAAiAAAiAQAAIQFgPACxkBQEQAAEQAAEQ
AAEQAAEQAAEQAIFQSQDCeqicNnQaBEAABEAABEAABEAABEAABEAg5BCAsB5y5gI9AQEQAAEQAAEQ
AAEQAAEQAAEQAIGPQwDC+sfhilpBAARAAARAAARAAARAAARAAATCDQEI6+FmqjFQEAABEAABEAAB
EAABEAABEACBcEsAwnq4nXoMHARAAARAAARAAARAAARAAARAIGgIQFgPGo6oBQRAAARAAARAAARA
AARAAARAAARCLgEI6yF3bsJOz554vqIlS45QvHjRqVbNnOTmFjHsDA4jAQEQAAEQAAEQAAEQAAEQ
AAEI61gDIAACIAACIAACIAACIAACIAACIBDWCUBYD+sz/KnH9547sGTJUWrQcAYlSRKbTp/qS+7x
YnzqbqF9EAABEAABEAABEAABEAABEAg6AhDWg44lagIBEAABEAABEAABEAABEAABEACBkEkAwnpI
mJfHT17S9z+spezZk9I3XxenCBEihIRuGX149/49jRq1nW7cfEyDB1WjaFEjG/f8OxFhfceOC1S2
3EQI6/7Bwn0QAAEQAAEQAAEQAAEQAIHQSQDCeuicN/QaBEAABEAABEAABEAABEAABEAABFwnAGHd
dVYfL+fpM7cpe44hVLNGDlq2tFWIc5X+9NkrKlJ0NN2//zxQFuenTt9WGwcSJoxFY8fUoejRXBfm
Px511AwCIAACIAACIAACIAACIAACQUQAwnoQgUQ1IAACIAACIAACIAACIAACIAACIBBiCUBYDwlT
c+78XcqSdRA1bJCP5s39iiJGDFkxyF+8fENFi42m27efBkpYDwmM0QcQAAEQAAEQAAEQAAEQAAEQ
+GgEIKx/NLSoGARAAARAAARAAARAAARAAARAAARCCIGwK6zfvPWYFiw4TFGiuFGEiBGobeuidPbc
Xdq16xI9e/aaxesIVLx4OipSOLWd63Vxe75o0RG6ceMRRY0aiTw9X1GzZoUoefK4tHHjGZo79xCd
PPUf1xuJunf7jOp/kdduLs+du0Pz5nvQho1nyd09Or17956KF0tHjRrlpcyZEtvl1V88Dl+jAgVH
UelS6bmNduTGfdNJ3MK7uVkL7Zcu36dZsw7Q6jUndXYqWTIdfd22OOVgt/JW6c5dT5o3z4MWLjpM
r1+/pUSJYlHZMhmpaNG0XM8JLpeMWjQvZDB5+/YdeT59RSVKjlUW64c9elJiLvOeOanEXY3k5uar
qTdeb+nPP/fRq1dvuS5SbQnDhg3yGnX7KsQXXr7yUuNZsfwYnb9wl8fuRqlTu1OD+nmoBlv0R4kc
ySj27Plrmj59r/ru5fWO6tXLTbv3XOHxHaJbt55Q5syJqU/vcpQ3TwqjDE5AAARAAARAAARAAARA
AARAIMgJQFgPcqSoEARAAARAAARAAARAAARAAARAAARCGIGwKayL5Dt37kFq2myuv7yrfp6NZs/+
iuK7x1B5xe15hoy/0J07T9V3EYVXrmhDixcfptlzDtnVlyRJbMOCWwT5QYM30Q8//GWXR3+RegYN
qk69e5ZVFukiPNep8wetXXdKZ7E8pkoVj44e6UXu8Wz9k0wyvkm/7aKOHZdalpG2RoyoRd26fGaI
2FJm27bzVL7CJMsy+qJ2Rx+RxfwhQzfTt9+u1bcsjyL8i9ieJ3dyu/uXrzyg9BkG2l2TjQNbt3Rw
ulFAXOJXrzGVLl26b1dOfxHe27d1oKxZkqhLJ07+R7lyD9W3LY/Sv927OlMx3jiABAIgAAIgAAIg
AAIgAAIgAAIfhQCE9Y+CFZWCAAiAAAiAAAiAAAiAAAiAAAiAQAgiEDaFdQH86rUXbdhwlmrVnmbw
VuL2r9XZkjkRrVhxzBDKs2RJRMeP9aHIkWyW1yLw3rv3jAYP3kx/rT9tlE+SODZNnlxfWV936ryM
YseOospF45jhv03eTR06LFF569fPSwN//pxSpIhL168/pgED1tOChYeV5fb48fWoQ7uSJMJ62bIT
lIW10YDFiaOwLgK59L1uvT9V7latilDvXuUoTRp3+u8/Txo1ajuNn7BTtbV4UQuqVzePyidxznPk
HKLOhcP0aY2VdfuNG9K/DbR9xwV1T4T15ctasZX/hwnrUtnBQ9foJbuRF5Z16v7hp6v7Bw+fUbbs
Q9SGBunfwgXNqUKFzGzxb9sQUL/BDNU/82YGL2Z4+MgN6t9/vTFPwqNH9zL06NELtbFCRPrGjfLT
3DlfGZsMVEX4AAEQAAEQAAEQAAEQAAEQAIGgIgBhPahIoh4QAAEQAAEQAAEQAAEQAAEQAAEQCKkE
wq6wLsRfv3lLJUuNpQMHrpEI1P/s6Uop2B25JBGo17AL9Zq1pikReumSllSndm51T9/v0mWZEqnl
e/v2JWjUyNoUlV3ASxIX6dpF+63/nlDyFP3V9d69y9OQQdXsRFyxZu/TdzVbkW8jEYaPH+tNiRLG
UvnlQ4veImpLP8zJ0RW8jnd+7Ngt+umnKtT/h8rm7GpcffutpmHDtlKGDAmU8C8u7Vu3nk8zZh7w
xUEKi8hfv/4MWrnqBGmLdT02R1fwRw734r7H9NcVvLlTMg+FCo+kbFmTWsaQl7kYNnwr9WVGceJE
o4MHulOmjInMVSi38JmzDFJzJdb43buWUfelrJ4nR/b7D1ylIkXHKA7S71gxo9rViS8gAAIgAAIg
AAIgAAIgAAIgECQEIKwHCUZUAgIgAAIgAAIgAAIgAAIgAAIgAAIhmEDYFta1CH38+H+0Y3tHKlUy
vd1ciCj7Y/919Msvm1h4LkpT2Bo9IltqS3IUbAf/WtW4pzKYPo6fuEW58wyzFM11NrHILlR4NF2+
/ID27O5CRYuk0bfo3Pm7lCXrID8tunVmnVe+t2hRmGrVzMlW4V76toopv337BbUhQFt3R47sxgLz
aDrNVuurVrah6tVyGPn1icReL1tuIhXjePBmDnJfc7x9+6nh+l6Xc+WoyzsT1mXjgQj/MzlevLjL
78ubExyTzIf2CmAW//U8TZi4y5dLenHrL+O+f/95oPrt2Ad8BwEQAAEQAAEQAAEQAAEQAAFLAhDW
LbHgIgiAAAiAAAiAAAiAAAiAAAiAAAiEIQLhQ1h/+PAFnTzRl2LHsrdYFlF2FVtp164z3Zeltl+C
rXkBSL558w7RV03n+CmMi8ibJ+9wJawfOdyTcufyiUmuxXLthl2L++Z29LnOq7/7ddTCuriqL1ps
NMkGA8e2/Sqv72lh/GMJ61oAP336jrJWz58vpW7aOArnGTP2UysW4MXd+9TfG6iNDuZ52r+vGxUs
kMoo86H9NirCCQiAAAiAAAiAAAiAAAiAAAj4RQDCul90cA8EQAAEQAAEQAAEQAAEQAAEQAAEwgKB
8CGsX7nykE4c70OpUsazmzSzKG62gpZMfgm2dpXwF7PLcYnVHp2FbMckIm/BQiPZavwOOQrAWixv
2CCfpat0c10S/z17jiGG+/qUPKZ376S3vpO4Vc+aJTE9e/7a22Ldd9u+S/m+8qECtS7vl8V6A46h
vmz5MZo/r5naoODYCxnh4sVHqGGjmXabIPyaJ92ufxsCxN39lasPVJPp0sZ36pnAsU/4DgIgAAIg
AAIgAAIgAAIgAAKKAIR1LAQQAAEQAAEQAAEQAAEQAAEQAAEQCOsEwoewLvHIe/QoS8OH1rCLfa7d
s1+6dJ9+/LEyDehfxZhwvwRbI5P3yfkLd0nH/165og3VqG7val3q0pbxEjP9zOm+lDlTYqMaLayX
LpWetmxpT5Hc3Ix7cvL6jRdFiWyL7S7x3PPmG0537z6jzZvaUbmymezy6i9S5vXrtyquuDnWvNna
W+eV4xPPV/Tbb7vYnX0catG8kPkWaYtycakuscqTcpx4cxJh+j3/59hvnUcL3M6Edc16/ISdlCVL
Ijp2tLcxXnMdn5UZTwcOXKNOHUvS2DF11VzqsuIK3nHDgm7XL2Fdxlau/ERVr7Ql7R862JNixoii
m8YRBEAABEAABEAABEAABEAABPwmAGHdbz64CwIgAAIgAAIgAAIgAAIgAAIgAAKhn0D4EdZlrjqy
INu9WxmKGyc6nTl7m5o2m0siqovYffxYb8qRPama0ucvXqtr1atPpW0cr1zisxcpkprevHmn7seI
HtlOoJcY4S1azKXZcw7xdaJlS1up2OdSrwi/q1efpFq1p6myjRvlpzmzm9hZRV++8oDSZxio6tRi
+atXXnT6zB2aMnUPC967qVevcjRsSA3Dkl5EaLFIX7K4BVUon9noz8VL91Ss8oEDN6qY76dP9aV4
8WIYwr50olevstSvbwVy5+vSzr79V6k+W4zfufOUcuRISkdZPHdzs8Wal/xamD948BqNHFmLunQq
TTxkuspW3ouWHKV+/dYoQVpE92hRbdb6wlDySHrJ1vqlPxtPGTMkpPnzmxnX3dwiGPk9Dl+jAgVH
qfz16+elCePrUeJEsdT3m7ce88aIlbRg4WE1zsMePSlPbpsr/Tdeb6lx41ls7X5czVOpkulVGfnQ
ceNlQ8DBAz0oZYq4xj19ojc16O8yZ44Cvb6HIwiAAAiAAAiAAAiAAAiAAAhYEoCwbokFF0EABEAA
BEAABEAABEAABEAABEAgDBEIX8K61cSJED5zRhNq+lVBJVpv3nyWKlWebJXVuGYljouIW6z4WCXU
S8bYsaNSpkyJ6Pr1R0qwlmupUsVj0ba7L4tvEeZFHF7Ers4lSVlPtiDXSfr4yy/V6FsWwyX5bisa
fV4lK23fccFoS/KVLJGONm5sp1zTSxs9e62i0aO3yy2VcudORmLNr5O0s3pVW6pWNbu+pI6ij+v4
5nY3TF/M1vaOYrUpm92piNg65ru0Mfn33dS+/RIjT/78tljrHh7X1TXp38SJX1C7/5VQ3/WGBKMA
n7RuXZSmTmlot5FA7kvZGX82oWZNC5qzk2NfpU9m4d4uM76AAAiAAAiAAAiAAAiAAAiAgBUBCOtW
VHANBEAABEAABEAABEAABEAABEAABMISgfAhrD98+II2/PUNbdpyjn79daMhPosI27VLacqZI5ma
VBF3d7A4XbbcRPVdhF0t6ppnXVyRjxldx87qXO5LLPOJk3ZRnz6rzdmVqDt4cHV2YV6KYkS3djEu
bunFKnvGzAN2ZTt3LsWifyEqWCCV3XVx3T5m7Hbq33+93XX50oit4lu3KqzcxEeM6GN5LuNbs+Yk
tWm7wGCgC/fpU57atytBqVO560t2RxHmR47aTr17r7K7Xq9ebm6rKFWokJkiR7K5sLcSvO0KeX8R
i/uDB7pTpoyJjNsHD11ji/pVapOAcZFPKlfOSgN//pwKFUxtXL7GmxYkbr1Y2uvUu3d5GsKs1607
RdVrTNWX1RysWtmGqlezd9P/ki32O3VeRtOm/aPydu5USlnlO3Nrb1SIExAAARAAARAAARAAARAA
ARDQBCCsaxI4ggAIgAAIgAAIgAAIgAAIgAAIgEBYJRC2hXWJn12i5FiSGNvnzn5LcWJHUxPpxe7D
xTLZ7O48KGf41WsvunfvmVFlggQxDJfnxkUnJ+JC/eVLLxbtI1CsWFGcxi3XxSW/bByIFSuqcrke
N240f9uSmOi373hSDI4j/pw3AyRIEJOiRrHFcNf1OjtK7PZnz2xu3mPEiOxvW87q8e/6g4fP2Wr/
pZqnmDGjUIL4Mf0r8kH3n3BbinnMqB9UDwqDAAiAAAiAAAiAAAiAAAiEQwIQ1sPhpGPIIAACIAAC
IAACIAACIAACIAAC4YxA2BbWJTZ4ocIjlbB+6eL3Tq3Fw9mkY7ggAAIgAAIgAAIgAAIgAAIgAAJB
SQDCelDSRF0gAAIgAAIgAAIgAAIgAAIgAAIgEBIJhF1h/fyFuzRq9A6aPHm3At+gQV5Kniyuctfe
vFkhKlE8XUicEPQJBEAABEAABEAABEAABEAABEAgtBGAsB7aZgz9BQEQAAEQAAEQAAEQAAEQAAEQ
AIGAEgibwrrEEp8//xA1+WqOLyDsAZ4GDqxK3/Wr6OseLoAACIAACIAACIAACIAACIAACIBAgAlA
WA8wMhQAARAAARAAARAAARAAARAAARAAgVBGIGwK6zIJEkf93Pm7Km62eVK8vN5RmjTxKTbHJEcC
ARAAARAAARAAARAAARAAARAAgQ8mAGH9gxGiAhAAARAAARAAARAAARAAARAAARAI4QTCrrAewsGj
eyAAAiAAAiAAAiAAAiAAAiAAAmGFQHgR1h88eCAe4pBAAARAAARAAARAAARAAARAAARAIFwScHd3
D5fjxqBBAARAAARAAARAAARAAARAAARAAARcJxABwrrrsJATBEAABEAABEAABEAABEAABEAg7BGA
sB725hQjAgEQAAEQAAEQAAEQAAEQAAEQAIGgJgBhPaiJoj4QAAEQAAEQAAEQAAEQAAEQAIFQRQDC
eqiaLnQWBEAABEAABEAABEAABEAABEAABD4JAQjrnwQ7GgUBEAABEAABEAABEAABEAABEAgpBCCs
h5SZQD9AAARAAARAAARAAARAAARAAARAIOQSgLAecucGPQMBEAABEAABEAABEAABEAABEAgGAhDW
gwEymgABEAABEAABEAABEAABEAABEACBUE4Awnoon0B0HwRAAARAAARAAARAAARAAARA4MMIQFj/
MH4oDQIgAAIgAAIgAAIgAAIgAAIgAALhgQCE9fAwyxgjCIAACIAACIAACIAACIAACICAUwIQ1p2i
wQ0QAAEQAAEQAAEQAAEQAAEQAAEQAAFvAhDWsRRAAARAAARAAARAAARAAARAAATCNQEI6+F6+jF4
EAABEAABEAABEAABEAABEAABEHCJAIR1lzAhEwiAAAiAAAiAAAiAAAiAAAiAQFglAGE9rM4sxgUC
IAACIAACIAACIAACIAACIAACQUcAwnrQsURNIAACIAACIAACIAACIAACIAACoZAAhPVQOGnoMgiA
AAiAAAiAAAiAAAiAAAiAAAgEMwEI68EMHM2BAAiAAAiAAAiAAAiAAAiAAAiELAIQ1kPWfKA3IAAC
IAACIAACIAACIAACIAACIBASCUBYD4mzgj6BAAiAAAiAAAiAAAiAAAiAAAgEGwEI68GGGg2BAAiA
AAiAAAiAAAiAAAiAAAiAQKglAGE91E4dOg4CIAACIAACIAACIAACIAACIBAUBCCsBwVF1AECIAAC
IAACIAACIAACIAACIAACYZsAhPWwPb8YHQiAAAiAAAiAAAiAAAiAAAiAgD8EIKz7Awi3QQAEQAAE
QAAEQAAEQAAEQAAEQAAECMI6FgEIgAAIgAAIgAAIgAAIgAAIgEC4JgBhPVxPPwYPAiAAAiAAAiAA
AiAAAiAAAiAAAi4RgLDuEiZkAgEQAAEQAAEQAAEQAAEQAAEQCKsEIKyH1ZnFuEAABEAABEAABEAA
BEAABEAABEAg6AhAWA86lqgJBEAABEAABEAABEAABEAABEAgFBKAsB4KJw1dBgEQAAEQAAEQAAEQ
AAEQAAEQAIFgJgBhPZiBozkQAAEQAAEQAAEQAAEQAAEQAIGQRQDCesiaD/QGBEAABEAABEAABEAA
BEAABEAABEIiAQjrIXFW0CcQAAEQAAEQAAEQAAEQAAEQAIFgIwBhPdhQoyEQAAEQAAEQAAEQAAEQ
AAEQAAEQCLUEIKyH2qlDx0EABEAABEAABEAABEAABEAABIKCAIT1oKCIOkAABEAABEAABEAABEAA
BEAABEAgbBOAsB625xejAwEQAAEQAAEQAAEQAAEQAAEQ8IcAhHV/AOE2CIAACIAACIAACIAACIAA
CIAACIAAQVjHIgABEAABEAABEAABEAABEAABEAjXBCCsh+vpx+BBAARAAARAAARAAARAAARAAARA
wCUCENZdwoRMIAACIAACIAACIAACIAACIAACYZUAhPWwOrMYFwiAAAiAAAiAAAiAAAiAAAiAAAgE
HQEI60HHEjWBAAiAAAiAAAiAAAiAAAiAAAiEQgIQ1kPhpKHLIAACIAACIAACIAACIAACIAACIBDM
BCCsBzNwNAcCIAACIAACIAACIAACIAACIBCyCEBYD1nzgd6AAAiAAAiAAAiAAAiAAAiAAAiAQEgk
AGE9JM4K+gQCIAACIAACIAACIAACIAACIBBsBCCsBxtqNAQCIAACIAACIAACIAACIAACIAACoZYA
hPVQO3XoOAiAAAiAAAiAAAiAAAiAAAiAQFAQgLAeFBRRBwiAAAiAAAiAAAiAAAiAAAiAAAiEbQIQ
1sP2/GJ0IAACIAACIAACIAACIAACIAAC/hCAsO4PINwGARAAARAAARAAARAAARAAARAAARAgCOtY
BCAAAiAAAiAAAiAAAiAAAiAAAuGaAIT1cD39GDwIgAAIgAAIgAAIgAAIgAAIgAAIuEQAwrpLmJAJ
BEAABEAABEAABEAABEAABEAgrBKAsB5WZxbjAgEQAAEQAAEQAAEQAAEQAAEQAIGgIwBhPehYoqZP
ROD9+/e0du1aevr0KVWuXJnwo1jAJ+Lq1au0Y8cOypQpExUrVizgFaAECIAACIAACIAACIAACIRi
Avh/iFA8eeh6kBCQ/69esWIFeXp6UvXq1Sl+/PhBUm94quTy5cu0efNmypo1K5UqVSo8DR1jBQEQ
AAEQAAEQAAEQAIFwQyDC4cOH3798+ZIiRIhgOejIkSNTunTpLO/hIgiEBAKXLl2iggULqq5s2LCB
ChUq5HK3vLy8qE+fPnTjxg2KESMGybMwZcoUihUrlst1hIWMffv2VeMWUX3VqlXk5uYWFoaFMYAA
CIAACIAACIAACICASwQ+VFgXQc2//6/OkCGDS31BJhD4FATOnz9PmTNnVr8N7dmzh4oWLepyN7ze
eFGnzp3o2rVrFDNmTPUszJ07N3z9f/V7os5dOtP48eOpdOnStHXrVvx/tcsrCBlBAARAAARAAAT+
396ZAMlVVX/4abGpKJQixi2mULRQUSMllojlShBccMENoiwhAUJCIqAIsoQggkIiWETEaBKIpaCi
JbHc0IISLHFBg+JaaoEii7K4W4DCf777n9PcfvNe9+uemaR75rtVme5+fd+99333TmrO/Z1zrgQk
IIHhIfCQWbNmPXDjjTfWjngYhTZE0o0bNxZbbLFF7XMhor74xS8uHvrQh6Y6CKzf/e53i//85z9t
TgYzZswonvvc545p569//Wvxgx/8oMCrm3vxSI6Nkn//+9+prfvvv791Hw4KL33pS5Nh1WtfrUbG
8ebvf/978ZWvfKW46qqrCt4//vGPTwL0dtttV1x//fXF3Llzi5kzZ46jh8136+23317ssssuaQDf
/va3i9mzZzcezL/+9a/kSR6/A4997GOL73//+8X222/fuI1BqMicnnHGGcUznvGM4pBDDmlbw03G
d+655xbLly8vXv3qVxfr1693A6AJNOtIQAISkIAEJCABCUwZAuMR1rEhn/3sZxc4/NaVYRTabr75
5uJHP/pRR7saERU7N7eryYSFTZw77z/hCU8onv/854/Bc/fddxeIuGFXP+tZz0pZtKhIG9ivuV29
1VZbFa985StbdnUvfY3pvI8L2F1f/OIXiyuuuKL429/+VjzxiU9MGb+wH6+77rpi3rx5xcgeSx8t
b/5bbr311oJ5Yt7Y6wjn9SYjI3sc+ybxO/C4xz2u+OUvfzl02eSY05NOOql45jOfWRxxxBFta7gJ
hzPPPLM48cQTi9e//vVpneiw3oSadSQgAQlIQAISkIAEJDBcBAhTH/GrLYr99tuvZTQQrUvk71/+
8pehFNrwjF68eHHXmfjd737XMvR+/etfV6bAfuQjH5k2ExBc81LuIxdkf/WrXxV77LFHXj29j/56
7WtMQz1eQCjeZ599Ot714Q9/uDjssMM61hnUL9ncwPi94447CgzZpzzlKT0NFSeJ2267Lc1ZPo89
NbKZK//mN79JEQX9CuOk0r/ooouKl7/85X1tIGzmx7d7CUhAAhKQgAQkIAEJjIvAeIR1otV32mmn
1P9b3vKWll2NLblhw4biz3/+81AKbWvWrElCcSewiLDYYZE2/Be/+EWBOF4uj3rUowoionfccce2
r8p95ILsDTfcUOy6665t9fP+eu2rraE+PlxzzTUd03szNqKVjzrqqD5a3/y3ICofc8wxaT5xvO41
cyFOEgQ5MGf5PG7+J2s+ApwBENX7FcZJpU8GvDlz5hRLlixp/V/QfATWlIAEJCABCUhAAhKQgAQG
ncBDXvWqVz2w//77F29961vbxvq1r32tOPDAA4vzzjuveOc739n23aB/QMAOr3cixT/72c8WGMF4
XCMek6IPgx5jJ/esJwX2vffeW3zmM59J9eM5P/axjxVvf/vb42N6xWCkTQR2Ir632Wab4vDDD0+G
KEIv0eF42J999tmp/gc/+MHiDW94Q8uzvpe+2jru8UMuqhMhwHjY9MEb/UMf+lDx5S9/ObU4zMJ6
j0gqq993333FK17xirTpNYwR66x5UuCzxj75yU+21nXlw3pRAhKQgAQkIAEJSEACEmgjMB5hnSxY
COoHHHBAygSWN4y99cY3vrFY/YnVxbzD5uVfDfx7hHAiwokm32rLrYp1F61LEeSkCEc8JlKfDG+v
ec1rWvYH2dm+8IUvFPfec2+xdt3aVJ8HRXRet25d8a53vavtuUkdftWVVxVr1q5JEd8Pe9jDkiBJ
1G9EhxMNffrpp6c2PvKRj6S9CyKBe+2rreMeP+Si+u67716sWrWqeNrTnlYQ1U/mr89//vNpfMMs
rPeIpLI6+ynYpWSVG8aIdRzWyQL3tre9Le0LxX5R5cN6UQISkIAEJCABCUhAAhKYlgQectddd6WI
9fzpSbWGQIfx+MMf/rCV4jyvM0zv4/xoxHZStncq+bMTxc9GCAYzaeIR6csl2uY6EQmcoxUp4UOs
xTBbvXr1GG/lXvsq993tMxs8RDD//Oc/T/OJ53SeHh8Hg7322it9X+VAceedd6bn/9a3vpUcDojs
xjnhTW96U8FmQl6uvfbaFNnPNRgTNY7ASwo5Nj1w3DjooIOKrbfeOr8tvb/nnnuKb37zmymag80b
6pNK8XnPe15B3wjehx566Jj7uIf6pAOkwJt6ODl0KmQUiLT/3ItHPf2x4cXGTpWwjvf+l770pWRc
0w+FecbphNSHeWHjibo4L9A+G0EY5qTVI1U9G02MgfW0cOHCNDdxP5tDbF5dNZLykHFEXzDAKYQU
/lXlpz/9afGyl70sZV0gNWGeco5NrPxz3M/8Xnrppa11zTwwr+W5jfrx2su6uOmmm9K8Mu/8frzk
JS9Jz0+EPM9GZoelS5cW5YwQ0Rf//zBG0ipSiJqgDaJTuP+cc85pW9Nxn68SkIAEJCABCUhAAhLo
hcB4hPW6fv73v/8VI47s6e97spbtvPPOdVUH//rIrgHnR59//vkFkeRE9XYq8ezYNTgdIDxjF//s
Zz9r2R+t+0fbRpSmEN1OCvrgFWItkfA4tmPf5KWnvvIbG77HnuMYOWwu7LpPf/rTbTYIDgY4G/Bs
VQ4URPTz/AQv8CwjezCpPs775Ux37MFgW1N4XpziYc5eBjYd9ueCBQtq7WrsrMsuuyzZm9THpt5t
t91S33vvvXdx5JFHjnlq7sE+DVsdO4t63exqbDLml4AC7qUv0sGz5v/whz9UCuvsKWDf4WQBCwrn
umPrkuI/L9jV1CWogfb/8Y9/JMcM0u+TYZG1wF4HNjeR9qyzKNjV7CXwD9s/+oLBokWLkm0edfPX
H//4x4kXRzew35Db0XV2NfN78cUXt/Yl2GdhXstzm/fD+17WBVkxmFfmhN8PMs0REEKEPM/GeE84
4YQxGSGiT9YUY2SPgcIeF22wZplvgknyvaK4z1cJSEACEpCABCQgAQlIYCyBSmE9ol9f+MIXJlFs
2P/ADvG7yfnbGBYIpQjSH//4xwsMLzZB6u6NtgMtojMCNp7NIVyzIVAVRdxrX9FH01eMSARtBE0M
cQzQclm7dm1x7LHHJkM/N2QxIstR+vm9OB0gxmPUYfBixOJU0KnAFGMuX08YcaRZCwOv6v6q9Obc
h/HI3ETplsYd4ZhoggsuuCBuGfNa1QZj65RKHxZsdnC+IAWHBrIDcJRCFIxenDTYGMhLuT+M4Qsv
vDCv0npfnkc2C+bOnZsM/lalijcI+mzQlM+N/+pXvzomoqZb5oJe1gVDKR+ZUDG8JKqz2bHDDju0
fU00CpEpdaXMrq6e1yUgAQlIQAISkIAEJNCNwGQI6xH9uueeexZXXnllmx3UbTwD930mrDc5f/sn
P/lJsomw9ThyCmGaCObKe0vCOs/+jne8IwnY2NUhXO+yyy6VUcQ99dUHWOwmovKxfXEqePKTnzym
FWxMovipi/0ahUx2r3vd6+LjmFfsdfYPtttuu3SW/L777ptE4zEVswswRWTN7WrEVZyxsavqSlV6
c+6bPXt2clyO+7qlcWefg4wC2Gt1paqNPOq/6j5YcDRA2NU4NODMzlEKFIRtbGqcFNavX9/WRFt/
I+tpydIlxUc/+tG2OvGhPI/sLeBkj4NBp8K8k62w/H8F4jb3R2Gc3TIXdFsX7K8QnMG6oLBvUxVs
EH3ySlZG1id2cl7i3Pf8Wv6e+3CsKD9XXsf3EpCABCQgAQlIQAISkMCDBCqFdQRlDKVuItuDzQz2
uxC/68TxfPSkR+ffpz71qWQccbYYYuz8+fPT9bwu76NtjDsMFjycMZLwTu4mrPfaV7nvbp9PO+20
JH4jviKClz37uR+P8SuuuCKla5s1a1ZqkuhgItkpiLIYt2xiYNjynMuWLUvf5YI3Z5RfffXVKR0+
XyIC4/VMNPjnPve5glT4lO985zspOjx9GPkBLzza6Yd6RD4ggLMhwBEFlLyfdGH0Bw4gt9xyS/IM
j5SCiOBlAZnqiP/vfe9707zymYwMpGokWuDkk09uieBlsfb3v/99itLnHsRynoMxsgHBZsbxxx/P
V2l9nHXWWS3GCP6cMbdy5crkJZ8qjfygfa5hvHMvmwY8KykPKTFnRx99dHJsIEKdDTnmEKH+Ax/4
QIpypy7COps0nZwSqFcnrMOZSBA2ZGiDee30O9/PuiB9I3NMBMGNN97IcNIzsDHFpsTBBx+crpUz
JrAucezhmTnKgU0i1u9vf/vbxJrIhPJcpYb8IQEJSEACEpCABCQggT4ITIaohC3J38HdRLY+hrvp
b+lFWB+pi22x/PTl6W95orxD3Fu8ePFYwTNrG2H6lFNOSXYK0dA4U3cU1nvtq1dyI+2/74T3pb0A
oqoRwavsamw/xv6iF70oRZnTDTYWkewURNlLLrkk2cdEXiMMs5dAyQVvsp6xbxHH8SEC45hANDj3
wIb+cSYgOjwKDgvYT/SDQIwdjr0HwxD6837iPl7JAkdKezKqvfnNb07t16Vxf+D+B4pFixclW597
EcOx6Yi+Pu6441oieJvQPdoHkekUMqQhyj/nOc9JY8QJHfuXwvrI9y4YBxnTsMOJ+I9C++xbYZdz
D/sPBC4kuzqbM/YA2CsgyIAIewRwbMwVK1YU7373u1Nz2OZEb3dySqBinbAOZyLCsatxHsBZvtPv
fKd1QTaE2GPA1icTHlHz2NXMMccPskdBYV+BfQ3s7dg7QYxnnUZhXZJREOeEDRs2pMAR1g97DDiv
kIVBYT1o+SoBCUhAAhKQgAQkIIFmBMYI6yEGI1zxhzspooa9hPjdTVjHWCGdNhHHGFVE0IawioiH
KIwBl5dom4hwxGUi1meNCNQYVqR6R6Cuiljvp6+83ybv3/Oe9yQhuSxadro3T09P2nfSim+77bZt
t7BhgNBLwWhn84BCujcMfozaPCU+ojYbA9xH5D6MopAWnVR2GPsYkfkZZqR8Q1Ala0BuXMe9+SuC
NAY5RmqVsJ6LwkQTsLkThdR1eH8TjV0Wa2N+58yZkzYyyscBYNwfeOCBqamqYxPifirMmzcvicqR
Yo+UhXlquRgPr3zHOoQdmylkH2DMdU4GCPnMA9+TFSAvGM51/US9mLs6YX0864KNCuaR/1PYFMoj
NojOZ+Oh7PyBoc8mFPMBVxhEoT3WE3X4nSyvz6jnqwQkIAEJSEACEpCABJoSmGhhPcRgxD6iQUNU
bDqegauXid+VUefZgDlGC6dk7Bmen7/pEW9hgD29cePGdDZ765asberjPI39RbQyYii2EbZBVcR6
z321Om34ZmRsRy06KmU9q0rzXtdKnp4eOw1bs2y3RKQz9hrHgXHkFYW036SAxwbKU+Jjk2FLX375
5cn2zTPMkSkMmwrxHDE2t6s57gzbnu/qHANSx6OCNGna64T1EIUZM7ZdOABwP/ONzcoeQZuwPjq/
iM2vfe1r0x5D2a4mEh2RmHaxbeMYgBgXxxBwP4XMAAjjvdjVsCP6mz0JxlDnZMB6IwU/3+NIn5cm
djVzx7qtE9abrItgQd/Yu7EusIOZR8RwxpbvqxCdv2TJkrTnkB9DyP89/N4gnvM7WLarcTRgrnF6
L6/P/Nl9LwEJSEACEpCABCQgAQk8SGCMsB4RxFMlDTyPGuJmN2E9Uqdj+BIlG4XoWkRBIrBz47Xc
NqJyCMiIt3gNk/YPQ6acCr6fvmI8TV/juXsR1kPwJ7o4Iu/L/eVCeR5BHUcIYBCXnzcE9LJwixFH
WkAKHvcIwzNmzEgbAZzTjnMDHtb5xkB5PHzmWdlAqBPWo3/GhqFZFprZvOGc9VxYz51MiPrmPG9E
+ChsBrBJcdJJJ6VLVesr5gAPfKILuj0HEdmIzWRMqCpVbKnXiX1VO+VrcX95fqLeeNZFcMRLviyS
h4BedhhgU4YNBNYhjhpsEnG+OufnsSlAJD8bcxHpH+P0VQISkIAEJCABCUhAAv0QmGhhPSKIp0Qa
eIBm4nc3YR3xEhuaaHOiZLEf+ceRawjnCLeRcSzNValtRPkQkBFviazFViQKG2fq3Kbqua9eF0c2
tl6E9RD8EVqJGodFueRCeR5BjY3EefSI1OXnRUBnz6Es3MKVCHAK/BCGsZlghUiPnYtgnLMrjyfm
mExydcJ6CPiMjfdlu5rIdyK7c2E9nEwQhPlu1apVSYSP/rHxsPs4og7xesz6yoR5ormJXu/4HCMN
w5B9EPZwqkoVW+p1Yl/VTvka97N/UZ6fqNdkXfC7guCNwE5UekTWY1ezT0dAR1kkDwE9j3KnT+xq
1gUBI9jVOPsTPANz9l2I5Ge/Srs6ZshXCUhAAhKQgAQkIAEJdCcwRliPVNR1Alv3JgevRoibVcJn
jBbj5ZBDDkne33Gt/IoBQiR77l1dbjuEYoRYhGnScM2cObNNaO63r/J4On2mDzyWiQJH1CUVX5OC
IRiRwnUidT7+3NkgxFlE0nL0OUYhfMvrirZIic/1uoLxTPR9J+O5m7Ae0fukfQ/DNO8vF3/jublG
Srj8HPf8nvL7b3zjGymlfn491kc5BX5eJ96z0UDGhChsvrD5AVciHChVbLneiT3fdytxf3l+4r7x
rIsqttFu9Fv1XGySRWaEqJ+/1mVUyOv4XgISkIAEJCABCUhAAk0ITKiwPiIEkj6cv63rBLYmYxqo
OpnAPEb4zAaKWEx68HK0b1YlicYIwS27uqLtEIoRYjmfHnEdgTgXmvvqKx9Ig/ekPp+/YH5yfMYu
5fivJoV9AY4QywXm8n0xfrLE5c4GIe4ijpejzzmaDVG4vK4YJzY/6ffryrJTlxUnn3JyvV09Og+1
wvrI9xG9f8YZZ6TMY+W+QkS//fbbW+I817DdiAbvVhDWyQYYKfRT/Wx9lFPgV7VHsMhuu+3W+ors
aYjLiNFxjnoVW27oxL7VYIc33N9JWG+yLtgj4Yx1fodwLAknlFxYL5+JHhkhENbJhJDvneQR8FVD
hzXHAxqxXkXHaxKQgAQkIAEJSEACEhhLoE1Y51xjjA68hTFmMAi6FVJZkUaaQoRx/gd8t3s31fch
bnYS1iMVNmPab7/9kqd0Pj6MEwoCJ0ZhlKq2wzkBYw2xlEj2PIK7376iz6avGOec6ZdHYXe7N18D
bJjUHQUQQnUuxHYSSeuEdcZDNDTRzBjAvMY1jEjOP6N0mju+7yasx5xwxhp1ywVPbs5658z1ENbj
GsI6Uel8zxluVQWPbzy9W5tDo5Wq1kfV/VwLpqw/vPCJMIgSDhtVAjR1gn1dRHu0U/ca9+fzmdcd
z7roV1jn7EH+sXly0003paMV2JThmAHmiFI33nzsvpeABCQgAQlIQAISkEA3AhMprGNTvOAFL0gp
vW+44YYksHbrH7saO5xCpqaBs6szcbOTsB5pzHkOxEGE0rwg2nLte9/7Xoq+Td9VtT1yLc4259xv
bAKY5sJ6X33lg2n4nrO8jzzyyI4iebmpfA3UHgUw8owhVOdCeSdxt05Yp3+ioRG0mR+imuMa6d+x
syujwVOt0R+j89BJWI85OfWUU4tlpy3L707v//nPf6Z55Vx0bFh+r+Ian8l4t88++3S0q8kk12ZX
V62PMT2PXhhlSgAADh6c5U7QQ5Rw2OgmrNdFtEc7da/dhPVG62KkcdLd8wznn39+ek9//Qrr2NTs
uZA9jsh1HDqwqwkMiHPl837qns3rEpCABCQgAQlIQAISkMD/E2gT1vFSxYBATEVY32KLLTpyQnhE
BEQQpXAf3uSPeMQjOt63qb9sIm6GCI2AihhdLkRV82/+/PnpNb6vahsjco899miJwmWxs9++os+m
rxh14eldF6n93//+NzkLIOLOnj07GWsRpV0X6Z47BvAsGKWUEGfLz8t3dcJ6nFGO40I5PR6GI+ef
sb7GK6xH/zgZIMyS8iwvbB4cccQRbU4IGJw8yzXXXJPSuC9dujS/pe09hmp+Xll8WbU+4rv8NRfx
iVjII9ept2bNmuK4445L48mdNKKNYM8xBjxr+XcXhwDE/7oS99cJ1cxFv+uiibBeXjOxxnA24Az2
cglHibrxluv7WQISkIAEJCABCUhAAp0ITKSwTlQsdgzpvBHWy3+bl8eB8IiDO8IXhfuuu+66wbKr
G4qbiNALFy5MAuqJJ57Y/qgjbRBVfdry04rFixcXnAudSk3bOFkjsobzdVns7Kuv9hE1+hRRxgjT
dZHa2NXMO3Ymjvh5lHZdpHs4BtAugjkOBJQQ1svPy3d1wjo2IOnDOXKOtZQXxkIafs5r7+QU0SQV
PP0jWBOJz3olo0Be1q9fnyKs80j9OFecc+RxIMdGris4B3AWelupWR9tdUY/5CI+QRE4x+cFsRrR
uoot9YI9exPsQZR/d7vZ1d2E9SbrAgcbnGsoHGkX66KJsM7ccKxhOOZEW+wHLV8+NpsBc8E+l8J6
wu0PCUhAAhKQgAQkIAEJNCLQEtbz9N5NxaoQ4/Keugmged3JfM9Z2DwTZ35xLjqpuDF0SQnGdQyk
OA8MUTTOUafO7rvv3vqOMWIks7GBZzXCLCmqn/rUp6Z2EDvXrl3bajvESzzpFy1alOrTZ6RG77ev
flmFsMv9bF4gDrNphJB7/fXXp3PMiMhm8wYBGSaRPp57OBf88MMPb525xVnznOmGgYbnN/dsv/32
VE2M9tprr5SuHCZbb711us6PSy+9NHn546GOtz+bB5QQvDnvCyMd9lH+9Kc/FaQyo6/yusKgve++
+1JV5pJNG1LvI5rzfMwxJZw8QqjlGnPI/HBOH+sEUT9E87LwHuPjvrPPPrs44IADWizuuOOONO+R
Wp5NDM6zo9Auxmx57cWYH/7wh7cYUD8X8YmqZzMKof7WW29N7MIIJmIdYZ3785I/Xzgp3HPPPSnd
HZH/nNnO/CNIR2ENUJhzfpc505z5WbBgQcG9FOYwNhP6XRdwmjNnTlpzZacG1iCCPc+Vr5n8/xY2
P/bff//WOGB76KGHJoeQpv9XpYfxhwQkIAEJSEACEpCABGoITJSwnqf3zqOQa7pNl0PMizpdI4uj
4iZ4Dbsa2wZnARzpEUg567lsV5PlKs5Rpw7O5mFzM1Ts6muvvTbZHQivV199dbHzzjsXpDFfeNTC
4sILL2y1HXY1NgJ/+++4447JaTxSo/fbV1/IRoVd5pOC8y929qMf/ehk4yBYY7+R6pyjvLBxeG5s
MI6GYz4RlDmqLc6ypg7nyBNBjDjN51iDZOfCQR4HdhzAc7v64osvLg4++ODinHPOSUechV0dgjc2
JM7rsI+CrYjNhZBfFtZzu5oxY9vCGNH8MY95zBi7OpwBaJs5vPzyy5MNzDq55JJL0t5BfAeXJz3p
SWkYMT7Gi4jLMXHBAgcKnMtxdOd7np/sBBTa5Vp57dXZ1SHiXzVyrj1R9ccce0yyq2+55ZaUVj2c
PWCLAF22q+P56DOcFLCNyTpA5D+2KfY6YnSU3K5mb4WAhRUrViT7u8qu7rQuyHiIgwTrAnZ8jnUB
J9YFzgPsTwVbxhHp79k/gXWsmUgRTx32BdjPCPsetgjx7IEprEPIIgEJSEACEpCABCQggWYEWsI6
Iuauu+6a7mqaBj4Xv6K7JmdJR93JesUwQPytKxi7eL1jsG3cuDEZtOW6GJKI53mkbl7nggsuSMYH
QnNeQujjvoi2jmhc2GA8l0u3vhBSq+4rt1P1GWMpRMiq7+MantDh2c6GByIsYngURGgKBn+U/Ezx
iCCO73hlHcGQdnNOCPKk/kNMz4Vr7mFuEOfvvvvuZPhxbdasWSlFWRjedXNC3XLB8EXcpoS4X66T
f0ZYx2A977zz0hpiYwyP9pwFWRr4fWGjIArPwuYRY8WI7zZffI9hHp7ktBOZDKLNTq+xzqIOm1rz
5s1LTgJcYzykfMtLno2hzD2vl7/P56qfdRFZMPI2V69enbzuq9YMm2txrnxspnAvz8O5imz28LsX
hY2huuMKoo6vEpCABCQgAQlIQAIS6EYgxKtu9bp9/8c//rGYOXNmEgObpoGvEtabnCXdbSzj/R6B
tZNdw7nVcZY2thHOtHlBnERoRDzPI3WjDt+vW7uuWLFyRRIQ8+vhlBDR1tjMEWWM03U/feFcHbZh
9NX0FfGU/tlrqCs8z9e//vXW2BB/sdGI4o4SjtiR9Y97sJtTprkRAT9SrUd9vmcdYfNgHyG0RkGQ
x87GVgrhOr5jbvbdd9901Bl2JwXbnFToYVdXzUncn7+meRrJVBdnfSPuH3TQQXmVMe9xhMCuXv2J
1cW8w+YVCN6I6TkLjgrg9wVniyg4BrD2d9ppp3Tud3meo168YiNGEENci9T98bnuleeKdRZ1sP9p
E4cGStmu5h6c0UOgL3OPdsqv+Vw1WRfcz55JZCAkuINgkLywnhlrRJ3n37FvE+fKP/3pT299xfPg
mIG4Tpr8KPye5vXiuq8SkIAEJCABCUhAAhKQwFgCLWE9hLamaeBpCu9b0pphWFGIdMXICA/YdHEz
/KgS88rDID0bz0xat3J6MMRV0oZxZnwukOdt8MyrVq1qnfUc3+UiOKIfkbik58aTG+Omn77wpN57
772ji55fEV1pgwj6cmHO8JzPz/OOOhs2bEjpxzGI84JBzbzn96xcuTLNfdSDIcYfm0pE+sfGAd8T
3YBHOgZ9zBUG3jbbbNNKnx/tVPVVNydxT/6KVzZe21FwbiCdf/5MCP9EHbz//e9vjTOfR/ixqUS0
Qbng+Y/XN84AkQqec8qiTxwScmeEuJ8xnHnmmW3COv2wpsgSkBfmh40LPOPxmqewWYB3eV6I2kA8
x8DOCxkHqIvnfJTgHp/rXmeNOArAbNttt21V6WVdVDkZxHo+66yz0hnp0TBrBmcN+swj8KsYMmds
ZsTGVLThqwQkIAEJSEACEpCABPohMFHCeghtTdPAM1bsG47hwgGVwnsiXje3XY2IjLN4p4Kti9CN
YIudlxcimhEHSWudC+RRB5HysssuS88aZz3zHddzEZzv9txzz3R0GBmwiNbtpy9s8m7PE2OresVe
wxkax/VyOXrx0cXx7zu+7TzvqMMzEtEeKe3jOjbhspHU+PkZ4KSax6aLEpH97E3AAAeDKHxm3wK7
OuYKu5rPTfqqmpNoO39lPnDEz50smHPs4Lwf9izCmZtxlucRfkS1c1+5YE8jvCMeh12NLYm9TcHu
y/cU4n4CAs4999wxdjUR/djPeWEPY8H8BcWixYtSVD/jY19n7ty5ebXkjHDsscemuc6/4PeSAA72
kqIE9/hc94pTA0EduV3dy7pgHwBGecEuZz2feuqpbWnecWrg9w7nBLL/RVr5KobM2emnn97KEJC3
73sJSEACEpCABCQgAQlIoJpAS1jHg/iuu+5KRlj+x371be1XSW9O5G2v97W3MjU/DRIb0ryRAg0v
7C233DKlrotU6XX0WReI0LxyH+edhaFbd0+v10l3PmPGjGR4w4uNJaKj6Wcy1hTPQmQFbdMPKfya
FO5j44B0cWQCYNNiMsYHg1g3jA2Hg14KY8Pphd9J5ncyNuQ2xboghTzjZ2OIZyJKBO9+Pk/Uxmcv
XK0rAQlIQAISkIAEJDB1CUzU35f8nXznnXcmm6FXWyFsgF7vm7qz8uCTDRIb7Oqbb765ZVfvsMMO
rSPIHhxx+7uwJXnlH8epjTlLvP2Wnj9h6+P8jmAML4Rz7F36mYw1xXPcdtttLbua1PFNCvdhj4dd
PVl2PwxwPifrGWPrx65mbyL2uibLrmaPYTLXBfs5zH/Y1aSSD7u66V5Ik3m1jgQkIAEJSEACEpCA
BKYLgZawPl0e2OeUgAQkIAEJSEACEpCABCQgAQnkBCZKWM/b9L0EJCABCUhAAhKQgAQkIAEJSEAC
U4uAwvrUmk+fRgISkIAEJCABCUhAAhKQgAR6JKCw3iMwq0tAAhKQgAQkIAEJSEACEpCABKYhAYX1
aTjpPrIEJCABCUhAAhKQgAQkIAEJPEhAYf1BFr6TgAQkIAEJSEACEpCABCQgAQlIoJqAwno1F69K
QAISkIAEJCABCUhAAhKQwDQhoLA+TSbax5SABCQgAQlIQAISkIAEJCABCYyDgML6OOB5qwQkIAEJ
SEACEpCABCQgAQkMPwGF9eGfQ59AAhKQgAQkIAEJSEACEpCABCQw2QQU1iebsO1LQAISkIAEJCAB
CUhAAhKQwEATUFgf6OlxcBKQgAQkIAEJSEACEpCABCQggYEgoLA+ENPgICQgAQlIQAISkIAEJCAB
CUhgcxFQWN9c5O1XAhKQgAQkIAEJSEACEpCABCQwPAQU1odnrhypBCQgAQlIQAISkIAEJCABCUwC
AYX1SYBqkxKQgAQkIAEJSEACEpCABCQggSlGQGF9ik2ojyMBCUhAAhKQgAQkIAEJSEACvRFQWO+N
l7UlIAEJSEACEpCABCQgAQlIQALTkYDC+nScdZ9ZAhKQgAQkIAEJSEACEpCABFoEFNZbKHwjAQlI
QAISkIAEJCABCUhAAhKQQA0BHNTNFgAABE5JREFUhfUaMF6WgAQkIAEJSEACEpCABCQggelBQGF9
esyzTykBCUhAAhKQgAQkIAEJSEACEhgPAYX18dDzXglIQAISkIAEJCABCUhAAhIYegIK60M/hT6A
BCQgAQlIQAISkIAEJCABCUhg0gkorE86YjuQgAQkIAEJSEACEpCABCQggUEmoLA+yLPj2CQgAQlI
QAISkIAEJCABCUhAAoNBQGF9MObBUUhAAhKQgAQkIAEJSEACEpDAZiKgsL6ZwNutBCQgAQlIQAIS
kIAEJCABCUhgiAgorA/RZDlUCUhAAhKQgAQkIAEJSEACEph4AgrrE8/UFiUgAQlIQAISkIAEJCAB
CUhAAlONgML6VJtRn0cCEpCABCQgAQlIQAISkIAEeiKgsN4TLitLQAISkIAEJCABCUhAAhKQgASm
JQGF9Wk57T60BCQgAQlIQAISkIAEJCABCQQBhfUg4asEJCABCUhAAhKQgAQkIAEJSEACdQQU1uvI
eF0CEpCABCQgAQlIQAISkIAEpgUBhfVpMc0+pAQkIAEJSEACEpCABCQgAQlIYFwEFNbHhc+bJSAB
CUhAAhKQgAQkIAEJSGDYCSisD/sMOn4JSEACEpCABCQgAQlIQAISkMDkE1BYn3zG9iABCUhAAhKQ
gAQkIAEJSEACA0xAYX2AJ8ehSUACEpCABCQgAQlIQAISkIAEBoSAwvqATITDkIAEJCABCUhAAhKQ
gAQkIIHNQ0BhffNwt1cJSEACEpCABCQgAQlIQAISkMAwEVBYH6bZcqwSkIAEJCABCUhAAhKQgAQk
MOEEFNYnHKkNSkACEpCABCQgAQlIQAISkIAEphwBhfUpN6U+kAQkIAEJSEACEpCABCQgAQn0QkBh
vRda1pWABCQgAQlIQAISkIAEJCABCUxPAgrr03PefWoJSEACEpCABCQgAQlIQAISGCWgsO5SkIAE
JCABCUhAAhKQgAQkIAEJSKAbAYX1boT8XgISkIAEJCABCUhAAhKQgASmNAGF9Sk9vT6cBCQgAQlI
QAISkIAEJCABCUhgQggorE8IRhuRgAQkIAEJSEACEpCABCQggWEloLA+rDPnuCUgAQlIQAISkIAE
JCABCUhAApuOgML6pmNtTxKQgAQkIAEJSEACEpCABCQwgAQU1gdwUhySBCQgAQlIQAISkIAEJCAB
CUhgwAgorA/YhDgcCUhAAhKQgAQkIAEJSEACEti0BBTWNy1ve5OABCQgAQlIQAISkIAEJCABCQwj
AYX1YZw1xywBCUhAAhKQgAQkIAEJSEACE0ZAYX3CUNqQBCQgAQlIQAISkIAEJCABCUhgyhJQWJ+y
U+uDSUACEpCABCQgAQlIQAISkEATAgrrTShZRwISkIAEJCABCUhAAhKQgAQkML0JKKxP7/n36SUg
AQlIQAISkIAEJCABCUx7Agrr034JCEACEpCABCQgAQlIQAISkIAEJNCVwP8BpS/DSsET5JwAAAAA
SUVORK5CYII=
--=_MailMate_0E3957BB-8117-452D-80AB-7ED28E8575D1_=--

--=_MailMate_70145BFC-BDCC-43B8-9588-99B9A549D359_=--


From nobody Tue Oct 18 11:25:03 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B241412967B; Tue, 18 Oct 2016 11:25:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.411
X-Spam-Level: *
X-Spam-Status: No, score=1.411 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, MANY_SPAN_IN_TEXT=2.699, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_HTML_ATTACH=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yniYvVVUPoW7; Tue, 18 Oct 2016 11:24:55 -0700 (PDT)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CBD61296C9; Tue, 18 Oct 2016 11:24:55 -0700 (PDT)
Received: by mail-pf0-x22a.google.com with SMTP id r16so884242pfg.1; Tue, 18 Oct 2016 11:24:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=OStcGhjdf4kEgYuGPVvH1obj/YTEZol+KbFp0cUDel0=; b=JCzUOvDgv9wP550LZ3TqHwAkNqDZ3ZhZiee4tBuPkF3TdfAvW0bTvYgGp3VQMbIfOs lLAgz8ISMjHUuk66D/7jbhVMKVT0BGCIIRxWaw9EW1v2bCTJp1S7PlGOa9AoM4vBPpfH RV6ejk9xR2TehAI3cKxgjGj/0XrOGSt2eEhbYmyEv3iPpEWU9z4kwS64JXZdHYE106dO KwKAmNZNFTNIQ5vi6eTyKfWMyJvUwjKEuAfR5Ab8FcS8zJKsqHhIfNQ2ZH0E/KCM0wDb LU0MRwC/Vml+HqYWx1wZ6F/GP0bCPo5P3VJXc8zZjhu1m7jMAbT6R+27moxfapKEYVRY nazg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=OStcGhjdf4kEgYuGPVvH1obj/YTEZol+KbFp0cUDel0=; b=CP/JSKlwbCOw0KZvk49CtxLGoLgm1mcWqJMs6X9/3wzVZaZ1Ld/oB8l86hDuUZUxAB Z23wOYI7L9YFYWMaHO+3+AEsjUmXKjBvuRgi+0O+h2dXOEXXLLcM6Md1cZT1mWRhUPnT PIecWiq3bRfgS/mCKsycJ4MYFboh1lmDhcGMGwyKIASTS8Gg20Em49N4hOI7vztfDxnx nBosQHx/ClSmVBlY+JZOSoXzJ+vA531mKn26RVVUzhSnzILzF4H6VMEGAY4dY1APZ2fU tnRjwXamTdhf6JTbxlKsKi0FRy5695dNERs/aNOFXdtEM563u6BfP1AEsiC110o0RPeF bVQg==
X-Gm-Message-State: AA6/9RkL0wrgHwvQ9ms72sNYF59xT9T3Bl3rlcTwSeOV2pwprlBoo9E0V8tQPC5hAcEyUA==
X-Received: by 10.99.67.7 with SMTP id q7mr2511981pga.74.1476815094874; Tue, 18 Oct 2016 11:24:54 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id aa6sm57779637pad.46.2016.10.18.11.24.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Oct 2016 11:24:54 -0700 (PDT)
From: Dino Farinacci <farinacci@gmail.com>
Message-Id: <9DCD1DDA-15D9-4D13-ABE0-D6DEFE4C8D2B@gmail.com>
Content-Type: multipart/mixed; boundary="Apple-Mail=_AF0C105C-8933-4952-97F0-1E87BB9BA5C9"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Date: Tue, 18 Oct 2016 11:24:46 -0700
In-Reply-To: <303ECCDE-3441-4423-8F29-1EDFE32D4161@nostrum.com>
To: Ben Campbell <ben@nostrum.com>
References: <147631722343.6381.2774445540997659744.idtracker@ietfa.amsl.com> <BEAEBAE5-A2B2-427D-9208-83A7FD40AF75@gmail.com> <2B757854-2AAD-4D28-BB8B-D2F54FE0014B@nostrum.com> <0D11494E-9A87-496A-BBC2-4AD6E89005F9@gmail.com> <99ca12ae-724d-839f-2a13-68a52f216056@joelhalpern.com> <14F4789D-6370-439D-8369-CD56755035CC@nostrum.com> <A7D2111B-594C-4EBF-A07E-26077A845677@gmail.com> <96848257-D21D-4ACF-A76D-975503C7A0E0@nostrum.com> <89EA6A5A-A4BA-40E4-9044-0D5AD0027770@gmail.com> <303ECCDE-3441-4423-8F29-1EDFE32D4161@nostrum.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/PYFy-Bj8Y5ZEQE5xrzvFTmoxrCI>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-lisp-lcaf@ietf.org
Subject: Re: [lisp] Ben Campbell's No Objection on draft-ietf-lisp-lcaf-17: (with COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Oct 2016 18:25:02 -0000

--Apple-Mail=_AF0C105C-8933-4952-97F0-1E87BB9BA5C9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Okay, all we have is two Discusses from Stephen and Alexey. I want to =
wait to post -19 until have a chance to see the updates I=E2=80=99ve =
made to reflect their issues. See proposed -19 below.

The diff file is for -17 to -19.

Dino


--Apple-Mail=_AF0C105C-8933-4952-97F0-1E87BB9BA5C9
Content-Disposition: attachment;
	filename=draft-ietf-lisp-lcaf-19.txt
Content-Type: text/plain;
	x-unix-mode=0644;
	name="draft-ietf-lisp-lcaf-19.txt"
Content-Transfer-Encoding: quoted-printable





Network Working Group                                       D. Farinacci
Internet-Draft                                               lispers.net
Intended status: Experimental                                   D. Meyer
Expires: April 21, 2017                                          Brocade
                                                             J. Snijders
                                                      NTT Communications
                                                        October 18, 2016


                  LISP Canonical Address Format (LCAF)
                        draft-ietf-lisp-lcaf-19

Abstract

   This draft defines a canonical address format encoding used in LISP
   control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.

Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 21, 2017.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents



Farinacci, et al.        Expires April 21, 2017                 [Page 1]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Definition of Terms . . . . . . . . . . . . . . . . . . . . .   4
   3.  LISP Canonical Address Format Encodings . . . . . . . . . . .   5
   4.  LISP Canonical Address Applications . . . . . . . . . . . . .   7
     4.1.  Segmentation using LISP . . . . . . . . . . . . . . . . .   7
     4.2.  Carrying AS Numbers in the Mapping Database . . . . . . .   9
     4.3.  Assigning Geo Coordinates to Locator Addresses  . . . . .  10
     4.4.  NAT Traversal Scenarios . . . . . . . . . . . . . . . . .  12
     4.5.  Multicast Group Membership Information  . . . . . . . . .  14
     4.6.  Traffic Engineering using Re-encapsulating Tunnels  . . .  16
     4.7.  Storing Security Data in the Mapping Database . . . . . .  17
     4.8.  Source/Destination 2-Tuple Lookups  . . . . . . . . . . .  19
     4.9.  Replication List Entries for Multicast Forwarding . . . .  21
     4.10. Applications for AFI List Type  . . . . . . . . . . . . .  22
       4.10.1.  Binding IPv4 and IPv6 Addresses  . . . . . . . . . .  22
       4.10.2.  Layer-2 VPNs . . . . . . . . . . . . . . . . . . . .  23
       4.10.3.  ASCII Names in the Mapping Database  . . . . . . . .  24
       4.10.4.  Using Recursive LISP Canonical Address Encodings . .  25
       4.10.5.  Compatibility Mode Use Case  . . . . . . . . . . . .  26
   5.  Experimental LISP Canonical Address Applications  . . . . . .  27
     5.1.  Convey Application Specific Data  . . . . . . . . . . . .  27
     5.2.  Generic Database Mapping Lookups  . . . . . . . . . . . .  29
     5.3.  PETR Admission Control Functionality  . . . . . . . . . .  30
     5.4.  Data Model Encoding . . . . . . . . . . . . . . . . . . .  31
     5.5.  Encoding Key/Value Address Pairs  . . . . . . . . . . . .  32
     5.6.  Multiple Data-Planes  . . . . . . . . . . . . . . . . . .  33
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  35
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  36
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  36
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  36
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  38
   Appendix A.  Acknowledgments  . . . . . . . . . . . . . . . . . .  39
   Appendix B.  Document Change Log  . . . . . . . . . . . . . . . .  40
     B.1.  Changes to draft-ietf-lisp-lcaf-19.txt  . . . . . . . . .  40
     B.2.  Changes to draft-ietf-lisp-lcaf-18.txt  . . . . . . . . .  40
     B.3.  Changes to draft-ietf-lisp-lcaf-17.txt  . . . . . . . . .  40
     B.4.  Changes to draft-ietf-lisp-lcaf-16.txt  . . . . . . . . .  40
     B.5.  Changes to draft-ietf-lisp-lcaf-15.txt  . . . . . . . . .  40



Farinacci, et al.        Expires April 21, 2017                 [Page 2]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


     B.6.  Changes to draft-ietf-lisp-lcaf-14.txt  . . . . . . . . .  41
     B.7.  Changes to draft-ietf-lisp-lcaf-13.txt  . . . . . . . . .  41
     B.8.  Changes to draft-ietf-lisp-lcaf-12.txt  . . . . . . . . .  41
     B.9.  Changes to draft-ietf-lisp-lcaf-11.txt  . . . . . . . . .  41
     B.10. Changes to draft-ietf-lisp-lcaf-10.txt  . . . . . . . . .  41
     B.11. Changes to draft-ietf-lisp-lcaf-09.txt  . . . . . . . . .  41
     B.12. Changes to draft-ietf-lisp-lcaf-08.txt  . . . . . . . . .  42
     B.13. Changes to draft-ietf-lisp-lcaf-07.txt  . . . . . . . . .  42
     B.14. Changes to draft-ietf-lisp-lcaf-06.txt  . . . . . . . . .  42
     B.15. Changes to draft-ietf-lisp-lcaf-05.txt  . . . . . . . . .  42
     B.16. Changes to draft-ietf-lisp-lcaf-04.txt  . . . . . . . . .  42
     B.17. Changes to draft-ietf-lisp-lcaf-03.txt  . . . . . . . . .  42
     B.18. Changes to draft-ietf-lisp-lcaf-02.txt  . . . . . . . . .  43
     B.19. Changes to draft-ietf-lisp-lcaf-01.txt  . . . . . . . . .  43
     B.20. Changes to draft-ietf-lisp-lcaf-00.txt  . . . . . . . . .  43
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  43

1.  Introduction

   The LISP architecture and protocols [RFC6830] introduces two new
   numbering spaces, Endpoint Identifiers (EIDs) and Routing Locators
   (RLOCs).  To provide flexibility for current and future applications,
   these values can be encoded in LISP control messages using a general
   syntax that includes Address Family Identifier (AFI), length, and
   value fields.

   Currently defined AFIs include IPv4 and IPv6 addresses, which are
   formatted according to code-points assigned in [AFI] as follows:

   IPv4 Encoded Address:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 1            |       IPv4 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv4 Address         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+













Farinacci, et al.        Expires April 21, 2017                 [Page 3]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   IPv6 Encoded Address:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 2            |       IPv6 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv6 Address         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   This document describes the currently-defined AFIs the LISP protocol
   uses along with their encodings and introduces the LISP Canonical
   Address Format (LCAF) that can be used to define the LISP-specific
   encodings for arbitrary AFI values.

2.  Definition of Terms

   Address Family Identifier (AFI):  a term used to describe an address
      encoding in a packet.  Address families are defined for IPv4 and
      IPv6.  See [AFI] and [RFC3232] for details.  The reserved AFI
      value of 0 is used in this specification to indicate an
      unspecified encoded address where the length of the address is 0
      bytes following the 16-bit AFI value of 0.

   Unspecified Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 0            |      <no address follows>
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Endpoint ID (EID):   a 32-bit (for IPv4) or 128-bit (for IPv6) value
      used in the source and destination address fields of the first
      (most inner) LISP header of a packet.  The host obtains a
      destination EID the same way it obtains a destination address
      today, for example through a DNS lookup or SIP exchange.  The
      source EID is obtained via existing mechanisms used to set a
      host's "local" IP address.  An EID is allocated to a host from an
      EID-prefix block associated with the site where the host is
      located.  An EID can be used by a host to refer to other hosts.




Farinacci, et al.        Expires April 21, 2017                 [Page 4]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Routing Locator (RLOC):   the IPv4 or IPv6 address of an egress
      tunnel router (ETR).  It is the output of a EID-to-RLOC mapping
      lookup.  An EID maps to one or more RLOCs.  Typically, RLOCs are
      numbered from topologically aggregatable blocks that are assigned
      to a site at each point to which it attaches to the global
      Internet; where the topology is defined by the connectivity of
      provider networks, RLOCs can be thought of as Provider-Assigned
      (PA) addresses.  Multiple RLOCs can be assigned to the same ETR
      device or to multiple ETR devices at a site.

3.  LISP Canonical Address Format Encodings

   IANA has assigned AFI value 16387 (0x4003) to the LISP architecture
   and protocols.  This specification defines the encoding format of the
   LISP Canonical Address (LCA).  This section defines all types for
   which an initial allocation in the LISP-LCAF registry is requested.
   See IANA Considerations section for the complete list of such types.

   The Address Family AFI definitions from [AFI] only allocate code-
   points for the AFI value itself.  The length of the address or entity
   that follows is not defined and is implied based on conventional
   experience.  When the LISP protocol uses LCAF definitions from this
   document, the AFI-based address lengths are specified in this
   document.  When new LCAF definitions are defined in other use case
   documents, the AFI-based address lengths for any new AFI encoded
   addresses are specified in those documents.

   The first 6 bytes of an LISP Canonical Address are followed by a
   variable number of fields of variable length:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Type       |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             . . .                             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Rsvd1/Rsvd2:  these 8-bit fields are reserved for future use and MUST
      be transmitted as 0 and ignored on receipt.

   Flags:  this 8-bit field is for future definition and use.  For now,
      set to zero on transmission and ignored on receipt.

   Type:  this 8-bit field is specific to the LISP Canonical Address
      formatted encodings.  Currently allocated values are:



Farinacci, et al.        Expires April 21, 2017                 [Page 5]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


     Type 0:  Null Body Type

     Type 1:  AFI List Type

     Type 2:  Instance ID Type

     Type 3:  AS Number Type

     Type 4:  Application Data Type

     Type 5:  Geo Coordinates Type

     Type 6:  Opaque Key Type

     Type 7:  NAT-Traversal Type

     Type 8:  Nonce Locator Type

     Type 9:  Multicast Info Type

     Type 10:  Explicit Locator Path Type

     Type 11:  Security Key Type

     Type 12:  Source/Dest Key Type

     Type 13:  Replication List Entry Type

     Type 14:  JSON Data Model Type

     Type 15:  Key/Value Address Pair Type

     Type 16:  Encapsulation Format Type

   Length:  this 16-bit field is in units of bytes and covers all of the
      LISP Canonical Address payload, starting and including the byte
      after the Length field.  When including the AFI, an LCAF encoded
      address will have a minimum length of 8 bytes when the Length
      field is 0.  The 8 bytes include the AFI, Flags, Type, Rsvd1,
      Rsvd2, and Length fields.  When the AFI is not next to an encoded
      address in a control message, then the encoded address will have a
      minimum length of 6 bytes when the Length field is 0.  The 6 bytes
      include the Flags, Type, Rsvd1, Rsvd2, and Length fields.

   [RFC6830] states RLOC records are sorted when encoded in control
   messages so the locator-set has consistent order across all xTRs for
   a given EID.  The sort order is based on sort-key {afi, RLOC-
   address}. When an RLOC is LCAF encoded, the sort-key is {afi, LCAF-



Farinacci, et al.        Expires April 21, 2017                 [Page 6]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Type}. Therefore, when a locator-set has a mix of AFI records and
   LCAF records, they are ordered from smallest to largest AFI value.































4.  LISP Canonical Address Applications

4.1.  Segmentation using LISP

   When multiple organizations inside of a LISP site are using private
   addresses [RFC1918] as EID-prefixes, their address spaces must remain
   segregated due to possible address duplication.  An Instance ID in
   the address encoding can aid in making the entire AFI-based address
   unique.

   Another use for the Instance ID LISP Canonical Address Format is when
   creating multiple segmented VPNs inside of a LISP site where keeping
   EID-prefix based subnets is desirable.





Farinacci, et al.        Expires April 21, 2017                 [Page 7]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Instance ID LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 2    | IID mask-len  |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Instance ID                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   IID mask-len:  if the AFI is set to 0, then this format is not
      encoding an extended EID-prefix but rather an instance-ID range
      where the 'IID mask-len' indicates the number of high-order bits
      used in the Instance ID field for the range.  The low-order bits
      of the Instance ID field must be 0.

   Length:  length in bytes starting and including the byte after this
      Length field.

   Instance ID:  the low-order 24-bits that can go into a LISP data
      header when the I-bit is set.  See [RFC6830] for details.  The
      reason for the length difference is so that the maximum number of
      instances supported per mapping system is 2^32 while conserving
      space in the LISP data header.  This comes at the expense of
      limiting the maximum number of instances per xTR to 2^24.  If an
      xTR is configured with multiple instance-IDs where the value in
      the high-order 8 bits are the same, then the low-order 24 bits
      MUST be unique.

   AFI =3D x:  x can be any AFI value from [AFI].

   This LISP Canonical Address Type can be used to encode either EID or
   RLOC addresses.

   Usage: When used as a lookup key, the EID is regarded as an extended-
   EID in the mapping system.  This encoding is used in EID records in
   Map-Requests, Map-Replies, Map-Registers, and Map-Notify messages.
   When LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system
   mechanism, extended EIDs are used in Map-Referral messages.








Farinacci, et al.        Expires April 21, 2017                 [Page 8]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.2.  Carrying AS Numbers in the Mapping Database

   When an AS number is stored in the LISP Mapping Database System for
   either policy or documentation reasons, it can be encoded in a LISP
   Canonical Address.

   AS Number LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 3    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           AS Number                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   AS Number:  the 32-bit AS number of the autonomous system that has
      been assigned to either the EID or RLOC that follows.

   AFI =3D x:  x can be any AFI value from [AFI].

   The AS Number Canonical Address Type can be used to encode either EID
   or RLOC addresses.  The former is used to describe the LISP-ALT AS
   number the EID-prefix for the site is being carried for.  The latter
   is used to describe the AS that is carrying RLOC based prefixes in
   the underlying routing system.

   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  When
   LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system mechanism,
   extended EIDs are used in Map-Referral messages.













Farinacci, et al.        Expires April 21, 2017                 [Page 9]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.3.  Assigning Geo Coordinates to Locator Addresses

   If an ETR desires to send a Map-Reply describing the Geo Coordinates
   for each locator in its locator-set, it can use the Geo Coordinate
   Type to convey physical location information.

   Coordinates are specified using the WGS-84 (World Geodetic System)
   reference coordinate system [WGS-84].

   Geo Coordinate LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 5    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |N|     Latitude Degrees        |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |E|     Longitude Degrees       |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                            Altitude                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   N: When set to 1 means North, otherwise South.

   Latitude Degrees:  Valid values range from 0 to 90 degrees above or
      below the equator (northern or southern hemisphere, respectively).

   Latitude Minutes:  Valid values range from 0 to 59.

   Latitude Seconds:  Valid values range from 0 to 59.

   E: When set to 1 means East, otherwise West.

   Longitude Degrees:  Valid values are from 0 to 180 degrees right or
      left of the Prime Meridian.

   Longitude Minutes:  Valid values range from 0 to 59.

   Longitude Seconds:  Valid values range from 0 to 59.




Farinacci, et al.        Expires April 21, 2017                [Page 10]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Altitude:  Height relative to sea level in meters.  This is a two's
      complement signed integer meaning that the altitude could be below
      sea level.  A value of 0x7fffffff indicates no Altitude value is
      encoded.

   AFI =3D x:  x can be any AFI value from [AFI].

   The Geo Coordinates Canonical Address Type can be used to encode
   either EID or RLOC addresses.  When used for EID encodings, you can
   determine the physical location of an EID along with the topological
   location by observing the locator-set.

   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  When
   LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system mechanism,
   extended EIDs are used in Map-Referral messages.



































Farinacci, et al.        Expires April 21, 2017                [Page 11]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.4.  NAT Traversal Scenarios

   When a LISP system is conveying global address and mapped port
   information when traversing through a NAT device, the NAT-Traversal
   LCAF Type is used.  See [I-D.ermagan-lisp-nat-traversal] for details.

   NAT-Traversal Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 7    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       MS UDP Port Number      |      ETR UDP Port Number      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |  Global ETR RLOC Address  ... |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       MS RLOC Address  ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          | Private ETR RLOC Address  ... |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |      RTR RLOC Address 1 ...   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |      RTR RLOC Address k ...   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   MS UDP Port Number:  this is the UDP port number of the Map-Server
      and is set to 4342.

   ETR UDP Port Number:  this is the port number returned to a LISP
      system which was copied from the source port from a packet that
      has flowed through a NAT device.

   AFI =3D x:  x can be any AFI value from [AFI].

   Global ETR RLOC Address:  this is an address known to be globally
      unique built by NAT-traversal functionality in a LISP router.

   MS RLOC Address:  this is the address of the Map-Server used in the
      destination RLOC of a packet that has flowed through a NAT device.






Farinacci, et al.        Expires April 21, 2017                [Page 12]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Private ETR RLOC Address:  this is an address known to be a private
      address inserted in this LCAF by a LISP router that resides on the
      private side of a NAT device.

   RTR RLOC Address:  this is an encapsulation address used by an ITR or
      PITR which resides behind a NAT device.  This address is known to
      have state in a NAT device so packets can flow from it to the LISP
      ETR behind the NAT.  There can be one or more NAT Reencapsulating
      Tunnel Router (RTR) [I-D.ermagan-lisp-nat-traversal] addresses
      supplied in these set of fields.  The number of RTRs encoded is
      determined by parsing each field.  When there are no RTRs
      supplied, the RTR fields can be omitted and reflected by the LCAF
      length field or an AFI of 0 can be used to indicate zero RTRs
      encoded.

   Usage: This encoding can be used in Info-Request and Info-Reply
   messages.  The mapping system does not store this information.  The
   information is used by an xTR and Map-Server to convey private and
   public address information when traversing NAT and firewall devices.
































Farinacci, et al.        Expires April 21, 2017                [Page 13]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.5.  Multicast Group Membership Information

   Multicast group information can be published in the mapping database.
   So a lookup on a group address EID can return a replication list of
   RLOC group addresses or RLOC unicast addresses.  The intent of this
   type of unicast replication is to deliver packets to multiple ETRs at
   receiver LISP multicast sites.  The locator-set encoding for this EID
   record type can be a list of ETRs when they each register with "Merge
   Semantics".  The encoding can be a typical AFI-encoded locator
   address.  When an RTR list is being registered (with multiple levels
   according to [I-D.coras-lisp-re]), the Replication List Entry LCAF
   type is used for locator encoding.

   This LCAF encoding can be used to send broadcast packets to all
   members of a subnet when an EID is away from its home subnet
   location.

   Multicast Info Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 9    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Instance-ID                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Reserved           | Source MaskLen| Group MaskLen |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |   Source/Subnet Address  ...  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Group Address  ...      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved:  must be set to zero and ignored on receipt.

   Instance ID:  the low-order 24-bits that can go into a LISP data
      header when the I-bit is set.  See [RFC6830] for details.  The use
      of the Instance-ID in this LCAF type is to associate a multicast
      forwarding entry for a given VPN.  The instance-ID describes the
      VPN and is registered to the mapping database system as a 3-tuple
      of (Instance-ID, S-prefix, G-prefix).





Farinacci, et al.        Expires April 21, 2017                [Page 14]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Source MaskLen:  the mask length of the source prefix that follows.
      The length is the number of high-order mask bits set.

   Group MaskLen:  the mask length of the group prefix that follows.
      The length is the number of high-order mask bits set.

   AFI =3D x:  x can be any AFI value from [AFI].  When a specific =
address
      family has a multicast address semantic, this field must be either
      a group address or a broadcast address.

   Source/Subnet Address:  is the source address or prefix for encoding
      a (S,G) multicast entry.

   Group Address:  is the group address or group prefix for encoding
      (S,G) or (*,G) multicast entries.

   Usage: This encoding can be used in EID records in Map-Requests, Map-
   Replies, Map-Registers, and Map-Notify messages.  When LISP-DDT
   [I-D.ietf-lisp-ddt] is used as the mapping system mechanism, extended
   EIDs are used in Map-Referral messages.































Farinacci, et al.        Expires April 21, 2017                [Page 15]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.6.  Traffic Engineering using Re-encapsulating Tunnels

   For a given EID lookup into the mapping database, this LCAF can be
   returned to provide a list of locators in an explicit re-
   encapsulation path.  See [I-D.farinacci-lisp-te] for details.

   Explicit Locator Path (ELP) Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 10   |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Rsvd3         |L|P|S|           AFI =3D x             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Reencap Hop 1  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Rsvd3         |L|P|S|           AFI =3D x             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Reencap Hop k  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Rsvd3:  this field is reserved for future use and MUST be transmitted
      as 0 and ignored on receipt.

   Lookup bit (L):  this is the Lookup bit used to indicate to the user
      of the ELP to not use this address for encapsulation but to look
      it up in the mapping database system to obtain an encapsulating
      RLOC address.

   RLOC-Probe bit (P):  this is the RLOC-probe bit which means the
      Reencap Hop allows RLOC-probe messages to be sent to it.  When the
      R-bit is set to 0, RLOC-probes must not be sent.  When a Reencap
      Hop is an anycast address then multiple physical Reencap Hops are
      using the same RLOC address.  In this case, RLOC-probes are not
      needed because when the closest RLOC address is not reachable
      another RLOC address can be reachable.

   Strict bit (S):  this is the strict bit which means the associated
      Reencap Hop is required to be used.  If this bit is 0, the
      reencapsulator can skip this Reencap Hop and go to the next one in
      the list.




Farinacci, et al.        Expires April 21, 2017                [Page 16]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   AFI =3D x:  x can be any AFI value from [AFI].  When a specific AFI =
has
      its own encoding of a multicast address, this field must be either
      a group address or a broadcast address.

   Usage: This encoding can be used in RLOC records in Map-Requests,
   Map-Replies, Map-Registers, and Map-Notify messages.  This encoding
   does not need to be understood by the mapping system for mapping
   database lookups since this LCAF type is not a lookup key.





















4.7.  Storing Security Data in the Mapping Database

   When a locator in a locator-set has a security key associated with
   it, this LCAF will be used to encode key material.  See
   [I-D.ietf-lisp-ddt] for details.

















Farinacci, et al.        Expires April 21, 2017                [Page 17]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Security Key Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 11   |      Rsvd2    |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Key Count   |      Rsvd3    | Key Algorithm |   Rsvd4     |R|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Key Length          |       Key Material ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        ... Key Material                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Locator Address ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Key Count:  the Key Count field declares the number of Key sections
      included in this LCAF.  A key section is made up of "Key Length"
      and "Key Material" fields.

   Rsvd3:  this field is reserved for future use and MUST be transmitted
      as 0 and ignored on receipt.

   Key Algorithm:  the Algorithm field identifies the key's
      cryptographic algorithm and specifies the format of the Public Key
      field.  Refer to the [I-D.ietf-lisp-ddt] and
      [I-D.ietf-lisp-crypto] use cases for definitions of this field.

   Rsvd4:  this field is reserved for future use and MUST be transmitted
      as 0 and ignored on receipt.

   R bit:  this is the revoke bit and, if set, it specifies that this
      Key is being Revoked.

   Key Length:  this field determines the length in bytes of the Key
      Material field.

   Key Material:  the Key Material field stores the key material.  The
      format of the key material stored depends on the Key Algorithm
      field.

   AFI =3D x:  x can be any AFI value from [AFI].  This is the locator
      address that owns the encoded security key.



Farinacci, et al.        Expires April 21, 2017                [Page 18]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  When
   LISP-DDT [I-D.ietf-lisp-ddt] is used as the mapping system mechanism,
   extended EIDs are used in Map-Referral messages.





















4.8.  Source/Destination 2-Tuple Lookups

   When both a source and destination address of a flow need
   consideration for different locator-sets, this 2-tuple key is used in
   EID fields in LISP control messages.  When the Source/Dest key is
   registered to the mapping database, it can be encoded as a source-
   prefix and destination-prefix.  When the Source/Dest is used as a key
   for a mapping database lookup the source and destination come from a
   data packet.

















Farinacci, et al.        Expires April 21, 2017                [Page 19]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Source/Dest Key Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 12   |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Reserved           |   Source-ML   |    Dest-ML    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Source-Prefix ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D y          |     Destination-Prefix ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved:  must be set to zero and ignore on receipt.

   Source-ML:  the mask length of the source prefix that follows.  The
      length is the number of high-order mask bits set.

   Dest-ML:  the mask length of the destination prefix that follows.
      The length is the number of high-order mask bits set.

   AFI =3D x:  x can be any AFI value from [AFI].

   AFI =3D y:  y can be any AFI value from [AFI].  When a specific =
address
      family has a multicast address semantic, this field must be either
      a group address or a broadcast address.

   Usage: This encoding can be used in EID records in Map-Requests, Map-
   Replies, Map-Registers, and Map-Notify messages.  When LISP-DDT
   [I-D.ietf-lisp-ddt] is used as the mapping system mechanism, extended
   EIDs are used in Map-Referral messages.  Refer to
   [I-D.farinacci-lisp-te] for usage details of this LCAF type.













Farinacci, et al.        Expires April 21, 2017                [Page 20]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.9.  Replication List Entries for Multicast Forwarding

   The Replication List Entry LCAF type is an encoding for a locator
   being used for unicast replication according to the specification in
   [I-D.coras-lisp-re].  This locator encoding is pointed to by a
   Multicast Info LCAF Type and is registered by Re-encapsulating Tunnel
   Routers (RTRs) that are participating in an overlay distribution
   tree.  Each RTR will register its locator address and its configured
   level in the distribution tree.

   Replication List Entry Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 13   |    Rsvd2      |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Rsvd3            |     Rsvd4     |  Level Value  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |           RTR/ETR #1 ...      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              Rsvd3            |     Rsvd4     |  Level Value  |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |           RTR/ETR  #n ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Rsvd3/Rsvd4:  must be set to zero and ignore on receipt.

   Level Value:  this value is associated with the level within the
      overlay distribution tree hierarchy where the RTR resides.  The
      level numbers are ordered from lowest value being close to the ITR
      (meaning that ITRs replicate to level-0 RTRs) and higher levels
      are further downstream on the distribution tree closer to ETRs of
      multicast receiver sites.

   AFI =3D x:  x can be any AFI value from [AFI].  A specific AFI has =
its
      own encoding of either a unicast or multicast locator address.
      For efficiency reasons, all RTR/ETR entries for the same level
      should be combined together by a Map-Server to avoid searching
      through the entire multi-level list of locator entries in a Map-
      Reply message.





Farinacci, et al.        Expires April 21, 2017                [Page 21]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This encoding can be used in RLOC records in Map-Requests,
   Map-Replies, Map-Registers, and Map-Notify messages.

4.10.  Applications for AFI List Type

4.10.1.  Binding IPv4 and IPv6 Addresses

   When header translation between IPv4 and IPv6 is desirable a LISP
   Canonical Address can use the AFI List Type to carry a variable
   number of AFIs in one LCAF AFI.

   Address Binding LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 1            |       IPv4 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv4 Address         |            AFI =3D 2            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          IPv6 Address ...                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address  ...                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                     ...  IPv6 Address                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   This type of address format can be included in a Map-Request when the
   address is being used as an EID, but the Mapping Database System
   lookup destination can use only the IPv4 address.  This is so a
   Mapping Database Service Transport System, such as LISP-ALT
   [RFC6836], can use the Map-Request destination address to route the
   control message to the desired LISP site.

   Usage: This encoding can be used in EID or RLOC records in Map-
   Requests, Map-Replies, Map-Registers, and Map-Notify messages.  See
   subsections in this section for specific use cases.





Farinacci, et al.        Expires April 21, 2017                [Page 22]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.2.  Layer-2 VPNs

   When MAC addresses are stored in the LISP Mapping Database System,
   the AFI List Type can be used to carry AFI 6.

   MAC Address LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             AFI =3D 6           |    Layer-2 MAC Address  ...   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    ... Layer-2 MAC Address                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   This address format can be used to connect layer-2 domains together
   using LISP over an IPv4 or IPv6 core network to create a layer-2 VPN.
   In this use case, a MAC address is being used as an EID, and the
   locator-set that this EID maps to can be an IPv4 or IPv6 RLOCs, or
   even another MAC address being used as an RLOC.  See
   [I-D.portoles-lisp-eid-mobility] for how layer-2 VPNs operate when
   doing EID mobility.  Refer to the Security Considerations section for
   privacy protection.





















Farinacci, et al.        Expires April 21, 2017                [Page 23]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.3.  ASCII Names in the Mapping Database

   If DNS names or URIs are stored in the LISP Mapping Database System,
   the AFI List Type can be used to carry an ASCII string.

   ASCII LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |             AFI =3D 17          |      DNS Name or URI  ...     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.
































Farinacci, et al.        Expires April 21, 2017                [Page 24]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.4.  Using Recursive LISP Canonical Address Encodings

   When any combination of above is desirable, the AFI List Type value
   can be used to carry within the LCAF AFI another LCAF AFI (for
   example, Application Specific Data see Section 5.1.

   Recursive LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 4    |     Rsvd2     |            Length2            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   IP TOS, IPv6 TC or Flow Label               |    Protocol   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Local Port (lower-range)   |    Local Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Remote Port (lower-range)   |   Remote Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            AFI =3D 1            |       IPv4 Address ...        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     ...  IPv4 Address         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Length2:  length in bytes starting and including the byte after this
      Length2 field.

   This format could be used by a Mapping Database Transport System,
   such as LISP-ALT [RFC6836], where the AFI=3D1 IPv4 address is used as
   an EID and placed in the Map-Request destination address by the
   sending LISP system.  The ALT system can deliver the Map-Request to
   the LISP destination site independent of the Application Data Type
   AFI payload values.  When this AFI is processed by the destination
   LISP site, it can return different locator-sets based on the type of
   application or level of service that is being requested.







Farinacci, et al.        Expires April 21, 2017                [Page 25]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


4.10.5.  Compatibility Mode Use Case

   A LISP system should use the AFI List Type format when sending to
   LISP systems that do not support a particular LCAF Type used to
   encode locators.  This allows the receiving system to be able to
   parse a locator address for encapsulation purposes.  The list of AFIs
   in an AFI List LCAF Type has no semantic ordering and a receiver
   should parse each AFI element no matter what the ordering.

   Compatibility Mode Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 1    |     Rsvd2     |           Length              |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 5    |     Rsvd2     |           Length2             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |N|     Latitude Degrees        |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |E|     Longitude Degrees       |    Minutes    |    Seconds    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                            Altitude                           |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D 0          |           AFI =3D 1             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          IPv4 Address                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Length2:  length in bytes starting and including the byte after this
      Length2 field.

   If a system does not recognized the Geo Coordinate LCAF Type that is
   accompanying a locator address, an encoder can include the Geo
   Coordinate LCAF Type embedded in a AFI List LCAF Type where the AFI
   in the Geo Coordinate LCAF is set to 0 and the AFI encoded next in
   the list is encoded with a valid AFI value to identify the locator
   address.

   A LISP system is required to support the AFI List LCAF Type to use
   this procedure.  It would skip over 10 bytes of the Geo Coordinate



Farinacci, et al.        Expires April 21, 2017                [Page 26]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   LCAF Type to get to the locator address encoding (an IPv4 locator
   address).  A LISP system that does support the Geo Coordinate LCAF
   Type can support parsing the locator address within the Geo
   Coordinate LCAF encoding or in the locator encoding that follows in
   the AFI List LCAF.































5.  Experimental LISP Canonical Address Applications

5.1.  Convey Application Specific Data

   When a locator-set needs to be conveyed based on the type of
   application or the Per-Hop Behavior (PHB) of a packet, the
   Application Data Type can be used.








Farinacci, et al.        Expires April 21, 2017                [Page 27]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Application Data LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 4    |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       IP TOS, IPv6 TC, or Flow Label          |    Protocol   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |    Local Port (lower-range)   |    Local Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Remote Port (lower-range)   |   Remote Port (upper-range)   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   IP TOS, IPv6 TC, or Flow Label:  this field stores the 8-bit IPv4 TOS
      field used in an IPv4 header, the 8-bit IPv6 Traffic Class or Flow
      Label used in an IPv6 header.

   Local Port/Remote Port Ranges:  these fields are from the TCP, UDP,
      or SCTP transport header.  A range can be specified by using a
      lower value and an upper value.  When a single port is encoded,
      the lower and upper value fields are the same.

   AFI =3D x:  x can be any AFI value from [AFI].

   The Application Data Canonical Address Type is used for an EID
   encoding when an ITR wants a locator-set for a specific application.
   When used for an RLOC encoding, the ETR is supplying a locator-set
   for each specific application is has been configured to advertise.

   Usage: This encoding can be used in EID records in Map-Requests, Map-
   Replies, Map-Registers, and Map-Notify messages.  When LISP-DDT
   [I-D.ietf-lisp-ddt] is used as the mapping system mechanism, extended
   EIDs are used in Map-Referral messages.  This LCAF type is used as a
   lookup key to the mapping system that can return a longest-match or
   exact-match entry.








Farinacci, et al.        Expires April 21, 2017                [Page 28]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.2.  Generic Database Mapping Lookups

   When the LISP Mapping Database system holds information accessed by a
   generic formatted key (where the key is not the usual IPv4 or IPv6
   address), an opaque key may be desirable.

   Opaque Key LISP Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 6    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Key Field Num |      Key Wildcard Fields      |   Key . . .   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       . . . Key                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Key Field Num:  the value of this field is the number of "Key" sub-
      fields minus 1, the "Key" field can be broken up into.  So if this
      field has a value of 0, there is 1 sub-field in the "Key".  The
      width of the sub-fields are fixed length.  So for a key size of 8
      bytes, with a Key Field Num of 3, allows 4 sub-fields of 2 bytes
      each in length.  Allowing for a reasonable number of 16 sub-field
      separators, valid values range from 0 to 15.

   Key Wildcard Fields:  describes which fields in the key are not used
      as part of the key lookup.  This wildcard encoding is a bitfield.
      Each bit is a don't-care bit for a corresponding field in the key.
      Bit 0 (the low-order bit) in this bitfield corresponds the first
      field, the low-order field in the key, bit 1 the second field, and
      so on.  When a bit is set in the bitfield it is a don't-care bit
      and should not be considered as part of the database lookup.  When
      the entire 16-bits is set to 0, then all bits of the key are used
      for the database lookup.

   Key:  the variable length key used to do a LISP Database Mapping
      lookup.  The length of the key is the value n (as shown above).

   Usage: This is an experimental type where the usage has not been
   defined yet.





Farinacci, et al.        Expires April 21, 2017                [Page 29]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.3.  PETR Admission Control Functionality

   When a public PETR device wants to verify who is encapsulating to it,
   it can check for a specific nonce value in the LISP encapsulated
   packet.  To convey the nonce to admitted ITRs or PITRs, this LCAF is
   used in a Map-Register or Map-Reply locator-record.

   Nonce Locator Canonical Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 8    |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Reserved    |                  Nonce                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |         Address  ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved:  must be set to zero and ignore on receipt.

   Nonce:  this is a nonce value returned by an ETR in a Map-Reply
      locator-record to be used by an ITR or PITR when encapsulating to
      the locator address encoded in the AFI field of this LCAF type.
      This nonce value is inserted in the nonce field in the LISP header
      encapsulation.

   AFI =3D x:  x can be any AFI value from [AFI].

   Usage: This is an experimental type where the usage has not been
   defined yet.















Farinacci, et al.        Expires April 21, 2017                [Page 30]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.4.  Data Model Encoding

   This type allows a JSON data model to be encoded either as an EID or
   RLOC.

   JSON Data Model Type Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 14   |    Rsvd2    |B|            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           JSON length         | JSON binary/text encoding ... |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Optional Address ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   B bit:  indicates that the JSON field is binary encoded according to
      [JSON-BINARY] when the bit is set to 1.  Otherwise the encoding is
      based on text encoding according to [RFC7159].

   JSON length:  length in octets of the following 'JSON binary/text
      encoding' field.

   JSON binary/text encoding field:  a variable length field that
      contains either binary or text encodings.

   AFI =3D x:  x can be any AFI value from [AFI].  A specific AFI has =
its
      own encoding of either a unicast or multicast locator address.
      All RTR/ETR entries for the same level should be combined together
      by a Map-Server to avoid searching through the entire multi-level
      list of locator entries in a Map-Reply message.

   Usage: This is an experimental type where the usage has not been
   defined yet.











Farinacci, et al.        Expires April 21, 2017                [Page 31]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


5.5.  Encoding Key/Value Address Pairs

   The Key/Value pair is, for example, useful for attaching attributes
   to other elements of LISP packets, such as EIDs or RLOCs.  When
   attaching attributes to EIDs or RLOCs, it's necessary to distinguish
   between the element that should be used as EID or RLOC, and hence as
   the key for lookups, and additional attributes.  This is especially
   the case when the difference cannot be determined from the types of
   the elements, such as when two IP addresses are being used.

   Key/Value Pair Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 15   |     Rsvd2     |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |       Address as Key ...      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D y          |       Address as Value ...    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   AFI =3D x:  x is the "Address as Key" AFI that can have any value =
from
      [AFI].  A specific AFI has its own encoding of either a unicast or
      multicast locator address.  All RTR/ETR entries for the same level
      should be combined together by a Map-Server to avoid searching
      through the entire multi-level list of locator entries in a Map-
      Reply message.

   Address as Key:  this AFI-encoded address will be attached with the
      attributes encoded in "Address as Value" which follows this field.

   AFI =3D y:  y is the "Address of Value" AFI that can have any value
      from [AFI].  A specific AFI has its own encoding of either a
      unicast or multicast locator address.  All RTR/ETR entries for the
      same level should be combined together by a Map-Server to avoid
      searching through the entire multi-level list of locator entries
      in a Map-Reply message.

   Address as Value:  this AFI-encoded address will be the attribute
      address that goes along with "Address as Key" which precedes this
      field.




Farinacci, et al.        Expires April 21, 2017                [Page 32]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This is an experimental type where the usage has not been
   defined yet.































5.6.  Multiple Data-Planes

   Overlays are becoming popular in many parts of the network which have
   created an explosion of data-plane encapsulation headers.  Since the
   LISP mapping system can hold many types of address formats, it can
   represent the encapsulation format supported by an RLOC as well.
   When an encapsulator receives a Map-Reply with an Encapsulation
   Format LCAF Type encoded in an RLOC-record, it can select an
   encapsulation format, that it can support, from any of the
   encapsulation protocols which have the bit set to 1 in this LCAF
   type.







Farinacci, et al.        Expires April 21, 2017                [Page 33]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Encapsulation Format Address Format:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           AFI =3D 16387         |     Rsvd1     |     Flags     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Type =3D 16   |     Rsvd2     |             Length            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |        Reserved-for-Future-Encapsulations       |U|G|N|v|V|l|L|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |              AFI =3D x          |          Address ...          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Length:  length in bytes starting and including the byte after this
      Length field.

   Reserved-for-Future-Encapsulations:  must be set to zero and ignored
      on receipt.  This field will get bits allocated to future
      encapsulations, as they are created.

   L: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept layer 3 LISP encapsulation using destination UDP port
      4341 [RFC6830].

   l: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept layer 2 LISP encapsulation using destination UDP port
      8472 [I-D.smith-lisp-layer2].

   V: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept VXLAN encapsulation using destination UDP port 4789
      [RFC7348].

   v: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept VXLAN-GPE encapsulation using destination UDP port 4790
      [I-D.quinn-vxlan-gpe].

   N: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept NV-GRE encapsulation using IPv4/ IPv6 protocol number
      47 [RFC7637].

   G: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept GENEVE encapsulation using destination UDP port 6081
      [I-D.gross-geneve].

   U: The RLOCs listed in the AFI-encoded addresses in the next longword
      can accept GUE encapsulation using destination UDP port TBD
      [I-D.herbert-gue].



Farinacci, et al.        Expires April 21, 2017                [Page 34]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Usage: This encoding can be used in RLOC records in Map-Requests,
   Map-Replies, Map-Registers, and Map-Notify messages.









































6.  Security Considerations

   There are no security considerations for this specification.  The
   security considerations are documented for the protocols that use
   LISP Canonical Addressing.



Farinacci, et al.        Expires April 21, 2017                [Page 35]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   The use of the Geo-Coordinates LCAF Type may raise physical privacy
   issues.  Care should be taken when configuring the mapping system to
   use specific policy parameters so geo-location information is not
   returned gratuitously.  It is recommended that any documents that
   specify the use of the Geo-Coordinates LCAF Type should consider the
   applicability of the BCP160 [RFC6280] for location-based privacy
   protection.

7.  IANA Considerations

   This document defines a canonical address format encoding used in
   LISP control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.  Such address format is based on a fixed AFI
   (16387) and a LISP LCAF Type field.

   The LISP LCAF Type field is an 8-bit field specific to the LISP
   Canonical Address formatted encodings, for which IANA is to create
   and maintain a new registry (as outlined in [RFC5226]) entitled "LISP
   LCAF Type".  Initial values for the LISP LCAF Type registry are given
   below.  Future assignments are to be made through expert review with
   a specification required publication.  Assignments consist of a LISP
   LCAF Type name and its associated value:

           +-------+------------------------------+------------+
           | Value | LISP LCAF Type Name          | Definition |
           +-------+------------------------------+------------+
           | 0     | Null Body Type               | Section 3  |
           | 1     | AFI List Type                | Section 3  |
           | 2     | Instance ID Type             | Section 3  |
           | 3     | AS Number Type               | Section 3  |
           | 5     | Geo Coordinates Type         | Section 3  |
           | 7     | NAT-Traversal Type           | Section 3  |
           | 9     | Multicast Info Type          | Section 3  |
           | 10    | Explicit Locator Path Type   | Section 3  |
           | 11    | Security Key Type            | Section 3  |
           | 12    | Source/Dest Key Type         | Section 3  |
           | 13    | Replication List Entry Type  | Section 3  |
           +-------+------------------------------+------------+

                  Table 1: LISP LCAF Type Initial Values

8.  References

8.1.  Normative References

   [BCP160]   "An Architecture for Location and Location Privacy in
              Internet Applications", Best Current Practices
              https://www.rfc-editor.org/bcp/bcp160.txt, July 2011.



Farinacci, et al.        Expires April 21, 2017                [Page 36]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   [RFC1918]  Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,
              and E. Lear, "Address Allocation for Private Internets",
              BCP 5, RFC 1918, DOI 10.17487/RFC1918, February 1996,
              <http://www.rfc-editor.org/info/rfc1918>.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC3232]  Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced
              by an On-line Database", RFC 3232, DOI 10.17487/RFC3232,
              January 2002, <http://www.rfc-editor.org/info/rfc3232>.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              <http://www.rfc-editor.org/info/rfc5226>.

   [RFC6280]  Barnes, R., Lepinski, M., Cooper, A., Morris, J.,
              Tschofenig, H., and H. Schulzrinne, "An Architecture for
              Location and Location Privacy in Internet Applications",
              BCP 160, RFC 6280, DOI 10.17487/RFC6280, July 2011,
              <http://www.rfc-editor.org/info/rfc6280>.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              <http://www.rfc-editor.org/info/rfc6830>.

   [RFC6836]  Fuller, V., Farinacci, D., Meyer, D., and D. Lewis,
              "Locator/ID Separation Protocol Alternative Logical
              Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836,
              January 2013, <http://www.rfc-editor.org/info/rfc6836>.

   [RFC7159]  Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
              Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March
              2014, <http://www.rfc-editor.org/info/rfc7159>.

   [RFC7348]  Mahalingam, M., Dutt, D., Duda, K., Agarwal, P., Kreeger,
              L., Sridhar, T., Bursell, M., and C. Wright, "Virtual
              eXtensible Local Area Network (VXLAN): A Framework for
              Overlaying Virtualized Layer 2 Networks over Layer 3
              Networks", RFC 7348, DOI 10.17487/RFC7348, August 2014,
              <http://www.rfc-editor.org/info/rfc7348>.






Farinacci, et al.        Expires April 21, 2017                [Page 37]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   [RFC7637]  Garg, P., Ed. and Y. Wang, Ed., "NVGRE: Network
              Virtualization Using Generic Routing Encapsulation",
              RFC 7637, DOI 10.17487/RFC7637, September 2015,
              <http://www.rfc-editor.org/info/rfc7637>.

8.2.  Informative References

   [AFI]      IANA, , "Address Family Identifier (AFIs)", ADDRESS FAMILY
              NUMBERS http://www.iana.org/assignments/address-family-
              numbers/address-family-numbers.xhtml?, Febuary 2007.

   [I-D.coras-lisp-re]
              Coras, F., Cabellos-Aparicio, A., Domingo-Pascual, J.,
              Maino, F., and D. Farinacci, "LISP Replication
              Engineering", draft-coras-lisp-re-08 (work in progress),
              November 2015.

   [I-D.ermagan-lisp-nat-traversal]
              Ermagan, V., Farinacci, D., Lewis, D., Skriver, J., Maino,
              F., and C. White, "NAT traversal for LISP", draft-ermagan-
              lisp-nat-traversal-11 (work in progress), August 2016.

   [I-D.farinacci-lisp-te]
              Farinacci, D., Kowal, M., and P. Lahiri, "LISP Traffic
              Engineering Use-Cases", draft-farinacci-lisp-te-11 (work
              in progress), September 2016.

   [I-D.gross-geneve]
              Gross, J., Sridhar, T., Garg, P., Wright, C., Ganga, I.,
              Agarwal, P., Duda, K., Dutt, D., and J. Hudson, "Geneve:
              Generic Network Virtualization Encapsulation", draft-
              gross-geneve-02 (work in progress), October 2014.

   [I-D.herbert-gue]
              Herbert, T., Yong, L., and O. Zia, "Generic UDP
              Encapsulation", draft-herbert-gue-03 (work in progress),
              March 2015.

   [I-D.ietf-lisp-crypto]
              Farinacci, D. and B. Weis, "LISP Data-Plane
              Confidentiality", draft-ietf-lisp-crypto-10 (work in
              progress), October 2016.

   [I-D.ietf-lisp-ddt]
              Fuller, V., Lewis, D., Ermagan, V., Jain, A., and A.
              Smirnov, "LISP Delegated Database Tree", draft-ietf-lisp-
              ddt-08 (work in progress), September 2016.




Farinacci, et al.        Expires April 21, 2017                [Page 38]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   [I-D.portoles-lisp-eid-mobility]
              Portoles-Comeras, M., Ashtaputre, V., Moreno, V., Maino,
              F., and D. Farinacci, "LISP L2/L3 EID Mobility Using a
              Unified Control Plane", draft-portoles-lisp-eid-
              mobility-01 (work in progress), October 2016.

   [I-D.quinn-vxlan-gpe]
              Quinn, P., Manur, R., Kreeger, L., Lewis, D., Maino, F.,
              Smith, M., Agarwal, P., Yong, L., Xu, X., Elzur, U., Garg,
              P., and D. Melman, "Generic Protocol Extension for VXLAN",
              draft-quinn-vxlan-gpe-04 (work in progress), February
              2015.

   [I-D.smith-lisp-layer2]
              Smith, M., Dutt, D., Farinacci, D., and F. Maino, "Layer 2
              (L2) LISP Encapsulation Format", draft-smith-lisp-
              layer2-03 (work in progress), September 2013.

   [JSON-BINARY]
              "Universal Binary JSON Specification",
              URL http://ubjson.org.

   [WGS-84]   Geodesy and Geophysics Department, DoD., "World Geodetic
              System 1984", NIMA TR8350.2, January 2000, <http://earth-
              info.nga.mil/GandG/publications/tr8350.2/wgs84fin.pdf>.

Appendix A.  Acknowledgments

   The authors would like to thank Vince Fuller, Gregg Schudel, Jesper
   Skriver, Luigi Iannone, Isidor Kouvelas, and Sander Steffann for
   their technical and editorial commentary.

   The authors would like to thank Victor Moreno for discussions that
   lead to the definition of the Multicast Info LCAF type.

   The authors would like to thank Parantap Lahiri and Michael Kowal for
   discussions that lead to the definition of the Explicit Locator Path
   (ELP) LCAF type.

   The authors would like to thank Fabio Maino and Vina Ermagan for
   discussions that lead to the definition of the Security Key LCAF
   type.

   The authors would like to thank Albert Cabellos-Aparicio and Florin
   Coras for discussions that lead to the definition of the Replication
   List Entry LCAF type.





Farinacci, et al.        Expires April 21, 2017                [Page 39]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Thanks goes to Michiel Blokzijl and Alberto Rodriguez-Natal for
   suggesting new LCAF types.

   Thanks also goes to Terry Manderson for assistance obtaining a LISP
   AFI value from IANA.

Appendix B.  Document Change Log

   [RFC Editor: Please delete this section on publication as RFC.]

B.1.  Changes to draft-ietf-lisp-lcaf-19.txt

   o  Submitted October 2016.

   o  Make it more clear that any use-case documents that use the Geo-
      Coordinates LCAF type should discuss RFC6280 compliance.

B.2.  Changes to draft-ietf-lisp-lcaf-18.txt

   o  Submitted October 2016 after October 13th telechat.

   o  Addressed comments from Ben Campbell, Jari Arrko, Stephen Farrel,
      Peter Yee, Dale Worley, Mirja Kuehlewind, and Suresh Krishnan.

B.3.  Changes to draft-ietf-lisp-lcaf-17.txt

   o  Submitted October 2016.

   o  Addressed comments from Gen-ART reviewer Peter Yee.

   o  Addressed IESG last-call comments from Suresh Krishnan.

B.4.  Changes to draft-ietf-lisp-lcaf-16.txt

   o  Submitted October 2016.

   o  Addressed comments from Security Directorate reviewer David
      Mandelberg.

B.5.  Changes to draft-ietf-lisp-lcaf-15.txt

   o  Submitted September 2016.

   o  Addressed comments from Routing Directorate reviewer Stig Venass.







Farinacci, et al.        Expires April 21, 2017                [Page 40]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


B.6.  Changes to draft-ietf-lisp-lcaf-14.txt

   o  Submitted July 2016.

   o  Fix IDnits errors and comments from Luigi Iannone, document
      shepherd.

B.7.  Changes to draft-ietf-lisp-lcaf-13.txt

   o  Submitted May 2016.

   o  Explain the Instance-ID LCAF Type is 32-bits in length and the
      Instance-ID field in the LISP encapsulation header is 24-bits.

B.8.  Changes to draft-ietf-lisp-lcaf-12.txt

   o  Submitted March 2016.

   o  Updated references and document timer.

   o  Removed the R, J, and L bits from the Multicast Info Type LCAF
      since working group decided to not go forward with draft-
      farinacci-lisp-mr-signaling-03.txt in favor of draft- ietf-lisp-
      signal-free-00.txt.

B.9.  Changes to draft-ietf-lisp-lcaf-11.txt

   o  Submitted September 2015.

   o  Reflecting comments from Prague LISP working group.

   o  Readying document for a LISP LCAF registry, RFC publication, and
      for new use cases that will be defined in the new charter.

B.10.  Changes to draft-ietf-lisp-lcaf-10.txt

   o  Submitted June 2015.

   o  Fix coauthor Job's contact information.

B.11.  Changes to draft-ietf-lisp-lcaf-09.txt

   o  Submitted June 2015.

   o  Fix IANA Considerations section to request a registry to allocate
      and track LCAF Type values.





Farinacci, et al.        Expires April 21, 2017                [Page 41]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


B.12.  Changes to draft-ietf-lisp-lcaf-08.txt

   o  Submitted April 2015.

   o  Comment from Florin.  The Application Data Type length field has a
      typo.  The field should be labeled "12 + n" and not "8 + n".

   o  Fix length fields in the sections titled "Using Recursive LISP
      Canonical Address Encodings", "Generic Database Mapping Lookups",
      and "Data Model Encoding".

B.13.  Changes to draft-ietf-lisp-lcaf-07.txt

   o  Submitted December 2014.

   o  Add a new LCAF Type called "Encapsulation Format" so decapsulating
      xTRs can inform encapsulating xTRs what data-plane encapsulations
      they support.

B.14.  Changes to draft-ietf-lisp-lcaf-06.txt

   o  Submitted October 2014.

   o  Make it clear how sorted RLOC records are done when LCAFs are used
      as the RLOC record.

B.15.  Changes to draft-ietf-lisp-lcaf-05.txt

   o  Submitted May 2014.

   o  Add a length field of the JSON payload that can be used for either
      binary or text encoding of JSON data.

B.16.  Changes to draft-ietf-lisp-lcaf-04.txt

   o  Submitted January 2014.

   o  Agreement among ELP implementors to have the AFI 16-bit field
      adjacent to the address.  This will make the encoding consistent
      with all other LCAF type address encodings.

B.17.  Changes to draft-ietf-lisp-lcaf-03.txt

   o  Submitted September 2013.

   o  Updated references and author's affilations.





Farinacci, et al.        Expires April 21, 2017                [Page 42]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   o  Added Instance-ID to the Multicast Info Type so there is relative
      ease in parsing (S,G) entries within a VPN.

   o  Add port range encodings to the Application Data LCAF Type.

   o  Add a new JSON LCAF Type.

   o  Add Address Key/Value LCAF Type to allow attributes to be attached
      to an address.

B.18.  Changes to draft-ietf-lisp-lcaf-02.txt

   o  Submitted March 2013.

   o  Added new LCAF Type "Replication List Entry" to support LISP
      replication engineering use cases.

   o  Changed references to new LISP RFCs.

B.19.  Changes to draft-ietf-lisp-lcaf-01.txt

   o  Submitted January 2013.

   o  Change longitude range from 0-90 to 0-180 in section 4.4.

   o  Added reference to WGS-84 in section 4.4.

B.20.  Changes to draft-ietf-lisp-lcaf-00.txt

   o  Posted first working group draft August 2012.

   o  This draft was renamed from draft-farinacci-lisp-lcaf-10.txt.

Authors' Addresses

   Dino Farinacci
   lispers.net
   San Jose, CA
   USA

   Email: farinacci@gmail.com










Farinacci, et al.        Expires April 21, 2017                [Page 43]
=0C
Internet-Draft    LISP Canonical Address Format (LCAF)      October 2016


   Dave Meyer
   Brocade
   San Jose, CA
   USA

   Email: dmm@1-4-5.net


   Job Snijders
   NTT Communications
   Theodorus Majofskistraat 100
   Amsterdam  1065 SZ
   NL

   Email: job@ntt.net




































Farinacci, et al.        Expires April 21, 2017                [Page 44]

--Apple-Mail=_AF0C105C-8933-4952-97F0-1E87BB9BA5C9
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

 
--Apple-Mail=_AF0C105C-8933-4952-97F0-1E87BB9BA5C9
Content-Disposition: attachment;
	filename=rfcdiff-lcaf.html
Content-Type: text/html;
	x-unix-mode=0644;
	name="rfcdiff-lcaf.html"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" =
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- saved from url=3D(0030)https://tools.ietf.org/rfcdiff -->
<html xmlns=3D"http://www.w3.org/1999/xhtml"><head><meta =
http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8">=20
  =20
  <meta http-equiv=3D"Content-Style-Type" content=3D"text/css">=20
  <title>Diff: draft-ietf-lisp-lcaf-17.txt - =
draft-ietf-lisp-lcaf-19.txt</title>=20
  <style type=3D"text/css">=20
    body    { margin: 0.4ex; margin-right: auto; }=20
    tr      { }=20
    td      { white-space: pre; font-family: monospace; vertical-align: =
top; font-size: 0.86em;}=20
    th      { font-size: 0.86em; }=20
    .small  { font-size: 0.6em; font-style: italic; font-family: =
Verdana, Helvetica, sans-serif; }=20
    .left   { background-color: #EEE; }=20
    .right  { background-color: #FFF; }=20
    .diff   { background-color: #CCF; }=20
    .lblock { background-color: #BFB; }=20
    .rblock { background-color: #FF8; }=20
    .insert { background-color: #8FF; }=20
    .delete { background-color: #ACF; }=20
    .void   { background-color: #FFB; }=20
    .cont   { background-color: #EEE; }=20
    .linebr { background-color: #AAA; }=20
    .lineno { color: red; background-color: #FFF; font-size: 0.7em; =
text-align: right; padding: 0 2px; }=20
    .elipsis{ background-color: #AAA; }=20
    .left .cont { background-color: #DDD; }=20
    .right .cont { background-color: #EEE; }=20
    .lblock .cont { background-color: #9D9; }=20
    .rblock .cont { background-color: #DD6; }=20
    .insert .cont { background-color: #0DD; }=20
    .delete .cont { background-color: #8AD; }=20
    .stats, .stats td, .stats th { background-color: #EEE; padding: 2px =
0; }=20
    span.hide { display: none; color: #aaa;}    a:hover span { display: =
inline; }    tr.change { background-color: gray; }=20
    tr.change a { text-decoration: none; color: black }=20
  </style>=20
     <script>
var chunk_index =3D 0;
var old_chunk =3D null;

function format_chunk(index) {
    var prefix =3D "diff";
    var str =3D index.toString();
    for (x=3D0; x<(4-str.length); ++x) {
        prefix+=3D'0';
    }
    return prefix + str;
}

function find_chunk(n){
    return document.querySelector('tr[id$=3D"' + n + '"]');
}

function change_chunk(offset) {
    var index =3D chunk_index + offset;
    var new_str;
    var new_chunk;

    new_str =3D format_chunk(index);
    new_chunk =3D find_chunk(new_str);
    if (!new_chunk) {
        return;
    }
    if (old_chunk) {
        old_chunk.style.outline =3D "";
    }
    old_chunk =3D new_chunk;
    old_chunk.style.outline =3D "1px solid red";
    window.location.hash =3D "#" + new_str;
    window.scrollBy(0,-100);
    chunk_index =3D index;
}

document.onkeydown =3D function(e) {
    switch (e.keyCode) {
    case 78:
        change_chunk(1);
        break;
    case 80:
        change_chunk(-1);
        break;
    }
};
   </script>=20
</head>=20
<body>=20
  <table border=3D"0" cellpadding=3D"0" cellspacing=3D"0">=20
  <tbody><tr id=3D"part-1" bgcolor=3D"orange"><th></th><th><a =
href=3D"https://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-lisp-lcaf-17.txt"=
 style=3D"color:#008; text-decoration:none;">&lt;</a>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-ietf-lisp-lcaf-17.txt" =
style=3D"color:#008">draft-ietf-lisp-lcaf-17.txt</a>&nbsp;</th><th> =
</th><th>&nbsp;<a =
href=3D"https://tools.ietf.org/html/draft-ietf-lisp-lcaf-19.txt" =
style=3D"color:#008">draft-ietf-lisp-lcaf-19.txt</a>&nbsp;<a =
href=3D"https://tools.ietf.org/rfcdiff?url1=3Ddraft-ietf-lisp-lcaf-19.txt"=
 style=3D"color:#008; text-decoration:none;">&gt;</a></th><th></th></tr>=20=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Network Working =
Group                                       D. Farinacci</td><td> =
</td><td class=3D"right">Network Working Group                           =
            D. Farinacci</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Internet-Draft    =
                                           lispers.net</td><td> </td><td =
class=3D"right">Internet-Draft                                           =
    lispers.net</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Intended status: =
Experimental                                   D. Meyer</td><td> =
</td><td class=3D"right">Intended status: Experimental                   =
                D. Meyer</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0001"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">Expires: April =
<span class=3D"delete">15</span>, 2017                                   =
       Brocade</td><td> </td><td class=3D"rblock">Expires: April <span =
class=3D"insert">21</span>, 2017                                         =
 Brocade</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
                                           J. Snijders</td><td> </td><td =
class=3D"right">                                                         =
    J. Snijders</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
                                    NTT Communications</td><td> </td><td =
class=3D"right">                                                      =
NTT Communications</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0002"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                        October 1<span =
class=3D"delete">2</span>, 2016</td><td> </td><td class=3D"rblock">      =
                                                  October 1<span =
class=3D"insert">8</span>, 2016</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
LISP Canonical Address Format (LCAF)</td><td> </td><td class=3D"right">  =
                LISP Canonical Address Format (LCAF)</td><td =
class=3D"lineno"></td></tr>
      <tr id=3D"diff0003"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
        draft-ietf-lisp-lcaf-1<span class=3D"delete">7</span></td><td> =
</td><td class=3D"rblock">                        =
draft-ietf-lisp-lcaf-1<span class=3D"insert">9</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Abstract</td><td> =
</td><td class=3D"right">Abstract</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This draft =
defines a canonical address format encoding used in LISP</td><td> =
</td><td class=3D"right">   This draft defines a canonical address =
format encoding used in LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   control =
messages and in the encoding of lookup keys for the LISP</td><td> =
</td><td class=3D"right">   control messages and in the encoding of =
lookup keys for the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Mapping =
Database System.</td><td> </td><td class=3D"right">   Mapping Database =
System.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Requirements =
Language</td><td> </td><td class=3D"right">Requirements Language</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The key words =
"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td> </td><td =
class=3D"right">   The key words "MUST", "MUST NOT", "REQUIRED", =
"SHALL", "SHALL NOT",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-2" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> =
page 1, line 41<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-2"><em> page 1, line 41<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are working documents of the Internet =
Engineering</td><td> </td><td class=3D"right">   Internet-Drafts are =
working documents of the Internet Engineering</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Task Force =
(IETF).  Note that other groups may also distribute</td><td> </td><td =
class=3D"right">   Task Force (IETF).  Note that other groups may also =
distribute</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   working =
documents as Internet-Drafts.  The list of current Internet-</td><td> =
</td><td class=3D"right">   working documents as Internet-Drafts.  The =
list of current Internet-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td> </td><td =
class=3D"right">   Drafts is at =
http://datatracker.ietf.org/drafts/current/.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Internet-Drafts are draft documents valid for a maximum of six =
months</td><td> </td><td class=3D"right">   Internet-Drafts are draft =
documents valid for a maximum of six months</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   and may be =
updated, replaced, or obsoleted by other documents at any</td><td> =
</td><td class=3D"right">   and may be updated, replaced, or obsoleted =
by other documents at any</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   time.  It is =
inappropriate to use Internet-Drafts as reference</td><td> </td><td =
class=3D"right">   time.  It is inappropriate to use Internet-Drafts as =
reference</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   material or to =
cite them other than as "work in progress."</td><td> </td><td =
class=3D"right">   material or to cite them other than as "work in =
progress."</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0004"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   This =
Internet-Draft will expire on April <span class=3D"delete">15</span>, =
2017.</td><td> </td><td class=3D"rblock">   This Internet-Draft will =
expire on April <span class=3D"insert">21</span>, 2017.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Copyright =
Notice</td><td> </td><td class=3D"right">Copyright Notice</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Copyright (c) =
2016 IETF Trust and the persons identified as the</td><td> </td><td =
class=3D"right">   Copyright (c) 2016 IETF Trust and the persons =
identified as the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   document =
authors.  All rights reserved.</td><td> </td><td class=3D"right">   =
document authors.  All rights reserved.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td =
class=3D"right">   This document is subject to BCP 78 and the IETF =
Trust's Legal</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Provisions =
Relating to IETF Documents</td><td> </td><td class=3D"right">   =
Provisions Relating to IETF Documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
(http://trustee.ietf.org/license-info) in effect on the date of</td><td> =
</td><td class=3D"right">   (http://trustee.ietf.org/license-info) in =
effect on the date of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   publication of =
this document.  Please review these documents</td><td> </td><td =
class=3D"right">   publication of this document.  Please review these =
documents</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-3" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> =
page 2, line 40<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-3"><em> page 2, line 40<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       4.10.3.  =
ASCII Names in the Mapping Database  . . . . . . . .  24</td><td> =
</td><td class=3D"right">       4.10.3.  ASCII Names in the Mapping =
Database  . . . . . . . .  24</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       4.10.4.  =
Using Recursive LISP Canonical Address Encodings . .  25</td><td> =
</td><td class=3D"right">       4.10.4.  Using Recursive LISP Canonical =
Address Encodings . .  25</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">       4.10.5.  =
Compatibility Mode Use Case  . . . . . . . . . . . .  26</td><td> =
</td><td class=3D"right">       4.10.5.  Compatibility Mode Use Case  . =
. . . . . . . . . . .  26</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   5.  =
Experimental LISP Canonical Address Applications  . . . . . .  =
27</td><td> </td><td class=3D"right">   5.  Experimental LISP Canonical =
Address Applications  . . . . . .  27</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.1.  Convey =
Application Specific Data  . . . . . . . . . . . .  27</td><td> </td><td =
class=3D"right">     5.1.  Convey Application Specific Data  . . . . . . =
. . . . . .  27</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.2.  =
Generic Database Mapping Lookups  . . . . . . . . . . . .  29</td><td> =
</td><td class=3D"right">     5.2.  Generic Database Mapping Lookups  . =
. . . . . . . . . . .  29</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.3.  PETR =
Admission Control Functionality  . . . . . . . . . .  30</td><td> =
</td><td class=3D"right">     5.3.  PETR Admission Control Functionality =
 . . . . . . . . . .  30</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.4.  Data =
Model Encoding . . . . . . . . . . . . . . . . . . .  31</td><td> =
</td><td class=3D"right">     5.4.  Data Model Encoding . . . . . . . . =
. . . . . . . . . . .  31</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.5.  =
Encoding Key/Value Address Pairs  . . . . . . . . . . . .  32</td><td> =
</td><td class=3D"right">     5.5.  Encoding Key/Value Address Pairs  . =
. . . . . . . . . . .  32</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     5.6.  =
Multiple Data-Planes  . . . . . . . . . . . . . . . . . .  33</td><td> =
</td><td class=3D"right">     5.6.  Multiple Data-Planes  . . . . . . . =
. . . . . . . . . . .  33</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0005"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   6.  Security =
Considerations . . . . . . . . . . . . . . . . . . .  3<span =
class=3D"delete">6</span></td><td> </td><td class=3D"rblock">   6.  =
Security Considerations . . . . . . . . . . . . . . . . . . .  3<span =
class=3D"insert">5</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   7.  IANA =
Considerations . . . . . . . . . . . . . . . . . . . . .  36</td><td> =
</td><td class=3D"right">   7.  IANA Considerations . . . . . . . . . . =
. . . . . . . . . . .  36</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0006"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   8.  =
References  . . . . . . . . . . . . . . . . . . . . . . . . .  <span =
class=3D"delete">37</span></td><td> </td><td class=3D"rblock">   8.  =
References  . . . . . . . . . . . . . . . . . . . . . . . . .  <span =
class=3D"insert">36</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     8.1.  =
Normative References  . . . . . . . . . . . . . . . . . .  <span =
class=3D"delete">37</span></td><td> </td><td class=3D"rblock">     8.1.  =
Normative References  . . . . . . . . . . . . . . . . . .  <span =
class=3D"insert">36</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     8.2.  =
Informative References  . . . . . . . . . . . . . . . . .  38</td><td> =
</td><td class=3D"right">     8.2.  Informative References  . . . . . . =
. . . . . . . . . . .  38</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix A.  =
Acknowledgments  . . . . . . . . . . . . . . . . . .  39</td><td> =
</td><td class=3D"right">   Appendix A.  Acknowledgments  . . . . . . . =
. . . . . . . . . . .  39</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Appendix B.  =
Document Change Log  . . . . . . . . . . . . . . . .  40</td><td> =
</td><td class=3D"right">   Appendix B.  Document Change Log  . . . . . =
. . . . . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0007"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.1.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-17.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.1.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-19.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.2.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-16.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.2.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-18.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.3.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-15.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.3.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-17.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.4.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-14.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.4.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-16.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.5.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-13.txt</span>  . =
. . . . . . . .  40</td><td> </td><td class=3D"rblock">     B.5.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-15.txt</span>  . =
. . . . . . . .  40</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.6.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-12.txt</span>  . =
. . . . . . . .  <span class=3D"delete">40</span></td><td> </td><td =
class=3D"rblock">     B.6.  Changes to <span =
class=3D"insert">draft-ietf-lisp-lcaf-14.txt</span>  . . . . . . . . .  =
<span class=3D"insert">41</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.7.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-11.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.7.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-13.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.8.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-10.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.8.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-12.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.9.  =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-09.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.9.  =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-11.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.10. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-08.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.10. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-10.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.11. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-07.txt</span>  . =
. . . . . . . .  41</td><td> </td><td class=3D"rblock">     B.11. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-09.txt</span>  . =
. . . . . . . .  41</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.12. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-06.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.12. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-08.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.13. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-05.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.13. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-07.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.14. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-04.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.14. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-06.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.15. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-03.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.15. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-05.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.16. =
Changes to <span class=3D"delete">draft-ietf-lisp-lcaf-02.txt</span>  . =
. . . . . . . .  42</td><td> </td><td class=3D"rblock">     B.16. =
Changes to <span class=3D"insert">draft-ietf-lisp-lcaf-04.txt</span>  . =
. . . . . . . .  42</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     B.17. =
Changes to draft-ietf-lisp-lcaf-01.txt  . . . . . . . . .  43</td><td> =
</td><td class=3D"rblock">     B.17. Changes to <span =
class=3D"insert">draft-ietf-lisp-lcaf-03.txt  . . . . . . . . .  =
42</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">     <span =
class=3D"delete">B.18.</span> Changes to draft-ietf-lisp-lcaf-00.txt  . =
. . . . . . . .  43</td><td> </td><td class=3D"rblock"><span =
class=3D"insert">     B.18. Changes to draft-ietf-lisp-lcaf-02.txt  . . =
. . . . . . .  43</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">     B.19. Changes =
to</span> draft-ietf-lisp-lcaf-01.txt  . . . . . . . . .  43</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">     <span class=3D"insert">B.20.</span> =
Changes to draft-ietf-lisp-lcaf-00.txt  . . . . . . . . .  43</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Authors' =
Addresses  . . . . . . . . . . . . . . . . . . . . . . .  43</td><td> =
</td><td class=3D"right">   Authors' Addresses  . . . . . . . . . . . . =
. . . . . . . . . . .  43</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">1.  =
Introduction</td><td> </td><td class=3D"right">1.  Introduction</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The LISP =
architecture and protocols [RFC6830] introduces two new</td><td> =
</td><td class=3D"right">   The LISP architecture and protocols =
[RFC6830] introduces two new</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   numbering =
spaces, Endpoint Identifiers (EIDs) and Routing Locators</td><td> =
</td><td class=3D"right">   numbering spaces, Endpoint Identifiers =
(EIDs) and Routing Locators</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   (RLOCs).  To =
provide flexibility for current and future applications,</td><td> =
</td><td class=3D"right">   (RLOCs).  To provide flexibility for current =
and future applications,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   these values =
can be encoded in LISP control messages using a general</td><td> =
</td><td class=3D"right">   these values can be encoded in LISP control =
messages using a general</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   syntax that =
includes Address Family Identifier (AFI), length, and</td><td> </td><td =
class=3D"right">   syntax that includes Address Family Identifier (AFI), =
length, and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   value =
fields.</td><td> </td><td class=3D"right">   value fields.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-4" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-4"><em> =
page 4, line 38<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-4"><em> page 4, line 38<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      encoding in =
a packet.  Address families are defined for IPv4 and</td><td> </td><td =
class=3D"right">      encoding in a packet.  Address families are =
defined for IPv4 and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      IPv6.  See =
[AFI] and [RFC3232] for details.  The reserved AFI</td><td> </td><td =
class=3D"right">      IPv6.  See [AFI] and [RFC3232] for details.  The =
reserved AFI</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      value of 0 =
is used in this specification to indicate an</td><td> </td><td =
class=3D"right">      value of 0 is used in this specification to =
indicate an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      unspecified =
encoded address where the length of the address is 0</td><td> </td><td =
class=3D"right">      unspecified encoded address where the length of =
the address is 0</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      bytes =
following the 16-bit AFI value of 0.</td><td> </td><td class=3D"right">  =
    bytes following the 16-bit AFI value of 0.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Unspecified =
Address Format:</td><td> </td><td class=3D"right">   Unspecified Address =
Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0008"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+=
-+-+-+-+</span></td><td> </td><td class=3D"rblock">   <span =
class=3D"insert">+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   |            =
AFI =3D 0            |    <span class=3D"delete">&lt;nothing follows =
AFI=3D0&gt;    |</span></td><td> </td><td class=3D"rblock">   |          =
  AFI =3D 0            |      <span class=3D"insert">&lt;no address =
follows&gt;</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></=
td><td> </td><td class=3D"rblock"><span class=3D"insert">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Endpoint ID =
(EID):   a 32-bit (for IPv4) or 128-bit (for IPv6) value</td><td> =
</td><td class=3D"right">   Endpoint ID (EID):   a 32-bit (for IPv4) or =
128-bit (for IPv6) value</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      used in the =
source and destination address fields of the first</td><td> </td><td =
class=3D"right">      used in the source and destination address fields =
of the first</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      (most =
inner) LISP header of a packet.  The host obtains a</td><td> </td><td =
class=3D"right">      (most inner) LISP header of a packet.  The host =
obtains a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      destination =
EID the same way it obtains a destination address</td><td> </td><td =
class=3D"right">      destination EID the same way it obtains a =
destination address</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      today, for =
example through a DNS lookup or SIP exchange.  The</td><td> </td><td =
class=3D"right">      today, for example through a DNS lookup or SIP =
exchange.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      source EID =
is obtained via existing mechanisms used to set a</td><td> </td><td =
class=3D"right">      source EID is obtained via existing mechanisms =
used to set a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      host's =
"local" IP address.  An EID is allocated to a host from an</td><td> =
</td><td class=3D"right">      host's "local" IP address.  An EID is =
allocated to a host from an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      EID-prefix =
block associated with the site where the host is</td><td> </td><td =
class=3D"right">      EID-prefix block associated with the site where =
the host is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      located.  =
An EID can be used by a host to refer to other hosts.</td><td> </td><td =
class=3D"right">      located.  An EID can be used by a host to refer to =
other hosts.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-5" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-5"><em> =
page 5, line 45<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-5"><em> page 5, line 45<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |    Type      =
 |     Rsvd2     |            Length             |</td><td> </td><td =
class=3D"right">   |    Type       |     Rsvd2     |            Length   =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
               . . .                             |</td><td> </td><td =
class=3D"right">   |                             . . .                   =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0009"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd1:  this</span> 8-bit <span class=3D"delete">field =
is</span> reserved for future use and MUST be</td><td> </td><td =
class=3D"rblock">   <span class=3D"insert">Rsvd1/Rsvd2:  these</span> =
8-bit <span class=3D"insert">fields are</span> reserved for future use =
and MUST</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      =
transmitted as 0 and ignored on receipt.</td><td> </td><td =
class=3D"rblock">      be transmitted as 0 and ignored on =
receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Flags:  this =
8-bit field is for future definition and use.  For now,</td><td> =
</td><td class=3D"right">   Flags:  this 8-bit field is for future =
definition and use.  For now,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      set to zero =
on transmission and ignored on receipt.</td><td> </td><td class=3D"right">=
      set to zero on transmission and ignored on receipt.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Type:  this =
8-bit field is specific to the LISP Canonical Address</td><td> </td><td =
class=3D"right">   Type:  this 8-bit field is specific to the LISP =
Canonical Address</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0010"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      formatted =
encodings<span class=3D"delete">, c</span>urrently allocated values =
are:</td><td> </td><td class=3D"rblock">      formatted encodings<span =
class=3D"insert">.  C</span>urrently allocated values are:</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 0:  =
Null Body Type</td><td> </td><td class=3D"right">     Type 0:  Null Body =
Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 1:  AFI =
List Type</td><td> </td><td class=3D"right">     Type 1:  AFI List =
Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 2:  =
Instance ID Type</td><td> </td><td class=3D"right">     Type 2:  =
Instance ID Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 3:  AS =
Number Type</td><td> </td><td class=3D"right">     Type 3:  AS Number =
Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 4:  =
Application Data Type</td><td> </td><td class=3D"right">     Type 4:  =
Application Data Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-6" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-6"><em> =
page 6, line 39<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-6"><em> page 6, line 39<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 12:  =
Source/Dest Key Type</td><td> </td><td class=3D"right">     Type 12:  =
Source/Dest Key Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 13:  =
Replication List Entry Type</td><td> </td><td class=3D"right">     Type =
13:  Replication List Entry Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 14:  =
JSON Data Model Type</td><td> </td><td class=3D"right">     Type 14:  =
JSON Data Model Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 15:  =
Key/Value Address Pair Type</td><td> </td><td class=3D"right">     Type =
15:  Key/Value Address Pair Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">     Type 16:  =
Encapsulation Format Type</td><td> </td><td class=3D"right">     Type =
16:  Encapsulation Format Type</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0011"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd2:  this LCAF Type-dependent 8-bit field is =
reserved for future</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">      use and MUST be transmitted as 0 and ignored on =
receipt.  See</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">      specific LCAF Type for specific bits not =
reserved.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  this =
16-bit field is in units of bytes and covers all of the</td><td> =
</td><td class=3D"right">   Length:  this 16-bit field is in units of =
bytes and covers all of the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      LISP =
Canonical Address payload, starting and including the byte</td><td> =
</td><td class=3D"right">      LISP Canonical Address payload, starting =
and including the byte</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      after the =
Length field.  When including the AFI, an LCAF encoded</td><td> </td><td =
class=3D"right">      after the Length field.  When including the AFI, =
an LCAF encoded</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      address =
will have a minimum length of 8 bytes when the Length</td><td> </td><td =
class=3D"right">      address will have a minimum length of 8 bytes when =
the Length</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0012"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      field is =
0.  The 8 bytes include the AFI, Flags, Type, <span =
class=3D"delete">Reserved,</span></td><td> </td><td class=3D"rblock">    =
  field is 0.  The 8 bytes include the AFI, Flags, Type, <span =
class=3D"insert">Rsvd1,</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      and =
Length fields.  When the AFI is not next to an encoded address</td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      Rsvd2,</span> and =
Length fields.  When the AFI is not next to an encoded</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      in a =
control message, then the encoded address will have a minimum</td><td> =
</td><td class=3D"rblock">      address in a control message, then the =
encoded address will have a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      length of =
6 bytes when the Length field is 0.  The 6 bytes include</td><td> =
</td><td class=3D"rblock">      minimum length of 6 bytes when the =
Length field is 0.  The 6 bytes</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      the =
Flags, Type, <span class=3D"delete">Reserved,</span> and Length =
fields.</td><td> </td><td class=3D"rblock">      include the Flags, =
Type, <span class=3D"insert">Rsvd1, Rsvd2,</span> and Length =
fields.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC6830] =
states RLOC records are sorted when encoded in control</td><td> </td><td =
class=3D"right">   [RFC6830] states RLOC records are sorted when encoded =
in control</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   messages so =
the locator-set has consistent order across all xTRs for</td><td> =
</td><td class=3D"right">   messages so the locator-set has consistent =
order across all xTRs for</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   a given EID.  =
The sort order is based on sort-key {afi, RLOC-</td><td> </td><td =
class=3D"right">   a given EID.  The sort order is based on sort-key =
{afi, RLOC-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   address}. When =
an RLOC is LCAF encoded, the sort-key is {afi, LCAF-</td><td> </td><td =
class=3D"right">   address}. When an RLOC is LCAF encoded, the sort-key =
is {afi, LCAF-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Type}. =
Therefore, when a locator-set has a mix of AFI records and</td><td> =
</td><td class=3D"right">   Type}. Therefore, when a locator-set has a =
mix of AFI records and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LCAF records, =
they are ordered from smallest to largest AFI value.</td><td> </td><td =
class=3D"right">   LCAF records, they are ordered from smallest to =
largest AFI value.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.  LISP =
Canonical Address Applications</td><td> </td><td class=3D"right">4.  =
LISP Canonical Address Applications</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-7" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-7"><em> =
page 8, line 47<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-7"><em> page 8, line 43<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      limiting =
the maximum number of instances per xTR to 2^24.  If an</td><td> =
</td><td class=3D"right">      limiting the maximum number of instances =
per xTR to 2^24.  If an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      xTR is =
configured with multiple instance-IDs where the value in</td><td> =
</td><td class=3D"right">      xTR is configured with multiple =
instance-IDs where the value in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      the =
high-order 8 bits are the same, then the low-order 24 bits</td><td> =
</td><td class=3D"right">      the high-order 8 bits are the same, then =
the low-order 24 bits</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      MUST be =
unique.</td><td> </td><td class=3D"right">      MUST be unique.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].</td><td> </td><td class=3D"right">   =
AFI =3D x:  x can be any AFI value from [AFI].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This LISP =
Canonical Address Type can be used to encode either EID or</td><td> =
</td><td class=3D"right">   This LISP Canonical Address Type can be used =
to encode either EID or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RLOC =
addresses.</td><td> </td><td class=3D"right">   RLOC addresses.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0013"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Usage: When =
used as a lookup key, the EID is regarded as a extended-</td><td> =
</td><td class=3D"rblock">   Usage: When used as a lookup key, the EID =
is regarded as a<span class=3D"insert">n</span> extended-</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   EID in the =
mapping system.  This encoding is used in EID records in</td><td> =
</td><td class=3D"right">   EID in the mapping system.  This encoding is =
used in EID records in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Map-Requests, =
Map-Replies, Map-Registers, and Map-Notify messages.</td><td> </td><td =
class=3D"right">   Map-Requests, Map-Replies, Map-Registers, and =
Map-Notify messages.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When LISP-DDT =
[I-D.ietf-lisp-ddt] is used as the mapping system</td><td> </td><td =
class=3D"right">   When LISP-DDT [I-D.ietf-lisp-ddt] is used as the =
mapping system</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   mechanism, =
extended EIDs are used in Map-Referral messages.</td><td> </td><td =
class=3D"right">   mechanism, extended EIDs are used in Map-Referral =
messages.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.2.  Carrying AS =
Numbers in the Mapping Database</td><td> </td><td class=3D"right">4.2.  =
Carrying AS Numbers in the Mapping Database</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When an AS =
number is stored in the LISP Mapping Database System for</td><td> =
</td><td class=3D"right">   When an AS number is stored in the LISP =
Mapping Database System for</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   either policy =
or documentation reasons, it can be encoded in a LISP</td><td> </td><td =
class=3D"right">   either policy or documentation reasons, it can be =
encoded in a LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Canonical =
Address.</td><td> </td><td class=3D"right">   Canonical Address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-8" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-8"><em> =
page 9, line 29<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-8"><em> page 9, line 29<span =
class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
             AS Number                           |</td><td> </td><td =
class=3D"right">   |                           AS Number                 =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |         Address  ...          |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |         Address  =
...          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AS Number:  =
the 32-bit AS number of the autonomous system that has</td><td> </td><td =
class=3D"right">   AS Number:  the 32-bit AS number of the autonomous =
system that has</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0014"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      been =
assigned either the EID or RLOC that follows.</td><td> </td><td =
class=3D"rblock">      been assigned <span class=3D"insert">to =
</span>either the EID or RLOC that follows.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].</td><td> </td><td class=3D"right">   =
AFI =3D x:  x can be any AFI value from [AFI].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The AS Number =
Canonical Address Type can be used to encode either EID</td><td> =
</td><td class=3D"right">   The AS Number Canonical Address Type can be =
used to encode either EID</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   or RLOC =
addresses.  The former is used to describe the LISP-ALT AS</td><td> =
</td><td class=3D"right">   or RLOC addresses.  The former is used to =
describe the LISP-ALT AS</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   number the =
EID-prefix for the site is being carried for.  The latter</td><td> =
</td><td class=3D"right">   number the EID-prefix for the site is being =
carried for.  The latter</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   is used to =
describe the AS that is carrying RLOC based prefixes in</td><td> =
</td><td class=3D"right">   is used to describe the AS that is carrying =
RLOC based prefixes in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   the underlying =
routing system.</td><td> </td><td class=3D"right">   the underlying =
routing system.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID or RLOC records in Map-</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in EID or RLOC =
records in Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-9" class=3D"change"><td></td><th><small>skipping to =
change at</small><a href=3D"https://tools.ietf.org/rfcdiff#part-9"><em> =
page 13, line 15<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-9"><em> page 13, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Private ETR =
RLOC Address:  this is an address known to be a private</td><td> =
</td><td class=3D"right">   Private ETR RLOC Address:  this is an =
address known to be a private</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      address =
inserted in this LCAF by a LISP router that resides on the</td><td> =
</td><td class=3D"right">      address inserted in this LCAF by a LISP =
router that resides on the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      private =
side of a NAT device.</td><td> </td><td class=3D"right">      private =
side of a NAT device.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RTR RLOC =
Address:  this is an encapsulation address used by an ITR or</td><td> =
</td><td class=3D"right">   RTR RLOC Address:  this is an encapsulation =
address used by an ITR or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      PITR which =
resides behind a NAT device.  This address is known to</td><td> </td><td =
class=3D"right">      PITR which resides behind a NAT device.  This =
address is known to</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      have state =
in a NAT device so packets can flow from it to the LISP</td><td> =
</td><td class=3D"right">      have state in a NAT device so packets can =
flow from it to the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      ETR behind =
the NAT.  There can be one or more NAT Reencapsulating</td><td> </td><td =
class=3D"right">      ETR behind the NAT.  There can be one or more NAT =
Reencapsulating</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Tunnel =
Router (RTR) [I-D.ermagan-lisp-nat-traversal] addresses</td><td> =
</td><td class=3D"right">      Tunnel Router (RTR) =
[I-D.ermagan-lisp-nat-traversal] addresses</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      supplied in =
these set of fields.  The number of RTRs encoded is</td><td> </td><td =
class=3D"right">      supplied in these set of fields.  The number of =
RTRs encoded is</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0015"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      =
determined by <span class=3D"delete">the LCAF lengt</span>h field.  When =
there are no RTRs</td><td> </td><td class=3D"rblock">      determined by =
<span class=3D"insert">parsing eac</span>h field.  When there are no =
RTRs</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      supplied, =
the RTR fields can be omitted and reflected by the LCAF</td><td> =
</td><td class=3D"right">      supplied, the RTR fields can be omitted =
and reflected by the LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      length =
field or an AFI of 0 can be used to indicate zero RTRs</td><td> </td><td =
class=3D"right">      length field or an AFI of 0 can be used to =
indicate zero RTRs</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
encoded.</td><td> </td><td class=3D"right">      encoded.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in Info-Request and Info-Reply</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in Info-Request and =
Info-Reply</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   messages.  The =
mapping system does not store this information.  The</td><td> </td><td =
class=3D"right">   messages.  The mapping system does not store this =
information.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   information is =
used by an xTR and Map-Server to convey private and</td><td> </td><td =
class=3D"right">   information is used by an xTR and Map-Server to =
convey private and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   public address =
information when traversing NAT and firewall devices.</td><td> </td><td =
class=3D"right">   public address information when traversing NAT and =
firewall devices.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.5.  Multicast =
Group Membership Information</td><td> </td><td class=3D"right">4.5.  =
Multicast Group Membership Information</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-10" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-10"><em> page 14, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-10"><em> page 14, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RLOC group =
addresses or RLOC unicast addresses.  The intent of this</td><td> =
</td><td class=3D"right">   RLOC group addresses or RLOC unicast =
addresses.  The intent of this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   type of =
unicast replication is to deliver packets to multiple ETRs at</td><td> =
</td><td class=3D"right">   type of unicast replication is to deliver =
packets to multiple ETRs at</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   receiver LISP =
multicast sites.  The locator-set encoding for this EID</td><td> =
</td><td class=3D"right">   receiver LISP multicast sites.  The =
locator-set encoding for this EID</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   record type =
can be a list of ETRs when they each register with "Merge</td><td> =
</td><td class=3D"right">   record type can be a list of ETRs when they =
each register with "Merge</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Semantics".  =
The encoding can be a typical AFI-encoded locator</td><td> </td><td =
class=3D"right">   Semantics".  The encoding can be a typical =
AFI-encoded locator</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   address.  When =
an RTR list is being registered (with multiple levels</td><td> </td><td =
class=3D"right">   address.  When an RTR list is being registered (with =
multiple levels</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   according to =
[I-D.coras-lisp-re]), the Replication List Entry LCAF</td><td> </td><td =
class=3D"right">   according to [I-D.coras-lisp-re]), the Replication =
List Entry LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   type is used =
for locator encoding.</td><td> </td><td class=3D"right">   type is used =
for locator encoding.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This LCAF =
encoding can be used to send broadcast packets to all</td><td> </td><td =
class=3D"right">   This LCAF encoding can be used to send broadcast =
packets to all</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0016"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   members of a =
subnet when an EID is away from it<span class=3D"delete">'</span>s home =
subnet</td><td> </td><td class=3D"rblock">   members of a subnet when an =
EID is away from its home subnet</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
location.</td><td> </td><td class=3D"right">   location.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Multicast Info =
Canonical Address Format:</td><td> </td><td class=3D"right">   Multicast =
Info Canonical Address Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D 9 =
   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 9    |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-11" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-11"><em> page 15, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-11"><em> page 15, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Source =
MaskLen:  the mask length of the source prefix that follows.</td><td> =
</td><td class=3D"right">   Source MaskLen:  the mask length of the =
source prefix that follows.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      The length =
is the number of high-order mask bits set.</td><td> </td><td =
class=3D"right">      The length is the number of high-order mask bits =
set.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Group MaskLen: =
 the mask length of the group prefix that follows.</td><td> </td><td =
class=3D"right">   Group MaskLen:  the mask length of the group prefix =
that follows.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      The length =
is the number of high-order mask bits set.</td><td> </td><td =
class=3D"right">      The length is the number of high-order mask bits =
set.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].  When a specific address</td><td> =
</td><td class=3D"right">   AFI =3D x:  x can be any AFI value from =
[AFI].  When a specific address</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      family has =
a multicast address semantic, this field must be either</td><td> =
</td><td class=3D"right">      family has a multicast address semantic, =
this field must be either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      a group =
address or a broadcast address.</td><td> </td><td class=3D"right">      =
a group address or a broadcast address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0017"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   =
Source/Subnet <span class=3D"delete">Address</span>  is the source =
address or prefix for encoding a</td><td> </td><td class=3D"rblock">   =
Source/Subnet <span class=3D"insert">Address:</span>  is the source =
address or prefix for encoding</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      (S,G) =
multicast entry.</td><td> </td><td class=3D"rblock">      a (S,G) =
multicast entry.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0018"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Group =
Address  is the group address or group prefix for encoding</td><td> =
</td><td class=3D"rblock">   Group Address<span class=3D"insert">:</span> =
 is the group address or group prefix for encoding</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      (S,G) or =
(*,G) multicast entries.</td><td> </td><td class=3D"right">      (S,G) =
or (*,G) multicast entries.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID records in Map-Requests, Map-</td><td> =
</td><td class=3D"right">   Usage: This encoding can be used in EID =
records in Map-Requests, Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Replies, =
Map-Registers, and Map-Notify messages.  When LISP-DDT</td><td> </td><td =
class=3D"right">   Replies, Map-Registers, and Map-Notify messages.  =
When LISP-DDT</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-ddt] is used as the mapping system mechanism, =
extended</td><td> </td><td class=3D"right">   [I-D.ietf-lisp-ddt] is =
used as the mapping system mechanism, extended</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   EIDs are used =
in Map-Referral messages.</td><td> </td><td class=3D"right">   EIDs are =
used in Map-Referral messages.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.6.  Traffic =
Engineering using Re-encapsulating Tunnels</td><td> </td><td =
class=3D"right">4.6.  Traffic Engineering using Re-encapsulating =
Tunnels</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   For a given =
EID lookup into the mapping database, this LCAF can be</td><td> </td><td =
class=3D"right">   For a given EID lookup into the mapping database, =
this LCAF can be</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-12" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-12"><em> page 16, line =
49<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-12"><em> page 16, line =
49<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   RLOC-Probe bit =
(P):  this is the RLOC-probe bit which means the</td><td> </td><td =
class=3D"right">   RLOC-Probe bit (P):  this is the RLOC-probe bit which =
means the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Reencap Hop =
allows RLOC-probe messages to be sent to it.  When the</td><td> </td><td =
class=3D"right">      Reencap Hop allows RLOC-probe messages to be sent =
to it.  When the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      R-bit is =
set to 0, RLOC-probes must not be sent.  When a Reencap</td><td> =
</td><td class=3D"right">      R-bit is set to 0, RLOC-probes must not =
be sent.  When a Reencap</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Hop is an =
anycast address then multiple physical Reencap Hops are</td><td> =
</td><td class=3D"right">      Hop is an anycast address then multiple =
physical Reencap Hops are</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      using the =
same RLOC address.  In this case, RLOC-probes are not</td><td> </td><td =
class=3D"right">      using the same RLOC address.  In this case, =
RLOC-probes are not</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      needed =
because when the closest RLOC address is not reachable</td><td> </td><td =
class=3D"right">      needed because when the closest RLOC address is =
not reachable</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      another =
RLOC address can be reachable.</td><td> </td><td class=3D"right">      =
another RLOC address can be reachable.</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Strict bit =
(S):  this is the strict bit which means the associated</td><td> =
</td><td class=3D"right">   Strict bit (S):  this is the strict bit =
which means the associated</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0019"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      Rencap =
Hop is required to be used.  If this bit is 0, the</td><td> </td><td =
class=3D"rblock">      Re<span class=3D"insert">e</span>ncap Hop is =
required to be used.  If this bit is 0, the</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
reencapsulator can skip this Reencap Hop and go to the next one =
in</td><td> </td><td class=3D"right">      reencapsulator can skip this =
Reencap Hop and go to the next one in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      the =
list.</td><td> </td><td class=3D"right">      the list.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].  When a specific AFI has</td><td> =
</td><td class=3D"right">   AFI =3D x:  x can be any AFI value from =
[AFI].  When a specific AFI has</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      its own =
encoding of a multicast address, this field must be either</td><td> =
</td><td class=3D"right">      its own encoding of a multicast address, =
this field must be either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      a group =
address or a broadcast address.</td><td> </td><td class=3D"right">      =
a group address or a broadcast address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in RLOC records in Map-Requests,</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in RLOC records in =
Map-Requests,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Map-Replies, =
Map-Registers, and Map-Notify messages.  This encoding</td><td> </td><td =
class=3D"right">   Map-Replies, Map-Registers, and Map-Notify messages.  =
This encoding</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   does not need =
to be understood by the mapping system for mapping</td><td> </td><td =
class=3D"right">   does not need to be understood by the mapping system =
for mapping</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-13" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-13"><em> page 18, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-13"><em> page 18, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
          ... Key Material                       |</td><td> </td><td =
class=3D"right">   |                        ... Key Material             =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |       Locator Address ...     |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |       Locator =
Address ...     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Count:  =
the Key Count field declares the number of Key sections</td><td> =
</td><td class=3D"right">   Key Count:  the Key Count field declares the =
number of Key sections</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0020"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      included =
in this LCAF.  A key section is made up <span class=3D"delete">the</span> =
"Key Length"</td><td> </td><td class=3D"rblock">      included in this =
LCAF.  A key section is made up <span class=3D"insert">of</span> "Key =
Length"</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and "Key =
Material" fields.</td><td> </td><td class=3D"right">      and "Key =
Material" fields.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Rsvd3:  this =
field is reserved for future use and MUST be transmitted</td><td> =
</td><td class=3D"right">   Rsvd3:  this field is reserved for future =
use and MUST be transmitted</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      as 0 and =
ignored on receipt.</td><td> </td><td class=3D"right">      as 0 and =
ignored on receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Algorithm: =
 the Algorithm field identifies the key's</td><td> </td><td =
class=3D"right">   Key Algorithm:  the Algorithm field identifies the =
key's</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
cryptographic algorithm and specifies the format of the Public =
Key</td><td> </td><td class=3D"right">      cryptographic algorithm and =
specifies the format of the Public Key</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left">      field.  =
Refer to the [I-D.ietf-lisp-ddt] and</td><td> </td><td class=3D"right">  =
    field.  Refer to the [I-D.ietf-lisp-ddt] and</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
[I-D.ietf-lisp-crypto] use cases for definitions of this field.</td><td> =
</td><td class=3D"right">      [I-D.ietf-lisp-crypto] use cases for =
definitions of this field.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-14" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-14"><em> page 18, line =
51<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-14"><em> page 18, line =
51<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   R bit:  this =
is the revoke bit and, if set, it specifies that this</td><td> </td><td =
class=3D"right">   R bit:  this is the revoke bit and, if set, it =
specifies that this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Key is =
being Revoked.</td><td> </td><td class=3D"right">      Key is being =
Revoked.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Length:  =
this field determines the length in bytes of the Key</td><td> </td><td =
class=3D"right">   Key Length:  this field determines the length in =
bytes of the Key</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Material =
field.</td><td> </td><td class=3D"right">      Material field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Material:  =
the Key Material field stores the key material.  The</td><td> </td><td =
class=3D"right">   Key Material:  the Key Material field stores the key =
material.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      format of =
the key material stored depends on the Key Algorithm</td><td> </td><td =
class=3D"right">      format of the key material stored depends on the =
Key Algorithm</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
field.</td><td> </td><td class=3D"right">      field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0021"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   AFI =3D x:  =
x can be any AFI value from [AFI].This is the locator</td><td> </td><td =
class=3D"rblock">   AFI =3D x:  x can be any AFI value from [AFI].<span =
class=3D"insert">  </span>This is the locator</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      address =
that owns the encoded security key.</td><td> </td><td class=3D"right">   =
   address that owns the encoded security key.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID or RLOC records in Map-</td><td> </td><td =
class=3D"right">   Usage: This encoding can be used in EID or RLOC =
records in Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Requests, =
Map-Replies, Map-Registers, and Map-Notify messages.  When</td><td> =
</td><td class=3D"right">   Requests, Map-Replies, Map-Registers, and =
Map-Notify messages.  When</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LISP-DDT =
[I-D.ietf-lisp-ddt] is used as the mapping system mechanism,</td><td> =
</td><td class=3D"right">   LISP-DDT [I-D.ietf-lisp-ddt] is used as the =
mapping system mechanism,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   extended EIDs =
are used in Map-Referral messages.</td><td> </td><td class=3D"right">   =
extended EIDs are used in Map-Referral messages.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.8.  =
Source/Destination 2-Tuple Lookups</td><td> </td><td class=3D"right">4.8. =
 Source/Destination 2-Tuple Lookups</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   When both a =
source and destination address of a flow need</td><td> </td><td =
class=3D"right">   When both a source and destination address of a flow =
need</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-15" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-15"><em> page 20, line =
18<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-15"><em> page 20, line =
18<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
12   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 12   |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |            =
Reserved           |   Source-ML   |    Dest-ML    |</td><td> </td><td =
class=3D"right">   |            Reserved           |   Source-ML   |    =
Dest-ML    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |         Source-Prefix ...     |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |         =
Source-Prefix ...     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr id=3D"diff0022"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   |            =
  AFI =3D <span class=3D"delete">x</span>          |     =
Destination-Prefix ...    |</td><td> </td><td class=3D"rblock">   |      =
        AFI =3D <span class=3D"insert">y</span>          |     =
Destination-Prefix ...    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Reserved:  =
must be set to zero and ignore on receipt.</td><td> </td><td =
class=3D"right">   Reserved:  must be set to zero and ignore on =
receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Source-ML:  =
the mask length of the source prefix that follows.  The</td><td> =
</td><td class=3D"right">   Source-ML:  the mask length of the source =
prefix that follows.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      length is =
the number of high-order mask bits set.</td><td> </td><td class=3D"right">=
      length is the number of high-order mask bits set.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Dest-ML:  the =
mask length of the destination prefix that follows.</td><td> </td><td =
class=3D"right">   Dest-ML:  the mask length of the destination prefix =
that follows.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      The length =
is the number of high-order mask bits set.</td><td> </td><td =
class=3D"right">      The length is the number of high-order mask bits =
set.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0023"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   AFI =3D x:  =
x can be any AFI value from [AFI].  When a specific <span =
class=3D"delete">AFI</span> has</td><td> </td><td class=3D"rblock">   =
AFI =3D x:  x can be any AFI value from [AFI].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      <span =
class=3D"delete">its own encoding of</span> a multicast <span =
class=3D"delete">address,</span> this field must be either</td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">AFI =3D y:  y can be =
any AFI value from [AFI].</span>  When a specific <span =
class=3D"insert">address</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      family</span> has =
a multicast <span class=3D"insert">address semantic,</span> this field =
must be either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      a group =
address or a broadcast address.</td><td> </td><td class=3D"right">      =
a group address or a broadcast address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This =
encoding can be used in EID records in Map-Requests, Map-</td><td> =
</td><td class=3D"right">   Usage: This encoding can be used in EID =
records in Map-Requests, Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Replies, =
Map-Registers, and Map-Notify messages.  When LISP-DDT</td><td> </td><td =
class=3D"right">   Replies, Map-Registers, and Map-Notify messages.  =
When LISP-DDT</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-ddt] is used as the mapping system mechanism, =
extended</td><td> </td><td class=3D"right">   [I-D.ietf-lisp-ddt] is =
used as the mapping system mechanism, extended</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   EIDs are used =
in Map-Referral messages.  Refer to</td><td> </td><td class=3D"right">   =
EIDs are used in Map-Referral messages.  Refer to</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.farinacci-lisp-te] for usage details of this LCAF type.</td><td> =
</td><td class=3D"right">   [I-D.farinacci-lisp-te] for usage details of =
this LCAF type.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.9.  Replication =
List Entries for Multicast Forwarding</td><td> </td><td =
class=3D"right">4.9.  Replication List Entries for Multicast =
Forwarding</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-16" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-16"><em> page 21, line =
36<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-16"><em> page 21, line =
36<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |           RTR/ETR #1 ...      |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |           RTR/ETR =
#1 ...      |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
Rsvd3            |     Rsvd4     |  Level Value  |</td><td> </td><td =
class=3D"right">   |              Rsvd3            |     Rsvd4     |  =
Level Value  |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |           RTR/ETR  #n ...     |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |           RTR/ETR =
 #n ...     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0024"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Rsvd<span =
class=3D"delete">{1,2,3,4}</span>:  must be set to zero and ignore on =
receipt.</td><td> </td><td class=3D"rblock">   Rsvd<span =
class=3D"insert">3/Rsvd4</span>:  must be set to zero and ignore on =
receipt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Level Value:  =
this value is associated with the level within the</td><td> </td><td =
class=3D"right">   Level Value:  this value is associated with the level =
within the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      overlay =
distribution tree hierarchy where the RTR resides.  The</td><td> =
</td><td class=3D"right">      overlay distribution tree hierarchy where =
the RTR resides.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      level =
numbers are ordered from lowest value being close to the ITR</td><td> =
</td><td class=3D"right">      level numbers are ordered from lowest =
value being close to the ITR</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      (meaning =
that ITRs replicate to level-0 RTRs) and higher levels</td><td> </td><td =
class=3D"right">      (meaning that ITRs replicate to level-0 RTRs) and =
higher levels</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      are further =
downstream on the distribution tree closer to ETRs of</td><td> </td><td =
class=3D"right">      are further downstream on the distribution tree =
closer to ETRs of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      multicast =
receiver sites.</td><td> </td><td class=3D"right">      multicast =
receiver sites.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
can be any AFI value from [AFI].  A specific AFI has its</td><td> =
</td><td class=3D"right">   AFI =3D x:  x can be any AFI value from =
[AFI].  A specific AFI has its</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      own =
encoding of either a unicast or multicast locator address.</td><td> =
</td><td class=3D"right">      own encoding of either a unicast or =
multicast locator address.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-17" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-17"><em> page 23, line =
33<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-17"><em> page 23, line =
33<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This address =
format can be used to connect layer-2 domains together</td><td> </td><td =
class=3D"right">   This address format can be used to connect layer-2 =
domains together</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   using LISP =
over an IPv4 or IPv6 core network to create a layer-2 VPN.</td><td> =
</td><td class=3D"right">   using LISP over an IPv4 or IPv6 core network =
to create a layer-2 VPN.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   In this use =
case, a MAC address is being used as an EID, and the</td><td> </td><td =
class=3D"right">   In this use case, a MAC address is being used as an =
EID, and the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   locator-set =
that this EID maps to can be an IPv4 or IPv6 RLOCs, or</td><td> </td><td =
class=3D"right">   locator-set that this EID maps to can be an IPv4 or =
IPv6 RLOCs, or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   even another =
MAC address being used as an RLOC.  See</td><td> </td><td class=3D"right">=
   even another MAC address being used as an RLOC.  See</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.portoles-lisp-eid-mobility] for how layer-2 VPNs operate =
when</td><td> </td><td class=3D"right">   =
[I-D.portoles-lisp-eid-mobility] for how layer-2 VPNs operate =
when</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0025"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   doing EID =
mobility.</td><td> </td><td class=3D"rblock">   doing EID mobility.  =
<span class=3D"insert">Refer to the Security Considerations section =
for</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   privacy =
protection.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">4.10.3.  ASCII =
Names in the Mapping Database</td><td> </td><td class=3D"right">4.10.3.  =
ASCII Names in the Mapping Database</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   If DNS names =
or URIs are stored in the LISP Mapping Database System,</td><td> =
</td><td class=3D"right">   If DNS names or URIs are stored in the LISP =
Mapping Database System,</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0026"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   the AFI List =
Type can be used to carry an ASCII <span class=3D"delete">string where =
it is</span></td><td> </td><td class=3D"rblock">   the AFI List Type can =
be used to carry an ASCII <span class=3D"insert">string.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">   delimited by length 'n' of the LCAF Length =
encoding.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   ASCII LISP =
Canonical Address Format:</td><td> </td><td class=3D"right">   ASCII =
LISP Canonical Address Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D 1 =
   |     Rsvd2     |            Length             |</td><td> </td><td =
class=3D"right">   |   Type =3D 1    |     Rsvd2     |            Length =
            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-18" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-18"><em> page 26, line =
47<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-18"><em> page 26, line =
47<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length2:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length2:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length2 =
field.</td><td> </td><td class=3D"right">      Length2 field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   If a system =
does not recognized the Geo Coordinate LCAF Type that is</td><td> =
</td><td class=3D"right">   If a system does not recognized the Geo =
Coordinate LCAF Type that is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   accompanying a =
locator address, an encoder can include the Geo</td><td> </td><td =
class=3D"right">   accompanying a locator address, an encoder can =
include the Geo</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Coordinate =
LCAF Type embedded in a AFI List LCAF Type where the AFI</td><td> =
</td><td class=3D"right">   Coordinate LCAF Type embedded in a AFI List =
LCAF Type where the AFI</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0027"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   in the Geo =
Coordinate LCAF is set to 0 and the AFI<span =
class=3D"delete">-</span>encoded next in</td><td> </td><td =
class=3D"rblock">   in the Geo Coordinate LCAF is set to 0 and the =
AFI<span class=3D"insert"> </span>encoded next in</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   the list is =
encoded with a valid AFI value to identify the locator</td><td> </td><td =
class=3D"right">   the list is encoded with a valid AFI value to =
identify the locator</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
address.</td><td> </td><td class=3D"right">   address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   A LISP system =
is required to support the AFI List LCAF Type to use</td><td> </td><td =
class=3D"right">   A LISP system is required to support the AFI List =
LCAF Type to use</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   this =
procedure.  It would skip over 10 bytes of the Geo Coordinate</td><td> =
</td><td class=3D"right">   this procedure.  It would skip over 10 bytes =
of the Geo Coordinate</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LCAF Type to =
get to the locator address encoding (an IPv4 locator</td><td> </td><td =
class=3D"right">   LCAF Type to get to the locator address encoding (an =
IPv4 locator</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   address).  A =
LISP system that does support the Geo Coordinate LCAF</td><td> </td><td =
class=3D"right">   address).  A LISP system that does support the Geo =
Coordinate LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Type can =
support parsing the locator address within the Geo</td><td> </td><td =
class=3D"right">   Type can support parsing the locator address within =
the Geo</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Coordinate =
LCAF encoding or in the locator encoding that follows in</td><td> =
</td><td class=3D"right">   Coordinate LCAF encoding or in the locator =
encoding that follows in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   the AFI List =
LCAF.</td><td> </td><td class=3D"right">   the AFI List LCAF.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-19" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-19"><em> page 29, line =
28<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-19"><em> page 29, line =
28<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D 6 =
   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 6    |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   | Key Field =
Num |      Key Wildcard Fields      |   Key . . .   |</td><td> </td><td =
class=3D"right">   | Key Field Num |      Key Wildcard Fields      |   =
Key . . .   |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
         . . . Key                               |</td><td> </td><td =
class=3D"right">   |                       . . . Key                     =
          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0028"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   Key Field =
Num:  the value of this field is the <span class=3D"delete">the</span> =
number of "Key"</td><td> </td><td class=3D"rblock">   Key Field Num:  =
the value of this field is the number of "Key" <span =
class=3D"insert">sub-</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      <span =
class=3D"delete">sub-fields</span> minus 1, the "Key" field can be =
broken up into.  So if</td><td> </td><td class=3D"rblock"><span =
class=3D"insert">      fields</span> minus 1, the "Key" field can be =
broken up into.  So if this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      this =
field has a value of 0, there is 1 sub-field in the "Key".</td><td> =
</td><td class=3D"rblock">      field has a value of 0, there is 1 =
sub-field in the "Key".  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      The width =
of the sub-fields are fixed length.  So for a key size</td><td> </td><td =
class=3D"rblock">      width of the sub-fields are fixed length.  So for =
a key size of 8</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      of 8 =
bytes, with a Key Field Num of 3, allows 4 sub-fields of 2</td><td> =
</td><td class=3D"rblock">      bytes, with a Key Field Num of 3, allows =
4 sub-fields of 2 bytes</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">      bytes =
each in length.  Allowing for a reasonable number of 16 <span =
class=3D"delete">sub-</span></td><td> </td><td class=3D"rblock">      =
each in length.  Allowing for a reasonable number of 16 <span =
class=3D"insert">sub-field</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"><span =
class=3D"delete">      field</span> separators, valid values range from =
0 to 15.</td><td> </td><td class=3D"rblock">      separators, valid =
values range from 0 to 15.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key Wildcard =
Fields:  describes which fields in the key are not used</td><td> =
</td><td class=3D"right">   Key Wildcard Fields:  describes which fields =
in the key are not used</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      as part of =
the key lookup.  This wildcard encoding is a bitfield.</td><td> </td><td =
class=3D"right">      as part of the key lookup.  This wildcard encoding =
is a bitfield.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Each bit is =
a don't-care bit for a corresponding field in the key.</td><td> </td><td =
class=3D"right">      Each bit is a don't-care bit for a corresponding =
field in the key.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Bit 0 (the =
low-order bit) in this bitfield corresponds the first</td><td> </td><td =
class=3D"right">      Bit 0 (the low-order bit) in this bitfield =
corresponds the first</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      field, the =
low-order field in the key, bit 1 the second field, and</td><td> =
</td><td class=3D"right">      field, the low-order field in the key, =
bit 1 the second field, and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      so on.  =
When a bit is set in the bitfield it is a don't-care bit</td><td> =
</td><td class=3D"right">      so on.  When a bit is set in the bitfield =
it is a don't-care bit</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and should =
not be considered as part of the database lookup.  When</td><td> =
</td><td class=3D"right">      and should not be considered as part of =
the database lookup.  When</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      the entire =
16-bits is set to 0, then all bits of the key are used</td><td> </td><td =
class=3D"right">      the entire 16-bits is set to 0, then all bits of =
the key are used</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      for the =
database lookup.</td><td> </td><td class=3D"right">      for the =
database lookup.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-20" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-20"><em> page 31, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-20"><em> page 31, line =
27<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
14   |    Rsvd2    |B|            Length             |</td><td> </td><td =
class=3D"right">   |   Type =3D 14   |    Rsvd2    |B|            Length =
            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
JSON length         | JSON binary/text encoding ... |</td><td> </td><td =
class=3D"right">   |           JSON length         | JSON binary/text =
encoding ... |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |       Optional Address ...    |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |       Optional =
Address ...    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0029"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd{1,2}:  must be set to zero and ignore on =
receipt.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   B bit:  =
indicates that the JSON field is binary encoded according to</td><td> =
</td><td class=3D"right">   B bit:  indicates that the JSON field is =
binary encoded according to</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
[JSON-BINARY] when the bit is set to 1.  Otherwise the encoding =
is</td><td> </td><td class=3D"right">      [JSON-BINARY] when the bit is =
set to 1.  Otherwise the encoding is</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      based on =
text encoding according to [RFC7159].</td><td> </td><td class=3D"right"> =
     based on text encoding according to [RFC7159].</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   JSON length:  =
length in octets of the following 'JSON binary/text</td><td> </td><td =
class=3D"right">   JSON length:  length in octets of the following 'JSON =
binary/text</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      encoding' =
field.</td><td> </td><td class=3D"right">      encoding' field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   JSON =
binary/text encoding field:  a variable length field that</td><td> =
</td><td class=3D"right">   JSON binary/text encoding field:  a variable =
length field that</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      contains =
either binary or text encodings.</td><td> </td><td class=3D"right">      =
contains either binary or text encodings.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-21" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-21"><em> page 32, line =
11<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-21"><em> page 32, line =
11<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Usage: This is =
an experimental type where the usage has not been</td><td> </td><td =
class=3D"right">   Usage: This is an experimental type where the usage =
has not been</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   defined =
yet.</td><td> </td><td class=3D"right">   defined yet.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">5.5.  Encoding =
Key/Value Address Pairs</td><td> </td><td class=3D"right">5.5.  Encoding =
Key/Value Address Pairs</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The Key/Value =
pair is, for example, useful for attaching attributes</td><td> </td><td =
class=3D"right">   The Key/Value pair is, for example, useful for =
attaching attributes</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   to other =
elements of LISP packets, such as EIDs or RLOCs.  When</td><td> </td><td =
class=3D"right">   to other elements of LISP packets, such as EIDs or =
RLOCs.  When</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   attaching =
attributes to EIDs or RLOCs, it's necessary to distinguish</td><td> =
</td><td class=3D"right">   attaching attributes to EIDs or RLOCs, it's =
necessary to distinguish</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   between the =
element that should be used as EID or RLOC, and hence as</td><td> =
</td><td class=3D"right">   between the element that should be used as =
EID or RLOC, and hence as</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0030"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   key for =
lookups, and additional attributes.  This is especially the</td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">the</span> key for =
lookups, and additional attributes.  This is especially</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   case when =
the difference cannot be determined from the types of the</td><td> =
</td><td class=3D"rblock">   the case when the difference cannot be =
determined from the types of</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   elements, =
such as when two IP addresses are being used.</td><td> </td><td =
class=3D"rblock">   the elements, such as when two IP addresses are =
being used.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Key/Value Pair =
Address Format:</td><td> </td><td class=3D"right">   Key/Value Pair =
Address Format:</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0             =
      1                   2                   3</td><td> </td><td =
class=3D"right">    0                   1                   2            =
       3</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">    0 1 2 3 4 5 6 =
7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1</td><td> </td><td =
class=3D"right">    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 =
6 7 8 9 0 1</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
15   |     Rsvd2     |            Length             |</td><td> </td><td =
class=3D"right">   |   Type =3D 15   |     Rsvd2     |            Length =
            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |       Address as Key ...      |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |       Address as =
Key ...      |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D y          |       Address as Value ...    |</td><td> </td><td =
class=3D"right">   |              AFI =3D y          |       Address as =
Value ...    |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0031"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd{1,2}:  must be set to zero and ignore on =
receipt.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI =3D x:  x =
is the "Address as Key" AFI that can have any value from</td><td> =
</td><td class=3D"right">   AFI =3D x:  x is the "Address as Key" AFI =
that can have any value from</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      [AFI].  A =
specific AFI has its own encoding of either a unicast or</td><td> =
</td><td class=3D"right">      [AFI].  A specific AFI has its own =
encoding of either a unicast or</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      multicast =
locator address.  All RTR/ETR entries for the same level</td><td> =
</td><td class=3D"right">      multicast locator address.  All RTR/ETR =
entries for the same level</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      should be =
combined together by a Map-Server to avoid searching</td><td> </td><td =
class=3D"right">      should be combined together by a Map-Server to =
avoid searching</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      through the =
entire multi-level list of locator entries in a Map-</td><td> </td><td =
class=3D"right">      through the entire multi-level list of locator =
entries in a Map-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Reply =
message.</td><td> </td><td class=3D"right">      Reply message.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Address as =
Key:  this AFI-encoded address will be attached with the</td><td> =
</td><td class=3D"right">   Address as Key:  this AFI-encoded address =
will be attached with the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      attributes =
encoded in "Address as Value" which follows this field.</td><td> =
</td><td class=3D"right">      attributes encoded in "Address as Value" =
which follows this field.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-22" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-22"><em> page 34, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-22"><em> page 34, line =
19<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |           =
AFI =3D 16387         |     Rsvd1     |     Flags     |</td><td> =
</td><td class=3D"right">   |           AFI =3D 16387         |     =
Rsvd1     |     Flags     |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |   Type =3D =
16   |     Rsvd2     |             Length            |</td><td> </td><td =
class=3D"right">   |   Type =3D 16   |     Rsvd2     |             =
Length            |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |        =
Reserved-for-Future-Encapsulations       |U|G|N|v|V|l|L|</td><td> =
</td><td class=3D"right">   |        Reserved-for-Future-Encapsulations  =
     |U|G|N|v|V|l|L|</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   |              =
AFI =3D x          |          Address ...          |</td><td> </td><td =
class=3D"right">   |              AFI =3D x          |          Address =
...          |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td>=
 </td><td class=3D"right">   =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0032"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   <span =
class=3D"delete">Rsvd1/Rsvd2:  must be set to zero and ignored on =
receipt.</span></td><td> </td><td class=3D"rblock"></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">                =
                                                         </td><td> =
</td><td class=3D"rblock"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Length:  =
length in bytes starting and including the byte after this</td><td> =
</td><td class=3D"right">   Length:  length in bytes starting and =
including the byte after this</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Length =
field.</td><td> </td><td class=3D"right">      Length field.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
Reserved-for-Future-Encapsulations:  must be set to zero and =
ignored</td><td> </td><td class=3D"right">   =
Reserved-for-Future-Encapsulations:  must be set to zero and =
ignored</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      on receipt. =
 This field will get bits allocated to future</td><td> </td><td =
class=3D"right">      on receipt.  This field will get bits allocated to =
future</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
encapsulations, as they are created.</td><td> </td><td class=3D"right">  =
    encapsulations, as they are created.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   L: The RLOCs =
listed in the AFI-encoded addresses in the next longword</td><td> =
</td><td class=3D"right">   L: The RLOCs listed in the AFI-encoded =
addresses in the next longword</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      can accept =
layer 3 LISP encapsulation using destination UDP port</td><td> </td><td =
class=3D"right">      can accept layer 3 LISP encapsulation using =
destination UDP port</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      4341 =
[RFC6830].</td><td> </td><td class=3D"right">      4341 =
[RFC6830].</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-23" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-23"><em> page 36, line =
14<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-23"><em> page 36, line =
8<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">6.  Security =
Considerations</td><td> </td><td class=3D"right">6.  Security =
Considerations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   There are no =
security considerations for this specification.  The</td><td> </td><td =
class=3D"right">   There are no security considerations for this =
specification.  The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   security =
considerations are documented for the protocols that use</td><td> =
</td><td class=3D"right">   security considerations are documented for =
the protocols that use</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LISP Canonical =
Addressing.</td><td> </td><td class=3D"right">   LISP Canonical =
Addressing.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The use of the =
Geo-Coordinates LCAF Type may raise physical privacy</td><td> </td><td =
class=3D"right">   The use of the Geo-Coordinates LCAF Type may raise =
physical privacy</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   issues.  Care =
should be taken when configuring the mapping system to</td><td> </td><td =
class=3D"right">   issues.  Care should be taken when configuring the =
mapping system to</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   use specific =
policy parameters so geo-location information is not</td><td> </td><td =
class=3D"right">   use specific policy parameters so geo-location =
information is not</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0033"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">   returned =
gratuitously.</td><td> </td><td class=3D"rblock">   returned =
gratuitously.  <span class=3D"insert">It is recommended that any =
documents that</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   specify the use of =
the Geo-Coordinates LCAF Type should consider the</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   applicability of the =
BCP160 [RFC6280] for location-based privacy</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   =
protection.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">7.  IANA =
Considerations</td><td> </td><td class=3D"right">7.  IANA =
Considerations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   This document =
defines a canonical address format encoding used in</td><td> </td><td =
class=3D"right">   This document defines a canonical address format =
encoding used in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   LISP control =
messages and in the encoding of lookup keys for the LISP</td><td> =
</td><td class=3D"right">   LISP control messages and in the encoding of =
lookup keys for the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Mapping =
Database System.  Such address format is based on a fixed AFI</td><td> =
</td><td class=3D"right">   Mapping Database System.  Such address =
format is based on a fixed AFI</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   (16387) and a =
LISP LCAF Type field.</td><td> </td><td class=3D"right">   (16387) and a =
LISP LCAF Type field.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   The LISP LCAF =
Type field is an 8-bit field specific to the LISP</td><td> </td><td =
class=3D"right">   The LISP LCAF Type field is an 8-bit field specific =
to the LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Canonical =
Address formatted encodings, for which IANA is to create</td><td> =
</td><td class=3D"right">   Canonical Address formatted encodings, for =
which IANA is to create</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-24" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-24"><em> page 37, line =
9<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-24"><em> page 36, line =
50<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">           | 12   =
 | Source/Dest Key Type         | Section 3  |</td><td> </td><td =
class=3D"right">           | 12    | Source/Dest Key Type         | =
Section 3  |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">           | 13   =
 | Replication List Entry Type  | Section 3  |</td><td> </td><td =
class=3D"right">           | 13    | Replication List Entry Type  | =
Section 3  |</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">           =
+-------+------------------------------+------------+</td><td> </td><td =
class=3D"right">           =
+-------+------------------------------+------------+</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">                  =
Table 1: LISP LCAF Type Initial Values</td><td> </td><td class=3D"right"> =
                 Table 1: LISP LCAF Type Initial Values</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">8.  =
References</td><td> </td><td class=3D"right">8.  References</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">8.1.  Normative =
References</td><td> </td><td class=3D"right">8.1.  Normative =
References</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0034"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">[BCP160]   "An =
Architecture for Location and Location Privacy in</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              Internet =
Applications", Best Current Practices</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
https://www.rfc-editor.org/bcp/bcp160.txt, July 2011.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC1918]  =
Rekhter, Y., Moskowitz, B., Karrenberg, D., de Groot, G.,</td><td> =
</td><td class=3D"right">   [RFC1918]  Rekhter, Y., Moskowitz, B., =
Karrenberg, D., de Groot, G.,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              and =
E. Lear, "Address Allocation for Private Internets",</td><td> </td><td =
class=3D"right">              and E. Lear, "Address Allocation for =
Private Internets",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              BCP =
5, RFC 1918, DOI 10.17487/RFC1918, February 1996,</td><td> </td><td =
class=3D"right">              BCP 5, RFC 1918, DOI 10.17487/RFC1918, =
February 1996,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc1918&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc1918&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC2119]  =
Bradner, S., "Key words for use in RFCs to Indicate</td><td> </td><td =
class=3D"right">   [RFC2119]  Bradner, S., "Key words for use in RFCs to =
Indicate</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Requirement Levels", BCP 14, RFC 2119,</td><td> </td><td class=3D"right"> =
             Requirement Levels", BCP 14, RFC 2119,</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC2119, March 1997,</td><td> </td><td class=3D"right">         =
     DOI 10.17487/RFC2119, March 1997,</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc2119&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc2119&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC3232]  =
Reynolds, J., Ed., "Assigned Numbers: RFC 1700 is Replaced</td><td> =
</td><td class=3D"right">   [RFC3232]  Reynolds, J., Ed., "Assigned =
Numbers: RFC 1700 is Replaced</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              by =
an On-line Database", RFC 3232, DOI 10.17487/RFC3232,</td><td> </td><td =
class=3D"right">              by an On-line Database", RFC 3232, DOI =
10.17487/RFC3232,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
January 2002, &lt;http://www.rfc-editor.org/info/rfc3232&gt;.</td><td> =
</td><td class=3D"right">              January 2002, =
&lt;http://www.rfc-editor.org/info/rfc3232&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC5226]  =
Narten, T. and H. Alvestrand, "Guidelines for Writing an</td><td> =
</td><td class=3D"right">   [RFC5226]  Narten, T. and H. Alvestrand, =
"Guidelines for Writing an</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
IANA Considerations Section in RFCs", BCP 26, RFC 5226,</td><td> =
</td><td class=3D"right">              IANA Considerations Section in =
RFCs", BCP 26, RFC 5226,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC5226, May 2008,</td><td> </td><td class=3D"right">           =
   DOI 10.17487/RFC5226, May 2008,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc5226&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc5226&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0035"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">   <span class=3D"insert">[RFC6280]  Barnes, =
R., Lepinski, M., Cooper, A., Morris, J.,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
Tschofenig, H., and H. Schulzrinne, "An Architecture for</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              Location =
and Location Privacy in Internet Applications",</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              BCP 160, =
RFC 6280, DOI 10.17487/RFC6280, July 2011,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
&lt;http://www.rfc-editor.org/info/rfc6280&gt;.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock">                                               =
                          </td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC6830]  =
Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The</td><td> =
</td><td class=3D"right">   [RFC6830]  Farinacci, D., Fuller, V., Meyer, =
D., and D. Lewis, "The</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Locator/ID Separation Protocol (LISP)", RFC 6830,</td><td> </td><td =
class=3D"right">              Locator/ID Separation Protocol (LISP)", =
RFC 6830,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              DOI =
10.17487/RFC6830, January 2013,</td><td> </td><td class=3D"right">       =
       DOI 10.17487/RFC6830, January 2013,</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc6830&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc6830&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC6836]  =
Fuller, V., Farinacci, D., Meyer, D., and D. Lewis,</td><td> </td><td =
class=3D"right">   [RFC6836]  Fuller, V., Farinacci, D., Meyer, D., and =
D. Lewis,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
"Locator/ID Separation Protocol Alternative Logical</td><td> </td><td =
class=3D"right">              "Locator/ID Separation Protocol =
Alternative Logical</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Topology (LISP+ALT)", RFC 6836, DOI 10.17487/RFC6836,</td><td> </td><td =
class=3D"right">              Topology (LISP+ALT)", RFC 6836, DOI =
10.17487/RFC6836,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
January 2013, &lt;http://www.rfc-editor.org/info/rfc6836&gt;.</td><td> =
</td><td class=3D"right">              January 2013, =
&lt;http://www.rfc-editor.org/info/rfc6836&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-25" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-25"><em> page 38, line =
8<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-25"><em> page 38, line =
13<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc7348&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc7348&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC7637]  =
Garg, P., Ed. and Y. Wang, Ed., "NVGRE: Network</td><td> </td><td =
class=3D"right">   [RFC7637]  Garg, P., Ed. and Y. Wang, Ed., "NVGRE: =
Network</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Virtualization Using Generic Routing Encapsulation",</td><td> </td><td =
class=3D"right">              Virtualization Using Generic Routing =
Encapsulation",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              RFC =
7637, DOI 10.17487/RFC7637, September 2015,</td><td> </td><td =
class=3D"right">              RFC 7637, DOI 10.17487/RFC7637, September =
2015,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
&lt;http://www.rfc-editor.org/info/rfc7637&gt;.</td><td> </td><td =
class=3D"right">              =
&lt;http://www.rfc-editor.org/info/rfc7637&gt;.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">8.2.  Informative =
References</td><td> </td><td class=3D"right">8.2.  Informative =
References</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [AFI]      =
IANA, , "Address Family Identifier (AFIs)", ADDRESS FAMILY</td><td> =
</td><td class=3D"right">   [AFI]      IANA, , "Address Family =
Identifier (AFIs)", ADDRESS FAMILY</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0036"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">              =
NUMBERS <span class=3D"delete">http://www.iana.org/numbers.html,</span> =
Febuary 2007.</td><td> </td><td class=3D"rblock">              NUMBERS =
<span =
class=3D"insert">http://www.iana.org/assignments/address-family-</span></t=
d><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">              =
numbers/address-family-numbers.xhtml?,</span> Febuary 2007.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.coras-lisp-re]</td><td> </td><td class=3D"right">   =
[I-D.coras-lisp-re]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Coras, F., Cabellos-Aparicio, A., Domingo-Pascual, J.,</td><td> </td><td =
class=3D"right">              Coras, F., Cabellos-Aparicio, A., =
Domingo-Pascual, J.,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Maino, F., and D. Farinacci, "LISP Replication</td><td> </td><td =
class=3D"right">              Maino, F., and D. Farinacci, "LISP =
Replication</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Engineering", draft-coras-lisp-re-08 (work in progress),</td><td> =
</td><td class=3D"right">              Engineering", =
draft-coras-lisp-re-08 (work in progress),</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
November 2015.</td><td> </td><td class=3D"right">              November =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ermagan-lisp-nat-traversal]</td><td> </td><td class=3D"right">   =
[I-D.ermagan-lisp-nat-traversal]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Ermagan, V., Farinacci, D., Lewis, D., Skriver, J., Maino,</td><td> =
</td><td class=3D"right">              Ermagan, V., Farinacci, D., =
Lewis, D., Skriver, J., Maino,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              F., =
and C. White, "NAT traversal for LISP", draft-ermagan-</td><td> </td><td =
class=3D"right">              F., and C. White, "NAT traversal for =
LISP", draft-ermagan-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-26" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-26"><em> page 38, line =
39<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-26"><em> page 38, line =
45<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Generic Network Virtualization Encapsulation", draft-</td><td> </td><td =
class=3D"right">              Generic Network Virtualization =
Encapsulation", draft-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
gross-geneve-02 (work in progress), October 2014.</td><td> </td><td =
class=3D"right">              gross-geneve-02 (work in progress), =
October 2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.herbert-gue]</td><td> </td><td class=3D"right">   =
[I-D.herbert-gue]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Herbert, T., Yong, L., and O. Zia, "Generic UDP</td><td> </td><td =
class=3D"right">              Herbert, T., Yong, L., and O. Zia, =
"Generic UDP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Encapsulation", draft-herbert-gue-03 (work in progress),</td><td> =
</td><td class=3D"right">              Encapsulation", =
draft-herbert-gue-03 (work in progress),</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
March 2015.</td><td> </td><td class=3D"right">              March =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-crypto]</td><td> </td><td class=3D"right">   =
[I-D.ietf-lisp-crypto]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Farinacci, D. and B. Weis, "LISP Data-Plane</td><td> </td><td =
class=3D"right">              Farinacci, D. and B. Weis, "LISP =
Data-Plane</td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0037"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">              =
Confidentiality", <span class=3D"delete">draft-ietf-lisp-crypto-08</span> =
(work in</td><td> </td><td class=3D"rblock">              =
Confidentiality", <span class=3D"insert">draft-ietf-lisp-crypto-10</span> =
(work in</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">              =
progress), <span class=3D"delete">September</span> 2016.</td><td> =
</td><td class=3D"rblock">              progress), <span =
class=3D"insert">October</span> 2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.ietf-lisp-ddt]</td><td> </td><td class=3D"right">   =
[I-D.ietf-lisp-ddt]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Fuller, V., Lewis, D., Ermagan, V., Jain, A., and A.</td><td> </td><td =
class=3D"right">              Fuller, V., Lewis, D., Ermagan, V., Jain, =
A., and A.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Smirnov, "LISP Delegated Database Tree", draft-ietf-lisp-</td><td> =
</td><td class=3D"right">              Smirnov, "LISP Delegated Database =
Tree", draft-ietf-lisp-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
ddt-08 (work in progress), September 2016.</td><td> </td><td =
class=3D"right">              ddt-08 (work in progress), September =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
[I-D.portoles-lisp-eid-mobility]</td><td> </td><td class=3D"right">   =
[I-D.portoles-lisp-eid-mobility]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Portoles-Comeras, M., Ashtaputre, V., Moreno, V., Maino,</td><td> =
</td><td class=3D"right">              Portoles-Comeras, M., Ashtaputre, =
V., Moreno, V., Maino,</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              F., =
and D. Farinacci, "LISP L2/L3 EID Mobility Using a</td><td> </td><td =
class=3D"right">              F., and D. Farinacci, "LISP L2/L3 EID =
Mobility Using a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">              =
Unified Control Plane", draft-portoles-lisp-eid-</td><td> </td><td =
class=3D"right">              Unified Control Plane", =
draft-portoles-lisp-eid-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"part-27" class=3D"change"><td></td><th><small>skipping =
to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-27"><em> page 40, line =
9<span class=3D"hide"> =C2=B6</span></em></a></th><th> =
</th><th><small>skipping to change at</small><a =
href=3D"https://tools.ietf.org/rfcdiff#part-27"><em> page 40, line =
15<span class=3D"hide"> =C2=B6</span></em></a></th><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Thanks goes to =
Michiel Blokzijl and Alberto Rodriguez-Natal for</td><td> </td><td =
class=3D"right">   Thanks goes to Michiel Blokzijl and Alberto =
Rodriguez-Natal for</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   suggesting new =
LCAF types.</td><td> </td><td class=3D"right">   suggesting new LCAF =
types.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Thanks also =
goes to Terry Manderson for assistance obtaining a LISP</td><td> =
</td><td class=3D"right">   Thanks also goes to Terry Manderson for =
assistance obtaining a LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   AFI value from =
IANA.</td><td> </td><td class=3D"right">   AFI value from IANA.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Appendix B.  =
Document Change Log</td><td> </td><td class=3D"right">Appendix B.  =
Document Change Log</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   [RFC Editor: =
Please delete this section on publication as RFC.]</td><td> </td><td =
class=3D"right">   [RFC Editor: Please delete this section on =
publication as RFC.]</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0038"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1.  Changes =
to draft-ietf-lisp-lcaf-17.txt</td><td> </td><td class=3D"rblock">B.1.  =
Changes to <span =
class=3D"insert">draft-ietf-lisp-lcaf-19.txt</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Submitted October =
2016.</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Make it more =
clear that any use-case documents that use the Geo-</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      Coordinates LCAF =
type should discuss RFC6280 compliance.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">B.2.  Changes to =
draft-ietf-lisp-lcaf-18.txt</span></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Submitted October =
2016 after October 13th telechat.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">   o  Addressed =
comments from Ben Campbell, Jari Arrko, Stephen Farrel,</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">      Peter Yee, Dale =
Worley, Mirja Kuehlewind, and Suresh Krishnan.</span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert"></span></td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock"></td><td> =
</td><td class=3D"rblock"><span class=3D"insert">B.3.  Changes to</span> =
draft-ietf-lisp-lcaf-17.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
October 2016.</td><td> </td><td class=3D"right">   o  Submitted October =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Gen-ART reviewer Peter Yee.</td><td> </td><td =
class=3D"right">   o  Addressed comments from Gen-ART reviewer Peter =
Yee.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
IESG last-call comments from Suresh Krishnan.</td><td> </td><td =
class=3D"right">   o  Addressed IESG last-call comments from Suresh =
Krishnan.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0039"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">2</span>.  Changes to =
draft-ietf-lisp-lcaf-16.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">4</span>.  Changes to =
draft-ietf-lisp-lcaf-16.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
October 2016.</td><td> </td><td class=3D"right">   o  Submitted October =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Security Directorate reviewer David</td><td> </td><td =
class=3D"right">   o  Addressed comments from Security Directorate =
reviewer David</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
Mandelberg.</td><td> </td><td class=3D"right">      Mandelberg.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0040"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">3</span>.  Changes to =
draft-ietf-lisp-lcaf-15.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">5</span>.  Changes to =
draft-ietf-lisp-lcaf-15.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
September 2016.</td><td> </td><td class=3D"right">   o  Submitted =
September 2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Addressed =
comments from Routing Directorate reviewer Stig Venass.</td><td> =
</td><td class=3D"right">   o  Addressed comments from Routing =
Directorate reviewer Stig Venass.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0041"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">4</span>.  Changes to =
draft-ietf-lisp-lcaf-14.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">6</span>.  Changes to =
draft-ietf-lisp-lcaf-14.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
July 2016.</td><td> </td><td class=3D"right">   o  Submitted July =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix IDnits =
errors and comments from Luigi Iannone, document</td><td> </td><td =
class=3D"right">   o  Fix IDnits errors and comments from Luigi Iannone, =
document</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
shepherd.</td><td> </td><td class=3D"right">      shepherd.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0042"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">5</span>.  Changes to =
draft-ietf-lisp-lcaf-13.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">7</span>.  Changes to =
draft-ietf-lisp-lcaf-13.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
May 2016.</td><td> </td><td class=3D"right">   o  Submitted May =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Explain the =
Instance-ID LCAF Type is 32-bits in length and the</td><td> </td><td =
class=3D"right">   o  Explain the Instance-ID LCAF Type is 32-bits in =
length and the</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Instance-ID =
field in the LISP encapsulation header is 24-bits.</td><td> </td><td =
class=3D"right">      Instance-ID field in the LISP encapsulation header =
is 24-bits.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0043"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">6</span>.  Changes to =
draft-ietf-lisp-lcaf-12.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">8</span>.  Changes to =
draft-ietf-lisp-lcaf-12.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
March 2016.</td><td> </td><td class=3D"right">   o  Submitted March =
2016.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Updated =
references and document timer.</td><td> </td><td class=3D"right">   o  =
Updated references and document timer.</td><td class=3D"lineno"></td></tr>=

      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Removed the =
R, J, and L bits from the Multicast Info Type LCAF</td><td> </td><td =
class=3D"right">   o  Removed the R, J, and L bits from the Multicast =
Info Type LCAF</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      since =
working group decided to not go forward with draft-</td><td> </td><td =
class=3D"right">      since working group decided to not go forward with =
draft-</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
farinacci-lisp-mr-signaling-03.txt in favor of draft- =
ietf-lisp-</td><td> </td><td class=3D"right">      =
farinacci-lisp-mr-signaling-03.txt in favor of draft- ietf-lisp-</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      =
signal-free-00.txt.</td><td> </td><td class=3D"right">      =
signal-free-00.txt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0044"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">7</span>.  Changes to =
draft-ietf-lisp-lcaf-11.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">9</span>.  Changes to =
draft-ietf-lisp-lcaf-11.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
September 2015.</td><td> </td><td class=3D"right">   o  Submitted =
September 2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Reflecting =
comments from Prague LISP working group.</td><td> </td><td =
class=3D"right">   o  Reflecting comments from Prague LISP working =
group.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Readying =
document for a LISP LCAF registry, RFC publication, and</td><td> =
</td><td class=3D"right">   o  Readying document for a LISP LCAF =
registry, RFC publication, and</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      for new use =
cases that will be defined in the new charter.</td><td> </td><td =
class=3D"right">      for new use cases that will be defined in the new =
charter.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0045"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">8</span>.  Changes to =
draft-ietf-lisp-lcaf-10.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">10</span>.  Changes to =
draft-ietf-lisp-lcaf-10.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
June 2015.</td><td> </td><td class=3D"right">   o  Submitted June =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix =
coauthor Job's contact information.</td><td> </td><td class=3D"right">   =
o  Fix coauthor Job's contact information.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0046"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">9</span>.  Changes to =
draft-ietf-lisp-lcaf-09.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">11</span>.  Changes to =
draft-ietf-lisp-lcaf-09.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
June 2015.</td><td> </td><td class=3D"right">   o  Submitted June =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix IANA =
Considerations section to request a registry to allocate</td><td> =
</td><td class=3D"right">   o  Fix IANA Considerations section to =
request a registry to allocate</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and track =
LCAF Type values.</td><td> </td><td class=3D"right">      and track LCAF =
Type values.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0047"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">0</span>.  Changes to =
draft-ietf-lisp-lcaf-08.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">2</span>.  Changes to =
draft-ietf-lisp-lcaf-08.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
April 2015.</td><td> </td><td class=3D"right">   o  Submitted April =
2015.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Comment =
from Florin.  The Application Data Type length field has a</td><td> =
</td><td class=3D"right">   o  Comment from Florin.  The Application =
Data Type length field has a</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      typo.  The =
field should be labeled "12 + n" and not "8 + n".</td><td> </td><td =
class=3D"right">      typo.  The field should be labeled "12 + n" and =
not "8 + n".</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Fix length =
fields in the sections titled "Using Recursive LISP</td><td> </td><td =
class=3D"right">   o  Fix length fields in the sections titled "Using =
Recursive LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      Canonical =
Address Encodings", "Generic Database Mapping Lookups",</td><td> =
</td><td class=3D"right">      Canonical Address Encodings", "Generic =
Database Mapping Lookups",</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      and "Data =
Model Encoding".</td><td> </td><td class=3D"right">      and "Data Model =
Encoding".</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0048"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">1</span>.  Changes to =
draft-ietf-lisp-lcaf-07.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">3</span>.  Changes to =
draft-ietf-lisp-lcaf-07.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
December 2014.</td><td> </td><td class=3D"right">   o  Submitted =
December 2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add a new =
LCAF Type called "Encapsulation Format" so decapsulating</td><td> =
</td><td class=3D"right">   o  Add a new LCAF Type called "Encapsulation =
Format" so decapsulating</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      xTRs can =
inform encapsulating xTRs what data-plane encapsulations</td><td> =
</td><td class=3D"right">      xTRs can inform encapsulating xTRs what =
data-plane encapsulations</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      they =
support.</td><td> </td><td class=3D"right">      they support.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0049"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">2</span>.  Changes to =
draft-ietf-lisp-lcaf-06.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">4</span>.  Changes to =
draft-ietf-lisp-lcaf-06.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
October 2014.</td><td> </td><td class=3D"right">   o  Submitted October =
2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Make it =
clear how sorted RLOC records are done when LCAFs are used</td><td> =
</td><td class=3D"right">   o  Make it clear how sorted RLOC records are =
done when LCAFs are used</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      as the RLOC =
record.</td><td> </td><td class=3D"right">      as the RLOC =
record.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0050"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">3</span>.  Changes to =
draft-ietf-lisp-lcaf-05.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">5</span>.  Changes to =
draft-ietf-lisp-lcaf-05.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
May 2014.</td><td> </td><td class=3D"right">   o  Submitted May =
2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add a =
length field of the JSON payload that can be used for either</td><td> =
</td><td class=3D"right">   o  Add a length field of the JSON payload =
that can be used for either</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      binary or =
text encoding of JSON data.</td><td> </td><td class=3D"right">      =
binary or text encoding of JSON data.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0051"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">4</span>.  Changes to =
draft-ietf-lisp-lcaf-04.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">6</span>.  Changes to =
draft-ietf-lisp-lcaf-04.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
January 2014.</td><td> </td><td class=3D"right">   o  Submitted January =
2014.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Agreement =
among ELP implementors to have the AFI 16-bit field</td><td> </td><td =
class=3D"right">   o  Agreement among ELP implementors to have the AFI =
16-bit field</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      adjacent to =
the address.  This will make the encoding consistent</td><td> </td><td =
class=3D"right">      adjacent to the address.  This will make the =
encoding consistent</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      with all =
other LCAF type address encodings.</td><td> </td><td class=3D"right">    =
  with all other LCAF type address encodings.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0052"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">5</span>.  Changes to =
draft-ietf-lisp-lcaf-03.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">7</span>.  Changes to =
draft-ietf-lisp-lcaf-03.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
September 2013.</td><td> </td><td class=3D"right">   o  Submitted =
September 2013.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Updated =
references and author's affilations.</td><td> </td><td class=3D"right">  =
 o  Updated references and author's affilations.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Added =
Instance-ID to the Multicast Info Type so there is relative</td><td> =
</td><td class=3D"right">   o  Added Instance-ID to the Multicast Info =
Type so there is relative</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      ease in =
parsing (S,G) entries within a VPN.</td><td> </td><td class=3D"right">   =
   ease in parsing (S,G) entries within a VPN.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add port =
range encodings to the Application Data LCAF Type.</td><td> </td><td =
class=3D"right">   o  Add port range encodings to the Application Data =
LCAF Type.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add a new =
JSON LCAF Type.</td><td> </td><td class=3D"right">   o  Add a new JSON =
LCAF Type.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Add Address =
Key/Value LCAF Type to allow attributes to be attached</td><td> </td><td =
class=3D"right">   o  Add Address Key/Value LCAF Type to allow =
attributes to be attached</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      to an =
address.</td><td> </td><td class=3D"right">      to an address.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0053"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">6</span>.  Changes to =
draft-ietf-lisp-lcaf-02.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">8</span>.  Changes to =
draft-ietf-lisp-lcaf-02.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
March 2013.</td><td> </td><td class=3D"right">   o  Submitted March =
2013.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Added new =
LCAF Type "Replication List Entry" to support LISP</td><td> </td><td =
class=3D"right">   o  Added new LCAF Type "Replication List Entry" to =
support LISP</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">      replication =
engineering use cases.</td><td> </td><td class=3D"right">      =
replication engineering use cases.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Changed =
references to new LISP RFCs.</td><td> </td><td class=3D"right">   o  =
Changed references to new LISP RFCs.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0054"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.1<span =
class=3D"delete">7</span>.  Changes to =
draft-ietf-lisp-lcaf-01.txt</td><td> </td><td class=3D"rblock">B.1<span =
class=3D"insert">9</span>.  Changes to =
draft-ietf-lisp-lcaf-01.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Submitted =
January 2013.</td><td> </td><td class=3D"right">   o  Submitted January =
2013.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Change =
longitude range from 0-90 to 0-180 in section 4.4.</td><td> </td><td =
class=3D"right">   o  Change longitude range from 0-90 to 0-180 in =
section 4.4.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Added =
reference to WGS-84 in section 4.4.</td><td> </td><td class=3D"right">   =
o  Added reference to WGS-84 in section 4.4.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr id=3D"diff0055"><td></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"lblock">B.<span =
class=3D"delete">18</span>.  Changes to =
draft-ietf-lisp-lcaf-00.txt</td><td> </td><td class=3D"rblock">B.<span =
class=3D"insert">20</span>.  Changes to =
draft-ietf-lisp-lcaf-00.txt</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  Posted =
first working group draft August 2012.</td><td> </td><td class=3D"right"> =
  o  Posted first working group draft August 2012.</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   o  This draft =
was renamed from draft-farinacci-lisp-lcaf-10.txt.</td><td> </td><td =
class=3D"right">   o  This draft was renamed from =
draft-farinacci-lisp-lcaf-10.txt.</td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">Authors' =
Addresses</td><td> </td><td class=3D"right">Authors' Addresses</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left"></td><td> =
</td><td class=3D"right"></td><td class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   Dino =
Farinacci</td><td> </td><td class=3D"right">   Dino Farinacci</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   =
lispers.net</td><td> </td><td class=3D"right">   lispers.net</td><td =
class=3D"lineno"></td></tr>
      <tr><td class=3D"lineno"></td><td class=3D"left">   San Jose, =
CA</td><td> </td><td class=3D"right">   San Jose, CA</td><td =
class=3D"lineno"></td></tr>

     <tr><td></td><td class=3D"left"></td><td> </td><td =
class=3D"right"></td><td></td></tr>
     <tr id=3D"end" bgcolor=3D"gray"><th colspan=3D"5" =
align=3D"center">&nbsp;End of changes. 55 change blocks.&nbsp;</th></tr>
     <tr class=3D"stats"><td></td><th><i>96 lines changed or =
deleted</i></th><th><i> </i></th><th><i>118 lines changed or =
added</i></th><td></td></tr>
     <tr><td colspan=3D"5" align=3D"center" class=3D"small"><br>This =
html diff was produced by rfcdiff 1.45. The latest version is available =
from <a =
href=3D"http://www.tools.ietf.org/tools/rfcdiff/">http://tools.ietf.org/to=
ols/rfcdiff/</a> </td></tr>
   </tbody></table>
  =20
  =20
</body></html>=

--Apple-Mail=_AF0C105C-8933-4952-97F0-1E87BB9BA5C9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8





> On Oct 18, 2016, at 10:53 AM, Ben Campbell <ben@nostrum.com> wrote:
>=20
> Looks good, thanks!
>=20
>=20
> On 18 Oct 2016, at 12:05, Dino Farinacci wrote:
>=20
>=20
>> I can live with that, with a couple of minor comments: I think it =
might be improved by changing "examine" to "consider the applicability =
of". I say that because I do not know for a fact that RFC6820
>=20
> Changed. See below. Please ack so we can publish.
>=20
>> really applies to lisp use cases; I hope people who understand lisp =
better than I can reach a conclusion on that. But I'm okay with an =
experimental RFC pushing that analysis into the future.
>=20
> I assure you we will address this in draft-farinacci-lisp-geo.
>=20
>> One other point: RFC6280 and BCP160 are the same document. I think =
these days we prefer referencing BCPs by the BCP number, but the RFC =
editor will do the right thing.
>=20
> Oh, I didn=E2=80=99t notice that. I=E2=80=99ll change the occurence to =
RFC6280 to BCP160 and apply the RFC reference. See below.
>=20
> Dino
>=20
> <PastedGraphic-3.png>
>=20
>=20


--Apple-Mail=_AF0C105C-8933-4952-97F0-1E87BB9BA5C9--


From nobody Wed Oct 19 08:07:04 2016
Return-Path: <luigi.iannone@telecom-paristech.fr>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DFAC1299D0; Wed, 19 Oct 2016 08:07:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.714
X-Spam-Level: 
X-Spam-Status: No, score=0.714 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, THIS_AD=2.704, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telecom-paristech.fr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bccPk7bFyTx2; Wed, 19 Oct 2016 08:06:58 -0700 (PDT)
Received: from zproxy110.enst.fr (zproxy110.enst.fr [137.194.2.192]) by ietfa.amsl.com (Postfix) with ESMTP id 5DD9412966B; Wed, 19 Oct 2016 08:06:57 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by zproxy110.enst.fr (Postfix) with ESMTP id 1D71C100DD1; Wed, 19 Oct 2016 17:06:56 +0200 (CEST)
Received: from zproxy110.enst.fr ([127.0.0.1]) by localhost (zproxy110.enst.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id yGlJoDt3Chhc; Wed, 19 Oct 2016 17:06:50 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zproxy110.enst.fr (Postfix) with ESMTP id A2820100EE8; Wed, 19 Oct 2016 17:06:50 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 zproxy110.enst.fr A2820100EE8
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telecom-paristech.fr; s=A6AEC2EE-1106-11E5-B10E-D103FDDA8F2E; t=1476889610; bh=stOjX+MV6TyGRMh2ytHuRIPTMXDnuSQ/J6FRG3m5BSE=; h=From:Content-Type:Mime-Version:Subject:Message-Id:Date:To; b=TqkQwNE+/wRVmwQGlW2W+jc4JTEX82caaXEbrVbFhHnK3TXx5c+maBL9G8f5gdIkZ +xfGbG42CbSqzPlqchR7ons2WRDs5o/V2NlpRx8uzH2HZl1OXy6L3926U0SXhYtsO4 +CbDDgXpqEEtQK/k6gLIFUFHVgwpmpFjA2eDdL8I=
X-Virus-Scanned: amavisd-new at zproxy110.enst.fr
Received: from zproxy110.enst.fr ([127.0.0.1]) by localhost (zproxy110.enst.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id nAtn0BqeE-TB; Wed, 19 Oct 2016 17:06:50 +0200 (CEST)
Received: from dhcp164-147.enst.fr (dhcp164-147.enst.fr [137.194.165.147]) by zproxy110.enst.fr (Postfix) with ESMTPSA id 3F5C110086B; Wed, 19 Oct 2016 17:06:50 +0200 (CEST)
From: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_50A4081C-B558-413D-A218-E6AFCC51B906"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Message-Id: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr>
Date: Wed, 19 Oct 2016 17:06:58 +0200
To: Fabio Maino <fmaino@cisco.com>, "Vina Ermagan (vermagan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien Saucez <damien.saucez@inria.fr>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/j9AQt9yjrhuT4s5Shz24I-UT-8M>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
Subject: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 15:07:03 -0000

--Apple-Mail=_50A4081C-B558-413D-A218-E6AFCC51B906
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Dear Authors of the LISP-SEC document,

hereafter my review of the document.
This was long overdue, sorry for being so late.

I really like the solution and the majority of my comments are just =
clarification questions.
Let me know if my comments are clear.

ciao

L.



> 1.  Introduction
>=20
>    The Locator/ID Separation Protocol [RFC6830] defines a set of
>    functions for routers to exchange information used to map from non-
>    routable Endpoint Identifiers (EIDs) to routable Routing Locators
>    (RLOCs). =20
I find the above sentence confusing. Wouldn=E2=80=99t be better to =
specify that we are talking about IP addresses?

> If these EID-to-RLOC mappings, carried through Map-Reply
>    messages, are transmitted without integrity protection, an =
adversary
>    can manipulate them and hijack the communication, impersonate the
>    requested EID, or mount Denial of Service or Distributed Denial of
>    Service attacks.  Also, if the Map-Reply message is transported
>    unauthenticated, an adversarial LISP entity can overclaim an EID-
>    prefix and maliciously redirect traffic directed to a large number =
of
>    hosts.  A detailed description of "overclaiming" attack is provided
>    in [RFC7835].
>=20
>    This memo specifies LISP-SEC, a set of security mechanisms that
>    provides origin authentication, integrity and anti-replay =
protection
>    to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>    process. =20

I would put s forward reference to section 3 stating that the reader =
will find details about the threat model.

> LISP-SEC also enables verification of authorization on EID-
>    prefix claims in Map-Reply messages, ensuring that the sender of a
>    Map-Reply that provides the location for a given EID-prefix is
>    entitled to do so according to the EID prefix registered in the
>    associated Map-Server.  Map-Register security, including the right
>    for a LISP entity to register an EID-prefix or to claim presence at
>    an RLOC, is out of the scope of LISP-SEC.  Additional security
>    considerations are described in Section 6.
>=20
> 2.  Definition of Terms
>=20
>       One-Time Key (OTK): An ephemeral randomly generated key that =
must
>       be used for a single Map-Request/Map-Reply exchange.
>=20
>=20
>=20
>          ITR-OTK: The One-Time Key generated at the ITR.
>=20
>          MS-OTK: The One-Time Key generated at the Map-Server.

Why are you considering ITR-OTK and MS-OTK sub-terms?=20
I would elevate them at full terms, hence avoiding spacing and =
indentation.

>=20
>       Encapsulated Control Message (ECM): A LISP control message that =
is
>       prepended with an additional LISP header.  ECM is used by ITRs =
to
>       send LISP control messages to a Map-Resolver, by Map-Resolvers =
to
>       forward LISP control messages to a Map-Server, and by Map-
>       Resolvers to forward LISP control messages to an ETR.
>=20
Why are you re-defining ECM?=20
You do not specify other packets, e.g., Map-Reply, so why ECM?
I would drop it.


>       Authentication Data (AD): Metadata that is included either in a
>       LISP ECM header or in a Map-Reply message to support
>       confidentiality, integrity protection, and verification of EID-
>       prefix authorization.
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                 [Page =
3]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>          OTK-AD: The portion of ECM Authentication Data that contains =
a
>          One-Time Key.
>=20
>          EID-AD: The portion of ECM and Map-Reply Authentication Data
>          used for verification of EID-prefix authorization.
>=20
>          PKT-AD: The portion of Map-Reply Authentication Data used to
>          protect the integrity of the Map-Reply message.


Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?=20
I would elevate them at full terms, hence avoiding spacing and =
indentation.


>=20
>    For definitions of other terms, notably Map-Request, Map-Reply,
>    Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>    (MS), and Map-Resolver (MR) please consult the LISP specification
>    [RFC6830].
>=20
> 3.  LISP-SEC Threat Model
>=20
>    LISP-SEC addresses the control plane threats, described in =
[RFC7835],
>    that target EID-to-RLOC mappings, including manipulations of Map-
>    Request and Map-Reply messages, and malicious ETR EID prefix
>    overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>    mapping system is expected to deliver a Map-Request message to =
their
>    intended destination ETR as identified by the EID, and (2) no =
man-in-
>    the-middle (MITM) attack can be mounted within the LISP Mapping
>    System.  Furthermore, while LISP-SEC enables detection of EID =
prefix
>    overclaiming attacks, it assumes that Map-Servers can verify the =
EID
>    prefix authorization at time of registration.
LISP-SEC does not require OTK confidentiality in the mapping system. =
This should be discussed here.


>=20
>    According to the threat model described in [RFC7835] LISP-SEC =
assumes
>    that any kind of attack, including MITM attacks, can be mounted in
>    the access network, outside of the boundaries of the LISP mapping
>    system.  An on-path attacker, outside of the LISP mapping system =
can,
>    for example, hijack Map-Request and Map-Reply messages, spoofing =
the
>    identity of a LISP node.  Another example of on-path attack, called
>    overclaiming attack, can be mounted by a malicious Egress Tunnel
>    Router (ETR), by overclaiming the EID-prefixes for which it is
>    authoritative.  In this way the ETR can maliciously redirect =
traffic
>    directed to a large number of hosts.
>=20
> 4.  Protocol Operations
>=20
>    The goal of the security mechanisms defined in [RFC6830] is to
>    prevent unauthorized insertion of mapping data by providing origin
>    authentication and integrity protection for the Map-Registration, =
and
>    by using the nonce to detect unsolicited Map-Reply sent by off-path
>    attackers.
>=20
>    LISP-SEC builds on top of the security mechanisms defined in
>    [RFC6830] to address the threats described in Section 3 by =
leveraging
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                 [Page =
4]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    the trust relationships existing among the LISP entities
>    participating to the exchange of the Map-Request/Map-Reply =
messages.
>    Those trust relationships are used to securely distribute a =
One-Time
>    Key (OTK) that provides origin authentication, integrity and anti-
>    replay protection to mapping data conveyed via the mapping lookup
>    process, and that effectively prevent overclaiming attacks.  The
>    processing of security parameters during the Map-Request/Map-Reply
>    exchange is as follows:
>=20
>    o  The ITR-OTK is generated and stored at the ITR, and securely
>       transported to the Map-Server.
>=20
>    o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
You did not define HMAC acronym. Please define and add a reference.

>       the integrity of the mapping data known to the Map-Server to
>       prevent overclaiming attacks.  The Map-Server also derives a new
>       OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>       Derivation Function (KDF) to the ITR-OTK.
>=20
>    o  The ETR uses the MS-OTK to compute an HMAC that protects the
>       integrity of the Map-Reply sent to the ITR.
>=20
>    o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>       of the mapping data provided by both the Map-Server and the ETR,
>       and to verify that no overclaiming attacks were mounted along =
the
>       path between the Map-Server and the ITR.
>=20
>    Section 5 provides the detailed description of the LISP-SEC control
>    messages and their processing, while the rest of this section
>    describes the flow of protocol operations at each entity involved =
in
>    the Map-Request/Map-Reply exchange:
>=20
>    o  The ITR, upon needing to transmit a Map-Request message, =
generates
>       and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>       Encapsulated Control Message (ECM) that contains the Map-Request
>       sent to the Map-Resolver.  To provide confidentiality to the =
ITR-
>       OTK over the path between the ITR and its Map-Resolver, the ITR-
>       OTK SHOULD=20
Why not using =E2=80=9CMUST=E2=80=9D???
Are you suggesting that a different way to provide confidentiality can =
be used (e.g. a different shared key)???
If yes, please state so.

Or are you suggesting that no encryption at all is used? But this means =
not providing confidentiality=E2=80=A6
Can you clarify?

(this very same comment will appear several time in this review)
> be encrypted using a preconfigured key shared between
>       the ITR and the Map-Resolver, similar to the key shared between
>       the ETR and the Map-Server in order to secure ETR registration
>       [RFC6833].
>=20
>    o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>       OTK, if needed, and forwards through the Mapping System the
>       received Map-Request and the ITR-OTK, as part of a new ECM
>       message.  As described in Section 5.6, the LISP Mapping System
>       delivers the ECM to the appropriate Map-Server, as identified by
>       the EID destination address of the Map-Request.
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                 [Page =
5]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    o  The Map-Server is configured with the location mappings and =
policy
>       information for the ETR responsible for the EID destination
>       address.  Using this preconfigured information, the Map-Server,
>       after the decapsulation of the ECM message, finds the longest
>       match EID-prefix that covers the requested EID in the received
>       Map-Request.  The Map-Server adds this EID-prefix, together with
>       an HMAC computed using the ITR-OTK, to a new Encapsulated =
Control
>       Message that contains the received Map-Request.
>=20
>    o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>       Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is =
included
>       in the Encapsulated Control Message that the Map-Server uses to
>       forward the Map-Request to the ETR.  To provide MS-OTK
>       confidentiality over the path between the Map-Server and the =
ETR,
>       the MS-OTK should=20
This =E2=80=9Cshould=E2=80=9D should be a =E2=80=9CSHOULD=E2=80=9D  =
(sorry for the cacophony=E2=80=A6)

Why not using =E2=80=9CMUST=E2=80=9D???
Are you suggesting that a different way to provide confidentiality can =
be used (e.g. a different shared key)???
If yes, please state so.

Or are you suggesting that no encryption at all is used? But this means =
not providing confidentiality=E2=80=A6
Can you clarify?

> be encrypted using the key shared between the
>       ETR and the Map-Server in order to secure ETR registration
>       [RFC6833].
>=20
>    o  If the Map-Server is acting in proxy mode, as specified in
>       [RFC6830], the ETR is not involved in the generation of the Map-
>       Reply.  In this case the Map-Server generates the Map-Reply on
>       behalf of the ETR as described below.
>=20
>    o  The ETR, upon receiving the ECM encapsulated Map-Request from =
the
>       Map-Server, decrypts the MS-OTK, if needed, and originates a
>       standard Map-Reply that contains the EID-to-RLOC mapping
>       information as specified in [RFC6830].
>=20
>    o  The ETR computes an HMAC over this standard Map-Reply, keyed =
with
>       MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>       also copies the EID-prefix authorization data that the =
Map-Server
>       included in the ECM encapsulated Map-Request into the Map-Reply
>       message.  The ETR then sends this complete Map-Reply message to
>       the requesting ITR.
>=20
>    o  The ITR, upon receiving the Map-Reply, uses the locally stored
>       ITR-OTK to verify the integrity of the EID-prefix authorization
>       data included in the Map-Reply by the Map-Server.  The ITR
>       computes the MS-OTK by applying the same KDF used by the Map-
>       Server, and verifies the integrity of the Map-Reply.  If the
>       integrity checks fail, the Map-Reply MUST be discarded.  Also, =
if
>       the EID-prefixes claimed by the ETR in the Map-Reply are not =
equal
>       or more specific than the EID-prefix authorization data inserted
>       by the Map-Server, the ITR MUST discard the Map-Reply.
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                 [Page =
6]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
> 5.  LISP-SEC Control Messages Details
>=20
>    LISP-SEC metadata associated with a Map-Request is transported =
within
>    the Encapsulated Control Message that contains the Map-Request.
>=20
>    LISP-SEC metadata associated with the Map-Reply is transported =
within
>    the Map-Reply itself.
>=20
> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>=20
>    LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>    [RFC6830] with Type set to 8, and S bit set to 1 to indicate that =
the
>    LISP header includes Authentication Data (AD).  The format of the
>    LISP-SEC ECM Authentication Data is defined in the following =
figure.
>    OTK-AD stands for One-Time Key Authentication Data and EID-AD =
stands
>    for EID Authentication Data.
>=20
>  0                   1                   2                   3
>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
> |              OTK Length       |       OTK Encryption ID       | |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
> |                       One-Time-Key Preamble ...               | |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
OTK-AD
> |                   ... One-Time-Key Preamble                   | |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
> ~                      One-Time Key (128 bits)                  ~/
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
> |           EID-AD Length       |           KDF ID              |     =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     =
|
> | Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    =
|
> |   Reserved    | EID mask-len  |           EID-AFI             | |   =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec =
|
> ~                          EID-prefix ...                       ~ |   =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    =
|
> ~                            EID HMAC                           ~     =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<=E2=80=94+
I think that =E2=80=9Crec=E2=80=9D is mis-aligned and should be shifted =
one character upward.

>=20
>                      LISP-SEC ECM Authentication Data
>=20
>       AD Type: 1 (LISP-SEC Authentication Data)
This is the first document starting to allocate values to the "AD =
Type=E2=80=9D value.=20
Why not asking IANA to create a registry??
(to be done in the IANA Considerations Section)=20



>=20
>       V: Key Version bit.  This bit is toggled when the sender =
switches
>       to a new OTK wrapping key
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                 [Page =
7]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>       Reserved: Set to 0 on transmission and ignored on receipt.
>=20
>       Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>       Section 5.4 for details.
>=20
>       OTK Length: The length (in bytes) of the OTK Authentication Data
>       (OTK-AD), that contains the OTK Preamble and the OTK.
>=20
>       OTK Encryption ID: The identifier of the key wrapping algorithm
>       used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>       unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>       NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>=20
>       One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  =
When
>       the OTK is encrypted, this field may carry additional metadata
>       resulting from the key wrapping operation.  When a 128-bit OTK =
is
>       sent unencrypted by Map-Resolver, the OTK Preamble is set to
>       0x0000000000000000 (64 bits).  See Section 5.5 for details.
>=20
>       One-Time-Key: the OTK encrypted (or not) as specified by OTK
>       Encryption ID.  See Section 5.5 for details.
>=20
>       EID-AD Length: length (in bytes) of the EID Authentication Data
>       (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>       fills the KDF ID field, and all the remaining fields part of the
>       EID-AD are not present.  An EID-AD MAY contain multiple EID-
>       records.  Each EID-record is 4-byte long plus the length of the
>       AFI-encoded EID-prefix.
>=20
>       KDF ID: Identifier of the Key Derivation Function used to derive
>       the MS-OTK.  The ITR SHOULD use this field to indicate the
>       recommended KDF algorithm, according to local policy.=20
I am not sure I understand the rationale of this =E2=80=9CSHOULD=E2=80=9D.=
 If for any reason the ITR does not indicate the KDF ID what are the =
consequences?
Is the MS free to choose the algorithm? This should be clarified.

>  The Map-
>       Server can overwrite the KDF ID if it does not support the KDF =
ID
>       recommended by the ITR. =20
What happens if the MS will choose a KDF ID not supported by the ITR?
Can you clarify how to solve this situation or explain why this will =
never happen?

> See Section 5.4 for more details.
>=20
>       Record Count: The number of records in this Map-Request message.
>       A record is comprised of the portion of the packet that is =
labeled
>       'Rec' above and occurs the number of times equal to Record =
Count.
>=20
>       Reserved: Set to 0 on transmission and ignored on receipt.
>=20
>       EID HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>       integrity of the EID-AD.  This field is filled by Map-Server =
that
>       computed the EID-prefix HMAC.  See Section 5.4 for more details.
>=20
>       EID mask-len: Mask length for EID-prefix.
>=20
>       EID-AFI: Address family of EID-prefix according to [RFC5226]
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                 [Page =
8]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>       EID-prefix: The Map-Server uses this field to specify the EID-
>       prefix that the destination ETR is authoritative for, and is the
>       longest match for the requested EID.
>=20
>       EID HMAC: HMAC of the EID-AD computed and inserted by =
Map-Server.
>       Before computing the HMAC operation the EID HMAC field MUST be =
set
>       to 0.  The HMAC covers the entire EID-AD.
>=20
> 5.2.  Map-Reply LISP-SEC Extensions
>=20
>    LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to =
2,
>    and S bit set to 1 to indicate that the Map-Reply message includes
>    Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>    Authentication Data is defined in the following figure.  PKT-AD is
>    the Packet Authentication Data that covers the Map-Reply payload.
>=20
>  0                   1                   2                   3
>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
> |    AD Type    |                 Reserved                      |
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
> |           EID-AD Length       |           KDF ID              |     =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     =
|
> | Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    =
|
> |   Reserved    | EID mask-len  |           EID-AFI             | |   =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec =
|
> ~                          EID-prefix ...                       ~ |   =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    =
|
> ~                            EID HMAC                           ~     =
|
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
> |         PKT-AD Length         |         PKT HMAC ID           |\
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
> ~                            PKT HMAC                           ~ =
PKT-AD
> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>=20
>                   LISP-SEC Map-Reply Authentication Data
>=20
>       AD Type: 1 (LISP-SEC Authentication Data)
Shouldn=E2=80=99t this be a different value? This AD  format is =
different from the one described in section 5.1!
Another reason to ask IANA for a registry=E2=80=A6.


>=20
>       EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>       contain multiple EID-records.  Each EID-record is 4-byte long =
plus
>       the length of the AFI-encoded EID-prefix.
>=20
>       KDF ID: Identifier of the Key Derivation Function used to derive
>       MS-OTK.  See Section 5.7 for more details.
>=20
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                 [Page =
9]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>       Record Count: The number of records in this Map-Reply message.  =
A
>       record is comprised of the portion of the packet that is labeled
>       'Rec' above and occurs the number of times equal to Record =
Count.
>=20
>       Reserved: Set to 0 on transmission and ignored on receipt.
>=20
>       EID HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>       integrity of the EID-AD.  See Section 5.7 for more details.
>=20
>       EID mask-len: Mask length for EID-prefix.
>=20
>       EID-AFI: Address family of EID-prefix according to [RFC5226].
>=20
>       EID-prefix: This field contains an EID-prefix that the =
destination
>       ETR is authoritative for, and is the longest match for the
>       requested EID.
>=20
>       EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>       Before computing the HMAC operation the EID HMAC field MUST be =
set
>       to 0.  The HMAC covers the entire EID-AD.
>=20
>       PKT-AD Length: length (in bytes) of the Packet Authentication =
Data
>       (PKT-AD).
>=20
>       PKT HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>       integrity of the Map-reply Location Data.
=E2=80=9CLocation Data=E2=80=9D is something nowhere defined. Can you =
clarify what do you mean?


>=20
>       PKT HMAC: HMAC of the whole Map-Reply packet, including the =
LISP-
>       SEC Authentication Data.  The scope of the authentication goes
>       from the Map-Reply Type field to the PKT HMAC field included.
>       Before computing the HMAC operation the PKT HMAC field MUST be =
set
>       to 0.  See Section 5.8 for more details.
>=20
> 5.3.  Map-Register LISP-SEC Extentions
>=20
>    The second bit after the Type field in a Map-Register message is
>    allocated as the S bit. =20
I would better explain that this document is allocating a bit marked as =
reserved in 6830.
Furthermore, at the cost of being redundant, I would put the packet =
format highlighting the position of the bit so that there is no =
confusion whatsoever.

> The S bit indicates to the Map-Server that
>    the registering ETR is LISP-SEC enabled.  An ETR that supports =
LISP-
>    SEC MUST set the S bit in its Map-Register messages.
>=20
> 5.4.  ITR Processing
>=20
>    Upon creating a Map-Request, the ITR generates a random ITR-OTK =
that
>    is stored locally, together with the nonce generated as specified =
in
>    [RFC6830].
>=20
>    The Map-Request MUST be encapsulated in an ECM, with the S-bit set =
to
>    1, to indicate the presence of Authentication Data.  If the ITR and
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
10]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    the Map-Resolver are configured with a shared key,
In section 4 you seem to suggest that this is not the only way to =
protect the OTK (see my comment).
Here instead you suggest that a shared key is the only way.
>  the ITR-OTK
>    confidentiality SHOULD be protected by wrapping the ITR-OTK with =
the
>    algorithm specified by the OTK Encryption ID field.=20
Not clear what this =E2=80=9CSHOULD=E2=80=9D refers to.
IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD =
encrypt.
Or the choice of the algorithm? The ITR SHOULD use the algorithm =
specified by the OTK Encryption ID?
The second case looks impossible since is the ITR is choosing the =
algorithm. May be the sentence can be rewritten.

Similarly to previous comment: Why it is not a MUST?
>  See Section 5.5
>    for further details on OTK encryption.
>=20
>    The Requested HMAC ID field contains the suggested HMAC algorithm =
to
>    be used by the Map-Server and the ETR to protect the integrity of =
the
>    ECM Authentication data and of the Map-Reply.
>=20
What happens if the MS will choose a HMAC not supported by the ETR or =
the ITR?
Can you clarify how to solve this situation or explain why this will =
never happen?

>    The KDF ID field, specifies the suggested key derivation function =
to
>    be used by the Map-Server to derive the MS-OTK.

What happens if the MS will choose a KDF ID not supported by the ITR?
Can you clarify how to solve this situation or explain why this will =
never happen?

>=20
>    The EID-AD length is set to 4 bytes, since the Authentication Data
>    does not contain EID-prefix Authentication Data, and the EID-AD
>    contains only the KDF ID field.
>=20
>    In response to an encapsulated Map-Request that has the S-bit set, =
an
>    ITR MUST receive a Map-Reply with the S-bit set, that includes an
>    EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, =
the
>    ITR MUST discard it.  In response to an encapsulated Map-Request =
with
>    S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, =
and
>    the ITR SHOULD discard the Map-Reply if the S-bit is set.
Why a =E2=80=9CSHOULD=E2=80=9D? If the Map-Request has S-bit=3D0 it mean =
that there is no AD, hence no OTK, how can the ITR decrypt the =
reply?????
It MUST discard=E2=80=A6..


>=20
>    Upon receiving a Map-Reply, the ITR must verify the integrity of =
both
>    the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>    the integrity checks fails.
>=20
>    The integrity of the EID-AD is verified using the locally stored =
ITR-
>    OTK to re-compute the HMAC of the EID-AD using the algorithm
>    specified in the EID HMAC ID field.  If the EID HMAC ID field does
>    not match the Requested HMAC ID the ITR SHOULD discard the =
Map-Reply
Why is this a SHOULD? If it supports the HMAC Algorithm why not decrypt? =
Shouldn=E2=80=99t this be a =E2=80=9CMAY=E2=80=9D, according to internal =
policy?
>    and send, at the first opportunity it needs to, a new Map-Request
>    with a different Requested HMAC ID field, according to ITR's local
>    policy.  The ITR MUST set the EID HMAC ID field to 0 before =
computing
>    the HMAC.
Shouldn=E2=80=99t the MS do the same thing? Otherwise different values =
will be obtained. This is not specified in the MS functioning =
description.


>=20
>    To verify the integrity of the PKT-AD, first the MS-OTK is derived
>    from the locally stored ITR-OTK using the algorithm specified in =
the
>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match =
the
>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>    Reply and send, at the first opportunity it needs to, a new Map-
>    Request with a different KDF ID, according to ITR's local policy.
>    The derived MS-OTK is then used to re-compute the HMAC of the =
PKT-AD
>    using the Algorithm specified in the PKT HMAC ID field.  If the PKT
>    HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>    discard the Map-Reply and send, at the first opportunity it needs =
to,
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
11]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    a new Map-Request with a different Requested HMAC ID according to
>    ITR's local policy.
>=20
>    Each individual Map-Reply EID-record is considered valid only if: =
(1)
>    both EID-AD and PKT-AD are valid, and (2) the intersection of the
>    EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>    contained in the EID-AD is not empty.  After identifying the Map-
>    Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>    record to the value of the intersection set computed before, and =
adds
>    the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>    [RFC6830].  An example of Map-Reply record validation is provided =
in
>    Section 5.4.1.
>=20
>    The ITR SHOULD send SMR triggered Map-Requests over the mapping
>    system in order to receive a secure Map-Reply. =20
I do not understand this =E2=80=9CSHOULD=E2=80=9D.  This has =
consequences in the choice how to react to SMR. This is a local policy.
_If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR =
triggered Map-Request MUST be sent through the mapping system.


> If an ITR accepts
>    piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>    mapping system in order to securely verify the piggybacked =
Map-Reply.
Same as above.

>=20
> 5.4.1.  Map-Reply Record Validation
>=20
>    The payload of a Map-Reply may contain multiple EID-records.  The
>    whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>    integrity protection and origin authentication to the EID-prefix
>    records claimed by the ETR.  The Authentication Data field of a =
Map-
>    Reply may contain multiple EID-records in the EID-AD.  The EID-AD =
is
>    signed by the Map-Server, with the EID HMAC, to provide integrity
>    protection and origin authentication to the EID-prefix records
>    inserted by the Map-Server.
>=20
>    Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>    the validity of both the EID HMAC and of the PKT-AD HMAC.  If =
either
>    one of the HMACs is not valid, a log message is issued and the Map-
>    Reply is not processed any further. =20
I think =E2=80=9Clog message" is too much implementation specific.=20
If there is a notification, and how this notification is done, is =
implementation specific IMHO.

> If both HMACs are valid, the ITR
>    proceeds with validating each individual EID-record claimed by the
>    ETR by computing the intersection of each one of the EID-prefix
>    contained in the payload of the Map-Reply with each one of the EID-
>    prefixes contained in the EID-AD.  An EID-record is valid only if =
at
>    least one of the intersections is not the empty set.
>=20
>    For instance, the Map-Reply payload contains 3 mapping record EID-
>    prefixes:
>=20
>       1.1.1.0/24
>=20
>       1.1.2.0/24
>=20
>       1.2.0.0/16
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
12]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    The EID-AD contains two EID-prefixes:
>=20
>       1.1.2.0/24
>=20
>       1.2.3.0/24
>=20
>    The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>    is not included in any of the EID-ADs signed by the Map-Server.  A
>    log message is issued.
I think =E2=80=9Clog message" is too much implementation specific.=20
If there is a notification, and how this notification is done, is =
implementation specific IMHO.

>=20
>    The EID-record with EID-prefix 1.1.2.0/24 is stored in the =
map-cache
>    because it matches the second EID-prefix contained in the EID-AD.
>=20
>    The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>    is not included in any of the EID-ADs signed by the Map-Server.  A
>    log message is issued.
I think =E2=80=9Clog message" is too much implementation specific.=20
If there is a notification, and how this notification is done, is =
implementation specific IMHO.

>   In this last example the ETR is trying to
>    over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>    only 1.2.3.0/24, hence the EID-record is discarded.
Reading the example I am not sure I would follow this behaviour.
Only 1 record out of 3 is valid so why should I actually trust the ETR =
instead of throwing everything away?
Can you explain ???



>=20
> 5.4.2.  PITR Processing
>=20
>    The processing performed by a PITR is equivalent to the processing =
of
>    an ITR.  However, if the PITR is directly connected to the ALT,=20
This would be LISP+ALT. Pleas add a reference to 6836.

> the
>    PITR performs the functions of both the ITR and the Map-Resolver
>    forwarding the Map-Request encapsulated in an ECM header that
>    includes the Authentication Data fields as described in Section =
5.6.
>=20
> 5.5.  Encrypting and Decrypting an OTK
>=20
>    MS-OTK confidentiality is required in the path between the =
Map-Server
>    and the ETR, the MS-OTK SHOULD
If confidentiality is required why there is not a MUST?

>  be encrypted using the preconfigured
>    key shared between the Map-Server and the ETR for the purpose of
>    securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>    confidentiality is required in the path between the ITR and the =
Map-
>    Resolver, the ITR-OTK SHOULD=20
Again, if confidentiality is required why there is not a MUST?

> be encrypted with a key shared between
>    the ITR and the Map-Resolver.
>=20
>    The OTK is encrypted using the algorithm specified in the OTK
>    Encryption ID field.  When the AES Key Wrap algorithm is used to
>    encrypt a 128-bit OTK, according to [RFC3339],
The correct RFC is 3394.

>  the AES Key Wrap
>    Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>    The output of the AES Key Wrap operation is 192-bit long.  The most
>    significant 64-bit are copied in the One-Time Key Preamble field,
>    while the 128 less significant bits are copied in the One-Time Key
>    field of the LISP-SEC Authentication Data.
>=20
>    When decrypting an encrypted OTK the receiver MUST verify that the
>    Initialization Value resulting from the AES Key Wrap decryption
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
13]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification =
fails
>    the receiver MUST discard the entire message.
>=20
>    When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>    to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>    0x0000000000000000 (64 bits).
>=20
> 5.6.  Map-Resolver Processing
>=20
>    Upon receiving an encapsulated Map-Request with the S-bit set, the
>    Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>    encrypted, is decrypted as specified in Section 5.5.
>=20
>    The Map-Resolver, as specified in [RFC6833], originates a new ECM
>    header with the S-bit set, that contains the unencrypted ITR-OTK, =
as
>    specified in Section 5.5, and the other data derived from the ECM
>    Authentication Data of the received encapsulated Map-Request.
Few points on this last paragraph:
- You assume that there is no need of confidentiality inside the Mapping =
System?
- Why not stating that encryption inside the mapping system is mapping =
system specify and out of scope of this document?
- Why are you assuming that all of the Mapping system will use ECM? =
Future Mapping system may use soemthos different. The important point is =
to ship the AD along.
>=20
>    The Map-Resolver then forwards
to whom?
>  the received Map-Request, encapsulated
>    in the new ECM header that includes the newly computed =
Authentication
>    Data fields.
As for my comment of the previous paragraph I would be more generic =
stating that the MR will hand over the request to the mapping system.

You can still provide the example of DDT using ECM.

>=20
> 5.7.  Map-Server Processing
>=20
>    Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>    the Map-Server process the Map-Request according to the value of =
the
>    S-bit contained in the Map-Register sent by the ETR during
>    registration.
>=20
>    If the S-bit contained in the Map-Register was clear the Map-Server
>    decapsulates the ECM and generates a new ECM encapsulated =
Map-Request
>    that does not contain an ECM Authentication Data, as specified in
>    [RFC6830].  The Map-Server does not perform any further LISP-SEC
>    processing.
This equivalent to not using LISP-SEC. Please specify that the Map-Reply =
will be not protected.

>=20
>    If the S-bit contained in the Map-Register was set the Map-Server
>    decapsulates the ECM and generates a new ECM Authentication Data.
>    The Authentication Data includes the OTK-AD and the EID-AD, that
>    contains EID-prefix authorization information, that are ultimately
>    sent to the requesting ITR.
>=20
>    The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) =
from
>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>    applying the key derivation function specified in the KDF ID field.
>    If the algorithm specified in the KDF ID field is not supported, =
the
>    Map-Server uses a different algorithm to derive the key and updates
>    the KDF ID field accordingly.
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
14]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    The Map-Server and the ETR MUST be configured with a shared key for
>    mapping registration according to [RFC6833].  If MS-OTK
>    confidentiality is required, then the MS-OTK SHOULD be encrypted,
Again, if confidentiality is required why there is not a MUST?
>  by
>    wrapping the MS-OTK with the algorithm specified by the OTK
>    Encryption ID field as specified in Section 5.5.
>=20
>    The Map-Server includes in the EID-AD the longest match registered
>    EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>    The HMAC is keyed with the ITR-OTK contained in the received ECM
>    Authentication Data, and the HMAC algorithm is chosen according to
>    the Requested HMAC ID field.  If The Map-Server does not support =
this
>    algorithm, the Map-Server uses a different algorithm and specifies =
it
>    in the EID HMAC ID field.  The scope of the HMAC operation covers =
the
>    entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>    which must be set to 0 before the computation.
>=20
>    The Map-Server then forwards the updated ECM encapsulated Map-
>    Request, that contains the OTK-AD, the EID-AD, and the received =
Map-
>    Request to an authoritative ETR as specified in [RFC6830].
>=20
> 5.7.1.  Map-Server Processing in Proxy mode
>=20
>    If the Map-Server is in proxy mode, it generates a Map-Reply, as
>    specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>    includes the Authentication Data that contains the EID-AD, computed
>    as specified in Section 5.7, as well as the PKT-AD computed as
>    specified in Section 5.8.
>=20
> 5.8.  ETR Processing
>=20
>    Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>    the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>    is decrypted as specified in Section 5.5 to obtain the unencrypted
>    MS-OTK.
>=20
>    The ETR then generates a Map-Reply as specified in [RFC6830] and
>    includes the Authentication Data that contains the EID-AD, as
>    received in the encapsulated Map-Request, as well as the PKT-AD.
>=20
>    The EID-AD is copied from the Authentication Data of the received
>    encapsulated Map-Request.
>=20
>    The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>    with the MS-OTK and computed using the HMAC algorithm specified in
>    the Requested HMAC ID field of the received encapsulated =
Map-Request.
>    If the ETR does not support the Requested HMAC ID, it uses a
>    different algorithm and updates the PKT HMAC ID field accordingly.
>    The scope of the HMAC operation covers the entire PKT-AD, from the
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
15]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    Map-Reply Type field to the PKT HMAC field, which must be set to 0
>    before the computation.
>=20
>    Finally the ETR sends the Map-Reply to the requesting ITR as
>    specified in [RFC6830].
>=20
> 6.  Security Considerations
>=20
> 6.1.  Mapping System Security
>=20
>    The LISP-SEC threat model described in Section 3, assumes that the
>    LISP Mapping System is working properly and eventually delivers =
Map-
>    Request messages to a Map-Server that is authoritative for the
>    requested EID.
>=20

As for a previous comment, can you elaborate if OTK confidentiality is =
required in the mapping system and what are the consequences?


>    Map-Register security, including the right for a LISP entity to
>    register an EID-prefix or to claim presence at an RLOC, is out of =
the
>    scope of LISP-SEC.
>=20
> 6.2.  Random Number Generation
>=20
>    The ITR-OTK MUST be generated by a properly seeded pseudo-random =
(or
>    strong random) source.  See [RFC4086] for advice on generating
>    security-sensitive random data
>=20
> 6.3.  Map-Server and ETR Colocation
>=20
>    If the Map-Server and the ETR are colocated, LISP-SEC does not
>    provide protection from overclaiming attacks mounted by the ETR.
>    However, in this particular case, since the ETR is within the trust
>    boundaries of the Map-Server, ETR's overclaiming attacks are not
>    included in the threat model.
>=20
> 7.  IANA Considerations
This section is not conform to RFC 5226.

There right way to go is to ask IANA to create three new registries, for =
HMAC, Key Wrap, and Key Derivation functions.
Define what is the allocation process (in light of the size of the field =
FCFS should not cause any problem IMHO)

Then ask to populate the registries as already described.


>=20
> 7.1.  HMAC functions
>=20
>    The following HMAC ID values are defined by this memo for use as
>    Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>    Authentication Data:
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
16]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>              Name                     Number        Defined In
>              -------------------------------------------------
>              NONE                     0
>              AUTH-HMAC-SHA-1-96       1             [RFC2104]
>              AUTH-HMAC-SHA-256-128    2             [RFC4634]
>=20
>              values 2-65535 are reserved to IANA.
>=20
>                               HMAC Functions
>=20
>    AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should =
be
>    supported.
>=20
> 7.2.  Key Wrap Functions
>=20
>    The following OTK Encryption ID values are defined by this memo for
>    use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>    Data:
>=20
>              Name                     Number        Defined In
>              -------------------------------------------------
>              NULL-KEY-WRAP-128        1
>              AES-KEY-WRAP-128         2             [RFC3394]
>=20
>              values 0 and 3-65535 are reserved to IANA.
>=20
>                             Key Wrap Functions
>=20
>    NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>=20
>    NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with =
a
>    64-bit preamble set to 0x0000000000000000 (64 bits).
>=20
> 7.3.  Key Derivation Functions
>=20
>    The following KDF ID values are defined by this memo for use as KDF
>    ID in the LISP-SEC Authentication Data:
>=20
>              Name                     Number        Defined In
>              -------------------------------------------------
>              NONE                     0
>              HKDF-SHA1-128            1             [RFC5869]
>=20
>              values 2-65535 are reserved to IANA.
>=20
>                          Key Derivation Functions
>=20
>    HKDF-SHA1-128 MUST be supported
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
17]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
> 8.  Acknowledgements
>=20
>    The authors would like to acknowledge Pere Monclus, Dave Meyer, =
Dino
>    Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>    Noll for their valuable suggestions provided during the preparation
>    of this document.
>=20
> 9.  Normative References


Please Check your reference, this is the output if the nits tool:


Checking references for intended status: Experimental
  =
--------------------------------------------------------------------------=
--

  =3D=3D Missing Reference: 'RFC3339' is mentioned on line 602, but not =
defined

  =3D=3D Missing Reference: 'RFC4634' is mentioned on line 752, but not =
defined

  ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)

>=20
>    [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>               Hashing for Message Authentication", RFC 2104,
>               DOI 10.17487/RFC2104, February 1997,
>               <http://www.rfc-editor.org/info/rfc2104>.
>=20
>    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>               Requirement Levels", BCP 14, RFC 2119,
>               DOI 10.17487/RFC2119, March 1997,
>               <http://www.rfc-editor.org/info/rfc2119>.
>=20
>    [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>               (AES) Key Wrap Algorithm", RFC 3394, DOI =
10.17487/RFC3394,
>               September 2002, =
<http://www.rfc-editor.org/info/rfc3394>.
>=20
>    [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>               "Randomness Requirements for Security", BCP 106, RFC =
4086,
>               DOI 10.17487/RFC4086, June 2005,
>               <http://www.rfc-editor.org/info/rfc4086>.
>=20
>    [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>               IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>               DOI 10.17487/RFC5226, May 2008,
>               <http://www.rfc-editor.org/info/rfc5226>.
>=20
>    [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based =
Extract-and-Expand
>               Key Derivation Function (HKDF)", RFC 5869,
>               DOI 10.17487/RFC5869, May 2010,
>               <http://www.rfc-editor.org/info/rfc5869>.
>=20
>    [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>               Locator/ID Separation Protocol (LISP)", RFC 6830,
>               DOI 10.17487/RFC6830, January 2013,
>               <http://www.rfc-editor.org/info/rfc6830>.
>=20
>    [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>               Protocol (LISP) Map-Server Interface", RFC 6833,
>               DOI 10.17487/RFC6833, January 2013,
>               <http://www.rfc-editor.org/info/rfc6833>.
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
18]
> =0C
> Internet-Draft                  LISP-SEC                    October =
2016
>=20
>=20
>    [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>               Separation Protocol (LISP) Threat Analysis", RFC 7835,
>               DOI 10.17487/RFC7835, April 2016,
>               <http://www.rfc-editor.org/info/rfc7835>.
>=20
> Authors' Addresses
>=20
>    Fabio Maino
>    Cisco Systems
>    170 Tasman Drive
>    San Jose, California  95134
>    USA
>=20
>    Email: fmaino@cisco.com
>=20
>=20
>    Vina Ermagan
>    Cisco Systems
>    170 Tasman Drive
>    San Jose, California  95134
>    USA
>=20
>    Email: vermagan@cisco.com
>=20
>=20
>    Albert Cabellos
>    Technical University of Catalonia
>    c/ Jordi Girona s/n
>    Barcelona  08034
>    Spain
>=20
>    Email: acabello@ac.upc.edu
>=20
>=20
>    Damien Saucez
>    INRIA
>    2004 route des Lucioles - BP 93
>    Sophia Antipolis
>    France
>=20
>    Email: damien.saucez@inria.fr
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
>=20
> Maino, et al.             Expires April 6, 2017                [Page =
19]
>=20
>=20
>=20





--Apple-Mail=_50A4081C-B558-413D-A218-E6AFCC51B906
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><div class=3D"">Dear Authors of the LISP-SEC =
document,</div><div class=3D""><br class=3D""></div><div =
class=3D"">hereafter my review of the document.</div><div class=3D"">This =
was long overdue, sorry for being so late.</div><div class=3D""><br =
class=3D""></div><div class=3D"">I really like the solution and the =
majority of my comments are just clarification questions.</div><div =
class=3D"">Let me know if my comments are clear.</div><div class=3D""><br =
class=3D""></div><div class=3D"">ciao</div><div class=3D""><br =
class=3D""></div><div class=3D"">L.</div><div class=3D""><br =
class=3D""></div><div class=3D""></div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div><blockquote =
type=3D"cite" class=3D""><div class=3D""><pre style=3D"word-wrap: =
break-word; white-space: pre-wrap;" class=3D"">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre></div></blockquote>I find the above sentence =
confusing. Wouldn=E2=80=99t be better to specify that we are talking =
about IP addresses?<div class=3D""><br class=3D""></div><div =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">If =
these EID-to-RLOC mappings, carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre></div></blockquote><div class=3D""><br =
class=3D""></div><div class=3D"">I would put s forward reference to =
section 3 stating that the reader will find details about the threat =
model.</div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre></div></blockquote><div class=3D""><br class=3D""></div><div =
class=3D"">Why are you considering ITR-OTK and MS-OTK =
sub-terms?&nbsp;</div><div class=3D"">I would elevate them at full =
terms, hence avoiding spacing and indentation.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">
      Encapsulated Control Message (ECM): A LISP control message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre></div></blockquote><div class=3D"">Why are you re-defining =
ECM?&nbsp;</div><div class=3D"">You do not specify other packets, e.g., =
Map-Reply, so why ECM?</div><div class=3D"">I would drop it.</div><div =
class=3D""><br class=3D""></div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">      Authentication Data (AD): =
Metadata that is included either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]
=0C
Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre></div></blockquote><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D""><div class=3D"">Why are =
you considering OTK-AD, EID-AD, and PKT-AD sub-terms?&nbsp;</div><div =
class=3D"">I would elevate them at full terms, hence avoiding spacing =
and indentation.</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""></div></blockquote></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">
   For definitions of other terms, notably Map-Request, Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre></div></blockquote><div class=3D"">LISP-SEC does not require OTK =
confidentiality in the mapping system. This should be discussed =
here.</div><div class=3D""><br class=3D""></div><br class=3D""><blockquote=
 type=3D"cite" class=3D""><div class=3D""><pre style=3D"word-wrap: =
break-word; white-space: pre-wrap;" class=3D"">
   According to the threat model described in [RFC7835] LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre></div></blockquote><div class=3D"">You did not define HMAC =
acronym. Please define and add a reference.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">      =
the integrity of the mapping data known to the Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre></div></blockquote><div class=3D"">Why not using =
=E2=80=9CMUST=E2=80=9D???</div><div class=3D"">Are you suggesting that a =
different way to provide confidentiality can be used (e.g. a different =
shared key)???</div><div class=3D"">If yes, please state so.</div><div =
class=3D""><br class=3D""></div><div class=3D"">Or are you suggesting =
that no encryption at all is used? But this means not providing =
confidentiality=E2=80=A6</div><div class=3D"">Can you clarify?</div><div =
class=3D""><br class=3D""></div>(this very same comment will appear =
several time in this review)<br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">be encrypted using a preconfigured =
key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre></div></blockquote><div class=3D"">This =
=E2=80=9Cshould=E2=80=9D should be a =E2=80=9CSHOULD=E2=80=9D =
&nbsp;(sorry for the cacophony=E2=80=A6)</div><div class=3D""><br =
class=3D""></div><div class=3D""><div class=3D"">Why not using =
=E2=80=9CMUST=E2=80=9D???</div><div class=3D"">Are you suggesting that a =
different way to provide confidentiality can be used (e.g. a different =
shared key)???</div><div class=3D"">If yes, please state so.</div><div =
class=3D""><br class=3D""></div><div class=3D"">Or are you suggesting =
that no encryption at all is used? But this means not providing =
confidentiality=E2=80=A6</div><div class=3D"">Can you =
clarify?</div></div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">be encrypted using the key shared =
between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]
=0C
Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;=E2=80=94+
</pre></div></blockquote><div class=3D"">I think that =E2=80=9Crec=E2=80=9D=
 is mis-aligned and should be shifted one character upward.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">
                     LISP-SEC ECM Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre></div></blockquote><div class=3D"">This is the first document =
starting to allocate values to the "AD Type=E2=80=9D =
value.&nbsp;</div><div class=3D"">Why not asking IANA to create a =
registry??</div><div class=3D"">(to be done in the IANA Considerations =
Section)&nbsp;</div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">
      V: Key Version bit.  This bit is toggled when the sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. =
</pre></div></blockquote><div class=3D"">I am not sure I understand the =
rationale of this =E2=80=9CSHOULD=E2=80=9D. If for any reason the ITR =
does not indicate the KDF ID what are the consequences?</div><div =
class=3D"">Is the MS free to choose the algorithm? This should be =
clarified.</div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre></div></blockquote><div =
class=3D"">What happens if the MS will choose a KDF ID not supported by =
the ITR?</div><div class=3D"">Can you clarify how to solve this =
situation or explain why this will never happen?</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">See =
Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre></div></blockquote><div class=3D"">Shouldn=E2=80=99t this be a =
different value? This AD &nbsp;format is different from the one =
described in section 5.1!</div><div class=3D"">Another reason to ask =
IANA for a registry=E2=80=A6.</div><div class=3D""><br =
class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">
      EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre></div></blockquote><div class=3D"">=E2=80=9CLocation Data=E2=80=9D =
is something nowhere defined. Can you clarify what do you =
mean?</div><div class=3D""><br class=3D""></div><br class=3D""><blockquote=
 type=3D"cite" class=3D""><div class=3D""><pre style=3D"word-wrap: =
break-word; white-space: pre-wrap;" class=3D"">
      PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre></div></blockquote><div class=3D"">I =
would better explain that this document is allocating a bit marked as =
reserved in 6830.</div><div class=3D"">Furthermore, at the cost of being =
redundant, I would put the packet format highlighting the position of =
the bit so that there is no confusion whatsoever.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">The S =
bit indicates to the Map-Server that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared =
key,</pre></div></blockquote>In section 4 you seem to suggest that this =
is not the only way to protect the OTK (see my comment).</div><div =
class=3D"">Here instead you suggest that a shared key is the only =
way.<br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. =
</pre></div></blockquote><div class=3D"">Not clear what this =
=E2=80=9CSHOULD=E2=80=9D refers to.</div><div class=3D"">IS the SHOULD =
related to the fact to encrypt the OTK? The ITR SHOULD =
encrypt.</div><div class=3D"">Or the choice of the algorithm? The ITR =
SHOULD use the algorithm specified by the OTK Encryption ID?</div><div =
class=3D"">The second case looks impossible since is the ITR is choosing =
the algorithm. May be the sentence can be rewritten.</div><div =
class=3D""><br class=3D""></div>Similarly to previous comment: Why it is =
not a MUST?<br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre></div></blockquote><div class=3D"">What happens if the MS will =
choose a HMAC not supported by the ETR or the ITR?</div><div =
class=3D"">Can you clarify how to solve this situation or explain why =
this will never happen?</div><div class=3D""><br =
class=3D""></div><blockquote type=3D"cite" class=3D""><div class=3D""><pre=
 style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">   =
The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre></div></blockquote><div class=3D""><br class=3D""></div><div =
class=3D"">What happens if the MS will choose a KDF ID not supported by =
the ITR?</div><div class=3D"">Can you clarify how to solve this =
situation or explain why this will never happen?</div><div class=3D""><br =
class=3D""></div><blockquote type=3D"cite" class=3D""><div class=3D""><pre=
 style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">
   The EID-AD length is set to 4 bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre></div></blockquote><div class=3D"">Why a =E2=80=9CSHOULD=E2=80=9D? =
If the Map-Request has S-bit=3D0 it mean that there is no AD, hence no =
OTK, how can the ITR decrypt the reply?????</div><div class=3D"">It MUST =
discard=E2=80=A6..</div><div class=3D""><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">
   Upon receiving a Map-Reply, the ITR must verify the integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre></div></blockquote>Why is this a SHOULD? If it supports the HMAC =
Algorithm why not decrypt? Shouldn=E2=80=99t this be a =E2=80=9CMAY=E2=80=9D=
, according to internal policy?<br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   and send, at the first opportunity =
it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre></div></blockquote><div class=3D"">Shouldn=E2=80=99t the MS do the =
same thing? Otherwise different values will be obtained. This is not =
specified in the MS functioning description.</div><div class=3D""><br =
class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">
   To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  =
</pre></div></blockquote><div class=3D"">I do not understand this =
=E2=80=9CSHOULD=E2=80=9D. &nbsp;This has consequences in the choice how =
to react to SMR. This is a local policy.</div><div class=3D"">_If_ the =
ITR wants to protect Map-Requests using LISP-SEC, than SMR triggered =
Map-Request MUST be sent through the mapping system.</div><div =
class=3D""><br class=3D""></div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">If an ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre></div></blockquote><div class=3D"">Same as above.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">
5.4.1.  Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre></div></blockquote><div =
class=3D"">I think =E2=80=9Clog message" is too much implementation =
specific.&nbsp;</div><div class=3D"">If there is a notification, and how =
this notification is done, is implementation specific IMHO.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">If =
both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre></div></blockquote><div class=3D"">I think =E2=80=9Clog message" =
is too much implementation specific.&nbsp;</div><div class=3D"">If there =
is a notification, and how this notification is done, is implementation =
specific IMHO.</div><div class=3D""><br class=3D""></div><blockquote =
type=3D"cite" class=3D""><div class=3D""><pre style=3D"word-wrap: =
break-word; white-space: pre-wrap;" class=3D"">
   The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre></div></blockquote><div class=3D"">I =
think =E2=80=9Clog message" is too much implementation =
specific.&nbsp;</div><div class=3D"">If there is a notification, and how =
this notification is done, is implementation specific IMHO.</div><div =
class=3D""><br class=3D""></div><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">  In this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre></div></blockquote><div class=3D"">Reading the example I am not =
sure I would follow this behaviour.</div><div class=3D"">Only 1 record =
out of 3 is valid so why should I actually trust the ETR instead of =
throwing everything away?</div><div class=3D"">Can you explain =
???</div><div class=3D""><br class=3D""></div><div class=3D""><br =
class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">
5.4.2.  PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, =
</pre></div></blockquote><div class=3D"">This would be LISP+ALT. Pleas =
add a reference to 6836.</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre></div></blockquote><div =
class=3D"">If confidentiality is required why there is not a =
MUST?</div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre></div></blockquote>Again, if =
confidentiality is required why there is not a MUST?</div><div =
class=3D""><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">be encrypted with a key shared between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to =
[RFC3339],</pre></div></blockquote><div class=3D"">The correct RFC is =
3394.</div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> the AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre></div></blockquote><div class=3D"">Few points on this last =
paragraph:</div><div class=3D"">- You assume that there is no need of =
confidentiality inside the Mapping System?</div><div class=3D"">- Why =
not stating that encryption inside the mapping system is mapping system =
specify and out of scope of this document?</div><div class=3D"">- Why =
are you assuming that all of the Mapping system will use ECM? Future =
Mapping system may use soemthos different. The important point is to =
ship the AD along.</div><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">
   The Map-Resolver then forwards</pre></div></blockquote>to whom?<br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D""> the =
received Map-Request, encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre></div></blockquote><div class=3D"">As for my comment of the =
previous paragraph I would be more generic stating that the MR will hand =
over the request to the mapping system.</div><div class=3D""><br =
class=3D""></div><div class=3D"">You can still provide the example of =
DDT using ECM.</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">
5.7.  Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre></div></blockquote><div class=3D"">This equivalent to not using =
LISP-SEC. Please specify that the Map-Reply will be not =
protected.</div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">
   If the S-bit contained in the Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be =
encrypted,</pre></div></blockquote>Again, if confidentiality is required =
why there is not a MUST?<br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre></div></blockquote><div class=3D""><br class=3D""></div><div =
class=3D"">As for a previous comment, can you elaborate if OTK =
confidentiality is required in the mapping system and what are the =
consequences?</div><div class=3D""><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">   =
Map-Register security, including the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre></div></blockquote><div class=3D"">This section is not conform to =
RFC 5226.</div><div class=3D""><br class=3D""></div><div class=3D"">There =
right way to go is to ask IANA to create three new registries, for HMAC, =
Key Wrap, and Key Derivation functions.</div><div class=3D"">Define what =
is the allocation process (in light of the size of the field FCFS should =
not cause any problem IMHO)</div><div class=3D""><br class=3D""></div><div=
 class=3D"">Then ask to populate the registries as already =
described.</div><div class=3D""><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">
7.1.  HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]
=0C
Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]
=0C
Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre></div></blockquote><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><div class=3D"">Please Check your =
reference, this is the output if the nits tool:</div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div><div =
class=3D"">Checking references for intended status: =
Experimental</div><div class=3D"">&nbsp; =
--------------------------------------------------------------------------=
--</div><div class=3D""><br class=3D""></div><div class=3D"">&nbsp; =3D=3D=
 Missing Reference: 'RFC3339' is mentioned on line 602, but not =
defined</div><div class=3D""><br class=3D""></div><div class=3D"">&nbsp; =
=3D=3D Missing Reference: 'RFC4634' is mentioned on line 752, but not =
defined</div><div class=3D""><br class=3D""></div><div class=3D"">&nbsp; =
** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC =
6234)</div><div class=3D""><br class=3D""></div><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">
   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc2104" =
class=3D"">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc2119" =
class=3D"">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a =
href=3D"http://www.rfc-editor.org/info/rfc3394" =
class=3D"">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc4086" =
class=3D"">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc5226" =
class=3D"">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc5869" =
class=3D"">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc6830" =
class=3D"">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc6833" =
class=3D"">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a href=3D"http://www.rfc-editor.org/info/rfc7835" =
class=3D"">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a href=3D"mailto:fmaino@cisco.com" =
class=3D"">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a href=3D"mailto:vermagan@cisco.com" =
class=3D"">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a href=3D"mailto:acabello@ac.upc.edu" =
class=3D"">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a href=3D"mailto:damien.saucez@inria.fr" =
class=3D"">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page =
19]</pre><div class=3D""><br class=3D""></div></div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div></blockquote><br =
class=3D""><div class=3D""><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""></div><br class=3D""></div></div></body></html>=

--Apple-Mail=_50A4081C-B558-413D-A218-E6AFCC51B906--


From nobody Wed Oct 19 08:33:04 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1C1D129556; Wed, 19 Oct 2016 08:33:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.941
X-Spam-Level: 
X-Spam-Status: No, score=-14.941 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOmjNz2gnyCE; Wed, 19 Oct 2016 08:32:55 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A4AF126FDC; Wed, 19 Oct 2016 08:32:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=116792; q=dns/txt; s=iport; t=1476891175; x=1478100775; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=oraIku8xAM8eTMd2GUTgDfabrkonHGqT4a2BvI7Bgu8=; b=MoTTxcjXK7BU/aksV2dyMHUjGHYQYei028df38nfR/yUikVN2m8mKsVS dvxd4TaDV+bFBg/soiLa4b9PnK1SdxoDK83WSvOUI8szgvZPo0hs2xVkI JEdRssCG8ITXeS5MRs6YlDOOKAjGDLQ64GvGaoL895TJVtJchpVgF1Pga s=;
X-IronPort-AV: E=Sophos;i="5.31,514,1473120000";  d="scan'208,217";a="161514927"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 19 Oct 2016 15:32:54 +0000
Received: from [10.24.119.45] ([10.24.119.45]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u9JFWqJa023991; Wed, 19 Oct 2016 15:32:53 GMT
To: Luigi Iannone <luigi.iannone@telecom-paristech.fr>, "Vina Ermagan (vermagan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien Saucez <damien.saucez@inria.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <26b25fda-5964-8979-06c8-63db76be46a1@cisco.com>
Date: Wed, 19 Oct 2016 08:32:52 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="------------AE9CBA7B01D75C294BE5A759"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/e98JS_s6i9THJwEA_77JNymlT_U>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2016 15:33:01 -0000

This is a multi-part message in MIME format.
--------------AE9CBA7B01D75C294BE5A759
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Thanks Luigi,
we will look into your comments and come back.

Fabio

On 10/19/16 8:06 AM, Luigi Iannone wrote:
> Dear Authors of the LISP-SEC document,
>
> hereafter my review of the document.
> This was long overdue, sorry for being so late.
>
> I really like the solution and the majority of my comments are just 
> clarification questions.
> Let me know if my comments are clear.
>
> ciao
>
> L.
>
>
>
>> 1.  Introduction
>>
>>     The Locator/ID Separation Protocol [RFC6830] defines a set of
>>     functions for routers to exchange information used to map from non-
>>     routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>     (RLOCs).
> I find the above sentence confusing. Wouldn’t be better to specify 
> that we are talking about IP addresses?
>
>> If these EID-to-RLOC mappings, carried through Map-Reply
>>     messages, are transmitted without integrity protection, an adversary
>>     can manipulate them and hijack the communication, impersonate the
>>     requested EID, or mount Denial of Service or Distributed Denial of
>>     Service attacks.  Also, if the Map-Reply message is transported
>>     unauthenticated, an adversarial LISP entity can overclaim an EID-
>>     prefix and maliciously redirect traffic directed to a large number of
>>     hosts.  A detailed description of "overclaiming" attack is provided
>>     in [RFC7835].
>>
>>     This memo specifies LISP-SEC, a set of security mechanisms that
>>     provides origin authentication, integrity and anti-replay protection
>>     to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>     process.
>
> I would put s forward reference to section 3 stating that the reader 
> will find details about the threat model.
>
>> LISP-SEC also enables verification of authorization on EID-
>>     prefix claims in Map-Reply messages, ensuring that the sender of a
>>     Map-Reply that provides the location for a given EID-prefix is
>>     entitled to do so according to the EID prefix registered in the
>>     associated Map-Server.  Map-Register security, including the right
>>     for a LISP entity to register an EID-prefix or to claim presence at
>>     an RLOC, is out of the scope of LISP-SEC.  Additional security
>>     considerations are described in Section 6.
>>
>> 2.  Definition of Terms
>>
>>        One-Time Key (OTK): An ephemeral randomly generated key that must
>>        be used for a single Map-Request/Map-Reply exchange.
>>
>>
>>
>>           ITR-OTK: The One-Time Key generated at the ITR.
>>
>>           MS-OTK: The One-Time Key generated at the Map-Server.
>
> Why are you considering ITR-OTK and MS-OTK sub-terms?
> I would elevate them at full terms, hence avoiding spacing and 
> indentation.
>
>>        Encapsulated Control Message (ECM): A LISP control message that is
>>        prepended with an additional LISP header.  ECM is used by ITRs to
>>        send LISP control messages to a Map-Resolver, by Map-Resolvers to
>>        forward LISP control messages to a Map-Server, and by Map-
>>        Resolvers to forward LISP control messages to an ETR.
>>
> Why are you re-defining ECM?
> You do not specify other packets, e.g., Map-Reply, so why ECM?
> I would drop it.
>
>
>>        Authentication Data (AD): Metadata that is included either in a
>>        LISP ECM header or in a Map-Reply message to support
>>        confidentiality, integrity protection, and verification of EID-
>>        prefix authorization.
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 3]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>           OTK-AD: The portion of ECM Authentication Data that contains a
>>           One-Time Key.
>>
>>           EID-AD: The portion of ECM and Map-Reply Authentication Data
>>           used for verification of EID-prefix authorization.
>>
>>           PKT-AD: The portion of Map-Reply Authentication Data used to
>>           protect the integrity of the Map-Reply message.
>
>
> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
> I would elevate them at full terms, hence avoiding spacing and 
> indentation.
>
>
>>     For definitions of other terms, notably Map-Request, Map-Reply,
>>     Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>>     (MS), and Map-Resolver (MR) please consult the LISP specification
>>     [RFC6830].
>>
>> 3.  LISP-SEC Threat Model
>>
>>     LISP-SEC addresses the control plane threats, described in [RFC7835],
>>     that target EID-to-RLOC mappings, including manipulations of Map-
>>     Request and Map-Reply messages, and malicious ETR EID prefix
>>     overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>     mapping system is expected to deliver a Map-Request message to their
>>     intended destination ETR as identified by the EID, and (2) no man-in-
>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>     System.  Furthermore, while LISP-SEC enables detection of EID prefix
>>     overclaiming attacks, it assumes that Map-Servers can verify the EID
>>     prefix authorization at time of registration.
> LISP-SEC does not require OTK confidentiality in the mapping system. 
> This should be discussed here.
>
>
>>     According to the threat model described in [RFC7835] LISP-SEC assumes
>>     that any kind of attack, including MITM attacks, can be mounted in
>>     the access network, outside of the boundaries of the LISP mapping
>>     system.  An on-path attacker, outside of the LISP mapping system can,
>>     for example, hijack Map-Request and Map-Reply messages, spoofing the
>>     identity of a LISP node.  Another example of on-path attack, called
>>     overclaiming attack, can be mounted by a malicious Egress Tunnel
>>     Router (ETR), by overclaiming the EID-prefixes for which it is
>>     authoritative.  In this way the ETR can maliciously redirect traffic
>>     directed to a large number of hosts.
>>
>> 4.  Protocol Operations
>>
>>     The goal of the security mechanisms defined in [RFC6830] is to
>>     prevent unauthorized insertion of mapping data by providing origin
>>     authentication and integrity protection for the Map-Registration, and
>>     by using the nonce to detect unsolicited Map-Reply sent by off-path
>>     attackers.
>>
>>     LISP-SEC builds on top of the security mechanisms defined in
>>     [RFC6830] to address the threats described in Section 3 by leveraging
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 4]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     the trust relationships existing among the LISP entities
>>     participating to the exchange of the Map-Request/Map-Reply messages.
>>     Those trust relationships are used to securely distribute a One-Time
>>     Key (OTK) that provides origin authentication, integrity and anti-
>>     replay protection to mapping data conveyed via the mapping lookup
>>     process, and that effectively prevent overclaiming attacks.  The
>>     processing of security parameters during the Map-Request/Map-Reply
>>     exchange is as follows:
>>
>>     o  The ITR-OTK is generated and stored at the ITR, and securely
>>        transported to the Map-Server.
>>
>>     o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
> You did not define HMAC acronym. Please define and add a reference.
>
>>        the integrity of the mapping data known to the Map-Server to
>>        prevent overclaiming attacks.  The Map-Server also derives a new
>>        OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>        Derivation Function (KDF) to the ITR-OTK.
>>
>>     o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>        integrity of the Map-Reply sent to the ITR.
>>
>>     o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>>        of the mapping data provided by both the Map-Server and the ETR,
>>        and to verify that no overclaiming attacks were mounted along the
>>        path between the Map-Server and the ITR.
>>
>>     Section 5 provides the detailed description of the LISP-SEC control
>>     messages and their processing, while the rest of this section
>>     describes the flow of protocol operations at each entity involved in
>>     the Map-Request/Map-Reply exchange:
>>
>>     o  The ITR, upon needing to transmit a Map-Request message, generates
>>        and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>>        Encapsulated Control Message (ECM) that contains the Map-Request
>>        sent to the Map-Resolver.  To provide confidentiality to the ITR-
>>        OTK over the path between the ITR and its Map-Resolver, the ITR-
>>        OTK SHOULD
> Why not using “MUST”???
> Are you suggesting that a different way to provide confidentiality can 
> be used (e.g. a different shared key)???
> If yes, please state so.
>
> Or are you suggesting that no encryption at all is used? But this 
> means not providing confidentiality…
> Can you clarify?
>
> (this very same comment will appear several time in this review)
>> be encrypted using a preconfigured key shared between
>>        the ITR and the Map-Resolver, similar to the key shared between
>>        the ETR and the Map-Server in order to secure ETR registration
>>        [RFC6833].
>>
>>     o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>>        OTK, if needed, and forwards through the Mapping System the
>>        received Map-Request and the ITR-OTK, as part of a new ECM
>>        message.  As described in Section 5.6, the LISP Mapping System
>>        delivers the ECM to the appropriate Map-Server, as identified by
>>        the EID destination address of the Map-Request.
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 5]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     o  The Map-Server is configured with the location mappings and policy
>>        information for the ETR responsible for the EID destination
>>        address.  Using this preconfigured information, the Map-Server,
>>        after the decapsulation of the ECM message, finds the longest
>>        match EID-prefix that covers the requested EID in the received
>>        Map-Request.  The Map-Server adds this EID-prefix, together with
>>        an HMAC computed using the ITR-OTK, to a new Encapsulated Control
>>        Message that contains the received Map-Request.
>>
>>     o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>>        Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
>>        in the Encapsulated Control Message that the Map-Server uses to
>>        forward the Map-Request to the ETR.  To provide MS-OTK
>>        confidentiality over the path between the Map-Server and the ETR,
>>        the MS-OTK should
> This “should” should be a “SHOULD”  (sorry for the cacophony…)
>
> Why not using “MUST”???
> Are you suggesting that a different way to provide confidentiality can 
> be used (e.g. a different shared key)???
> If yes, please state so.
>
> Or are you suggesting that no encryption at all is used? But this 
> means not providing confidentiality…
> Can you clarify?
>
>> be encrypted using the key shared between the
>>        ETR and the Map-Server in order to secure ETR registration
>>        [RFC6833].
>>
>>     o  If the Map-Server is acting in proxy mode, as specified in
>>        [RFC6830], the ETR is not involved in the generation of the Map-
>>        Reply.  In this case the Map-Server generates the Map-Reply on
>>        behalf of the ETR as described below.
>>
>>     o  The ETR, upon receiving the ECM encapsulated Map-Request from the
>>        Map-Server, decrypts the MS-OTK, if needed, and originates a
>>        standard Map-Reply that contains the EID-to-RLOC mapping
>>        information as specified in [RFC6830].
>>
>>     o  The ETR computes an HMAC over this standard Map-Reply, keyed with
>>        MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>>        also copies the EID-prefix authorization data that the Map-Server
>>        included in the ECM encapsulated Map-Request into the Map-Reply
>>        message.  The ETR then sends this complete Map-Reply message to
>>        the requesting ITR.
>>
>>     o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>        ITR-OTK to verify the integrity of the EID-prefix authorization
>>        data included in the Map-Reply by the Map-Server.  The ITR
>>        computes the MS-OTK by applying the same KDF used by the Map-
>>        Server, and verifies the integrity of the Map-Reply.  If the
>>        integrity checks fail, the Map-Reply MUST be discarded.  Also, if
>>        the EID-prefixes claimed by the ETR in the Map-Reply are not equal
>>        or more specific than the EID-prefix authorization data inserted
>>        by the Map-Server, the ITR MUST discard the Map-Reply.
>>
>>
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 6]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>> 5.  LISP-SEC Control Messages Details
>>
>>     LISP-SEC metadata associated with a Map-Request is transported within
>>     the Encapsulated Control Message that contains the Map-Request.
>>
>>     LISP-SEC metadata associated with the Map-Reply is transported within
>>     the Map-Reply itself.
>>
>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>
>>     LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>     [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
>>     LISP header includes Authentication Data (AD).  The format of the
>>     LISP-SEC ECM Authentication Data is defined in the following figure.
>>     OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
>>     for EID Authentication Data.
>>
>>   0                   1                   2                   3
>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>> |              OTK Length       |       OTK Encryption ID       | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>> |                       One-Time-Key Preamble ...               | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
>> |                   ... One-Time-Key Preamble                   | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>> ~                      One-Time Key (128 bits)                  ~/
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>> |           EID-AD Length       |           KDF ID              |     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>> ~                          EID-prefix ...                       ~ |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>> ~                            EID HMAC                           ~     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+
> I think that “rec” is mis-aligned and should be shifted one character 
> upward.
>
>>                       LISP-SEC ECM Authentication Data
>>
>>        AD Type: 1 (LISP-SEC Authentication Data)
> This is the first document starting to allocate values to the "AD 
> Type” value.
> Why not asking IANA to create a registry??
> (to be done in the IANA Considerations Section)
>
>
>
>>        V: Key Version bit.  This bit is toggled when the sender switches
>>        to a new OTK wrapping key
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 7]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>
>>        Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>>        Section 5.4 for details.
>>
>>        OTK Length: The length (in bytes) of the OTK Authentication Data
>>        (OTK-AD), that contains the OTK Preamble and the OTK.
>>
>>        OTK Encryption ID: The identifier of the key wrapping algorithm
>>        used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>        unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>>        NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>
>>        One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
>>        the OTK is encrypted, this field may carry additional metadata
>>        resulting from the key wrapping operation.  When a 128-bit OTK is
>>        sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>        0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>
>>        One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>        Encryption ID.  See Section 5.5 for details.
>>
>>        EID-AD Length: length (in bytes) of the EID Authentication Data
>>        (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>>        fills the KDF ID field, and all the remaining fields part of the
>>        EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>        records.  Each EID-record is 4-byte long plus the length of the
>>        AFI-encoded EID-prefix.
>>
>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>        the MS-OTK.  The ITR SHOULD use this field to indicate the
>>        recommended KDF algorithm, according to local policy.
> I am not sure I understand the rationale of this “SHOULD”. If for any 
> reason the ITR does not indicate the KDF ID what are the consequences?
> Is the MS free to choose the algorithm? This should be clarified.
>
>>   The Map-
>>        Server can overwrite the KDF ID if it does not support the KDF ID
>>        recommended by the ITR.
> What happens if the MS will choose a KDF ID not supported by the ITR?
> Can you clarify how to solve this situation or explain why this will 
> never happen?
>
>> See Section 5.4 for more details.
>>
>>        Record Count: The number of records in this Map-Request message.
>>        A record is comprised of the portion of the packet that is labeled
>>        'Rec' above and occurs the number of times equal to Record Count.
>>
>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>
>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>        integrity of the EID-AD.  This field is filled by Map-Server that
>>        computed the EID-prefix HMAC.  See Section 5.4 for more details.
>>
>>        EID mask-len: Mask length for EID-prefix.
>>
>>        EID-AFI: Address family of EID-prefix according to [RFC5226]
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 8]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>        EID-prefix: The Map-Server uses this field to specify the EID-
>>        prefix that the destination ETR is authoritative for, and is the
>>        longest match for the requested EID.
>>
>>        EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>        to 0.  The HMAC covers the entire EID-AD.
>>
>> 5.2.  Map-Reply LISP-SEC Extensions
>>
>>     LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
>>     and S bit set to 1 to indicate that the Map-Reply message includes
>>     Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>     Authentication Data is defined in the following figure.  PKT-AD is
>>     the Packet Authentication Data that covers the Map-Reply payload.
>>
>>   0                   1                   2                   3
>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |    AD Type    |                 Reserved                      |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>> |           EID-AD Length       |           KDF ID              |     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>> ~                          EID-prefix ...                       ~ |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>> ~                            EID HMAC                           ~     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>> |         PKT-AD Length         |         PKT HMAC ID           |\
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>> ~                            PKT HMAC                           ~ PKT-AD
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>
>>                    LISP-SEC Map-Reply Authentication Data
>>
>>        AD Type: 1 (LISP-SEC Authentication Data)
> Shouldn’t this be a different value? This AD  format is different from 
> the one described in section 5.1!
> Another reason to ask IANA for a registry….
>
>
>>        EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>        contain multiple EID-records.  Each EID-record is 4-byte long plus
>>        the length of the AFI-encoded EID-prefix.
>>
>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>        MS-OTK.  See Section 5.7 for more details.
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 9]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>        Record Count: The number of records in this Map-Reply message.  A
>>        record is comprised of the portion of the packet that is labeled
>>        'Rec' above and occurs the number of times equal to Record Count.
>>
>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>
>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>        integrity of the EID-AD.  See Section 5.7 for more details.
>>
>>        EID mask-len: Mask length for EID-prefix.
>>
>>        EID-AFI: Address family of EID-prefix according to [RFC5226].
>>
>>        EID-prefix: This field contains an EID-prefix that the destination
>>        ETR is authoritative for, and is the longest match for the
>>        requested EID.
>>
>>        EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>        to 0.  The HMAC covers the entire EID-AD.
>>
>>        PKT-AD Length: length (in bytes) of the Packet Authentication Data
>>        (PKT-AD).
>>
>>        PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
>>        integrity of the Map-reply Location Data.
> “Location Data” is something nowhere defined. Can you clarify what do 
> you mean?
>
>
>>        PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
>>        SEC Authentication Data.  The scope of the authentication goes
>>        from the Map-Reply Type field to the PKT HMAC field included.
>>        Before computing the HMAC operation the PKT HMAC field MUST be set
>>        to 0.  See Section 5.8 for more details.
>>
>> 5.3.  Map-Register LISP-SEC Extentions
>>
>>     The second bit after the Type field in a Map-Register message is
>>     allocated as the S bit.
> I would better explain that this document is allocating a bit marked 
> as reserved in 6830.
> Furthermore, at the cost of being redundant, I would put the packet 
> format highlighting the position of the bit so that there is no 
> confusion whatsoever.
>
>> The S bit indicates to the Map-Server that
>>     the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
>>     SEC MUST set the S bit in its Map-Register messages.
>>
>> 5.4.  ITR Processing
>>
>>     Upon creating a Map-Request, the ITR generates a random ITR-OTK that
>>     is stored locally, together with the nonce generated as specified in
>>     [RFC6830].
>>
>>     The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
>>     1, to indicate the presence of Authentication Data.  If the ITR and
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 10]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     the Map-Resolver are configured with a shared key,
> In section 4 you seem to suggest that this is not the only way to 
> protect the OTK (see my comment).
> Here instead you suggest that a shared key is the only way.
>>   the ITR-OTK
>>     confidentiality SHOULD be protected by wrapping the ITR-OTK with the
>>     algorithm specified by the OTK Encryption ID field.
> Not clear what this “SHOULD” refers to.
> IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD 
> encrypt.
> Or the choice of the algorithm? The ITR SHOULD use the algorithm 
> specified by the OTK Encryption ID?
> The second case looks impossible since is the ITR is choosing the 
> algorithm. May be the sentence can be rewritten.
>
> Similarly to previous comment: Why it is not a MUST?
>>   See Section 5.5
>>     for further details on OTK encryption.
>>
>>     The Requested HMAC ID field contains the suggested HMAC algorithm to
>>     be used by the Map-Server and the ETR to protect the integrity of the
>>     ECM Authentication data and of the Map-Reply.
>>
> What happens if the MS will choose a HMAC not supported by the ETR or 
> the ITR?
> Can you clarify how to solve this situation or explain why this will 
> never happen?
>
>>     The KDF ID field, specifies the suggested key derivation function to
>>     be used by the Map-Server to derive the MS-OTK.
>
> What happens if the MS will choose a KDF ID not supported by the ITR?
> Can you clarify how to solve this situation or explain why this will 
> never happen?
>
>>     The EID-AD length is set to 4 bytes, since the Authentication Data
>>     does not contain EID-prefix Authentication Data, and the EID-AD
>>     contains only the KDF ID field.
>>
>>     In response to an encapsulated Map-Request that has the S-bit set, an
>>     ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>     EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
>>     ITR MUST discard it.  In response to an encapsulated Map-Request with
>>     S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
>>     the ITR SHOULD discard the Map-Reply if the S-bit is set.
> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there is 
> no AD, hence no OTK, how can the ITR decrypt the reply?????
> It MUST discard…..
>
>
>>     Upon receiving a Map-Reply, the ITR must verify the integrity of both
>>     the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>>     the integrity checks fails.
>>
>>     The integrity of the EID-AD is verified using the locally stored ITR-
>>     OTK to re-compute the HMAC of the EID-AD using the algorithm
>>     specified in the EID HMAC ID field.  If the EID HMAC ID field does
>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
> Why is this a SHOULD? If it supports the HMAC Algorithm why not 
> decrypt? Shouldn’t this be a “MAY”, according to internal policy?
>>     and send, at the first opportunity it needs to, a new Map-Request
>>     with a different Requested HMAC ID field, according to ITR's local
>>     policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
>>     the HMAC.
> Shouldn’t the MS do the same thing? Otherwise different values will be 
> obtained. This is not specified in the MS functioning description.
>
>
>>     To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>     from the locally stored ITR-OTK using the algorithm specified in the
>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>     Reply and send, at the first opportunity it needs to, a new Map-
>>     Request with a different KDF ID, according to ITR's local policy.
>>     The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
>>     using the Algorithm specified in the PKT HMAC ID field.  If the PKT
>>     HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>     discard the Map-Reply and send, at the first opportunity it needs to,
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 11]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     a new Map-Request with a different Requested HMAC ID according to
>>     ITR's local policy.
>>
>>     Each individual Map-Reply EID-record is considered valid only if: (1)
>>     both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>     EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>>     contained in the EID-AD is not empty.  After identifying the Map-
>>     Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>>     record to the value of the intersection set computed before, and adds
>>     the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>>     [RFC6830].  An example of Map-Reply record validation is provided in
>>     Section 5.4.1.
>>
>>     The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>     system in order to receive a secure Map-Reply.
> I do not understand this “SHOULD”.  This has consequences in the 
> choice how to react to SMR. This is a local policy.
> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR 
> triggered Map-Request MUST be sent through the mapping system.
>
>
>> If an ITR accepts
>>     piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>>     mapping system in order to securely verify the piggybacked Map-Reply.
> Same as above.
>
>> 5.4.1.  Map-Reply Record Validation
>>
>>     The payload of a Map-Reply may contain multiple EID-records.  The
>>     whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>>     integrity protection and origin authentication to the EID-prefix
>>     records claimed by the ETR.  The Authentication Data field of a Map-
>>     Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
>>     signed by the Map-Server, with the EID HMAC, to provide integrity
>>     protection and origin authentication to the EID-prefix records
>>     inserted by the Map-Server.
>>
>>     Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>>     the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
>>     one of the HMACs is not valid, a log message is issued and the Map-
>>     Reply is not processed any further.
> I think “log message" is too much implementation specific.
> If there is a notification, and how this notification is done, is 
> implementation specific IMHO.
>
>> If both HMACs are valid, the ITR
>>     proceeds with validating each individual EID-record claimed by the
>>     ETR by computing the intersection of each one of the EID-prefix
>>     contained in the payload of the Map-Reply with each one of the EID-
>>     prefixes contained in the EID-AD.  An EID-record is valid only if at
>>     least one of the intersections is not the empty set.
>>
>>     For instance, the Map-Reply payload contains 3 mapping record EID-
>>     prefixes:
>>
>>        1.1.1.0/24
>>
>>        1.1.2.0/24
>>
>>        1.2.0.0/16
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 12]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     The EID-AD contains two EID-prefixes:
>>
>>        1.1.2.0/24
>>
>>        1.2.3.0/24
>>
>>     The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>     log message is issued.
> I think “log message" is too much implementation specific.
> If there is a notification, and how this notification is done, is 
> implementation specific IMHO.
>
>>     The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
>>     because it matches the second EID-prefix contained in the EID-AD.
>>
>>     The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>     log message is issued.
> I think “log message" is too much implementation specific.
> If there is a notification, and how this notification is done, is 
> implementation specific IMHO.
>
>>    In this last example the ETR is trying to
>>     over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>     only 1.2.3.0/24, hence the EID-record is discarded.
> Reading the example I am not sure I would follow this behaviour.
> Only 1 record out of 3 is valid so why should I actually trust the ETR 
> instead of throwing everything away?
> Can you explain ???
>
>
>
>> 5.4.2.  PITR Processing
>>
>>     The processing performed by a PITR is equivalent to the processing of
>>     an ITR.  However, if the PITR is directly connected to the ALT,
> This would be LISP+ALT. Pleas add a reference to 6836.
>
>> the
>>     PITR performs the functions of both the ITR and the Map-Resolver
>>     forwarding the Map-Request encapsulated in an ECM header that
>>     includes the Authentication Data fields as described in Section 5.6.
>>
>> 5.5.  Encrypting and Decrypting an OTK
>>
>>     MS-OTK confidentiality is required in the path between the Map-Server
>>     and the ETR, the MS-OTK SHOULD
> If confidentiality is required why there is not a MUST?
>
>>   be encrypted using the preconfigured
>>     key shared between the Map-Server and the ETR for the purpose of
>>     securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>     confidentiality is required in the path between the ITR and the Map-
>>     Resolver, the ITR-OTK SHOULD
> Again, if confidentiality is required why there is not a MUST?
>
>> be encrypted with a key shared between
>>     the ITR and the Map-Resolver.
>>
>>     The OTK is encrypted using the algorithm specified in the OTK
>>     Encryption ID field.  When the AES Key Wrap algorithm is used to
>>     encrypt a 128-bit OTK, according to [RFC3339],
> The correct RFC is 3394.
>
>>   the AES Key Wrap
>>     Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>     The output of the AES Key Wrap operation is 192-bit long.  The most
>>     significant 64-bit are copied in the One-Time Key Preamble field,
>>     while the 128 less significant bits are copied in the One-Time Key
>>     field of the LISP-SEC Authentication Data.
>>
>>     When decrypting an encrypted OTK the receiver MUST verify that the
>>     Initialization Value resulting from the AES Key Wrap decryption
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 13]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
>>     the receiver MUST discard the entire message.
>>
>>     When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>>     to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>     0x0000000000000000 (64 bits).
>>
>> 5.6.  Map-Resolver Processing
>>
>>     Upon receiving an encapsulated Map-Request with the S-bit set, the
>>     Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>     encrypted, is decrypted as specified in Section 5.5.
>>
>>     The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>     header with the S-bit set, that contains the unencrypted ITR-OTK, as
>>     specified in Section 5.5, and the other data derived from the ECM
>>     Authentication Data of the received encapsulated Map-Request.
> Few points on this last paragraph:
> - You assume that there is no need of confidentiality inside the 
> Mapping System?
> - Why not stating that encryption inside the mapping system is mapping 
> system specify and out of scope of this document?
> - Why are you assuming that all of the Mapping system will use ECM? 
> Future Mapping system may use soemthos different. The important point 
> is to ship the AD along.
>>     The Map-Resolver then forwards
> to whom?
>>   the received Map-Request, encapsulated
>>     in the new ECM header that includes the newly computed Authentication
>>     Data fields.
> As for my comment of the previous paragraph I would be more generic 
> stating that the MR will hand over the request to the mapping system.
>
> You can still provide the example of DDT using ECM.
>
>> 5.7.  Map-Server Processing
>>
>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>     the Map-Server process the Map-Request according to the value of the
>>     S-bit contained in the Map-Register sent by the ETR during
>>     registration.
>>
>>     If the S-bit contained in the Map-Register was clear the Map-Server
>>     decapsulates the ECM and generates a new ECM encapsulated Map-Request
>>     that does not contain an ECM Authentication Data, as specified in
>>     [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>     processing.
> This equivalent to not using LISP-SEC. Please specify that the 
> Map-Reply will be not protected.
>
>>     If the S-bit contained in the Map-Register was set the Map-Server
>>     decapsulates the ECM and generates a new ECM Authentication Data.
>>     The Authentication Data includes the OTK-AD and the EID-AD, that
>>     contains EID-prefix authorization information, that are ultimately
>>     sent to the requesting ITR.
>>
>>     The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>     applying the key derivation function specified in the KDF ID field.
>>     If the algorithm specified in the KDF ID field is not supported, the
>>     Map-Server uses a different algorithm to derive the key and updates
>>     the KDF ID field accordingly.
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 14]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     The Map-Server and the ETR MUST be configured with a shared key for
>>     mapping registration according to [RFC6833].  If MS-OTK
>>     confidentiality is required, then the MS-OTK SHOULD be encrypted,
> Again, if confidentiality is required why there is not a MUST?
>>   by
>>     wrapping the MS-OTK with the algorithm specified by the OTK
>>     Encryption ID field as specified in Section 5.5.
>>
>>     The Map-Server includes in the EID-AD the longest match registered
>>     EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>>     The HMAC is keyed with the ITR-OTK contained in the received ECM
>>     Authentication Data, and the HMAC algorithm is chosen according to
>>     the Requested HMAC ID field.  If The Map-Server does not support this
>>     algorithm, the Map-Server uses a different algorithm and specifies it
>>     in the EID HMAC ID field.  The scope of the HMAC operation covers the
>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>     which must be set to 0 before the computation.
>>
>>     The Map-Server then forwards the updated ECM encapsulated Map-
>>     Request, that contains the OTK-AD, the EID-AD, and the received Map-
>>     Request to an authoritative ETR as specified in [RFC6830].
>>
>> 5.7.1.  Map-Server Processing in Proxy mode
>>
>>     If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>     specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>     includes the Authentication Data that contains the EID-AD, computed
>>     as specified in Section 5.7, as well as the PKT-AD computed as
>>     specified in Section 5.8.
>>
>> 5.8.  ETR Processing
>>
>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>     the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>>     is decrypted as specified in Section 5.5 to obtain the unencrypted
>>     MS-OTK.
>>
>>     The ETR then generates a Map-Reply as specified in [RFC6830] and
>>     includes the Authentication Data that contains the EID-AD, as
>>     received in the encapsulated Map-Request, as well as the PKT-AD.
>>
>>     The EID-AD is copied from the Authentication Data of the received
>>     encapsulated Map-Request.
>>
>>     The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>     with the MS-OTK and computed using the HMAC algorithm specified in
>>     the Requested HMAC ID field of the received encapsulated Map-Request.
>>     If the ETR does not support the Requested HMAC ID, it uses a
>>     different algorithm and updates the PKT HMAC ID field accordingly.
>>     The scope of the HMAC operation covers the entire PKT-AD, from the
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 15]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     Map-Reply Type field to the PKT HMAC field, which must be set to 0
>>     before the computation.
>>
>>     Finally the ETR sends the Map-Reply to the requesting ITR as
>>     specified in [RFC6830].
>>
>> 6.  Security Considerations
>>
>> 6.1.  Mapping System Security
>>
>>     The LISP-SEC threat model described in Section 3, assumes that the
>>     LISP Mapping System is working properly and eventually delivers Map-
>>     Request messages to a Map-Server that is authoritative for the
>>     requested EID.
>>
>
> As for a previous comment, can you elaborate if OTK confidentiality is 
> required in the mapping system and what are the consequences?
>
>
>>     Map-Register security, including the right for a LISP entity to
>>     register an EID-prefix or to claim presence at an RLOC, is out of the
>>     scope of LISP-SEC.
>>
>> 6.2.  Random Number Generation
>>
>>     The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
>>     strong random) source.  See [RFC4086] for advice on generating
>>     security-sensitive random data
>>
>> 6.3.  Map-Server and ETR Colocation
>>
>>     If the Map-Server and the ETR are colocated, LISP-SEC does not
>>     provide protection from overclaiming attacks mounted by the ETR.
>>     However, in this particular case, since the ETR is within the trust
>>     boundaries of the Map-Server, ETR's overclaiming attacks are not
>>     included in the threat model.
>>
>> 7.  IANA Considerations
> This section is not conform to RFC 5226.
>
> There right way to go is to ask IANA to create three new registries, 
> for HMAC, Key Wrap, and Key Derivation functions.
> Define what is the allocation process (in light of the size of the 
> field FCFS should not cause any problem IMHO)
>
> Then ask to populate the registries as already described.
>
>
>> 7.1.  HMAC functions
>>
>>     The following HMAC ID values are defined by this memo for use as
>>     Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>     Authentication Data:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 16]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>               Name                     Number        Defined In
>>               -------------------------------------------------
>>               NONE                     0
>>               AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>               AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>
>>               values 2-65535 are reserved to IANA.
>>
>>                                HMAC Functions
>>
>>     AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
>>     supported.
>>
>> 7.2.  Key Wrap Functions
>>
>>     The following OTK Encryption ID values are defined by this memo for
>>     use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>     Data:
>>
>>               Name                     Number        Defined In
>>               -------------------------------------------------
>>               NULL-KEY-WRAP-128        1
>>               AES-KEY-WRAP-128         2             [RFC3394]
>>
>>               values 0 and 3-65535 are reserved to IANA.
>>
>>                              Key Wrap Functions
>>
>>     NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>
>>     NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
>>     64-bit preamble set to 0x0000000000000000 (64 bits).
>>
>> 7.3.  Key Derivation Functions
>>
>>     The following KDF ID values are defined by this memo for use as KDF
>>     ID in the LISP-SEC Authentication Data:
>>
>>               Name                     Number        Defined In
>>               -------------------------------------------------
>>               NONE                     0
>>               HKDF-SHA1-128            1             [RFC5869]
>>
>>               values 2-65535 are reserved to IANA.
>>
>>                           Key Derivation Functions
>>
>>     HKDF-SHA1-128 MUST be supported
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 17]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>> 8.  Acknowledgements
>>
>>     The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
>>     Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>     Noll for their valuable suggestions provided during the preparation
>>     of this document.
>>
>> 9.  Normative References
>
>
> Please Check your reference, this is the output if the nits tool:
>
>
> Checking references for intended status: Experimental
> ----------------------------------------------------------------------------
>
>   == Missing Reference: 'RFC3339' is mentioned on line 602, but not 
> defined
>
>   == Missing Reference: 'RFC4634' is mentioned on line 752, but not 
> defined
>
>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
>
>>     [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>>                Hashing for Message Authentication", RFC 2104,
>>                DOI 10.17487/RFC2104, February 1997,
>>                <http://www.rfc-editor.org/info/rfc2104>.
>>
>>     [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>                Requirement Levels", BCP 14, RFC 2119,
>>                DOI 10.17487/RFC2119, March 1997,
>>                <http://www.rfc-editor.org/info/rfc2119>.
>>
>>     [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>>                (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
>>                September 2002, <http://www.rfc-editor.org/info/rfc3394>.
>>
>>     [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>                "Randomness Requirements for Security", BCP 106, RFC 4086,
>>                DOI 10.17487/RFC4086, June 2005,
>>                <http://www.rfc-editor.org/info/rfc4086>.
>>
>>     [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>>                IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>>                DOI 10.17487/RFC5226, May 2008,
>>                <http://www.rfc-editor.org/info/rfc5226>.
>>
>>     [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
>>                Key Derivation Function (HKDF)", RFC 5869,
>>                DOI 10.17487/RFC5869, May 2010,
>>                <http://www.rfc-editor.org/info/rfc5869>.
>>
>>     [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>>                Locator/ID Separation Protocol (LISP)", RFC 6830,
>>                DOI 10.17487/RFC6830, January 2013,
>>                <http://www.rfc-editor.org/info/rfc6830>.
>>
>>     [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>                Protocol (LISP) Map-Server Interface", RFC 6833,
>>                DOI 10.17487/RFC6833, January 2013,
>>                <http://www.rfc-editor.org/info/rfc6833>.
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 18]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>>                Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>                DOI 10.17487/RFC7835, April 2016,
>>                <http://www.rfc-editor.org/info/rfc7835>.
>>
>> Authors' Addresses
>>
>>     Fabio Maino
>>     Cisco Systems
>>     170 Tasman Drive
>>     San Jose, California  95134
>>     USA
>>
>>     Email:fmaino@cisco.com <mailto:fmaino@cisco.com>
>>
>>
>>     Vina Ermagan
>>     Cisco Systems
>>     170 Tasman Drive
>>     San Jose, California  95134
>>     USA
>>
>>     Email:vermagan@cisco.com <mailto:vermagan@cisco.com>
>>
>>
>>     Albert Cabellos
>>     Technical University of Catalonia
>>     c/ Jordi Girona s/n
>>     Barcelona  08034
>>     Spain
>>
>>     Email:acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>
>>
>>     Damien Saucez
>>     INRIA
>>     2004 route des Lucioles - BP 93
>>     Sophia Antipolis
>>     France
>>
>>     Email:damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 19]
>>
>>
>>
>
>
>
>


--------------AE9CBA7B01D75C294BE5A759
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Thanks Luigi, <br>
      we will look into your comments and come back. <br>
      <br>
      Fabio <br>
      <br>
      On 10/19/16 8:06 AM, Luigi Iannone wrote:<br>
    </div>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <div class="">Dear Authors of the LISP-SEC document,</div>
      <div class=""><br class="">
      </div>
      <div class="">hereafter my review of the document.</div>
      <div class="">This was long overdue, sorry for being so late.</div>
      <div class=""><br class="">
      </div>
      <div class="">I really like the solution and the majority of my
        comments are just clarification questions.</div>
      <div class="">Let me know if my comments are clear.</div>
      <div class=""><br class="">
      </div>
      <div class="">ciao</div>
      <div class=""><br class="">
      </div>
      <div class="">L.</div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
      <blockquote type="cite" class="">
        <div class="">
          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre>
        </div>
      </blockquote>
      I find the above sentence confusing. Wouldn’t be better to specify
      that we are talking about IP addresses?
      <div class=""><br class="">
      </div>
      <div class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If these EID-to-RLOC mappings, carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class="">I would put s forward reference to section 3
          stating that the reader will find details about the threat
          model.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class="">Why are you considering ITR-OTK and MS-OTK
          sub-terms? </div>
        <div class="">I would elevate them at full terms, hence avoiding
          spacing and indentation.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Encapsulated Control Message (ECM): A LISP control message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre>
          </div>
        </blockquote>
        <div class="">Why are you re-defining ECM? </div>
        <div class="">You do not specify other packets, e.g., Map-Reply,
          so why ECM?</div>
        <div class="">I would drop it.</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Authentication Data (AD): Metadata that is included either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]

Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
        </div>
        <div class="">
          <div class="">Why are you considering OTK-AD, EID-AD, and
            PKT-AD sub-terms? </div>
          <div class="">I would elevate them at full terms, hence
            avoiding spacing and indentation.</div>
          <br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   For definitions of other terms, notably Map-Request, Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre>
          </div>
        </blockquote>
        <div class="">LISP-SEC does not require OTK confidentiality in
          the mapping system. This should be discussed here.</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   According to the threat model described in [RFC7835] LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]

Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre>
          </div>
        </blockquote>
        <div class="">You did not define HMAC acronym. Please define and
          add a reference.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      the integrity of the mapping data known to the Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre>
          </div>
        </blockquote>
        <div class="">Why not using “MUST”???</div>
        <div class="">Are you suggesting that a different way to provide
          confidentiality can be used (e.g. a different shared key)???</div>
        <div class="">If yes, please state so.</div>
        <div class=""><br class="">
        </div>
        <div class="">Or are you suggesting that no encryption at all is
          used? But this means not providing confidentiality…</div>
        <div class="">Can you clarify?</div>
        <div class=""><br class="">
        </div>
        (this very same comment will appear several time in this review)<br
          class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using a preconfigured key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]

Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre>
          </div>
        </blockquote>
        <div class="">This “should” should be a “SHOULD”  (sorry for the
          cacophony…)</div>
        <div class=""><br class="">
        </div>
        <div class="">
          <div class="">Why not using “MUST”???</div>
          <div class="">Are you suggesting that a different way to
            provide confidentiality can be used (e.g. a different shared
            key)???</div>
          <div class="">If yes, please state so.</div>
          <div class=""><br class="">
          </div>
          <div class="">Or are you suggesting that no encryption at all
            is used? But this means not providing confidentiality…</div>
          <div class="">Can you clarify?</div>
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using the key shared between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]

Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;—+
</pre>
          </div>
        </blockquote>
        <div class="">I think that “rec” is mis-aligned and should be
          shifted one character upward.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">                     LISP-SEC ECM Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
          </div>
        </blockquote>
        <div class="">This is the first document starting to allocate
          values to the "AD Type” value. </div>
        <div class="">Why not asking IANA to create a registry??</div>
        <div class="">(to be done in the IANA Considerations Section) </div>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      V: Key Version bit.  This bit is toggled when the sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]

Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. </pre>
          </div>
        </blockquote>
        <div class="">I am not sure I understand the rationale of this
          “SHOULD”. If for any reason the ITR does not indicate the KDF
          ID what are the consequences?</div>
        <div class="">Is the MS free to choose the algorithm? This
          should be clarified.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre>
          </div>
        </blockquote>
        <div class="">What happens if the MS will choose a KDF ID not
          supported by the ITR?</div>
        <div class="">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">See Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]

Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
          </div>
        </blockquote>
        <div class="">Shouldn’t this be a different value? This AD
           format is different from the one described in section 5.1!</div>
        <div class="">Another reason to ask IANA for a registry….</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]

Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre>
          </div>
        </blockquote>
        <div class="">“Location Data” is something nowhere defined. Can
          you clarify what do you mean?</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre>
          </div>
        </blockquote>
        <div class="">I would better explain that this document is
          allocating a bit marked as reserved in 6830.</div>
        <div class="">Furthermore, at the cost of being redundant, I
          would put the packet format highlighting the position of the
          bit so that there is no confusion whatsoever.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The S bit indicates to the Map-Server that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]

Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared key,</pre>
          </div>
        </blockquote>
        In section 4 you seem to suggest that this is not the only way
        to protect the OTK (see my comment).</div>
      <div class="">Here instead you suggest that a shared key is the
        only way.<br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. </pre>
          </div>
        </blockquote>
        <div class="">Not clear what this “SHOULD” refers to.</div>
        <div class="">IS the SHOULD related to the fact to encrypt the
          OTK? The ITR SHOULD encrypt.</div>
        <div class="">Or the choice of the algorithm? The ITR SHOULD use
          the algorithm specified by the OTK Encryption ID?</div>
        <div class="">The second case looks impossible since is the ITR
          is choosing the algorithm. May be the sentence can be
          rewritten.</div>
        <div class=""><br class="">
        </div>
        Similarly to previous comment: Why it is not a MUST?<br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre>
          </div>
        </blockquote>
        <div class="">What happens if the MS will choose a HMAC not
          supported by the ETR or the ITR?</div>
        <div class="">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
        <div class=""><br class="">
        </div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class="">What happens if the MS will choose a KDF ID not
          supported by the ITR?</div>
        <div class="">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
        <div class=""><br class="">
        </div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-AD length is set to 4 bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
          </div>
        </blockquote>
        <div class="">Why a “SHOULD”? If the Map-Request has S-bit=0 it
          mean that there is no AD, hence no OTK, how can the ITR
          decrypt the reply?????</div>
        <div class="">It MUST discard…..</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Upon receiving a Map-Reply, the ITR must verify the integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre>
          </div>
        </blockquote>
        Why is this a SHOULD? If it supports the HMAC Algorithm why not
        decrypt? Shouldn’t this be a “MAY”, according to internal
        policy?<br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre>
          </div>
        </blockquote>
        <div class="">Shouldn’t the MS do the same thing? Otherwise
          different values will be obtained. This is not specified in
          the MS functioning description.</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]

Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  </pre>
          </div>
        </blockquote>
        <div class="">I do not understand this “SHOULD”.  This has
          consequences in the choice how to react to SMR. This is a
          local policy.</div>
        <div class="">_If_ the ITR wants to protect Map-Requests using
          LISP-SEC, than SMR triggered Map-Request MUST be sent through
          the mapping system.</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If an ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre>
          </div>
        </blockquote>
        <div class="">Same as above.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.1.  Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre>
          </div>
        </blockquote>
        <div class="">I think “log message" is too much implementation
          specific. </div>
        <div class="">If there is a notification, and how this
          notification is done, is implementation specific IMHO.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]

Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre>
          </div>
        </blockquote>
        <div class="">I think “log message" is too much implementation
          specific. </div>
        <div class="">If there is a notification, and how this
          notification is done, is implementation specific IMHO.</div>
        <div class=""><br class="">
        </div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre>
          </div>
        </blockquote>
        <div class="">I think “log message" is too much implementation
          specific. </div>
        <div class="">If there is a notification, and how this
          notification is done, is implementation specific IMHO.</div>
        <div class=""><br class="">
        </div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">  In this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre>
          </div>
        </blockquote>
        <div class="">Reading the example I am not sure I would follow
          this behaviour.</div>
        <div class="">Only 1 record out of 3 is valid so why should I
          actually trust the ETR instead of throwing everything away?</div>
        <div class="">Can you explain ???</div>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.2.  PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, </pre>
          </div>
        </blockquote>
        <div class="">This would be LISP+ALT. Pleas add a reference to
          6836.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre>
          </div>
        </blockquote>
        <div class="">If confidentiality is required why there is not a
          MUST?</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre>
          </div>
        </blockquote>
        Again, if confidentiality is required why there is not a MUST?</div>
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted with a key shared between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to [RFC3339],</pre>
          </div>
        </blockquote>
        <div class="">The correct RFC is 3394.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]

Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre>
          </div>
        </blockquote>
        <div class="">Few points on this last paragraph:</div>
        <div class="">- You assume that there is no need of
          confidentiality inside the Mapping System?</div>
        <div class="">- Why not stating that encryption inside the
          mapping system is mapping system specify and out of scope of
          this document?</div>
        <div class="">- Why are you assuming that all of the Mapping
          system will use ECM? Future Mapping system may use soemthos
          different. The important point is to ship the AD along.</div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The Map-Resolver then forwards</pre>
          </div>
        </blockquote>
        to whom?<br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the received Map-Request, encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre>
          </div>
        </blockquote>
        <div class="">As for my comment of the previous paragraph I
          would be more generic stating that the MR will hand over the
          request to the mapping system.</div>
        <div class=""><br class="">
        </div>
        <div class="">You can still provide the example of DDT using
          ECM.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.7.  Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre>
          </div>
        </blockquote>
        <div class="">This equivalent to not using LISP-SEC. Please
          specify that the Map-Reply will be not protected.</div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   If the S-bit contained in the Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]

Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be encrypted,</pre>
          </div>
        </blockquote>
        Again, if confidentiality is required why there is not a MUST?<br
          class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]

Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class="">As for a previous comment, can you elaborate if
          OTK confidentiality is required in the mapping system and what
          are the consequences?</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Map-Register security, including the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre>
          </div>
        </blockquote>
        <div class="">This section is not conform to RFC 5226.</div>
        <div class=""><br class="">
        </div>
        <div class="">There right way to go is to ask IANA to create
          three new registries, for HMAC, Key Wrap, and Key Derivation
          functions.</div>
        <div class="">Define what is the allocation process (in light of
          the size of the field FCFS should not cause any problem IMHO)</div>
        <div class=""><br class="">
        </div>
        <div class="">Then ask to populate the registries as already
          described.</div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">7.1.  HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]

Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]

Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
        </div>
        <div class="">Please Check your reference, this is the output if
          the nits tool:</div>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
        </div>
        <div class="">Checking references for intended status:
          Experimental</div>
        <div class=""> 
----------------------------------------------------------------------------</div>
        <div class=""><br class="">
        </div>
        <div class="">  == Missing Reference: 'RFC3339' is mentioned on
          line 602, but not defined</div>
        <div class=""><br class="">
        </div>
        <div class="">  == Missing Reference: 'RFC4634' is mentioned on
          line 752, but not defined</div>
        <div class=""><br class="">
        </div>
        <div class="">  ** Obsolete undefined reference: RFC 4634
          (Obsoleted by RFC 6234)</div>
        <div class=""><br class="">
        </div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2104" class="">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2119" class="">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc3394" class="">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc4086" class="">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5226" class="">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5869" class="">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6830" class="">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6833" class="">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]

Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc7835" class="">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:fmaino@cisco.com" class="">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:vermagan@cisco.com" class="">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a moz-do-not-send="true" href="mailto:acabello@ac.upc.edu" class="">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a moz-do-not-send="true" href="mailto:damien.saucez@inria.fr" class="">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page 19]</pre>
            <div class=""><br class="">
            </div>
          </div>
          <div class=""><br class="">
          </div>
          <div class=""><br class="">
          </div>
        </blockquote>
        <br class="">
        <div class="">
          <div class=""><br class="">
          </div>
          <div class=""><br class="">
          </div>
          <br class="">
        </div>
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>

--------------AE9CBA7B01D75C294BE5A759--


From nobody Thu Oct 20 08:01:04 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BE7E1294A6; Thu, 20 Oct 2016 08:01:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.35.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147697566237.18143.16343646499076429029.idtracker@ietfa.amsl.com>
Date: Thu, 20 Oct 2016 08:01:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/ukFBDdalMnk_60wCiJhL4M40GmM>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-type-iana-03.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2016 15:01:02 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Experimental Message & IANA Registry for LISP Packet Type Allocations
        Authors         : Mohamed Boucadair
                          Christian Jacquenet
	Filename        : draft-ietf-lisp-type-iana-03.txt
	Pages           : 5
	Date            : 2016-10-20

Abstract:
   This document defines a registry for LISP Packet Type allocations.
   It also specifies a shared LISP message type for experimentation
   purposes.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-type-iana/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-type-iana-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-type-iana-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Thu Oct 20 11:39:32 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AB873129584; Thu, 20 Oct 2016 11:39:30 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.35.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147698877069.18084.11398718240707763195.idtracker@ietfa.amsl.com>
Date: Thu, 20 Oct 2016 11:39:30 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/1Hzj6BONxEIJeRN1A6lN2DMVnCQ>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-lcaf-19.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2016 18:39:31 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Canonical Address Format (LCAF)
        Authors         : Dino Farinacci
                          Dave Meyer
                          Job Snijders
	Filename        : draft-ietf-lisp-lcaf-19.txt
	Pages           : 44
	Date            : 2016-10-20

Abstract:
   This draft defines a canonical address format encoding used in LISP
   control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-lcaf-19

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-lcaf-19


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Thu Oct 20 12:20:10 2016
Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B8CA1295E2 for <lisp@ietfa.amsl.com>; Thu, 20 Oct 2016 12:20:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.722
X-Spam-Level: 
X-Spam-Status: No, score=-2.722 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y_wWx8LkxOYN for <lisp@ietfa.amsl.com>; Thu, 20 Oct 2016 12:20:08 -0700 (PDT)
Received: from mailb2.tigertech.net (mailb2.tigertech.net [208.80.4.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A7461294FE for <lisp@ietf.org>; Thu, 20 Oct 2016 12:20:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailb2.tigertech.net (Postfix) with ESMTP id 0F4282ADAD2 for <lisp@ietf.org>; Thu, 20 Oct 2016 12:20:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1476991207; bh=bE1eSmeYZPhdZ96N5qQpI3BhNRqRjdVu3Miq1nZKKOg=; h=From:Subject:To:References:Date:In-Reply-To:From; b=CtXUsVDv5BOobMuw091n+6lPAivU56NlNsC586tArfqX4bMu9yMt85CKtaa1kXovp kKG6ZRhOeo4npjuMEJWHTX3ko8Z3JHQ0xQZCnbNYA9isnNG7dslfLtUiCgWiGYPuqw Kl/582idHnMMXmq9b6Ct1FdsEKLgTA9MF88k3WyM=
X-Virus-Scanned: Debian amavisd-new at b2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailb2.tigertech.net (Postfix) with ESMTPSA id AB9AB2ADAD1 for <lisp@ietf.org>; Thu, 20 Oct 2016 12:20:06 -0700 (PDT)
From: Joel Halpern <jmh@joelhalpern.com>
To: "lisp@ietf.org" <lisp@ietf.org>
References: <147672294327.4518.2259653429577996315.idtracker@ietfa.amsl.com>
Message-ID: <a7ca45eb-6b0a-1571-d8c6-aae81356dc20@joelhalpern.com>
Date: Thu, 20 Oct 2016 15:20:51 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <147672294327.4518.2259653429577996315.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/O_dK2mgvGyeWfo-lWPzRPPn2jlM>
Subject: [lisp] Fwd: NomCom 2016-2017 Call for Feedback
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2016 19:20:09 -0000

Please, do go to the tools and enter your feedback.
Yours,
Joel

-------- Forwarded Message --------
Subject: NomCom 2016-2017 Call for Feedback
Date: Mon, 17 Oct 2016 09:49:03 -0700
From: NomCom Chair 2016 <nomcom-chair-2016@ietf.org>
Reply-To: ietf@ietf.org
To: IETF Announcement List <ietf-announce@ietf.org>
CC: ietf@ietf.org

The 2016-16 Nominating Committee has collected a list of willing
candidates for the positions open this cycle.  You can see the list
at:   https://datatracker.ietf.org/nomcom/2016/feedback/

You may provide feedback using the web form there; it is secure.
All web feedback goes into the datatracker using asymmetric encryption,
which is then decrypted by the NomCom members as they read it.  Your 
feedback can not be seen by the secretariat, the tools people, or any of 
the management.

Your feedback through the web form is not anonymous when shown to NomCom 
members as you need an IETF login to provide it.

If you want to give truly anonymous feedback, please contact one of the 
NomCom members that you trust directly, and ask him/her to relay the 
feedback anonymously to the NomCom.

You can also submit feedback via email to nomcom-chair-2016@ietf.org and 
I will enter it in the datatracker. One email per candidate, please. 
Please indicate if I should share your identity with the full NomCom.

We will also announce office hours in Seoul shortly.

The positions to be filled and the desired expertise are found here:

https://datatracker.ietf.org/nomcom/2016/

Lucy Lynch
Nomcom Chair 2016-17
nomcom-chair-2016@ietf.org
llynch@civil-tongue.net



From nobody Fri Oct 21 16:25:28 2016
Return-Path: <agenda@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E76D51294F2; Fri, 21 Oct 2016 16:21:13 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "\"IETF Secretariat\"" <agenda@ietf.org>
To: <ggx@gigix.net>, <lisp-chairs@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147709207394.28214.4140337910947188550.idtracker@ietfa.amsl.com>
Date: Fri, 21 Oct 2016 16:21:13 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/5V6GdKZ2Nw9PV-hUdWSVrq-05HQ>
Cc: lisp@ietf.org
Subject: [lisp] lisp - Requested session has been scheduled for IETF 97
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 23:21:17 -0000

Dear Luigi Iannone,

The session(s) that you have requested have been scheduled.
Below is the scheduled session information followed by
the original request. 

lisp Session 1 (1:30:00)
    Wednesday, Morning Session I 0930-1100
    Room Name: Studio 4 size: 100
    ---------------------------------------------
    


Request Information:


---------------------------------------------------------
Working Group Name: Locator/ID Separation Protocol
Area Name: Routing Area
Session Requester: Luigi Iannone

Number of Sessions: 1
Length of Session(s):  1.5 Hours
Number of Attendees: 50
Conflicts to Avoid: 
 First Priority: rtgwg nvo3 i2rs sidr grow sfc sdnrg nfvrg pim intarea
 Second Priority: mboned icnrg irtfopen idr spring bier maprg
 Third Priority: l2tpext bess


Special Requests:
  
---------------------------------------------------------


From nobody Fri Oct 21 16:30:58 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBEE31299EC; Fri, 21 Oct 2016 16:25:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.941
X-Spam-Level: 
X-Spam-Status: No, score=-14.941 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2ldlmU7MD9GI; Fri, 21 Oct 2016 16:24:51 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 195461299A7; Fri, 21 Oct 2016 16:23:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=141900; q=dns/txt; s=iport; t=1477092202; x=1478301802; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=AuAVnzlvRrOQ72XXkCWRMY5QMs4rwmkApMgyVP9Kut4=; b=ksRRbhS1F4mhTKs2+3Onyimp9bmtDqi/cuqKks3bnSF9A7O8Hjt87AWZ CAz7HWCZgs9bQvkEGcRmo7+jZkk20jvLg2/vQIWtQH+4mtvpae+g+DRuf 60uJ1An3J4jBZFVxVUtH4yJ0hcO0nS5wHyxMmtD/QN+ivlTTiDKHLYv6D U=;
X-IronPort-AV: E=Sophos;i="5.31,527,1473120000";  d="scan'208,217";a="337957640"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Oct 2016 23:23:21 +0000
Received: from [10.154.250.111] ([10.154.250.111]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id u9LNNKSY000878; Fri, 21 Oct 2016 23:23:20 GMT
To: Luigi Iannone <luigi.iannone@telecom-paristech.fr>, "Vina Ermagan (vermagan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien Saucez <damien.saucez@inria.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>
Date: Fri, 21 Oct 2016 16:23:20 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="------------A696BA6F50A99C0C7D5CC4FB"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/wgJQm_YkLugA3BfKnxN1OiLmjko>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 23:25:01 -0000

This is a multi-part message in MIME format.
--------------A696BA6F50A99C0C7D5CC4FB
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Ciao Luigi,
below I have replied to each comment. I'm working to the updated text, 
that I will send as soon as it is ready. ideally we might be able to 
publish a new version before draft deadline.

Just a note on the most recurring comment: SHOULD vs. MUST.

The use of SHOULD across the document is according to RFC 2119:


    SHOULD

  This word, or the adjective "RECOMMENDED", mean that there
    may exist valid reasons in particular circumstances to ignore a
    particular item, but the full implications must be understood and
    carefully weighed before choosing a different course.



There are use cases where, carefully weighing the implications, some of 
the security services of LISP-SEC can be turned-off. We want to leave 
implementors the freedom to allow this flexibility.

For example, in a DC deployment it may make sense to turn off OTK 
decryption between XTR and MS/MR, as MiTM is very unlikely.

Similarly, an ITR may decide to implement a loose policy on accepting an 
AD authenticated with an algorithm different from the preferred 
authentication algorithm expressed by the ITR. Using a MUST would force 
support of a given authentication algorithm across each and every MS and 
ETR, that might not be the case when incrementally deploying LISP-SEC 
(or while upgrading routers).

Using a MUST would prevent this flexibility, that we would like to leave 
to the implementors.





On 10/19/16 8:06 AM, Luigi Iannone wrote:
> Dear Authors of the LISP-SEC document,
>
> hereafter my review of the document.
> This was long overdue, sorry for being so late.
>
> I really like the solution and the majority of my comments are just 
> clarification questions.
> Let me know if my comments are clear.
>
> ciao
>
> L.
>
>
>
>> 1.  Introduction
>>
>>     The Locator/ID Separation Protocol [RFC6830] defines a set of
>>     functions for routers to exchange information used to map from non-
>>     routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>     (RLOCs).
> I find the above sentence confusing. Wouldn’t be better to specify 
> that we are talking about IP addresses?

That's how LISP is described in RFC6830, section 1. If you start using 
the term IP address then you need to qualify if you are talking about 
Identity-IP or Locator-IP, so the sentence gets complicated pretty quickly.

I would leave this one unchanged.

>
>> If these EID-to-RLOC mappings, carried through Map-Reply
>>     messages, are transmitted without integrity protection, an adversary
>>     can manipulate them and hijack the communication, impersonate the
>>     requested EID, or mount Denial of Service or Distributed Denial of
>>     Service attacks.  Also, if the Map-Reply message is transported
>>     unauthenticated, an adversarial LISP entity can overclaim an EID-
>>     prefix and maliciously redirect traffic directed to a large number of
>>     hosts.  A detailed description of "overclaiming" attack is provided
>>     in [RFC7835].
>>
>>     This memo specifies LISP-SEC, a set of security mechanisms that
>>     provides origin authentication, integrity and anti-replay protection
>>     to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>     process.
>
> I would put s forward reference to section 3 stating that the reader 
> will find details about the threat model.

OK. We can replace the sentence

A detailed description of "overclaiming" attack is provided
    in [RFC7835]

with

The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack.



>
>> LISP-SEC also enables verification of authorization on EID-
>>     prefix claims in Map-Reply messages, ensuring that the sender of a
>>     Map-Reply that provides the location for a given EID-prefix is
>>     entitled to do so according to the EID prefix registered in the
>>     associated Map-Server.  Map-Register security, including the right
>>     for a LISP entity to register an EID-prefix or to claim presence at
>>     an RLOC, is out of the scope of LISP-SEC.  Additional security
>>     considerations are described in Section 6.
>>
>> 2.  Definition of Terms
>>
>>        One-Time Key (OTK): An ephemeral randomly generated key that must
>>        be used for a single Map-Request/Map-Reply exchange.
>>
>>
>>
>>           ITR-OTK: The One-Time Key generated at the ITR.
>>
>>           MS-OTK: The One-Time Key generated at the Map-Server.
>
> Why are you considering ITR-OTK and MS-OTK sub-terms?
> I would elevate them at full terms, hence avoiding spacing and 
> indentation.

Ok.

>
>>        Encapsulated Control Message (ECM): A LISP control message that is
>>        prepended with an additional LISP header.  ECM is used by ITRs to
>>        send LISP control messages to a Map-Resolver, by Map-Resolvers to
>>        forward LISP control messages to a Map-Server, and by Map-
>>        Resolvers to forward LISP control messages to an ETR.
>>
> Why are you re-defining ECM?
> You do not specify other packets, e.g., Map-Reply, so why ECM?
> I would drop it.

It is not defined in the Definitions section of 6830. One would need to 
go through the body of 6830 to find it.

I'll drop it, but we need to make sure that ECM gets into the definition 
section of 6830bis.

Albert: are you looking into that document? Can you take care of this?


>
>
>>        Authentication Data (AD): Metadata that is included either in a
>>        LISP ECM header or in a Map-Reply message to support
>>        confidentiality, integrity protection, and verification of EID-
>>        prefix authorization.
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 3]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>           OTK-AD: The portion of ECM Authentication Data that contains a
>>           One-Time Key.
>>
>>           EID-AD: The portion of ECM and Map-Reply Authentication Data
>>           used for verification of EID-prefix authorization.
>>
>>           PKT-AD: The portion of Map-Reply Authentication Data used to
>>           protect the integrity of the Map-Reply message.
>
>
> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
> I would elevate them at full terms, hence avoiding spacing and 
> indentation.
>
ok.

>
>>     For definitions of other terms, notably Map-Request, Map-Reply,
>>     Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>>     (MS), and Map-Resolver (MR) please consult the LISP specification
>>     [RFC6830].
>>
>> 3.  LISP-SEC Threat Model
>>
>>     LISP-SEC addresses the control plane threats, described in [RFC7835],
>>     that target EID-to-RLOC mappings, including manipulations of Map-
>>     Request and Map-Reply messages, and malicious ETR EID prefix
>>     overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>     mapping system is expected to deliver a Map-Request message to their
>>     intended destination ETR as identified by the EID, and (2) no man-in-
>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>     System.  Furthermore, while LISP-SEC enables detection of EID prefix
>>     overclaiming attacks, it assumes that Map-Servers can verify the EID
>>     prefix authorization at time of registration.
> LISP-SEC does not require OTK confidentiality in the mapping system. 
> This should be discussed here.
we could add to the above

"and (2) no man-in-
    the-middle (MITM) attack can be mounted within the LISP Mapping
    System."

How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo.



>
>
>>     According to the threat model described in [RFC7835] LISP-SEC assumes
>>     that any kind of attack, including MITM attacks, can be mounted in
>>     the access network, outside of the boundaries of the LISP mapping
>>     system.  An on-path attacker, outside of the LISP mapping system can,
>>     for example, hijack Map-Request and Map-Reply messages, spoofing the
>>     identity of a LISP node.  Another example of on-path attack, called
>>     overclaiming attack, can be mounted by a malicious Egress Tunnel
>>     Router (ETR), by overclaiming the EID-prefixes for which it is
>>     authoritative.  In this way the ETR can maliciously redirect traffic
>>     directed to a large number of hosts.
>>
>> 4.  Protocol Operations
>>
>>     The goal of the security mechanisms defined in [RFC6830] is to
>>     prevent unauthorized insertion of mapping data by providing origin
>>     authentication and integrity protection for the Map-Registration, and
>>     by using the nonce to detect unsolicited Map-Reply sent by off-path
>>     attackers.
>>
>>     LISP-SEC builds on top of the security mechanisms defined in
>>     [RFC6830] to address the threats described in Section 3 by leveraging
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 4]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     the trust relationships existing among the LISP entities
>>     participating to the exchange of the Map-Request/Map-Reply messages.
>>     Those trust relationships are used to securely distribute a One-Time
>>     Key (OTK) that provides origin authentication, integrity and anti-
>>     replay protection to mapping data conveyed via the mapping lookup
>>     process, and that effectively prevent overclaiming attacks.  The
>>     processing of security parameters during the Map-Request/Map-Reply
>>     exchange is as follows:
>>
>>     o  The ITR-OTK is generated and stored at the ITR, and securely
>>        transported to the Map-Server.
>>
>>     o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
> You did not define HMAC acronym. Please define and add a reference.

ok.


>
>>        the integrity of the mapping data known to the Map-Server to
>>        prevent overclaiming attacks.  The Map-Server also derives a new
>>        OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>        Derivation Function (KDF) to the ITR-OTK.
>>
>>     o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>        integrity of the Map-Reply sent to the ITR.
>>
>>     o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>>        of the mapping data provided by both the Map-Server and the ETR,
>>        and to verify that no overclaiming attacks were mounted along the
>>        path between the Map-Server and the ITR.
>>
>>     Section 5 provides the detailed description of the LISP-SEC control
>>     messages and their processing, while the rest of this section
>>     describes the flow of protocol operations at each entity involved in
>>     the Map-Request/Map-Reply exchange:
>>
>>     o  The ITR, upon needing to transmit a Map-Request message, generates
>>        and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>>        Encapsulated Control Message (ECM) that contains the Map-Request
>>        sent to the Map-Resolver.  To provide confidentiality to the ITR-
>>        OTK over the path between the ITR and its Map-Resolver, the ITR-
>>        OTK SHOULD
> Why not using “MUST”???
> Are you suggesting that a different way to provide confidentiality can 
> be used (e.g. a different shared key)???
> If yes, please state so.
>
> Or are you suggesting that no encryption at all is used? But this 
> means not providing confidentiality…
> Can you clarify?
>
> (this very same comment will appear several time in this review)

We don't want to make the use of pre-shared key *mandatory* to all LISP 
deployments. There are deployments where the risk of MiTM between the 
xTR and the MS/MR may not justify the cost of provisioning a shared key 
(data centers, for example).


>> be encrypted using a preconfigured key shared between
>>        the ITR and the Map-Resolver, similar to the key shared between
>>        the ETR and the Map-Server in order to secure ETR registration
>>        [RFC6833].
>>
>>     o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>>        OTK, if needed, and forwards through the Mapping System the
>>        received Map-Request and the ITR-OTK, as part of a new ECM
>>        message.  As described in Section 5.6, the LISP Mapping System
>>        delivers the ECM to the appropriate Map-Server, as identified by
>>        the EID destination address of the Map-Request.
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 5]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     o  The Map-Server is configured with the location mappings and policy
>>        information for the ETR responsible for the EID destination
>>        address.  Using this preconfigured information, the Map-Server,
>>        after the decapsulation of the ECM message, finds the longest
>>        match EID-prefix that covers the requested EID in the received
>>        Map-Request.  The Map-Server adds this EID-prefix, together with
>>        an HMAC computed using the ITR-OTK, to a new Encapsulated Control
>>        Message that contains the received Map-Request.
>>
>>     o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>>        Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
>>        in the Encapsulated Control Message that the Map-Server uses to
>>        forward the Map-Request to the ETR.  To provide MS-OTK
>>        confidentiality over the path between the Map-Server and the ETR,
>>        the MS-OTK should
> This “should” should be a “SHOULD”  (sorry for the cacophony…)

Ok.
>
> Why not using “MUST”???
> Are you suggesting that a different way to provide confidentiality can 
> be used (e.g. a different shared key)???
> If yes, please state so.
>
> Or are you suggesting that no encryption at all is used? But this 
> means not providing confidentiality…
> Can you clarify?

Same as above.

>
>> be encrypted using the key shared between the
>>        ETR and the Map-Server in order to secure ETR registration
>>        [RFC6833].
>>
>>     o  If the Map-Server is acting in proxy mode, as specified in
>>        [RFC6830], the ETR is not involved in the generation of the Map-
>>        Reply.  In this case the Map-Server generates the Map-Reply on
>>        behalf of the ETR as described below.
>>
>>     o  The ETR, upon receiving the ECM encapsulated Map-Request from the
>>        Map-Server, decrypts the MS-OTK, if needed, and originates a
>>        standard Map-Reply that contains the EID-to-RLOC mapping
>>        information as specified in [RFC6830].
>>
>>     o  The ETR computes an HMAC over this standard Map-Reply, keyed with
>>        MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>>        also copies the EID-prefix authorization data that the Map-Server
>>        included in the ECM encapsulated Map-Request into the Map-Reply
>>        message.  The ETR then sends this complete Map-Reply message to
>>        the requesting ITR.
>>
>>     o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>        ITR-OTK to verify the integrity of the EID-prefix authorization
>>        data included in the Map-Reply by the Map-Server.  The ITR
>>        computes the MS-OTK by applying the same KDF used by the Map-
>>        Server, and verifies the integrity of the Map-Reply.  If the
>>        integrity checks fail, the Map-Reply MUST be discarded.  Also, if
>>        the EID-prefixes claimed by the ETR in the Map-Reply are not equal
>>        or more specific than the EID-prefix authorization data inserted
>>        by the Map-Server, the ITR MUST discard the Map-Reply.
>>
>>
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 6]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>> 5.  LISP-SEC Control Messages Details
>>
>>     LISP-SEC metadata associated with a Map-Request is transported within
>>     the Encapsulated Control Message that contains the Map-Request.
>>
>>     LISP-SEC metadata associated with the Map-Reply is transported within
>>     the Map-Reply itself.
>>
>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>
>>     LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>     [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
>>     LISP header includes Authentication Data (AD).  The format of the
>>     LISP-SEC ECM Authentication Data is defined in the following figure.
>>     OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
>>     for EID Authentication Data.
>>
>>   0                   1                   2                   3
>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>> |              OTK Length       |       OTK Encryption ID       | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>> |                       One-Time-Key Preamble ...               | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
>> |                   ... One-Time-Key Preamble                   | |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>> ~                      One-Time Key (128 bits)                  ~/
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>> |           EID-AD Length       |           KDF ID              |     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>> ~                          EID-prefix ...                       ~ |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>> ~                            EID HMAC                           ~     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+
> I think that “rec” is mis-aligned and should be shifted one character 
> upward.

No. The row above is the portion of the header that specifies how many 
records will follow. Rec shows one Rec item, in the array of Records.  
It is consistent with 6830.



>
>>                       LISP-SEC ECM Authentication Data
>>
>>        AD Type: 1 (LISP-SEC Authentication Data)
> This is the first document starting to allocate values to the "AD 
> Type” value.
> Why not asking IANA to create a registry??
> (to be done in the IANA Considerations Section)


Ok.

>
>
>
>>        V: Key Version bit.  This bit is toggled when the sender switches
>>        to a new OTK wrapping key
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 7]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>
>>        Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>>        Section 5.4 for details.
>>
>>        OTK Length: The length (in bytes) of the OTK Authentication Data
>>        (OTK-AD), that contains the OTK Preamble and the OTK.
>>
>>        OTK Encryption ID: The identifier of the key wrapping algorithm
>>        used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>        unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>>        NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>
>>        One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
>>        the OTK is encrypted, this field may carry additional metadata
>>        resulting from the key wrapping operation.  When a 128-bit OTK is
>>        sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>        0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>
>>        One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>        Encryption ID.  See Section 5.5 for details.
>>
>>        EID-AD Length: length (in bytes) of the EID Authentication Data
>>        (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>>        fills the KDF ID field, and all the remaining fields part of the
>>        EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>        records.  Each EID-record is 4-byte long plus the length of the
>>        AFI-encoded EID-prefix.
>>
>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>        the MS-OTK.  The ITR SHOULD use this field to indicate the
>>        recommended KDF algorithm, according to local policy.
> I am not sure I understand the rationale of this “SHOULD”. If for any 
> reason the ITR does not indicate the KDF ID what are the consequences?

That should be a MAY, I believe,

The ITR can specify "no preference" for KDF ID, using a value of 0.

In the ITR processing section 5.4,  we should add to

The KDF ID field, specifies the suggested key derivation function to
    be used by the Map-Server to derive the MS-OTK.


a text like: "A KDF ID value of 0 (NONE), MAY be used to specify that 
the ITR has no preferred KDF ID".



> Is the MS free to choose the algorithm? This should be clarified.
This is specified in section 5.7.

"

The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
    the ITR-OTK received with the Map-Request.  MS-OTK is derived
    applying the key derivation function specified in the KDF ID field.
    If the algorithm specified in the KDF ID field is not supported, the
    Map-Server uses a different algorithm to derive the key and updates
    the KDF ID field accordingly.

"



>
>>   The Map-
>>        Server can overwrite the KDF ID if it does not support the KDF ID
>>        recommended by the ITR.
> What happens if the MS will choose a KDF ID not supported by the ITR?
> Can you clarify how to solve this situation or explain why this will 
> never happen?

This is specified in 5.4, ITR processing.

"

To verify the integrity of the PKT-AD, first the MS-OTK is derived
    from the locally stored ITR-OTK using the algorithm specified in the
    KDF ID field.  This is because the PKT-AD is generated by the ETR
    using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
    KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
    Reply and send, at the first opportunity it needs to, a new Map-
    Request with a different KDF ID, according to ITR's local policy.

"


There are two typical use cases:
- strict KDF ID policy: ITR specifiy a KDF ID, and will discard 
map-reply with different KDF IDs. If local policy allows, another 
map-request will be sent with a different KDF ID
- loose KDF ID policy: ITR specify KDF ID = none, and will accept 
map-reply with any KDF ID (if supported by ITR). If received KDF is not 
supported the ITR shall drop the map-reply


>
>> See Section 5.4 for more details.
>>
>>        Record Count: The number of records in this Map-Request message.
>>        A record is comprised of the portion of the packet that is labeled
>>        'Rec' above and occurs the number of times equal to Record Count.
>>
>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>
>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>        integrity of the EID-AD.  This field is filled by Map-Server that
>>        computed the EID-prefix HMAC.  See Section 5.4 for more details.
>>
>>        EID mask-len: Mask length for EID-prefix.
>>
>>        EID-AFI: Address family of EID-prefix according to [RFC5226]
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 8]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>        EID-prefix: The Map-Server uses this field to specify the EID-
>>        prefix that the destination ETR is authoritative for, and is the
>>        longest match for the requested EID.
>>
>>        EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>        to 0.  The HMAC covers the entire EID-AD.
>>
>> 5.2.  Map-Reply LISP-SEC Extensions
>>
>>     LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
>>     and S bit set to 1 to indicate that the Map-Reply message includes
>>     Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>     Authentication Data is defined in the following figure.  PKT-AD is
>>     the Packet Authentication Data that covers the Map-Reply payload.
>>
>>   0                   1                   2                   3
>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> |    AD Type    |                 Reserved                      |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>> |           EID-AD Length       |           KDF ID              |     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>> ~                          EID-prefix ...                       ~ |   |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>> ~                            EID HMAC                           ~     |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>> |         PKT-AD Length         |         PKT HMAC ID           |\
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>> ~                            PKT HMAC                           ~ PKT-AD
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>
>>                    LISP-SEC Map-Reply Authentication Data
>>
>>        AD Type: 1 (LISP-SEC Authentication Data)
> Shouldn’t this be a different value? This AD  format is different from 
> the one described in section 5.1!
> Another reason to ask IANA for a registry….

One is the LISP-SEC authentication data that applies to the ECM message 
(when S-bit = 1), the other is the LISP-SEC authentication data that 
applies to the Map-Reply (when S-bit = 1).

Those are extensions of two different messages (ECM and map-reply), and 
they are both identified by an AD Type (that happens to be set to value 
1 for both).

Yes, the AD type space is different so we will need two IANA registries.


Question for the co-auhtors: should we change the name to 'ECM AD Type' 
and 'Map-Reply AD Type'?



>
>
>>        EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>        contain multiple EID-records.  Each EID-record is 4-byte long plus
>>        the length of the AFI-encoded EID-prefix.
>>
>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>        MS-OTK.  See Section 5.7 for more details.
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                 [Page 9]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>        Record Count: The number of records in this Map-Reply message.  A
>>        record is comprised of the portion of the packet that is labeled
>>        'Rec' above and occurs the number of times equal to Record Count.
>>
>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>
>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>        integrity of the EID-AD.  See Section 5.7 for more details.
>>
>>        EID mask-len: Mask length for EID-prefix.
>>
>>        EID-AFI: Address family of EID-prefix according to [RFC5226].
>>
>>        EID-prefix: This field contains an EID-prefix that the destination
>>        ETR is authoritative for, and is the longest match for the
>>        requested EID.
>>
>>        EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>        to 0.  The HMAC covers the entire EID-AD.
>>
>>        PKT-AD Length: length (in bytes) of the Packet Authentication Data
>>        (PKT-AD).
>>
>>        PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
>>        integrity of the Map-reply Location Data.
> “Location Data” is something nowhere defined. Can you clarify what do 
> you mean?

we can just remove 'Location Data'


>
>
>>        PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
>>        SEC Authentication Data.  The scope of the authentication goes
>>        from the Map-Reply Type field to the PKT HMAC field included.
>>        Before computing the HMAC operation the PKT HMAC field MUST be set
>>        to 0.  See Section 5.8 for more details.
>>
>> 5.3.  Map-Register LISP-SEC Extentions
>>
>>     The second bit after the Type field in a Map-Register message is
>>     allocated as the S bit.
> I would better explain that this document is allocating a bit marked 
> as reserved in 6830.

Ok. We will need to reflect this in 6830bis as well.

> Furthermore, at the cost of being redundant, I would put the packet 
> format highlighting the position of the bit so that there is no 
> confusion whatsoever.

We wanted to  explicitly avoid to include the format of messages when 
already defined in other documents, so we point rather than copy. If we 
address this in 6830bis, the problem will be solved.


>
>> The S bit indicates to the Map-Server that
>>     the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
>>     SEC MUST set the S bit in its Map-Register messages.
>>
>> 5.4.  ITR Processing
>>
>>     Upon creating a Map-Request, the ITR generates a random ITR-OTK that
>>     is stored locally, together with the nonce generated as specified in
>>     [RFC6830].
>>
>>     The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
>>     1, to indicate the presence of Authentication Data.  If the ITR and
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 10]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     the Map-Resolver are configured with a shared key,
> In section 4 you seem to suggest that this is not the only way to 
> protect the OTK (see my comment).
> Here instead you suggest that a shared key is the only way.


Right. Here it says what to do IF there is a shared key, that is 
consistent with the SHOULD above.


>>   the ITR-OTK
>>     confidentiality SHOULD be protected by wrapping the ITR-OTK with the
>>     algorithm specified by the OTK Encryption ID field.
> Not clear what this “SHOULD” refers to.
> IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD 
> encrypt.
> Or the choice of the algorithm? The ITR SHOULD use the algorithm 
> specified by the OTK Encryption ID?
> The second case looks impossible since is the ITR is choosing the 
> algorithm. May be the sentence can be rewritten.

SHOULD refers to protecting the confidentiality of the ITR-OTK. Maybe 
the 'by' should be replaced by 'with'?

>
> Similarly to previous comment: Why it is not a MUST?
Same as other SHOULD.



>>   See Section 5.5
>>     for further details on OTK encryption.
>>
>>     The Requested HMAC ID field contains the suggested HMAC algorithm to
>>     be used by the Map-Server and the ETR to protect the integrity of the
>>     ECM Authentication data and of the Map-Reply.
>>
> What happens if the MS will choose a HMAC not supported by the ETR or 
> the ITR?
> Can you clarify how to solve this situation or explain why this will 
> never happen?

This is described 5 paragraphs below:

"

If the EID HMAC ID field does
    not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
    and send, at the first opportunity it needs to, a new Map-Request
    with a different Requested HMAC ID field, according to ITR's local
    policy.

"


>
>>     The KDF ID field, specifies the suggested key derivation function to
>>     be used by the Map-Server to derive the MS-OTK.
>
> What happens if the MS will choose a KDF ID not supported by the ITR?
> Can you clarify how to solve this situation or explain why this will 
> never happen?

This is described a few paragraphs below:
"

If the KDF ID in the Map-Reply does not match the
    KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
    Reply and send, at the first opportunity it needs to, a new Map-
    Request with a different KDF ID, according to ITR's...

"

>
>>     The EID-AD length is set to 4 bytes, since the Authentication Data
>>     does not contain EID-prefix Authentication Data, and the EID-AD
>>     contains only the KDF ID field.
>>
>>     In response to an encapsulated Map-Request that has the S-bit set, an
>>     ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>     EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
>>     ITR MUST discard it.  In response to an encapsulated Map-Request with
>>     S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
>>     the ITR SHOULD discard the Map-Reply if the S-bit is set.
> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there is 
> no AD, hence no OTK, how can the ITR decrypt the reply?????
> It MUST discard…..

If S-bit = 0 there's no Authentication Data. The Map-reply is in clear, 
and can be read.

Here again the SHOULD leaves open to ITR local policy that can be strict 
(drop anything not authenticated) or loose (accept unauthenticated 
map-reply).

There are use cases where LISP-SEC is not deployed everywhere, where the 
ITR might have to use loose policy.


>
>
>>     Upon receiving a Map-Reply, the ITR must verify the integrity of both
>>     the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>>     the integrity checks fails.
>>
>>     The integrity of the EID-AD is verified using the locally stored ITR-
>>     OTK to re-compute the HMAC of the EID-AD using the algorithm
>>     specified in the EID HMAC ID field.  If the EID HMAC ID field does
>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
> Why is this a SHOULD? If it supports the HMAC Algorithm why not 
> decrypt? Shouldn’t this be a “MAY”, according to internal policy?

because this could be used by an attacker to force weaker HMACs (e.g. 
MD5). The SHOULD leaves open the door to not discarding, according to 
local policy.




>>     and send, at the first opportunity it needs to, a new Map-Request
>>     with a different Requested HMAC ID field, according to ITR's local
>>     policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
>>     the HMAC.
> Shouldn’t the MS do the same thing? Otherwise different values will be 
> obtained. This is not specified in the MS functioning description.

good catch. Actually it's a typo here, the EID HMAC field should be set 
to 0 (that is consistent with section 5.7), not the EID HMAC ID that 
should not be touched.


The ITR MUST set the EID HMAC ID field to 0 before computing
    the HMAC.

should change to

The scope of the HMAC operation covers the
    entire EID-AD, from the EID-AD Length field to the EID HMAC field,
    which must be set to 0 before the computation.


>>     To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>     from the locally stored ITR-OTK using the algorithm specified in the
>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>     Reply and send, at the first opportunity it needs to, a new Map-
>>     Request with a different KDF ID, according to ITR's local policy.
>>     The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
>>     using the Algorithm specified in the PKT HMAC ID field.  If the PKT
>>     HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>     discard the Map-Reply and send, at the first opportunity it needs to,
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 11]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     a new Map-Request with a different Requested HMAC ID according to
>>     ITR's local policy.
>>
>>     Each individual Map-Reply EID-record is considered valid only if: (1)
>>     both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>     EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>>     contained in the EID-AD is not empty.  After identifying the Map-
>>     Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>>     record to the value of the intersection set computed before, and adds
>>     the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>>     [RFC6830].  An example of Map-Reply record validation is provided in
>>     Section 5.4.1.
>>
>>     The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>     system in order to receive a secure Map-Reply.
> I do not understand this “SHOULD”.  This has consequences in the 
> choice how to react to SMR. This is a local policy.
> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR 
> triggered Map-Request MUST be sent through the mapping system.
so the _if_ is what makes that MUST a SHOULD... According to local 
policy the ITR SHOULD send the SMR.
>> If an ITR accepts
>>     piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>>     mapping system in order to securely verify the piggybacked Map-Reply.
> Same as above.
>> 5.4.1.  Map-Reply Record Validation
>>
>>     The payload of a Map-Reply may contain multiple EID-records.  The
>>     whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>>     integrity protection and origin authentication to the EID-prefix
>>     records claimed by the ETR.  The Authentication Data field of a Map-
>>     Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
>>     signed by the Map-Server, with the EID HMAC, to provide integrity
>>     protection and origin authentication to the EID-prefix records
>>     inserted by the Map-Server.
>>
>>     Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>>     the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
>>     one of the HMACs is not valid, a log message is issued and the Map-
>>     Reply is not processed any further.
> I think “log message" is too much implementation specific.
> If there is a notification, and how this notification is done, is 
> implementation specific IMHO.
Ok. 'a log message is issued' will change to 'a log action should be 
taken'. The point is that there could be an attack behind it, and we 
want to record the event
>> If both HMACs are valid, the ITR
>>     proceeds with validating each individual EID-record claimed by the
>>     ETR by computing the intersection of each one of the EID-prefix
>>     contained in the payload of the Map-Reply with each one of the EID-
>>     prefixes contained in the EID-AD.  An EID-record is valid only if at
>>     least one of the intersections is not the empty set.
>>
>>     For instance, the Map-Reply payload contains 3 mapping record EID-
>>     prefixes:
>>
>>        1.1.1.0/24
>>
>>        1.1.2.0/24
>>
>>        1.2.0.0/16
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 12]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     The EID-AD contains two EID-prefixes:
>>
>>        1.1.2.0/24
>>
>>        1.2.3.0/24
>>
>>     The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>     log message is issued.
> I think “log message" is too much implementation specific.
> If there is a notification, and how this notification is done, is 
> implementation specific IMHO.
ok. Same as above.
>>     The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
>>     because it matches the second EID-prefix contained in the EID-AD.
>>
>>     The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>     log message is issued.
> I think “log message" is too much implementation specific.
> If there is a notification, and how this notification is done, is 
> implementation specific IMHO.
ok. Same as above
>>    In this last example the ETR is trying to
>>     over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>     only 1.2.3.0/24, hence the EID-record is discarded.
> Reading the example I am not sure I would follow this behaviour.
> Only 1 record out of 3 is valid so why should I actually trust the ETR 
> instead of throwing everything away?
> Can you explain ???
The other two records are validated by the MS, so there is no reason to 
throw those away.
>> 5.4.2.  PITR Processing
>>
>>     The processing performed by a PITR is equivalent to the processing of
>>     an ITR.  However, if the PITR is directly connected to the ALT,
> This would be LISP+ALT. Pleas add a reference to 6836.
ok.
>> the
>>     PITR performs the functions of both the ITR and the Map-Resolver
>>     forwarding the Map-Request encapsulated in an ECM header that
>>     includes the Authentication Data fields as described in Section 5.6.
>>
>> 5.5.  Encrypting and Decrypting an OTK
>>
>>     MS-OTK confidentiality is required in the path between the Map-Server
>>     and the ETR, the MS-OTK SHOULD
> If confidentiality is required why there is not a MUST?
Same.
>>   be encrypted using the preconfigured
>>     key shared between the Map-Server and the ETR for the purpose of
>>     securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>     confidentiality is required in the path between the ITR and the Map-
>>     Resolver, the ITR-OTK SHOULD
> Again, if confidentiality is required why there is not a MUST?
Same.
>> be encrypted with a key shared between
>>     the ITR and the Map-Resolver.
>>
>>     The OTK is encrypted using the algorithm specified in the OTK
>>     Encryption ID field.  When the AES Key Wrap algorithm is used to
>>     encrypt a 128-bit OTK, according to [RFC3339],
> The correct RFC is 3394.
ok.
>>   the AES Key Wrap
>>     Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>     The output of the AES Key Wrap operation is 192-bit long.  The most
>>     significant 64-bit are copied in the One-Time Key Preamble field,
>>     while the 128 less significant bits are copied in the One-Time Key
>>     field of the LISP-SEC Authentication Data.
>>
>>     When decrypting an encrypted OTK the receiver MUST verify that the
>>     Initialization Value resulting from the AES Key Wrap decryption
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 13]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
>>     the receiver MUST discard the entire message.
>>
>>     When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>>     to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>     0x0000000000000000 (64 bits).
>>
>> 5.6.  Map-Resolver Processing
>>
>>     Upon receiving an encapsulated Map-Request with the S-bit set, the
>>     Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>     encrypted, is decrypted as specified in Section 5.5.
>>
>>     The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>     header with the S-bit set, that contains the unencrypted ITR-OTK, as
>>     specified in Section 5.5, and the other data derived from the ECM
>>     Authentication Data of the received encapsulated Map-Request.
> Few points on this last paragraph:
> - You assume that there is no need of confidentiality inside the 
> Mapping System?
> - Why not stating that encryption inside the mapping system is mapping 
> system specify and out of scope of this document?
ok. as it was pointed out above.
> - Why are you assuming that all of the Mapping system will use ECM? 
> Future Mapping system may use soemthos different. The important point 
> is to ship the AD along.
good point, and I agree with your suggestion to fix this below.
>>     The Map-Resolver then forwards
> to whom? 
ok. add 'to the Map-Server'
>>   the received Map-Request, encapsulated
>>     in the new ECM header that includes the newly computed Authentication
>>     Data fields.
> As for my comment of the previous paragraph I would be more generic 
> stating that the MR will hand over the request to the mapping system.
> You can still provide the example of DDT using ECM.
right.
>> 5.7.  Map-Server Processing
>>
>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>     the Map-Server process the Map-Request according to the value of the
>>     S-bit contained in the Map-Register sent by the ETR during
>>     registration.
>>
>>     If the S-bit contained in the Map-Register was clear the Map-Server
>>     decapsulates the ECM and generates a new ECM encapsulated Map-Request
>>     that does not contain an ECM Authentication Data, as specified in
>>     [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>     processing.
> This equivalent to not using LISP-SEC. Please specify that the 
> Map-Reply will be not protected.
ok.
>>     If the S-bit contained in the Map-Register was set the Map-Server
>>     decapsulates the ECM and generates a new ECM Authentication Data.
>>     The Authentication Data includes the OTK-AD and the EID-AD, that
>>     contains EID-prefix authorization information, that are ultimately
>>     sent to the requesting ITR.
>>
>>     The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>     applying the key derivation function specified in the KDF ID field.
>>     If the algorithm specified in the KDF ID field is not supported, the
>>     Map-Server uses a different algorithm to derive the key and updates
>>     the KDF ID field accordingly.
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 14]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     The Map-Server and the ETR MUST be configured with a shared key for
>>     mapping registration according to [RFC6833].  If MS-OTK
>>     confidentiality is required, then the MS-OTK SHOULD be encrypted,
> Again, if confidentiality is required why there is not a MUST? 
same as above.
>>   by
>>     wrapping the MS-OTK with the algorithm specified by the OTK
>>     Encryption ID field as specified in Section 5.5.
>>
>>     The Map-Server includes in the EID-AD the longest match registered
>>     EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>>     The HMAC is keyed with the ITR-OTK contained in the received ECM
>>     Authentication Data, and the HMAC algorithm is chosen according to
>>     the Requested HMAC ID field.  If The Map-Server does not support this
>>     algorithm, the Map-Server uses a different algorithm and specifies it
>>     in the EID HMAC ID field.  The scope of the HMAC operation covers the
>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>     which must be set to 0 before the computation.
>>
>>     The Map-Server then forwards the updated ECM encapsulated Map-
>>     Request, that contains the OTK-AD, the EID-AD, and the received Map-
>>     Request to an authoritative ETR as specified in [RFC6830].
>>
>> 5.7.1.  Map-Server Processing in Proxy mode
>>
>>     If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>     specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>     includes the Authentication Data that contains the EID-AD, computed
>>     as specified in Section 5.7, as well as the PKT-AD computed as
>>     specified in Section 5.8.
>>
>> 5.8.  ETR Processing
>>
>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>     the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>>     is decrypted as specified in Section 5.5 to obtain the unencrypted
>>     MS-OTK.
>>
>>     The ETR then generates a Map-Reply as specified in [RFC6830] and
>>     includes the Authentication Data that contains the EID-AD, as
>>     received in the encapsulated Map-Request, as well as the PKT-AD.
>>
>>     The EID-AD is copied from the Authentication Data of the received
>>     encapsulated Map-Request.
>>
>>     The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>     with the MS-OTK and computed using the HMAC algorithm specified in
>>     the Requested HMAC ID field of the received encapsulated Map-Request.
>>     If the ETR does not support the Requested HMAC ID, it uses a
>>     different algorithm and updates the PKT HMAC ID field accordingly.
>>     The scope of the HMAC operation covers the entire PKT-AD, from the
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 15]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     Map-Reply Type field to the PKT HMAC field, which must be set to 0
>>     before the computation.
>>
>>     Finally the ETR sends the Map-Reply to the requesting ITR as
>>     specified in [RFC6830].
>>
>> 6.  Security Considerations
>>
>> 6.1.  Mapping System Security
>>
>>     The LISP-SEC threat model described in Section 3, assumes that the
>>     LISP Mapping System is working properly and eventually delivers Map-
>>     Request messages to a Map-Server that is authoritative for the
>>     requested EID.
>>
> As for a previous comment, can you elaborate if OTK confidentiality is 
> required in the mapping system and what are the consequences?
ok.
>>     Map-Register security, including the right for a LISP entity to
>>     register an EID-prefix or to claim presence at an RLOC, is out of the
>>     scope of LISP-SEC.
>>
>> 6.2.  Random Number Generation
>>
>>     The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
>>     strong random) source.  See [RFC4086] for advice on generating
>>     security-sensitive random data
>>
>> 6.3.  Map-Server and ETR Colocation
>>
>>     If the Map-Server and the ETR are colocated, LISP-SEC does not
>>     provide protection from overclaiming attacks mounted by the ETR.
>>     However, in this particular case, since the ETR is within the trust
>>     boundaries of the Map-Server, ETR's overclaiming attacks are not
>>     included in the threat model.
>>
>> 7.  IANA Considerations
> This section is not conform to RFC 5226.
> There right way to go is to ask IANA to create three new registries, 
> for HMAC, Key Wrap, and Key Derivation functions.
> Define what is the allocation process (in light of the size of the 
> field FCFS should not cause any problem IMHO)
> Then ask to populate the registries as already described.
Ok, so each one of the sections 7.x will say: IANA is requested to 
create a new <registry-name>  registry for use ...
>> 7.1.  HMAC functions
>>
>>     The following HMAC ID values are defined by this memo for use as
>>     Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>     Authentication Data:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 16]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>               Name                     Number        Defined In
>>               -------------------------------------------------
>>               NONE                     0
>>               AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>               AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>
>>               values 2-65535 are reserved to IANA.
>>
>>                                HMAC Functions
>>
>>     AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
>>     supported.
>>
>> 7.2.  Key Wrap Functions
>>
>>     The following OTK Encryption ID values are defined by this memo for
>>     use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>     Data:
>>
>>               Name                     Number        Defined In
>>               -------------------------------------------------
>>               NULL-KEY-WRAP-128        1
>>               AES-KEY-WRAP-128         2             [RFC3394]
>>
>>               values 0 and 3-65535 are reserved to IANA.
>>
>>                              Key Wrap Functions
>>
>>     NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>
>>     NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
>>     64-bit preamble set to 0x0000000000000000 (64 bits).
>>
>> 7.3.  Key Derivation Functions
>>
>>     The following KDF ID values are defined by this memo for use as KDF
>>     ID in the LISP-SEC Authentication Data:
>>
>>               Name                     Number        Defined In
>>               -------------------------------------------------
>>               NONE                     0
>>               HKDF-SHA1-128            1             [RFC5869]
>>
>>               values 2-65535 are reserved to IANA.
>>
>>                           Key Derivation Functions
>>
>>     HKDF-SHA1-128 MUST be supported
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 17]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>> 8.  Acknowledgements
>>
>>     The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
>>     Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>     Noll for their valuable suggestions provided during the preparation
>>     of this document.
>>
>> 9.  Normative References
> Please Check your reference, this is the output if the nits tool:
> Checking references for intended status: Experimental
>   
> ----------------------------------------------------------------------------
>   == Missing Reference: 'RFC3339' is mentioned on line 602, but not 
> defined
>   == Missing Reference: 'RFC4634' is mentioned on line 752, but not 
> defined
>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
ok.
>>     [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>>                Hashing for Message Authentication", RFC 2104,
>>                DOI 10.17487/RFC2104, February 1997,
>>                <http://www.rfc-editor.org/info/rfc2104>.
>>
>>     [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>                Requirement Levels", BCP 14, RFC 2119,
>>                DOI 10.17487/RFC2119, March 1997,
>>                <http://www.rfc-editor.org/info/rfc2119>.
>>
>>     [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>>                (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
>>                September 2002, <http://www.rfc-editor.org/info/rfc3394>.
>>
>>     [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>                "Randomness Requirements for Security", BCP 106, RFC 4086,
>>                DOI 10.17487/RFC4086, June 2005,
>>                <http://www.rfc-editor.org/info/rfc4086>.
>>
>>     [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>>                IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>>                DOI 10.17487/RFC5226, May 2008,
>>                <http://www.rfc-editor.org/info/rfc5226>.
>>
>>     [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
>>                Key Derivation Function (HKDF)", RFC 5869,
>>                DOI 10.17487/RFC5869, May 2010,
>>                <http://www.rfc-editor.org/info/rfc5869>.
>>
>>     [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>>                Locator/ID Separation Protocol (LISP)", RFC 6830,
>>                DOI 10.17487/RFC6830, January 2013,
>>                <http://www.rfc-editor.org/info/rfc6830>.
>>
>>     [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>                Protocol (LISP) Map-Server Interface", RFC 6833,
>>                DOI 10.17487/RFC6833, January 2013,
>>                <http://www.rfc-editor.org/info/rfc6833>.
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 18]
>> 
>> Internet-Draft                  LISP-SEC                    October 2016
>>
>>
>>     [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>>                Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>                DOI 10.17487/RFC7835, April 2016,
>>                <http://www.rfc-editor.org/info/rfc7835>.
>>
>> Authors' Addresses
>>
>>     Fabio Maino
>>     Cisco Systems
>>     170 Tasman Drive
>>     San Jose, California  95134
>>     USA
>>
>>     Email:fmaino@cisco.com <mailto:fmaino@cisco.com>
>>
>>
>>     Vina Ermagan
>>     Cisco Systems
>>     170 Tasman Drive
>>     San Jose, California  95134
>>     USA
>>
>>     Email:vermagan@cisco.com <mailto:vermagan@cisco.com>
>>
>>
>>     Albert Cabellos
>>     Technical University of Catalonia
>>     c/ Jordi Girona s/n
>>     Barcelona  08034
>>     Spain
>>
>>     Email:acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>
>>
>>     Damien Saucez
>>     INRIA
>>     2004 route des Lucioles - BP 93
>>     Sophia Antipolis
>>     France
>>
>>     Email:damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Maino, et al.             Expires April 6, 2017                [Page 19]


--------------A696BA6F50A99C0C7D5CC4FB
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Ciao Luigi, <br>
      below I have replied to each comment. I'm working to the updated
      text, that I will send as soon as it is ready. ideally we might be
      able to publish a new version before draft deadline. <br>
      <br>
      Just a note on the most recurring comment: SHOULD vs. MUST. <br>
      <br>
      The use of SHOULD across the document is according to RFC 2119: <br>
      <br>
      <meta charset="utf-8">
      <pre style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><span class="h2" style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;"><h2 style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;">SHOULD  </h2></span> This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.</pre>
      <br>
      <br>
      There are use cases where, carefully weighing the implications,
      some of the security services of LISP-SEC can be turned-off. We
      want to leave implementors the freedom to allow this flexibility.
      <br>
      <br>
      For example, in a DC deployment it may make sense to turn off OTK
      decryption between XTR and MS/MR, as MiTM is very unlikely. <br>
      <br>
      Similarly, an ITR may decide to implement a loose policy on
      accepting an AD authenticated with an algorithm different from the
      preferred authentication algorithm expressed by the ITR. Using a
      MUST would force support of a given authentication algorithm
      across each and every MS and ETR, that might not be the case when
      incrementally deploying LISP-SEC (or while upgrading routers). <br>
      <br>
      Using a MUST would prevent this flexibility, that we would like to
      leave to the implementors. <br>
      <br>
      <br>
      <br>
      <br>
      <br>
      On 10/19/16 8:06 AM, Luigi Iannone wrote:<br>
    </div>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <div class="">Dear Authors of the LISP-SEC document,</div>
      <div class=""><br class="">
      </div>
      <div class="">hereafter my review of the document.</div>
      <div class="">This was long overdue, sorry for being so late.</div>
      <div class=""><br class="">
      </div>
      <div class="">I really like the solution and the majority of my
        comments are just clarification questions.</div>
      <div class="">Let me know if my comments are clear.</div>
      <div class=""><br class="">
      </div>
      <div class="">ciao</div>
      <div class=""><br class="">
      </div>
      <div class="">L.</div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
      </div>
      <blockquote type="cite" class="">
        <div class="">
          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre>
        </div>
      </blockquote>
      I find the above sentence confusing. Wouldn’t be better to specify
      that we are talking about IP addresses?</blockquote>
    <br>
    That's how LISP is described in RFC6830, section 1. If you start
    using the term IP address then you need to qualify if you are
    talking about Identity-IP or Locator-IP, so the sentence gets
    complicated pretty quickly. <br>
    <br>
    I would leave this one unchanged.<br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
      </div>
      <div class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If these EID-to-RLOC mappings, carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class="">I would put s forward reference to section 3
          stating that the reader will find details about the threat
          model.</div>
      </div>
    </blockquote>
    <br>
    OK. We can replace the sentence <br>
    <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">A detailed description of "overclaiming" attack is provided
   in [RFC7835]

with 

The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack. 
</pre>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class="">Why are you considering ITR-OTK and MS-OTK
          sub-terms? </div>
        <div class="">I would elevate them at full terms, hence avoiding
          spacing and indentation.</div>
      </div>
    </blockquote>
    <br>
    Ok. <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Encapsulated Control Message (ECM): A LISP control message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre>
          </div>
        </blockquote>
        <div class="">Why are you re-defining ECM? </div>
        <div class="">You do not specify other packets, e.g., Map-Reply,
          so why ECM?</div>
        <div class="">I would drop it.</div>
      </div>
    </blockquote>
    <br>
    It is not defined in the Definitions section of 6830. One would need
    to go through the body of 6830 to find it. <br>
    <br>
    I'll drop it, but we need to make sure that ECM gets into the
    definition section of 6830bis. <br>
    <br>
    Albert: are you looking into that document? Can you take care of
    this? <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Authentication Data (AD): Metadata that is included either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]

Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
        </div>
        <div class="">
          <div class="">Why are you considering OTK-AD, EID-AD, and
            PKT-AD sub-terms? </div>
          <div class="">I would elevate them at full terms, hence
            avoiding spacing and indentation.</div>
          <br class="">
        </div>
      </div>
    </blockquote>
    ok. <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   For definitions of other terms, notably Map-Request, Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre>
          </div>
        </blockquote>
        <div class="">LISP-SEC does not require OTK confidentiality in
          the mapping system. This should be discussed here.</div>
      </div>
    </blockquote>
    we could add to the above<br>
    <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">"and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System." 

How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo. 

</pre>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   According to the threat model described in [RFC7835] LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]

Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre>
          </div>
        </blockquote>
        <div class="">You did not define HMAC acronym. Please define and
          add a reference.</div>
      </div>
    </blockquote>
    <br>
    ok. <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      the integrity of the mapping data known to the Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre>
          </div>
        </blockquote>
        <div class="">Why not using “MUST”???</div>
        <div class="">Are you suggesting that a different way to provide
          confidentiality can be used (e.g. a different shared key)???</div>
        <div class="">If yes, please state so.</div>
        <div class=""><br class="">
        </div>
        <div class="">Or are you suggesting that no encryption at all is
          used? But this means not providing confidentiality…</div>
        <div class="">Can you clarify?</div>
        <div class=""><br class="">
        </div>
        (this very same comment will appear several time in this review)<br
          class="">
      </div>
    </blockquote>
    <br>
    We don't want to make the use of pre-shared key *mandatory* to all
    LISP deployments. There are deployments where the risk of MiTM
    between the xTR and the MS/MR may not justify the cost of
    provisioning a shared key (data centers, for example). <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using a preconfigured key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]

Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre>
          </div>
        </blockquote>
        <div class="">This “should” should be a “SHOULD”  (sorry for the
          cacophony…)</div>
      </div>
    </blockquote>
    <br>
    Ok. <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <div class="">
          <div class="">Why not using “MUST”???</div>
          <div class="">Are you suggesting that a different way to
            provide confidentiality can be used (e.g. a different shared
            key)???</div>
          <div class="">If yes, please state so.</div>
          <div class=""><br class="">
          </div>
          <div class="">Or are you suggesting that no encryption at all
            is used? But this means not providing confidentiality…</div>
          <div class="">Can you clarify?</div>
        </div>
      </div>
    </blockquote>
    <br>
    Same as above. <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using the key shared between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]

Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;—+
</pre>
          </div>
        </blockquote>
        <div class="">I think that “rec” is mis-aligned and should be
          shifted one character upward.</div>
      </div>
    </blockquote>
    <br>
    No. The row above is the portion of the header that specifies how
    many records will follow. Rec shows one Rec item, in the array of
    Records.  It is consistent with 6830.<br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">                     LISP-SEC ECM Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
          </div>
        </blockquote>
        <div class="">This is the first document starting to allocate
          values to the "AD Type” value. </div>
        <div class="">Why not asking IANA to create a registry??</div>
        <div class="">(to be done in the IANA Considerations Section) <br>
        </div>
      </div>
    </blockquote>
    <br>
    <br>
    Ok.<br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      V: Key Version bit.  This bit is toggled when the sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]

Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. </pre>
          </div>
        </blockquote>
        <div class="">I am not sure I understand the rationale of this
          “SHOULD”. If for any reason the ITR does not indicate the KDF
          ID what are the consequences?</div>
      </div>
    </blockquote>
    <br>
    That should be a MAY, I believe, <br>
    <br>
    The ITR can specify "no preference" for KDF ID, using a value of 0.
    <br>
    <br>
    In the ITR processing section 5.4,  we should add to <br>
    <br>
    <meta charset="utf-8">
    <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.</pre>
    <br>
    a text like: "A KDF ID value of 0 (NONE), MAY be used to specify
    that the ITR has no preferred KDF ID".  <br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class="">Is the MS free to choose the algorithm? This
          should be clarified.</div>
      </div>
    </blockquote>
    This is specified in section 5.7. <br>
    <br>
    "
    <meta charset="utf-8">
    <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.</pre>
    "<br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre>
          </div>
        </blockquote>
        <div class="">What happens if the MS will choose a KDF ID not
          supported by the ITR?</div>
        <div class="">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
      </div>
    </blockquote>
    <br>
    This is specified in 5.4, ITR processing. <br>
    <br>
    "
    <meta charset="utf-8">
    <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.</pre>
    " <br>
    <br>
    <br>
    There are two typical use cases: <br>
    - strict KDF ID policy: ITR specifiy a KDF ID, and will discard
    map-reply with different KDF IDs. If local policy allows, another
    map-request will be sent with a different KDF ID<br>
    - loose KDF ID policy: ITR specify KDF ID = none, and will accept
    map-reply with any KDF ID (if supported by ITR). If received KDF is
    not supported the ITR shall drop the map-reply<br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">See Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]

Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
          </div>
        </blockquote>
        <div class="">Shouldn’t this be a different value? This AD
           format is different from the one described in section 5.1!</div>
        <div class="">Another reason to ask IANA for a registry….</div>
      </div>
    </blockquote>
    <br>
    One is the LISP-SEC authentication data that applies to the ECM
    message (when S-bit = 1), the other is the LISP-SEC authentication
    data that applies to the Map-Reply (when S-bit = 1).  <br>
    <br>
    Those are extensions of two different messages (ECM and map-reply),
    and they are both identified by an AD Type (that happens to be set
    to value 1 for both). <br>
    <br>
    Yes, the AD type space is different so we will need two IANA
    registries. <br>
    <br>
    <br>
    Question for the co-auhtors: should we change the name to 'ECM AD
    Type' and 'Map-Reply AD Type'?<br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]

Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre>
          </div>
        </blockquote>
        <div class="">“Location Data” is something nowhere defined. Can
          you clarify what do you mean?</div>
      </div>
    </blockquote>
    <br>
    we can just remove 'Location Data'<br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre>
          </div>
        </blockquote>
        <div class="">I would better explain that this document is
          allocating a bit marked as reserved in 6830.</div>
      </div>
    </blockquote>
    <br>
    Ok. We will need to reflect this in 6830bis as well. <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class="">Furthermore, at the cost of being redundant, I
          would put the packet format highlighting the position of the
          bit so that there is no confusion whatsoever.</div>
      </div>
    </blockquote>
    <br>
    We wanted to  explicitly avoid to include the format of messages
    when already defined in other documents, so we point rather than
    copy. If we address this in 6830bis, the problem will be solved. <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class=""><br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The S bit indicates to the Map-Server that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]

Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared key,</pre>
          </div>
        </blockquote>
        In section 4 you seem to suggest that this is not the only way
        to protect the OTK (see my comment).</div>
      <div class="">Here instead you suggest that a shared key is the
        only way.<br class="">
      </div>
    </blockquote>
    <br>
    <br>
    Right. Here it says what to do IF there is a shared key, that is
    consistent with the SHOULD above. <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. </pre>
          </div>
        </blockquote>
        <div class="">Not clear what this “SHOULD” refers to.</div>
        <div class="">IS the SHOULD related to the fact to encrypt the
          OTK? The ITR SHOULD encrypt.</div>
        <div class="">Or the choice of the algorithm? The ITR SHOULD use
          the algorithm specified by the OTK Encryption ID?</div>
        <div class="">The second case looks impossible since is the ITR
          is choosing the algorithm. May be the sentence can be
          rewritten.</div>
      </div>
    </blockquote>
    <br>
    SHOULD refers to protecting the confidentiality of the ITR-OTK.
    Maybe the 'by' should be replaced by 'with'?<br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        Similarly to previous comment: Why it is not a MUST?<br class="">
      </div>
    </blockquote>
    Same as other SHOULD. <br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre>
          </div>
        </blockquote>
        <div class="">What happens if the MS will choose a HMAC not
          supported by the ETR or the ITR?</div>
        <div class="">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
      </div>
    </blockquote>
    <br>
    This is described 5 paragraphs below: <br>
    <br>
    "
    <meta charset="utf-8">
    <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  </pre>
    "<br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
          </div>
        </blockquote>
        <div class=""><br class="">
        </div>
        <div class="">What happens if the MS will choose a KDF ID not
          supported by the ITR?</div>
        <div class="">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
      </div>
    </blockquote>
    <br>
    This is described a few paragraphs below: <br>
    "
    <meta charset="utf-8">
    <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
    "<br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-AD length is set to 4 bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
          </div>
        </blockquote>
        <div class="">Why a “SHOULD”? If the Map-Request has S-bit=0 it
          mean that there is no AD, hence no OTK, how can the ITR
          decrypt the reply?????</div>
        <div class="">It MUST discard…..</div>
      </div>
    </blockquote>
    <br>
    If S-bit = 0 there's no Authentication Data. The Map-reply is in
    clear, and can be read. <br>
    <br>
    Here again the SHOULD leaves open to ITR local policy that can be
    strict (drop anything not authenticated) or loose (accept
    unauthenticated map-reply). <br>
    <br>
    There are use cases where LISP-SEC is not deployed everywhere, where
    the ITR might have to use loose policy.   <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div class=""><br class="">
        </div>
        <br class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Upon receiving a Map-Reply, the ITR must verify the integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre>
          </div>
        </blockquote>
        Why is this a SHOULD? If it supports the HMAC Algorithm why not
        decrypt? Shouldn’t this be a “MAY”, according to internal
        policy?<br class="">
      </div>
    </blockquote>
    <br>
    because this could be used by an attacker to force weaker HMACs
    (e.g. MD5). The SHOULD leaves open the door to not discarding,
    according to local policy. <br>
    <br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <blockquote type="cite" class="">
          <div class="">
            <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre>
          </div>
        </blockquote>
        <div class="">Shouldn’t the MS do the same thing? Otherwise
          different values will be obtained. This is not specified in
          the MS functioning description.</div>
      </div>
    </blockquote>
    <br>
    good catch. Actually it's a typo here, the EID HMAC field should be
    set to 0 (that is consistent with section 5.7), not the EID HMAC ID
    that should not be touched. <br>
    <br>
    <br>
    <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.

should change to 

<meta charset="utf-8">The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.<pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"></pre>
</pre>




<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">
</div>
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]

Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  </pre></div></blockquote><div class="">I do not understand this “SHOULD”.  This has consequences in the choice how to react to SMR. This is a local policy.</div><div class="">_If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR triggered Map-Request MUST be sent through the mapping system.</div></div></blockquote>
so the _if_ is what makes that MUST a SHOULD... According to local policy the ITR SHOULD send the SMR. 



<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">
</div>
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If an ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre></div></blockquote><div class="">Same as above.</div>
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.1.  Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre></div></blockquote><div class="">I think “log message" is too much implementation specific. </div><div class="">If there is a notification, and how this notification is done, is implementation specific IMHO.</div></div></blockquote>
Ok. 'a log message is issued' will change to 'a log action should be taken'. 

The point is that there could be an attack behind it, and we want to record the event 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class="">
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]

Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre></div></blockquote><div class="">I think “log message" is too much implementation specific. </div><div class="">If there is a notification, and how this notification is done, is implementation specific IMHO.</div></div></blockquote>
ok. Same as above. 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">
</div><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre></div></blockquote><div class="">I think “log message" is too much implementation specific. </div><div class="">If there is a notification, and how this notification is done, is implementation specific IMHO.</div></div></blockquote>
ok. Same as above


<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">
</div><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">  In this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre></div></blockquote><div class="">Reading the example I am not sure I would follow this behaviour.</div><div class="">Only 1 record out of 3 is valid so why should I actually trust the ETR instead of throwing everything away?</div><div class="">Can you explain ???</div></div></blockquote>
The other two records are validated by the MS, so there is no reason to throw those away. 



<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">
</div><div class="">
</div>
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.2.  PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, </pre></div></blockquote><div class="">This would be LISP+ALT. Pleas add a reference to 6836.</div></div></blockquote>
ok. 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class="">
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre></div></blockquote><div class="">If confidentiality is required why there is not a MUST?</div>
</div></blockquote>Same.

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre></div></blockquote>Again, if confidentiality is required why there is not a MUST?</div></blockquote>
Same. 
<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class="">
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted with a key shared between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to [RFC3339],</pre></div></blockquote><div class="">The correct RFC is 3394.</div></div></blockquote>
ok. 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class="">
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]

Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre></div></blockquote><div class="">Few points on this last paragraph:</div><div class="">- You assume that there is no need of confidentiality inside the Mapping System?</div><div class="">- Why not stating that encryption inside the mapping system is mapping system specify and out of scope of this document?</div></div></blockquote>ok. as it was pointed out above. 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">- Why are you assuming that all of the Mapping system will use ECM? Future Mapping system may use soemthos different. The important point is to ship the AD along.</div></div></blockquote>
good point, and I agree with your suggestion to fix this below. 


<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The Map-Resolver then forwards</pre></div></blockquote>to whom?
</div></blockquote>
ok. add 'to the Map-Server'

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the received Map-Request, encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre></div></blockquote><div class="">As for my comment of the previous paragraph I would be more generic stating that the MR will hand over the request to the mapping system.</div><div class="">
</div><div class="">You can still provide the example of DDT using ECM.</div></div></blockquote>
right. 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class="">
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.7.  Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre></div></blockquote><div class="">This equivalent to not using LISP-SEC. Please specify that the Map-Reply will be not protected.</div></div></blockquote>
ok. 
<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class="">
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   If the S-bit contained in the Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]

Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be encrypted,</pre></div></blockquote>Again, if confidentiality is required why there is not a MUST?
</div></blockquote>
same as above. 


<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]

Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre></div></blockquote><div class="">
</div><div class="">As for a previous comment, can you elaborate if OTK confidentiality is required in the mapping system and what are the consequences?</div><div class="">
</div>
</div></blockquote>
ok.

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Map-Register security, including the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre></div></blockquote><div class="">This section is not conform to RFC 5226.</div><div class="">
</div><div class="">There right way to go is to ask IANA to create three new registries, for HMAC, Key Wrap, and Key Derivation functions.</div><div class="">Define what is the allocation process (in light of the size of the field FCFS should not cause any problem IMHO)</div><div class="">
</div><div class="">Then ask to populate the registries as already described.</div></div></blockquote>

<meta charset="utf-8">
Ok, so each one of the sections 7.x will say: 

<meta charset="utf-8">IANA is requested to create a new &lt;registry-name&gt;  registry for use ... 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">
</div>
<blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">7.1.  HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]

Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]

Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre></div></blockquote><div class="">
</div><div class="">
</div><div class="">Please Check your reference, this is the output if the nits tool:</div><div class="">
</div><div class="">
</div><div class="">Checking references for intended status: Experimental</div><div class="">  ----------------------------------------------------------------------------</div><div class="">
</div><div class="">  == Missing Reference: 'RFC3339' is mentioned on line 602, but not defined</div><div class="">
</div><div class="">  == Missing Reference: 'RFC4634' is mentioned on line 752, but not defined</div><div class="">
</div><div class="">  ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)</div></div></blockquote>
ok. 

<blockquote cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" type="cite"><div class=""><div class="">
</div><blockquote type="cite" class=""><div class=""><pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2104" class="">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2119" class="">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc3394" class="">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc4086" class="">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5226" class="">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5869" class="">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6830" class="">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6833" class="">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]

Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc7835" class="">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:fmaino@cisco.com" class="">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:vermagan@cisco.com" class="">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a moz-do-not-send="true" href="mailto:acabello@ac.upc.edu" class="">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a moz-do-not-send="true" href="mailto:damien.saucez@inria.fr" class="">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page 19]</pre><div class="">
</div></div><div class="">
</div><div class="">
</div></blockquote>
<div class=""><div class="">
</div><div class="">
</div>
</div></div>


</blockquote><p>
</p></body></html>
--------------A696BA6F50A99C0C7D5CC4FB--


From nobody Fri Oct 21 16:37:19 2016
Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0505F1296D0; Fri, 21 Oct 2016 16:37:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.212
X-Spam-Level: 
X-Spam-Status: No, score=0.212 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, THIS_AD=2.704, T_DKIM_INVALID=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mjoGHdSweG1B; Fri, 21 Oct 2016 16:37:13 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC9EB12988F; Fri, 21 Oct 2016 16:34:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 94F8A245BD1; Fri, 21 Oct 2016 16:34:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1477092872; bh=OMLz6XZegrADJ2Lg5358LRAzGYW4gj6oDgcTU02EUIs=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=E7DMmwMdCqQxRfwVp7qTy1My1cLch2KUj7Adg3CPeMc8v14LJ8UkbPwUYa2HrcTYq EwxAMDglz0sH4eZeZk8JdN0/jljFYFSFr9qC+VijQeQo+TCatZNaiCwYuf5c857Tzx FWzu3wYsrn8rxkCvpq4GKPca0U/d8JycsiHdOkvw=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 9F2F5240FAB; Fri, 21 Oct 2016 16:34:30 -0700 (PDT)
To: Fabio Maino <fmaino@cisco.com>, Luigi Iannone <luigi.iannone@telecom-paristech.fr>, "Vina Ermagan (vermagan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien Saucez <damien.saucez@inria.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <c46e6c3f-2f5e-7776-bee7-60e4ff4feb44@joelhalpern.com>
Date: Fri, 21 Oct 2016 19:35:41 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/yjyCWeoB6qZg6djwftfbvk_5G_M>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Oct 2016 23:37:16 -0000

The usual practice, although there are exceptions, is to indicate along 
with the SHOULD the kinds of circumstances that would justify not 
complying with that SHOULD while implementing (most of) the rest of the RFC.

Yours,
Joel

On 10/21/16 7:23 PM, Fabio Maino wrote:
> Ciao Luigi,
> below I have replied to each comment. I'm working to the updated text,
> that I will send as soon as it is ready. ideally we might be able to
> publish a new version before draft deadline.
>
> Just a note on the most recurring comment: SHOULD vs. MUST.
>
> The use of SHOULD across the document is according to RFC 2119:
>
>
>     SHOULD
>
>  This word, or the adjective "RECOMMENDED", mean that there
>    may exist valid reasons in particular circumstances to ignore a
>    particular item, but the full implications must be understood and
>    carefully weighed before choosing a different course.
>
>
>
> There are use cases where, carefully weighing the implications, some of
> the security services of LISP-SEC can be turned-off. We want to leave
> implementors the freedom to allow this flexibility.
>
> For example, in a DC deployment it may make sense to turn off OTK
> decryption between XTR and MS/MR, as MiTM is very unlikely.
>
> Similarly, an ITR may decide to implement a loose policy on accepting an
> AD authenticated with an algorithm different from the preferred
> authentication algorithm expressed by the ITR. Using a MUST would force
> support of a given authentication algorithm across each and every MS and
> ETR, that might not be the case when incrementally deploying LISP-SEC
> (or while upgrading routers).
>
> Using a MUST would prevent this flexibility, that we would like to leave
> to the implementors.
>
>
>
>
>
> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>> Dear Authors of the LISP-SEC document,
>>
>> hereafter my review of the document.
>> This was long overdue, sorry for being so late.
>>
>> I really like the solution and the majority of my comments are just
>> clarification questions.
>> Let me know if my comments are clear.
>>
>> ciao
>>
>> L.
>>
>>
>>
>>> 1.  Introduction
>>>
>>>    The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>    functions for routers to exchange information used to map from non-
>>>    routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>>    (RLOCs).
>> I find the above sentence confusing. Wouldn’t be better to specify
>> that we are talking about IP addresses?
>
> That's how LISP is described in RFC6830, section 1. If you start using
> the term IP address then you need to qualify if you are talking about
> Identity-IP or Locator-IP, so the sentence gets complicated pretty quickly.
>
> I would leave this one unchanged.
>
>>
>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>    messages, are transmitted without integrity protection, an adversary
>>>    can manipulate them and hijack the communication, impersonate the
>>>    requested EID, or mount Denial of Service or Distributed Denial of
>>>    Service attacks.  Also, if the Map-Reply message is transported
>>>    unauthenticated, an adversarial LISP entity can overclaim an EID-
>>>    prefix and maliciously redirect traffic directed to a large number of
>>>    hosts.  A detailed description of "overclaiming" attack is provided
>>>    in [RFC7835].
>>>
>>>    This memo specifies LISP-SEC, a set of security mechanisms that
>>>    provides origin authentication, integrity and anti-replay protection
>>>    to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>    process.
>>
>> I would put s forward reference to section 3 stating that the reader
>> will find details about the threat model.
>
> OK. We can replace the sentence
>
> A detailed description of "overclaiming" attack is provided
>    in [RFC7835]
>
> with
>
> The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack.
>
>
>
>>
>>> LISP-SEC also enables verification of authorization on EID-
>>>    prefix claims in Map-Reply messages, ensuring that the sender of a
>>>    Map-Reply that provides the location for a given EID-prefix is
>>>    entitled to do so according to the EID prefix registered in the
>>>    associated Map-Server.  Map-Register security, including the right
>>>    for a LISP entity to register an EID-prefix or to claim presence at
>>>    an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>    considerations are described in Section 6.
>>>
>>> 2.  Definition of Terms
>>>
>>>       One-Time Key (OTK): An ephemeral randomly generated key that must
>>>       be used for a single Map-Request/Map-Reply exchange.
>>>
>>>
>>>
>>>          ITR-OTK: The One-Time Key generated at the ITR.
>>>
>>>          MS-OTK: The One-Time Key generated at the Map-Server.
>>
>> Why are you considering ITR-OTK and MS-OTK sub-terms?
>> I would elevate them at full terms, hence avoiding spacing and
>> indentation.
>
> Ok.
>
>>
>>>       Encapsulated Control Message (ECM): A LISP control message that is
>>>       prepended with an additional LISP header.  ECM is used by ITRs to
>>>       send LISP control messages to a Map-Resolver, by Map-Resolvers to
>>>       forward LISP control messages to a Map-Server, and by Map-
>>>       Resolvers to forward LISP control messages to an ETR.
>>>
>> Why are you re-defining ECM?
>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>> I would drop it.
>
> It is not defined in the Definitions section of 6830. One would need to
> go through the body of 6830 to find it.
>
> I'll drop it, but we need to make sure that ECM gets into the definition
> section of 6830bis.
>
> Albert: are you looking into that document? Can you take care of this?
>
>
>>
>>
>>>       Authentication Data (AD): Metadata that is included either in a
>>>       LISP ECM header or in a Map-Reply message to support
>>>       confidentiality, integrity protection, and verification of EID-
>>>       prefix authorization.
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                 [Page 3]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>          OTK-AD: The portion of ECM Authentication Data that contains a
>>>          One-Time Key.
>>>
>>>          EID-AD: The portion of ECM and Map-Reply Authentication Data
>>>          used for verification of EID-prefix authorization.
>>>
>>>          PKT-AD: The portion of Map-Reply Authentication Data used to
>>>          protect the integrity of the Map-Reply message.
>>
>>
>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
>> I would elevate them at full terms, hence avoiding spacing and
>> indentation.
>>
> ok.
>
>>
>>>    For definitions of other terms, notably Map-Request, Map-Reply,
>>>    Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>>>    (MS), and Map-Resolver (MR) please consult the LISP specification
>>>    [RFC6830].
>>>
>>> 3.  LISP-SEC Threat Model
>>>
>>>    LISP-SEC addresses the control plane threats, described in [RFC7835],
>>>    that target EID-to-RLOC mappings, including manipulations of Map-
>>>    Request and Map-Reply messages, and malicious ETR EID prefix
>>>    overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>>    mapping system is expected to deliver a Map-Request message to their
>>>    intended destination ETR as identified by the EID, and (2) no man-in-
>>>    the-middle (MITM) attack can be mounted within the LISP Mapping
>>>    System.  Furthermore, while LISP-SEC enables detection of EID prefix
>>>    overclaiming attacks, it assumes that Map-Servers can verify the EID
>>>    prefix authorization at time of registration.
>> LISP-SEC does not require OTK confidentiality in the mapping system.
>> This should be discussed here.
> we could add to the above
>
> "and (2) no man-in-
>    the-middle (MITM) attack can be mounted within the LISP Mapping
>    System."
>
> How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo.
>
>
>
>>
>>
>>>    According to the threat model described in [RFC7835] LISP-SEC assumes
>>>    that any kind of attack, including MITM attacks, can be mounted in
>>>    the access network, outside of the boundaries of the LISP mapping
>>>    system.  An on-path attacker, outside of the LISP mapping system can,
>>>    for example, hijack Map-Request and Map-Reply messages, spoofing the
>>>    identity of a LISP node.  Another example of on-path attack, called
>>>    overclaiming attack, can be mounted by a malicious Egress Tunnel
>>>    Router (ETR), by overclaiming the EID-prefixes for which it is
>>>    authoritative.  In this way the ETR can maliciously redirect traffic
>>>    directed to a large number of hosts.
>>>
>>> 4.  Protocol Operations
>>>
>>>    The goal of the security mechanisms defined in [RFC6830] is to
>>>    prevent unauthorized insertion of mapping data by providing origin
>>>    authentication and integrity protection for the Map-Registration, and
>>>    by using the nonce to detect unsolicited Map-Reply sent by off-path
>>>    attackers.
>>>
>>>    LISP-SEC builds on top of the security mechanisms defined in
>>>    [RFC6830] to address the threats described in Section 3 by leveraging
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                 [Page 4]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    the trust relationships existing among the LISP entities
>>>    participating to the exchange of the Map-Request/Map-Reply messages.
>>>    Those trust relationships are used to securely distribute a One-Time
>>>    Key (OTK) that provides origin authentication, integrity and anti-
>>>    replay protection to mapping data conveyed via the mapping lookup
>>>    process, and that effectively prevent overclaiming attacks.  The
>>>    processing of security parameters during the Map-Request/Map-Reply
>>>    exchange is as follows:
>>>
>>>    o  The ITR-OTK is generated and stored at the ITR, and securely
>>>       transported to the Map-Server.
>>>
>>>    o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
>> You did not define HMAC acronym. Please define and add a reference.
>
> ok.
>
>
>>
>>>       the integrity of the mapping data known to the Map-Server to
>>>       prevent overclaiming attacks.  The Map-Server also derives a new
>>>       OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>>       Derivation Function (KDF) to the ITR-OTK.
>>>
>>>    o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>>       integrity of the Map-Reply sent to the ITR.
>>>
>>>    o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>>>       of the mapping data provided by both the Map-Server and the ETR,
>>>       and to verify that no overclaiming attacks were mounted along the
>>>       path between the Map-Server and the ITR.
>>>
>>>    Section 5 provides the detailed description of the LISP-SEC control
>>>    messages and their processing, while the rest of this section
>>>    describes the flow of protocol operations at each entity involved in
>>>    the Map-Request/Map-Reply exchange:
>>>
>>>    o  The ITR, upon needing to transmit a Map-Request message, generates
>>>       and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>>>       Encapsulated Control Message (ECM) that contains the Map-Request
>>>       sent to the Map-Resolver.  To provide confidentiality to the ITR-
>>>       OTK over the path between the ITR and its Map-Resolver, the ITR-
>>>       OTK SHOULD
>> Why not using “MUST”???
>> Are you suggesting that a different way to provide confidentiality can
>> be used (e.g. a different shared key)???
>> If yes, please state so.
>>
>> Or are you suggesting that no encryption at all is used? But this
>> means not providing confidentiality…
>> Can you clarify?
>>
>> (this very same comment will appear several time in this review)
>
> We don't want to make the use of pre-shared key *mandatory* to all LISP
> deployments. There are deployments where the risk of MiTM between the
> xTR and the MS/MR may not justify the cost of provisioning a shared key
> (data centers, for example).
>
>
>>> be encrypted using a preconfigured key shared between
>>>       the ITR and the Map-Resolver, similar to the key shared between
>>>       the ETR and the Map-Server in order to secure ETR registration
>>>       [RFC6833].
>>>
>>>    o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>>>       OTK, if needed, and forwards through the Mapping System the
>>>       received Map-Request and the ITR-OTK, as part of a new ECM
>>>       message.  As described in Section 5.6, the LISP Mapping System
>>>       delivers the ECM to the appropriate Map-Server, as identified by
>>>       the EID destination address of the Map-Request.
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                 [Page 5]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    o  The Map-Server is configured with the location mappings and policy
>>>       information for the ETR responsible for the EID destination
>>>       address.  Using this preconfigured information, the Map-Server,
>>>       after the decapsulation of the ECM message, finds the longest
>>>       match EID-prefix that covers the requested EID in the received
>>>       Map-Request.  The Map-Server adds this EID-prefix, together with
>>>       an HMAC computed using the ITR-OTK, to a new Encapsulated Control
>>>       Message that contains the received Map-Request.
>>>
>>>    o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>>>       Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
>>>       in the Encapsulated Control Message that the Map-Server uses to
>>>       forward the Map-Request to the ETR.  To provide MS-OTK
>>>       confidentiality over the path between the Map-Server and the ETR,
>>>       the MS-OTK should
>> This “should” should be a “SHOULD”  (sorry for the cacophony…)
>
> Ok.
>>
>> Why not using “MUST”???
>> Are you suggesting that a different way to provide confidentiality can
>> be used (e.g. a different shared key)???
>> If yes, please state so.
>>
>> Or are you suggesting that no encryption at all is used? But this
>> means not providing confidentiality…
>> Can you clarify?
>
> Same as above.
>
>>
>>> be encrypted using the key shared between the
>>>       ETR and the Map-Server in order to secure ETR registration
>>>       [RFC6833].
>>>
>>>    o  If the Map-Server is acting in proxy mode, as specified in
>>>       [RFC6830], the ETR is not involved in the generation of the Map-
>>>       Reply.  In this case the Map-Server generates the Map-Reply on
>>>       behalf of the ETR as described below.
>>>
>>>    o  The ETR, upon receiving the ECM encapsulated Map-Request from the
>>>       Map-Server, decrypts the MS-OTK, if needed, and originates a
>>>       standard Map-Reply that contains the EID-to-RLOC mapping
>>>       information as specified in [RFC6830].
>>>
>>>    o  The ETR computes an HMAC over this standard Map-Reply, keyed with
>>>       MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>>>       also copies the EID-prefix authorization data that the Map-Server
>>>       included in the ECM encapsulated Map-Request into the Map-Reply
>>>       message.  The ETR then sends this complete Map-Reply message to
>>>       the requesting ITR.
>>>
>>>    o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>>       ITR-OTK to verify the integrity of the EID-prefix authorization
>>>       data included in the Map-Reply by the Map-Server.  The ITR
>>>       computes the MS-OTK by applying the same KDF used by the Map-
>>>       Server, and verifies the integrity of the Map-Reply.  If the
>>>       integrity checks fail, the Map-Reply MUST be discarded.  Also, if
>>>       the EID-prefixes claimed by the ETR in the Map-Reply are not equal
>>>       or more specific than the EID-prefix authorization data inserted
>>>       by the Map-Server, the ITR MUST discard the Map-Reply.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                 [Page 6]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>> 5.  LISP-SEC Control Messages Details
>>>
>>>    LISP-SEC metadata associated with a Map-Request is transported within
>>>    the Encapsulated Control Message that contains the Map-Request.
>>>
>>>    LISP-SEC metadata associated with the Map-Reply is transported within
>>>    the Map-Reply itself.
>>>
>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>
>>>    LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>>    [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
>>>    LISP header includes Authentication Data (AD).  The format of the
>>>    LISP-SEC ECM Authentication Data is defined in the following figure.
>>>    OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
>>>    for EID Authentication Data.
>>>
>>>  0                   1                   2                   3
>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>> |              OTK Length       |       OTK Encryption ID       | |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>> |                       One-Time-Key Preamble ...               | |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
>>> |                   ... One-Time-Key Preamble                   | |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>> ~                      One-Time Key (128 bits)                  ~/
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>> |           EID-AD Length       |           KDF ID              |     |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>> ~                          EID-prefix ...                       ~ |   |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>> ~                            EID HMAC                           ~     |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+
>> I think that “rec” is mis-aligned and should be shifted one character
>> upward.
>
> No. The row above is the portion of the header that specifies how many
> records will follow. Rec shows one Rec item, in the array of Records.
> It is consistent with 6830.
>
>
>
>>
>>>                      LISP-SEC ECM Authentication Data
>>>
>>>       AD Type: 1 (LISP-SEC Authentication Data)
>> This is the first document starting to allocate values to the "AD
>> Type” value.
>> Why not asking IANA to create a registry??
>> (to be done in the IANA Considerations Section)
>
>
> Ok.
>
>>
>>
>>
>>>       V: Key Version bit.  This bit is toggled when the sender switches
>>>       to a new OTK wrapping key
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                 [Page 7]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>
>>>       Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>>>       Section 5.4 for details.
>>>
>>>       OTK Length: The length (in bytes) of the OTK Authentication Data
>>>       (OTK-AD), that contains the OTK Preamble and the OTK.
>>>
>>>       OTK Encryption ID: The identifier of the key wrapping algorithm
>>>       used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>>       unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>>>       NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>
>>>       One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
>>>       the OTK is encrypted, this field may carry additional metadata
>>>       resulting from the key wrapping operation.  When a 128-bit OTK is
>>>       sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>>       0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>
>>>       One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>>       Encryption ID.  See Section 5.5 for details.
>>>
>>>       EID-AD Length: length (in bytes) of the EID Authentication Data
>>>       (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>>>       fills the KDF ID field, and all the remaining fields part of the
>>>       EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>>       records.  Each EID-record is 4-byte long plus the length of the
>>>       AFI-encoded EID-prefix.
>>>
>>>       KDF ID: Identifier of the Key Derivation Function used to derive
>>>       the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>       recommended KDF algorithm, according to local policy.
>> I am not sure I understand the rationale of this “SHOULD”. If for any
>> reason the ITR does not indicate the KDF ID what are the consequences?
>
> That should be a MAY, I believe,
>
> The ITR can specify "no preference" for KDF ID, using a value of 0.
>
> In the ITR processing section 5.4,  we should add to
>
> The KDF ID field, specifies the suggested key derivation function to
>    be used by the Map-Server to derive the MS-OTK.
>
>
> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify that
> the ITR has no preferred KDF ID".
>
>
>
>> Is the MS free to choose the algorithm? This should be clarified.
> This is specified in section 5.7.
>
> "
>
> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>    applying the key derivation function specified in the KDF ID field.
>    If the algorithm specified in the KDF ID field is not supported, the
>    Map-Server uses a different algorithm to derive the key and updates
>    the KDF ID field accordingly.
>
> "
>
>
>
>>
>>>  The Map-
>>>       Server can overwrite the KDF ID if it does not support the KDF ID
>>>       recommended by the ITR.
>> What happens if the MS will choose a KDF ID not supported by the ITR?
>> Can you clarify how to solve this situation or explain why this will
>> never happen?
>
> This is specified in 5.4, ITR processing.
>
> "
>
> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>    from the locally stored ITR-OTK using the algorithm specified in the
>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>    KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>    Reply and send, at the first opportunity it needs to, a new Map-
>    Request with a different KDF ID, according to ITR's local policy.
>
> "
>
>
> There are two typical use cases:
> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard
> map-reply with different KDF IDs. If local policy allows, another
> map-request will be sent with a different KDF ID
> - loose KDF ID policy: ITR specify KDF ID = none, and will accept
> map-reply with any KDF ID (if supported by ITR). If received KDF is not
> supported the ITR shall drop the map-reply
>
>
>>
>>> See Section 5.4 for more details.
>>>
>>>       Record Count: The number of records in this Map-Request message.
>>>       A record is comprised of the portion of the packet that is labeled
>>>       'Rec' above and occurs the number of times equal to Record Count.
>>>
>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>
>>>       EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>       integrity of the EID-AD.  This field is filled by Map-Server that
>>>       computed the EID-prefix HMAC.  See Section 5.4 for more details.
>>>
>>>       EID mask-len: Mask length for EID-prefix.
>>>
>>>       EID-AFI: Address family of EID-prefix according to [RFC5226]
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                 [Page 8]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>       EID-prefix: The Map-Server uses this field to specify the EID-
>>>       prefix that the destination ETR is authoritative for, and is the
>>>       longest match for the requested EID.
>>>
>>>       EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
>>>       Before computing the HMAC operation the EID HMAC field MUST be set
>>>       to 0.  The HMAC covers the entire EID-AD.
>>>
>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>
>>>    LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
>>>    and S bit set to 1 to indicate that the Map-Reply message includes
>>>    Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>>    Authentication Data is defined in the following figure.  PKT-AD is
>>>    the Packet Authentication Data that covers the Map-Reply payload.
>>>
>>>  0                   1                   2                   3
>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |    AD Type    |                 Reserved                      |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>> |           EID-AD Length       |           KDF ID              |     |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>> ~                          EID-prefix ...                       ~ |   |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>> ~                            EID HMAC                           ~     |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>> |         PKT-AD Length         |         PKT HMAC ID           |\
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>> ~                            PKT HMAC                           ~ PKT-AD
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>
>>>                   LISP-SEC Map-Reply Authentication Data
>>>
>>>       AD Type: 1 (LISP-SEC Authentication Data)
>> Shouldn’t this be a different value? This AD  format is different from
>> the one described in section 5.1!
>> Another reason to ask IANA for a registry….
>
> One is the LISP-SEC authentication data that applies to the ECM message
> (when S-bit = 1), the other is the LISP-SEC authentication data that
> applies to the Map-Reply (when S-bit = 1).
>
> Those are extensions of two different messages (ECM and map-reply), and
> they are both identified by an AD Type (that happens to be set to value
> 1 for both).
>
> Yes, the AD type space is different so we will need two IANA registries.
>
>
> Question for the co-auhtors: should we change the name to 'ECM AD Type'
> and 'Map-Reply AD Type'?
>
>
>
>>
>>
>>>       EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>>       contain multiple EID-records.  Each EID-record is 4-byte long plus
>>>       the length of the AFI-encoded EID-prefix.
>>>
>>>       KDF ID: Identifier of the Key Derivation Function used to derive
>>>       MS-OTK.  See Section 5.7 for more details.
>>>
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                 [Page 9]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>       Record Count: The number of records in this Map-Reply message.  A
>>>       record is comprised of the portion of the packet that is labeled
>>>       'Rec' above and occurs the number of times equal to Record Count.
>>>
>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>
>>>       EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>       integrity of the EID-AD.  See Section 5.7 for more details.
>>>
>>>       EID mask-len: Mask length for EID-prefix.
>>>
>>>       EID-AFI: Address family of EID-prefix according to [RFC5226].
>>>
>>>       EID-prefix: This field contains an EID-prefix that the destination
>>>       ETR is authoritative for, and is the longest match for the
>>>       requested EID.
>>>
>>>       EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>>       Before computing the HMAC operation the EID HMAC field MUST be set
>>>       to 0.  The HMAC covers the entire EID-AD.
>>>
>>>       PKT-AD Length: length (in bytes) of the Packet Authentication Data
>>>       (PKT-AD).
>>>
>>>       PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>       integrity of the Map-reply Location Data.
>> “Location Data” is something nowhere defined. Can you clarify what do
>> you mean?
>
> we can just remove 'Location Data'
>
>
>>
>>
>>>       PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
>>>       SEC Authentication Data.  The scope of the authentication goes
>>>       from the Map-Reply Type field to the PKT HMAC field included.
>>>       Before computing the HMAC operation the PKT HMAC field MUST be set
>>>       to 0.  See Section 5.8 for more details.
>>>
>>> 5.3.  Map-Register LISP-SEC Extentions
>>>
>>>    The second bit after the Type field in a Map-Register message is
>>>    allocated as the S bit.
>> I would better explain that this document is allocating a bit marked
>> as reserved in 6830.
>
> Ok. We will need to reflect this in 6830bis as well.
>
>> Furthermore, at the cost of being redundant, I would put the packet
>> format highlighting the position of the bit so that there is no
>> confusion whatsoever.
>
> We wanted to  explicitly avoid to include the format of messages when
> already defined in other documents, so we point rather than copy. If we
> address this in 6830bis, the problem will be solved.
>
>
>>
>>> The S bit indicates to the Map-Server that
>>>    the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
>>>    SEC MUST set the S bit in its Map-Register messages.
>>>
>>> 5.4.  ITR Processing
>>>
>>>    Upon creating a Map-Request, the ITR generates a random ITR-OTK that
>>>    is stored locally, together with the nonce generated as specified in
>>>    [RFC6830].
>>>
>>>    The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
>>>    1, to indicate the presence of Authentication Data.  If the ITR and
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 10]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    the Map-Resolver are configured with a shared key,
>> In section 4 you seem to suggest that this is not the only way to
>> protect the OTK (see my comment).
>> Here instead you suggest that a shared key is the only way.
>
>
> Right. Here it says what to do IF there is a shared key, that is
> consistent with the SHOULD above.
>
>
>>>  the ITR-OTK
>>>    confidentiality SHOULD be protected by wrapping the ITR-OTK with the
>>>    algorithm specified by the OTK Encryption ID field.
>> Not clear what this “SHOULD” refers to.
>> IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD
>> encrypt.
>> Or the choice of the algorithm? The ITR SHOULD use the algorithm
>> specified by the OTK Encryption ID?
>> The second case looks impossible since is the ITR is choosing the
>> algorithm. May be the sentence can be rewritten.
>
> SHOULD refers to protecting the confidentiality of the ITR-OTK. Maybe
> the 'by' should be replaced by 'with'?
>
>>
>> Similarly to previous comment: Why it is not a MUST?
> Same as other SHOULD.
>
>
>
>>>  See Section 5.5
>>>    for further details on OTK encryption.
>>>
>>>    The Requested HMAC ID field contains the suggested HMAC algorithm to
>>>    be used by the Map-Server and the ETR to protect the integrity of the
>>>    ECM Authentication data and of the Map-Reply.
>>>
>> What happens if the MS will choose a HMAC not supported by the ETR or
>> the ITR?
>> Can you clarify how to solve this situation or explain why this will
>> never happen?
>
> This is described 5 paragraphs below:
>
> "
>
> If the EID HMAC ID field does
>    not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>    and send, at the first opportunity it needs to, a new Map-Request
>    with a different Requested HMAC ID field, according to ITR's local
>    policy.
>
> "
>
>
>>
>>>    The KDF ID field, specifies the suggested key derivation function to
>>>    be used by the Map-Server to derive the MS-OTK.
>>
>> What happens if the MS will choose a KDF ID not supported by the ITR?
>> Can you clarify how to solve this situation or explain why this will
>> never happen?
>
> This is described a few paragraphs below:
> "
>
> If the KDF ID in the Map-Reply does not match the
>    KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>    Reply and send, at the first opportunity it needs to, a new Map-
>    Request with a different KDF ID, according to ITR's...
>
> "
>
>>
>>>    The EID-AD length is set to 4 bytes, since the Authentication Data
>>>    does not contain EID-prefix Authentication Data, and the EID-AD
>>>    contains only the KDF ID field.
>>>
>>>    In response to an encapsulated Map-Request that has the S-bit set, an
>>>    ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>>    EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
>>>    ITR MUST discard it.  In response to an encapsulated Map-Request with
>>>    S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
>>>    the ITR SHOULD discard the Map-Reply if the S-bit is set.
>> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there is
>> no AD, hence no OTK, how can the ITR decrypt the reply?????
>> It MUST discard…..
>
> If S-bit = 0 there's no Authentication Data. The Map-reply is in clear,
> and can be read.
>
> Here again the SHOULD leaves open to ITR local policy that can be strict
> (drop anything not authenticated) or loose (accept unauthenticated
> map-reply).
>
> There are use cases where LISP-SEC is not deployed everywhere, where the
> ITR might have to use loose policy.
>
>
>>
>>
>>>    Upon receiving a Map-Reply, the ITR must verify the integrity of both
>>>    the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>>>    the integrity checks fails.
>>>
>>>    The integrity of the EID-AD is verified using the locally stored ITR-
>>>    OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>    specified in the EID HMAC ID field.  If the EID HMAC ID field does
>>>    not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>> Why is this a SHOULD? If it supports the HMAC Algorithm why not
>> decrypt? Shouldn’t this be a “MAY”, according to internal policy?
>
> because this could be used by an attacker to force weaker HMACs (e.g.
> MD5). The SHOULD leaves open the door to not discarding, according to
> local policy.
>
>
>
>
>>>    and send, at the first opportunity it needs to, a new Map-Request
>>>    with a different Requested HMAC ID field, according to ITR's local
>>>    policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
>>>    the HMAC.
>> Shouldn’t the MS do the same thing? Otherwise different values will be
>> obtained. This is not specified in the MS functioning description.
>
> good catch. Actually it's a typo here, the EID HMAC field should be set
> to 0 (that is consistent with section 5.7), not the EID HMAC ID that
> should not be touched.
>
>
> The ITR MUST set the EID HMAC ID field to 0 before computing
>    the HMAC.
>
> should change to
>
> The scope of the HMAC operation covers the
>    entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>    which must be set to 0 before the computation.
>
>
>>>    To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>    from the locally stored ITR-OTK using the algorithm specified in the
>>>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>    Reply and send, at the first opportunity it needs to, a new Map-
>>>    Request with a different KDF ID, according to ITR's local policy.
>>>    The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
>>>    using the Algorithm specified in the PKT HMAC ID field.  If the PKT
>>>    HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>>    discard the Map-Reply and send, at the first opportunity it needs to,
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 11]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    a new Map-Request with a different Requested HMAC ID according to
>>>    ITR's local policy.
>>>
>>>    Each individual Map-Reply EID-record is considered valid only if: (1)
>>>    both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>>    EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>>>    contained in the EID-AD is not empty.  After identifying the Map-
>>>    Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>>>    record to the value of the intersection set computed before, and adds
>>>    the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>>>    [RFC6830].  An example of Map-Reply record validation is provided in
>>>    Section 5.4.1.
>>>
>>>    The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>>    system in order to receive a secure Map-Reply.
>> I do not understand this “SHOULD”.  This has consequences in the
>> choice how to react to SMR. This is a local policy.
>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR
>> triggered Map-Request MUST be sent through the mapping system.
> so the _if_ is what makes that MUST a SHOULD... According to local
> policy the ITR SHOULD send the SMR.
>>> If an ITR accepts
>>>    piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>>>    mapping system in order to securely verify the piggybacked Map-Reply.
>> Same as above.
>>> 5.4.1.  Map-Reply Record Validation
>>>
>>>    The payload of a Map-Reply may contain multiple EID-records.  The
>>>    whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>>>    integrity protection and origin authentication to the EID-prefix
>>>    records claimed by the ETR.  The Authentication Data field of a Map-
>>>    Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
>>>    signed by the Map-Server, with the EID HMAC, to provide integrity
>>>    protection and origin authentication to the EID-prefix records
>>>    inserted by the Map-Server.
>>>
>>>    Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>>>    the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
>>>    one of the HMACs is not valid, a log message is issued and the Map-
>>>    Reply is not processed any further.
>> I think “log message" is too much implementation specific.
>> If there is a notification, and how this notification is done, is
>> implementation specific IMHO.
> Ok. 'a log message is issued' will change to 'a log action should be
> taken'. The point is that there could be an attack behind it, and we
> want to record the event
>>> If both HMACs are valid, the ITR
>>>    proceeds with validating each individual EID-record claimed by the
>>>    ETR by computing the intersection of each one of the EID-prefix
>>>    contained in the payload of the Map-Reply with each one of the EID-
>>>    prefixes contained in the EID-AD.  An EID-record is valid only if at
>>>    least one of the intersections is not the empty set.
>>>
>>>    For instance, the Map-Reply payload contains 3 mapping record EID-
>>>    prefixes:
>>>
>>>       1.1.1.0/24
>>>
>>>       1.1.2.0/24
>>>
>>>       1.2.0.0/16
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 12]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    The EID-AD contains two EID-prefixes:
>>>
>>>       1.1.2.0/24
>>>
>>>       1.2.3.0/24
>>>
>>>    The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>>>    is not included in any of the EID-ADs signed by the Map-Server.  A
>>>    log message is issued.
>> I think “log message" is too much implementation specific.
>> If there is a notification, and how this notification is done, is
>> implementation specific IMHO.
> ok. Same as above.
>>>    The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
>>>    because it matches the second EID-prefix contained in the EID-AD.
>>>
>>>    The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>>    is not included in any of the EID-ADs signed by the Map-Server.  A
>>>    log message is issued.
>> I think “log message" is too much implementation specific.
>> If there is a notification, and how this notification is done, is
>> implementation specific IMHO.
> ok. Same as above
>>>   In this last example the ETR is trying to
>>>    over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>>    only 1.2.3.0/24, hence the EID-record is discarded.
>> Reading the example I am not sure I would follow this behaviour.
>> Only 1 record out of 3 is valid so why should I actually trust the ETR
>> instead of throwing everything away?
>> Can you explain ???
> The other two records are validated by the MS, so there is no reason to
> throw those away.
>>> 5.4.2.  PITR Processing
>>>
>>>    The processing performed by a PITR is equivalent to the processing of
>>>    an ITR.  However, if the PITR is directly connected to the ALT,
>> This would be LISP+ALT. Pleas add a reference to 6836.
> ok.
>>> the
>>>    PITR performs the functions of both the ITR and the Map-Resolver
>>>    forwarding the Map-Request encapsulated in an ECM header that
>>>    includes the Authentication Data fields as described in Section 5.6.
>>>
>>> 5.5.  Encrypting and Decrypting an OTK
>>>
>>>    MS-OTK confidentiality is required in the path between the Map-Server
>>>    and the ETR, the MS-OTK SHOULD
>> If confidentiality is required why there is not a MUST?
> Same.
>>>  be encrypted using the preconfigured
>>>    key shared between the Map-Server and the ETR for the purpose of
>>>    securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>    confidentiality is required in the path between the ITR and the Map-
>>>    Resolver, the ITR-OTK SHOULD
>> Again, if confidentiality is required why there is not a MUST?
> Same.
>>> be encrypted with a key shared between
>>>    the ITR and the Map-Resolver.
>>>
>>>    The OTK is encrypted using the algorithm specified in the OTK
>>>    Encryption ID field.  When the AES Key Wrap algorithm is used to
>>>    encrypt a 128-bit OTK, according to [RFC3339],
>> The correct RFC is 3394.
> ok.
>>>  the AES Key Wrap
>>>    Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>>    The output of the AES Key Wrap operation is 192-bit long.  The most
>>>    significant 64-bit are copied in the One-Time Key Preamble field,
>>>    while the 128 less significant bits are copied in the One-Time Key
>>>    field of the LISP-SEC Authentication Data.
>>>
>>>    When decrypting an encrypted OTK the receiver MUST verify that the
>>>    Initialization Value resulting from the AES Key Wrap decryption
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 13]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
>>>    the receiver MUST discard the entire message.
>>>
>>>    When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>>>    to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>    0x0000000000000000 (64 bits).
>>>
>>> 5.6.  Map-Resolver Processing
>>>
>>>    Upon receiving an encapsulated Map-Request with the S-bit set, the
>>>    Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>    encrypted, is decrypted as specified in Section 5.5.
>>>
>>>    The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>>    header with the S-bit set, that contains the unencrypted ITR-OTK, as
>>>    specified in Section 5.5, and the other data derived from the ECM
>>>    Authentication Data of the received encapsulated Map-Request.
>> Few points on this last paragraph:
>> - You assume that there is no need of confidentiality inside the
>> Mapping System?
>> - Why not stating that encryption inside the mapping system is mapping
>> system specify and out of scope of this document?
> ok. as it was pointed out above.
>> - Why are you assuming that all of the Mapping system will use ECM?
>> Future Mapping system may use soemthos different. The important point
>> is to ship the AD along.
> good point, and I agree with your suggestion to fix this below.
>>>    The Map-Resolver then forwards
>> to whom?
> ok. add 'to the Map-Server'
>>>  the received Map-Request, encapsulated
>>>    in the new ECM header that includes the newly computed Authentication
>>>    Data fields.
>> As for my comment of the previous paragraph I would be more generic
>> stating that the MR will hand over the request to the mapping system.
>> You can still provide the example of DDT using ECM.
> right.
>>> 5.7.  Map-Server Processing
>>>
>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>    the Map-Server process the Map-Request according to the value of the
>>>    S-bit contained in the Map-Register sent by the ETR during
>>>    registration.
>>>
>>>    If the S-bit contained in the Map-Register was clear the Map-Server
>>>    decapsulates the ECM and generates a new ECM encapsulated Map-Request
>>>    that does not contain an ECM Authentication Data, as specified in
>>>    [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>>    processing.
>> This equivalent to not using LISP-SEC. Please specify that the
>> Map-Reply will be not protected.
> ok.
>>>    If the S-bit contained in the Map-Register was set the Map-Server
>>>    decapsulates the ECM and generates a new ECM Authentication Data.
>>>    The Authentication Data includes the OTK-AD and the EID-AD, that
>>>    contains EID-prefix authorization information, that are ultimately
>>>    sent to the requesting ITR.
>>>
>>>    The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>    applying the key derivation function specified in the KDF ID field.
>>>    If the algorithm specified in the KDF ID field is not supported, the
>>>    Map-Server uses a different algorithm to derive the key and updates
>>>    the KDF ID field accordingly.
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 14]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    The Map-Server and the ETR MUST be configured with a shared key for
>>>    mapping registration according to [RFC6833].  If MS-OTK
>>>    confidentiality is required, then the MS-OTK SHOULD be encrypted,
>> Again, if confidentiality is required why there is not a MUST?
> same as above.
>>>  by
>>>    wrapping the MS-OTK with the algorithm specified by the OTK
>>>    Encryption ID field as specified in Section 5.5.
>>>
>>>    The Map-Server includes in the EID-AD the longest match registered
>>>    EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>>>    The HMAC is keyed with the ITR-OTK contained in the received ECM
>>>    Authentication Data, and the HMAC algorithm is chosen according to
>>>    the Requested HMAC ID field.  If The Map-Server does not support this
>>>    algorithm, the Map-Server uses a different algorithm and specifies it
>>>    in the EID HMAC ID field.  The scope of the HMAC operation covers the
>>>    entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>    which must be set to 0 before the computation.
>>>
>>>    The Map-Server then forwards the updated ECM encapsulated Map-
>>>    Request, that contains the OTK-AD, the EID-AD, and the received Map-
>>>    Request to an authoritative ETR as specified in [RFC6830].
>>>
>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>
>>>    If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>>    specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>>    includes the Authentication Data that contains the EID-AD, computed
>>>    as specified in Section 5.7, as well as the PKT-AD computed as
>>>    specified in Section 5.8.
>>>
>>> 5.8.  ETR Processing
>>>
>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>    the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>>>    is decrypted as specified in Section 5.5 to obtain the unencrypted
>>>    MS-OTK.
>>>
>>>    The ETR then generates a Map-Reply as specified in [RFC6830] and
>>>    includes the Authentication Data that contains the EID-AD, as
>>>    received in the encapsulated Map-Request, as well as the PKT-AD.
>>>
>>>    The EID-AD is copied from the Authentication Data of the received
>>>    encapsulated Map-Request.
>>>
>>>    The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>>    with the MS-OTK and computed using the HMAC algorithm specified in
>>>    the Requested HMAC ID field of the received encapsulated Map-Request.
>>>    If the ETR does not support the Requested HMAC ID, it uses a
>>>    different algorithm and updates the PKT HMAC ID field accordingly.
>>>    The scope of the HMAC operation covers the entire PKT-AD, from the
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 15]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    Map-Reply Type field to the PKT HMAC field, which must be set to 0
>>>    before the computation.
>>>
>>>    Finally the ETR sends the Map-Reply to the requesting ITR as
>>>    specified in [RFC6830].
>>>
>>> 6.  Security Considerations
>>>
>>> 6.1.  Mapping System Security
>>>
>>>    The LISP-SEC threat model described in Section 3, assumes that the
>>>    LISP Mapping System is working properly and eventually delivers Map-
>>>    Request messages to a Map-Server that is authoritative for the
>>>    requested EID.
>>>
>> As for a previous comment, can you elaborate if OTK confidentiality is
>> required in the mapping system and what are the consequences?
> ok.
>>>    Map-Register security, including the right for a LISP entity to
>>>    register an EID-prefix or to claim presence at an RLOC, is out of the
>>>    scope of LISP-SEC.
>>>
>>> 6.2.  Random Number Generation
>>>
>>>    The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
>>>    strong random) source.  See [RFC4086] for advice on generating
>>>    security-sensitive random data
>>>
>>> 6.3.  Map-Server and ETR Colocation
>>>
>>>    If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>    provide protection from overclaiming attacks mounted by the ETR.
>>>    However, in this particular case, since the ETR is within the trust
>>>    boundaries of the Map-Server, ETR's overclaiming attacks are not
>>>    included in the threat model.
>>>
>>> 7.  IANA Considerations
>> This section is not conform to RFC 5226.
>> There right way to go is to ask IANA to create three new registries,
>> for HMAC, Key Wrap, and Key Derivation functions.
>> Define what is the allocation process (in light of the size of the
>> field FCFS should not cause any problem IMHO)
>> Then ask to populate the registries as already described.
> Ok, so each one of the sections 7.x will say: IANA is requested to
> create a new <registry-name>  registry for use ...
>>> 7.1.  HMAC functions
>>>
>>>    The following HMAC ID values are defined by this memo for use as
>>>    Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>>    Authentication Data:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 16]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>              Name                     Number        Defined In
>>>              -------------------------------------------------
>>>              NONE                     0
>>>              AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>>              AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>>
>>>              values 2-65535 are reserved to IANA.
>>>
>>>                               HMAC Functions
>>>
>>>    AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
>>>    supported.
>>>
>>> 7.2.  Key Wrap Functions
>>>
>>>    The following OTK Encryption ID values are defined by this memo for
>>>    use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>>    Data:
>>>
>>>              Name                     Number        Defined In
>>>              -------------------------------------------------
>>>              NULL-KEY-WRAP-128        1
>>>              AES-KEY-WRAP-128         2             [RFC3394]
>>>
>>>              values 0 and 3-65535 are reserved to IANA.
>>>
>>>                             Key Wrap Functions
>>>
>>>    NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>
>>>    NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
>>>    64-bit preamble set to 0x0000000000000000 (64 bits).
>>>
>>> 7.3.  Key Derivation Functions
>>>
>>>    The following KDF ID values are defined by this memo for use as KDF
>>>    ID in the LISP-SEC Authentication Data:
>>>
>>>              Name                     Number        Defined In
>>>              -------------------------------------------------
>>>              NONE                     0
>>>              HKDF-SHA1-128            1             [RFC5869]
>>>
>>>              values 2-65535 are reserved to IANA.
>>>
>>>                          Key Derivation Functions
>>>
>>>    HKDF-SHA1-128 MUST be supported
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 17]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>> 8.  Acknowledgements
>>>
>>>    The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
>>>    Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>>    Noll for their valuable suggestions provided during the preparation
>>>    of this document.
>>>
>>> 9.  Normative References
>> Please Check your reference, this is the output if the nits tool:
>> Checking references for intended status: Experimental
>>
>> ----------------------------------------------------------------------------
>>   == Missing Reference: 'RFC3339' is mentioned on line 602, but not
>> defined
>>   == Missing Reference: 'RFC4634' is mentioned on line 752, but not
>> defined
>>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
> ok.
>>>    [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>>>               Hashing for Message Authentication", RFC 2104,
>>>               DOI 10.17487/RFC2104, February 1997,
>>>               <http://www.rfc-editor.org/info/rfc2104>.
>>>
>>>    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>               Requirement Levels", BCP 14, RFC 2119,
>>>               DOI 10.17487/RFC2119, March 1997,
>>>               <http://www.rfc-editor.org/info/rfc2119>.
>>>
>>>    [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>>>               (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
>>>               September 2002, <http://www.rfc-editor.org/info/rfc3394>.
>>>
>>>    [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>               "Randomness Requirements for Security", BCP 106, RFC 4086,
>>>               DOI 10.17487/RFC4086, June 2005,
>>>               <http://www.rfc-editor.org/info/rfc4086>.
>>>
>>>    [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>>>               IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>>>               DOI 10.17487/RFC5226, May 2008,
>>>               <http://www.rfc-editor.org/info/rfc5226>.
>>>
>>>    [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
>>>               Key Derivation Function (HKDF)", RFC 5869,
>>>               DOI 10.17487/RFC5869, May 2010,
>>>               <http://www.rfc-editor.org/info/rfc5869>.
>>>
>>>    [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>>>               Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>               DOI 10.17487/RFC6830, January 2013,
>>>               <http://www.rfc-editor.org/info/rfc6830>.
>>>
>>>    [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>               Protocol (LISP) Map-Server Interface", RFC 6833,
>>>               DOI 10.17487/RFC6833, January 2013,
>>>               <http://www.rfc-editor.org/info/rfc6833>.
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 18]
>>> 
>>> Internet-Draft                  LISP-SEC                    October 2016
>>>
>>>
>>>    [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>>>               Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>>               DOI 10.17487/RFC7835, April 2016,
>>>               <http://www.rfc-editor.org/info/rfc7835>.
>>>
>>> Authors' Addresses
>>>
>>>    Fabio Maino
>>>    Cisco Systems
>>>    170 Tasman Drive
>>>    San Jose, California  95134
>>>    USA
>>>
>>>    Email: fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>
>>>
>>>    Vina Ermagan
>>>    Cisco Systems
>>>    170 Tasman Drive
>>>    San Jose, California  95134
>>>    USA
>>>
>>>    Email: vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>
>>>
>>>    Albert Cabellos
>>>    Technical University of Catalonia
>>>    c/ Jordi Girona s/n
>>>    Barcelona  08034
>>>    Spain
>>>
>>>    Email: acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>
>>>
>>>    Damien Saucez
>>>    INRIA
>>>    2004 route des Lucioles - BP 93
>>>    Sophia Antipolis
>>>    France
>>>
>>>    Email: damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Maino, et al.             Expires April 6, 2017                [Page 19]
>


From nobody Fri Oct 21 17:19:20 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7749B1294E4; Fri, 21 Oct 2016 17:19:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.952
X-Spam-Level: 
X-Spam-Status: No, score=-14.952 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ai0a8h588NJH; Fri, 21 Oct 2016 17:19:11 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F99F1294E6; Fri, 21 Oct 2016 17:19:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=63146; q=dns/txt; s=iport; t=1477095551; x=1478305151; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to:content-transfer-encoding; bh=HHlFozaCELXUfsK60RfRvpmg6WiOuAezPcvmatLnmd0=; b=AxIomNrmEHCM97iX7ayfDe+0qzqz9Dg53TVln3JTKgJi2/Dc9wVUlmhI Nkf82VQaK2stRXttyjfnnxXrbGmKyZ4EdkNPV1Ca07z+wZW5jNLCiAiCX 8G55Z5fh7/s7LBx+qTPKMNSAPKpTUERUG03z5gm3lJAT3Ks9dblFDN92n I=;
X-IronPort-AV: E=Sophos;i="5.31,527,1473120000"; d="scan'208";a="162490816"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Oct 2016 00:19:10 +0000
Received: from [10.24.123.216] ([10.24.123.216]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id u9M0J9lM006506; Sat, 22 Oct 2016 00:19:09 GMT
To: "Joel M. Halpern" <jmh@joelhalpern.com>, Luigi Iannone <luigi.iannone@telecom-paristech.fr>, "Vina Ermagan (vermagan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien Saucez <damien.saucez@inria.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <c46e6c3f-2f5e-7776-bee7-60e4ff4feb44@joelhalpern.com>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <4a17fae5-c9e5-0226-c04d-90b5b857ea4b@cisco.com>
Date: Fri, 21 Oct 2016 17:19:09 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <c46e6c3f-2f5e-7776-bee7-60e4ff4feb44@joelhalpern.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/KQ-oH1HWeFXYz54yNp6JPdpXNRg>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Oct 2016 00:19:16 -0000

Thanks Joel,
sounds fair. I'll then add text that provides the rationale for this 
choice.


Fabio

On 10/21/16 4:35 PM, Joel M. Halpern wrote:
> The usual practice, although there are exceptions, is to indicate 
> along with the SHOULD the kinds of circumstances that would justify 
> not complying with that SHOULD while implementing (most of) the rest 
> of the RFC.
>
> Yours,
> Joel
>
> On 10/21/16 7:23 PM, Fabio Maino wrote:
>> Ciao Luigi,
>> below I have replied to each comment. I'm working to the updated text,
>> that I will send as soon as it is ready. ideally we might be able to
>> publish a new version before draft deadline.
>>
>> Just a note on the most recurring comment: SHOULD vs. MUST.
>>
>> The use of SHOULD across the document is according to RFC 2119:
>>
>>
>>     SHOULD
>>
>>  This word, or the adjective "RECOMMENDED", mean that there
>>    may exist valid reasons in particular circumstances to ignore a
>>    particular item, but the full implications must be understood and
>>    carefully weighed before choosing a different course.
>>
>>
>>
>> There are use cases where, carefully weighing the implications, some of
>> the security services of LISP-SEC can be turned-off. We want to leave
>> implementors the freedom to allow this flexibility.
>>
>> For example, in a DC deployment it may make sense to turn off OTK
>> decryption between XTR and MS/MR, as MiTM is very unlikely.
>>
>> Similarly, an ITR may decide to implement a loose policy on accepting an
>> AD authenticated with an algorithm different from the preferred
>> authentication algorithm expressed by the ITR. Using a MUST would force
>> support of a given authentication algorithm across each and every MS and
>> ETR, that might not be the case when incrementally deploying LISP-SEC
>> (or while upgrading routers).
>>
>> Using a MUST would prevent this flexibility, that we would like to leave
>> to the implementors.
>>
>>
>>
>>
>>
>> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>>> Dear Authors of the LISP-SEC document,
>>>
>>> hereafter my review of the document.
>>> This was long overdue, sorry for being so late.
>>>
>>> I really like the solution and the majority of my comments are just
>>> clarification questions.
>>> Let me know if my comments are clear.
>>>
>>> ciao
>>>
>>> L.
>>>
>>>
>>>
>>>> 1.  Introduction
>>>>
>>>>    The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>>    functions for routers to exchange information used to map from non-
>>>>    routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>>>    (RLOCs).
>>> I find the above sentence confusing. Wouldn’t be better to specify
>>> that we are talking about IP addresses?
>>
>> That's how LISP is described in RFC6830, section 1. If you start using
>> the term IP address then you need to qualify if you are talking about
>> Identity-IP or Locator-IP, so the sentence gets complicated pretty 
>> quickly.
>>
>> I would leave this one unchanged.
>>
>>>
>>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>>    messages, are transmitted without integrity protection, an 
>>>> adversary
>>>>    can manipulate them and hijack the communication, impersonate the
>>>>    requested EID, or mount Denial of Service or Distributed Denial of
>>>>    Service attacks.  Also, if the Map-Reply message is transported
>>>>    unauthenticated, an adversarial LISP entity can overclaim an EID-
>>>>    prefix and maliciously redirect traffic directed to a large 
>>>> number of
>>>>    hosts.  A detailed description of "overclaiming" attack is provided
>>>>    in [RFC7835].
>>>>
>>>>    This memo specifies LISP-SEC, a set of security mechanisms that
>>>>    provides origin authentication, integrity and anti-replay 
>>>> protection
>>>>    to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>>    process.
>>>
>>> I would put s forward reference to section 3 stating that the reader
>>> will find details about the threat model.
>>
>> OK. We can replace the sentence
>>
>> A detailed description of "overclaiming" attack is provided
>>    in [RFC7835]
>>
>> with
>>
>> The LISP-SEC threat model, described in Section 3, is built on top of 
>> the LISP threat model defined in RFC7835, that includes a detailed 
>> description of "overclaiming" attack.
>>
>>
>>
>>>
>>>> LISP-SEC also enables verification of authorization on EID-
>>>>    prefix claims in Map-Reply messages, ensuring that the sender of a
>>>>    Map-Reply that provides the location for a given EID-prefix is
>>>>    entitled to do so according to the EID prefix registered in the
>>>>    associated Map-Server.  Map-Register security, including the right
>>>>    for a LISP entity to register an EID-prefix or to claim presence at
>>>>    an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>>    considerations are described in Section 6.
>>>>
>>>> 2.  Definition of Terms
>>>>
>>>>       One-Time Key (OTK): An ephemeral randomly generated key that 
>>>> must
>>>>       be used for a single Map-Request/Map-Reply exchange.
>>>>
>>>>
>>>>
>>>>          ITR-OTK: The One-Time Key generated at the ITR.
>>>>
>>>>          MS-OTK: The One-Time Key generated at the Map-Server.
>>>
>>> Why are you considering ITR-OTK and MS-OTK sub-terms?
>>> I would elevate them at full terms, hence avoiding spacing and
>>> indentation.
>>
>> Ok.
>>
>>>
>>>>       Encapsulated Control Message (ECM): A LISP control message 
>>>> that is
>>>>       prepended with an additional LISP header.  ECM is used by 
>>>> ITRs to
>>>>       send LISP control messages to a Map-Resolver, by 
>>>> Map-Resolvers to
>>>>       forward LISP control messages to a Map-Server, and by Map-
>>>>       Resolvers to forward LISP control messages to an ETR.
>>>>
>>> Why are you re-defining ECM?
>>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>>> I would drop it.
>>
>> It is not defined in the Definitions section of 6830. One would need to
>> go through the body of 6830 to find it.
>>
>> I'll drop it, but we need to make sure that ECM gets into the definition
>> section of 6830bis.
>>
>> Albert: are you looking into that document? Can you take care of this?
>>
>>
>>>
>>>
>>>>       Authentication Data (AD): Metadata that is included either in a
>>>>       LISP ECM header or in a Map-Reply message to support
>>>>       confidentiality, integrity protection, and verification of EID-
>>>>       prefix authorization.
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 
>>>> [Page 3]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>          OTK-AD: The portion of ECM Authentication Data that 
>>>> contains a
>>>>          One-Time Key.
>>>>
>>>>          EID-AD: The portion of ECM and Map-Reply Authentication Data
>>>>          used for verification of EID-prefix authorization.
>>>>
>>>>          PKT-AD: The portion of Map-Reply Authentication Data used to
>>>>          protect the integrity of the Map-Reply message.
>>>
>>>
>>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
>>> I would elevate them at full terms, hence avoiding spacing and
>>> indentation.
>>>
>> ok.
>>
>>>
>>>>    For definitions of other terms, notably Map-Request, Map-Reply,
>>>>    Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>>>>    (MS), and Map-Resolver (MR) please consult the LISP specification
>>>>    [RFC6830].
>>>>
>>>> 3.  LISP-SEC Threat Model
>>>>
>>>>    LISP-SEC addresses the control plane threats, described in 
>>>> [RFC7835],
>>>>    that target EID-to-RLOC mappings, including manipulations of Map-
>>>>    Request and Map-Reply messages, and malicious ETR EID prefix
>>>>    overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>>>    mapping system is expected to deliver a Map-Request message to 
>>>> their
>>>>    intended destination ETR as identified by the EID, and (2) no 
>>>> man-in-
>>>>    the-middle (MITM) attack can be mounted within the LISP Mapping
>>>>    System.  Furthermore, while LISP-SEC enables detection of EID 
>>>> prefix
>>>>    overclaiming attacks, it assumes that Map-Servers can verify the 
>>>> EID
>>>>    prefix authorization at time of registration.
>>> LISP-SEC does not require OTK confidentiality in the mapping system.
>>> This should be discussed here.
>> we could add to the above
>>
>> "and (2) no man-in-
>>    the-middle (MITM) attack can be mounted within the LISP Mapping
>>    System."
>>
>> How the Mapping System is protected from MiTM attacks depends from 
>> the particular Mapping System used, and is out of the scope of this 
>> memo.
>>
>>
>>
>>>
>>>
>>>>    According to the threat model described in [RFC7835] LISP-SEC 
>>>> assumes
>>>>    that any kind of attack, including MITM attacks, can be mounted in
>>>>    the access network, outside of the boundaries of the LISP mapping
>>>>    system.  An on-path attacker, outside of the LISP mapping system 
>>>> can,
>>>>    for example, hijack Map-Request and Map-Reply messages, spoofing 
>>>> the
>>>>    identity of a LISP node.  Another example of on-path attack, called
>>>>    overclaiming attack, can be mounted by a malicious Egress Tunnel
>>>>    Router (ETR), by overclaiming the EID-prefixes for which it is
>>>>    authoritative.  In this way the ETR can maliciously redirect 
>>>> traffic
>>>>    directed to a large number of hosts.
>>>>
>>>> 4.  Protocol Operations
>>>>
>>>>    The goal of the security mechanisms defined in [RFC6830] is to
>>>>    prevent unauthorized insertion of mapping data by providing origin
>>>>    authentication and integrity protection for the 
>>>> Map-Registration, and
>>>>    by using the nonce to detect unsolicited Map-Reply sent by off-path
>>>>    attackers.
>>>>
>>>>    LISP-SEC builds on top of the security mechanisms defined in
>>>>    [RFC6830] to address the threats described in Section 3 by 
>>>> leveraging
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 
>>>> [Page 4]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    the trust relationships existing among the LISP entities
>>>>    participating to the exchange of the Map-Request/Map-Reply 
>>>> messages.
>>>>    Those trust relationships are used to securely distribute a 
>>>> One-Time
>>>>    Key (OTK) that provides origin authentication, integrity and anti-
>>>>    replay protection to mapping data conveyed via the mapping lookup
>>>>    process, and that effectively prevent overclaiming attacks.  The
>>>>    processing of security parameters during the Map-Request/Map-Reply
>>>>    exchange is as follows:
>>>>
>>>>    o  The ITR-OTK is generated and stored at the ITR, and securely
>>>>       transported to the Map-Server.
>>>>
>>>>    o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
>>> You did not define HMAC acronym. Please define and add a reference.
>>
>> ok.
>>
>>
>>>
>>>>       the integrity of the mapping data known to the Map-Server to
>>>>       prevent overclaiming attacks.  The Map-Server also derives a new
>>>>       OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>>>       Derivation Function (KDF) to the ITR-OTK.
>>>>
>>>>    o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>>>       integrity of the Map-Reply sent to the ITR.
>>>>
>>>>    o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>>>>       of the mapping data provided by both the Map-Server and the ETR,
>>>>       and to verify that no overclaiming attacks were mounted along 
>>>> the
>>>>       path between the Map-Server and the ITR.
>>>>
>>>>    Section 5 provides the detailed description of the LISP-SEC control
>>>>    messages and their processing, while the rest of this section
>>>>    describes the flow of protocol operations at each entity 
>>>> involved in
>>>>    the Map-Request/Map-Reply exchange:
>>>>
>>>>    o  The ITR, upon needing to transmit a Map-Request message, 
>>>> generates
>>>>       and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>>>>       Encapsulated Control Message (ECM) that contains the Map-Request
>>>>       sent to the Map-Resolver.  To provide confidentiality to the 
>>>> ITR-
>>>>       OTK over the path between the ITR and its Map-Resolver, the ITR-
>>>>       OTK SHOULD
>>> Why not using “MUST”???
>>> Are you suggesting that a different way to provide confidentiality can
>>> be used (e.g. a different shared key)???
>>> If yes, please state so.
>>>
>>> Or are you suggesting that no encryption at all is used? But this
>>> means not providing confidentiality…
>>> Can you clarify?
>>>
>>> (this very same comment will appear several time in this review)
>>
>> We don't want to make the use of pre-shared key *mandatory* to all LISP
>> deployments. There are deployments where the risk of MiTM between the
>> xTR and the MS/MR may not justify the cost of provisioning a shared key
>> (data centers, for example).
>>
>>
>>>> be encrypted using a preconfigured key shared between
>>>>       the ITR and the Map-Resolver, similar to the key shared between
>>>>       the ETR and the Map-Server in order to secure ETR registration
>>>>       [RFC6833].
>>>>
>>>>    o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>>>>       OTK, if needed, and forwards through the Mapping System the
>>>>       received Map-Request and the ITR-OTK, as part of a new ECM
>>>>       message.  As described in Section 5.6, the LISP Mapping System
>>>>       delivers the ECM to the appropriate Map-Server, as identified by
>>>>       the EID destination address of the Map-Request.
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 
>>>> [Page 5]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    o  The Map-Server is configured with the location mappings and 
>>>> policy
>>>>       information for the ETR responsible for the EID destination
>>>>       address.  Using this preconfigured information, the Map-Server,
>>>>       after the decapsulation of the ECM message, finds the longest
>>>>       match EID-prefix that covers the requested EID in the received
>>>>       Map-Request.  The Map-Server adds this EID-prefix, together with
>>>>       an HMAC computed using the ITR-OTK, to a new Encapsulated 
>>>> Control
>>>>       Message that contains the received Map-Request.
>>>>
>>>>    o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>>>>       Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is 
>>>> included
>>>>       in the Encapsulated Control Message that the Map-Server uses to
>>>>       forward the Map-Request to the ETR.  To provide MS-OTK
>>>>       confidentiality over the path between the Map-Server and the 
>>>> ETR,
>>>>       the MS-OTK should
>>> This “should” should be a “SHOULD”  (sorry for the cacophony…)
>>
>> Ok.
>>>
>>> Why not using “MUST”???
>>> Are you suggesting that a different way to provide confidentiality can
>>> be used (e.g. a different shared key)???
>>> If yes, please state so.
>>>
>>> Or are you suggesting that no encryption at all is used? But this
>>> means not providing confidentiality…
>>> Can you clarify?
>>
>> Same as above.
>>
>>>
>>>> be encrypted using the key shared between the
>>>>       ETR and the Map-Server in order to secure ETR registration
>>>>       [RFC6833].
>>>>
>>>>    o  If the Map-Server is acting in proxy mode, as specified in
>>>>       [RFC6830], the ETR is not involved in the generation of the Map-
>>>>       Reply.  In this case the Map-Server generates the Map-Reply on
>>>>       behalf of the ETR as described below.
>>>>
>>>>    o  The ETR, upon receiving the ECM encapsulated Map-Request from 
>>>> the
>>>>       Map-Server, decrypts the MS-OTK, if needed, and originates a
>>>>       standard Map-Reply that contains the EID-to-RLOC mapping
>>>>       information as specified in [RFC6830].
>>>>
>>>>    o  The ETR computes an HMAC over this standard Map-Reply, keyed 
>>>> with
>>>>       MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>>>>       also copies the EID-prefix authorization data that the 
>>>> Map-Server
>>>>       included in the ECM encapsulated Map-Request into the Map-Reply
>>>>       message.  The ETR then sends this complete Map-Reply message to
>>>>       the requesting ITR.
>>>>
>>>>    o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>>>       ITR-OTK to verify the integrity of the EID-prefix authorization
>>>>       data included in the Map-Reply by the Map-Server.  The ITR
>>>>       computes the MS-OTK by applying the same KDF used by the Map-
>>>>       Server, and verifies the integrity of the Map-Reply. If the
>>>>       integrity checks fail, the Map-Reply MUST be discarded.  
>>>> Also, if
>>>>       the EID-prefixes claimed by the ETR in the Map-Reply are not 
>>>> equal
>>>>       or more specific than the EID-prefix authorization data inserted
>>>>       by the Map-Server, the ITR MUST discard the Map-Reply.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 
>>>> [Page 6]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>> 5.  LISP-SEC Control Messages Details
>>>>
>>>>    LISP-SEC metadata associated with a Map-Request is transported 
>>>> within
>>>>    the Encapsulated Control Message that contains the Map-Request.
>>>>
>>>>    LISP-SEC metadata associated with the Map-Reply is transported 
>>>> within
>>>>    the Map-Reply itself.
>>>>
>>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>>
>>>>    LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>>>    [RFC6830] with Type set to 8, and S bit set to 1 to indicate 
>>>> that the
>>>>    LISP header includes Authentication Data (AD).  The format of the
>>>>    LISP-SEC ECM Authentication Data is defined in the following 
>>>> figure.
>>>>    OTK-AD stands for One-Time Key Authentication Data and EID-AD 
>>>> stands
>>>>    for EID Authentication Data.
>>>>
>>>>  0                   1                   2 3
>>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>>> |              OTK Length       |       OTK Encryption ID       | |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>> |                       One-Time-Key Preamble ...               | |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>>>> OTK-AD
>>>> |                   ... One-Time-Key Preamble                   | |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>> ~                      One-Time Key (128 bits)                  ~/
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>>>> <---+
>>>> |           EID-AD Length       |           KDF ID              
>>>> |     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     
>>>> |
>>>> | Record Count  |    Reserved   |         EID HMAC ID           
>>>> |     EID-AD
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    
>>>> |
>>>> |   Reserved    | EID mask-len  | EID-AFI             | |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>>>> Rec |
>>>> ~                          EID-prefix ...                       ~ 
>>>> |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    
>>>> |
>>>> ~                            EID HMAC                           
>>>> ~     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+
>>> I think that “rec” is mis-aligned and should be shifted one character
>>> upward.
>>
>> No. The row above is the portion of the header that specifies how many
>> records will follow. Rec shows one Rec item, in the array of Records.
>> It is consistent with 6830.
>>
>>
>>
>>>
>>>>                      LISP-SEC ECM Authentication Data
>>>>
>>>>       AD Type: 1 (LISP-SEC Authentication Data)
>>> This is the first document starting to allocate values to the "AD
>>> Type” value.
>>> Why not asking IANA to create a registry??
>>> (to be done in the IANA Considerations Section)
>>
>>
>> Ok.
>>
>>>
>>>
>>>
>>>>       V: Key Version bit.  This bit is toggled when the sender 
>>>> switches
>>>>       to a new OTK wrapping key
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 
>>>> [Page 7]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>>
>>>>       Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>>>>       Section 5.4 for details.
>>>>
>>>>       OTK Length: The length (in bytes) of the OTK Authentication Data
>>>>       (OTK-AD), that contains the OTK Preamble and the OTK.
>>>>
>>>>       OTK Encryption ID: The identifier of the key wrapping algorithm
>>>>       used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>>>       unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>>>>       NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>>
>>>>       One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  
>>>> When
>>>>       the OTK is encrypted, this field may carry additional metadata
>>>>       resulting from the key wrapping operation.  When a 128-bit 
>>>> OTK is
>>>>       sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>>>       0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>>
>>>>       One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>>>       Encryption ID.  See Section 5.5 for details.
>>>>
>>>>       EID-AD Length: length (in bytes) of the EID Authentication Data
>>>>       (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>>>>       fills the KDF ID field, and all the remaining fields part of the
>>>>       EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>>>       records.  Each EID-record is 4-byte long plus the length of the
>>>>       AFI-encoded EID-prefix.
>>>>
>>>>       KDF ID: Identifier of the Key Derivation Function used to derive
>>>>       the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>>       recommended KDF algorithm, according to local policy.
>>> I am not sure I understand the rationale of this “SHOULD”. If for any
>>> reason the ITR does not indicate the KDF ID what are the consequences?
>>
>> That should be a MAY, I believe,
>>
>> The ITR can specify "no preference" for KDF ID, using a value of 0.
>>
>> In the ITR processing section 5.4,  we should add to
>>
>> The KDF ID field, specifies the suggested key derivation function to
>>    be used by the Map-Server to derive the MS-OTK.
>>
>>
>> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify that
>> the ITR has no preferred KDF ID".
>>
>>
>>
>>> Is the MS free to choose the algorithm? This should be clarified.
>> This is specified in section 5.7.
>>
>> "
>>
>> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>    applying the key derivation function specified in the KDF ID field.
>>    If the algorithm specified in the KDF ID field is not supported, the
>>    Map-Server uses a different algorithm to derive the key and updates
>>    the KDF ID field accordingly.
>>
>> "
>>
>>
>>
>>>
>>>>  The Map-
>>>>       Server can overwrite the KDF ID if it does not support the 
>>>> KDF ID
>>>>       recommended by the ITR.
>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>> Can you clarify how to solve this situation or explain why this will
>>> never happen?
>>
>> This is specified in 5.4, ITR processing.
>>
>> "
>>
>> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>    from the locally stored ITR-OTK using the algorithm specified in the
>>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>    Reply and send, at the first opportunity it needs to, a new Map-
>>    Request with a different KDF ID, according to ITR's local policy.
>>
>> "
>>
>>
>> There are two typical use cases:
>> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard
>> map-reply with different KDF IDs. If local policy allows, another
>> map-request will be sent with a different KDF ID
>> - loose KDF ID policy: ITR specify KDF ID = none, and will accept
>> map-reply with any KDF ID (if supported by ITR). If received KDF is not
>> supported the ITR shall drop the map-reply
>>
>>
>>>
>>>> See Section 5.4 for more details.
>>>>
>>>>       Record Count: The number of records in this Map-Request message.
>>>>       A record is comprised of the portion of the packet that is 
>>>> labeled
>>>>       'Rec' above and occurs the number of times equal to Record 
>>>> Count.
>>>>
>>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>>
>>>>       EID HMAC ID: Identifier of the HMAC algorithm used to protect 
>>>> the
>>>>       integrity of the EID-AD.  This field is filled by Map-Server 
>>>> that
>>>>       computed the EID-prefix HMAC.  See Section 5.4 for more details.
>>>>
>>>>       EID mask-len: Mask length for EID-prefix.
>>>>
>>>>       EID-AFI: Address family of EID-prefix according to [RFC5226]
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 
>>>> [Page 8]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>       EID-prefix: The Map-Server uses this field to specify the EID-
>>>>       prefix that the destination ETR is authoritative for, and is the
>>>>       longest match for the requested EID.
>>>>
>>>>       EID HMAC: HMAC of the EID-AD computed and inserted by 
>>>> Map-Server.
>>>>       Before computing the HMAC operation the EID HMAC field MUST 
>>>> be set
>>>>       to 0.  The HMAC covers the entire EID-AD.
>>>>
>>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>>
>>>>    LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set 
>>>> to 2,
>>>>    and S bit set to 1 to indicate that the Map-Reply message includes
>>>>    Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>>>    Authentication Data is defined in the following figure. PKT-AD is
>>>>    the Packet Authentication Data that covers the Map-Reply payload.
>>>>
>>>>  0                   1                   2 3
>>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>> |    AD Type    | Reserved                      |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>>>> <---+
>>>> |           EID-AD Length       |           KDF ID              
>>>> |     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     
>>>> |
>>>> | Record Count  |    Reserved   |         EID HMAC ID           
>>>> |     EID-AD
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    
>>>> |
>>>> |   Reserved    | EID mask-len  | EID-AFI             | |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>>>> Rec |
>>>> ~                          EID-prefix ...                       ~ 
>>>> |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    
>>>> |
>>>> ~                            EID HMAC                           
>>>> ~     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 
>>>> <---+
>>>> |         PKT-AD Length         |         PKT HMAC ID           |\
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>> ~                            PKT HMAC                           ~ 
>>>> PKT-AD
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>>
>>>>                   LISP-SEC Map-Reply Authentication Data
>>>>
>>>>       AD Type: 1 (LISP-SEC Authentication Data)
>>> Shouldn’t this be a different value? This AD  format is different from
>>> the one described in section 5.1!
>>> Another reason to ask IANA for a registry….
>>
>> One is the LISP-SEC authentication data that applies to the ECM message
>> (when S-bit = 1), the other is the LISP-SEC authentication data that
>> applies to the Map-Reply (when S-bit = 1).
>>
>> Those are extensions of two different messages (ECM and map-reply), and
>> they are both identified by an AD Type (that happens to be set to value
>> 1 for both).
>>
>> Yes, the AD type space is different so we will need two IANA registries.
>>
>>
>> Question for the co-auhtors: should we change the name to 'ECM AD Type'
>> and 'Map-Reply AD Type'?
>>
>>
>>
>>>
>>>
>>>>       EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>>>       contain multiple EID-records.  Each EID-record is 4-byte long 
>>>> plus
>>>>       the length of the AFI-encoded EID-prefix.
>>>>
>>>>       KDF ID: Identifier of the Key Derivation Function used to derive
>>>>       MS-OTK.  See Section 5.7 for more details.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 
>>>> [Page 9]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>       Record Count: The number of records in this Map-Reply 
>>>> message.  A
>>>>       record is comprised of the portion of the packet that is labeled
>>>>       'Rec' above and occurs the number of times equal to Record 
>>>> Count.
>>>>
>>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>>
>>>>       EID HMAC ID: Identifier of the HMAC algorithm used to protect 
>>>> the
>>>>       integrity of the EID-AD.  See Section 5.7 for more details.
>>>>
>>>>       EID mask-len: Mask length for EID-prefix.
>>>>
>>>>       EID-AFI: Address family of EID-prefix according to [RFC5226].
>>>>
>>>>       EID-prefix: This field contains an EID-prefix that the 
>>>> destination
>>>>       ETR is authoritative for, and is the longest match for the
>>>>       requested EID.
>>>>
>>>>       EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>>>       Before computing the HMAC operation the EID HMAC field MUST 
>>>> be set
>>>>       to 0.  The HMAC covers the entire EID-AD.
>>>>
>>>>       PKT-AD Length: length (in bytes) of the Packet Authentication 
>>>> Data
>>>>       (PKT-AD).
>>>>
>>>>       PKT HMAC ID: Identifier of the HMAC algorithm used to protect 
>>>> the
>>>>       integrity of the Map-reply Location Data.
>>> “Location Data” is something nowhere defined. Can you clarify what do
>>> you mean?
>>
>> we can just remove 'Location Data'
>>
>>
>>>
>>>
>>>>       PKT HMAC: HMAC of the whole Map-Reply packet, including the 
>>>> LISP-
>>>>       SEC Authentication Data.  The scope of the authentication goes
>>>>       from the Map-Reply Type field to the PKT HMAC field included.
>>>>       Before computing the HMAC operation the PKT HMAC field MUST 
>>>> be set
>>>>       to 0.  See Section 5.8 for more details.
>>>>
>>>> 5.3.  Map-Register LISP-SEC Extentions
>>>>
>>>>    The second bit after the Type field in a Map-Register message is
>>>>    allocated as the S bit.
>>> I would better explain that this document is allocating a bit marked
>>> as reserved in 6830.
>>
>> Ok. We will need to reflect this in 6830bis as well.
>>
>>> Furthermore, at the cost of being redundant, I would put the packet
>>> format highlighting the position of the bit so that there is no
>>> confusion whatsoever.
>>
>> We wanted to  explicitly avoid to include the format of messages when
>> already defined in other documents, so we point rather than copy. If we
>> address this in 6830bis, the problem will be solved.
>>
>>
>>>
>>>> The S bit indicates to the Map-Server that
>>>>    the registering ETR is LISP-SEC enabled.  An ETR that supports 
>>>> LISP-
>>>>    SEC MUST set the S bit in its Map-Register messages.
>>>>
>>>> 5.4.  ITR Processing
>>>>
>>>>    Upon creating a Map-Request, the ITR generates a random ITR-OTK 
>>>> that
>>>>    is stored locally, together with the nonce generated as 
>>>> specified in
>>>>    [RFC6830].
>>>>
>>>>    The Map-Request MUST be encapsulated in an ECM, with the S-bit 
>>>> set to
>>>>    1, to indicate the presence of Authentication Data.  If the ITR and
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 10]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    the Map-Resolver are configured with a shared key,
>>> In section 4 you seem to suggest that this is not the only way to
>>> protect the OTK (see my comment).
>>> Here instead you suggest that a shared key is the only way.
>>
>>
>> Right. Here it says what to do IF there is a shared key, that is
>> consistent with the SHOULD above.
>>
>>
>>>>  the ITR-OTK
>>>>    confidentiality SHOULD be protected by wrapping the ITR-OTK with 
>>>> the
>>>>    algorithm specified by the OTK Encryption ID field.
>>> Not clear what this “SHOULD” refers to.
>>> IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD
>>> encrypt.
>>> Or the choice of the algorithm? The ITR SHOULD use the algorithm
>>> specified by the OTK Encryption ID?
>>> The second case looks impossible since is the ITR is choosing the
>>> algorithm. May be the sentence can be rewritten.
>>
>> SHOULD refers to protecting the confidentiality of the ITR-OTK. Maybe
>> the 'by' should be replaced by 'with'?
>>
>>>
>>> Similarly to previous comment: Why it is not a MUST?
>> Same as other SHOULD.
>>
>>
>>
>>>>  See Section 5.5
>>>>    for further details on OTK encryption.
>>>>
>>>>    The Requested HMAC ID field contains the suggested HMAC 
>>>> algorithm to
>>>>    be used by the Map-Server and the ETR to protect the integrity 
>>>> of the
>>>>    ECM Authentication data and of the Map-Reply.
>>>>
>>> What happens if the MS will choose a HMAC not supported by the ETR or
>>> the ITR?
>>> Can you clarify how to solve this situation or explain why this will
>>> never happen?
>>
>> This is described 5 paragraphs below:
>>
>> "
>>
>> If the EID HMAC ID field does
>>    not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>>    and send, at the first opportunity it needs to, a new Map-Request
>>    with a different Requested HMAC ID field, according to ITR's local
>>    policy.
>>
>> "
>>
>>
>>>
>>>>    The KDF ID field, specifies the suggested key derivation 
>>>> function to
>>>>    be used by the Map-Server to derive the MS-OTK.
>>>
>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>> Can you clarify how to solve this situation or explain why this will
>>> never happen?
>>
>> This is described a few paragraphs below:
>> "
>>
>> If the KDF ID in the Map-Reply does not match the
>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>    Reply and send, at the first opportunity it needs to, a new Map-
>>    Request with a different KDF ID, according to ITR's...
>>
>> "
>>
>>>
>>>>    The EID-AD length is set to 4 bytes, since the Authentication Data
>>>>    does not contain EID-prefix Authentication Data, and the EID-AD
>>>>    contains only the KDF ID field.
>>>>
>>>>    In response to an encapsulated Map-Request that has the S-bit 
>>>> set, an
>>>>    ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>>>    EID-AD and a PKT-AD.  If the Map-Reply does not include both 
>>>> ADs, the
>>>>    ITR MUST discard it.  In response to an encapsulated Map-Request 
>>>> with
>>>>    S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, 
>>>> and
>>>>    the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there is
>>> no AD, hence no OTK, how can the ITR decrypt the reply?????
>>> It MUST discard…..
>>
>> If S-bit = 0 there's no Authentication Data. The Map-reply is in clear,
>> and can be read.
>>
>> Here again the SHOULD leaves open to ITR local policy that can be strict
>> (drop anything not authenticated) or loose (accept unauthenticated
>> map-reply).
>>
>> There are use cases where LISP-SEC is not deployed everywhere, where the
>> ITR might have to use loose policy.
>>
>>
>>>
>>>
>>>>    Upon receiving a Map-Reply, the ITR must verify the integrity of 
>>>> both
>>>>    the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>>>>    the integrity checks fails.
>>>>
>>>>    The integrity of the EID-AD is verified using the locally stored 
>>>> ITR-
>>>>    OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>>    specified in the EID HMAC ID field.  If the EID HMAC ID field does
>>>>    not match the Requested HMAC ID the ITR SHOULD discard the 
>>>> Map-Reply
>>> Why is this a SHOULD? If it supports the HMAC Algorithm why not
>>> decrypt? Shouldn’t this be a “MAY”, according to internal policy?
>>
>> because this could be used by an attacker to force weaker HMACs (e.g.
>> MD5). The SHOULD leaves open the door to not discarding, according to
>> local policy.
>>
>>
>>
>>
>>>>    and send, at the first opportunity it needs to, a new Map-Request
>>>>    with a different Requested HMAC ID field, according to ITR's local
>>>>    policy.  The ITR MUST set the EID HMAC ID field to 0 before 
>>>> computing
>>>>    the HMAC.
>>> Shouldn’t the MS do the same thing? Otherwise different values will be
>>> obtained. This is not specified in the MS functioning description.
>>
>> good catch. Actually it's a typo here, the EID HMAC field should be set
>> to 0 (that is consistent with section 5.7), not the EID HMAC ID that
>> should not be touched.
>>
>>
>> The ITR MUST set the EID HMAC ID field to 0 before computing
>>    the HMAC.
>>
>> should change to
>>
>> The scope of the HMAC operation covers the
>>    entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>    which must be set to 0 before the computation.
>>
>>
>>>>    To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>>    from the locally stored ITR-OTK using the algorithm specified in 
>>>> the
>>>>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match 
>>>> the
>>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the 
>>>> Map-
>>>>    Reply and send, at the first opportunity it needs to, a new Map-
>>>>    Request with a different KDF ID, according to ITR's local policy.
>>>>    The derived MS-OTK is then used to re-compute the HMAC of the 
>>>> PKT-AD
>>>>    using the Algorithm specified in the PKT HMAC ID field. If the PKT
>>>>    HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>>>    discard the Map-Reply and send, at the first opportunity it 
>>>> needs to,
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 11]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    a new Map-Request with a different Requested HMAC ID according to
>>>>    ITR's local policy.
>>>>
>>>>    Each individual Map-Reply EID-record is considered valid only 
>>>> if: (1)
>>>>    both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>>>    EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>>>>    contained in the EID-AD is not empty.  After identifying the Map-
>>>>    Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>>>>    record to the value of the intersection set computed before, and 
>>>> adds
>>>>    the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>>>>    [RFC6830].  An example of Map-Reply record validation is 
>>>> provided in
>>>>    Section 5.4.1.
>>>>
>>>>    The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>>>    system in order to receive a secure Map-Reply.
>>> I do not understand this “SHOULD”.  This has consequences in the
>>> choice how to react to SMR. This is a local policy.
>>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR
>>> triggered Map-Request MUST be sent through the mapping system.
>> so the _if_ is what makes that MUST a SHOULD... According to local
>> policy the ITR SHOULD send the SMR.
>>>> If an ITR accepts
>>>>    piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>>>>    mapping system in order to securely verify the piggybacked 
>>>> Map-Reply.
>>> Same as above.
>>>> 5.4.1.  Map-Reply Record Validation
>>>>
>>>>    The payload of a Map-Reply may contain multiple EID-records.  The
>>>>    whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>>>>    integrity protection and origin authentication to the EID-prefix
>>>>    records claimed by the ETR.  The Authentication Data field of a 
>>>> Map-
>>>>    Reply may contain multiple EID-records in the EID-AD. The EID-AD is
>>>>    signed by the Map-Server, with the EID HMAC, to provide integrity
>>>>    protection and origin authentication to the EID-prefix records
>>>>    inserted by the Map-Server.
>>>>
>>>>    Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>>>>    the validity of both the EID HMAC and of the PKT-AD HMAC.  If 
>>>> either
>>>>    one of the HMACs is not valid, a log message is issued and the Map-
>>>>    Reply is not processed any further.
>>> I think “log message" is too much implementation specific.
>>> If there is a notification, and how this notification is done, is
>>> implementation specific IMHO.
>> Ok. 'a log message is issued' will change to 'a log action should be
>> taken'. The point is that there could be an attack behind it, and we
>> want to record the event
>>>> If both HMACs are valid, the ITR
>>>>    proceeds with validating each individual EID-record claimed by the
>>>>    ETR by computing the intersection of each one of the EID-prefix
>>>>    contained in the payload of the Map-Reply with each one of the EID-
>>>>    prefixes contained in the EID-AD.  An EID-record is valid only 
>>>> if at
>>>>    least one of the intersections is not the empty set.
>>>>
>>>>    For instance, the Map-Reply payload contains 3 mapping record EID-
>>>>    prefixes:
>>>>
>>>>       1.1.1.0/24
>>>>
>>>>       1.1.2.0/24
>>>>
>>>>       1.2.0.0/16
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 12]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    The EID-AD contains two EID-prefixes:
>>>>
>>>>       1.1.2.0/24
>>>>
>>>>       1.2.3.0/24
>>>>
>>>>    The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>>>>    is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>    log message is issued.
>>> I think “log message" is too much implementation specific.
>>> If there is a notification, and how this notification is done, is
>>> implementation specific IMHO.
>> ok. Same as above.
>>>>    The EID-record with EID-prefix 1.1.2.0/24 is stored in the 
>>>> map-cache
>>>>    because it matches the second EID-prefix contained in the EID-AD.
>>>>
>>>>    The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>>>    is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>    log message is issued.
>>> I think “log message" is too much implementation specific.
>>> If there is a notification, and how this notification is done, is
>>> implementation specific IMHO.
>> ok. Same as above
>>>>   In this last example the ETR is trying to
>>>>    over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>>>    only 1.2.3.0/24, hence the EID-record is discarded.
>>> Reading the example I am not sure I would follow this behaviour.
>>> Only 1 record out of 3 is valid so why should I actually trust the ETR
>>> instead of throwing everything away?
>>> Can you explain ???
>> The other two records are validated by the MS, so there is no reason to
>> throw those away.
>>>> 5.4.2.  PITR Processing
>>>>
>>>>    The processing performed by a PITR is equivalent to the 
>>>> processing of
>>>>    an ITR.  However, if the PITR is directly connected to the ALT,
>>> This would be LISP+ALT. Pleas add a reference to 6836.
>> ok.
>>>> the
>>>>    PITR performs the functions of both the ITR and the Map-Resolver
>>>>    forwarding the Map-Request encapsulated in an ECM header that
>>>>    includes the Authentication Data fields as described in Section 
>>>> 5.6.
>>>>
>>>> 5.5.  Encrypting and Decrypting an OTK
>>>>
>>>>    MS-OTK confidentiality is required in the path between the 
>>>> Map-Server
>>>>    and the ETR, the MS-OTK SHOULD
>>> If confidentiality is required why there is not a MUST?
>> Same.
>>>>  be encrypted using the preconfigured
>>>>    key shared between the Map-Server and the ETR for the purpose of
>>>>    securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>>    confidentiality is required in the path between the ITR and the 
>>>> Map-
>>>>    Resolver, the ITR-OTK SHOULD
>>> Again, if confidentiality is required why there is not a MUST?
>> Same.
>>>> be encrypted with a key shared between
>>>>    the ITR and the Map-Resolver.
>>>>
>>>>    The OTK is encrypted using the algorithm specified in the OTK
>>>>    Encryption ID field.  When the AES Key Wrap algorithm is used to
>>>>    encrypt a 128-bit OTK, according to [RFC3339],
>>> The correct RFC is 3394.
>> ok.
>>>>  the AES Key Wrap
>>>>    Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>>>    The output of the AES Key Wrap operation is 192-bit long.  The most
>>>>    significant 64-bit are copied in the One-Time Key Preamble field,
>>>>    while the 128 less significant bits are copied in the One-Time Key
>>>>    field of the LISP-SEC Authentication Data.
>>>>
>>>>    When decrypting an encrypted OTK the receiver MUST verify that the
>>>>    Initialization Value resulting from the AES Key Wrap decryption
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 13]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification 
>>>> fails
>>>>    the receiver MUST discard the entire message.
>>>>
>>>>    When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>>>>    to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>>    0x0000000000000000 (64 bits).
>>>>
>>>> 5.6.  Map-Resolver Processing
>>>>
>>>>    Upon receiving an encapsulated Map-Request with the S-bit set, the
>>>>    Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>>    encrypted, is decrypted as specified in Section 5.5.
>>>>
>>>>    The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>>>    header with the S-bit set, that contains the unencrypted 
>>>> ITR-OTK, as
>>>>    specified in Section 5.5, and the other data derived from the ECM
>>>>    Authentication Data of the received encapsulated Map-Request.
>>> Few points on this last paragraph:
>>> - You assume that there is no need of confidentiality inside the
>>> Mapping System?
>>> - Why not stating that encryption inside the mapping system is mapping
>>> system specify and out of scope of this document?
>> ok. as it was pointed out above.
>>> - Why are you assuming that all of the Mapping system will use ECM?
>>> Future Mapping system may use soemthos different. The important point
>>> is to ship the AD along.
>> good point, and I agree with your suggestion to fix this below.
>>>>    The Map-Resolver then forwards
>>> to whom?
>> ok. add 'to the Map-Server'
>>>>  the received Map-Request, encapsulated
>>>>    in the new ECM header that includes the newly computed 
>>>> Authentication
>>>>    Data fields.
>>> As for my comment of the previous paragraph I would be more generic
>>> stating that the MR will hand over the request to the mapping system.
>>> You can still provide the example of DDT using ECM.
>> right.
>>>> 5.7.  Map-Server Processing
>>>>
>>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>    the Map-Server process the Map-Request according to the value of 
>>>> the
>>>>    S-bit contained in the Map-Register sent by the ETR during
>>>>    registration.
>>>>
>>>>    If the S-bit contained in the Map-Register was clear the Map-Server
>>>>    decapsulates the ECM and generates a new ECM encapsulated 
>>>> Map-Request
>>>>    that does not contain an ECM Authentication Data, as specified in
>>>>    [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>>>    processing.
>>> This equivalent to not using LISP-SEC. Please specify that the
>>> Map-Reply will be not protected.
>> ok.
>>>>    If the S-bit contained in the Map-Register was set the Map-Server
>>>>    decapsulates the ECM and generates a new ECM Authentication Data.
>>>>    The Authentication Data includes the OTK-AD and the EID-AD, that
>>>>    contains EID-prefix authorization information, that are ultimately
>>>>    sent to the requesting ITR.
>>>>
>>>>    The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) 
>>>> from
>>>>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>    applying the key derivation function specified in the KDF ID field.
>>>>    If the algorithm specified in the KDF ID field is not supported, 
>>>> the
>>>>    Map-Server uses a different algorithm to derive the key and updates
>>>>    the KDF ID field accordingly.
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 14]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    The Map-Server and the ETR MUST be configured with a shared key for
>>>>    mapping registration according to [RFC6833].  If MS-OTK
>>>>    confidentiality is required, then the MS-OTK SHOULD be encrypted,
>>> Again, if confidentiality is required why there is not a MUST?
>> same as above.
>>>>  by
>>>>    wrapping the MS-OTK with the algorithm specified by the OTK
>>>>    Encryption ID field as specified in Section 5.5.
>>>>
>>>>    The Map-Server includes in the EID-AD the longest match registered
>>>>    EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>>>>    The HMAC is keyed with the ITR-OTK contained in the received ECM
>>>>    Authentication Data, and the HMAC algorithm is chosen according to
>>>>    the Requested HMAC ID field.  If The Map-Server does not support 
>>>> this
>>>>    algorithm, the Map-Server uses a different algorithm and 
>>>> specifies it
>>>>    in the EID HMAC ID field.  The scope of the HMAC operation 
>>>> covers the
>>>>    entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>>    which must be set to 0 before the computation.
>>>>
>>>>    The Map-Server then forwards the updated ECM encapsulated Map-
>>>>    Request, that contains the OTK-AD, the EID-AD, and the received 
>>>> Map-
>>>>    Request to an authoritative ETR as specified in [RFC6830].
>>>>
>>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>>
>>>>    If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>>>    specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>>>    includes the Authentication Data that contains the EID-AD, computed
>>>>    as specified in Section 5.7, as well as the PKT-AD computed as
>>>>    specified in Section 5.8.
>>>>
>>>> 5.8.  ETR Processing
>>>>
>>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>    the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>>>>    is decrypted as specified in Section 5.5 to obtain the unencrypted
>>>>    MS-OTK.
>>>>
>>>>    The ETR then generates a Map-Reply as specified in [RFC6830] and
>>>>    includes the Authentication Data that contains the EID-AD, as
>>>>    received in the encapsulated Map-Request, as well as the PKT-AD.
>>>>
>>>>    The EID-AD is copied from the Authentication Data of the received
>>>>    encapsulated Map-Request.
>>>>
>>>>    The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>>>    with the MS-OTK and computed using the HMAC algorithm specified in
>>>>    the Requested HMAC ID field of the received encapsulated 
>>>> Map-Request.
>>>>    If the ETR does not support the Requested HMAC ID, it uses a
>>>>    different algorithm and updates the PKT HMAC ID field accordingly.
>>>>    The scope of the HMAC operation covers the entire PKT-AD, from the
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 15]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    Map-Reply Type field to the PKT HMAC field, which must be set to 0
>>>>    before the computation.
>>>>
>>>>    Finally the ETR sends the Map-Reply to the requesting ITR as
>>>>    specified in [RFC6830].
>>>>
>>>> 6.  Security Considerations
>>>>
>>>> 6.1.  Mapping System Security
>>>>
>>>>    The LISP-SEC threat model described in Section 3, assumes that the
>>>>    LISP Mapping System is working properly and eventually delivers 
>>>> Map-
>>>>    Request messages to a Map-Server that is authoritative for the
>>>>    requested EID.
>>>>
>>> As for a previous comment, can you elaborate if OTK confidentiality is
>>> required in the mapping system and what are the consequences?
>> ok.
>>>>    Map-Register security, including the right for a LISP entity to
>>>>    register an EID-prefix or to claim presence at an RLOC, is out 
>>>> of the
>>>>    scope of LISP-SEC.
>>>>
>>>> 6.2.  Random Number Generation
>>>>
>>>>    The ITR-OTK MUST be generated by a properly seeded pseudo-random 
>>>> (or
>>>>    strong random) source.  See [RFC4086] for advice on generating
>>>>    security-sensitive random data
>>>>
>>>> 6.3.  Map-Server and ETR Colocation
>>>>
>>>>    If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>>    provide protection from overclaiming attacks mounted by the ETR.
>>>>    However, in this particular case, since the ETR is within the trust
>>>>    boundaries of the Map-Server, ETR's overclaiming attacks are not
>>>>    included in the threat model.
>>>>
>>>> 7.  IANA Considerations
>>> This section is not conform to RFC 5226.
>>> There right way to go is to ask IANA to create three new registries,
>>> for HMAC, Key Wrap, and Key Derivation functions.
>>> Define what is the allocation process (in light of the size of the
>>> field FCFS should not cause any problem IMHO)
>>> Then ask to populate the registries as already described.
>> Ok, so each one of the sections 7.x will say: IANA is requested to
>> create a new <registry-name>  registry for use ...
>>>> 7.1.  HMAC functions
>>>>
>>>>    The following HMAC ID values are defined by this memo for use as
>>>>    Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>>>    Authentication Data:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 16]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>              Name                     Number        Defined In
>>>> -------------------------------------------------
>>>>              NONE                     0
>>>>              AUTH-HMAC-SHA-1-96       1 [RFC2104]
>>>>              AUTH-HMAC-SHA-256-128    2 [RFC4634]
>>>>
>>>>              values 2-65535 are reserved to IANA.
>>>>
>>>>                               HMAC Functions
>>>>
>>>>    AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 
>>>> should be
>>>>    supported.
>>>>
>>>> 7.2.  Key Wrap Functions
>>>>
>>>>    The following OTK Encryption ID values are defined by this memo for
>>>>    use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>>>    Data:
>>>>
>>>>              Name                     Number        Defined In
>>>> -------------------------------------------------
>>>>              NULL-KEY-WRAP-128        1
>>>>              AES-KEY-WRAP-128         2 [RFC3394]
>>>>
>>>>              values 0 and 3-65535 are reserved to IANA.
>>>>
>>>>                             Key Wrap Functions
>>>>
>>>>    NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>>
>>>>    NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, 
>>>> with a
>>>>    64-bit preamble set to 0x0000000000000000 (64 bits).
>>>>
>>>> 7.3.  Key Derivation Functions
>>>>
>>>>    The following KDF ID values are defined by this memo for use as KDF
>>>>    ID in the LISP-SEC Authentication Data:
>>>>
>>>>              Name                     Number        Defined In
>>>> -------------------------------------------------
>>>>              NONE                     0
>>>>              HKDF-SHA1-128            1 [RFC5869]
>>>>
>>>>              values 2-65535 are reserved to IANA.
>>>>
>>>>                          Key Derivation Functions
>>>>
>>>>    HKDF-SHA1-128 MUST be supported
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 17]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>> 8.  Acknowledgements
>>>>
>>>>    The authors would like to acknowledge Pere Monclus, Dave Meyer, 
>>>> Dino
>>>>    Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>>>    Noll for their valuable suggestions provided during the preparation
>>>>    of this document.
>>>>
>>>> 9.  Normative References
>>> Please Check your reference, this is the output if the nits tool:
>>> Checking references for intended status: Experimental
>>>
>>> ---------------------------------------------------------------------------- 
>>>
>>>   == Missing Reference: 'RFC3339' is mentioned on line 602, but not
>>> defined
>>>   == Missing Reference: 'RFC4634' is mentioned on line 752, but not
>>> defined
>>>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
>> ok.
>>>>    [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>>>>               Hashing for Message Authentication", RFC 2104,
>>>>               DOI 10.17487/RFC2104, February 1997,
>>>> <http://www.rfc-editor.org/info/rfc2104>.
>>>>
>>>>    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>>               Requirement Levels", BCP 14, RFC 2119,
>>>>               DOI 10.17487/RFC2119, March 1997,
>>>> <http://www.rfc-editor.org/info/rfc2119>.
>>>>
>>>>    [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>>>>               (AES) Key Wrap Algorithm", RFC 3394, DOI 
>>>> 10.17487/RFC3394,
>>>>               September 2002, 
>>>> <http://www.rfc-editor.org/info/rfc3394>.
>>>>
>>>>    [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>>               "Randomness Requirements for Security", BCP 106, RFC 
>>>> 4086,
>>>>               DOI 10.17487/RFC4086, June 2005,
>>>> <http://www.rfc-editor.org/info/rfc4086>.
>>>>
>>>>    [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>>>>               IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>>>>               DOI 10.17487/RFC5226, May 2008,
>>>> <http://www.rfc-editor.org/info/rfc5226>.
>>>>
>>>>    [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based 
>>>> Extract-and-Expand
>>>>               Key Derivation Function (HKDF)", RFC 5869,
>>>>               DOI 10.17487/RFC5869, May 2010,
>>>> <http://www.rfc-editor.org/info/rfc5869>.
>>>>
>>>>    [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>>>>               Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>>               DOI 10.17487/RFC6830, January 2013,
>>>> <http://www.rfc-editor.org/info/rfc6830>.
>>>>
>>>>    [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>>               Protocol (LISP) Map-Server Interface", RFC 6833,
>>>>               DOI 10.17487/RFC6833, January 2013,
>>>> <http://www.rfc-editor.org/info/rfc6833>.
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 18]
>>>> 
>>>> Internet-Draft                  LISP-SEC October 2016
>>>>
>>>>
>>>>    [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>>>>               Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>>>               DOI 10.17487/RFC7835, April 2016,
>>>> <http://www.rfc-editor.org/info/rfc7835>.
>>>>
>>>> Authors' Addresses
>>>>
>>>>    Fabio Maino
>>>>    Cisco Systems
>>>>    170 Tasman Drive
>>>>    San Jose, California  95134
>>>>    USA
>>>>
>>>>    Email: fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>>
>>>>
>>>>    Vina Ermagan
>>>>    Cisco Systems
>>>>    170 Tasman Drive
>>>>    San Jose, California  95134
>>>>    USA
>>>>
>>>>    Email: vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>>
>>>>
>>>>    Albert Cabellos
>>>>    Technical University of Catalonia
>>>>    c/ Jordi Girona s/n
>>>>    Barcelona  08034
>>>>    Spain
>>>>
>>>>    Email: acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>>
>>>>
>>>>    Damien Saucez
>>>>    INRIA
>>>>    2004 route des Lucioles - BP 93
>>>>    Sophia Antipolis
>>>>    France
>>>>
>>>>    Email: damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                
>>>> [Page 19]
>>


From nobody Mon Oct 24 01:25:19 2016
Return-Path: <luigi.iannone@telecom-paristech.fr>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32AC5129629; Mon, 24 Oct 2016 01:25:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.703
X-Spam-Level: 
X-Spam-Status: No, score=0.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, THIS_AD=2.704] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telecom-paristech.fr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h1LAEzxWhL03; Mon, 24 Oct 2016 01:25:14 -0700 (PDT)
Received: from zproxy120.enst.fr (zproxy120.enst.fr [137.194.2.193]) by ietfa.amsl.com (Postfix) with ESMTP id BE397129481; Mon, 24 Oct 2016 01:25:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id 8EA64100243; Mon, 24 Oct 2016 10:25:12 +0200 (CEST)
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 8n3ldsXJ71Ul; Mon, 24 Oct 2016 10:25:09 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id 93C1E1002CB; Mon, 24 Oct 2016 10:25:09 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 zproxy120.enst.fr 93C1E1002CB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telecom-paristech.fr; s=A6AEC2EE-1106-11E5-B10E-D103FDDA8F2E; t=1477297509; bh=iGkEaUfnBHbE1TrVJ9Xrq0xBNYVFuL0aqxHJo+ps2HQ=; h=Content-Type:Mime-Version:Subject:From:Date: Content-Transfer-Encoding:Message-Id:To; b=GzxdcMbaAVvh12cy5qTg2n/AxqVk9SdRLRgkNYPKVGKFwUnF5hwDTA8pOWHsAN9uY HJFZ44KBSVr9FITNE2iTYILNj/8wLO3k+I29kKzx3j8A7s2LmPYXuseatHdCcg4I0C xF8F6mcP38h1XpzbUwX4trQcMc8QKmVZJ27IM/EY=
X-Virus-Scanned: amavisd-new at zproxy120.enst.fr
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id btdzLizpuVzb; Mon, 24 Oct 2016 10:25:09 +0200 (CEST)
Received: from dhcp164-147.enst.fr (dhcp164-147.enst.fr [137.194.165.147]) by zproxy120.enst.fr (Postfix) with ESMTPSA id 64C49100283; Mon, 24 Oct 2016 10:25:09 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
In-Reply-To: <4a17fae5-c9e5-0226-c04d-90b5b857ea4b@cisco.com>
Date: Mon, 24 Oct 2016 10:25:50 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <64B835B2-18EA-4451-B9DE-2BAAB27F67E0@telecom-paristech.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <c46e6c3f-2f5e-7776-bee7-60e4ff4feb44@joelhalpern.com> <4a17fae5-c9e5-0226-c04d-90b5b857ea4b@cisco.com>
To: Fabio Maino <fmaino@cisco.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/k6G7M74WixtLL87O5Is4bOS-dqA>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>, Damien Saucez <damien.saucez@inria.fr>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2016 08:25:18 -0000

This would be great Fabio. Thanks.

Ciao

L.



> On 22 Oct 2016, at 02:19, Fabio Maino <fmaino@cisco.com> wrote:
>=20
> Thanks Joel,
> sounds fair. I'll then add text that provides the rationale for this =
choice.
>=20
>=20
> Fabio
>=20
> On 10/21/16 4:35 PM, Joel M. Halpern wrote:
>> The usual practice, although there are exceptions, is to indicate =
along with the SHOULD the kinds of circumstances that would justify not =
complying with that SHOULD while implementing (most of) the rest of the =
RFC.
>>=20
>> Yours,
>> Joel
>>=20
>> On 10/21/16 7:23 PM, Fabio Maino wrote:
>>> Ciao Luigi,
>>> below I have replied to each comment. I'm working to the updated =
text,
>>> that I will send as soon as it is ready. ideally we might be able to
>>> publish a new version before draft deadline.
>>>=20
>>> Just a note on the most recurring comment: SHOULD vs. MUST.
>>>=20
>>> The use of SHOULD across the document is according to RFC 2119:
>>>=20
>>>=20
>>>    SHOULD
>>>=20
>>> This word, or the adjective "RECOMMENDED", mean that there
>>>   may exist valid reasons in particular circumstances to ignore a
>>>   particular item, but the full implications must be understood and
>>>   carefully weighed before choosing a different course.
>>>=20
>>>=20
>>>=20
>>> There are use cases where, carefully weighing the implications, some =
of
>>> the security services of LISP-SEC can be turned-off. We want to =
leave
>>> implementors the freedom to allow this flexibility.
>>>=20
>>> For example, in a DC deployment it may make sense to turn off OTK
>>> decryption between XTR and MS/MR, as MiTM is very unlikely.
>>>=20
>>> Similarly, an ITR may decide to implement a loose policy on =
accepting an
>>> AD authenticated with an algorithm different from the preferred
>>> authentication algorithm expressed by the ITR. Using a MUST would =
force
>>> support of a given authentication algorithm across each and every MS =
and
>>> ETR, that might not be the case when incrementally deploying =
LISP-SEC
>>> (or while upgrading routers).
>>>=20
>>> Using a MUST would prevent this flexibility, that we would like to =
leave
>>> to the implementors.
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>>>> Dear Authors of the LISP-SEC document,
>>>>=20
>>>> hereafter my review of the document.
>>>> This was long overdue, sorry for being so late.
>>>>=20
>>>> I really like the solution and the majority of my comments are just
>>>> clarification questions.
>>>> Let me know if my comments are clear.
>>>>=20
>>>> ciao
>>>>=20
>>>> L.
>>>>=20
>>>>=20
>>>>=20
>>>>> 1.  Introduction
>>>>>=20
>>>>>   The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>>>   functions for routers to exchange information used to map from =
non-
>>>>>   routable Endpoint Identifiers (EIDs) to routable Routing =
Locators
>>>>>   (RLOCs).
>>>> I find the above sentence confusing. Wouldn=E2=80=99t be better to =
specify
>>>> that we are talking about IP addresses?
>>>=20
>>> That's how LISP is described in RFC6830, section 1. If you start =
using
>>> the term IP address then you need to qualify if you are talking =
about
>>> Identity-IP or Locator-IP, so the sentence gets complicated pretty =
quickly.
>>>=20
>>> I would leave this one unchanged.
>>>=20
>>>>=20
>>>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>>>   messages, are transmitted without integrity protection, an =
adversary
>>>>>   can manipulate them and hijack the communication, impersonate =
the
>>>>>   requested EID, or mount Denial of Service or Distributed Denial =
of
>>>>>   Service attacks.  Also, if the Map-Reply message is transported
>>>>>   unauthenticated, an adversarial LISP entity can overclaim an =
EID-
>>>>>   prefix and maliciously redirect traffic directed to a large =
number of
>>>>>   hosts.  A detailed description of "overclaiming" attack is =
provided
>>>>>   in [RFC7835].
>>>>>=20
>>>>>   This memo specifies LISP-SEC, a set of security mechanisms that
>>>>>   provides origin authentication, integrity and anti-replay =
protection
>>>>>   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>>>   process.
>>>>=20
>>>> I would put s forward reference to section 3 stating that the =
reader
>>>> will find details about the threat model.
>>>=20
>>> OK. We can replace the sentence
>>>=20
>>> A detailed description of "overclaiming" attack is provided
>>>   in [RFC7835]
>>>=20
>>> with
>>>=20
>>> The LISP-SEC threat model, described in Section 3, is built on top =
of the LISP threat model defined in RFC7835, that includes a detailed =
description of "overclaiming" attack.
>>>=20
>>>=20
>>>=20
>>>>=20
>>>>> LISP-SEC also enables verification of authorization on EID-
>>>>>   prefix claims in Map-Reply messages, ensuring that the sender of =
a
>>>>>   Map-Reply that provides the location for a given EID-prefix is
>>>>>   entitled to do so according to the EID prefix registered in the
>>>>>   associated Map-Server.  Map-Register security, including the =
right
>>>>>   for a LISP entity to register an EID-prefix or to claim presence =
at
>>>>>   an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>>>   considerations are described in Section 6.
>>>>>=20
>>>>> 2.  Definition of Terms
>>>>>=20
>>>>>      One-Time Key (OTK): An ephemeral randomly generated key that =
must
>>>>>      be used for a single Map-Request/Map-Reply exchange.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>         ITR-OTK: The One-Time Key generated at the ITR.
>>>>>=20
>>>>>         MS-OTK: The One-Time Key generated at the Map-Server.
>>>>=20
>>>> Why are you considering ITR-OTK and MS-OTK sub-terms?
>>>> I would elevate them at full terms, hence avoiding spacing and
>>>> indentation.
>>>=20
>>> Ok.
>>>=20
>>>>=20
>>>>>      Encapsulated Control Message (ECM): A LISP control message =
that is
>>>>>      prepended with an additional LISP header.  ECM is used by =
ITRs to
>>>>>      send LISP control messages to a Map-Resolver, by =
Map-Resolvers to
>>>>>      forward LISP control messages to a Map-Server, and by Map-
>>>>>      Resolvers to forward LISP control messages to an ETR.
>>>>>=20
>>>> Why are you re-defining ECM?
>>>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>>>> I would drop it.
>>>=20
>>> It is not defined in the Definitions section of 6830. One would need =
to
>>> go through the body of 6830 to find it.
>>>=20
>>> I'll drop it, but we need to make sure that ECM gets into the =
definition
>>> section of 6830bis.
>>>=20
>>> Albert: are you looking into that document? Can you take care of =
this?
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>      Authentication Data (AD): Metadata that is included either in =
a
>>>>>      LISP ECM header or in a Map-Reply message to support
>>>>>      confidentiality, integrity protection, and verification of =
EID-
>>>>>      prefix authorization.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 3]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>         OTK-AD: The portion of ECM Authentication Data that =
contains a
>>>>>         One-Time Key.
>>>>>=20
>>>>>         EID-AD: The portion of ECM and Map-Reply Authentication =
Data
>>>>>         used for verification of EID-prefix authorization.
>>>>>=20
>>>>>         PKT-AD: The portion of Map-Reply Authentication Data used =
to
>>>>>         protect the integrity of the Map-Reply message.
>>>>=20
>>>>=20
>>>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
>>>> I would elevate them at full terms, hence avoiding spacing and
>>>> indentation.
>>>>=20
>>> ok.
>>>=20
>>>>=20
>>>>>   For definitions of other terms, notably Map-Request, Map-Reply,
>>>>>   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), =
Map-Server
>>>>>   (MS), and Map-Resolver (MR) please consult the LISP =
specification
>>>>>   [RFC6830].
>>>>>=20
>>>>> 3.  LISP-SEC Threat Model
>>>>>=20
>>>>>   LISP-SEC addresses the control plane threats, described in =
[RFC7835],
>>>>>   that target EID-to-RLOC mappings, including manipulations of =
Map-
>>>>>   Request and Map-Reply messages, and malicious ETR EID prefix
>>>>>   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>>>>   mapping system is expected to deliver a Map-Request message to =
their
>>>>>   intended destination ETR as identified by the EID, and (2) no =
man-in-
>>>>>   the-middle (MITM) attack can be mounted within the LISP Mapping
>>>>>   System.  Furthermore, while LISP-SEC enables detection of EID =
prefix
>>>>>   overclaiming attacks, it assumes that Map-Servers can verify the =
EID
>>>>>   prefix authorization at time of registration.
>>>> LISP-SEC does not require OTK confidentiality in the mapping =
system.
>>>> This should be discussed here.
>>> we could add to the above
>>>=20
>>> "and (2) no man-in-
>>>   the-middle (MITM) attack can be mounted within the LISP Mapping
>>>   System."
>>>=20
>>> How the Mapping System is protected from MiTM attacks depends from =
the particular Mapping System used, and is out of the scope of this =
memo.
>>>=20
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>   According to the threat model described in [RFC7835] LISP-SEC =
assumes
>>>>>   that any kind of attack, including MITM attacks, can be mounted =
in
>>>>>   the access network, outside of the boundaries of the LISP =
mapping
>>>>>   system.  An on-path attacker, outside of the LISP mapping system =
can,
>>>>>   for example, hijack Map-Request and Map-Reply messages, spoofing =
the
>>>>>   identity of a LISP node.  Another example of on-path attack, =
called
>>>>>   overclaiming attack, can be mounted by a malicious Egress Tunnel
>>>>>   Router (ETR), by overclaiming the EID-prefixes for which it is
>>>>>   authoritative.  In this way the ETR can maliciously redirect =
traffic
>>>>>   directed to a large number of hosts.
>>>>>=20
>>>>> 4.  Protocol Operations
>>>>>=20
>>>>>   The goal of the security mechanisms defined in [RFC6830] is to
>>>>>   prevent unauthorized insertion of mapping data by providing =
origin
>>>>>   authentication and integrity protection for the =
Map-Registration, and
>>>>>   by using the nonce to detect unsolicited Map-Reply sent by =
off-path
>>>>>   attackers.
>>>>>=20
>>>>>   LISP-SEC builds on top of the security mechanisms defined in
>>>>>   [RFC6830] to address the threats described in Section 3 by =
leveraging
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 4]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   the trust relationships existing among the LISP entities
>>>>>   participating to the exchange of the Map-Request/Map-Reply =
messages.
>>>>>   Those trust relationships are used to securely distribute a =
One-Time
>>>>>   Key (OTK) that provides origin authentication, integrity and =
anti-
>>>>>   replay protection to mapping data conveyed via the mapping =
lookup
>>>>>   process, and that effectively prevent overclaiming attacks.  The
>>>>>   processing of security parameters during the =
Map-Request/Map-Reply
>>>>>   exchange is as follows:
>>>>>=20
>>>>>   o  The ITR-OTK is generated and stored at the ITR, and securely
>>>>>      transported to the Map-Server.
>>>>>=20
>>>>>   o  The Map-Server uses the ITR-OTK to compute an HMAC that =
protects
>>>> You did not define HMAC acronym. Please define and add a reference.
>>>=20
>>> ok.
>>>=20
>>>=20
>>>>=20
>>>>>      the integrity of the mapping data known to the Map-Server to
>>>>>      prevent overclaiming attacks.  The Map-Server also derives a =
new
>>>>>      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>>>>      Derivation Function (KDF) to the ITR-OTK.
>>>>>=20
>>>>>   o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>>>>      integrity of the Map-Reply sent to the ITR.
>>>>>=20
>>>>>   o  Finally, the ITR uses the stored ITR-OTK to verify the =
integrity
>>>>>      of the mapping data provided by both the Map-Server and the =
ETR,
>>>>>      and to verify that no overclaiming attacks were mounted along =
the
>>>>>      path between the Map-Server and the ITR.
>>>>>=20
>>>>>   Section 5 provides the detailed description of the LISP-SEC =
control
>>>>>   messages and their processing, while the rest of this section
>>>>>   describes the flow of protocol operations at each entity =
involved in
>>>>>   the Map-Request/Map-Reply exchange:
>>>>>=20
>>>>>   o  The ITR, upon needing to transmit a Map-Request message, =
generates
>>>>>      and stores an OTK (ITR-OTK).  This ITR-OTK is included into =
the
>>>>>      Encapsulated Control Message (ECM) that contains the =
Map-Request
>>>>>      sent to the Map-Resolver.  To provide confidentiality to the =
ITR-
>>>>>      OTK over the path between the ITR and its Map-Resolver, the =
ITR-
>>>>>      OTK SHOULD
>>>> Why not using =E2=80=9CMUST=E2=80=9D???
>>>> Are you suggesting that a different way to provide confidentiality =
can
>>>> be used (e.g. a different shared key)???
>>>> If yes, please state so.
>>>>=20
>>>> Or are you suggesting that no encryption at all is used? But this
>>>> means not providing confidentiality=E2=80=A6
>>>> Can you clarify?
>>>>=20
>>>> (this very same comment will appear several time in this review)
>>>=20
>>> We don't want to make the use of pre-shared key *mandatory* to all =
LISP
>>> deployments. There are deployments where the risk of MiTM between =
the
>>> xTR and the MS/MR may not justify the cost of provisioning a shared =
key
>>> (data centers, for example).
>>>=20
>>>=20
>>>>> be encrypted using a preconfigured key shared between
>>>>>      the ITR and the Map-Resolver, similar to the key shared =
between
>>>>>      the ETR and the Map-Server in order to secure ETR =
registration
>>>>>      [RFC6833].
>>>>>=20
>>>>>   o  The Map-Resolver decapsulates the ECM message, decrypts the =
ITR-
>>>>>      OTK, if needed, and forwards through the Mapping System the
>>>>>      received Map-Request and the ITR-OTK, as part of a new ECM
>>>>>      message.  As described in Section 5.6, the LISP Mapping =
System
>>>>>      delivers the ECM to the appropriate Map-Server, as identified =
by
>>>>>      the EID destination address of the Map-Request.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 5]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   o  The Map-Server is configured with the location mappings and =
policy
>>>>>      information for the ETR responsible for the EID destination
>>>>>      address.  Using this preconfigured information, the =
Map-Server,
>>>>>      after the decapsulation of the ECM message, finds the longest
>>>>>      match EID-prefix that covers the requested EID in the =
received
>>>>>      Map-Request.  The Map-Server adds this EID-prefix, together =
with
>>>>>      an HMAC computed using the ITR-OTK, to a new Encapsulated =
Control
>>>>>      Message that contains the received Map-Request.
>>>>>=20
>>>>>   o  The Map-Server derives a new OTK, the MS-OTK, by applying a =
Key
>>>>>      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is =
included
>>>>>      in the Encapsulated Control Message that the Map-Server uses =
to
>>>>>      forward the Map-Request to the ETR.  To provide MS-OTK
>>>>>      confidentiality over the path between the Map-Server and the =
ETR,
>>>>>      the MS-OTK should
>>>> This =E2=80=9Cshould=E2=80=9D should be a =E2=80=9CSHOULD=E2=80=9D  =
(sorry for the cacophony=E2=80=A6)
>>>=20
>>> Ok.
>>>>=20
>>>> Why not using =E2=80=9CMUST=E2=80=9D???
>>>> Are you suggesting that a different way to provide confidentiality =
can
>>>> be used (e.g. a different shared key)???
>>>> If yes, please state so.
>>>>=20
>>>> Or are you suggesting that no encryption at all is used? But this
>>>> means not providing confidentiality=E2=80=A6
>>>> Can you clarify?
>>>=20
>>> Same as above.
>>>=20
>>>>=20
>>>>> be encrypted using the key shared between the
>>>>>      ETR and the Map-Server in order to secure ETR registration
>>>>>      [RFC6833].
>>>>>=20
>>>>>   o  If the Map-Server is acting in proxy mode, as specified in
>>>>>      [RFC6830], the ETR is not involved in the generation of the =
Map-
>>>>>      Reply.  In this case the Map-Server generates the Map-Reply =
on
>>>>>      behalf of the ETR as described below.
>>>>>=20
>>>>>   o  The ETR, upon receiving the ECM encapsulated Map-Request from =
the
>>>>>      Map-Server, decrypts the MS-OTK, if needed, and originates a
>>>>>      standard Map-Reply that contains the EID-to-RLOC mapping
>>>>>      information as specified in [RFC6830].
>>>>>=20
>>>>>   o  The ETR computes an HMAC over this standard Map-Reply, keyed =
with
>>>>>      MS-OTK to protect the integrity of the whole Map-Reply.  The =
ETR
>>>>>      also copies the EID-prefix authorization data that the =
Map-Server
>>>>>      included in the ECM encapsulated Map-Request into the =
Map-Reply
>>>>>      message.  The ETR then sends this complete Map-Reply message =
to
>>>>>      the requesting ITR.
>>>>>=20
>>>>>   o  The ITR, upon receiving the Map-Reply, uses the locally =
stored
>>>>>      ITR-OTK to verify the integrity of the EID-prefix =
authorization
>>>>>      data included in the Map-Reply by the Map-Server.  The ITR
>>>>>      computes the MS-OTK by applying the same KDF used by the Map-
>>>>>      Server, and verifies the integrity of the Map-Reply. If the
>>>>>      integrity checks fail, the Map-Reply MUST be discarded.  =
Also, if
>>>>>      the EID-prefixes claimed by the ETR in the Map-Reply are not =
equal
>>>>>      or more specific than the EID-prefix authorization data =
inserted
>>>>>      by the Map-Server, the ITR MUST discard the Map-Reply.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 6]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>> 5.  LISP-SEC Control Messages Details
>>>>>=20
>>>>>   LISP-SEC metadata associated with a Map-Request is transported =
within
>>>>>   the Encapsulated Control Message that contains the Map-Request.
>>>>>=20
>>>>>   LISP-SEC metadata associated with the Map-Reply is transported =
within
>>>>>   the Map-Reply itself.
>>>>>=20
>>>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>>>=20
>>>>>   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>>>>   [RFC6830] with Type set to 8, and S bit set to 1 to indicate =
that the
>>>>>   LISP header includes Authentication Data (AD).  The format of =
the
>>>>>   LISP-SEC ECM Authentication Data is defined in the following =
figure.
>>>>>   OTK-AD stands for One-Time Key Authentication Data and EID-AD =
stands
>>>>>   for EID Authentication Data.
>>>>>=20
>>>>> 0                   1                   2 3
>>>>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>>>> |              OTK Length       |       OTK Encryption ID       | =
|
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
|
>>>>> |                       One-Time-Key Preamble ...               | =
|
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
OTK-AD
>>>>> |                   ... One-Time-Key Preamble                   | =
|
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
|
>>>>> ~                      One-Time Key (128 bits)                  ~/
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>>>> |           EID-AD Length       |           KDF ID              |  =
   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  =
   |
>>>>> | Record Count  |    Reserved   |         EID HMAC ID           |  =
   EID-AD
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\ =
   |
>>>>> |   Reserved    | EID mask-len  | EID-AFI             | |   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
Rec |
>>>>> ~                          EID-prefix ...                       ~ =
|   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ =
   |
>>>>> ~                            EID HMAC                           ~  =
   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<=E2=80=94+
>>>> I think that =E2=80=9Crec=E2=80=9D is mis-aligned and should be =
shifted one character
>>>> upward.
>>>=20
>>> No. The row above is the portion of the header that specifies how =
many
>>> records will follow. Rec shows one Rec item, in the array of =
Records.
>>> It is consistent with 6830.
>>>=20
>>>=20
>>>=20
>>>>=20
>>>>>                     LISP-SEC ECM Authentication Data
>>>>>=20
>>>>>      AD Type: 1 (LISP-SEC Authentication Data)
>>>> This is the first document starting to allocate values to the "AD
>>>> Type=E2=80=9D value.
>>>> Why not asking IANA to create a registry??
>>>> (to be done in the IANA Considerations Section)
>>>=20
>>>=20
>>> Ok.
>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>>>      V: Key Version bit.  This bit is toggled when the sender =
switches
>>>>>      to a new OTK wrapping key
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 7]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>      Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>=20
>>>>>      Requested HMAC ID: The HMAC algorithm requested by the ITR.  =
See
>>>>>      Section 5.4 for details.
>>>>>=20
>>>>>      OTK Length: The length (in bytes) of the OTK Authentication =
Data
>>>>>      (OTK-AD), that contains the OTK Preamble and the OTK.
>>>>>=20
>>>>>      OTK Encryption ID: The identifier of the key wrapping =
algorithm
>>>>>      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>>>>      unencrypted by the Map-Resolver, the OTK Encryption ID is set =
to
>>>>>      NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>>>=20
>>>>>      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  =
When
>>>>>      the OTK is encrypted, this field may carry additional =
metadata
>>>>>      resulting from the key wrapping operation.  When a 128-bit =
OTK is
>>>>>      sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>>>>      0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>>>=20
>>>>>      One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>>>>      Encryption ID.  See Section 5.5 for details.
>>>>>=20
>>>>>      EID-AD Length: length (in bytes) of the EID Authentication =
Data
>>>>>      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it =
only
>>>>>      fills the KDF ID field, and all the remaining fields part of =
the
>>>>>      EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>>>>      records.  Each EID-record is 4-byte long plus the length of =
the
>>>>>      AFI-encoded EID-prefix.
>>>>>=20
>>>>>      KDF ID: Identifier of the Key Derivation Function used to =
derive
>>>>>      the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>>>      recommended KDF algorithm, according to local policy.
>>>> I am not sure I understand the rationale of this =E2=80=9CSHOULD=E2=80=
=9D. If for any
>>>> reason the ITR does not indicate the KDF ID what are the =
consequences?
>>>=20
>>> That should be a MAY, I believe,
>>>=20
>>> The ITR can specify "no preference" for KDF ID, using a value of 0.
>>>=20
>>> In the ITR processing section 5.4,  we should add to
>>>=20
>>> The KDF ID field, specifies the suggested key derivation function to
>>>   be used by the Map-Server to derive the MS-OTK.
>>>=20
>>>=20
>>> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify =
that
>>> the ITR has no preferred KDF ID".
>>>=20
>>>=20
>>>=20
>>>> Is the MS free to choose the algorithm? This should be clarified.
>>> This is specified in section 5.7.
>>>=20
>>> "
>>>=20
>>> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) =
from
>>>   the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>   applying the key derivation function specified in the KDF ID =
field.
>>>   If the algorithm specified in the KDF ID field is not supported, =
the
>>>   Map-Server uses a different algorithm to derive the key and =
updates
>>>   the KDF ID field accordingly.
>>>=20
>>> "
>>>=20
>>>=20
>>>=20
>>>>=20
>>>>> The Map-
>>>>>      Server can overwrite the KDF ID if it does not support the =
KDF ID
>>>>>      recommended by the ITR.
>>>> What happens if the MS will choose a KDF ID not supported by the =
ITR?
>>>> Can you clarify how to solve this situation or explain why this =
will
>>>> never happen?
>>>=20
>>> This is specified in 5.4, ITR processing.
>>>=20
>>> "
>>>=20
>>> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>   from the locally stored ITR-OTK using the algorithm specified in =
the
>>>   KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>   using the MS-OTK.  If the KDF ID in the Map-Reply does not match =
the
>>>   KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>   Reply and send, at the first opportunity it needs to, a new Map-
>>>   Request with a different KDF ID, according to ITR's local policy.
>>>=20
>>> "
>>>=20
>>>=20
>>> There are two typical use cases:
>>> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard
>>> map-reply with different KDF IDs. If local policy allows, another
>>> map-request will be sent with a different KDF ID
>>> - loose KDF ID policy: ITR specify KDF ID =3D none, and will accept
>>> map-reply with any KDF ID (if supported by ITR). If received KDF is =
not
>>> supported the ITR shall drop the map-reply
>>>=20
>>>=20
>>>>=20
>>>>> See Section 5.4 for more details.
>>>>>=20
>>>>>      Record Count: The number of records in this Map-Request =
message.
>>>>>      A record is comprised of the portion of the packet that is =
labeled
>>>>>      'Rec' above and occurs the number of times equal to Record =
Count.
>>>>>=20
>>>>>      Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>=20
>>>>>      EID HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>>>>>      integrity of the EID-AD.  This field is filled by Map-Server =
that
>>>>>      computed the EID-prefix HMAC.  See Section 5.4 for more =
details.
>>>>>=20
>>>>>      EID mask-len: Mask length for EID-prefix.
>>>>>=20
>>>>>      EID-AFI: Address family of EID-prefix according to [RFC5226]
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 8]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>      EID-prefix: The Map-Server uses this field to specify the =
EID-
>>>>>      prefix that the destination ETR is authoritative for, and is =
the
>>>>>      longest match for the requested EID.
>>>>>=20
>>>>>      EID HMAC: HMAC of the EID-AD computed and inserted by =
Map-Server.
>>>>>      Before computing the HMAC operation the EID HMAC field MUST =
be set
>>>>>      to 0.  The HMAC covers the entire EID-AD.
>>>>>=20
>>>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>>>=20
>>>>>   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set =
to 2,
>>>>>   and S bit set to 1 to indicate that the Map-Reply message =
includes
>>>>>   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>>>>   Authentication Data is defined in the following figure. PKT-AD =
is
>>>>>   the Packet Authentication Data that covers the Map-Reply =
payload.
>>>>>=20
>>>>> 0                   1                   2 3
>>>>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |    AD Type    | Reserved                      |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>>>> |           EID-AD Length       |           KDF ID              |  =
   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  =
   |
>>>>> | Record Count  |    Reserved   |         EID HMAC ID           |  =
   EID-AD
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\ =
   |
>>>>> |   Reserved    | EID mask-len  | EID-AFI             | |   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
Rec |
>>>>> ~                          EID-prefix ...                       ~ =
|   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/ =
   |
>>>>> ~                            EID HMAC                           ~  =
   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>>>> |         PKT-AD Length         |         PKT HMAC ID           |\
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
|
>>>>> ~                            PKT HMAC                           ~ =
PKT-AD
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>>>=20
>>>>>                  LISP-SEC Map-Reply Authentication Data
>>>>>=20
>>>>>      AD Type: 1 (LISP-SEC Authentication Data)
>>>> Shouldn=E2=80=99t this be a different value? This AD  format is =
different from
>>>> the one described in section 5.1!
>>>> Another reason to ask IANA for a registry=E2=80=A6.
>>>=20
>>> One is the LISP-SEC authentication data that applies to the ECM =
message
>>> (when S-bit =3D 1), the other is the LISP-SEC authentication data =
that
>>> applies to the Map-Reply (when S-bit =3D 1).
>>>=20
>>> Those are extensions of two different messages (ECM and map-reply), =
and
>>> they are both identified by an AD Type (that happens to be set to =
value
>>> 1 for both).
>>>=20
>>> Yes, the AD type space is different so we will need two IANA =
registries.
>>>=20
>>>=20
>>> Question for the co-auhtors: should we change the name to 'ECM AD =
Type'
>>> and 'Map-Reply AD Type'?
>>>=20
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>      EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD =
MAY
>>>>>      contain multiple EID-records.  Each EID-record is 4-byte long =
plus
>>>>>      the length of the AFI-encoded EID-prefix.
>>>>>=20
>>>>>      KDF ID: Identifier of the Key Derivation Function used to =
derive
>>>>>      MS-OTK.  See Section 5.7 for more details.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 9]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>      Record Count: The number of records in this Map-Reply =
message.  A
>>>>>      record is comprised of the portion of the packet that is =
labeled
>>>>>      'Rec' above and occurs the number of times equal to Record =
Count.
>>>>>=20
>>>>>      Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>=20
>>>>>      EID HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>>>>>      integrity of the EID-AD.  See Section 5.7 for more details.
>>>>>=20
>>>>>      EID mask-len: Mask length for EID-prefix.
>>>>>=20
>>>>>      EID-AFI: Address family of EID-prefix according to [RFC5226].
>>>>>=20
>>>>>      EID-prefix: This field contains an EID-prefix that the =
destination
>>>>>      ETR is authoritative for, and is the longest match for the
>>>>>      requested EID.
>>>>>=20
>>>>>      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>>>>      Before computing the HMAC operation the EID HMAC field MUST =
be set
>>>>>      to 0.  The HMAC covers the entire EID-AD.
>>>>>=20
>>>>>      PKT-AD Length: length (in bytes) of the Packet Authentication =
Data
>>>>>      (PKT-AD).
>>>>>=20
>>>>>      PKT HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>>>>>      integrity of the Map-reply Location Data.
>>>> =E2=80=9CLocation Data=E2=80=9D is something nowhere defined. Can =
you clarify what do
>>>> you mean?
>>>=20
>>> we can just remove 'Location Data'
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>      PKT HMAC: HMAC of the whole Map-Reply packet, including the =
LISP-
>>>>>      SEC Authentication Data.  The scope of the authentication =
goes
>>>>>      from the Map-Reply Type field to the PKT HMAC field included.
>>>>>      Before computing the HMAC operation the PKT HMAC field MUST =
be set
>>>>>      to 0.  See Section 5.8 for more details.
>>>>>=20
>>>>> 5.3.  Map-Register LISP-SEC Extentions
>>>>>=20
>>>>>   The second bit after the Type field in a Map-Register message is
>>>>>   allocated as the S bit.
>>>> I would better explain that this document is allocating a bit =
marked
>>>> as reserved in 6830.
>>>=20
>>> Ok. We will need to reflect this in 6830bis as well.
>>>=20
>>>> Furthermore, at the cost of being redundant, I would put the packet
>>>> format highlighting the position of the bit so that there is no
>>>> confusion whatsoever.
>>>=20
>>> We wanted to  explicitly avoid to include the format of messages =
when
>>> already defined in other documents, so we point rather than copy. If =
we
>>> address this in 6830bis, the problem will be solved.
>>>=20
>>>=20
>>>>=20
>>>>> The S bit indicates to the Map-Server that
>>>>>   the registering ETR is LISP-SEC enabled.  An ETR that supports =
LISP-
>>>>>   SEC MUST set the S bit in its Map-Register messages.
>>>>>=20
>>>>> 5.4.  ITR Processing
>>>>>=20
>>>>>   Upon creating a Map-Request, the ITR generates a random ITR-OTK =
that
>>>>>   is stored locally, together with the nonce generated as =
specified in
>>>>>   [RFC6830].
>>>>>=20
>>>>>   The Map-Request MUST be encapsulated in an ECM, with the S-bit =
set to
>>>>>   1, to indicate the presence of Authentication Data.  If the ITR =
and
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 10]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   the Map-Resolver are configured with a shared key,
>>>> In section 4 you seem to suggest that this is not the only way to
>>>> protect the OTK (see my comment).
>>>> Here instead you suggest that a shared key is the only way.
>>>=20
>>>=20
>>> Right. Here it says what to do IF there is a shared key, that is
>>> consistent with the SHOULD above.
>>>=20
>>>=20
>>>>> the ITR-OTK
>>>>>   confidentiality SHOULD be protected by wrapping the ITR-OTK with =
the
>>>>>   algorithm specified by the OTK Encryption ID field.
>>>> Not clear what this =E2=80=9CSHOULD=E2=80=9D refers to.
>>>> IS the SHOULD related to the fact to encrypt the OTK? The ITR =
SHOULD
>>>> encrypt.
>>>> Or the choice of the algorithm? The ITR SHOULD use the algorithm
>>>> specified by the OTK Encryption ID?
>>>> The second case looks impossible since is the ITR is choosing the
>>>> algorithm. May be the sentence can be rewritten.
>>>=20
>>> SHOULD refers to protecting the confidentiality of the ITR-OTK. =
Maybe
>>> the 'by' should be replaced by 'with'?
>>>=20
>>>>=20
>>>> Similarly to previous comment: Why it is not a MUST?
>>> Same as other SHOULD.
>>>=20
>>>=20
>>>=20
>>>>> See Section 5.5
>>>>>   for further details on OTK encryption.
>>>>>=20
>>>>>   The Requested HMAC ID field contains the suggested HMAC =
algorithm to
>>>>>   be used by the Map-Server and the ETR to protect the integrity =
of the
>>>>>   ECM Authentication data and of the Map-Reply.
>>>>>=20
>>>> What happens if the MS will choose a HMAC not supported by the ETR =
or
>>>> the ITR?
>>>> Can you clarify how to solve this situation or explain why this =
will
>>>> never happen?
>>>=20
>>> This is described 5 paragraphs below:
>>>=20
>>> "
>>>=20
>>> If the EID HMAC ID field does
>>>   not match the Requested HMAC ID the ITR SHOULD discard the =
Map-Reply
>>>   and send, at the first opportunity it needs to, a new Map-Request
>>>   with a different Requested HMAC ID field, according to ITR's local
>>>   policy.
>>>=20
>>> "
>>>=20
>>>=20
>>>>=20
>>>>>   The KDF ID field, specifies the suggested key derivation =
function to
>>>>>   be used by the Map-Server to derive the MS-OTK.
>>>>=20
>>>> What happens if the MS will choose a KDF ID not supported by the =
ITR?
>>>> Can you clarify how to solve this situation or explain why this =
will
>>>> never happen?
>>>=20
>>> This is described a few paragraphs below:
>>> "
>>>=20
>>> If the KDF ID in the Map-Reply does not match the
>>>   KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>   Reply and send, at the first opportunity it needs to, a new Map-
>>>   Request with a different KDF ID, according to ITR's...
>>>=20
>>> "
>>>=20
>>>>=20
>>>>>   The EID-AD length is set to 4 bytes, since the Authentication =
Data
>>>>>   does not contain EID-prefix Authentication Data, and the EID-AD
>>>>>   contains only the KDF ID field.
>>>>>=20
>>>>>   In response to an encapsulated Map-Request that has the S-bit =
set, an
>>>>>   ITR MUST receive a Map-Reply with the S-bit set, that includes =
an
>>>>>   EID-AD and a PKT-AD.  If the Map-Reply does not include both =
ADs, the
>>>>>   ITR MUST discard it.  In response to an encapsulated Map-Request =
with
>>>>>   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, =
and
>>>>>   the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>>> Why a =E2=80=9CSHOULD=E2=80=9D? If the Map-Request has S-bit=3D0 it =
mean that there is
>>>> no AD, hence no OTK, how can the ITR decrypt the reply?????
>>>> It MUST discard=E2=80=A6..
>>>=20
>>> If S-bit =3D 0 there's no Authentication Data. The Map-reply is in =
clear,
>>> and can be read.
>>>=20
>>> Here again the SHOULD leaves open to ITR local policy that can be =
strict
>>> (drop anything not authenticated) or loose (accept unauthenticated
>>> map-reply).
>>>=20
>>> There are use cases where LISP-SEC is not deployed everywhere, where =
the
>>> ITR might have to use loose policy.
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>   Upon receiving a Map-Reply, the ITR must verify the integrity of =
both
>>>>>   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one =
of
>>>>>   the integrity checks fails.
>>>>>=20
>>>>>   The integrity of the EID-AD is verified using the locally stored =
ITR-
>>>>>   OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>>>   specified in the EID HMAC ID field.  If the EID HMAC ID field =
does
>>>>>   not match the Requested HMAC ID the ITR SHOULD discard the =
Map-Reply
>>>> Why is this a SHOULD? If it supports the HMAC Algorithm why not
>>>> decrypt? Shouldn=E2=80=99t this be a =E2=80=9CMAY=E2=80=9D, =
according to internal policy?
>>>=20
>>> because this could be used by an attacker to force weaker HMACs =
(e.g.
>>> MD5). The SHOULD leaves open the door to not discarding, according =
to
>>> local policy.
>>>=20
>>>=20
>>>=20
>>>=20
>>>>>   and send, at the first opportunity it needs to, a new =
Map-Request
>>>>>   with a different Requested HMAC ID field, according to ITR's =
local
>>>>>   policy.  The ITR MUST set the EID HMAC ID field to 0 before =
computing
>>>>>   the HMAC.
>>>> Shouldn=E2=80=99t the MS do the same thing? Otherwise different =
values will be
>>>> obtained. This is not specified in the MS functioning description.
>>>=20
>>> good catch. Actually it's a typo here, the EID HMAC field should be =
set
>>> to 0 (that is consistent with section 5.7), not the EID HMAC ID that
>>> should not be touched.
>>>=20
>>>=20
>>> The ITR MUST set the EID HMAC ID field to 0 before computing
>>>   the HMAC.
>>>=20
>>> should change to
>>>=20
>>> The scope of the HMAC operation covers the
>>>   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>   which must be set to 0 before the computation.
>>>=20
>>>=20
>>>>>   To verify the integrity of the PKT-AD, first the MS-OTK is =
derived
>>>>>   from the locally stored ITR-OTK using the algorithm specified in =
the
>>>>>   KDF ID field.  This is because the PKT-AD is generated by the =
ETR
>>>>>   using the MS-OTK.  If the KDF ID in the Map-Reply does not match =
the
>>>>>   KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>>>   Reply and send, at the first opportunity it needs to, a new Map-
>>>>>   Request with a different KDF ID, according to ITR's local =
policy.
>>>>>   The derived MS-OTK is then used to re-compute the HMAC of the =
PKT-AD
>>>>>   using the Algorithm specified in the PKT HMAC ID field. If the =
PKT
>>>>>   HMAC ID field does not match the Requested HMAC ID the ITR =
SHOULD
>>>>>   discard the Map-Reply and send, at the first opportunity it =
needs to,
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 11]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   a new Map-Request with a different Requested HMAC ID according =
to
>>>>>   ITR's local policy.
>>>>>=20
>>>>>   Each individual Map-Reply EID-record is considered valid only =
if: (1)
>>>>>   both EID-AD and PKT-AD are valid, and (2) the intersection of =
the
>>>>>   EID-prefix in the Map-Reply EID-record with one of the =
EID-prefixes
>>>>>   contained in the EID-AD is not empty.  After identifying the =
Map-
>>>>>   Reply record as valid, the ITR sets the EID-prefix in the =
Map-Reply
>>>>>   record to the value of the intersection set computed before, and =
adds
>>>>>   the Map-Reply EID-record to its EID-to-RLOC cache, as described =
in
>>>>>   [RFC6830].  An example of Map-Reply record validation is =
provided in
>>>>>   Section 5.4.1.
>>>>>=20
>>>>>   The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>>>>   system in order to receive a secure Map-Reply.
>>>> I do not understand this =E2=80=9CSHOULD=E2=80=9D.  This has =
consequences in the
>>>> choice how to react to SMR. This is a local policy.
>>>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR
>>>> triggered Map-Request MUST be sent through the mapping system.
>>> so the _if_ is what makes that MUST a SHOULD... According to local
>>> policy the ITR SHOULD send the SMR.
>>>>> If an ITR accepts
>>>>>   piggybacked Map-Replies, it SHOULD also send a Map-Request over =
the
>>>>>   mapping system in order to securely verify the piggybacked =
Map-Reply.
>>>> Same as above.
>>>>> 5.4.1.  Map-Reply Record Validation
>>>>>=20
>>>>>   The payload of a Map-Reply may contain multiple EID-records.  =
The
>>>>>   whole Map-Reply is signed by the ETR, with the PKT HMAC, to =
provide
>>>>>   integrity protection and origin authentication to the EID-prefix
>>>>>   records claimed by the ETR.  The Authentication Data field of a =
Map-
>>>>>   Reply may contain multiple EID-records in the EID-AD. The EID-AD =
is
>>>>>   signed by the Map-Server, with the EID HMAC, to provide =
integrity
>>>>>   protection and origin authentication to the EID-prefix records
>>>>>   inserted by the Map-Server.
>>>>>=20
>>>>>   Upon receiving a Map-Reply with the S-bit set, the ITR first =
checks
>>>>>   the validity of both the EID HMAC and of the PKT-AD HMAC.  If =
either
>>>>>   one of the HMACs is not valid, a log message is issued and the =
Map-
>>>>>   Reply is not processed any further.
>>>> I think =E2=80=9Clog message" is too much implementation specific.
>>>> If there is a notification, and how this notification is done, is
>>>> implementation specific IMHO.
>>> Ok. 'a log message is issued' will change to 'a log action should be
>>> taken'. The point is that there could be an attack behind it, and we
>>> want to record the event
>>>>> If both HMACs are valid, the ITR
>>>>>   proceeds with validating each individual EID-record claimed by =
the
>>>>>   ETR by computing the intersection of each one of the EID-prefix
>>>>>   contained in the payload of the Map-Reply with each one of the =
EID-
>>>>>   prefixes contained in the EID-AD.  An EID-record is valid only =
if at
>>>>>   least one of the intersections is not the empty set.
>>>>>=20
>>>>>   For instance, the Map-Reply payload contains 3 mapping record =
EID-
>>>>>   prefixes:
>>>>>=20
>>>>>      1.1.1.0/24
>>>>>=20
>>>>>      1.1.2.0/24
>>>>>=20
>>>>>      1.2.0.0/16
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 12]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   The EID-AD contains two EID-prefixes:
>>>>>=20
>>>>>      1.1.2.0/24
>>>>>=20
>>>>>      1.2.3.0/24
>>>>>=20
>>>>>   The EID-record with EID-prefix 1.1.1.0/24 is not processed since =
it
>>>>>   is not included in any of the EID-ADs signed by the Map-Server.  =
A
>>>>>   log message is issued.
>>>> I think =E2=80=9Clog message" is too much implementation specific.
>>>> If there is a notification, and how this notification is done, is
>>>> implementation specific IMHO.
>>> ok. Same as above.
>>>>>   The EID-record with EID-prefix 1.1.2.0/24 is stored in the =
map-cache
>>>>>   because it matches the second EID-prefix contained in the =
EID-AD.
>>>>>=20
>>>>>   The EID-record with EID-prefix 1.2.0.0/16 is not processed since =
it
>>>>>   is not included in any of the EID-ADs signed by the Map-Server.  =
A
>>>>>   log message is issued.
>>>> I think =E2=80=9Clog message" is too much implementation specific.
>>>> If there is a notification, and how this notification is done, is
>>>> implementation specific IMHO.
>>> ok. Same as above
>>>>>  In this last example the ETR is trying to
>>>>>   over claim the EID-prefix 1.2.0.0/16, but the Map-Server =
authorized
>>>>>   only 1.2.3.0/24, hence the EID-record is discarded.
>>>> Reading the example I am not sure I would follow this behaviour.
>>>> Only 1 record out of 3 is valid so why should I actually trust the =
ETR
>>>> instead of throwing everything away?
>>>> Can you explain ???
>>> The other two records are validated by the MS, so there is no reason =
to
>>> throw those away.
>>>>> 5.4.2.  PITR Processing
>>>>>=20
>>>>>   The processing performed by a PITR is equivalent to the =
processing of
>>>>>   an ITR.  However, if the PITR is directly connected to the ALT,
>>>> This would be LISP+ALT. Pleas add a reference to 6836.
>>> ok.
>>>>> the
>>>>>   PITR performs the functions of both the ITR and the Map-Resolver
>>>>>   forwarding the Map-Request encapsulated in an ECM header that
>>>>>   includes the Authentication Data fields as described in Section =
5.6.
>>>>>=20
>>>>> 5.5.  Encrypting and Decrypting an OTK
>>>>>=20
>>>>>   MS-OTK confidentiality is required in the path between the =
Map-Server
>>>>>   and the ETR, the MS-OTK SHOULD
>>>> If confidentiality is required why there is not a MUST?
>>> Same.
>>>>> be encrypted using the preconfigured
>>>>>   key shared between the Map-Server and the ETR for the purpose of
>>>>>   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>>>   confidentiality is required in the path between the ITR and the =
Map-
>>>>>   Resolver, the ITR-OTK SHOULD
>>>> Again, if confidentiality is required why there is not a MUST?
>>> Same.
>>>>> be encrypted with a key shared between
>>>>>   the ITR and the Map-Resolver.
>>>>>=20
>>>>>   The OTK is encrypted using the algorithm specified in the OTK
>>>>>   Encryption ID field.  When the AES Key Wrap algorithm is used to
>>>>>   encrypt a 128-bit OTK, according to [RFC3339],
>>>> The correct RFC is 3394.
>>> ok.
>>>>> the AES Key Wrap
>>>>>   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 =
bits).
>>>>>   The output of the AES Key Wrap operation is 192-bit long.  The =
most
>>>>>   significant 64-bit are copied in the One-Time Key Preamble =
field,
>>>>>   while the 128 less significant bits are copied in the One-Time =
Key
>>>>>   field of the LISP-SEC Authentication Data.
>>>>>=20
>>>>>   When decrypting an encrypted OTK the receiver MUST verify that =
the
>>>>>   Initialization Value resulting from the AES Key Wrap decryption
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 13]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification =
fails
>>>>>   the receiver MUST discard the entire message.
>>>>>=20
>>>>>   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is =
set
>>>>>   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>>>   0x0000000000000000 (64 bits).
>>>>>=20
>>>>> 5.6.  Map-Resolver Processing
>>>>>=20
>>>>>   Upon receiving an encapsulated Map-Request with the S-bit set, =
the
>>>>>   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>>>   encrypted, is decrypted as specified in Section 5.5.
>>>>>=20
>>>>>   The Map-Resolver, as specified in [RFC6833], originates a new =
ECM
>>>>>   header with the S-bit set, that contains the unencrypted =
ITR-OTK, as
>>>>>   specified in Section 5.5, and the other data derived from the =
ECM
>>>>>   Authentication Data of the received encapsulated Map-Request.
>>>> Few points on this last paragraph:
>>>> - You assume that there is no need of confidentiality inside the
>>>> Mapping System?
>>>> - Why not stating that encryption inside the mapping system is =
mapping
>>>> system specify and out of scope of this document?
>>> ok. as it was pointed out above.
>>>> - Why are you assuming that all of the Mapping system will use ECM?
>>>> Future Mapping system may use soemthos different. The important =
point
>>>> is to ship the AD along.
>>> good point, and I agree with your suggestion to fix this below.
>>>>>   The Map-Resolver then forwards
>>>> to whom?
>>> ok. add 'to the Map-Server'
>>>>> the received Map-Request, encapsulated
>>>>>   in the new ECM header that includes the newly computed =
Authentication
>>>>>   Data fields.
>>>> As for my comment of the previous paragraph I would be more generic
>>>> stating that the MR will hand over the request to the mapping =
system.
>>>> You can still provide the example of DDT using ECM.
>>> right.
>>>>> 5.7.  Map-Server Processing
>>>>>=20
>>>>>   Upon receiving an ECM encapsulated Map-Request with the S-bit =
set,
>>>>>   the Map-Server process the Map-Request according to the value of =
the
>>>>>   S-bit contained in the Map-Register sent by the ETR during
>>>>>   registration.
>>>>>=20
>>>>>   If the S-bit contained in the Map-Register was clear the =
Map-Server
>>>>>   decapsulates the ECM and generates a new ECM encapsulated =
Map-Request
>>>>>   that does not contain an ECM Authentication Data, as specified =
in
>>>>>   [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>>>>   processing.
>>>> This equivalent to not using LISP-SEC. Please specify that the
>>>> Map-Reply will be not protected.
>>> ok.
>>>>>   If the S-bit contained in the Map-Register was set the =
Map-Server
>>>>>   decapsulates the ECM and generates a new ECM Authentication =
Data.
>>>>>   The Authentication Data includes the OTK-AD and the EID-AD, that
>>>>>   contains EID-prefix authorization information, that are =
ultimately
>>>>>   sent to the requesting ITR.
>>>>>=20
>>>>>   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) =
from
>>>>>   the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>>   applying the key derivation function specified in the KDF ID =
field.
>>>>>   If the algorithm specified in the KDF ID field is not supported, =
the
>>>>>   Map-Server uses a different algorithm to derive the key and =
updates
>>>>>   the KDF ID field accordingly.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 14]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   The Map-Server and the ETR MUST be configured with a shared key =
for
>>>>>   mapping registration according to [RFC6833].  If MS-OTK
>>>>>   confidentiality is required, then the MS-OTK SHOULD be =
encrypted,
>>>> Again, if confidentiality is required why there is not a MUST?
>>> same as above.
>>>>> by
>>>>>   wrapping the MS-OTK with the algorithm specified by the OTK
>>>>>   Encryption ID field as specified in Section 5.5.
>>>>>=20
>>>>>   The Map-Server includes in the EID-AD the longest match =
registered
>>>>>   EID-prefix for the destination EID, and an HMAC of this =
EID-prefix.
>>>>>   The HMAC is keyed with the ITR-OTK contained in the received ECM
>>>>>   Authentication Data, and the HMAC algorithm is chosen according =
to
>>>>>   the Requested HMAC ID field.  If The Map-Server does not support =
this
>>>>>   algorithm, the Map-Server uses a different algorithm and =
specifies it
>>>>>   in the EID HMAC ID field.  The scope of the HMAC operation =
covers the
>>>>>   entire EID-AD, from the EID-AD Length field to the EID HMAC =
field,
>>>>>   which must be set to 0 before the computation.
>>>>>=20
>>>>>   The Map-Server then forwards the updated ECM encapsulated Map-
>>>>>   Request, that contains the OTK-AD, the EID-AD, and the received =
Map-
>>>>>   Request to an authoritative ETR as specified in [RFC6830].
>>>>>=20
>>>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>>>=20
>>>>>   If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>>>>   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>>>>   includes the Authentication Data that contains the EID-AD, =
computed
>>>>>   as specified in Section 5.7, as well as the PKT-AD computed as
>>>>>   specified in Section 5.8.
>>>>>=20
>>>>> 5.8.  ETR Processing
>>>>>=20
>>>>>   Upon receiving an ECM encapsulated Map-Request with the S-bit =
set,
>>>>>   the ETR decapsulates the ECM message.  The OTK field, if =
encrypted,
>>>>>   is decrypted as specified in Section 5.5 to obtain the =
unencrypted
>>>>>   MS-OTK.
>>>>>=20
>>>>>   The ETR then generates a Map-Reply as specified in [RFC6830] and
>>>>>   includes the Authentication Data that contains the EID-AD, as
>>>>>   received in the encapsulated Map-Request, as well as the PKT-AD.
>>>>>=20
>>>>>   The EID-AD is copied from the Authentication Data of the =
received
>>>>>   encapsulated Map-Request.
>>>>>=20
>>>>>   The PKT-AD contains the HMAC of the whole Map-Reply packet, =
keyed
>>>>>   with the MS-OTK and computed using the HMAC algorithm specified =
in
>>>>>   the Requested HMAC ID field of the received encapsulated =
Map-Request.
>>>>>   If the ETR does not support the Requested HMAC ID, it uses a
>>>>>   different algorithm and updates the PKT HMAC ID field =
accordingly.
>>>>>   The scope of the HMAC operation covers the entire PKT-AD, from =
the
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 15]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   Map-Reply Type field to the PKT HMAC field, which must be set to =
0
>>>>>   before the computation.
>>>>>=20
>>>>>   Finally the ETR sends the Map-Reply to the requesting ITR as
>>>>>   specified in [RFC6830].
>>>>>=20
>>>>> 6.  Security Considerations
>>>>>=20
>>>>> 6.1.  Mapping System Security
>>>>>=20
>>>>>   The LISP-SEC threat model described in Section 3, assumes that =
the
>>>>>   LISP Mapping System is working properly and eventually delivers =
Map-
>>>>>   Request messages to a Map-Server that is authoritative for the
>>>>>   requested EID.
>>>>>=20
>>>> As for a previous comment, can you elaborate if OTK confidentiality =
is
>>>> required in the mapping system and what are the consequences?
>>> ok.
>>>>>   Map-Register security, including the right for a LISP entity to
>>>>>   register an EID-prefix or to claim presence at an RLOC, is out =
of the
>>>>>   scope of LISP-SEC.
>>>>>=20
>>>>> 6.2.  Random Number Generation
>>>>>=20
>>>>>   The ITR-OTK MUST be generated by a properly seeded pseudo-random =
(or
>>>>>   strong random) source.  See [RFC4086] for advice on generating
>>>>>   security-sensitive random data
>>>>>=20
>>>>> 6.3.  Map-Server and ETR Colocation
>>>>>=20
>>>>>   If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>>>   provide protection from overclaiming attacks mounted by the ETR.
>>>>>   However, in this particular case, since the ETR is within the =
trust
>>>>>   boundaries of the Map-Server, ETR's overclaiming attacks are not
>>>>>   included in the threat model.
>>>>>=20
>>>>> 7.  IANA Considerations
>>>> This section is not conform to RFC 5226.
>>>> There right way to go is to ask IANA to create three new =
registries,
>>>> for HMAC, Key Wrap, and Key Derivation functions.
>>>> Define what is the allocation process (in light of the size of the
>>>> field FCFS should not cause any problem IMHO)
>>>> Then ask to populate the registries as already described.
>>> Ok, so each one of the sections 7.x will say: IANA is requested to
>>> create a new <registry-name>  registry for use ...
>>>>> 7.1.  HMAC functions
>>>>>=20
>>>>>   The following HMAC ID values are defined by this memo for use as
>>>>>   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>>>>   Authentication Data:
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 16]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>             Name                     Number        Defined In
>>>>> -------------------------------------------------
>>>>>             NONE                     0
>>>>>             AUTH-HMAC-SHA-1-96       1 [RFC2104]
>>>>>             AUTH-HMAC-SHA-256-128    2 [RFC4634]
>>>>>=20
>>>>>             values 2-65535 are reserved to IANA.
>>>>>=20
>>>>>                              HMAC Functions
>>>>>=20
>>>>>   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 =
should be
>>>>>   supported.
>>>>>=20
>>>>> 7.2.  Key Wrap Functions
>>>>>=20
>>>>>   The following OTK Encryption ID values are defined by this memo =
for
>>>>>   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>>>>   Data:
>>>>>=20
>>>>>             Name                     Number        Defined In
>>>>> -------------------------------------------------
>>>>>             NULL-KEY-WRAP-128        1
>>>>>             AES-KEY-WRAP-128         2 [RFC3394]
>>>>>=20
>>>>>             values 0 and 3-65535 are reserved to IANA.
>>>>>=20
>>>>>                            Key Wrap Functions
>>>>>=20
>>>>>   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>>>=20
>>>>>   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, =
with a
>>>>>   64-bit preamble set to 0x0000000000000000 (64 bits).
>>>>>=20
>>>>> 7.3.  Key Derivation Functions
>>>>>=20
>>>>>   The following KDF ID values are defined by this memo for use as =
KDF
>>>>>   ID in the LISP-SEC Authentication Data:
>>>>>=20
>>>>>             Name                     Number        Defined In
>>>>> -------------------------------------------------
>>>>>             NONE                     0
>>>>>             HKDF-SHA1-128            1 [RFC5869]
>>>>>=20
>>>>>             values 2-65535 are reserved to IANA.
>>>>>=20
>>>>>                         Key Derivation Functions
>>>>>=20
>>>>>   HKDF-SHA1-128 MUST be supported
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 17]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>> 8.  Acknowledgements
>>>>>=20
>>>>>   The authors would like to acknowledge Pere Monclus, Dave Meyer, =
Dino
>>>>>   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon =
Curt
>>>>>   Noll for their valuable suggestions provided during the =
preparation
>>>>>   of this document.
>>>>>=20
>>>>> 9.  Normative References
>>>> Please Check your reference, this is the output if the nits tool:
>>>> Checking references for intended status: Experimental
>>>>=20
>>>> =
--------------------------------------------------------------------------=
--=20
>>>>  =3D=3D Missing Reference: 'RFC3339' is mentioned on line 602, but =
not
>>>> defined
>>>>  =3D=3D Missing Reference: 'RFC4634' is mentioned on line 752, but =
not
>>>> defined
>>>>  ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
>>> ok.
>>>>>   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: =
Keyed-
>>>>>              Hashing for Message Authentication", RFC 2104,
>>>>>              DOI 10.17487/RFC2104, February 1997,
>>>>> <http://www.rfc-editor.org/info/rfc2104>.
>>>>>=20
>>>>>   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>>>              Requirement Levels", BCP 14, RFC 2119,
>>>>>              DOI 10.17487/RFC2119, March 1997,
>>>>> <http://www.rfc-editor.org/info/rfc2119>.
>>>>>=20
>>>>>   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption =
Standard
>>>>>              (AES) Key Wrap Algorithm", RFC 3394, DOI =
10.17487/RFC3394,
>>>>>              September 2002, =
<http://www.rfc-editor.org/info/rfc3394>.
>>>>>=20
>>>>>   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>>>              "Randomness Requirements for Security", BCP 106, RFC =
4086,
>>>>>              DOI 10.17487/RFC4086, June 2005,
>>>>> <http://www.rfc-editor.org/info/rfc4086>.
>>>>>=20
>>>>>   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing =
an
>>>>>              IANA Considerations Section in RFCs", BCP 26, RFC =
5226,
>>>>>              DOI 10.17487/RFC5226, May 2008,
>>>>> <http://www.rfc-editor.org/info/rfc5226>.
>>>>>=20
>>>>>   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based =
Extract-and-Expand
>>>>>              Key Derivation Function (HKDF)", RFC 5869,
>>>>>              DOI 10.17487/RFC5869, May 2010,
>>>>> <http://www.rfc-editor.org/info/rfc5869>.
>>>>>=20
>>>>>   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, =
"The
>>>>>              Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>>>              DOI 10.17487/RFC6830, January 2013,
>>>>> <http://www.rfc-editor.org/info/rfc6830>.
>>>>>=20
>>>>>   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>>>              Protocol (LISP) Map-Server Interface", RFC 6833,
>>>>>              DOI 10.17487/RFC6833, January 2013,
>>>>> <http://www.rfc-editor.org/info/rfc6833>.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 18]
>>>>>=20
>>>>> Internet-Draft                  LISP-SEC October 2016
>>>>>=20
>>>>>=20
>>>>>   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, =
"Locator/ID
>>>>>              Separation Protocol (LISP) Threat Analysis", RFC =
7835,
>>>>>              DOI 10.17487/RFC7835, April 2016,
>>>>> <http://www.rfc-editor.org/info/rfc7835>.
>>>>>=20
>>>>> Authors' Addresses
>>>>>=20
>>>>>   Fabio Maino
>>>>>   Cisco Systems
>>>>>   170 Tasman Drive
>>>>>   San Jose, California  95134
>>>>>   USA
>>>>>=20
>>>>>   Email: fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>>>=20
>>>>>=20
>>>>>   Vina Ermagan
>>>>>   Cisco Systems
>>>>>   170 Tasman Drive
>>>>>   San Jose, California  95134
>>>>>   USA
>>>>>=20
>>>>>   Email: vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>>>=20
>>>>>=20
>>>>>   Albert Cabellos
>>>>>   Technical University of Catalonia
>>>>>   c/ Jordi Girona s/n
>>>>>   Barcelona  08034
>>>>>   Spain
>>>>>=20
>>>>>   Email: acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>>>=20
>>>>>=20
>>>>>   Damien Saucez
>>>>>   INRIA
>>>>>   2004 route des Lucioles - BP 93
>>>>>   Sophia Antipolis
>>>>>   France
>>>>>=20
>>>>>   Email: damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 19]
>>>=20
>=20


From nobody Mon Oct 24 03:01:49 2016
Return-Path: <luigi.iannone@telecom-paristech.fr>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB728129642; Mon, 24 Oct 2016 03:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.714
X-Spam-Level: 
X-Spam-Status: No, score=0.714 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, THIS_AD=2.704, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telecom-paristech.fr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7T-u-jwT0TJL; Mon, 24 Oct 2016 03:01:41 -0700 (PDT)
Received: from zproxy120.enst.fr (zproxy120.enst.fr [137.194.2.193]) by ietfa.amsl.com (Postfix) with ESMTP id F23551293E0; Mon, 24 Oct 2016 03:01:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id 30D5E100034; Mon, 24 Oct 2016 12:01:40 +0200 (CEST)
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id z02jZvVrFg4I; Mon, 24 Oct 2016 12:01:35 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id 279E5100217; Mon, 24 Oct 2016 12:01:35 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 zproxy120.enst.fr 279E5100217
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telecom-paristech.fr; s=A6AEC2EE-1106-11E5-B10E-D103FDDA8F2E; t=1477303295; bh=P+kAhBYz1gXZPORN89n3vnvw051xKxCyJqiUOrWjdvA=; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:To; b=KqH0sQY4cx02NFaAm5/VCiNRUv6VfAKVfboiuzqL6euVbeg6ic7j2xabfSyoQ85eo O6UxqvyBx48Gto6MtfD8JUy3yeOL5uz3vl2UnidUIht6ZFB/aWQj0LcJTiC2RCwgfa n/RzXZs31TyH5jG+VOYiP01U/OB+6MJFzpTXYP9c=
X-Virus-Scanned: amavisd-new at zproxy120.enst.fr
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id nsRKSCADEtYK; Mon, 24 Oct 2016 12:01:34 +0200 (CEST)
Received: from dhcp164-147.enst.fr (dhcp164-147.enst.fr [137.194.165.147]) by zproxy120.enst.fr (Postfix) with ESMTPSA id CA6FBFFE86; Mon, 24 Oct 2016 12:01:34 +0200 (CEST)
From: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
Message-Id: <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E3DB3483-9CFF-43B0-9BD5-B6C21403317E"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Date: Mon, 24 Oct 2016 12:02:16 +0200
In-Reply-To: <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>
To: Fabio Maino <fmaino@cisco.com>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/krMVmIUqG67m84_lK0abTgU6Dm8>
Cc: lisp-chairs@ietf.org, Damien Saucez <damien.saucez@inria.fr>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2016 10:01:47 -0000

--Apple-Mail=_E3DB3483-9CFF-43B0-9BD5-B6C21403317E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hi Fabio,

se my comment inline.=20
(I do not consider the points we agree and everything related to the =
=E2=80=9CSHOULD=E2=80=9D clarification)

Thanks for your work

Ciao

L.


> On 22 Oct 2016, at 01:23, Fabio Maino <fmaino@cisco.com> wrote:
>=20
> Ciao Luigi,=20
> below I have replied to each comment. I'm working to the updated text, =
that I will send as soon as it is ready. ideally we might be able to =
publish a new version before draft deadline.=20

Excellent. Thanks

>=20
> Just a note on the most recurring comment: SHOULD vs. MUST.=20
>=20
> The use of SHOULD across the document is according to RFC 2119:=20
>=20
> SHOULD   This word, or the adjective "RECOMMENDED", mean that there
>    may exist valid reasons in particular circumstances to ignore a
>    particular item, but the full implications must be understood and
>    carefully weighed before choosing a different course.
>=20
>=20
> There are use cases where, carefully weighing the implications, some =
of the security services of LISP-SEC can be turned-off. We want to leave =
implementors the freedom to allow this flexibility.=20
>=20
> For example, in a DC deployment it may make sense to turn off OTK =
decryption between XTR and MS/MR, as MiTM is very unlikely.=20
>=20
> Similarly, an ITR may decide to implement a loose policy on accepting =
an AD authenticated with an algorithm different from the preferred =
authentication algorithm expressed by the ITR. Using a MUST would force =
support of a given authentication algorithm across each and every MS and =
ETR, that might not be the case when incrementally deploying LISP-SEC =
(or while upgrading routers).=20
>=20
> Using a MUST would prevent this flexibility, that we would like to =
leave to the implementors.=20
>=20
>=20
>=20

This is fixed as for the suggestion of Joel. Thanks.


>=20
>=20
> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>> Dear Authors of the LISP-SEC document,
>>=20
>> hereafter my review of the document.
>> This was long overdue, sorry for being so late.
>>=20
>> I really like the solution and the majority of my comments are just =
clarification questions.
>> Let me know if my comments are clear.
>>=20
>> ciao
>>=20
>> L.
>>=20
>>=20
>>=20
>>> 1.  Introduction
>>>=20
>>>    The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>    functions for routers to exchange information used to map from =
non-
>>>    routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>>    (RLOCs). =20
>> I find the above sentence confusing. Wouldn=E2=80=99t be better to =
specify that we are talking about IP addresses?
>=20
> That's how LISP is described in RFC6830, section 1. If you start using =
the term IP address then you need to qualify if you are talking about =
Identity-IP or Locator-IP, so the sentence gets complicated pretty =
quickly.=20
>=20

Not really. The very first sentence of the abstract of 6830 states:

This document describes a network-layer-based protocol that enables
   separation of IP addresses into two new numbering spaces: Endpoint
   Identifiers (EIDs) and Routing Locators (RLOCs).=20


So clearly speaks about IP address.
Furthermore =E2=80=9Croutable" en =E2=80=9Cnon routable=E2=80=9D is true =
only in the inter-domain point of view, because EID are locally =
routable.
Note that 6830 does not specify in the first sentence what is routable =
and what is not.


> I would leave this one unchanged.
>>=20
>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>    messages, are transmitted without integrity protection, an =
adversary
>>>    can manipulate them and hijack the communication, impersonate the
>>>    requested EID, or mount Denial of Service or Distributed Denial =
of
>>>    Service attacks.  Also, if the Map-Reply message is transported
>>>    unauthenticated, an adversarial LISP entity can overclaim an EID-
>>>    prefix and maliciously redirect traffic directed to a large =
number of
>>>    hosts.  A detailed description of "overclaiming" attack is =
provided
>>>    in [RFC7835].
>>>=20
>>>    This memo specifies LISP-SEC, a set of security mechanisms that
>>>    provides origin authentication, integrity and anti-replay =
protection
>>>    to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>    process. =20
>>=20
>> I would put s forward reference to section 3 stating that the reader =
will find details about the threat model.
>=20
> OK. We can replace the sentence=20
> A detailed description of "overclaiming" attack is provided
>    in [RFC7835]
>=20
> with=20
>=20
> The LISP-SEC threat model, described in Section 3, is built on top of =
the LISP threat model defined in RFC7835, that includes a detailed =
description of "overclaiming" attack.=20
OK


>=20
>=20
>>=20
>>> LISP-SEC also enables verification of authorization on EID-
>>>    prefix claims in Map-Reply messages, ensuring that the sender of =
a
>>>    Map-Reply that provides the location for a given EID-prefix is
>>>    entitled to do so according to the EID prefix registered in the
>>>    associated Map-Server.  Map-Register security, including the =
right
>>>    for a LISP entity to register an EID-prefix or to claim presence =
at
>>>    an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>    considerations are described in Section 6.
>>>=20
>>> 2.  Definition of Terms
>>>=20
>>>       One-Time Key (OTK): An ephemeral randomly generated key that =
must
>>>       be used for a single Map-Request/Map-Reply exchange.
>>>=20
>>>=20
>>>=20
>>>          ITR-OTK: The One-Time Key generated at the ITR.
>>>=20
>>>          MS-OTK: The One-Time Key generated at the Map-Server.
>>=20
>> Why are you considering ITR-OTK and MS-OTK sub-terms?=20
>> I would elevate them at full terms, hence avoiding spacing and =
indentation.
>=20
> Ok.=20
>=20
>>=20
>>>       Encapsulated Control Message (ECM): A LISP control message =
that is
>>>       prepended with an additional LISP header.  ECM is used by ITRs =
to
>>>       send LISP control messages to a Map-Resolver, by Map-Resolvers =
to
>>>       forward LISP control messages to a Map-Server, and by Map-
>>>       Resolvers to forward LISP control messages to an ETR.
>>>=20
>> Why are you re-defining ECM?=20
>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>> I would drop it.
>=20
> It is not defined in the Definitions section of 6830. One would need =
to go through the body of 6830 to find it.=20

I see your point. Just keep the text and add a ref to section 6.1.8 of =
6830. This will clarify that is something coming from a specific section =
of that document.

=20

>=20
> I'll drop it, but we need to make sure that ECM gets into the =
definition section of 6830bis.=20
>=20
> Albert: are you looking into that document? Can you take care of this?=20=

>=20
>=20
>>=20
>>=20
>>>       Authentication Data (AD): Metadata that is included either in =
a
>>>       LISP ECM header or in a Map-Reply message to support
>>>       confidentiality, integrity protection, and verification of =
EID-
>>>       prefix authorization.
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                 =
[Page 3]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>          OTK-AD: The portion of ECM Authentication Data that =
contains a
>>>          One-Time Key.
>>>=20
>>>          EID-AD: The portion of ECM and Map-Reply Authentication =
Data
>>>          used for verification of EID-prefix authorization.
>>>=20
>>>          PKT-AD: The portion of Map-Reply Authentication Data used =
to
>>>          protect the integrity of the Map-Reply message.
>>=20
>>=20
>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?=20
>> I would elevate them at full terms, hence avoiding spacing and =
indentation.
>>=20
> ok.=20
>=20
>>=20
>>>    For definitions of other terms, notably Map-Request, Map-Reply,
>>>    Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), =
Map-Server
>>>    (MS), and Map-Resolver (MR) please consult the LISP specification
>>>    [RFC6830].
>>>=20
>>> 3.  LISP-SEC Threat Model
>>>=20
>>>    LISP-SEC addresses the control plane threats, described in =
[RFC7835],
>>>    that target EID-to-RLOC mappings, including manipulations of Map-
>>>    Request and Map-Reply messages, and malicious ETR EID prefix
>>>    overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>>    mapping system is expected to deliver a Map-Request message to =
their
>>>    intended destination ETR as identified by the EID, and (2) no =
man-in-
>>>    the-middle (MITM) attack can be mounted within the LISP Mapping
>>>    System.  Furthermore, while LISP-SEC enables detection of EID =
prefix
>>>    overclaiming attacks, it assumes that Map-Servers can verify the =
EID
>>>    prefix authorization at time of registration.
>> LISP-SEC does not require OTK confidentiality in the mapping system. =
This should be discussed here.
> we could add to the above
> "and (2) no man-in-
>    the-middle (MITM) attack can be mounted within the LISP Mapping
>    System."=20
>=20
> How the Mapping System is protected from MiTM attacks depends from the =
particular Mapping System used, and is out of the scope of this memo.=20
>=20
>=20

That=E2=80=99s fine for me.


>=20
>>=20
>>=20
>>>    According to the threat model described in [RFC7835] LISP-SEC =
assumes
>>>    that any kind of attack, including MITM attacks, can be mounted =
in
>>>    the access network, outside of the boundaries of the LISP mapping
>>>    system.  An on-path attacker, outside of the LISP mapping system =
can,
>>>    for example, hijack Map-Request and Map-Reply messages, spoofing =
the
>>>    identity of a LISP node.  Another example of on-path attack, =
called
>>>    overclaiming attack, can be mounted by a malicious Egress Tunnel
>>>    Router (ETR), by overclaiming the EID-prefixes for which it is
>>>    authoritative.  In this way the ETR can maliciously redirect =
traffic
>>>    directed to a large number of hosts.
>>>=20
>>> 4.  Protocol Operations
>>>=20
>>>    The goal of the security mechanisms defined in [RFC6830] is to
>>>    prevent unauthorized insertion of mapping data by providing =
origin
>>>    authentication and integrity protection for the Map-Registration, =
and
>>>    by using the nonce to detect unsolicited Map-Reply sent by =
off-path
>>>    attackers.
>>>=20
>>>    LISP-SEC builds on top of the security mechanisms defined in
>>>    [RFC6830] to address the threats described in Section 3 by =
leveraging
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                 =
[Page 4]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    the trust relationships existing among the LISP entities
>>>    participating to the exchange of the Map-Request/Map-Reply =
messages.
>>>    Those trust relationships are used to securely distribute a =
One-Time
>>>    Key (OTK) that provides origin authentication, integrity and =
anti-
>>>    replay protection to mapping data conveyed via the mapping lookup
>>>    process, and that effectively prevent overclaiming attacks.  The
>>>    processing of security parameters during the =
Map-Request/Map-Reply
>>>    exchange is as follows:
>>>=20
>>>    o  The ITR-OTK is generated and stored at the ITR, and securely
>>>       transported to the Map-Server.
>>>=20
>>>    o  The Map-Server uses the ITR-OTK to compute an HMAC that =
protects
>> You did not define HMAC acronym. Please define and add a reference.
>=20
> ok.=20
>=20
>=20
>>=20
>>>       the integrity of the mapping data known to the Map-Server to
>>>       prevent overclaiming attacks.  The Map-Server also derives a =
new
>>>       OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>>       Derivation Function (KDF) to the ITR-OTK.
>>>=20
>>>    o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>>       integrity of the Map-Reply sent to the ITR.
>>>=20
>>>    o  Finally, the ITR uses the stored ITR-OTK to verify the =
integrity
>>>       of the mapping data provided by both the Map-Server and the =
ETR,
>>>       and to verify that no overclaiming attacks were mounted along =
the
>>>       path between the Map-Server and the ITR.
>>>=20
>>>    Section 5 provides the detailed description of the LISP-SEC =
control
>>>    messages and their processing, while the rest of this section
>>>    describes the flow of protocol operations at each entity involved =
in
>>>    the Map-Request/Map-Reply exchange:
>>>=20
>>>    o  The ITR, upon needing to transmit a Map-Request message, =
generates
>>>       and stores an OTK (ITR-OTK).  This ITR-OTK is included into =
the
>>>       Encapsulated Control Message (ECM) that contains the =
Map-Request
>>>       sent to the Map-Resolver.  To provide confidentiality to the =
ITR-
>>>       OTK over the path between the ITR and its Map-Resolver, the =
ITR-
>>>       OTK SHOULD=20
>> Why not using =E2=80=9CMUST=E2=80=9D???
>> Are you suggesting that a different way to provide confidentiality =
can be used (e.g. a different shared key)???
>> If yes, please state so.
>>=20
>> Or are you suggesting that no encryption at all is used? But this =
means not providing confidentiality=E2=80=A6
>> Can you clarify?
>>=20
>> (this very same comment will appear several time in this review)
>=20
> We don't want to make the use of pre-shared key *mandatory* to all =
LISP deployments. There are deployments where the risk of MiTM between =
the xTR and the MS/MR may not justify the cost of provisioning a shared =
key (data centers, for example).=20
>=20
>=20
>>> be encrypted using a preconfigured key shared between
>>>       the ITR and the Map-Resolver, similar to the key shared =
between
>>>       the ETR and the Map-Server in order to secure ETR registration
>>>       [RFC6833].
>>>=20
>>>    o  The Map-Resolver decapsulates the ECM message, decrypts the =
ITR-
>>>       OTK, if needed, and forwards through the Mapping System the
>>>       received Map-Request and the ITR-OTK, as part of a new ECM
>>>       message.  As described in Section 5.6, the LISP Mapping System
>>>       delivers the ECM to the appropriate Map-Server, as identified =
by
>>>       the EID destination address of the Map-Request.
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                 =
[Page 5]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    o  The Map-Server is configured with the location mappings and =
policy
>>>       information for the ETR responsible for the EID destination
>>>       address.  Using this preconfigured information, the =
Map-Server,
>>>       after the decapsulation of the ECM message, finds the longest
>>>       match EID-prefix that covers the requested EID in the received
>>>       Map-Request.  The Map-Server adds this EID-prefix, together =
with
>>>       an HMAC computed using the ITR-OTK, to a new Encapsulated =
Control
>>>       Message that contains the received Map-Request.
>>>=20
>>>    o  The Map-Server derives a new OTK, the MS-OTK, by applying a =
Key
>>>       Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is =
included
>>>       in the Encapsulated Control Message that the Map-Server uses =
to
>>>       forward the Map-Request to the ETR.  To provide MS-OTK
>>>       confidentiality over the path between the Map-Server and the =
ETR,
>>>       the MS-OTK should=20
>> This =E2=80=9Cshould=E2=80=9D should be a =E2=80=9CSHOULD=E2=80=9D  =
(sorry for the cacophony=E2=80=A6)
>=20
> Ok.=20
>>=20
>> Why not using =E2=80=9CMUST=E2=80=9D???
>> Are you suggesting that a different way to provide confidentiality =
can be used (e.g. a different shared key)???
>> If yes, please state so.
>>=20
>> Or are you suggesting that no encryption at all is used? But this =
means not providing confidentiality=E2=80=A6
>> Can you clarify?
>=20
> Same as above.=20
>=20
>>=20
>>> be encrypted using the key shared between the
>>>       ETR and the Map-Server in order to secure ETR registration
>>>       [RFC6833].
>>>=20
>>>    o  If the Map-Server is acting in proxy mode, as specified in
>>>       [RFC6830], the ETR is not involved in the generation of the =
Map-
>>>       Reply.  In this case the Map-Server generates the Map-Reply on
>>>       behalf of the ETR as described below.
>>>=20
>>>    o  The ETR, upon receiving the ECM encapsulated Map-Request from =
the
>>>       Map-Server, decrypts the MS-OTK, if needed, and originates a
>>>       standard Map-Reply that contains the EID-to-RLOC mapping
>>>       information as specified in [RFC6830].
>>>=20
>>>    o  The ETR computes an HMAC over this standard Map-Reply, keyed =
with
>>>       MS-OTK to protect the integrity of the whole Map-Reply.  The =
ETR
>>>       also copies the EID-prefix authorization data that the =
Map-Server
>>>       included in the ECM encapsulated Map-Request into the =
Map-Reply
>>>       message.  The ETR then sends this complete Map-Reply message =
to
>>>       the requesting ITR.
>>>=20
>>>    o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>>       ITR-OTK to verify the integrity of the EID-prefix =
authorization
>>>       data included in the Map-Reply by the Map-Server.  The ITR
>>>       computes the MS-OTK by applying the same KDF used by the Map-
>>>       Server, and verifies the integrity of the Map-Reply.  If the
>>>       integrity checks fail, the Map-Reply MUST be discarded.  Also, =
if
>>>       the EID-prefixes claimed by the ETR in the Map-Reply are not =
equal
>>>       or more specific than the EID-prefix authorization data =
inserted
>>>       by the Map-Server, the ITR MUST discard the Map-Reply.
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                 =
[Page 6]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>> 5.  LISP-SEC Control Messages Details
>>>=20
>>>    LISP-SEC metadata associated with a Map-Request is transported =
within
>>>    the Encapsulated Control Message that contains the Map-Request.
>>>=20
>>>    LISP-SEC metadata associated with the Map-Reply is transported =
within
>>>    the Map-Reply itself.
>>>=20
>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>=20
>>>    LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>>    [RFC6830] with Type set to 8, and S bit set to 1 to indicate that =
the
>>>    LISP header includes Authentication Data (AD).  The format of the
>>>    LISP-SEC ECM Authentication Data is defined in the following =
figure.
>>>    OTK-AD stands for One-Time Key Authentication Data and EID-AD =
stands
>>>    for EID Authentication Data.
>>>=20
>>>  0                   1                   2                   3
>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>> |              OTK Length       |       OTK Encryption ID       | |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>> |                       One-Time-Key Preamble ...               | |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
OTK-AD
>>> |                   ... One-Time-Key Preamble                   | |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>> ~                      One-Time Key (128 bits)                  ~/
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>> |           EID-AD Length       |           KDF ID              |    =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+    =
 |
>>> | Record Count  |    Reserved   |         EID HMAC ID           |    =
 EID-AD
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\   =
 |
>>> |   Reserved    | EID mask-len  |           EID-AFI             | |  =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
Rec |
>>> ~                          EID-prefix ...                       ~ |  =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/   =
 |
>>> ~                            EID HMAC                           ~    =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<=E2=80=94+
>> I think that =E2=80=9Crec=E2=80=9D is mis-aligned and should be =
shifted one character upward.
>=20
> No. The row above is the portion of the header that specifies how many =
records will follow. Rec shows one Rec item, in the array of Records.  =
It is consistent with 6830.
>=20
>=20

OK

>=20
>>=20
>>>                      LISP-SEC ECM Authentication Data
>>>=20
>>>       AD Type: 1 (LISP-SEC Authentication Data)
>> This is the first document starting to allocate values to the "AD =
Type=E2=80=9D value.=20
>> Why not asking IANA to create a registry??
>> (to be done in the IANA Considerations Section)=20
>=20
>=20
> Ok.
>=20
>>=20
>>=20
>>=20
>>>       V: Key Version bit.  This bit is toggled when the sender =
switches
>>>       to a new OTK wrapping key
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                 =
[Page 7]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>=20
>>>       Requested HMAC ID: The HMAC algorithm requested by the ITR.  =
See
>>>       Section 5.4 for details.
>>>=20
>>>       OTK Length: The length (in bytes) of the OTK Authentication =
Data
>>>       (OTK-AD), that contains the OTK Preamble and the OTK.
>>>=20
>>>       OTK Encryption ID: The identifier of the key wrapping =
algorithm
>>>       used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>>       unencrypted by the Map-Resolver, the OTK Encryption ID is set =
to
>>>       NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>=20
>>>       One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  =
When
>>>       the OTK is encrypted, this field may carry additional metadata
>>>       resulting from the key wrapping operation.  When a 128-bit OTK =
is
>>>       sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>>       0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>=20
>>>       One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>>       Encryption ID.  See Section 5.5 for details.
>>>=20
>>>       EID-AD Length: length (in bytes) of the EID Authentication =
Data
>>>       (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it =
only
>>>       fills the KDF ID field, and all the remaining fields part of =
the
>>>       EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>>       records.  Each EID-record is 4-byte long plus the length of =
the
>>>       AFI-encoded EID-prefix.
>>>=20
>>>       KDF ID: Identifier of the Key Derivation Function used to =
derive
>>>       the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>       recommended KDF algorithm, according to local policy.=20
>> I am not sure I understand the rationale of this =E2=80=9CSHOULD=E2=80=9D=
. If for any reason the ITR does not indicate the KDF ID what are the =
consequences?
>=20
> That should be a MAY, I believe,=20
>=20
> The ITR can specify "no preference" for KDF ID, using a value of 0.=20

I think this is the unclear information: that the ITR can state =E2=80=9Cn=
o preference=E2=80=9D using value 0.
Would be good if you can state it more clearly.


>=20
> In the ITR processing section 5.4,  we should add to=20
>=20
> The KDF ID field, specifies the suggested key derivation function to
>    be used by the Map-Server to derive the MS-OTK.
>=20
> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify that =
the ITR has no preferred KDF ID". =20
>=20
>=20
>=20
>> Is the MS free to choose the algorithm? This should be clarified.
> This is specified in section 5.7.=20
>=20
> "
> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>    applying the key derivation function specified in the KDF ID field.
>    If the algorithm specified in the KDF ID field is not supported, =
the
>    Map-Server uses a different algorithm to derive the key and updates
>    the KDF ID field accordingly.
> "
>=20
>=20

Since this paragraph does not use any 2119 language it actually mean =
that an MS can choose freely the  algorithm to use.
right?

>=20
>>=20
>>>  The Map-
>>>       Server can overwrite the KDF ID if it does not support the KDF =
ID
>>>       recommended by the ITR. =20
>> What happens if the MS will choose a KDF ID not supported by the ITR?
>> Can you clarify how to solve this situation or explain why this will =
never happen?
>=20
> This is specified in 5.4, ITR processing.=20
>=20
> "
> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>    from the locally stored ITR-OTK using the algorithm specified in =
the
>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match =
the
>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>    Reply and send, at the first opportunity it needs to, a new Map-
>    Request with a different KDF ID, according to ITR's local policy.
> "=20
>=20
>=20
> There are two typical use cases:=20
> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard =
map-reply with different KDF IDs. If local policy allows, another =
map-request will be sent with a different KDF ID
> - loose KDF ID policy: ITR specify KDF ID =3D none, and will accept =
map-reply with any KDF ID (if supported by ITR). If received KDF is not =
supported the ITR shall drop the map-reply
>=20

The above text does not reflect the policies you are describing. That =
=E2=80=9CSHOULD=E2=80=9D should be a =E2=80=9CMAY=E2=80=9D and your =
policies spelled out.=20

Also, what is the MS stubbornly insists in using an algorithm that the =
ITR does not support?


>=20
>>=20
>>> See Section 5.4 for more details.
>>>=20
>>>       Record Count: The number of records in this Map-Request =
message.
>>>       A record is comprised of the portion of the packet that is =
labeled
>>>       'Rec' above and occurs the number of times equal to Record =
Count.
>>>=20
>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>=20
>>>       EID HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>>>       integrity of the EID-AD.  This field is filled by Map-Server =
that
>>>       computed the EID-prefix HMAC.  See Section 5.4 for more =
details.
>>>=20
>>>       EID mask-len: Mask length for EID-prefix.
>>>=20
>>>       EID-AFI: Address family of EID-prefix according to [RFC5226]
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                 =
[Page 8]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>       EID-prefix: The Map-Server uses this field to specify the EID-
>>>       prefix that the destination ETR is authoritative for, and is =
the
>>>       longest match for the requested EID.
>>>=20
>>>       EID HMAC: HMAC of the EID-AD computed and inserted by =
Map-Server.
>>>       Before computing the HMAC operation the EID HMAC field MUST be =
set
>>>       to 0.  The HMAC covers the entire EID-AD.
>>>=20
>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>=20
>>>    LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set =
to 2,
>>>    and S bit set to 1 to indicate that the Map-Reply message =
includes
>>>    Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>>    Authentication Data is defined in the following figure.  PKT-AD =
is
>>>    the Packet Authentication Data that covers the Map-Reply payload.
>>>=20
>>>  0                   1                   2                   3
>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>> |    AD Type    |                 Reserved                      |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>> |           EID-AD Length       |           KDF ID              |    =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+    =
 |
>>> | Record Count  |    Reserved   |         EID HMAC ID           |    =
 EID-AD
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\   =
 |
>>> |   Reserved    | EID mask-len  |           EID-AFI             | |  =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
Rec |
>>> ~                          EID-prefix ...                       ~ |  =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/   =
 |
>>> ~                            EID HMAC                           ~    =
 |
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>> |         PKT-AD Length         |         PKT HMAC ID           |\
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>> ~                            PKT HMAC                           ~ =
PKT-AD
>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>=20
>>>                   LISP-SEC Map-Reply Authentication Data
>>>=20
>>>       AD Type: 1 (LISP-SEC Authentication Data)
>> Shouldn=E2=80=99t this be a different value? This AD  format is =
different from the one described in section 5.1!
>> Another reason to ask IANA for a registry=E2=80=A6.
>=20
> One is the LISP-SEC authentication data that applies to the ECM =
message (when S-bit =3D 1), the other is the LISP-SEC authentication =
data that applies to the Map-Reply (when S-bit =3D 1). =20
>=20
> Those are extensions of two different messages (ECM and map-reply), =
and they are both identified by an AD Type (that happens to be set to =
value 1 for both).=20

This is not clear in the current text.

>=20
> Yes, the AD type space is different so we will need two IANA =
registries.=20
>=20
>=20
> Question for the co-auhtors: should we change the name to 'ECM AD =
Type' and 'Map-Reply AD Type=E2=80=99?

IMHO you have to, otherwise there will be always confusion=E2=80=A6.

>=20
>=20
>=20
>>=20
>>=20
>>>       EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>>       contain multiple EID-records.  Each EID-record is 4-byte long =
plus
>>>       the length of the AFI-encoded EID-prefix.
>>>=20
>>>       KDF ID: Identifier of the Key Derivation Function used to =
derive
>>>       MS-OTK.  See Section 5.7 for more details.
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                 =
[Page 9]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>       Record Count: The number of records in this Map-Reply message. =
 A
>>>       record is comprised of the portion of the packet that is =
labeled
>>>       'Rec' above and occurs the number of times equal to Record =
Count.
>>>=20
>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>=20
>>>       EID HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>>>       integrity of the EID-AD.  See Section 5.7 for more details.
>>>=20
>>>       EID mask-len: Mask length for EID-prefix.
>>>=20
>>>       EID-AFI: Address family of EID-prefix according to [RFC5226].
>>>=20
>>>       EID-prefix: This field contains an EID-prefix that the =
destination
>>>       ETR is authoritative for, and is the longest match for the
>>>       requested EID.
>>>=20
>>>       EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>>       Before computing the HMAC operation the EID HMAC field MUST be =
set
>>>       to 0.  The HMAC covers the entire EID-AD.
>>>=20
>>>       PKT-AD Length: length (in bytes) of the Packet Authentication =
Data
>>>       (PKT-AD).
>>>=20
>>>       PKT HMAC ID: Identifier of the HMAC algorithm used to protect =
the
>>>       integrity of the Map-reply Location Data.
>> =E2=80=9CLocation Data=E2=80=9D is something nowhere defined. Can you =
clarify what do you mean?
>=20
> we can just remove 'Location Data=E2=80=99

OK.

>=20
>=20
>>=20
>>=20
>>>       PKT HMAC: HMAC of the whole Map-Reply packet, including the =
LISP-
>>>       SEC Authentication Data.  The scope of the authentication goes
>>>       from the Map-Reply Type field to the PKT HMAC field included.
>>>       Before computing the HMAC operation the PKT HMAC field MUST be =
set
>>>       to 0.  See Section 5.8 for more details.
>>>=20
>>> 5.3.  Map-Register LISP-SEC Extentions
>>>=20
>>>    The second bit after the Type field in a Map-Register message is
>>>    allocated as the S bit. =20
>> I would better explain that this document is allocating a bit marked =
as reserved in 6830.
>=20
> Ok. We will need to reflect this in 6830bis as well.=20

Sure


>=20
>> Furthermore, at the cost of being redundant, I would put the packet =
format highlighting the position of the bit so that there is no =
confusion whatsoever.
>=20
> We wanted to  explicitly avoid to include the format of messages when =
already defined in other documents,

The S-bit is not defined in other documents. IMHO is important to have =
the visual aid of which exact bit your are talking about.

> so we point rather than copy. If we address this in 6830bis, the =
problem will be solved.=20

You mentioned 6830bis several time, let me ask: Would you like to =
reference that document?
In this case we have to hold this back until we have at least a stable =
version of that document.
Then the RFC editor will hold this document back until that one is RFC, =
because of missing reference.
Or you keep it this way and later on you make a ST version.

Either way is fine for me.



>=20
>=20
>>=20
>>> The S bit indicates to the Map-Server that
>>>    the registering ETR is LISP-SEC enabled.  An ETR that supports =
LISP-
>>>    SEC MUST set the S bit in its Map-Register messages.
>>>=20
>>> 5.4.  ITR Processing
>>>=20
>>>    Upon creating a Map-Request, the ITR generates a random ITR-OTK =
that
>>>    is stored locally, together with the nonce generated as specified =
in
>>>    [RFC6830].
>>>=20
>>>    The Map-Request MUST be encapsulated in an ECM, with the S-bit =
set to
>>>    1, to indicate the presence of Authentication Data.  If the ITR =
and
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
10]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    the Map-Resolver are configured with a shared key,
>> In section 4 you seem to suggest that this is not the only way to =
protect the OTK (see my comment).
>> Here instead you suggest that a shared key is the only way.
>=20
>=20
> Right. Here it says what to do IF there is a shared key, that is =
consistent with the SHOULD above.=20

OK.

>=20
>=20
>>>  the ITR-OTK
>>>    confidentiality SHOULD be protected by wrapping the ITR-OTK with =
the
>>>    algorithm specified by the OTK Encryption ID field.=20
>> Not clear what this =E2=80=9CSHOULD=E2=80=9D refers to.
>> IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD =
encrypt.
>> Or the choice of the algorithm? The ITR SHOULD use the algorithm =
specified by the OTK Encryption ID?
>> The second case looks impossible since is the ITR is choosing the =
algorithm. May be the sentence can be rewritten.
>=20
> SHOULD refers to protecting the confidentiality of the ITR-OTK. Maybe =
the 'by' should be replaced by 'with=E2=80=99?

Just drop the =E2=80=9Cby=E2=80=9D?


>=20
>>=20
>> Similarly to previous comment: Why it is not a MUST?
> Same as other SHOULD.=20
>=20
>=20
>=20
>>>  See Section 5.5
>>>    for further details on OTK encryption.
>>>=20
>>>    The Requested HMAC ID field contains the suggested HMAC algorithm =
to
>>>    be used by the Map-Server and the ETR to protect the integrity of =
the
>>>    ECM Authentication data and of the Map-Reply.
>>>=20
>> What happens if the MS will choose a HMAC not supported by the ETR or =
the ITR?
>> Can you clarify how to solve this situation or explain why this will =
never happen?
>=20
> This is described 5 paragraphs below:=20
>=20
> "
> If the EID HMAC ID field does
>    not match the Requested HMAC ID the ITR SHOULD discard the =
Map-Reply
>    and send, at the first opportunity it needs to, a new Map-Request
>    with a different Requested HMAC ID field, according to ITR's local
>    policy. =20
> "
>=20

What about the ETR?

>=20
>>=20
>>>    The KDF ID field, specifies the suggested key derivation function =
to
>>>    be used by the Map-Server to derive the MS-OTK.
>>=20
>> What happens if the MS will choose a KDF ID not supported by the ITR?
>> Can you clarify how to solve this situation or explain why this will =
never happen?
>=20
> This is described a few paragraphs below:=20
> "
> If the KDF ID in the Map-Reply does not match the
>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>    Reply and send, at the first opportunity it needs to, a new Map-
>    Request with a different KDF ID, according to ITR's...=20
> "
>=20

This does not guarantee that the MS will reply with something the ITR =
understands=E2=80=A6.



>>=20
>>>    The EID-AD length is set to 4 bytes, since the Authentication =
Data
>>>    does not contain EID-prefix Authentication Data, and the EID-AD
>>>    contains only the KDF ID field.
>>>=20
>>>    In response to an encapsulated Map-Request that has the S-bit =
set, an
>>>    ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>>    EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, =
the
>>>    ITR MUST discard it.  In response to an encapsulated Map-Request =
with
>>>    S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, =
and
>>>    the ITR SHOULD discard the Map-Reply if the S-bit is set.
>> Why a =E2=80=9CSHOULD=E2=80=9D? If the Map-Request has S-bit=3D0 it =
mean that there is no AD, hence no OTK, how can the ITR decrypt the =
reply?????
>> It MUST discard=E2=80=A6..
>=20
> If S-bit =3D 0 there's no Authentication Data. The Map-reply is in =
clear, and can be read.

I am not sure you understood my point.

You send a Map-Request with S=3D0, hence unenbcrypted. How can you =
possible receive a Map-Reply with S=3D1?
How is it encrypted if the ITR did not provide any OTK?




>=20
>=20
> Here again the SHOULD leaves open to ITR local policy that can be =
strict (drop anything not authenticated) or loose (accept =
unauthenticated map-reply).=20
>=20
> There are use cases where LISP-SEC is not deployed everywhere, where =
the ITR might have to use loose policy.  =20
>=20
>=20
>>=20
>>=20
>>>    Upon receiving a Map-Reply, the ITR must verify the integrity of =
both
>>>    the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one =
of
>>>    the integrity checks fails.
>>>=20
>>>    The integrity of the EID-AD is verified using the locally stored =
ITR-
>>>    OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>    specified in the EID HMAC ID field.  If the EID HMAC ID field =
does
>>>    not match the Requested HMAC ID the ITR SHOULD discard the =
Map-Reply
>> Why is this a SHOULD? If it supports the HMAC Algorithm why not =
decrypt? Shouldn=E2=80=99t this be a =E2=80=9CMAY=E2=80=9D, according to =
internal policy?
>=20
> because this could be used by an attacker to force weaker HMACs (e.g. =
MD5).

OK

> The SHOULD leaves open the door to not discarding, according to local =
policy.=20
>=20
>=20

OK.


>=20
>=20
>>>    and send, at the first opportunity it needs to, a new Map-Request
>>>    with a different Requested HMAC ID field, according to ITR's =
local
>>>    policy.  The ITR MUST set the EID HMAC ID field to 0 before =
computing
>>>    the HMAC.
>> Shouldn=E2=80=99t the MS do the same thing? Otherwise different =
values will be obtained. This is not specified in the MS functioning =
description.
>=20
> good catch. Actually it's a typo here, the EID HMAC field should be =
set to 0 (that is consistent with section 5.7), not the EID HMAC ID that =
should not be touched.=20
>=20

OK
>=20
> The ITR MUST set the EID HMAC ID field to 0 before computing
>    the HMAC.
>=20
> should change to=20
>=20
> The scope of the HMAC operation covers the
>    entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>    which must be set to 0 before the computation.
>=20
>>>    To verify the integrity of the PKT-AD, first the MS-OTK is =
derived
>>>    from the locally stored ITR-OTK using the algorithm specified in =
the
>>>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match =
the
>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>    Reply and send, at the first opportunity it needs to, a new Map-
>>>    Request with a different KDF ID, according to ITR's local policy.
>>>    The derived MS-OTK is then used to re-compute the HMAC of the =
PKT-AD
>>>    using the Algorithm specified in the PKT HMAC ID field.  If the =
PKT
>>>    HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>>    discard the Map-Reply and send, at the first opportunity it needs =
to,
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
11]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    a new Map-Request with a different Requested HMAC ID according to
>>>    ITR's local policy.
>>>=20
>>>    Each individual Map-Reply EID-record is considered valid only if: =
(1)
>>>    both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>>    EID-prefix in the Map-Reply EID-record with one of the =
EID-prefixes
>>>    contained in the EID-AD is not empty.  After identifying the Map-
>>>    Reply record as valid, the ITR sets the EID-prefix in the =
Map-Reply
>>>    record to the value of the intersection set computed before, and =
adds
>>>    the Map-Reply EID-record to its EID-to-RLOC cache, as described =
in
>>>    [RFC6830].  An example of Map-Reply record validation is provided =
in
>>>    Section 5.4.1.
>>>=20
>>>    The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>>    system in order to receive a secure Map-Reply. =20
>> I do not understand this =E2=80=9CSHOULD=E2=80=9D.  This has =
consequences in the choice how to react to SMR. This is a local policy.
>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR =
triggered Map-Request MUST be sent through the mapping system.

> so the _if_ is what makes that MUST a SHOULD... According to local =
policy the ITR SHOULD send the SMR.

I read the sentence in this way:

	In order to received a secure Map-Reply, the ITR MUST send SMR =
triggered Map-Requests over the mapping system.

No?

>>> If an ITR accepts
>>>    piggybacked Map-Replies, it SHOULD also send a Map-Request over =
the
>>>    mapping system in order to securely verify the piggybacked =
Map-Reply.
>> Same as above.
>>> 5.4.1.  Map-Reply Record Validation
>>>=20
>>>    The payload of a Map-Reply may contain multiple EID-records.  The
>>>    whole Map-Reply is signed by the ETR, with the PKT HMAC, to =
provide
>>>    integrity protection and origin authentication to the EID-prefix
>>>    records claimed by the ETR.  The Authentication Data field of a =
Map-
>>>    Reply may contain multiple EID-records in the EID-AD.  The EID-AD =
is
>>>    signed by the Map-Server, with the EID HMAC, to provide integrity
>>>    protection and origin authentication to the EID-prefix records
>>>    inserted by the Map-Server.
>>>=20
>>>    Upon receiving a Map-Reply with the S-bit set, the ITR first =
checks
>>>    the validity of both the EID HMAC and of the PKT-AD HMAC.  If =
either
>>>    one of the HMACs is not valid, a log message is issued and the =
Map-
>>>    Reply is not processed any further. =20
>> I think =E2=80=9Clog message" is too much implementation specific.=20
>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
> Ok. 'a log message is issued' will change to 'a log action should be =
taken'. The point is that there could be an attack behind it, and we =
want to record the event

OK

>>> If both HMACs are valid, the ITR
>>>    proceeds with validating each individual EID-record claimed by =
the
>>>    ETR by computing the intersection of each one of the EID-prefix
>>>    contained in the payload of the Map-Reply with each one of the =
EID-
>>>    prefixes contained in the EID-AD.  An EID-record is valid only if =
at
>>>    least one of the intersections is not the empty set.
>>>=20
>>>    For instance, the Map-Reply payload contains 3 mapping record =
EID-
>>>    prefixes:
>>>=20
>>>       1.1.1.0/24
>>>=20
>>>       1.1.2.0/24
>>>=20
>>>       1.2.0.0/16
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
12]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    The EID-AD contains two EID-prefixes:
>>>=20
>>>       1.1.2.0/24
>>>=20
>>>       1.2.3.0/24
>>>=20
>>>    The EID-record with EID-prefix 1.1.1.0/24 is not processed since =
it
>>>    is not included in any of the EID-ADs signed by the Map-Server.  =
A
>>>    log message is issued.
>> I think =E2=80=9Clog message" is too much implementation specific.=20
>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
> ok. Same as above.
>>=20
>>>    The EID-record with EID-prefix 1.1.2.0/24 is stored in the =
map-cache
>>>    because it matches the second EID-prefix contained in the EID-AD.
>>>=20
>>>    The EID-record with EID-prefix 1.2.0.0/16 is not processed since =
it
>>>    is not included in any of the EID-ADs signed by the Map-Server.  =
A
>>>    log message is issued.
>> I think =E2=80=9Clog message" is too much implementation specific.=20
>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
> ok. Same as above
>>=20
>>>   In this last example the ETR is trying to
>>>    over claim the EID-prefix 1.2.0.0/16, but the Map-Server =
authorized
>>>    only 1.2.3.0/24, hence the EID-record is discarded.
>> Reading the example I am not sure I would follow this behaviour.
>> Only 1 record out of 3 is valid so why should I actually trust the =
ETR instead of throwing everything away?
>> Can you explain ???
> The other two records are validated by the MS, so there is no reason =
to throw those away.

Yes, but the ETR is still trying to cheat on the third one=E2=80=A6.
So the ETR may be compromised, why should I send traffic to him???


>>> 5.4.2.  PITR Processing
>>>=20
>>>    The processing performed by a PITR is equivalent to the =
processing of
>>>    an ITR.  However, if the PITR is directly connected to the ALT,=20=

>> This would be LISP+ALT. Pleas add a reference to 6836.
> ok.
>>=20
>>> the
>>>    PITR performs the functions of both the ITR and the Map-Resolver
>>>    forwarding the Map-Request encapsulated in an ECM header that
>>>    includes the Authentication Data fields as described in Section =
5.6.
>>>=20
>>> 5.5.  Encrypting and Decrypting an OTK
>>>=20
>>>    MS-OTK confidentiality is required in the path between the =
Map-Server
>>>    and the ETR, the MS-OTK SHOULD
>> If confidentiality is required why there is not a MUST?
> Same.
>>=20
>>>  be encrypted using the preconfigured
>>>    key shared between the Map-Server and the ETR for the purpose of
>>>    securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>    confidentiality is required in the path between the ITR and the =
Map-
>>>    Resolver, the ITR-OTK SHOULD=20
>> Again, if confidentiality is required why there is not a MUST?
> Same.
>>=20
>>> be encrypted with a key shared between
>>>    the ITR and the Map-Resolver.
>>>=20
>>>    The OTK is encrypted using the algorithm specified in the OTK
>>>    Encryption ID field.  When the AES Key Wrap algorithm is used to
>>>    encrypt a 128-bit OTK, according to [RFC3339],
>> The correct RFC is 3394.
> ok.
>>=20
>>>  the AES Key Wrap
>>>    Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>>    The output of the AES Key Wrap operation is 192-bit long.  The =
most
>>>    significant 64-bit are copied in the One-Time Key Preamble field,
>>>    while the 128 less significant bits are copied in the One-Time =
Key
>>>    field of the LISP-SEC Authentication Data.
>>>=20
>>>    When decrypting an encrypted OTK the receiver MUST verify that =
the
>>>    Initialization Value resulting from the AES Key Wrap decryption
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
13]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification =
fails
>>>    the receiver MUST discard the entire message.
>>>=20
>>>    When a 128-bit OTK is sent unencrypted the OTK Encryption ID is =
set
>>>    to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>    0x0000000000000000 (64 bits).
>>>=20
>>> 5.6.  Map-Resolver Processing
>>>=20
>>>    Upon receiving an encapsulated Map-Request with the S-bit set, =
the
>>>    Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>    encrypted, is decrypted as specified in Section 5.5.
>>>=20
>>>    The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>>    header with the S-bit set, that contains the unencrypted ITR-OTK, =
as
>>>    specified in Section 5.5, and the other data derived from the ECM
>>>    Authentication Data of the received encapsulated Map-Request.
>> Few points on this last paragraph:
>> - You assume that there is no need of confidentiality inside the =
Mapping System?
>> - Why not stating that encryption inside the mapping system is =
mapping system specify and out of scope of this document?
> ok. as it was pointed out above.
>>=20
>> - Why are you assuming that all of the Mapping system will use ECM? =
Future Mapping system may use soemthos different. The important point is =
to ship the AD along.
> good point, and I agree with your suggestion to fix this below.
>>=20
>>>    The Map-Resolver then forwards
>> to whom?
> ok. add 'to the Map-Server'
>>=20
>>>  the received Map-Request, encapsulated
>>>    in the new ECM header that includes the newly computed =
Authentication
>>>    Data fields.
>> As for my comment of the previous paragraph I would be more generic =
stating that the MR will hand over the request to the mapping system.
>> You can still provide the example of DDT using ECM.
> right.
>>=20
>>> 5.7.  Map-Server Processing
>>>=20
>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit =
set,
>>>    the Map-Server process the Map-Request according to the value of =
the
>>>    S-bit contained in the Map-Register sent by the ETR during
>>>    registration.
>>>=20
>>>    If the S-bit contained in the Map-Register was clear the =
Map-Server
>>>    decapsulates the ECM and generates a new ECM encapsulated =
Map-Request
>>>    that does not contain an ECM Authentication Data, as specified in
>>>    [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>>    processing.
>> This equivalent to not using LISP-SEC. Please specify that the =
Map-Reply will be not protected.
> ok.
>>=20
>>>    If the S-bit contained in the Map-Register was set the Map-Server
>>>    decapsulates the ECM and generates a new ECM Authentication Data.
>>>    The Authentication Data includes the OTK-AD and the EID-AD, that
>>>    contains EID-prefix authorization information, that are =
ultimately
>>>    sent to the requesting ITR.
>>>=20
>>>    The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) =
from
>>>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>    applying the key derivation function specified in the KDF ID =
field.
>>>    If the algorithm specified in the KDF ID field is not supported, =
the
>>>    Map-Server uses a different algorithm to derive the key and =
updates
>>>    the KDF ID field accordingly.
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
14]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    The Map-Server and the ETR MUST be configured with a shared key =
for
>>>    mapping registration according to [RFC6833].  If MS-OTK
>>>    confidentiality is required, then the MS-OTK SHOULD be encrypted,
>> Again, if confidentiality is required why there is not a MUST?
> same as above.
>>=20
>>>  by
>>>    wrapping the MS-OTK with the algorithm specified by the OTK
>>>    Encryption ID field as specified in Section 5.5.
>>>=20
>>>    The Map-Server includes in the EID-AD the longest match =
registered
>>>    EID-prefix for the destination EID, and an HMAC of this =
EID-prefix.
>>>    The HMAC is keyed with the ITR-OTK contained in the received ECM
>>>    Authentication Data, and the HMAC algorithm is chosen according =
to
>>>    the Requested HMAC ID field.  If The Map-Server does not support =
this
>>>    algorithm, the Map-Server uses a different algorithm and =
specifies it
>>>    in the EID HMAC ID field.  The scope of the HMAC operation covers =
the
>>>    entire EID-AD, from the EID-AD Length field to the EID HMAC =
field,
>>>    which must be set to 0 before the computation.
>>>=20
>>>    The Map-Server then forwards the updated ECM encapsulated Map-
>>>    Request, that contains the OTK-AD, the EID-AD, and the received =
Map-
>>>    Request to an authoritative ETR as specified in [RFC6830].
>>>=20
>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>=20
>>>    If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>>    specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>>    includes the Authentication Data that contains the EID-AD, =
computed
>>>    as specified in Section 5.7, as well as the PKT-AD computed as
>>>    specified in Section 5.8.
>>>=20
>>> 5.8.  ETR Processing
>>>=20
>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit =
set,
>>>    the ETR decapsulates the ECM message.  The OTK field, if =
encrypted,
>>>    is decrypted as specified in Section 5.5 to obtain the =
unencrypted
>>>    MS-OTK.
>>>=20
>>>    The ETR then generates a Map-Reply as specified in [RFC6830] and
>>>    includes the Authentication Data that contains the EID-AD, as
>>>    received in the encapsulated Map-Request, as well as the PKT-AD.
>>>=20
>>>    The EID-AD is copied from the Authentication Data of the received
>>>    encapsulated Map-Request.
>>>=20
>>>    The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>>    with the MS-OTK and computed using the HMAC algorithm specified =
in
>>>    the Requested HMAC ID field of the received encapsulated =
Map-Request.
>>>    If the ETR does not support the Requested HMAC ID, it uses a
>>>    different algorithm and updates the PKT HMAC ID field =
accordingly.
>>>    The scope of the HMAC operation covers the entire PKT-AD, from =
the
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
15]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    Map-Reply Type field to the PKT HMAC field, which must be set to =
0
>>>    before the computation.
>>>=20
>>>    Finally the ETR sends the Map-Reply to the requesting ITR as
>>>    specified in [RFC6830].
>>>=20
>>> 6.  Security Considerations
>>>=20
>>> 6.1.  Mapping System Security
>>>=20
>>>    The LISP-SEC threat model described in Section 3, assumes that =
the
>>>    LISP Mapping System is working properly and eventually delivers =
Map-
>>>    Request messages to a Map-Server that is authoritative for the
>>>    requested EID.
>>>=20
>> As for a previous comment, can you elaborate if OTK confidentiality =
is required in the mapping system and what are the consequences?
> ok.
>>=20
>>>    Map-Register security, including the right for a LISP entity to
>>>    register an EID-prefix or to claim presence at an RLOC, is out of =
the
>>>    scope of LISP-SEC.
>>>=20
>>> 6.2.  Random Number Generation
>>>=20
>>>    The ITR-OTK MUST be generated by a properly seeded pseudo-random =
(or
>>>    strong random) source.  See [RFC4086] for advice on generating
>>>    security-sensitive random data
>>>=20
>>> 6.3.  Map-Server and ETR Colocation
>>>=20
>>>    If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>    provide protection from overclaiming attacks mounted by the ETR.
>>>    However, in this particular case, since the ETR is within the =
trust
>>>    boundaries of the Map-Server, ETR's overclaiming attacks are not
>>>    included in the threat model.
>>>=20
>>> 7.  IANA Considerations
>> This section is not conform to RFC 5226.
>> There right way to go is to ask IANA to create three new registries, =
for HMAC, Key Wrap, and Key Derivation functions.
>> Define what is the allocation process (in light of the size of the =
field FCFS should not cause any problem IMHO)
>> Then ask to populate the registries as already described.
> Ok, so each one of the sections 7.x will say: IANA is requested to =
create a new <registry-name>  registry for use =E2=80=A6

There is slightly more text to add.


>>> 7.1.  HMAC functions
>>>=20
>>>    The following HMAC ID values are defined by this memo for use as
>>>    Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>>    Authentication Data:
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
16]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>              Name                     Number        Defined In
>>>              -------------------------------------------------
>>>              NONE                     0
>>>              AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>>              AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>>=20
>>>              values 2-65535 are reserved to IANA.
>>>=20
>>>                               HMAC Functions
>>>=20
>>>    AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 =
should be
>>>    supported.
>>>=20
>>> 7.2.  Key Wrap Functions
>>>=20
>>>    The following OTK Encryption ID values are defined by this memo =
for
>>>    use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>>    Data:
>>>=20
>>>              Name                     Number        Defined In
>>>              -------------------------------------------------
>>>              NULL-KEY-WRAP-128        1
>>>              AES-KEY-WRAP-128         2             [RFC3394]
>>>=20
>>>              values 0 and 3-65535 are reserved to IANA.
>>>=20
>>>                             Key Wrap Functions
>>>=20
>>>    NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>=20
>>>    NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, =
with a
>>>    64-bit preamble set to 0x0000000000000000 (64 bits).
>>>=20
>>> 7.3.  Key Derivation Functions
>>>=20
>>>    The following KDF ID values are defined by this memo for use as =
KDF
>>>    ID in the LISP-SEC Authentication Data:
>>>=20
>>>              Name                     Number        Defined In
>>>              -------------------------------------------------
>>>              NONE                     0
>>>              HKDF-SHA1-128            1             [RFC5869]
>>>=20
>>>              values 2-65535 are reserved to IANA.
>>>=20
>>>                          Key Derivation Functions
>>>=20
>>>    HKDF-SHA1-128 MUST be supported
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
17]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>> 8.  Acknowledgements
>>>=20
>>>    The authors would like to acknowledge Pere Monclus, Dave Meyer, =
Dino
>>>    Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>>    Noll for their valuable suggestions provided during the =
preparation
>>>    of this document.
>>>=20
>>> 9.  Normative References
>> Please Check your reference, this is the output if the nits tool:
>> Checking references for intended status: Experimental
>>   =
--------------------------------------------------------------------------=
--
>>   =3D=3D Missing Reference: 'RFC3339' is mentioned on line 602, but =
not defined
>>   =3D=3D Missing Reference: 'RFC4634' is mentioned on line 752, but =
not defined
>>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
> ok.
>>=20
>>>    [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: =
Keyed-
>>>               Hashing for Message Authentication", RFC 2104,
>>>               DOI 10.17487/RFC2104, February 1997,
>>>               <http://www.rfc-editor.org/info/rfc2104 =
<http://www.rfc-editor.org/info/rfc2104>>.
>>>=20
>>>    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>               Requirement Levels", BCP 14, RFC 2119,
>>>               DOI 10.17487/RFC2119, March 1997,
>>>               <http://www.rfc-editor.org/info/rfc2119 =
<http://www.rfc-editor.org/info/rfc2119>>.
>>>=20
>>>    [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption =
Standard
>>>               (AES) Key Wrap Algorithm", RFC 3394, DOI =
10.17487/RFC3394,
>>>               September 2002, =
<http://www.rfc-editor.org/info/rfc3394 =
<http://www.rfc-editor.org/info/rfc3394>>.
>>>=20
>>>    [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>               "Randomness Requirements for Security", BCP 106, RFC =
4086,
>>>               DOI 10.17487/RFC4086, June 2005,
>>>               <http://www.rfc-editor.org/info/rfc4086 =
<http://www.rfc-editor.org/info/rfc4086>>.
>>>=20
>>>    [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing =
an
>>>               IANA Considerations Section in RFCs", BCP 26, RFC =
5226,
>>>               DOI 10.17487/RFC5226, May 2008,
>>>               <http://www.rfc-editor.org/info/rfc5226 =
<http://www.rfc-editor.org/info/rfc5226>>.
>>>=20
>>>    [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based =
Extract-and-Expand
>>>               Key Derivation Function (HKDF)", RFC 5869,
>>>               DOI 10.17487/RFC5869, May 2010,
>>>               <http://www.rfc-editor.org/info/rfc5869 =
<http://www.rfc-editor.org/info/rfc5869>>.
>>>=20
>>>    [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, =
"The
>>>               Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>               DOI 10.17487/RFC6830, January 2013,
>>>               <http://www.rfc-editor.org/info/rfc6830 =
<http://www.rfc-editor.org/info/rfc6830>>.
>>>=20
>>>    [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>               Protocol (LISP) Map-Server Interface", RFC 6833,
>>>               DOI 10.17487/RFC6833, January 2013,
>>>               <http://www.rfc-editor.org/info/rfc6833 =
<http://www.rfc-editor.org/info/rfc6833>>.
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
18]
>>> =0C
>>> Internet-Draft                  LISP-SEC                    October =
2016
>>>=20
>>>=20
>>>    [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, =
"Locator/ID
>>>               Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>>               DOI 10.17487/RFC7835, April 2016,
>>>               <http://www.rfc-editor.org/info/rfc7835 =
<http://www.rfc-editor.org/info/rfc7835>>.
>>>=20
>>> Authors' Addresses
>>>=20
>>>    Fabio Maino
>>>    Cisco Systems
>>>    170 Tasman Drive
>>>    San Jose, California  95134
>>>    USA
>>>=20
>>>    Email: fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>=20
>>>=20
>>>    Vina Ermagan
>>>    Cisco Systems
>>>    170 Tasman Drive
>>>    San Jose, California  95134
>>>    USA
>>>=20
>>>    Email: vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>=20
>>>=20
>>>    Albert Cabellos
>>>    Technical University of Catalonia
>>>    c/ Jordi Girona s/n
>>>    Barcelona  08034
>>>    Spain
>>>=20
>>>    Email: acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>=20
>>>=20
>>>    Damien Saucez
>>>    INRIA
>>>    2004 route des Lucioles - BP 93
>>>    Sophia Antipolis
>>>    France
>>>=20
>>>    Email: damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>> Maino, et al.             Expires April 6, 2017                [Page =
19]
>=20


--Apple-Mail=_E3DB3483-9CFF-43B0-9BD5-B6C21403317E
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">Hi Fabio,<div class=3D""><br class=3D""></div><div =
class=3D"">se my comment inline.&nbsp;</div><div class=3D"">(I do not =
consider the points we agree and everything related to the =E2=80=9CSHOULD=
=E2=80=9D clarification)</div><div class=3D""><br class=3D""></div><div =
class=3D"">Thanks for your work</div><div class=3D""><br =
class=3D""></div><div class=3D"">Ciao</div><div class=3D""><br =
class=3D""></div><div class=3D"">L.</div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""><div><blockquote =
type=3D"cite" class=3D""><div class=3D"">On 22 Oct 2016, at 01:23, Fabio =
Maino &lt;<a href=3D"mailto:fmaino@cisco.com" =
class=3D"">fmaino@cisco.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div class=3D"">
 =20
    <meta content=3D"text/html; charset=3Dutf-8" =
http-equiv=3D"Content-Type" class=3D"">
 =20
  <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <div class=3D"moz-cite-prefix">Ciao Luigi, <br class=3D"">
      below I have replied to each comment. I'm working to the updated
      text, that I will send as soon as it is ready. ideally we might be
      able to publish a new version before draft deadline. <br =
class=3D""></div></div></div></blockquote><div><br =
class=3D""></div><div>Excellent. Thanks</div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D""><div class=3D"moz-cite-prefix">
      <br class=3D"">
      Just a note on the most recurring comment: SHOULD vs. MUST. <br =
class=3D"">
      <br class=3D"">
      The use of SHOULD across the document is according to RFC 2119: =
<br class=3D"">
      <br class=3D"">
      <meta charset=3D"utf-8" class=3D"">
      <pre style=3D"font-size: 13.3333px; margin-top: 0px; =
margin-bottom: 0px; font-style: normal; font-variant-ligatures: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: 2; text-align: start; text-indent: 0px; text-transform: none; =
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span class=3D"h2" style=3D"line-height: 0pt; display: =
inline; white-space: pre; font-family: monospace; font-size: 1em; =
font-weight: bold;"><h2 style=3D"line-height: 0pt; display: inline; =
white-space: pre; font-family: monospace; font-size: 1em; font-weight: =
bold;" class=3D"">SHOULD  </h2></span> This word, or the adjective =
"RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.</pre>
      <br class=3D"">
      <br class=3D"">
      There are use cases where, carefully weighing the implications,
      some of the security services of LISP-SEC can be turned-off. We
      want to leave implementors the freedom to allow this flexibility.
      <br class=3D"">
      <br class=3D"">
      For example, in a DC deployment it may make sense to turn off OTK
      decryption between XTR and MS/MR, as MiTM is very unlikely. <br =
class=3D"">
      <br class=3D"">
      Similarly, an ITR may decide to implement a loose policy on
      accepting an AD authenticated with an algorithm different from the
      preferred authentication algorithm expressed by the ITR. Using a
      MUST would force support of a given authentication algorithm
      across each and every MS and ETR, that might not be the case when
      incrementally deploying LISP-SEC (or while upgrading routers). <br =
class=3D"">
      <br class=3D"">
      Using a MUST would prevent this flexibility, that we would like to
      leave to the implementors. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D""></div></div></div></blockquote><div><br =
class=3D""></div><div>This is fixed as for the suggestion of Joel. =
Thanks.</div><div><br class=3D""></div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D""><div class=3D"moz-cite-prefix">
      <br class=3D"">
      <br class=3D"">
      On 10/19/16 8:06 AM, Luigi Iannone wrote:<br class=3D"">
    </div>
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <meta http-equiv=3D"Content-Type" content=3D"text/html; =
charset=3Dutf-8" class=3D"">
      <div class=3D"">Dear Authors of the LISP-SEC document,</div>
      <div class=3D""><br class=3D"">
      </div>
      <div class=3D"">hereafter my review of the document.</div>
      <div class=3D"">This was long overdue, sorry for being so =
late.</div>
      <div class=3D""><br class=3D"">
      </div>
      <div class=3D"">I really like the solution and the majority of my
        comments are just clarification questions.</div>
      <div class=3D"">Let me know if my comments are clear.</div>
      <div class=3D""><br class=3D"">
      </div>
      <div class=3D"">ciao</div>
      <div class=3D""><br class=3D"">
      </div>
      <div class=3D"">L.</div>
      <div class=3D""><br class=3D"">
      </div>
      <div class=3D""><br class=3D"">
      </div>
      <div class=3D""><br class=3D"">
      </div>
      <blockquote type=3D"cite" class=3D"">
        <div class=3D"">
          <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre>
        </div>
      </blockquote>
      I find the above sentence confusing. Wouldn=E2=80=99t be better to =
specify
      that we are talking about IP addresses?</blockquote>
    <br class=3D"">
    That's how LISP is described in RFC6830, section 1. If you start
    using the term IP address then you need to qualify if you are
    talking about Identity-IP or Locator-IP, so the sentence gets
    complicated pretty quickly. <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>Not really. The very first sentence of the =
abstract of 6830 states:</div><div><br class=3D""></div><div><pre =
style=3D"font-size: 13.333333015441895px; margin-top: 0px; =
margin-bottom: 0px;" class=3D"">This document describes a =
network-layer-based protocol that enables
   separation of IP addresses into two new numbering spaces: Endpoint
   Identifiers (EIDs) and Routing Locators (RLOCs). </pre><div =
class=3D""><br class=3D""></div><div class=3D""><br class=3D""></div><div =
class=3D"">So clearly speaks about IP address.</div><div =
class=3D"">Furthermore =E2=80=9Croutable" en =E2=80=9Cnon routable=E2=80=9D=
 is true only in the inter-domain point of view, because EID are locally =
routable.</div><div class=3D"">Note that 6830 does not specify in the =
first sentence what is routable and what is not.</div><div class=3D""><br =
class=3D""></div><div class=3D""><br class=3D""></div></div><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">
    I would leave this one unchanged.<br =
class=3D""></div></div></blockquote><blockquote type=3D"cite" =
class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" =
class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
      </div>
      <div class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">If these EID-to-RLOC mappings, carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre>
          </div>
        </blockquote>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">I would put s forward reference to section 3
          stating that the reader will find details about the threat
          model.</div>
      </div>
    </blockquote>
    <br class=3D"">
    OK. We can replace the sentence <br class=3D"">
    <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">A detailed description of "overclaiming" attack is provided
   in [RFC7835]

with=20

The LISP-SEC threat model, described in Section 3, is built on top of =
the LISP threat model defined in RFC7835, that includes a detailed =
description of "overclaiming" attack.=20
</pre></div></div></blockquote><div>OK</div><div><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre>
          </div>
        </blockquote>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">Why are you considering ITR-OTK and MS-OTK
          sub-terms?&nbsp;</div>
        <div class=3D"">I would elevate them at full terms, hence =
avoiding
          spacing and indentation.</div>
      </div>
    </blockquote>
    <br class=3D"">
    Ok. <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">      Encapsulated Control Message (ECM): A LISP control =
message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre>
          </div>
        </blockquote>
        <div class=3D"">Why are you re-defining ECM?&nbsp;</div>
        <div class=3D"">You do not specify other packets, e.g., =
Map-Reply,
          so why ECM?</div>
        <div class=3D"">I would drop it.</div>
      </div>
    </blockquote>
    <br class=3D"">
    It is not defined in the Definitions section of 6830. One would need
    to go through the body of 6830 to find it. <br =
class=3D""></div></div></blockquote><div><br class=3D""></div><div>I see =
your point. Just keep the text and add a ref to section 6.1.8 of 6830. =
This will clarify that is something coming from a specific section of =
that document.</div><div><br class=3D""></div><div>&nbsp;</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    I'll drop it, but we need to make sure that ECM gets into the
    definition section of 6830bis. <br class=3D"">
    <br class=3D"">
    Albert: are you looking into that document? Can you take care of
    this? <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">      Authentication Data (AD): Metadata that is included =
either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]
=0C
Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre>
          </div>
        </blockquote>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">
          <div class=3D"">Why are you considering OTK-AD, EID-AD, and
            PKT-AD sub-terms?&nbsp;</div>
          <div class=3D"">I would elevate them at full terms, hence
            avoiding spacing and indentation.</div>
          <br class=3D"">
        </div>
      </div>
    </blockquote>
    ok. <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">   For definitions of other terms, notably Map-Request, =
Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre>
          </div>
        </blockquote>
        <div class=3D"">LISP-SEC does not require OTK confidentiality in
          the mapping system. This should be discussed here.</div>
      </div>
    </blockquote>
    we could add to the above<br class=3D"">
    <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">"and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System."=20

How the Mapping System is protected from MiTM attacks depends from the =
particular Mapping System used, and is out of the scope of this memo.=20

</pre>
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>That=E2=80=99s fine for me.</div><div><br =
class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">   According to the threat model described in [RFC7835] =
LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre>
          </div>
        </blockquote>
        <div class=3D"">You did not define HMAC acronym. Please define =
and
          add a reference.</div>
      </div>
    </blockquote>
    <br class=3D"">
    ok. <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">      the integrity of the mapping data known to the =
Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre>
          </div>
        </blockquote>
        <div class=3D"">Why not using =E2=80=9CMUST=E2=80=9D???</div>
        <div class=3D"">Are you suggesting that a different way to =
provide
          confidentiality can be used (e.g. a different shared =
key)???</div>
        <div class=3D"">If yes, please state so.</div>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">Or are you suggesting that no encryption at all =
is
          used? But this means not providing confidentiality=E2=80=A6</div=
>
        <div class=3D"">Can you clarify?</div>
        <div class=3D""><br class=3D"">
        </div>
        (this very same comment will appear several time in this =
review)<br class=3D"">
      </div>
    </blockquote>
    <br class=3D"">
    We don't want to make the use of pre-shared key *mandatory* to all
    LISP deployments. There are deployments where the risk of MiTM
    between the xTR and the MS/MR may not justify the cost of
    provisioning a shared key (data centers, for example). <br class=3D"">=

    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">be encrypted using a preconfigured key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre>
          </div>
        </blockquote>
        <div class=3D"">This =E2=80=9Cshould=E2=80=9D should be a =
=E2=80=9CSHOULD=E2=80=9D &nbsp;(sorry for the
          cacophony=E2=80=A6)</div>
      </div>
    </blockquote>
    <br class=3D"">
    Ok. <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">
          <div class=3D"">Why not using =E2=80=9CMUST=E2=80=9D???</div>
          <div class=3D"">Are you suggesting that a different way to
            provide confidentiality can be used (e.g. a different shared
            key)???</div>
          <div class=3D"">If yes, please state so.</div>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">Or are you suggesting that no encryption at =
all
            is used? But this means not providing =
confidentiality=E2=80=A6</div>
          <div class=3D"">Can you clarify?</div>
        </div>
      </div>
    </blockquote>
    <br class=3D"">
    Same as above. <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">be encrypted using the key shared between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]
=0C
Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;=E2=80=94+
</pre>
          </div>
        </blockquote>
        <div class=3D"">I think that =E2=80=9Crec=E2=80=9D is =
mis-aligned and should be
          shifted one character upward.</div>
      </div>
    </blockquote>
    <br class=3D"">
    No. The row above is the portion of the header that specifies how
    many records will follow. Rec shows one Rec item, in the array of
    Records.&nbsp; It is consistent with 6830.<br class=3D"">
    <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>OK</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" =
class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">                     LISP-SEC ECM Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
          </div>
        </blockquote>
        <div class=3D"">This is the first document starting to allocate
          values to the "AD Type=E2=80=9D value.&nbsp;</div>
        <div class=3D"">Why not asking IANA to create a registry??</div>
        <div class=3D"">(to be done in the IANA Considerations Section) =
<br class=3D"">
        </div>
      </div>
    </blockquote>
    <br class=3D"">
    <br class=3D"">
    Ok.<br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D""><br class=3D"">
        </div>
        <br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">      V: Key Version bit.  This bit is toggled when the =
sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. </pre>
          </div>
        </blockquote>
        <div class=3D"">I am not sure I understand the rationale of this
          =E2=80=9CSHOULD=E2=80=9D. If for any reason the ITR does not =
indicate the KDF
          ID what are the consequences?</div>
      </div>
    </blockquote>
    <br class=3D"">
    That should be a MAY, I believe, <br class=3D"">
    <br class=3D"">
    The ITR can specify "no preference" for KDF ID, using a value of 0.
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>I think this is the unclear information: that the =
ITR can state =E2=80=9Cno preference=E2=80=9D using value =
0.</div><div>Would be good if you can state it more =
clearly.</div><div><br class=3D""></div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">
    <br class=3D"">
    In the ITR processing section 5.4,&nbsp; we should add to <br =
class=3D"">
    <br class=3D"">
    <meta charset=3D"utf-8" class=3D"">
    <pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: =
0px; margin-bottom: 0px; break-before: page; font-style: normal; =
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: 2; text-align: start; =
text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;">The KDF ID field, specifies the =
suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.</pre>
    <br class=3D"">
    a text like: "A KDF ID value of 0 (NONE), MAY be used to specify
    that the ITR has no preferred KDF ID".&nbsp; <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D"">Is the MS free to choose the algorithm? This
          should be clarified.</div>
      </div>
    </blockquote>
    This is specified in section 5.7. <br class=3D"">
    <br class=3D"">
    "
    <meta charset=3D"utf-8" class=3D"">
    <pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: =
0px; margin-bottom: 0px; break-before: page; font-style: normal; =
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: 2; text-align: start; =
text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;">The Map-Server updates the OTK-AD by =
deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.</pre>
    "<br class=3D"">
    <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>Since this paragraph does not use any 2119 =
language it actually mean that an MS can choose freely the =
&nbsp;algorithm to use.</div><div>right?</div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre>
          </div>
        </blockquote>
        <div class=3D"">What happens if the MS will choose a KDF ID not
          supported by the ITR?</div>
        <div class=3D"">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
      </div>
    </blockquote>
    <br class=3D"">
    This is specified in 5.4, ITR processing. <br class=3D"">
    <br class=3D"">
    "
    <meta charset=3D"utf-8" class=3D"">
    <pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: =
0px; margin-bottom: 0px; break-before: page; font-style: normal; =
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: 2; text-align: start; =
text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;">To verify the integrity of the PKT-AD, =
first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local =
policy.</pre>
    " <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    There are two typical use cases: <br class=3D"">
    - strict KDF ID policy: ITR specifiy a KDF ID, and will discard
    map-reply with different KDF IDs. If local policy allows, another
    map-request will be sent with a different KDF ID<br class=3D"">
    - loose KDF ID policy: ITR specify KDF ID =3D none, and will accept
    map-reply with any KDF ID (if supported by ITR). If received KDF is
    not supported the ITR shall drop the map-reply<br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>The above text does not reflect the policies you =
are describing. That =E2=80=9CSHOULD=E2=80=9D should be a =E2=80=9CMAY=E2=80=
=9D and your policies spelled out.&nbsp;</div><div><br =
class=3D""></div><div>Also, what is the MS stubbornly insists in using =
an algorithm that the ITR does not support?</div><div><br =
class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">See Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
          </div>
        </blockquote>
        <div class=3D"">Shouldn=E2=80=99t this be a different value? =
This AD
          &nbsp;format is different from the one described in section =
5.1!</div>
        <div class=3D"">Another reason to ask IANA for a =
registry=E2=80=A6.</div>
      </div>
    </blockquote>
    <br class=3D"">
    One is the LISP-SEC authentication data that applies to the ECM
    message (when S-bit =3D 1), the other is the LISP-SEC authentication
    data that applies to the Map-Reply (when S-bit =3D 1).&nbsp; <br =
class=3D"">
    <br class=3D"">
    Those are extensions of two different messages (ECM and map-reply),
    and they are both identified by an AD Type (that happens to be set
    to value 1 for both). <br class=3D""></div></div></blockquote><div><br=
 class=3D""></div><div>This is not clear in the current text.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    Yes, the AD type space is different so we will need two IANA
    registries.&nbsp;</div></div></blockquote><blockquote type=3D"cite" =
class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" =
class=3D"">
    <br class=3D"">
    <br class=3D"">
    Question for the co-auhtors: should we change the name to 'ECM AD
    Type' and 'Map-Reply AD Type=E2=80=99?<br =
class=3D""></div></div></blockquote><div><br class=3D""></div><div>IMHO =
you have to, otherwise there will be always confusion=E2=80=A6.</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">      EID-AD Length: length (in bytes) of the EID-AD.  An =
EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre>
          </div>
        </blockquote>
        <div class=3D"">=E2=80=9CLocation Data=E2=80=9D is something =
nowhere defined. Can
          you clarify what do you mean?</div>
      </div>
    </blockquote>
    <br class=3D"">
    we can just remove 'Location =
Data=E2=80=99</div></div></blockquote><div><br =
class=3D""></div><div>OK.</div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" =
class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">      PKT HMAC: HMAC of the whole Map-Reply packet, including =
the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre>
          </div>
        </blockquote>
        <div class=3D"">I would better explain that this document is
          allocating a bit marked as reserved in 6830.</div>
      </div>
    </blockquote>
    <br class=3D"">
    Ok. We will need to reflect this in 6830bis as well. <br =
class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>Sure</div><div><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D"">Furthermore, at the cost of being redundant, I
          would put the packet format highlighting the position of the
          bit so that there is no confusion whatsoever.</div>
      </div>
    </blockquote>
    <br class=3D"">
    We wanted to&nbsp; explicitly avoid to include the format of =
messages
    when already defined in other documents, =
</div></div></blockquote><div><br class=3D""></div>The S-bit is not =
defined in other documents. IMHO is important to have the visual aid of =
which exact bit your are talking about.</div><div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">so we point rather than
    copy. If we address this in 6830bis, the problem will be solved. <br =
class=3D""></div></div></blockquote><div><br class=3D""></div>You =
mentioned 6830bis several time, let me ask: Would you like to reference =
that document?</div><div>In this case we have to hold this back until we =
have at least a stable version of that document.</div><div>Then the RFC =
editor will hold this document back until that one is RFC, because of =
missing reference.</div><div><div>Or you keep it this way and later on =
you make a ST version.</div><div><br class=3D""></div><div>Either way is =
fine for me.</div><div><br class=3D""></div><div><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D""><br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">The S bit indicates to the Map-Server that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared key,</pre>
          </div>
        </blockquote>
        In section 4 you seem to suggest that this is not the only way
        to protect the OTK (see my comment).</div>
      <div class=3D"">Here instead you suggest that a shared key is the
        only way.<br class=3D"">
      </div>
    </blockquote>
    <br class=3D"">
    <br class=3D"">
    Right. Here it says what to do IF there is a shared key, that is
    consistent with the SHOULD above. <br =
class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>OK.</div><div><br class=3D""></div><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. </pre>
          </div>
        </blockquote>
        <div class=3D"">Not clear what this =E2=80=9CSHOULD=E2=80=9D =
refers to.</div>
        <div class=3D"">IS the SHOULD related to the fact to encrypt the
          OTK? The ITR SHOULD encrypt.</div>
        <div class=3D"">Or the choice of the algorithm? The ITR SHOULD =
use
          the algorithm specified by the OTK Encryption ID?</div>
        <div class=3D"">The second case looks impossible since is the =
ITR
          is choosing the algorithm. May be the sentence can be
          rewritten.</div>
      </div>
    </blockquote>
    <br class=3D"">
    SHOULD refers to protecting the confidentiality of the ITR-OTK.
    Maybe the 'by' should be replaced by 'with=E2=80=99?<br =
class=3D""></div></div></blockquote><div><br class=3D""></div>Just drop =
the =E2=80=9Cby=E2=80=9D?</div><div><br class=3D""></div><div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        Similarly to previous comment: Why it is not a MUST?<br =
class=3D"">
      </div>
    </blockquote>
    Same as other SHOULD. <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre>
          </div>
        </blockquote>
        <div class=3D"">What happens if the MS will choose a HMAC not
          supported by the ETR or the ITR?</div>
        <div class=3D"">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
      </div>
    </blockquote>
    <br class=3D"">
    This is described 5 paragraphs below: <br class=3D"">
    <br class=3D"">
    "
    <meta charset=3D"utf-8" class=3D"">
    <pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: =
0px; margin-bottom: 0px; break-before: page; font-style: normal; =
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: 2; text-align: start; =
text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;">If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  </pre>
    "<br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>What about the ETR?</div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">   The KDF ID field, specifies the suggested key derivation =
function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
          </div>
        </blockquote>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">What happens if the MS will choose a KDF ID not
          supported by the ITR?</div>
        <div class=3D"">Can you clarify how to solve this situation or
          explain why this will never happen?</div>
      </div>
    </blockquote>
    <br class=3D"">
    This is described a few paragraphs below: <br class=3D"">
    "
    <meta charset=3D"utf-8" class=3D"">
    <pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: =
0px; margin-bottom: 0px; break-before: page; font-style: normal; =
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: 2; text-align: start; =
text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply does not =
match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
    "<br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>This does not guarantee that the MS will reply =
with something the ITR understands=E2=80=A6.</div><div><br =
class=3D""></div><div><br class=3D""></div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">   The EID-AD length is set to 4 bytes, since the =
Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
          </div>
        </blockquote>
        <div class=3D"">Why a =E2=80=9CSHOULD=E2=80=9D? If the =
Map-Request has S-bit=3D0 it
          mean that there is no AD, hence no OTK, how can the ITR
          decrypt the reply?????</div>
        <div class=3D"">It MUST discard=E2=80=A6..</div>
      </div>
    </blockquote>
    <br class=3D"">
    If S-bit =3D 0 there's no Authentication Data. The Map-reply is in
    clear, and can be read.</div></div></blockquote><div><br =
class=3D""></div><div>I am not sure you understood my =
point.</div><div><br class=3D""></div><div>You send a Map-Request with =
S=3D0, hence unenbcrypted. How can you possible receive a Map-Reply with =
S=3D1?</div><div>How is it encrypted if the ITR did not provide any =
OTK?</div><div><br class=3D""></div><div><br class=3D""></div><div><br =
class=3D""></div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> <br =
class=3D"">
    <br class=3D"">
    Here again the SHOULD leaves open to ITR local policy that can be
    strict (drop anything not authenticated) or loose (accept
    unauthenticated map-reply). <br class=3D"">
    <br class=3D"">
    There are use cases where LISP-SEC is not deployed everywhere, where
    the ITR might have to use loose policy. &nbsp; <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D""><br class=3D"">
        </div>
        <br class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">   Upon receiving a Map-Reply, the ITR must verify the =
integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre>
          </div>
        </blockquote>
        Why is this a SHOULD? If it supports the HMAC Algorithm why not
        decrypt? Shouldn=E2=80=99t this be a =E2=80=9CMAY=E2=80=9D, =
according to internal
        policy?<br class=3D"">
      </div>
    </blockquote>
    <br class=3D"">
    because this could be used by an attacker to force weaker HMACs
    (e.g. MD5). </div></div></blockquote><div><br =
class=3D""></div>OK</div><div><br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" =
class=3D"">The SHOULD leaves open the door to not discarding,
    according to local policy. <br class=3D"">
    <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>OK.</div><div><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <blockquote type=3D"cite" class=3D"">
          <div class=3D"">
            <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">   and send, at the first opportunity it needs to, a new =
Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre>
          </div>
        </blockquote>
        <div class=3D"">Shouldn=E2=80=99t the MS do the same thing? =
Otherwise
          different values will be obtained. This is not specified in
          the MS functioning description.</div>
      </div>
    </blockquote>
    <br class=3D"">
    good catch. Actually it's a typo here, the EID HMAC field should be
    set to 0 (that is consistent with section 5.7), not the EID HMAC ID
    that should not be touched. <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div>OK<br class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" =
class=3D"">
    <br class=3D"">
    <pre style=3D"word-wrap: break-word; white-space: pre-wrap;" =
class=3D"">The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.

should change to=20

<meta charset=3D"utf-8" class=3D"">The scope of the HMAC operation =
covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.<pre class=3D"newpage" =
style=3D"font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; =
break-before: page; font-style: normal; font-variant-ligatures: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: 2; text-align: start; text-indent: 0px; text-transform: none; =
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"></pre>
</pre>




<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">
</div>
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">   To =
verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  =
</pre></div></blockquote><div class=3D"">I do not understand this =
=E2=80=9CSHOULD=E2=80=9D. &nbsp;This has consequences in the choice how =
to react to SMR. This is a local policy.</div><div class=3D"">_If_ the =
ITR wants to protect Map-Requests using LISP-SEC, than SMR triggered =
Map-Request MUST be sent through the mapping =
system.</div></div></blockquote></div></div></blockquote><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
so the _if_ is what makes that MUST a SHOULD... According to local =
policy the ITR SHOULD send the SMR.=20



</div></div></blockquote><div><br class=3D""></div><div>I read the =
sentence in this way:</div><div><br class=3D""></div><div><span =
class=3D"Apple-tab-span" style=3D"white-space:pre">	</span>In order =
to received a secure Map-Reply, the ITR MUST send SMR triggered =
Map-Requests over the mapping system.</div></div><div><br =
class=3D""></div><div>No?</div><div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D""><blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">
</div>
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">If an =
ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre></div></blockquote><div class=3D"">Same as above.</div>
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">5.4.1. =
 Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre></div></blockquote><div =
class=3D"">I think =E2=80=9Clog message" is too much implementation =
specific.&nbsp;</div><div class=3D"">If there is a notification, and how =
this notification is done, is implementation specific =
IMHO.</div></div></blockquote>
Ok. 'a log message is issued' will change to 'a log action should be =
taken'.=20

The point is that there could be an attack behind it, and we want to =
record the event=20

</div></div></blockquote><div><br class=3D""></div><div>OK</div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""><blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D"">
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">If =
both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre></div></blockquote><div class=3D"">I think =E2=80=9Clog message" =
is too much implementation specific.&nbsp;</div><div class=3D"">If there =
is a notification, and how this notification is done, is implementation =
specific IMHO.</div></div></blockquote>
ok. Same as above.=20

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">
</div><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">   =
The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre></div></blockquote><div class=3D"">I =
think =E2=80=9Clog message" is too much implementation =
specific.&nbsp;</div><div class=3D"">If there is a notification, and how =
this notification is done, is implementation specific =
IMHO.</div></div></blockquote>
ok. Same as above


<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">
</div><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">  In =
this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre></div></blockquote><div class=3D"">Reading the example I am not =
sure I would follow this behaviour.</div><div class=3D"">Only 1 record =
out of 3 is valid so why should I actually trust the ETR instead of =
throwing everything away?</div><div class=3D"">Can you explain =
???</div></div></blockquote>
The other two records are validated by the MS, so there is no reason to =
throw those away.=20



</div></div></blockquote><div><br class=3D""></div><div>Yes, but the ETR =
is still trying to cheat on the third one=E2=80=A6.</div><div>So the ETR =
may be compromised, why should I send traffic to him???</div><div><br =
class=3D""></div><div><br class=3D""></div><blockquote type=3D"cite" =
class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" =
class=3D""><blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">
</div><div class=3D"">
</div>
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">5.4.2. =
 PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, =
</pre></div></blockquote><div class=3D"">This would be LISP+ALT. Pleas =
add a reference to 6836.</div></div></blockquote>
ok.=20

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D"">
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre></div></blockquote><div =
class=3D"">If confidentiality is required why there is not a MUST?</div>
</div></blockquote>Same.

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre></div></blockquote>Again, if =
confidentiality is required why there is not a MUST?</div></blockquote>
Same.=20
<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D"">
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">be =
encrypted with a key shared between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to =
[RFC3339],</pre></div></blockquote><div class=3D"">The correct RFC is =
3394.</div></div></blockquote>
ok.=20

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D"">
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D""> the =
AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre></div></blockquote><div class=3D"">Few points on this last =
paragraph:</div><div class=3D"">- You assume that there is no need of =
confidentiality inside the Mapping System?</div><div class=3D"">- Why =
not stating that encryption inside the mapping system is mapping system =
specify and out of scope of this document?</div></div></blockquote>ok. =
as it was pointed out above.=20

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">- Why are you =
assuming that all of the Mapping system will use ECM? Future Mapping =
system may use soemthos different. The important point is to ship the AD =
along.</div></div></blockquote>
good point, and I agree with your suggestion to fix this below.=20


<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The Map-Resolver then =
forwards</pre></div></blockquote>to whom?
</div></blockquote>
ok. add 'to the Map-Server'

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> the received Map-Request, =
encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre></div></blockquote><div class=3D"">As for my comment of the =
previous paragraph I would be more generic stating that the MR will hand =
over the request to the mapping system.</div><div class=3D"">
</div><div class=3D"">You can still provide the example of DDT using =
ECM.</div></div></blockquote>
right.=20

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D"">
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">5.7.  =
Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre></div></blockquote><div class=3D"">This equivalent to not using =
LISP-SEC. Please specify that the Map-Reply will be not =
protected.</div></div></blockquote>
ok.=20
<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D"">
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">   If =
the S-bit contained in the Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be =
encrypted,</pre></div></blockquote>Again, if confidentiality is required =
why there is not a MUST?
</div></blockquote>
same as above.=20


<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre></div></blockquote><div class=3D"">
</div><div class=3D"">As for a previous comment, can you elaborate if =
OTK confidentiality is required in the mapping system and what are the =
consequences?</div><div class=3D"">
</div>
</div></blockquote>
ok.

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><blockquote type=3D"cite" =
class=3D""><div class=3D""><pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   Map-Register security, including =
the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre></div></blockquote><div class=3D"">This section is not conform to =
RFC 5226.</div><div class=3D"">
</div><div class=3D"">There right way to go is to ask IANA to create =
three new registries, for HMAC, Key Wrap, and Key Derivation =
functions.</div><div class=3D"">Define what is the allocation process =
(in light of the size of the field FCFS should not cause any problem =
IMHO)</div><div class=3D"">
</div><div class=3D"">Then ask to populate the registries as already =
described.</div></div></blockquote>

<meta charset=3D"utf-8" class=3D"">
Ok, so each one of the sections 7.x will say:=20

<meta charset=3D"utf-8" class=3D"">IANA is requested to create a new =
&lt;registry-name&gt;&nbsp; registry for use =E2=80=A6=20

</div></div></blockquote><div><br class=3D""></div><div>There is =
slightly more text to add.</div><div><br class=3D""></div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""><blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">
</div>
<blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">7.1.  =
HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]
=0C
Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]
=0C
Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre></div></blockquote><div class=3D"">
</div><div class=3D"">
</div><div class=3D"">Please Check your reference, this is the output if =
the nits tool:</div><div class=3D"">
</div><div class=3D"">
</div><div class=3D"">Checking references for intended status: =
Experimental</div><div class=3D"">&nbsp; =
--------------------------------------------------------------------------=
--</div><div class=3D"">
</div><div class=3D"">&nbsp; =3D=3D Missing Reference: 'RFC3339' is =
mentioned on line 602, but not defined</div><div class=3D"">
</div><div class=3D"">&nbsp; =3D=3D Missing Reference: 'RFC4634' is =
mentioned on line 752, but not defined</div><div class=3D"">
</div><div class=3D"">&nbsp; ** Obsolete undefined reference: RFC 4634 =
(Obsoleted by RFC 6234)</div></div></blockquote>
ok.=20

<blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">
</div><blockquote type=3D"cite" class=3D""><div class=3D""><pre =
style=3D"word-wrap: break-word; white-space: pre-wrap;" class=3D"">   =
[RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc2104" =
class=3D"">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc2119" =
class=3D"">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc3394" =
class=3D"">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc4086" =
class=3D"">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc5226" =
class=3D"">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc5869" =
class=3D"">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc6830" =
class=3D"">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc6833" =
class=3D"">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc7835" =
class=3D"">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send=3D"true" href=3D"mailto:fmaino@cisco.com" =
class=3D"">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send=3D"true" href=3D"mailto:vermagan@cisco.com" =
class=3D"">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a moz-do-not-send=3D"true" href=3D"mailto:acabello@ac.upc.edu" =
class=3D"">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a moz-do-not-send=3D"true" =
href=3D"mailto:damien.saucez@inria.fr" =
class=3D"">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page =
19]</pre><div class=3D"">
</div></div><div class=3D"">
</div><div class=3D"">
</div></blockquote>
<div class=3D""><div class=3D"">
</div><div class=3D"">
</div>
</div></div>


</blockquote><div class=3D"">
<br =
class=3D"webkit-block-placeholder"></div></div></div></blockquote></div><b=
r class=3D""></div></body></html>=

--Apple-Mail=_E3DB3483-9CFF-43B0-9BD5-B6C21403317E--


From nobody Mon Oct 24 10:58:34 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2E9D12989F; Mon, 24 Oct 2016 10:58:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzI-QPqzZI-O; Mon, 24 Oct 2016 10:58:32 -0700 (PDT)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D2B412987B; Mon, 24 Oct 2016 10:58:32 -0700 (PDT)
Received: by mail-pf0-x22a.google.com with SMTP id e6so102777241pfk.3; Mon, 24 Oct 2016 10:58:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YpVkzjLqfdb1ciMnx/Obn8EyyZ9CJchmLIP9m2OS170=; b=XsNbiA9lyWHkqptopox6R+IF9TnGkIxQzJL7jUCfdZ1aJLZ/FuKXQeYOOT9+3qwm/Q 07+EVlh0pVuL+Paz07ENWMbia1thq13+G48gPvWFXJm6Dldz0U3gQODUW6ZU3nEyJpRy QfLWWBSFTeGyHPPK7JkmurlfuqAQuKBIk6JvH7gyDvAwSdJ/SvK6zkgFV//h0ahoI2KF KL/pDpy030Rkg4TrSQxy73Da0+npovbXCKCXF95jgl0pS2xH6+ov7U37ey5Caxt5vqYr JLUNE7FbZV+WhrBD222IkL+IQXiuQpFODt7KsRHWQm9pAeDXr7PC+/Z8CptxL+hf/J87 O0vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YpVkzjLqfdb1ciMnx/Obn8EyyZ9CJchmLIP9m2OS170=; b=RDHD+jk8lhzCbOpvnwq+6GP8CvYrb89acVGlSkzHK87ZQnBq/XUvi77mFDRjym/1Be 3rYpZQfE152AYfnhB54AjjkaKYw+PeNHT5tP70HYaTHd936ObrP90iccWwxd8YTMg9Sg xT39+h/GVRd1Trsr19VVGsSggzp3OBiR7kbzxMATN+jd5gnLEhzUt53lyA5UqDcWz+WY TCc9oNl70i8/luOe48Cx+E95f7vGtCP9hur8BslyYe9y5E120BrLu9Ip+nvdNLKGcrpu MdhmsDRIWbuD/PUu3yJxUgnqVxNSpgZjBWLM4rbw7TN5ArRLT3xZdp/5JFdU4fUkWldA ivYg==
X-Gm-Message-State: ABUngvfkPdHwTPbhYStLGXFY+ONerHuB4ylhkJJV+eMUnJ2b2f5OIS440wvs2KSXjMVvaA==
X-Received: by 10.99.219.81 with SMTP id x17mr25888025pgi.138.1477331911635; Mon, 24 Oct 2016 10:58:31 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id yi2sm27033849pab.17.2016.10.24.10.58.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Oct 2016 10:58:31 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>
Date: Mon, 24 Oct 2016 10:58:26 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <D77FE770-3383-47EF-A7D9-80EEFA52D6F0@gmail.com>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>
To: Fabio Maino <fmaino@cisco.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/C9ayfKqu4jDedc2vpR7JLoN19yw>
Cc: lisp-chairs@ietf.org, LISP mailing list list <lisp@ietf.org>, Damien Saucez <damien.saucez@inria.fr>, Luigi Iannone <luigi.iannone@telecom-paristech.fr>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2016 17:58:34 -0000

>> Why are you re-defining ECM?=20
>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>> I would drop it.
>=20
> It is not defined in the Definitions section of 6830. One would need =
to go through the body of 6830 to find it.=20
>=20
> I'll drop it, but we need to make sure that ECM gets into the =
definition section of 6830bis.=20
>=20
> Albert: are you looking into that document? Can you take care of this?=20=


=46rom the Berlin presentation, we had planned to put all control-plane =
messages in 6833bis and did plan to include all flags (as well as the =
S-bit in the ECM header). So we got this covered.

In 6833bis we can refer to lisp-sec if we can progress it sooner than =
6833bis. And from a current perspective, it is looking that way.

Comments?

Dino



From nobody Mon Oct 24 11:07:27 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DD981293DA; Mon, 24 Oct 2016 11:07:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.951
X-Spam-Level: 
X-Spam-Status: No, score=-14.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1nAd1wuNPwKi; Mon, 24 Oct 2016 11:07:23 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43523129881; Mon, 24 Oct 2016 11:07:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4091; q=dns/txt; s=iport; t=1477332443; x=1478542043; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=rmRl7TyMoiL/ABs0QMDb0IUWJXgc1TPF6ih8Kkq3pUo=; b=S3REEkzo13+d34HYaVw+hLEifE4kz7/kFCLyzROhZxPW//shy9gaSxUg KFQfUhlBlMCBwTOiTyIHuynDV6kKq73U6KCoG8KsOwKaMaipF9V2OeohW 3I06ubbleuirqEznOtSHpQMD3Ir57l6G58y0mFNrJPfzPU/QGGZZRTGja M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BxBAC6TA5Y/40NJK1cGgEBAQECAQEBA?= =?us-ascii?q?QgBAQEBgnQ2AQEBAQEdgVWkMIdeh0uDB4IPggeGIQKBZ0ATAQIBAQEBAQEBYii?= =?us-ascii?q?EYgEBAQMBLUELEAIBCAQNAwECCiUPEhEdCAIEDgWIOAMPCL1YDYNlAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBHIY9hFWCR4IghT8FlDeFKDUBjHmDGZACiGyIGgEgAjJ?= =?us-ascii?q?egxQcgVJyiEEBAQE?=
X-IronPort-AV: E=Sophos;i="5.31,542,1473120000";  d="scan'208,217";a="339497154"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 24 Oct 2016 18:07:22 +0000
Received: from XCH-RCD-018.cisco.com (xch-rcd-018.cisco.com [173.37.102.28]) by alln-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id u9OI7MUs018278 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 24 Oct 2016 18:07:22 GMT
Received: from xch-rcd-017.cisco.com (173.37.102.27) by XCH-RCD-018.cisco.com (173.37.102.28) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 24 Oct 2016 13:07:21 -0500
Received: from xch-rcd-017.cisco.com ([173.37.102.27]) by XCH-RCD-017.cisco.com ([173.37.102.27]) with mapi id 15.00.1210.000; Mon, 24 Oct 2016 13:07:21 -0500
From: "Fabio Maino (fmaino)" <fmaino@cisco.com>
To: Dino Farinacci <farinacci@gmail.com>
Thread-Topic: [lisp] LISP-SEC review (finally)
Thread-Index: AQHSKhqmfwttQxAH4UiDIGfXTvDdEaCzbnsAgATRkQD//66ttA==
Date: Mon, 24 Oct 2016 18:07:21 +0000
Message-ID: <i3xkp7mc2x32v77rf3mxb8cq.1477332424121@email.android.com>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com>, <D77FE770-3383-47EF-A7D9-80EEFA52D6F0@gmail.com>
In-Reply-To: <D77FE770-3383-47EF-A7D9-80EEFA52D6F0@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: multipart/alternative; boundary="_000_i3xkp7mc2x32v77rf3mxb8cq1477332424121emailandroidcom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/He932hLcGYQtrHkpfG62G8sTDVY>
Cc: "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, LISP mailing list list <lisp@ietf.org>, Damien Saucez <damien.saucez@inria.fr>, Luigi Iannone <luigi.iannone@telecom-paristech.fr>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2016 18:07:26 -0000

--_000_i3xkp7mc2x32v77rf3mxb8cq1477332424121emailandroidcom_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

perfect.

thanks Dino,


Fabio




Sent with OOR.Mobile (OpenOverlayRouter.org)


-------- Original message --------
From: Dino Farinacci <farinacci@gmail.com>
Date: 10/24/16 10:58 AM (GMT-08:00)
To: "Fabio Maino (fmaino)" <fmaino@cisco.com>
Cc: Luigi Iannone <luigi.iannone@telecom-paristech.fr>, "Vina Ermagan (verm=
agan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien =
Saucez <damien.saucez@inria.fr>, lisp-chairs@ietf.org, LISP mailing list li=
st <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)


>> Why are you re-defining ECM?
>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>> I would drop it.
>
> It is not defined in the Definitions section of 6830. One would need to g=
o through the body of 6830 to find it.
>
> I'll drop it, but we need to make sure that ECM gets into the definition =
section of 6830bis.
>
> Albert: are you looking into that document? Can you take care of this?

>From the Berlin presentation, we had planned to put all control-plane messa=
ges in 6833bis and did plan to include all flags (as well as the S-bit in t=
he ECM header). So we got this covered.

In 6833bis we can refer to lisp-sec if we can progress it sooner than 6833b=
is. And from a current perspective, it is looking that way.

Comments?

Dino



--_000_i3xkp7mc2x32v77rf3mxb8cq1477332424121emailandroidcom_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; pad=
ding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div>
<div>perfect.</div>
<div><br>
</div>
<div>thanks Dino,</div>
<div>&nbsp;</div>
<div><br>
</div>
<div>Fabio</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div id=3D"x_composer_signature">
<div style=3D"font-size:85%; color:#575757">Sent with OOR.Mobile (OpenOverl=
ayRouter.org)</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>-------- Original message --------</div>
<div>From: Dino Farinacci &lt;farinacci@gmail.com&gt; </div>
<div>Date: 10/24/16 10:58 AM (GMT-08:00) </div>
<div>To: &quot;Fabio Maino (fmaino)&quot; &lt;fmaino@cisco.com&gt; </div>
<div>Cc: Luigi Iannone &lt;luigi.iannone@telecom-paristech.fr&gt;, &quot;Vi=
na Ermagan (vermagan)&quot; &lt;vermagan@cisco.com&gt;, Albert Cabellos &lt=
;acabello@ac.upc.edu&gt;, Damien Saucez &lt;damien.saucez@inria.fr&gt;, lis=
p-chairs@ietf.org, LISP mailing list list &lt;lisp@ietf.org&gt;
</div>
<div>Subject: Re: [lisp] LISP-SEC review (finally) </div>
<div><br>
</div>
</div>
<font size=3D"2"><span style=3D"font-size:10pt;">
<div class=3D"PlainText"><br>
&gt;&gt; Why are you re-defining ECM? <br>
&gt;&gt; You do not specify other packets, e.g., Map-Reply, so why ECM?<br>
&gt;&gt; I would drop it.<br>
&gt; <br>
&gt; It is not defined in the Definitions section of 6830. One would need t=
o go through the body of 6830 to find it.
<br>
&gt; <br>
&gt; I'll drop it, but we need to make sure that ECM gets into the definiti=
on section of 6830bis.
<br>
&gt; <br>
&gt; Albert: are you looking into that document? Can you take care of this?=
 <br>
<br>
>From the Berlin presentation, we had planned to put all control-plane messa=
ges in 6833bis and did plan to include all flags (as well as the S-bit in t=
he ECM header). So we got this covered.<br>
<br>
In 6833bis we can refer to lisp-sec if we can progress it sooner than 6833b=
is. And from a current perspective, it is looking that way.<br>
<br>
Comments?<br>
<br>
Dino<br>
<br>
<br>
</div>
</span></font>
</body>
</html>

--_000_i3xkp7mc2x32v77rf3mxb8cq1477332424121emailandroidcom_--


From nobody Tue Oct 25 02:15:18 2016
Return-Path: <ggx@gigix.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C837512944A for <lisp@ietfa.amsl.com>; Tue, 25 Oct 2016 02:15:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level: 
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gigix-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ICjmITVQ_rF for <lisp@ietfa.amsl.com>; Tue, 25 Oct 2016 02:15:09 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6AD0129462 for <lisp@ietf.org>; Tue, 25 Oct 2016 02:15:08 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id c78so151040156wme.0 for <lisp@ietf.org>; Tue, 25 Oct 2016 02:15:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigix-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+pT16XZUUNyWD/PL15bWgImbOscxdmLa2/RbA8UmP7k=; b=ogPB/0V0mWDhNug8gJ/IRXWKqSeCMLEqNMgFsKlBdB5fQsD+PtrF+5FZUyCaffF9FM x4CmLF4MIanB8v1twpORBELMaTjIUalV8th9/oL8K2KPiRhHTQve2C3FwdDQo2znwqod N+fkUGafAGl7NvA9UIh5PV9rpxWDDhSXs81hfXu6hcYlE9PDQjrmQBNRkJxG3BOfidiT Rd4eV7Dj1frPSdgIqFFMr9vGstrWwVh7z4w55aGN5hBguHpsQv61I+3PFjdZ/fbxyn2M 6Puy6IBAcVlykUuh8Ac0bkj9fa2mEH1txIZLyuyquHCHJdtQ8pPEX72583syXdcd9+hk 4H3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+pT16XZUUNyWD/PL15bWgImbOscxdmLa2/RbA8UmP7k=; b=FvW1H2VLqZynDvCho8EYY5FSnVhcnBa4CKeZVzG/9chMm+L/rxZ5jYPb5SGuqQZ/Kv zCn8UeqSI441JCTMU2EnSSFTUu5CO/PniqXpodI3bbO0vgaMUJ+6yeCtxzA4P+jbtljn eXTHz4Cr17eeZYNBXJZxA7B/VK1sFiwW6iIkzC6fTub6z/zienLuWgYhQ+RzH+CzCOna 1rf2dczExA/SMgGl8OOTnOCd80a1et/DEEt3km3jJ3Bgmg/zZfKASq2kTfwxSk+7Np2f YmgRFRklCWJ8kVuVqU1g5R7m/qAGACKhu3YmSMgRvezzfWLYQhBdDDtZhvrJvRl2i4JH 0z+Q==
X-Gm-Message-State: ABUngvd3w4eM1Rw6PbvKSfp6FL71v+SLyj8eK+mJjzoEfTwcJ7opG/i4/b4c9Opf17Lkhg==
X-Received: by 10.194.137.168 with SMTP id qj8mr15539822wjb.146.1477386907296;  Tue, 25 Oct 2016 02:15:07 -0700 (PDT)
Received: from ?IPv6:2a01:e35:1381:3430:107f:6825:668d:28d1? ([2a01:e35:1381:3430:107f:6825:668d:28d1]) by smtp.gmail.com with ESMTPSA id jx8sm23924114wjc.2.2016.10.25.02.15.06 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Oct 2016 02:15:06 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-8680DCF4-7386-457A-B4A7-1A81EA032E56
Mime-Version: 1.0 (1.0)
From: Luigi Iannone <ggx@gigix.net>
X-Mailer: iPad Mail (14A456)
In-Reply-To: <i3xkp7mc2x32v77rf3mxb8cq.1477332424121@email.android.com>
Date: Tue, 25 Oct 2016 11:15:05 +0200
Content-Transfer-Encoding: 7bit
Message-Id: <ABFA0FA1-499E-4BCB-95C0-4E47B9382747@gigix.net>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <D77FE770-3383-47EF-A7D9-80EEFA52D6F0@gmail.com> <i3xkp7mc2x32v77rf3mxb8cq.1477332424121@email.android.com>
To: "Fabio Maino (fmaino)" <fmaino@cisco.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/MWqNh5clrQgNewYTdOQ0groRSZQ>
Cc: "lisp-chairs@ietf.org" <lisp-chairs@ietf.org>, LISP mailing list list <lisp@ietf.org>, Damien Saucez <damien.saucez@inria.fr>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 09:15:17 -0000

--Apple-Mail-8680DCF4-7386-457A-B4A7-1A81EA032E56
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable

As I explained in my reply yesterday if you reference 6830bis this document w=
ill be delayed again.=20

First because we actually need 6830bis in a stable version before moving LIS=
P-SEC forward

Second because there will be a missing reference so the RFC editor will keep=
 the document in the queue until 6830bis is an RFC.

Not that I am against this choice.=20
Up to the WG to decide.
I just want  to clarify the way forward.

Ciao

L.


Sent from my iPad

> On 24 Oct 2016, at 20:07, Fabio Maino (fmaino) <fmaino@cisco.com> wrote:
>=20
> perfect.
>=20
> thanks Dino,
> =20
>=20
> Fabio
>=20
>=20
>=20
>=20
> Sent with OOR.Mobile (OpenOverlayRouter.org)
>=20
>=20
> -------- Original message --------
> From: Dino Farinacci <farinacci@gmail.com>
> Date: 10/24/16 10:58 AM (GMT-08:00)
> To: "Fabio Maino (fmaino)" <fmaino@cisco.com>
> Cc: Luigi Iannone <luigi.iannone@telecom-paristech.fr>, "Vina Ermagan (ver=
magan)" <vermagan@cisco.com>, Albert Cabellos <acabello@ac.upc.edu>, Damien S=
aucez <damien.saucez@inria.fr>, lisp-chairs@ietf.org, LISP mailing list list=
 <lisp@ietf.org>
> Subject: Re: [lisp] LISP-SEC review (finally)
>=20
>=20
> >> Why are you re-defining ECM?=20
> >> You do not specify other packets, e.g., Map-Reply, so why ECM?
> >> I would drop it.
> >=20
> > It is not defined in the Definitions section of 6830. One would need to g=
o through the body of 6830 to find it.=20
> >=20
> > I'll drop it, but we need to make sure that ECM gets into the definition=
 section of 6830bis.=20
> >=20
> > Albert: are you looking into that document? Can you take care of this?=20=

>=20
> =46rom the Berlin presentation, we had planned to put all control-plane me=
ssages in 6833bis and did plan to include all flags (as well as the S-bit in=
 the ECM header). So we got this covered.
>=20
> In 6833bis we can refer to lisp-sec if we can progress it sooner than 6833=
bis. And from a current perspective, it is looking that way.
>=20
> Comments?
>=20
> Dino
>=20
>=20

--Apple-Mail-8680DCF4-7386-457A-B4A7-1A81EA032E56
Content-Type: text/html;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; charset=3D=
utf-8"></head><body dir=3D"auto"><div>As I explained in my reply yesterday i=
f you reference 6830bis this document will be delayed again.&nbsp;</div><div=
><br></div><div>First because we actually need 6830bis in a stable version b=
efore moving LISP-SEC forward</div><div><br></div><div>Second because there w=
ill be a missing reference so the RFC editor will keep the document in the q=
ueue until 6830bis is an RFC.</div><div><br></div><div>Not that I am against=
 this choice.&nbsp;</div><div>Up to the WG to decide.</div><div>I just want &=
nbsp;to clarify the way forward.</div><div><br></div><div>Ciao</div><div><br=
></div><div>L.</div><div><br></div><div><br><div>Sent from my iPad</div></di=
v><div><br>On 24 Oct 2016, at 20:07, Fabio Maino (fmaino) &lt;<a href=3D"mai=
lto:fmaino@cisco.com">fmaino@cisco.com</a>&gt; wrote:<br><br></div><blockquo=
te type=3D"cite"><div>

<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii">=

<meta name=3D"Generator" content=3D"Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padd=
ing-left: 4pt; border-left: #800000 2px solid; } --></style>


<div>
<div>perfect.</div>
<div><br>
</div>
<div>thanks Dino,</div>
<div>&nbsp;</div>
<div><br>
</div>
<div>Fabio</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div id=3D"x_composer_signature">
<div style=3D"font-size:85%; color:#575757">Sent with OOR.Mobile (<a href=3D=
"http://OpenOverlayRouter.org">OpenOverlayRouter.org</a>)</div>
</div>
<div><br>
</div>
<div><br>
</div>
<div>-------- Original message --------</div>
<div>From: Dino Farinacci &lt;<a href=3D"mailto:farinacci@gmail.com">farinac=
ci@gmail.com</a>&gt; </div>
<div>Date: 10/24/16 10:58 AM (GMT-08:00) </div>
<div>To: "Fabio Maino (fmaino)" &lt;<a href=3D"mailto:fmaino@cisco.com">fmai=
no@cisco.com</a>&gt; </div>
<div>Cc: Luigi Iannone &lt;<a href=3D"mailto:luigi.iannone@telecom-paristech=
.fr">luigi.iannone@telecom-paristech.fr</a>&gt;, "Vina Ermagan (vermagan)" &=
lt;<a href=3D"mailto:vermagan@cisco.com">vermagan@cisco.com</a>&gt;, Albert C=
abellos &lt;<a href=3D"mailto:acabello@ac.upc.edu">acabello@ac.upc.edu</a>&g=
t;, Damien Saucez &lt;<a href=3D"mailto:damien.saucez@inria.fr">damien.sauce=
z@inria.fr</a>&gt;, <a href=3D"mailto:lisp-chairs@ietf.org">lisp-chairs@ietf=
.org</a>, LISP mailing list list &lt;<a href=3D"mailto:lisp@ietf.org">lisp@i=
etf.org</a>&gt;
</div>
<div>Subject: Re: [lisp] LISP-SEC review (finally) </div>
<div><br>
</div>
</div>
<font size=3D"2"><span style=3D"font-size:10pt;">
<div class=3D"PlainText"><br>
&gt;&gt; Why are you re-defining ECM? <br>
&gt;&gt; You do not specify other packets, e.g., Map-Reply, so why ECM?<br>
&gt;&gt; I would drop it.<br>
&gt; <br>
&gt; It is not defined in the Definitions section of 6830. One would need to=
 go through the body of 6830 to find it.
<br>
&gt; <br>
&gt; I'll drop it, but we need to make sure that ECM gets into the definitio=
n section of 6830bis.
<br>
&gt; <br>
&gt; Albert: are you looking into that document? Can you take care of this? <=
br>
<br>
=46rom the Berlin presentation, we had planned to put all control-plane mess=
ages in 6833bis and did plan to include all flags (as well as the S-bit in t=
he ECM header). So we got this covered.<br>
<br>
In 6833bis we can refer to lisp-sec if we can progress it sooner than 6833bi=
s. And from a current perspective, it is looking that way.<br>
<br>
Comments?<br>
<br>
Dino<br>
<br>
<br>
</div>
</span></font>


</div></blockquote></body></html>=

--Apple-Mail-8680DCF4-7386-457A-B4A7-1A81EA032E56--


From nobody Tue Oct 25 07:13:17 2016
Return-Path: <ggx@gigix.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF93A1295C3 for <lisp@ietfa.amsl.com>; Tue, 25 Oct 2016 07:13:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gigix-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uk5tQEod9D3c for <lisp@ietfa.amsl.com>; Tue, 25 Oct 2016 07:13:12 -0700 (PDT)
Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28A15129541 for <lisp@ietf.org>; Tue, 25 Oct 2016 07:13:02 -0700 (PDT)
Received: by mail-lf0-x232.google.com with SMTP id x79so220577310lff.0 for <lisp@ietf.org>; Tue, 25 Oct 2016 07:13:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gigix-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=3IscPx0qAXn4DjbYpuPCEwv45SYcU9XaCgzgXVhZv5w=; b=Z8rETiqpABkOXpOMMrfzWsJtTdf3b5NtXLOz7ddOux9xO/y9e9wiVCsLw5vrjaJp8W oKhHjZacvHxi0JcKniaBdeXg5bOb8wMjx/tXmwwNh9MOdXQk4GJ5qjPfyL8RDAw8DVc+ 7T1dwbT7MOUr3KhgQLKHpZjKDUlp3DPyBJ29VZ9sgtATFeK/fw7TBXpumclygnaoeA8I 35e9OrlItpOa8H67+3v4a77gh8v85Guop7IIhxZQjojBsjoGmoWWTD6WsvwnqgEbUTXW s8XZsbuaDSX+O0lSoxKX2X4Z102l3JT2i11JtTux8DOg/W/AqERCL+vNkX0cbBNBsNNH XCcw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=3IscPx0qAXn4DjbYpuPCEwv45SYcU9XaCgzgXVhZv5w=; b=PRX2E0AahRHgVdCF75lojvhJqUiavi20g35CypGrG6IIDg+6fa85NmkX0Gw9Mb4zil GDlHtXIa+zva3w1DxLgF7MFfYt/UjIHbmXelFHcs9fNL2tLWsOqWN5Av951kyva5Bgia aOem7yl7RIrPKnsBLTQCxz8DI3BEy6JeeuSxpb7qcke72uQDSwvVhY1ujiQubvT9TbOi NGQ68l/cmjDSSGmhQ4R4cID3bcpr15AnZayPCcutqjVR2hYF5DFgiJzpnMfJKpiQZmwu p0rLRrX20m/nIwOiE5KZVlY2cmDNs8r0ymf0trWgie+22Bb3ZlfbFULGY3NOcEOnCTAq q24A==
X-Gm-Message-State: ABUngvd8xHhrqZ34/nbjKVQyvsD+nAi6MgAeh7IaSzgHuM+lVm/e0sffLTmLpow476oPtQ==
X-Received: by 10.194.58.175 with SMTP id s15mr16779789wjq.97.1477404779950; Tue, 25 Oct 2016 07:12:59 -0700 (PDT)
Received: from ?IPv6:2001:660:330f:38:3150:ce3a:5971:47b0? ([2001:660:330f:38:3150:ce3a:5971:47b0]) by smtp.gmail.com with ESMTPSA id n72sm3915931wmd.11.2016.10.25.07.12.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Oct 2016 07:12:58 -0700 (PDT)
From: Luigi Iannone <ggx@gigix.net>
Message-Id: <8AC8B17B-5273-4D4C-A39F-B76F39E8C073@gigix.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A9DD2A41-48F5-4AA2-AF0E-A13870A7F651"
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
Date: Tue, 25 Oct 2016 16:13:46 +0200
In-Reply-To: <147709207394.28214.4140337910947188550.idtracker@ietfa.amsl.com>
To: LISP mailing list list <lisp@ietf.org>
References: <147709207394.28214.4140337910947188550.idtracker@ietfa.amsl.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/XW1U9mAsa51Q3jZZPd_oqmM3rpw>
Cc: lisp-chairs@ietf.org
Subject: [lisp] Call for Agenda Items
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2016 14:13:16 -0000

--Apple-Mail=_A9DD2A41-48F5-4AA2-AF0E-A13870A7F651
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hi All,

We have a time slot during the next IETF in Seoul so it is time to fix =
the agenda for our WG.
The LISP WG  is scheduled to meet on Wednesday, November 16th, 2016, =
from 9:30 to 11:00 (1.5 hours)=20

Please send your requests for agenda items (Presenter=E2=80=99s name, =
ppt title, slot duration)=20
to lisp-chairs@tools.ietf.org <mailto:lisp-chairs@tools.ietf.org> by =
Monday 31st October, 2016.

Thanks

Joel & Luigi

> On 22 Oct 2016, at 01:21, IETF Secretariat <agenda@ietf.org> wrote:
>=20
> Dear Luigi Iannone,
>=20
> The session(s) that you have requested have been scheduled.
> Below is the scheduled session information followed by
> the original request.=20
>=20
> lisp Session 1 (1:30:00)
>    Wednesday, Morning Session I 0930-1100
>    Room Name: Studio 4 size: 100
>    ---------------------------------------------
>=20
>=20
>=20
> Request Information:
>=20
>=20
> ---------------------------------------------------------
> Working Group Name: Locator/ID Separation Protocol
> Area Name: Routing Area
> Session Requester: Luigi Iannone
>=20
> Number of Sessions: 1
> Length of Session(s):  1.5 Hours
> Number of Attendees: 50
> Conflicts to Avoid:=20
> First Priority: rtgwg nvo3 i2rs sidr grow sfc sdnrg nfvrg pim intarea
> Second Priority: mboned icnrg irtfopen idr spring bier maprg
> Third Priority: l2tpext bess
>=20
>=20
> Special Requests:
>=20
> ---------------------------------------------------------
>=20


--Apple-Mail=_A9DD2A41-48F5-4AA2-AF0E-A13870A7F651
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D""><div class=3D""><div class=3D"">Hi All,<br class=3D""><br =
class=3D"">We have a time slot during the next IETF in Seoul so it is =
time to fix the&nbsp;agenda for our WG.<br class=3D"">The LISP WG =
&nbsp;is scheduled to meet on Wednesday, November 16th, 2016, from 9:30 =
to 11:00 (1.5 hours)&nbsp;<br class=3D""><br class=3D""></div>Please =
send your requests for agenda items (Presenter=E2=80=99s name, ppt =
title, slot duration)&nbsp;<br class=3D"">to&nbsp;<a =
href=3D"mailto:lisp-chairs@tools.ietf.org" =
class=3D"">lisp-chairs@tools.ietf.org</a>&nbsp;by Monday 31st October, =
2016.<br class=3D""><font color=3D"#5856d6" class=3D""><br =
class=3D""></font><div class=3D"" style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><span =
id=3D"OLK_SRC_BODY_SECTION" class=3D""><div class=3D"" style=3D"word-wrap:=
 break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space;"><span id=3D"OLK_SRC_BODY_SECTION" class=3D""><div =
class=3D"" style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space;">Thanks</div><div class=3D"" =
style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space;"><br =
class=3D""></div></span></div></span></div><div class=3D"">Joel &amp; =
Luigi</div></div><div class=3D""><br class=3D""></div><div =
class=3D""><div><blockquote type=3D"cite" class=3D""><div class=3D"">On =
22 Oct 2016, at 01:21, IETF Secretariat &lt;<a =
href=3D"mailto:agenda@ietf.org" class=3D"">agenda@ietf.org</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div =
class=3D"">Dear Luigi Iannone,<br class=3D""><br class=3D"">The =
session(s) that you have requested have been scheduled.<br =
class=3D"">Below is the scheduled session information followed by<br =
class=3D"">the original request. <br class=3D""><br class=3D"">lisp =
Session 1 (1:30:00)<br class=3D""> &nbsp;&nbsp;&nbsp;Wednesday, Morning =
Session I 0930-1100<br class=3D""> &nbsp;&nbsp;&nbsp;Room Name: Studio 4 =
size: 100<br class=3D""> =
&nbsp;&nbsp;&nbsp;---------------------------------------------<br =
class=3D""><br class=3D""><br class=3D""><br class=3D"">Request =
Information:<br class=3D""><br class=3D""><br =
class=3D"">---------------------------------------------------------<br =
class=3D"">Working Group Name: Locator/ID Separation Protocol<br =
class=3D"">Area Name: Routing Area<br class=3D"">Session Requester: =
Luigi Iannone<br class=3D""><br class=3D"">Number of Sessions: 1<br =
class=3D"">Length of Session(s): &nbsp;1.5 Hours<br class=3D"">Number of =
Attendees: 50<br class=3D"">Conflicts to Avoid: <br class=3D""> First =
Priority: rtgwg nvo3 i2rs sidr grow sfc sdnrg nfvrg pim intarea<br =
class=3D""> Second Priority: mboned icnrg irtfopen idr spring bier =
maprg<br class=3D""> Third Priority: l2tpext bess<br class=3D""><br =
class=3D""><br class=3D"">Special Requests:<br class=3D""><br =
class=3D"">---------------------------------------------------------<br =
class=3D""><br class=3D""></div></div></blockquote></div><br =
class=3D""></div></body></html>=

--Apple-Mail=_A9DD2A41-48F5-4AA2-AF0E-A13870A7F651--


From nobody Tue Oct 25 17:14:49 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8DF4129586; Tue, 25 Oct 2016 17:14:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.941
X-Spam-Level: 
X-Spam-Status: No, score=-14.941 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id frhrLvIk75LK; Tue, 25 Oct 2016 17:14:39 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B8BA1294E9; Tue, 25 Oct 2016 17:14:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=191751; q=dns/txt; s=iport; t=1477440879; x=1478650479; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=LPveWfX2JOiMiS31jaUuWCVoTJX28WMBrB1nyL3FNi0=; b=E6Ku6NwGcBDEbFQLNihLZa5y1C60WL5ZvaidmD4YSAoYuIbHBzhKgS8+ aPQ7C9zzcIbz1C+Qa93s/7MynoJVOx9im0NXQ8A4465J29U94KZGe9xPd 8aqocwkGsbApSbaCFh/5W9YcLo9CaRFRpD/ixgtZwND7OlwUo+XM2jmgP w=;
X-IronPort-AV: E=Sophos;i="5.31,548,1473120000";  d="scan'208,217";a="340272015"
Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 26 Oct 2016 00:14:38 +0000
Received: from [10.154.248.98] ([10.154.248.98]) by alln-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u9Q0EbVf004604; Wed, 26 Oct 2016 00:14:38 GMT
To: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com>
Date: Tue, 25 Oct 2016 17:14:37 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="------------6B673E485238A41AA3BB2683"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/DiFP-m57v6MkO52RzCJzhT0SUbk>
Cc: lisp-chairs@ietf.org, Damien Saucez <damien.saucez@inria.fr>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 00:14:47 -0000

This is a multi-part message in MIME format.
--------------6B673E485238A41AA3BB2683
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Hi Luigi,
below are more replies skipping the ones we agreed already. Looks like 
we are converging...


wrt to 6830bis, I think we should not wait. I suspect the security 
review of the document will take some time, so we can do some progress 
in parallel to 6830bis.

We will have to do a LISP-SECbis afterwards, but that should be simple.

Please, see below.




On 10/24/16 3:02 AM, Luigi Iannone wrote:
> Hi Fabio,
>
> se my comment inline.
> (I do not consider the points we agree and everything related to the 
> “SHOULD” clarification)
>
> Thanks for your work
>
> Ciao
>
> L.
>
>
>> On 22 Oct 2016, at 01:23, Fabio Maino <fmaino@cisco.com 
>> <mailto:fmaino@cisco.com>> wrote:
>>
>> Ciao Luigi,
>> below I have replied to each comment. I'm working to the updated 
>> text, that I will send as soon as it is ready. ideally we might be 
>> able to publish a new version before draft deadline.
>
> Excellent. Thanks
>
>>
>> Just a note on the most recurring comment: SHOULD vs. MUST.
>>
>> The use of SHOULD across the document is according to RFC 2119:
>>
>>
>>     SHOULD
>>
>>   This word, or the adjective "RECOMMENDED", mean that there
>>     may exist valid reasons in particular circumstances to ignore a
>>     particular item, but the full implications must be understood and
>>     carefully weighed before choosing a different course.
>>
>>
>> There are use cases where, carefully weighing the implications, some 
>> of the security services of LISP-SEC can be turned-off. We want to 
>> leave implementors the freedom to allow this flexibility.
>>
>> For example, in a DC deployment it may make sense to turn off OTK 
>> decryption between XTR and MS/MR, as MiTM is very unlikely.
>>
>> Similarly, an ITR may decide to implement a loose policy on accepting 
>> an AD authenticated with an algorithm different from the preferred 
>> authentication algorithm expressed by the ITR. Using a MUST would 
>> force support of a given authentication algorithm across each and 
>> every MS and ETR, that might not be the case when incrementally 
>> deploying LISP-SEC (or while upgrading routers).
>>
>> Using a MUST would prevent this flexibility, that we would like to 
>> leave to the implementors.
>>
>>
>>
>
> This is fixed as for the suggestion of Joel. Thanks.
>
>
>>
>>
>> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>>> Dear Authors of the LISP-SEC document,
>>>
>>> hereafter my review of the document.
>>> This was long overdue, sorry for being so late.
>>>
>>> I really like the solution and the majority of my comments are just 
>>> clarification questions.
>>> Let me know if my comments are clear.
>>>
>>> ciao
>>>
>>> L.
>>>
>>>
>>>
>>>> 1.  Introduction
>>>>
>>>>     The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>>     functions for routers to exchange information used to map from non-
>>>>     routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>>>     (RLOCs).
>>> I find the above sentence confusing. Wouldn’t be better to specify 
>>> that we are talking about IP addresses?
>>
>> That's how LISP is described in RFC6830, section 1. If you start 
>> using the term IP address then you need to qualify if you are talking 
>> about Identity-IP or Locator-IP, so the sentence gets complicated 
>> pretty quickly.
>>
>
> Not really. The very first sentence of the abstract of 6830 states:
>
> This document describes a network-layer-based protocol that enables
>     separation of IP addresses into two new numbering spaces: Endpoint
>     Identifiers (EIDs) and Routing Locators (RLOCs).
>
>
> So clearly speaks about IP address.
> Furthermore “routable" en “non routable” is true only in the 
> inter-domain point of view, because EID are locally routable.
> Note that 6830 does not specify in the first sentence what is routable 
> and what is not.

ok, fixed with text from 6830.


>
>
>> I would leave this one unchanged.
>>>
>>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>>     messages, are transmitted without integrity protection, an adversary
>>>>     can manipulate them and hijack the communication, impersonate the
>>>>     requested EID, or mount Denial of Service or Distributed Denial of
>>>>     Service attacks.  Also, if the Map-Reply message is transported
>>>>     unauthenticated, an adversarial LISP entity can overclaim an EID-
>>>>     prefix and maliciously redirect traffic directed to a large number of
>>>>     hosts.  A detailed description of "overclaiming" attack is provided
>>>>     in [RFC7835].
>>>>
>>>>     This memo specifies LISP-SEC, a set of security mechanisms that
>>>>     provides origin authentication, integrity and anti-replay protection
>>>>     to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>>     process.
>>>
>>> I would put s forward reference to section 3 stating that the reader 
>>> will find details about the threat model.
>>
>> OK. We can replace the sentence
>> A detailed description of "overclaiming" attack is provided
>>     in [RFC7835]
>>
>> with
>>
>> The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack.
> OK
>
>
>>
>>
>>>
>>>> LISP-SEC also enables verification of authorization on EID-
>>>>     prefix claims in Map-Reply messages, ensuring that the sender of a
>>>>     Map-Reply that provides the location for a given EID-prefix is
>>>>     entitled to do so according to the EID prefix registered in the
>>>>     associated Map-Server.  Map-Register security, including the right
>>>>     for a LISP entity to register an EID-prefix or to claim presence at
>>>>     an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>>     considerations are described in Section 6.
>>>>
>>>> 2.  Definition of Terms
>>>>
>>>>        One-Time Key (OTK): An ephemeral randomly generated key that must
>>>>        be used for a single Map-Request/Map-Reply exchange.
>>>>
>>>>
>>>>
>>>>           ITR-OTK: The One-Time Key generated at the ITR.
>>>>
>>>>           MS-OTK: The One-Time Key generated at the Map-Server.
>>>
>>> Why are you considering ITR-OTK and MS-OTK sub-terms?
>>> I would elevate them at full terms, hence avoiding spacing and 
>>> indentation.
>>
>> Ok.
>>
>>>
>>>>        Encapsulated Control Message (ECM): A LISP control message that is
>>>>        prepended with an additional LISP header.  ECM is used by ITRs to
>>>>        send LISP control messages to a Map-Resolver, by Map-Resolvers to
>>>>        forward LISP control messages to a Map-Server, and by Map-
>>>>        Resolvers to forward LISP control messages to an ETR.
>>>>
>>> Why are you re-defining ECM?
>>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>>> I would drop it.
>>
>> It is not defined in the Definitions section of 6830. One would need 
>> to go through the body of 6830 to find it.
>
> I see your point. Just keep the text and add a ref to section 6.1.8 of 
> 6830. This will clarify that is something coming from a specific 
> section of that document.

I have dropped the definition, expanded the acronym ECM and referred to 
the specific section.

In this way we don't have to wait for 6830bis, but we refer to the 
proper definition.

>
>
>>
>> I'll drop it, but we need to make sure that ECM gets into the 
>> definition section of 6830bis.
>>
>> Albert: are you looking into that document? Can you take care of this?
>>
>>
>>>
>>>
>>>>        Authentication Data (AD): Metadata that is included either in a
>>>>        LISP ECM header or in a Map-Reply message to support
>>>>        confidentiality, integrity protection, and verification of EID-
>>>>        prefix authorization.
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 [Page 3]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>           OTK-AD: The portion of ECM Authentication Data that contains a
>>>>           One-Time Key.
>>>>
>>>>           EID-AD: The portion of ECM and Map-Reply Authentication Data
>>>>           used for verification of EID-prefix authorization.
>>>>
>>>>           PKT-AD: The portion of Map-Reply Authentication Data used to
>>>>           protect the integrity of the Map-Reply message.
>>>
>>>
>>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
>>> I would elevate them at full terms, hence avoiding spacing and 
>>> indentation.
>>>
>> ok.
>>
>>>
>>>>     For definitions of other terms, notably Map-Request, Map-Reply,
>>>>     Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>>>>     (MS), and Map-Resolver (MR) please consult the LISP specification
>>>>     [RFC6830].
>>>>
>>>> 3.  LISP-SEC Threat Model
>>>>
>>>>     LISP-SEC addresses the control plane threats, described in [RFC7835],
>>>>     that target EID-to-RLOC mappings, including manipulations of Map-
>>>>     Request and Map-Reply messages, and malicious ETR EID prefix
>>>>     overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>>>     mapping system is expected to deliver a Map-Request message to their
>>>>     intended destination ETR as identified by the EID, and (2) no man-in-
>>>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>>>     System.  Furthermore, while LISP-SEC enables detection of EID prefix
>>>>     overclaiming attacks, it assumes that Map-Servers can verify the EID
>>>>     prefix authorization at time of registration.
>>> LISP-SEC does not require OTK confidentiality in the mapping system. 
>>> This should be discussed here.
>> we could add to the above
>> "and (2) no man-in-
>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>     System."
>>
>> How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo.
>>
>>
>
> That’s fine for me.
>
>
>>
>>>
>>>
>>>>     According to the threat model described in [RFC7835] LISP-SEC assumes
>>>>     that any kind of attack, including MITM attacks, can be mounted in
>>>>     the access network, outside of the boundaries of the LISP mapping
>>>>     system.  An on-path attacker, outside of the LISP mapping system can,
>>>>     for example, hijack Map-Request and Map-Reply messages, spoofing the
>>>>     identity of a LISP node.  Another example of on-path attack, called
>>>>     overclaiming attack, can be mounted by a malicious Egress Tunnel
>>>>     Router (ETR), by overclaiming the EID-prefixes for which it is
>>>>     authoritative.  In this way the ETR can maliciously redirect traffic
>>>>     directed to a large number of hosts.
>>>>
>>>> 4.  Protocol Operations
>>>>
>>>>     The goal of the security mechanisms defined in [RFC6830] is to
>>>>     prevent unauthorized insertion of mapping data by providing origin
>>>>     authentication and integrity protection for the Map-Registration, and
>>>>     by using the nonce to detect unsolicited Map-Reply sent by off-path
>>>>     attackers.
>>>>
>>>>     LISP-SEC builds on top of the security mechanisms defined in
>>>>     [RFC6830] to address the threats described in Section 3 by leveraging
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 [Page 4]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     the trust relationships existing among the LISP entities
>>>>     participating to the exchange of the Map-Request/Map-Reply messages.
>>>>     Those trust relationships are used to securely distribute a One-Time
>>>>     Key (OTK) that provides origin authentication, integrity and anti-
>>>>     replay protection to mapping data conveyed via the mapping lookup
>>>>     process, and that effectively prevent overclaiming attacks.  The
>>>>     processing of security parameters during the Map-Request/Map-Reply
>>>>     exchange is as follows:
>>>>
>>>>     o  The ITR-OTK is generated and stored at the ITR, and securely
>>>>        transported to the Map-Server.
>>>>
>>>>     o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
>>> You did not define HMAC acronym. Please define and add a reference.
>>
>> ok.
>>
>>
>>>
>>>>        the integrity of the mapping data known to the Map-Server to
>>>>        prevent overclaiming attacks.  The Map-Server also derives a new
>>>>        OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>>>        Derivation Function (KDF) to the ITR-OTK.
>>>>
>>>>     o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>>>        integrity of the Map-Reply sent to the ITR.
>>>>
>>>>     o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>>>>        of the mapping data provided by both the Map-Server and the ETR,
>>>>        and to verify that no overclaiming attacks were mounted along the
>>>>        path between the Map-Server and the ITR.
>>>>
>>>>     Section 5 provides the detailed description of the LISP-SEC control
>>>>     messages and their processing, while the rest of this section
>>>>     describes the flow of protocol operations at each entity involved in
>>>>     the Map-Request/Map-Reply exchange:
>>>>
>>>>     o  The ITR, upon needing to transmit a Map-Request message, generates
>>>>        and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>>>>        Encapsulated Control Message (ECM) that contains the Map-Request
>>>>        sent to the Map-Resolver.  To provide confidentiality to the ITR-
>>>>        OTK over the path between the ITR and its Map-Resolver, the ITR-
>>>>        OTK SHOULD
>>> Why not using “MUST”???
>>> Are you suggesting that a different way to provide confidentiality 
>>> can be used (e.g. a different shared key)???
>>> If yes, please state so.
>>>
>>> Or are you suggesting that no encryption at all is used? But this 
>>> means not providing confidentiality…
>>> Can you clarify?
>>>
>>> (this very same comment will appear several time in this review)
>>
>> We don't want to make the use of pre-shared key *mandatory* to all 
>> LISP deployments. There are deployments where the risk of MiTM 
>> between the xTR and the MS/MR may not justify the cost of 
>> provisioning a shared key (data centers, for example).
>>
>>
>>>> be encrypted using a preconfigured key shared between
>>>>        the ITR and the Map-Resolver, similar to the key shared between
>>>>        the ETR and the Map-Server in order to secure ETR registration
>>>>        [RFC6833].
>>>>
>>>>     o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>>>>        OTK, if needed, and forwards through the Mapping System the
>>>>        received Map-Request and the ITR-OTK, as part of a new ECM
>>>>        message.  As described in Section 5.6, the LISP Mapping System
>>>>        delivers the ECM to the appropriate Map-Server, as identified by
>>>>        the EID destination address of the Map-Request.
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 [Page 5]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     o  The Map-Server is configured with the location mappings and policy
>>>>        information for the ETR responsible for the EID destination
>>>>        address.  Using this preconfigured information, the Map-Server,
>>>>        after the decapsulation of the ECM message, finds the longest
>>>>        match EID-prefix that covers the requested EID in the received
>>>>        Map-Request.  The Map-Server adds this EID-prefix, together with
>>>>        an HMAC computed using the ITR-OTK, to a new Encapsulated Control
>>>>        Message that contains the received Map-Request.
>>>>
>>>>     o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>>>>        Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
>>>>        in the Encapsulated Control Message that the Map-Server uses to
>>>>        forward the Map-Request to the ETR.  To provide MS-OTK
>>>>        confidentiality over the path between the Map-Server and the ETR,
>>>>        the MS-OTK should
>>> This “should” should be a “SHOULD”  (sorry for the cacophony…)
>>
>> Ok.
>>>
>>> Why not using “MUST”???
>>> Are you suggesting that a different way to provide confidentiality 
>>> can be used (e.g. a different shared key)???
>>> If yes, please state so.
>>>
>>> Or are you suggesting that no encryption at all is used? But this 
>>> means not providing confidentiality…
>>> Can you clarify?
>>
>> Same as above.
>>
>>>
>>>> be encrypted using the key shared between the
>>>>        ETR and the Map-Server in order to secure ETR registration
>>>>        [RFC6833].
>>>>
>>>>     o  If the Map-Server is acting in proxy mode, as specified in
>>>>        [RFC6830], the ETR is not involved in the generation of the Map-
>>>>        Reply.  In this case the Map-Server generates the Map-Reply on
>>>>        behalf of the ETR as described below.
>>>>
>>>>     o  The ETR, upon receiving the ECM encapsulated Map-Request from the
>>>>        Map-Server, decrypts the MS-OTK, if needed, and originates a
>>>>        standard Map-Reply that contains the EID-to-RLOC mapping
>>>>        information as specified in [RFC6830].
>>>>
>>>>     o  The ETR computes an HMAC over this standard Map-Reply, keyed with
>>>>        MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>>>>        also copies the EID-prefix authorization data that the Map-Server
>>>>        included in the ECM encapsulated Map-Request into the Map-Reply
>>>>        message.  The ETR then sends this complete Map-Reply message to
>>>>        the requesting ITR.
>>>>
>>>>     o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>>>        ITR-OTK to verify the integrity of the EID-prefix authorization
>>>>        data included in the Map-Reply by the Map-Server.  The ITR
>>>>        computes the MS-OTK by applying the same KDF used by the Map-
>>>>        Server, and verifies the integrity of the Map-Reply.  If the
>>>>        integrity checks fail, the Map-Reply MUST be discarded.  Also, if
>>>>        the EID-prefixes claimed by the ETR in the Map-Reply are not equal
>>>>        or more specific than the EID-prefix authorization data inserted
>>>>        by the Map-Server, the ITR MUST discard the Map-Reply.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 [Page 6]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>> 5.  LISP-SEC Control Messages Details
>>>>
>>>>     LISP-SEC metadata associated with a Map-Request is transported within
>>>>     the Encapsulated Control Message that contains the Map-Request.
>>>>
>>>>     LISP-SEC metadata associated with the Map-Reply is transported within
>>>>     the Map-Reply itself.
>>>>
>>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>>
>>>>     LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>>>     [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
>>>>     LISP header includes Authentication Data (AD).  The format of the
>>>>     LISP-SEC ECM Authentication Data is defined in the following figure.
>>>>     OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
>>>>     for EID Authentication Data.
>>>>
>>>>   0                   1                   2                   3
>>>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>>> |              OTK Length       |       OTK Encryption ID       | |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>> |                       One-Time-Key Preamble ...               | |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
>>>> |                   ... One-Time-Key Preamble                   | |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>> ~                      One-Time Key (128 bits)                  ~/
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>> |           EID-AD Length       |           KDF ID              |     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>>> ~                          EID-prefix ...                       ~ |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>> ~                            EID HMAC                           ~     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+
>>> I think that “rec” is mis-aligned and should be shifted one 
>>> character upward.
>>
>> No. The row above is the portion of the header that specifies how 
>> many records will follow. Rec shows one Rec item, in the array of 
>> Records.  It is consistent with 6830.
>>
>>
>
> OK
>
>>
>>>
>>>>                       LISP-SEC ECM Authentication Data
>>>>
>>>>        AD Type: 1 (LISP-SEC Authentication Data)
>>> This is the first document starting to allocate values to the "AD 
>>> Type” value.
>>> Why not asking IANA to create a registry??
>>> (to be done in the IANA Considerations Section)
>>
>>
>> Ok.
>>
>>>
>>>
>>>
>>>>        V: Key Version bit.  This bit is toggled when the sender switches
>>>>        to a new OTK wrapping key
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 [Page 7]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>
>>>>        Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>>>>        Section 5.4 for details.
>>>>
>>>>        OTK Length: The length (in bytes) of the OTK Authentication Data
>>>>        (OTK-AD), that contains the OTK Preamble and the OTK.
>>>>
>>>>        OTK Encryption ID: The identifier of the key wrapping algorithm
>>>>        used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>>>        unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>>>>        NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>>
>>>>        One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
>>>>        the OTK is encrypted, this field may carry additional metadata
>>>>        resulting from the key wrapping operation.  When a 128-bit OTK is
>>>>        sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>>>        0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>>
>>>>        One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>>>        Encryption ID.  See Section 5.5 for details.
>>>>
>>>>        EID-AD Length: length (in bytes) of the EID Authentication Data
>>>>        (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>>>>        fills the KDF ID field, and all the remaining fields part of the
>>>>        EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>>>        records.  Each EID-record is 4-byte long plus the length of the
>>>>        AFI-encoded EID-prefix.
>>>>
>>>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>>>        the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>>        recommended KDF algorithm, according to local policy.
>>> I am not sure I understand the rationale of this “SHOULD”. If for 
>>> any reason the ITR does not indicate the KDF ID what are the 
>>> consequences?
>>
>> That should be a MAY, I believe,
>>
>> The ITR can specify "no preference" for KDF ID, using a value of 0.
>
> I think this is the unclear information: that the ITR can state “no 
> preference” using value 0.
> Would be good if you can state it more clearly.

I've added text to clarify this.

>
>
>>
>> In the ITR processing section 5.4,  we should add to
>>
>> The KDF ID field, specifies the suggested key derivation function to
>>     be used by the Map-Server to derive the MS-OTK.
>>
>> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify that 
>> the ITR has no preferred KDF ID".
>>
>>
>>
>>> Is the MS free to choose the algorithm? This should be clarified.
>> This is specified in section 5.7.
>>
>> "
>> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>     applying the key derivation function specified in the KDF ID field.
>>     If the algorithm specified in the KDF ID field is not supported, the
>>     Map-Server uses a different algorithm to derive the key and updates
>>     the KDF ID field accordingly.
>> "
>>
>>
>
> Since this paragraph does not use any 2119 language it actually mean 
> that an MS can choose freely the  algorithm to use.
> right?

right. If the ITR does support that specific ID, the ITR may still 
decide to use it.

>
>>
>>>
>>>>   The Map-
>>>>        Server can overwrite the KDF ID if it does not support the KDF ID
>>>>        recommended by the ITR.
>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>> Can you clarify how to solve this situation or explain why this will 
>>> never happen?
>>
>> This is specified in 5.4, ITR processing.
>>
>> "
>> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>     from the locally stored ITR-OTK using the algorithm specified in the
>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>     Reply and send, at the first opportunity it needs to, a new Map-
>>     Request with a different KDF ID, according to ITR's local policy.
>> "
>>
>>
>> There are two typical use cases:
>> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard 
>> map-reply with different KDF IDs. If local policy allows, another 
>> map-request will be sent with a different KDF ID
>> - loose KDF ID policy: ITR specify KDF ID = none, and will accept 
>> map-reply with any KDF ID (if supported by ITR). If received KDF is 
>> not supported the ITR shall drop the map-reply
>>
>
> The above text does not reflect the policies you are describing. That 
> “SHOULD” should be a “MAY” and your policies spelled out.
I think we need to separate the recommendations for the two actions: 
SHOULD drop and MAY resend.

"

, the ITR SHOULD discard the Map-
    Reply. At the first opportunity it needs to, the ITR MAY send a new Map-
    Request with a different KDF ID, according to ITR's local policy.

What do you think?


>
> Also, what is the MS stubbornly insists in using an algorithm that the 
> ITR does not support?

The MS might not have alternatives, as it might only support one algorithm.



>
>
>>
>>>
>>>> See Section 5.4 for more details.
>>>>
>>>>        Record Count: The number of records in this Map-Request message.
>>>>        A record is comprised of the portion of the packet that is labeled
>>>>        'Rec' above and occurs the number of times equal to Record Count.
>>>>
>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>
>>>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>        integrity of the EID-AD.  This field is filled by Map-Server that
>>>>        computed the EID-prefix HMAC.  See Section 5.4 for more details.
>>>>
>>>>        EID mask-len: Mask length for EID-prefix.
>>>>
>>>>        EID-AFI: Address family of EID-prefix according to [RFC5226]
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 [Page 8]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>        EID-prefix: The Map-Server uses this field to specify the EID-
>>>>        prefix that the destination ETR is authoritative for, and is the
>>>>        longest match for the requested EID.
>>>>
>>>>        EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
>>>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>>>        to 0.  The HMAC covers the entire EID-AD.
>>>>
>>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>>
>>>>     LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
>>>>     and S bit set to 1 to indicate that the Map-Reply message includes
>>>>     Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>>>     Authentication Data is defined in the following figure.  PKT-AD is
>>>>     the Packet Authentication Data that covers the Map-Reply payload.
>>>>
>>>>   0                   1                   2                   3
>>>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>> |    AD Type    |                 Reserved                      |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>> |           EID-AD Length       |           KDF ID              |     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>>> ~                          EID-prefix ...                       ~ |   |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>> ~                            EID HMAC                           ~     |
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>> |         PKT-AD Length         |         PKT HMAC ID           |\
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>> ~                            PKT HMAC                           ~ PKT-AD
>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>>
>>>>                    LISP-SEC Map-Reply Authentication Data
>>>>
>>>>        AD Type: 1 (LISP-SEC Authentication Data)
>>> Shouldn’t this be a different value? This AD  format is different 
>>> from the one described in section 5.1!
>>> Another reason to ask IANA for a registry….
>>
>> One is the LISP-SEC authentication data that applies to the ECM 
>> message (when S-bit = 1), the other is the LISP-SEC authentication 
>> data that applies to the Map-Reply (when S-bit = 1).
>>
>> Those are extensions of two different messages (ECM and map-reply), 
>> and they are both identified by an AD Type (that happens to be set to 
>> value 1 for both).
>
> This is not clear in the current text.

Right. I have updated the text to clarify it. Together with the IANA 
disposition it should be clear now.


>
>>
>> Yes, the AD type space is different so we will need two IANA registries.
>>
>>
>> Question for the co-auhtors: should we change the name to 'ECM AD 
>> Type' and 'Map-Reply AD Type’?
>
> IMHO you have to, otherwise there will be always confusion….

done.

>
>>
>>
>>
>>>
>>>
>>>>        EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>>>        contain multiple EID-records.  Each EID-record is 4-byte long plus
>>>>        the length of the AFI-encoded EID-prefix.
>>>>
>>>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>>>        MS-OTK.  See Section 5.7 for more details.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                 [Page 9]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>        Record Count: The number of records in this Map-Reply message.  A
>>>>        record is comprised of the portion of the packet that is labeled
>>>>        'Rec' above and occurs the number of times equal to Record Count.
>>>>
>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>
>>>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>        integrity of the EID-AD.  See Section 5.7 for more details.
>>>>
>>>>        EID mask-len: Mask length for EID-prefix.
>>>>
>>>>        EID-AFI: Address family of EID-prefix according to [RFC5226].
>>>>
>>>>        EID-prefix: This field contains an EID-prefix that the destination
>>>>        ETR is authoritative for, and is the longest match for the
>>>>        requested EID.
>>>>
>>>>        EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>>>        to 0.  The HMAC covers the entire EID-AD.
>>>>
>>>>        PKT-AD Length: length (in bytes) of the Packet Authentication Data
>>>>        (PKT-AD).
>>>>
>>>>        PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>        integrity of the Map-reply Location Data.
>>> “Location Data” is something nowhere defined. Can you clarify what 
>>> do you mean?
>>
>> we can just remove 'Location Data’
>
> OK.
>
>>
>>
>>>
>>>
>>>>        PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
>>>>        SEC Authentication Data.  The scope of the authentication goes
>>>>        from the Map-Reply Type field to the PKT HMAC field included.
>>>>        Before computing the HMAC operation the PKT HMAC field MUST be set
>>>>        to 0.  See Section 5.8 for more details.
>>>>
>>>> 5.3.  Map-Register LISP-SEC Extentions
>>>>
>>>>     The second bit after the Type field in a Map-Register message is
>>>>     allocated as the S bit.
>>> I would better explain that this document is allocating a bit marked 
>>> as reserved in 6830.
>>
>> Ok. We will need to reflect this in 6830bis as well.
>
> Sure
>
>
>>
>>> Furthermore, at the cost of being redundant, I would put the packet 
>>> format highlighting the position of the bit so that there is no 
>>> confusion whatsoever.
>>
>> We wanted to  explicitly avoid to include the format of messages when 
>> already defined in other documents,
>
> The S-bit is not defined in other documents. IMHO is important to have 
> the visual aid of which exact bit your are talking about.
>
I've added text to clarify. I really prefer not to have the whole 
picture, but just refer to it.

Considering that 6830 will evolve into 6830bis, eventually (with the 
next LISP-SEC) the reference will be updated in 6830bis.


>> so we point rather than copy. If we address this in 6830bis, the 
>> problem will be solved.
>
> You mentioned 6830bis several time, let me ask: Would you like to 
> reference that document?
> In this case we have to hold this back until we have at least a stable 
> version of that document.
> Then the RFC editor will hold this document back until that one is 
> RFC, because of missing reference.
> Or you keep it this way and later on you make a ST version.
>
> Either way is fine for me.

I think we should move this draft forward, without waiting for 6830bis. 
Considering that this is security I expect the review process to last 
quite some time, so we can make progress without waiting for 6830bis. 
Eventually even teh LISP-SEC RFC will be updated, and all will be good.

>
>
>
>>
>>
>>>
>>>> The S bit indicates to the Map-Server that
>>>>     the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
>>>>     SEC MUST set the S bit in its Map-Register messages.
>>>>
>>>> 5.4.  ITR Processing
>>>>
>>>>     Upon creating a Map-Request, the ITR generates a random ITR-OTK that
>>>>     is stored locally, together with the nonce generated as specified in
>>>>     [RFC6830].
>>>>
>>>>     The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
>>>>     1, to indicate the presence of Authentication Data.  If the ITR and
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 10]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     the Map-Resolver are configured with a shared key,
>>> In section 4 you seem to suggest that this is not the only way to 
>>> protect the OTK (see my comment).
>>> Here instead you suggest that a shared key is the only way.
>>
>>
>> Right. Here it says what to do IF there is a shared key, that is 
>> consistent with the SHOULD above.
>
> OK.
>
>>
>>
>>>>   the ITR-OTK
>>>>     confidentiality SHOULD be protected by wrapping the ITR-OTK with the
>>>>     algorithm specified by the OTK Encryption ID field.
>>> Not clear what this “SHOULD” refers to.
>>> IS the SHOULD related to the fact to encrypt the OTK? The ITR SHOULD 
>>> encrypt.
>>> Or the choice of the algorithm? The ITR SHOULD use the algorithm 
>>> specified by the OTK Encryption ID?
>>> The second case looks impossible since is the ITR is choosing the 
>>> algorithm. May be the sentence can be rewritten.
>>
>> SHOULD refers to protecting the confidentiality of the ITR-OTK. Maybe 
>> the 'by' should be replaced by 'with’?
>
> Just drop the “by”?
>
>
>>
>>>
>>> Similarly to previous comment: Why it is not a MUST?
>> Same as other SHOULD.
>>
>>
>>
>>>>   See Section 5.5
>>>>     for further details on OTK encryption.
>>>>
>>>>     The Requested HMAC ID field contains the suggested HMAC algorithm to
>>>>     be used by the Map-Server and the ETR to protect the integrity of the
>>>>     ECM Authentication data and of the Map-Reply.
>>>>
>>> What happens if the MS will choose a HMAC not supported by the ETR 
>>> or the ITR?
>>> Can you clarify how to solve this situation or explain why this will 
>>> never happen?
>>
>> This is described 5 paragraphs below:
>>
>> "
>> If the EID HMAC ID field does
>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>>     and send, at the first opportunity it needs to, a new Map-Request
>>     with a different Requested HMAC ID field, according to ITR's local
>>     policy.
>> "
>>
>
> What about the ETR?

It's specified in 5.8, the ETR makes the same processing as the MS.

"If the ETR does not support the Requested HMAC ID, it uses a different 
algorithm and updates the PKT HMAC ID field accordingly. "

Also the ETR doesn't process the AD computed by the MS, it just copies 
into the Map-Reply.



>
>>
>>>
>>>>     The KDF ID field, specifies the suggested key derivation function to
>>>>     be used by the Map-Server to derive the MS-OTK.
>>>
>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>> Can you clarify how to solve this situation or explain why this will 
>>> never happen?
>>
>> This is described a few paragraphs below:
>> "
>> If the KDF ID in the Map-Reply does not match the
>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>     Reply and send, at the first opportunity it needs to, a new Map-
>>     Request with a different KDF ID, according to ITR's...
>> "
>>
>
> This does not guarantee that the MS will reply with something the ITR 
> understands….

For some local ITR's policy it may not be guaranteed. It's a balance 
between reachability and security that the ITR will have to choose.






>
>
>
>>>
>>>>     The EID-AD length is set to 4 bytes, since the Authentication Data
>>>>     does not contain EID-prefix Authentication Data, and the EID-AD
>>>>     contains only the KDF ID field.
>>>>
>>>>     In response to an encapsulated Map-Request that has the S-bit set, an
>>>>     ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>>>     EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
>>>>     ITR MUST discard it.  In response to an encapsulated Map-Request with
>>>>     S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
>>>>     the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there is 
>>> no AD, hence no OTK, how can the ITR decrypt the reply?????
>>> It MUST discard…..
>>
>> If S-bit = 0 there's no Authentication Data. The Map-reply is in 
>> clear, and can be read.
>
> I am not sure you understood my point.
>
> You send a Map-Request with S=0, hence unenbcrypted. How can you 
> possible receive a Map-Reply with S=1?
> How is it encrypted if the ITR did not provide any OTK?

Misconfiguration, bugs? I was just trying to enumerate the behaviors of 
the ITR. There's probably something wrong, and the map-reply should be 
discarded. Still the mapping is readable, so an ITR favoring 
reachability may decide to use the mapping.

>
>
>
>
>>
>>
>> Here again the SHOULD leaves open to ITR local policy that can be 
>> strict (drop anything not authenticated) or loose (accept 
>> unauthenticated map-reply).
>>
>> There are use cases where LISP-SEC is not deployed everywhere, where 
>> the ITR might have to use loose policy.
>>
>>
>>>
>>>
>>>>     Upon receiving a Map-Reply, the ITR must verify the integrity of both
>>>>     the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>>>>     the integrity checks fails.
>>>>
>>>>     The integrity of the EID-AD is verified using the locally stored ITR-
>>>>     OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>>     specified in the EID HMAC ID field.  If the EID HMAC ID field does
>>>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>>> Why is this a SHOULD? If it supports the HMAC Algorithm why not 
>>> decrypt? Shouldn’t this be a “MAY”, according to internal policy?
>>
>> because this could be used by an attacker to force weaker HMACs (e.g. 
>> MD5).
>
> OK
>
>> The SHOULD leaves open the door to not discarding, according to local 
>> policy.
>>
>>
>
> OK.
>
>
>>
>>
>>>>     and send, at the first opportunity it needs to, a new Map-Request
>>>>     with a different Requested HMAC ID field, according to ITR's local
>>>>     policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
>>>>     the HMAC.
>>> Shouldn’t the MS do the same thing? Otherwise different values will 
>>> be obtained. This is not specified in the MS functioning description.
>>
>> good catch. Actually it's a typo here, the EID HMAC field should be 
>> set to 0 (that is consistent with section 5.7), not the EID HMAC ID 
>> that should not be touched.
>>
>
> OK
>>
>> The ITR MUST set the EID HMAC ID field to 0 before computing
>>     the HMAC.
>>
>> should change to
>>
>> The scope of the HMAC operation covers the
>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>     which must be set to 0 before the computation.
>>>>     To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>>     from the locally stored ITR-OTK using the algorithm specified in the
>>>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>>     Request with a different KDF ID, according to ITR's local policy.
>>>>     The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
>>>>     using the Algorithm specified in the PKT HMAC ID field.  If the PKT
>>>>     HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>>>     discard the Map-Reply and send, at the first opportunity it needs to,
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 11]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     a new Map-Request with a different Requested HMAC ID according to
>>>>     ITR's local policy.
>>>>
>>>>     Each individual Map-Reply EID-record is considered valid only if: (1)
>>>>     both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>>>     EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>>>>     contained in the EID-AD is not empty.  After identifying the Map-
>>>>     Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>>>>     record to the value of the intersection set computed before, and adds
>>>>     the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>>>>     [RFC6830].  An example of Map-Reply record validation is provided in
>>>>     Section 5.4.1.
>>>>
>>>>     The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>>>     system in order to receive a secure Map-Reply.
>>> I do not understand this “SHOULD”.  This has consequences in the 
>>> choice how to react to SMR. This is a local policy.
>>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR 
>>> triggered Map-Request MUST be sent through the mapping system.
>
>> so the _if_ is what makes that MUST a SHOULD... According to local 
>> policy the ITR SHOULD send the SMR.
>
> I read the sentence in this way:
>
> In order to received a secure Map-Reply, the ITR MUST send SMR 
> triggered Map-Requests over the mapping system.
>
> No?

I see what you are saying. I'll rephrase as:

If an ITR accepts piggybacked Map-Replies, it SHOULD also send a 
Map-Request over the mapping system in order to verify the piggybacked 
Map-Reply with a secure Map-Reply.




>
>>>> If an ITR accepts
>>>>     piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>>>>     mapping system in order to securely verify the piggybacked Map-Reply.
>>> Same as above.
>>>> 5.4.1.  Map-Reply Record Validation
>>>>
>>>>     The payload of a Map-Reply may contain multiple EID-records.  The
>>>>     whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>>>>     integrity protection and origin authentication to the EID-prefix
>>>>     records claimed by the ETR.  The Authentication Data field of a Map-
>>>>     Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
>>>>     signed by the Map-Server, with the EID HMAC, to provide integrity
>>>>     protection and origin authentication to the EID-prefix records
>>>>     inserted by the Map-Server.
>>>>
>>>>     Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>>>>     the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
>>>>     one of the HMACs is not valid, a log message is issued and the Map-
>>>>     Reply is not processed any further.
>>> I think “log message" is too much implementation specific.
>>> If there is a notification, and how this notification is done, is 
>>> implementation specific IMHO.
>> Ok. 'a log message is issued' will change to 'a log action should be 
>> taken'. The point is that there could be an attack behind it, and we 
>> want to record the event
>
> OK
>
>>>> If both HMACs are valid, the ITR
>>>>     proceeds with validating each individual EID-record claimed by the
>>>>     ETR by computing the intersection of each one of the EID-prefix
>>>>     contained in the payload of the Map-Reply with each one of the EID-
>>>>     prefixes contained in the EID-AD.  An EID-record is valid only if at
>>>>     least one of the intersections is not the empty set.
>>>>
>>>>     For instance, the Map-Reply payload contains 3 mapping record EID-
>>>>     prefixes:
>>>>
>>>>        1.1.1.0/24
>>>>
>>>>        1.1.2.0/24
>>>>
>>>>        1.2.0.0/16
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 12]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     The EID-AD contains two EID-prefixes:
>>>>
>>>>        1.1.2.0/24
>>>>
>>>>        1.2.3.0/24
>>>>
>>>>     The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>>>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>     log message is issued.
>>> I think “log message" is too much implementation specific.
>>> If there is a notification, and how this notification is done, is 
>>> implementation specific IMHO.
>> ok. Same as above.
>>>>     The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
>>>>     because it matches the second EID-prefix contained in the EID-AD.
>>>>
>>>>     The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>     log message is issued.
>>> I think “log message" is too much implementation specific.
>>> If there is a notification, and how this notification is done, is 
>>> implementation specific IMHO.
>> ok. Same as above
>>>>    In this last example the ETR is trying to
>>>>     over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>>>     only 1.2.3.0/24, hence the EID-record is discarded.
>>> Reading the example I am not sure I would follow this behaviour.
>>> Only 1 record out of 3 is valid so why should I actually trust the 
>>> ETR instead of throwing everything away?
>>> Can you explain ???
>> The other two records are validated by the MS, so there is no reason 
>> to throw those away.
>
> Yes, but the ETR is still trying to cheat on the third one….
> So the ETR may be compromised, why should I send traffic to him???

ITR has flagged the security exception with the log entry, and some 
local ITR policy will decide what to do (including stop encapsulating to 
the ETR, if that's what is specified by the policy).  At the LISP level 
LISP-SEC has done its job: verified mapping  goes into the map-cache, 
overclaimed mapping is dropped.


>
>
>>>> 5.4.2.  PITR Processing
>>>>
>>>>     The processing performed by a PITR is equivalent to the processing of
>>>>     an ITR.  However, if the PITR is directly connected to the ALT,
>>> This would be LISP+ALT. Pleas add a reference to 6836.
>> ok.
>>>> the
>>>>     PITR performs the functions of both the ITR and the Map-Resolver
>>>>     forwarding the Map-Request encapsulated in an ECM header that
>>>>     includes the Authentication Data fields as described in Section 5.6.
>>>>
>>>> 5.5.  Encrypting and Decrypting an OTK
>>>>
>>>>     MS-OTK confidentiality is required in the path between the Map-Server
>>>>     and the ETR, the MS-OTK SHOULD
>>> If confidentiality is required why there is not a MUST?
>> Same.
>>>>   be encrypted using the preconfigured
>>>>     key shared between the Map-Server and the ETR for the purpose of
>>>>     securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>>     confidentiality is required in the path between the ITR and the Map-
>>>>     Resolver, the ITR-OTK SHOULD
>>> Again, if confidentiality is required why there is not a MUST?
>> Same.
>>>> be encrypted with a key shared between
>>>>     the ITR and the Map-Resolver.
>>>>
>>>>     The OTK is encrypted using the algorithm specified in the OTK
>>>>     Encryption ID field.  When the AES Key Wrap algorithm is used to
>>>>     encrypt a 128-bit OTK, according to [RFC3339],
>>> The correct RFC is 3394.
>> ok.
>>>>   the AES Key Wrap
>>>>     Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>>>     The output of the AES Key Wrap operation is 192-bit long.  The most
>>>>     significant 64-bit are copied in the One-Time Key Preamble field,
>>>>     while the 128 less significant bits are copied in the One-Time Key
>>>>     field of the LISP-SEC Authentication Data.
>>>>
>>>>     When decrypting an encrypted OTK the receiver MUST verify that the
>>>>     Initialization Value resulting from the AES Key Wrap decryption
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 13]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
>>>>     the receiver MUST discard the entire message.
>>>>
>>>>     When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>>>>     to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>>     0x0000000000000000 (64 bits).
>>>>
>>>> 5.6.  Map-Resolver Processing
>>>>
>>>>     Upon receiving an encapsulated Map-Request with the S-bit set, the
>>>>     Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>>     encrypted, is decrypted as specified in Section 5.5.
>>>>
>>>>     The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>>>     header with the S-bit set, that contains the unencrypted ITR-OTK, as
>>>>     specified in Section 5.5, and the other data derived from the ECM
>>>>     Authentication Data of the received encapsulated Map-Request.
>>> Few points on this last paragraph:
>>> - You assume that there is no need of confidentiality inside the 
>>> Mapping System?
>>> - Why not stating that encryption inside the mapping system is 
>>> mapping system specify and out of scope of this document?
>> ok. as it was pointed out above.
>>> - Why are you assuming that all of the Mapping system will use ECM? 
>>> Future Mapping system may use soemthos different. The important 
>>> point is to ship the AD along.
>> good point, and I agree with your suggestion to fix this below.
>>>>     The Map-Resolver then forwards
>>> to whom?
>> ok. add 'to the Map-Server'
>>>>   the received Map-Request, encapsulated
>>>>     in the new ECM header that includes the newly computed Authentication
>>>>     Data fields.
>>> As for my comment of the previous paragraph I would be more generic 
>>> stating that the MR will hand over the request to the mapping system.
>>> You can still provide the example of DDT using ECM.
>> right.
>>>> 5.7.  Map-Server Processing
>>>>
>>>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>     the Map-Server process the Map-Request according to the value of the
>>>>     S-bit contained in the Map-Register sent by the ETR during
>>>>     registration.
>>>>
>>>>     If the S-bit contained in the Map-Register was clear the Map-Server
>>>>     decapsulates the ECM and generates a new ECM encapsulated Map-Request
>>>>     that does not contain an ECM Authentication Data, as specified in
>>>>     [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>>>     processing.
>>> This equivalent to not using LISP-SEC. Please specify that the 
>>> Map-Reply will be not protected.
>> ok.
>>>>     If the S-bit contained in the Map-Register was set the Map-Server
>>>>     decapsulates the ECM and generates a new ECM Authentication Data.
>>>>     The Authentication Data includes the OTK-AD and the EID-AD, that
>>>>     contains EID-prefix authorization information, that are ultimately
>>>>     sent to the requesting ITR.
>>>>
>>>>     The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>     applying the key derivation function specified in the KDF ID field.
>>>>     If the algorithm specified in the KDF ID field is not supported, the
>>>>     Map-Server uses a different algorithm to derive the key and updates
>>>>     the KDF ID field accordingly.
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 14]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     The Map-Server and the ETR MUST be configured with a shared key for
>>>>     mapping registration according to [RFC6833].  If MS-OTK
>>>>     confidentiality is required, then the MS-OTK SHOULD be encrypted,
>>> Again, if confidentiality is required why there is not a MUST?
>> same as above.
>>>>   by
>>>>     wrapping the MS-OTK with the algorithm specified by the OTK
>>>>     Encryption ID field as specified in Section 5.5.
>>>>
>>>>     The Map-Server includes in the EID-AD the longest match registered
>>>>     EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>>>>     The HMAC is keyed with the ITR-OTK contained in the received ECM
>>>>     Authentication Data, and the HMAC algorithm is chosen according to
>>>>     the Requested HMAC ID field.  If The Map-Server does not support this
>>>>     algorithm, the Map-Server uses a different algorithm and specifies it
>>>>     in the EID HMAC ID field.  The scope of the HMAC operation covers the
>>>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>>     which must be set to 0 before the computation.
>>>>
>>>>     The Map-Server then forwards the updated ECM encapsulated Map-
>>>>     Request, that contains the OTK-AD, the EID-AD, and the received Map-
>>>>     Request to an authoritative ETR as specified in [RFC6830].
>>>>
>>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>>
>>>>     If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>>>     specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>>>     includes the Authentication Data that contains the EID-AD, computed
>>>>     as specified in Section 5.7, as well as the PKT-AD computed as
>>>>     specified in Section 5.8.
>>>>
>>>> 5.8.  ETR Processing
>>>>
>>>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>     the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>>>>     is decrypted as specified in Section 5.5 to obtain the unencrypted
>>>>     MS-OTK.
>>>>
>>>>     The ETR then generates a Map-Reply as specified in [RFC6830] and
>>>>     includes the Authentication Data that contains the EID-AD, as
>>>>     received in the encapsulated Map-Request, as well as the PKT-AD.
>>>>
>>>>     The EID-AD is copied from the Authentication Data of the received
>>>>     encapsulated Map-Request.
>>>>
>>>>     The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>>>     with the MS-OTK and computed using the HMAC algorithm specified in
>>>>     the Requested HMAC ID field of the received encapsulated Map-Request.
>>>>     If the ETR does not support the Requested HMAC ID, it uses a
>>>>     different algorithm and updates the PKT HMAC ID field accordingly.
>>>>     The scope of the HMAC operation covers the entire PKT-AD, from the
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 15]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     Map-Reply Type field to the PKT HMAC field, which must be set to 0
>>>>     before the computation.
>>>>
>>>>     Finally the ETR sends the Map-Reply to the requesting ITR as
>>>>     specified in [RFC6830].
>>>>
>>>> 6.  Security Considerations
>>>>
>>>> 6.1.  Mapping System Security
>>>>
>>>>     The LISP-SEC threat model described in Section 3, assumes that the
>>>>     LISP Mapping System is working properly and eventually delivers Map-
>>>>     Request messages to a Map-Server that is authoritative for the
>>>>     requested EID.
>>>>
>>> As for a previous comment, can you elaborate if OTK confidentiality 
>>> is required in the mapping system and what are the consequences?
>> ok.
>>>>     Map-Register security, including the right for a LISP entity to
>>>>     register an EID-prefix or to claim presence at an RLOC, is out of the
>>>>     scope of LISP-SEC.
>>>>
>>>> 6.2.  Random Number Generation
>>>>
>>>>     The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
>>>>     strong random) source.  See [RFC4086] for advice on generating
>>>>     security-sensitive random data
>>>>
>>>> 6.3.  Map-Server and ETR Colocation
>>>>
>>>>     If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>>     provide protection from overclaiming attacks mounted by the ETR.
>>>>     However, in this particular case, since the ETR is within the trust
>>>>     boundaries of the Map-Server, ETR's overclaiming attacks are not
>>>>     included in the threat model.
>>>>
>>>> 7.  IANA Considerations
>>> This section is not conform to RFC 5226.
>>> There right way to go is to ask IANA to create three new registries, 
>>> for HMAC, Key Wrap, and Key Derivation functions.
>>> Define what is the allocation process (in light of the size of the 
>>> field FCFS should not cause any problem IMHO)
>>> Then ask to populate the registries as already described.
>> Ok, so each one of the sections 7.x will say: IANA is requested to 
>> create a new <registry-name> registry for use …
>
> There is slightly more text to add.

right. I have added more. I'm almost ready to send a new rev.

>
>
>>>> 7.1.  HMAC functions
>>>>
>>>>     The following HMAC ID values are defined by this memo for use as
>>>>     Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>>>     Authentication Data:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 16]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>               Name                     Number        Defined In
>>>>               -------------------------------------------------
>>>>               NONE                     0
>>>>               AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>>>               AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>>>
>>>>               values 2-65535 are reserved to IANA.
>>>>
>>>>                                HMAC Functions
>>>>
>>>>     AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
>>>>     supported.
>>>>
>>>> 7.2.  Key Wrap Functions
>>>>
>>>>     The following OTK Encryption ID values are defined by this memo for
>>>>     use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>>>     Data:
>>>>
>>>>               Name                     Number        Defined In
>>>>               -------------------------------------------------
>>>>               NULL-KEY-WRAP-128        1
>>>>               AES-KEY-WRAP-128         2             [RFC3394]
>>>>
>>>>               values 0 and 3-65535 are reserved to IANA.
>>>>
>>>>                              Key Wrap Functions
>>>>
>>>>     NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>>
>>>>     NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
>>>>     64-bit preamble set to 0x0000000000000000 (64 bits).
>>>>
>>>> 7.3.  Key Derivation Functions
>>>>
>>>>     The following KDF ID values are defined by this memo for use as KDF
>>>>     ID in the LISP-SEC Authentication Data:
>>>>
>>>>               Name                     Number        Defined In
>>>>               -------------------------------------------------
>>>>               NONE                     0
>>>>               HKDF-SHA1-128            1             [RFC5869]
>>>>
>>>>               values 2-65535 are reserved to IANA.
>>>>
>>>>                           Key Derivation Functions
>>>>
>>>>     HKDF-SHA1-128 MUST be supported
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 17]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>> 8.  Acknowledgements
>>>>
>>>>     The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
>>>>     Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>>>     Noll for their valuable suggestions provided during the preparation
>>>>     of this document.
>>>>
>>>> 9.  Normative References
>>> Please Check your reference, this is the output if the nits tool:
>>> Checking references for intended status: Experimental
>>> ----------------------------------------------------------------------------
>>>   == Missing Reference: 'RFC3339' is mentioned on line 602, but not 
>>> defined
>>>   == Missing Reference: 'RFC4634' is mentioned on line 752, but not 
>>> defined
>>>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
>> ok.
>>>>     [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>>>>                Hashing for Message Authentication", RFC 2104,
>>>>                DOI 10.17487/RFC2104, February 1997,
>>>>                <http://www.rfc-editor.org/info/rfc2104>.
>>>>
>>>>     [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>>                Requirement Levels", BCP 14, RFC 2119,
>>>>                DOI 10.17487/RFC2119, March 1997,
>>>>                <http://www.rfc-editor.org/info/rfc2119>.
>>>>
>>>>     [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>>>>                (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
>>>>                September 2002, <http://www.rfc-editor.org/info/rfc3394>.
>>>>
>>>>     [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>>                "Randomness Requirements for Security", BCP 106, RFC 4086,
>>>>                DOI 10.17487/RFC4086, June 2005,
>>>>                <http://www.rfc-editor.org/info/rfc4086>.
>>>>
>>>>     [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>>>>                IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>>>>                DOI 10.17487/RFC5226, May 2008,
>>>>                <http://www.rfc-editor.org/info/rfc5226>.
>>>>
>>>>     [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
>>>>                Key Derivation Function (HKDF)", RFC 5869,
>>>>                DOI 10.17487/RFC5869, May 2010,
>>>>                <http://www.rfc-editor.org/info/rfc5869>.
>>>>
>>>>     [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>>>>                Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>>                DOI 10.17487/RFC6830, January 2013,
>>>>                <http://www.rfc-editor.org/info/rfc6830>.
>>>>
>>>>     [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>>                Protocol (LISP) Map-Server Interface", RFC 6833,
>>>>                DOI 10.17487/RFC6833, January 2013,
>>>>                <http://www.rfc-editor.org/info/rfc6833>.
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 18]
>>>> 
>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>
>>>>
>>>>     [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>>>>                Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>>>                DOI 10.17487/RFC7835, April 2016,
>>>>                <http://www.rfc-editor.org/info/rfc7835>.
>>>>
>>>> Authors' Addresses
>>>>
>>>>     Fabio Maino
>>>>     Cisco Systems
>>>>     170 Tasman Drive
>>>>     San Jose, California  95134
>>>>     USA
>>>>
>>>>     Email:fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>>
>>>>
>>>>     Vina Ermagan
>>>>     Cisco Systems
>>>>     170 Tasman Drive
>>>>     San Jose, California  95134
>>>>     USA
>>>>
>>>>     Email:vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>>
>>>>
>>>>     Albert Cabellos
>>>>     Technical University of Catalonia
>>>>     c/ Jordi Girona s/n
>>>>     Barcelona  08034
>>>>     Spain
>>>>
>>>>     Email:acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>>
>>>>
>>>>     Damien Saucez
>>>>     INRIA
>>>>     2004 route des Lucioles - BP 93
>>>>     Sophia Antipolis
>>>>     France
>>>>
>>>>     Email:damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Maino, et al.             Expires April 6, 2017                [Page 19]
>>
>


--------------6B673E485238A41AA3BB2683
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi Luigi, <br>
      below are more replies skipping the ones we agreed already. Looks
      like we are converging... <br>
      <br>
      <br>
      wrt to 6830bis, I think we should not wait. I suspect the security
      review of the document will take some time, so we can do some
      progress in parallel to 6830bis. <br>
      <br>
      We will have to do a LISP-SECbis afterwards, but that should be
      simple. <br>
      <br>
      Please, see below. <br>
      <br>
      <br>
      <br>
      <br>
      On 10/24/16 3:02 AM, Luigi Iannone wrote:<br>
    </div>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      Hi Fabio,
      <div class=""><br class="">
      </div>
      <div class="">se my comment inline. </div>
      <div class="">(I do not consider the points we agree and
        everything related to the “SHOULD” clarification)</div>
      <div class=""><br class="">
      </div>
      <div class="">Thanks for your work</div>
      <div class=""><br class="">
      </div>
      <div class="">Ciao</div>
      <div class=""><br class="">
      </div>
      <div class="">L.</div>
      <div class=""><br class="">
      </div>
      <div class=""><br class="">
        <div>
          <blockquote type="cite" class="">
            <div class="">On 22 Oct 2016, at 01:23, Fabio Maino &lt;<a
                moz-do-not-send="true" href="mailto:fmaino@cisco.com"
                class="">fmaino@cisco.com</a>&gt; wrote:</div>
            <br class="Apple-interchange-newline">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <div class="moz-cite-prefix">Ciao Luigi, <br class="">
                  below I have replied to each comment. I'm working to
                  the updated text, that I will send as soon as it is
                  ready. ideally we might be able to publish a new
                  version before draft deadline. <br class="">
                </div>
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>Excellent. Thanks</div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <div class="moz-cite-prefix"> <br class="">
                  Just a note on the most recurring comment: SHOULD vs.
                  MUST. <br class="">
                  <br class="">
                  The use of SHOULD across the document is according to
                  RFC 2119: <br class="">
                  <br class="">
                  <pre style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span class="h2" style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;"><h2 style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;" class="">SHOULD  </h2></span> This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.</pre>
                  <br class="">
                  <br class="">
                  There are use cases where, carefully weighing the
                  implications, some of the security services of
                  LISP-SEC can be turned-off. We want to leave
                  implementors the freedom to allow this flexibility. <br
                    class="">
                  <br class="">
                  For example, in a DC deployment it may make sense to
                  turn off OTK decryption between XTR and MS/MR, as MiTM
                  is very unlikely. <br class="">
                  <br class="">
                  Similarly, an ITR may decide to implement a loose
                  policy on accepting an AD authenticated with an
                  algorithm different from the preferred authentication
                  algorithm expressed by the ITR. Using a MUST would
                  force support of a given authentication algorithm
                  across each and every MS and ETR, that might not be
                  the case when incrementally deploying LISP-SEC (or
                  while upgrading routers). <br class="">
                  <br class="">
                  Using a MUST would prevent this flexibility, that we
                  would like to leave to the implementors. <br class="">
                  <br class="">
                  <br class="">
                  <br class="">
                </div>
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>This is fixed as for the suggestion of Joel. Thanks.</div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <div class="moz-cite-prefix"> <br class="">
                  <br class="">
                  On 10/19/16 8:06 AM, Luigi Iannone wrote:<br class="">
                </div>
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">Dear Authors of the LISP-SEC document,</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">hereafter my review of the document.</div>
                  <div class="">This was long overdue, sorry for being
                    so late.</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">I really like the solution and the
                    majority of my comments are just clarification
                    questions.</div>
                  <div class="">Let me know if my comments are clear.</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">ciao</div>
                  <div class=""><br class="">
                  </div>
                  <div class="">L.</div>
                  <div class=""><br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                  <div class=""><br class="">
                  </div>
                  <blockquote type="cite" class="">
                    <div class="">
                      <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre>
                    </div>
                  </blockquote>
                  I find the above sentence confusing. Wouldn’t be
                  better to specify that we are talking about IP
                  addresses?</blockquote>
                <br class="">
                That's how LISP is described in RFC6830, section 1. If
                you start using the term IP address then you need to
                qualify if you are talking about Identity-IP or
                Locator-IP, so the sentence gets complicated pretty
                quickly. <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>Not really. The very first sentence of the abstract of
            6830 states:</div>
          <div><br class="">
          </div>
          <div>
            <pre style="font-size: 13.333333015441895px; margin-top: 0px; margin-bottom: 0px;" class="">This document describes a network-layer-based protocol that enables
   separation of IP addresses into two new numbering spaces: Endpoint
   Identifiers (EIDs) and Routing Locators (RLOCs). </pre>
            <div class=""><br class="">
            </div>
            <div class=""><br class="">
            </div>
            <div class="">So clearly speaks about IP address.</div>
            <div class="">Furthermore “routable" en “non routable” is
              true only in the inter-domain point of view, because EID
              are locally routable.</div>
            <div class="">Note that 6830 does not specify in the first
              sentence what is routable and what is not.</div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    ok, fixed with text from 6830. <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div>
            <div class=""><br class="">
            </div>
            <div class=""><br class="">
            </div>
          </div>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> I would
                leave this one unchanged.<br class="">
              </div>
            </div>
          </blockquote>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                  </div>
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If these EID-to-RLOC mappings, carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre>
                      </div>
                    </blockquote>
                    <div class=""><br class="">
                    </div>
                    <div class="">I would put s forward reference to
                      section 3 stating that the reader will find
                      details about the threat model.</div>
                  </div>
                </blockquote>
                <br class="">
                OK. We can replace the sentence <br class="">
                <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">A detailed description of "overclaiming" attack is provided
   in [RFC7835]

with 

The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack. 
</pre>
              </div>
            </div>
          </blockquote>
          <div>OK</div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre>
                      </div>
                    </blockquote>
                    <div class=""><br class="">
                    </div>
                    <div class="">Why are you considering ITR-OTK and
                      MS-OTK sub-terms? </div>
                    <div class="">I would elevate them at full terms,
                      hence avoiding spacing and indentation.</div>
                  </div>
                </blockquote>
                <br class="">
                Ok. <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Encapsulated Control Message (ECM): A LISP control message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre>
                      </div>
                    </blockquote>
                    <div class="">Why are you re-defining ECM? </div>
                    <div class="">You do not specify other packets,
                      e.g., Map-Reply, so why ECM?</div>
                    <div class="">I would drop it.</div>
                  </div>
                </blockquote>
                <br class="">
                It is not defined in the Definitions section of 6830.
                One would need to go through the body of 6830 to find
                it. <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>I see your point. Just keep the text and add a ref to
            section 6.1.8 of 6830. This will clarify that is something
            coming from a specific section of that document.</div>
        </div>
      </div>
    </blockquote>
    <br>
    I have dropped the definition, expanded the acronym ECM and referred
    to the specific section. <br>
    <br>
    In this way we don't have to wait for 6830bis, but we refer to the
    proper definition.<br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div> </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                I'll drop it, but we need to make sure that ECM gets
                into the definition section of 6830bis. <br class="">
                <br class="">
                Albert: are you looking into that document? Can you take
                care of this? <br class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Authentication Data (AD): Metadata that is included either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]

Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre>
                      </div>
                    </blockquote>
                    <div class=""><br class="">
                    </div>
                    <div class=""><br class="">
                    </div>
                    <div class="">
                      <div class="">Why are you considering OTK-AD,
                        EID-AD, and PKT-AD sub-terms? </div>
                      <div class="">I would elevate them at full terms,
                        hence avoiding spacing and indentation.</div>
                      <br class="">
                    </div>
                  </div>
                </blockquote>
                ok. <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   For definitions of other terms, notably Map-Request, Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre>
                      </div>
                    </blockquote>
                    <div class="">LISP-SEC does not require OTK
                      confidentiality in the mapping system. This should
                      be discussed here.</div>
                  </div>
                </blockquote>
                we could add to the above<br class="">
                <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">"and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System." 

How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo. 

</pre>
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>That’s fine for me.</div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   According to the threat model described in [RFC7835] LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]

Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre>
                      </div>
                    </blockquote>
                    <div class="">You did not define HMAC acronym.
                      Please define and add a reference.</div>
                  </div>
                </blockquote>
                <br class="">
                ok. <br class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      the integrity of the mapping data known to the Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre>
                      </div>
                    </blockquote>
                    <div class="">Why not using “MUST”???</div>
                    <div class="">Are you suggesting that a different
                      way to provide confidentiality can be used (e.g. a
                      different shared key)???</div>
                    <div class="">If yes, please state so.</div>
                    <div class=""><br class="">
                    </div>
                    <div class="">Or are you suggesting that no
                      encryption at all is used? But this means not
                      providing confidentiality…</div>
                    <div class="">Can you clarify?</div>
                    <div class=""><br class="">
                    </div>
                    (this very same comment will appear several time in
                    this review)<br class="">
                  </div>
                </blockquote>
                <br class="">
                We don't want to make the use of pre-shared key
                *mandatory* to all LISP deployments. There are
                deployments where the risk of MiTM between the xTR and
                the MS/MR may not justify the cost of provisioning a
                shared key (data centers, for example). <br class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using a preconfigured key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]

Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre>
                      </div>
                    </blockquote>
                    <div class="">This “should” should be a “SHOULD”
                       (sorry for the cacophony…)</div>
                  </div>
                </blockquote>
                <br class="">
                Ok. <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <div class="">
                      <div class="">Why not using “MUST”???</div>
                      <div class="">Are you suggesting that a different
                        way to provide confidentiality can be used (e.g.
                        a different shared key)???</div>
                      <div class="">If yes, please state so.</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">Or are you suggesting that no
                        encryption at all is used? But this means not
                        providing confidentiality…</div>
                      <div class="">Can you clarify?</div>
                    </div>
                  </div>
                </blockquote>
                <br class="">
                Same as above. <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using the key shared between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]

Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;—+
</pre>
                      </div>
                    </blockquote>
                    <div class="">I think that “rec” is mis-aligned and
                      should be shifted one character upward.</div>
                  </div>
                </blockquote>
                <br class="">
                No. The row above is the portion of the header that
                specifies how many records will follow. Rec shows one
                Rec item, in the array of Records.  It is consistent
                with 6830.<br class="">
                <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>OK</div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">                     LISP-SEC ECM Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                      </div>
                    </blockquote>
                    <div class="">This is the first document starting to
                      allocate values to the "AD Type” value. </div>
                    <div class="">Why not asking IANA to create a
                      registry??</div>
                    <div class="">(to be done in the IANA Considerations
                      Section) <br class="">
                    </div>
                  </div>
                </blockquote>
                <br class="">
                <br class="">
                Ok.<br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <div class=""><br class="">
                    </div>
                    <br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      V: Key Version bit.  This bit is toggled when the sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]

Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. </pre>
                      </div>
                    </blockquote>
                    <div class="">I am not sure I understand the
                      rationale of this “SHOULD”. If for any reason the
                      ITR does not indicate the KDF ID what are the
                      consequences?</div>
                  </div>
                </blockquote>
                <br class="">
                That should be a MAY, I believe, <br class="">
                <br class="">
                The ITR can specify "no preference" for KDF ID, using a
                value of 0. <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>I think this is the unclear information: that the ITR can
            state “no preference” using value 0.</div>
          <div>Would be good if you can state it more clearly.</div>
        </div>
      </div>
    </blockquote>
    <br>
    I've added text to clarify this. <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                In the ITR processing section 5.4,  we should add to <br
                  class="">
                <br class="">
                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.</pre>
                <br class="">
                a text like: "A KDF ID value of 0 (NONE), MAY be used to
                specify that the ITR has no preferred KDF ID".  <br
                  class="">
                <br class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">Is the MS free to choose the
                      algorithm? This should be clarified.</div>
                  </div>
                </blockquote>
                This is specified in section 5.7. <br class="">
                <br class="">
                "
                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.</pre>
                "<br class="">
                <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>Since this paragraph does not use any 2119 language it
            actually mean that an MS can choose freely the  algorithm to
            use.</div>
          <div>right?</div>
        </div>
      </div>
    </blockquote>
    <br>
    right. If the ITR does support that specific ID, the ITR may still
    decide to use it. <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre>
                      </div>
                    </blockquote>
                    <div class="">What happens if the MS will choose a
                      KDF ID not supported by the ITR?</div>
                    <div class="">Can you clarify how to solve this
                      situation or explain why this will never happen?</div>
                  </div>
                </blockquote>
                <br class="">
                This is specified in 5.4, ITR processing. <br class="">
                <br class="">
                "
                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.</pre>
                " <br class="">
                <br class="">
                <br class="">
                There are two typical use cases: <br class="">
                - strict KDF ID policy: ITR specifiy a KDF ID, and will
                discard map-reply with different KDF IDs. If local
                policy allows, another map-request will be sent with a
                different KDF ID<br class="">
                - loose KDF ID policy: ITR specify KDF ID = none, and
                will accept map-reply with any KDF ID (if supported by
                ITR). If received KDF is not supported the ITR shall
                drop the map-reply<br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>The above text does not reflect the policies you are
            describing. That “SHOULD” should be a “MAY” and your
            policies spelled out. <br>
          </div>
        </div>
      </div>
    </blockquote>
    I think we need to separate the recommendations for the two actions:
    SHOULD drop and MAY resend. <br>
    <br>
    "<br>
    <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">, the ITR SHOULD discard the Map-
   Reply. At the first opportunity it needs to, the ITR MAY send a new Map-
   Request with a different KDF ID, according to ITR's local policy.

What do you think? 
</pre>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div>Also, what is the MS stubbornly insists in using an
            algorithm that the ITR does not support?</div>
        </div>
      </div>
    </blockquote>
    <br>
    The MS might not have alternatives, as it might only support one
    algorithm. <br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">See Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]

Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                      </div>
                    </blockquote>
                    <div class="">Shouldn’t this be a different value?
                      This AD  format is different from the one
                      described in section 5.1!</div>
                    <div class="">Another reason to ask IANA for a
                      registry….</div>
                  </div>
                </blockquote>
                <br class="">
                One is the LISP-SEC authentication data that applies to
                the ECM message (when S-bit = 1), the other is the
                LISP-SEC authentication data that applies to the
                Map-Reply (when S-bit = 1).  <br class="">
                <br class="">
                Those are extensions of two different messages (ECM and
                map-reply), and they are both identified by an AD Type
                (that happens to be set to value 1 for both). <br
                  class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>This is not clear in the current text.</div>
        </div>
      </div>
    </blockquote>
    <br>
    Right. I have updated the text to clarify it. Together with the IANA
    disposition it should be clear now. <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                Yes, the AD type space is different so we will need two
                IANA registries. </div>
            </div>
          </blockquote>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                Question for the co-auhtors: should we change the name
                to 'ECM AD Type' and 'Map-Reply AD Type’?<br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>IMHO you have to, otherwise there will be always
            confusion….</div>
        </div>
      </div>
    </blockquote>
    <br>
    done.<br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]

Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre>
                      </div>
                    </blockquote>
                    <div class="">“Location Data” is something nowhere
                      defined. Can you clarify what do you mean?</div>
                  </div>
                </blockquote>
                <br class="">
                we can just remove 'Location Data’</div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>OK.</div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre>
                      </div>
                    </blockquote>
                    <div class="">I would better explain that this
                      document is allocating a bit marked as reserved in
                      6830.</div>
                  </div>
                </blockquote>
                <br class="">
                Ok. We will need to reflect this in 6830bis as well. <br
                  class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>Sure</div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">Furthermore, at the cost of being
                      redundant, I would put the packet format
                      highlighting the position of the bit so that there
                      is no confusion whatsoever.</div>
                  </div>
                </blockquote>
                <br class="">
                We wanted to  explicitly avoid to include the format of
                messages when already defined in other documents, </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          The S-bit is not defined in other documents. IMHO is important
          to have the visual aid of which exact bit your are talking
          about.</div>
        <div><br class="">
        </div>
      </div>
    </blockquote>
    I've added text to clarify. I really prefer not to have the whole
    picture, but just refer to it. <br>
    <br>
    Considering that 6830 will evolve into 6830bis, eventually (with the
    next LISP-SEC) the reference will be updated in 6830bis.  <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">so we point
                rather than copy. If we address this in 6830bis, the
                problem will be solved. <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          You mentioned 6830bis several time, let me ask: Would you like
          to reference that document?</div>
        <div>In this case we have to hold this back until we have at
          least a stable version of that document.</div>
        <div>Then the RFC editor will hold this document back until that
          one is RFC, because of missing reference.</div>
        <div>
          <div>Or you keep it this way and later on you make a ST
            version.</div>
          <div><br class="">
          </div>
          <div>Either way is fine for me.</div>
        </div>
      </div>
    </blockquote>
    <br>
    I think we should move this draft forward, without waiting for
    6830bis. Considering that this is security I expect the review
    process to last quite some time, so we can make progress without
    waiting for 6830bis. Eventually even teh LISP-SEC RFC will be
    updated, and all will be good. <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class=""><br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The S bit indicates to the Map-Server that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]

Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared key,</pre>
                      </div>
                    </blockquote>
                    In section 4 you seem to suggest that this is not
                    the only way to protect the OTK (see my comment).</div>
                  <div class="">Here instead you suggest that a shared
                    key is the only way.<br class="">
                  </div>
                </blockquote>
                <br class="">
                <br class="">
                Right. Here it says what to do IF there is a shared key,
                that is consistent with the SHOULD above. <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>OK.</div>
          <div><br class="">
          </div>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. </pre>
                      </div>
                    </blockquote>
                    <div class="">Not clear what this “SHOULD” refers
                      to.</div>
                    <div class="">IS the SHOULD related to the fact to
                      encrypt the OTK? The ITR SHOULD encrypt.</div>
                    <div class="">Or the choice of the algorithm? The
                      ITR SHOULD use the algorithm specified by the OTK
                      Encryption ID?</div>
                    <div class="">The second case looks impossible since
                      is the ITR is choosing the algorithm. May be the
                      sentence can be rewritten.</div>
                  </div>
                </blockquote>
                <br class="">
                SHOULD refers to protecting the confidentiality of the
                ITR-OTK. Maybe the 'by' should be replaced by 'with’?<br
                  class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          Just drop the “by”?</div>
        <div><br class="">
        </div>
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    Similarly to previous comment: Why it is not a MUST?<br
                      class="">
                  </div>
                </blockquote>
                Same as other SHOULD. <br class="">
                <br class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre>
                      </div>
                    </blockquote>
                    <div class="">What happens if the MS will choose a
                      HMAC not supported by the ETR or the ITR?</div>
                    <div class="">Can you clarify how to solve this
                      situation or explain why this will never happen?</div>
                  </div>
                </blockquote>
                <br class="">
                This is described 5 paragraphs below: <br class="">
                <br class="">
                "
                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  </pre>
                "<br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>What about the ETR?</div>
        </div>
      </div>
    </blockquote>
    <br>
    It's specified in 5.8, the ETR makes the same processing as the MS.
    <br>
    <br>
    "If the ETR does not support the Requested HMAC ID, it uses a
    different algorithm and updates the PKT HMAC ID field accordingly. "
    <br>
    <br>
    Also the ETR doesn't process the AD computed by the MS, it just
    copies into the Map-Reply. <br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
                      </div>
                    </blockquote>
                    <div class=""><br class="">
                    </div>
                    <div class="">What happens if the MS will choose a
                      KDF ID not supported by the ITR?</div>
                    <div class="">Can you clarify how to solve this
                      situation or explain why this will never happen?</div>
                  </div>
                </blockquote>
                <br class="">
                This is described a few paragraphs below: <br class="">
                "
                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
                "<br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>This does not guarantee that the MS will reply with
            something the ITR understands….</div>
        </div>
      </div>
    </blockquote>
    <br>
    For some local ITR's policy it may not be guaranteed. It's a balance
    between reachability and security that the ITR will have to choose.
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-AD length is set to 4 bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
                      </div>
                    </blockquote>
                    <div class="">Why a “SHOULD”? If the Map-Request has
                      S-bit=0 it mean that there is no AD, hence no OTK,
                      how can the ITR decrypt the reply?????</div>
                    <div class="">It MUST discard…..</div>
                  </div>
                </blockquote>
                <br class="">
                If S-bit = 0 there's no Authentication Data. The
                Map-reply is in clear, and can be read.</div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>I am not sure you understood my point.</div>
          <div><br class="">
          </div>
          <div>You send a Map-Request with S=0, hence unenbcrypted. How
            can you possible receive a Map-Reply with S=1?</div>
          <div>How is it encrypted if the ITR did not provide any OTK?</div>
        </div>
      </div>
    </blockquote>
    <br>
    Misconfiguration, bugs? I was just trying to enumerate the behaviors
    of the ITR. There's probably something wrong, and the map-reply
    should be discarded. Still the mapping is readable, so an ITR
    favoring reachability may decide to use the mapping. <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div><br class="">
          </div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                Here again the SHOULD leaves open to ITR local policy
                that can be strict (drop anything not authenticated) or
                loose (accept unauthenticated map-reply). <br class="">
                <br class="">
                There are use cases where LISP-SEC is not deployed
                everywhere, where the ITR might have to use loose
                policy.   <br class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                    </div>
                    <br class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Upon receiving a Map-Reply, the ITR must verify the integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre>
                      </div>
                    </blockquote>
                    Why is this a SHOULD? If it supports the HMAC
                    Algorithm why not decrypt? Shouldn’t this be a
                    “MAY”, according to internal policy?<br class="">
                  </div>
                </blockquote>
                <br class="">
                because this could be used by an attacker to force
                weaker HMACs (e.g. MD5). </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          OK</div>
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">The SHOULD
                leaves open the door to not discarding, according to
                local policy. <br class="">
                <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>OK.</div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre>
                      </div>
                    </blockquote>
                    <div class="">Shouldn’t the MS do the same thing?
                      Otherwise different values will be obtained. This
                      is not specified in the MS functioning
                      description.</div>
                  </div>
                </blockquote>
                <br class="">
                good catch. Actually it's a typo here, the EID HMAC
                field should be set to 0 (that is consistent with
                section 5.7), not the EID HMAC ID that should not be
                touched. <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          OK<br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.

should change to 

The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.
</pre>
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]

Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  </pre>
                      </div>
                    </blockquote>
                    <div class="">I do not understand this “SHOULD”.
                       This has consequences in the choice how to react
                      to SMR. This is a local policy.</div>
                    <div class="">_If_ the ITR wants to protect
                      Map-Requests using LISP-SEC, than SMR triggered
                      Map-Request MUST be sent through the mapping
                      system.</div>
                  </div>
                </blockquote>
              </div>
            </div>
          </blockquote>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                so the _if_ is what makes that MUST a SHOULD...
                According to local policy the ITR SHOULD send the SMR. </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>I read the sentence in this way:</div>
          <div><br class="">
          </div>
          <div><span class="Apple-tab-span" style="white-space:pre">	</span>In
            order to received a secure Map-Reply, the ITR MUST send SMR
            triggered Map-Requests over the mapping system.</div>
        </div>
        <div><br class="">
        </div>
        <div>No?</div>
      </div>
    </blockquote>
    <br>
    I see what you are saying. I'll rephrase as: <br>
    <br>
    If an ITR accepts piggybacked Map-Replies, it SHOULD also send a
    Map-Request over the mapping system in order to verify the
    piggybacked Map-Reply with a secure Map-Reply. <br>
    <br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If an ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre>
                      </div>
                    </blockquote>
                    <div class="">Same as above.</div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.1.  Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre>
                      </div>
                    </blockquote>
                    <div class="">I think “log message" is too much
                      implementation specific. </div>
                    <div class="">If there is a notification, and how
                      this notification is done, is implementation
                      specific IMHO.</div>
                  </div>
                </blockquote>
                Ok. 'a log message is issued' will change to 'a log
                action should be taken'. The point is that there could
                be an attack behind it, and we want to record the event
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>OK</div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]

Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre>
                      </div>
                    </blockquote>
                    <div class="">I think “log message" is too much
                      implementation specific. </div>
                    <div class="">If there is a notification, and how
                      this notification is done, is implementation
                      specific IMHO.</div>
                  </div>
                </blockquote>
                ok. Same as above.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre>
                      </div>
                    </blockquote>
                    <div class="">I think “log message" is too much
                      implementation specific. </div>
                    <div class="">If there is a notification, and how
                      this notification is done, is implementation
                      specific IMHO.</div>
                  </div>
                </blockquote>
                ok. Same as above
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">  In this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre>
                      </div>
                    </blockquote>
                    <div class="">Reading the example I am not sure I
                      would follow this behaviour.</div>
                    <div class="">Only 1 record out of 3 is valid so why
                      should I actually trust the ETR instead of
                      throwing everything away?</div>
                    <div class="">Can you explain ???</div>
                  </div>
                </blockquote>
                The other two records are validated by the MS, so there
                is no reason to throw those away. </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>Yes, but the ETR is still trying to cheat on the third
            one….</div>
          <div>So the ETR may be compromised, why should I send traffic
            to him???</div>
        </div>
      </div>
    </blockquote>
    <br>
    ITR has flagged the security exception with the log entry, and some
    local ITR policy will decide what to do (including stop
    encapsulating to the ETR, if that's what is specified by the
    policy).  At the LISP level LISP-SEC has done its job: verified
    mapping  goes into the map-cache, overclaimed mapping is dropped. <br>
    <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div><br class="">
          </div>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                    </div>
                    <div class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.2.  PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, </pre>
                      </div>
                    </blockquote>
                    <div class="">This would be LISP+ALT. Pleas add a
                      reference to 6836.</div>
                  </div>
                </blockquote>
                ok.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre>
                      </div>
                    </blockquote>
                    <div class="">If confidentiality is required why
                      there is not a MUST?</div>
                  </div>
                </blockquote>
                Same.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre>
                      </div>
                    </blockquote>
                    Again, if confidentiality is required why there is
                    not a MUST?</div>
                </blockquote>
                Same.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted with a key shared between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to [RFC3339],</pre>
                      </div>
                    </blockquote>
                    <div class="">The correct RFC is 3394.</div>
                  </div>
                </blockquote>
                ok.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]

Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre>
                      </div>
                    </blockquote>
                    <div class="">Few points on this last paragraph:</div>
                    <div class="">- You assume that there is no need of
                      confidentiality inside the Mapping System?</div>
                    <div class="">- Why not stating that encryption
                      inside the mapping system is mapping system
                      specify and out of scope of this document?</div>
                  </div>
                </blockquote>
                ok. as it was pointed out above.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">- Why are you assuming that all of the
                      Mapping system will use ECM? Future Mapping system
                      may use soemthos different. The important point is
                      to ship the AD along.</div>
                  </div>
                </blockquote>
                good point, and I agree with your suggestion to fix this
                below.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The Map-Resolver then forwards</pre>
                      </div>
                    </blockquote>
                    to whom?
                  </div>
                </blockquote>
                ok. add 'to the Map-Server'
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the received Map-Request, encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre>
                      </div>
                    </blockquote>
                    <div class="">As for my comment of the previous
                      paragraph I would be more generic stating that the
                      MR will hand over the request to the mapping
                      system.</div>
                    <div class="">
                    </div>
                    <div class="">You can still provide the example of
                      DDT using ECM.</div>
                  </div>
                </blockquote>
                right.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.7.  Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre>
                      </div>
                    </blockquote>
                    <div class="">This equivalent to not using LISP-SEC.
                      Please specify that the Map-Reply will be not
                      protected.</div>
                  </div>
                </blockquote>
                ok.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   If the S-bit contained in the Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]

Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be encrypted,</pre>
                      </div>
                    </blockquote>
                    Again, if confidentiality is required why there is
                    not a MUST?
                  </div>
                </blockquote>
                same as above.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]

Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre>
                      </div>
                    </blockquote>
                    <div class="">
                    </div>
                    <div class="">As for a previous comment, can you
                      elaborate if OTK confidentiality is required in
                      the mapping system and what are the consequences?</div>
                    <div class="">
                    </div>
                  </div>
                </blockquote>
                ok.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Map-Register security, including the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre>
                      </div>
                    </blockquote>
                    <div class="">This section is not conform to RFC
                      5226.</div>
                    <div class="">
                    </div>
                    <div class="">There right way to go is to ask IANA
                      to create three new registries, for HMAC, Key
                      Wrap, and Key Derivation functions.</div>
                    <div class="">Define what is the allocation process
                      (in light of the size of the field FCFS should not
                      cause any problem IMHO)</div>
                    <div class="">
                    </div>
                    <div class="">Then ask to populate the registries as
                      already described.</div>
                  </div>
                </blockquote>
                Ok, so each one of the sections 7.x will say: IANA is
                requested to create a new &lt;registry-name&gt; 
                registry for use … </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>There is slightly more text to add.</div>
        </div>
      </div>
    </blockquote>
    <br>
    right. I have added more. I'm almost ready to send a new rev.  <br>
    <br>
    <blockquote
      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">7.1.  HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]

Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]

Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre>
                      </div>
                    </blockquote>
                    <div class="">
                    </div>
                    <div class="">
                    </div>
                    <div class="">Please Check your reference, this is
                      the output if the nits tool:</div>
                    <div class="">
                    </div>
                    <div class="">
                    </div>
                    <div class="">Checking references for intended
                      status: Experimental</div>
                    <div class=""> 
----------------------------------------------------------------------------</div>
                    <div class="">
                    </div>
                    <div class="">  == Missing Reference: 'RFC3339' is
                      mentioned on line 602, but not defined</div>
                    <div class="">
                    </div>
                    <div class="">  == Missing Reference: 'RFC4634' is
                      mentioned on line 752, but not defined</div>
                    <div class="">
                    </div>
                    <div class="">  ** Obsolete undefined reference: RFC
                      4634 (Obsoleted by RFC 6234)</div>
                  </div>
                </blockquote>
                ok.
                <blockquote
                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2104" class="">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2119" class="">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc3394" class="">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc4086" class="">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5226" class="">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5869" class="">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6830" class="">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6833" class="">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]

Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc7835" class="">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:fmaino@cisco.com" class="">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:vermagan@cisco.com" class="">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a moz-do-not-send="true" href="mailto:acabello@ac.upc.edu" class="">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a moz-do-not-send="true" href="mailto:damien.saucez@inria.fr" class="">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page 19]</pre>
                        <div class="">
                        </div>
                      </div>
                      <div class="">
                      </div>
                      <div class="">
                      </div>
                    </blockquote>
                    <div class="">
                      <div class="">
                      </div>
                      <div class="">
                      </div>
                    </div>
                  </div>
                </blockquote>
                <div class="">
                  <br class="webkit-block-placeholder">
                </div>
              </div>
            </div>
          </blockquote>
        </div>
        <br class="">
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>

--------------6B673E485238A41AA3BB2683--


From nobody Tue Oct 25 21:07:29 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEDA912945A; Tue, 25 Oct 2016 21:07:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.383
X-Spam-Level: 
X-Spam-Status: No, score=-12.383 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_BODY=1.157, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, T_HTML_ATTACH=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QTHITw6VS94k; Tue, 25 Oct 2016 21:07:18 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3768412945C; Tue, 25 Oct 2016 21:07:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=499683; q=dns/txt; s=iport; t=1477454837; x=1478664437; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=wOf9dwpATZXDU9OZmDF385Ijh0Vna4Shadtjp4oPCDc=; b=GGSAuBxQLP3wVxiFEn/nwRoL6a/fOUGLGK1c1S115leaGJLNRBn9P7Ok 0pcNq9Sswf8QWQdh2smH+TCi7ikxIydUmSvUIRoGaUpL0zr16qajMKf9x 5MUDudZhsoKNNpmCRuOkkLwGC5Lf+oAVbY9vGwhwLw3fYU6Z/v4XwcGf+ U=;
X-Files: Diff_ draft-ietf-lisp-sec-11.txt - draft-ietf-lisp-sec-12a.txt.html,  draft-ietf-lisp-sec-12a.txt : 170662, 49563
X-IronPort-AV: E=Sophos;i="5.31,548,1473120000";  d="txt'?html'217?scan'217,208,217";a="162002564"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Oct 2016 04:07:15 +0000
Received: from [10.24.90.43] ([10.24.90.43]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id u9Q47AS1024523; Wed, 26 Oct 2016 04:07:10 GMT
To: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr> <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <748f2c3d-16fd-03f3-988d-11a9c262a43a@cisco.com>
Date: Tue, 25 Oct 2016 21:07:10 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com>
Content-Type: multipart/mixed; boundary="------------4FAFE1DA8AE8F9CD37E340F5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/JmzxEIG3tKxZ4ng2qaXvcHsqM7M>
Cc: lisp-chairs@ietf.org, Damien Saucez <damien.saucez@inria.fr>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 04:07:28 -0000

This is a multi-part message in MIME format.
--------------4FAFE1DA8AE8F9CD37E340F5
Content-Type: multipart/alternative;
 boundary="------------A72D377FADDF4FF556CDE0B9"


--------------A72D377FADDF4FF556CDE0B9
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Ciao Luigi,
here is the updated draft and the diff from -11.


Thanks,
Fabio


On 10/25/16 5:14 PM, Fabio Maino wrote:
> Hi Luigi,
> below are more replies skipping the ones we agreed already. Looks like 
> we are converging...
>
>
> wrt to 6830bis, I think we should not wait. I suspect the security 
> review of the document will take some time, so we can do some progress 
> in parallel to 6830bis.
>
> We will have to do a LISP-SECbis afterwards, but that should be simple.
>
> Please, see below.
>
>
>
>
> On 10/24/16 3:02 AM, Luigi Iannone wrote:
>> Hi Fabio,
>>
>> se my comment inline.
>> (I do not consider the points we agree and everything related to the 
>> “SHOULD” clarification)
>>
>> Thanks for your work
>>
>> Ciao
>>
>> L.
>>
>>
>>> On 22 Oct 2016, at 01:23, Fabio Maino <fmaino@cisco.com 
>>> <mailto:fmaino@cisco.com>> wrote:
>>>
>>> Ciao Luigi,
>>> below I have replied to each comment. I'm working to the updated 
>>> text, that I will send as soon as it is ready. ideally we might be 
>>> able to publish a new version before draft deadline.
>>
>> Excellent. Thanks
>>
>>>
>>> Just a note on the most recurring comment: SHOULD vs. MUST.
>>>
>>> The use of SHOULD across the document is according to RFC 2119:
>>>
>>>
>>>     SHOULD
>>>
>>>   This word, or the adjective "RECOMMENDED", mean that there
>>>     may exist valid reasons in particular circumstances to ignore a
>>>     particular item, but the full implications must be understood and
>>>     carefully weighed before choosing a different course.
>>>
>>>
>>> There are use cases where, carefully weighing the implications, some 
>>> of the security services of LISP-SEC can be turned-off. We want to 
>>> leave implementors the freedom to allow this flexibility.
>>>
>>> For example, in a DC deployment it may make sense to turn off OTK 
>>> decryption between XTR and MS/MR, as MiTM is very unlikely.
>>>
>>> Similarly, an ITR may decide to implement a loose policy on 
>>> accepting an AD authenticated with an algorithm different from the 
>>> preferred authentication algorithm expressed by the ITR. Using a 
>>> MUST would force support of a given authentication algorithm across 
>>> each and every MS and ETR, that might not be the case when 
>>> incrementally deploying LISP-SEC (or while upgrading routers).
>>>
>>> Using a MUST would prevent this flexibility, that we would like to 
>>> leave to the implementors.
>>>
>>>
>>>
>>
>> This is fixed as for the suggestion of Joel. Thanks.
>>
>>
>>>
>>>
>>> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>>>> Dear Authors of the LISP-SEC document,
>>>>
>>>> hereafter my review of the document.
>>>> This was long overdue, sorry for being so late.
>>>>
>>>> I really like the solution and the majority of my comments are just 
>>>> clarification questions.
>>>> Let me know if my comments are clear.
>>>>
>>>> ciao
>>>>
>>>> L.
>>>>
>>>>
>>>>
>>>>> 1.  Introduction
>>>>>
>>>>>     The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>>>     functions for routers to exchange information used to map from non-
>>>>>     routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>>>>     (RLOCs).
>>>> I find the above sentence confusing. Wouldn’t be better to specify 
>>>> that we are talking about IP addresses?
>>>
>>> That's how LISP is described in RFC6830, section 1. If you start 
>>> using the term IP address then you need to qualify if you are 
>>> talking about Identity-IP or Locator-IP, so the sentence gets 
>>> complicated pretty quickly.
>>>
>>
>> Not really. The very first sentence of the abstract of 6830 states:
>>
>> This document describes a network-layer-based protocol that enables
>>     separation of IP addresses into two new numbering spaces: Endpoint
>>     Identifiers (EIDs) and Routing Locators (RLOCs).
>>
>>
>> So clearly speaks about IP address.
>> Furthermore “routable" en “non routable” is true only in the 
>> inter-domain point of view, because EID are locally routable.
>> Note that 6830 does not specify in the first sentence what is 
>> routable and what is not.
>
> ok, fixed with text from 6830.
>
>
>>
>>
>>> I would leave this one unchanged.
>>>>
>>>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>>>     messages, are transmitted without integrity protection, an adversary
>>>>>     can manipulate them and hijack the communication, impersonate the
>>>>>     requested EID, or mount Denial of Service or Distributed Denial of
>>>>>     Service attacks.  Also, if the Map-Reply message is transported
>>>>>     unauthenticated, an adversarial LISP entity can overclaim an EID-
>>>>>     prefix and maliciously redirect traffic directed to a large number of
>>>>>     hosts.  A detailed description of "overclaiming" attack is provided
>>>>>     in [RFC7835].
>>>>>
>>>>>     This memo specifies LISP-SEC, a set of security mechanisms that
>>>>>     provides origin authentication, integrity and anti-replay protection
>>>>>     to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>>>     process.
>>>>
>>>> I would put s forward reference to section 3 stating that the 
>>>> reader will find details about the threat model.
>>>
>>> OK. We can replace the sentence
>>> A detailed description of "overclaiming" attack is provided
>>>     in [RFC7835]
>>>
>>> with
>>>
>>> The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack.
>> OK
>>
>>
>>>
>>>
>>>>
>>>>> LISP-SEC also enables verification of authorization on EID-
>>>>>     prefix claims in Map-Reply messages, ensuring that the sender of a
>>>>>     Map-Reply that provides the location for a given EID-prefix is
>>>>>     entitled to do so according to the EID prefix registered in the
>>>>>     associated Map-Server.  Map-Register security, including the right
>>>>>     for a LISP entity to register an EID-prefix or to claim presence at
>>>>>     an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>>>     considerations are described in Section 6.
>>>>>
>>>>> 2.  Definition of Terms
>>>>>
>>>>>        One-Time Key (OTK): An ephemeral randomly generated key that must
>>>>>        be used for a single Map-Request/Map-Reply exchange.
>>>>>
>>>>>
>>>>>
>>>>>           ITR-OTK: The One-Time Key generated at the ITR.
>>>>>
>>>>>           MS-OTK: The One-Time Key generated at the Map-Server.
>>>>
>>>> Why are you considering ITR-OTK and MS-OTK sub-terms?
>>>> I would elevate them at full terms, hence avoiding spacing and 
>>>> indentation.
>>>
>>> Ok.
>>>
>>>>
>>>>>        Encapsulated Control Message (ECM): A LISP control message that is
>>>>>        prepended with an additional LISP header.  ECM is used by ITRs to
>>>>>        send LISP control messages to a Map-Resolver, by Map-Resolvers to
>>>>>        forward LISP control messages to a Map-Server, and by Map-
>>>>>        Resolvers to forward LISP control messages to an ETR.
>>>>>
>>>> Why are you re-defining ECM?
>>>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>>>> I would drop it.
>>>
>>> It is not defined in the Definitions section of 6830. One would need 
>>> to go through the body of 6830 to find it.
>>
>> I see your point. Just keep the text and add a ref to section 6.1.8 
>> of 6830. This will clarify that is something coming from a specific 
>> section of that document.
>
> I have dropped the definition, expanded the acronym ECM and referred 
> to the specific section.
>
> In this way we don't have to wait for 6830bis, but we refer to the 
> proper definition.
>
>>
>>
>>>
>>> I'll drop it, but we need to make sure that ECM gets into the 
>>> definition section of 6830bis.
>>>
>>> Albert: are you looking into that document? Can you take care of this?
>>>
>>>
>>>>
>>>>
>>>>>        Authentication Data (AD): Metadata that is included either in a
>>>>>        LISP ECM header or in a Map-Reply message to support
>>>>>        confidentiality, integrity protection, and verification of EID-
>>>>>        prefix authorization.
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                 [Page 3]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>           OTK-AD: The portion of ECM Authentication Data that contains a
>>>>>           One-Time Key.
>>>>>
>>>>>           EID-AD: The portion of ECM and Map-Reply Authentication Data
>>>>>           used for verification of EID-prefix authorization.
>>>>>
>>>>>           PKT-AD: The portion of Map-Reply Authentication Data used to
>>>>>           protect the integrity of the Map-Reply message.
>>>>
>>>>
>>>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
>>>> I would elevate them at full terms, hence avoiding spacing and 
>>>> indentation.
>>>>
>>> ok.
>>>
>>>>
>>>>>     For definitions of other terms, notably Map-Request, Map-Reply,
>>>>>     Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>>>>>     (MS), and Map-Resolver (MR) please consult the LISP specification
>>>>>     [RFC6830].
>>>>>
>>>>> 3.  LISP-SEC Threat Model
>>>>>
>>>>>     LISP-SEC addresses the control plane threats, described in [RFC7835],
>>>>>     that target EID-to-RLOC mappings, including manipulations of Map-
>>>>>     Request and Map-Reply messages, and malicious ETR EID prefix
>>>>>     overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>>>>     mapping system is expected to deliver a Map-Request message to their
>>>>>     intended destination ETR as identified by the EID, and (2) no man-in-
>>>>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>>>>     System.  Furthermore, while LISP-SEC enables detection of EID prefix
>>>>>     overclaiming attacks, it assumes that Map-Servers can verify the EID
>>>>>     prefix authorization at time of registration.
>>>> LISP-SEC does not require OTK confidentiality in the mapping 
>>>> system. This should be discussed here.
>>> we could add to the above
>>> "and (2) no man-in-
>>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>>     System."
>>>
>>> How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo.
>>>
>>>
>>
>> That’s fine for me.
>>
>>
>>>
>>>>
>>>>
>>>>>     According to the threat model described in [RFC7835] LISP-SEC assumes
>>>>>     that any kind of attack, including MITM attacks, can be mounted in
>>>>>     the access network, outside of the boundaries of the LISP mapping
>>>>>     system.  An on-path attacker, outside of the LISP mapping system can,
>>>>>     for example, hijack Map-Request and Map-Reply messages, spoofing the
>>>>>     identity of a LISP node.  Another example of on-path attack, called
>>>>>     overclaiming attack, can be mounted by a malicious Egress Tunnel
>>>>>     Router (ETR), by overclaiming the EID-prefixes for which it is
>>>>>     authoritative.  In this way the ETR can maliciously redirect traffic
>>>>>     directed to a large number of hosts.
>>>>>
>>>>> 4.  Protocol Operations
>>>>>
>>>>>     The goal of the security mechanisms defined in [RFC6830] is to
>>>>>     prevent unauthorized insertion of mapping data by providing origin
>>>>>     authentication and integrity protection for the Map-Registration, and
>>>>>     by using the nonce to detect unsolicited Map-Reply sent by off-path
>>>>>     attackers.
>>>>>
>>>>>     LISP-SEC builds on top of the security mechanisms defined in
>>>>>     [RFC6830] to address the threats described in Section 3 by leveraging
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                 [Page 4]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     the trust relationships existing among the LISP entities
>>>>>     participating to the exchange of the Map-Request/Map-Reply messages.
>>>>>     Those trust relationships are used to securely distribute a One-Time
>>>>>     Key (OTK) that provides origin authentication, integrity and anti-
>>>>>     replay protection to mapping data conveyed via the mapping lookup
>>>>>     process, and that effectively prevent overclaiming attacks.  The
>>>>>     processing of security parameters during the Map-Request/Map-Reply
>>>>>     exchange is as follows:
>>>>>
>>>>>     o  The ITR-OTK is generated and stored at the ITR, and securely
>>>>>        transported to the Map-Server.
>>>>>
>>>>>     o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
>>>> You did not define HMAC acronym. Please define and add a reference.
>>>
>>> ok.
>>>
>>>
>>>>
>>>>>        the integrity of the mapping data known to the Map-Server to
>>>>>        prevent overclaiming attacks.  The Map-Server also derives a new
>>>>>        OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>>>>        Derivation Function (KDF) to the ITR-OTK.
>>>>>
>>>>>     o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>>>>        integrity of the Map-Reply sent to the ITR.
>>>>>
>>>>>     o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>>>>>        of the mapping data provided by both the Map-Server and the ETR,
>>>>>        and to verify that no overclaiming attacks were mounted along the
>>>>>        path between the Map-Server and the ITR.
>>>>>
>>>>>     Section 5 provides the detailed description of the LISP-SEC control
>>>>>     messages and their processing, while the rest of this section
>>>>>     describes the flow of protocol operations at each entity involved in
>>>>>     the Map-Request/Map-Reply exchange:
>>>>>
>>>>>     o  The ITR, upon needing to transmit a Map-Request message, generates
>>>>>        and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>>>>>        Encapsulated Control Message (ECM) that contains the Map-Request
>>>>>        sent to the Map-Resolver.  To provide confidentiality to the ITR-
>>>>>        OTK over the path between the ITR and its Map-Resolver, the ITR-
>>>>>        OTK SHOULD
>>>> Why not using “MUST”???
>>>> Are you suggesting that a different way to provide confidentiality 
>>>> can be used (e.g. a different shared key)???
>>>> If yes, please state so.
>>>>
>>>> Or are you suggesting that no encryption at all is used? But this 
>>>> means not providing confidentiality…
>>>> Can you clarify?
>>>>
>>>> (this very same comment will appear several time in this review)
>>>
>>> We don't want to make the use of pre-shared key *mandatory* to all 
>>> LISP deployments. There are deployments where the risk of MiTM 
>>> between the xTR and the MS/MR may not justify the cost of 
>>> provisioning a shared key (data centers, for example).
>>>
>>>
>>>>> be encrypted using a preconfigured key shared between
>>>>>        the ITR and the Map-Resolver, similar to the key shared between
>>>>>        the ETR and the Map-Server in order to secure ETR registration
>>>>>        [RFC6833].
>>>>>
>>>>>     o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>>>>>        OTK, if needed, and forwards through the Mapping System the
>>>>>        received Map-Request and the ITR-OTK, as part of a new ECM
>>>>>        message.  As described in Section 5.6, the LISP Mapping System
>>>>>        delivers the ECM to the appropriate Map-Server, as identified by
>>>>>        the EID destination address of the Map-Request.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                 [Page 5]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     o  The Map-Server is configured with the location mappings and policy
>>>>>        information for the ETR responsible for the EID destination
>>>>>        address.  Using this preconfigured information, the Map-Server,
>>>>>        after the decapsulation of the ECM message, finds the longest
>>>>>        match EID-prefix that covers the requested EID in the received
>>>>>        Map-Request.  The Map-Server adds this EID-prefix, together with
>>>>>        an HMAC computed using the ITR-OTK, to a new Encapsulated Control
>>>>>        Message that contains the received Map-Request.
>>>>>
>>>>>     o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>>>>>        Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
>>>>>        in the Encapsulated Control Message that the Map-Server uses to
>>>>>        forward the Map-Request to the ETR.  To provide MS-OTK
>>>>>        confidentiality over the path between the Map-Server and the ETR,
>>>>>        the MS-OTK should
>>>> This “should” should be a “SHOULD”  (sorry for the cacophony…)
>>>
>>> Ok.
>>>>
>>>> Why not using “MUST”???
>>>> Are you suggesting that a different way to provide confidentiality 
>>>> can be used (e.g. a different shared key)???
>>>> If yes, please state so.
>>>>
>>>> Or are you suggesting that no encryption at all is used? But this 
>>>> means not providing confidentiality…
>>>> Can you clarify?
>>>
>>> Same as above.
>>>
>>>>
>>>>> be encrypted using the key shared between the
>>>>>        ETR and the Map-Server in order to secure ETR registration
>>>>>        [RFC6833].
>>>>>
>>>>>     o  If the Map-Server is acting in proxy mode, as specified in
>>>>>        [RFC6830], the ETR is not involved in the generation of the Map-
>>>>>        Reply.  In this case the Map-Server generates the Map-Reply on
>>>>>        behalf of the ETR as described below.
>>>>>
>>>>>     o  The ETR, upon receiving the ECM encapsulated Map-Request from the
>>>>>        Map-Server, decrypts the MS-OTK, if needed, and originates a
>>>>>        standard Map-Reply that contains the EID-to-RLOC mapping
>>>>>        information as specified in [RFC6830].
>>>>>
>>>>>     o  The ETR computes an HMAC over this standard Map-Reply, keyed with
>>>>>        MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>>>>>        also copies the EID-prefix authorization data that the Map-Server
>>>>>        included in the ECM encapsulated Map-Request into the Map-Reply
>>>>>        message.  The ETR then sends this complete Map-Reply message to
>>>>>        the requesting ITR.
>>>>>
>>>>>     o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>>>>        ITR-OTK to verify the integrity of the EID-prefix authorization
>>>>>        data included in the Map-Reply by the Map-Server.  The ITR
>>>>>        computes the MS-OTK by applying the same KDF used by the Map-
>>>>>        Server, and verifies the integrity of the Map-Reply.  If the
>>>>>        integrity checks fail, the Map-Reply MUST be discarded.  Also, if
>>>>>        the EID-prefixes claimed by the ETR in the Map-Reply are not equal
>>>>>        or more specific than the EID-prefix authorization data inserted
>>>>>        by the Map-Server, the ITR MUST discard the Map-Reply.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                 [Page 6]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>> 5.  LISP-SEC Control Messages Details
>>>>>
>>>>>     LISP-SEC metadata associated with a Map-Request is transported within
>>>>>     the Encapsulated Control Message that contains the Map-Request.
>>>>>
>>>>>     LISP-SEC metadata associated with the Map-Reply is transported within
>>>>>     the Map-Reply itself.
>>>>>
>>>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>>>
>>>>>     LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>>>>     [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
>>>>>     LISP header includes Authentication Data (AD).  The format of the
>>>>>     LISP-SEC ECM Authentication Data is defined in the following figure.
>>>>>     OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
>>>>>     for EID Authentication Data.
>>>>>
>>>>>   0                   1                   2                   3
>>>>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>>>> |              OTK Length       |       OTK Encryption ID       | |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>>> |                       One-Time-Key Preamble ...               | |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
>>>>> |                   ... One-Time-Key Preamble                   | |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>>> ~                      One-Time Key (128 bits)                  ~/
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>>> |           EID-AD Length       |           KDF ID              |     |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>>>> ~                          EID-prefix ...                       ~ |   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>>> ~                            EID HMAC                           ~     |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+
>>>> I think that “rec” is mis-aligned and should be shifted one 
>>>> character upward.
>>>
>>> No. The row above is the portion of the header that specifies how 
>>> many records will follow. Rec shows one Rec item, in the array of 
>>> Records.  It is consistent with 6830.
>>>
>>>
>>
>> OK
>>
>>>
>>>>
>>>>>                       LISP-SEC ECM Authentication Data
>>>>>
>>>>>        AD Type: 1 (LISP-SEC Authentication Data)
>>>> This is the first document starting to allocate values to the "AD 
>>>> Type” value.
>>>> Why not asking IANA to create a registry??
>>>> (to be done in the IANA Considerations Section)
>>>
>>>
>>> Ok.
>>>
>>>>
>>>>
>>>>
>>>>>        V: Key Version bit.  This bit is toggled when the sender switches
>>>>>        to a new OTK wrapping key
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                 [Page 7]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>
>>>>>        Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>>>>>        Section 5.4 for details.
>>>>>
>>>>>        OTK Length: The length (in bytes) of the OTK Authentication Data
>>>>>        (OTK-AD), that contains the OTK Preamble and the OTK.
>>>>>
>>>>>        OTK Encryption ID: The identifier of the key wrapping algorithm
>>>>>        used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>>>>        unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>>>>>        NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>>>
>>>>>        One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
>>>>>        the OTK is encrypted, this field may carry additional metadata
>>>>>        resulting from the key wrapping operation.  When a 128-bit OTK is
>>>>>        sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>>>>        0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>>>
>>>>>        One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>>>>        Encryption ID.  See Section 5.5 for details.
>>>>>
>>>>>        EID-AD Length: length (in bytes) of the EID Authentication Data
>>>>>        (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>>>>>        fills the KDF ID field, and all the remaining fields part of the
>>>>>        EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>>>>        records.  Each EID-record is 4-byte long plus the length of the
>>>>>        AFI-encoded EID-prefix.
>>>>>
>>>>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>>>>        the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>>>        recommended KDF algorithm, according to local policy.
>>>> I am not sure I understand the rationale of this “SHOULD”. If for 
>>>> any reason the ITR does not indicate the KDF ID what are the 
>>>> consequences?
>>>
>>> That should be a MAY, I believe,
>>>
>>> The ITR can specify "no preference" for KDF ID, using a value of 0.
>>
>> I think this is the unclear information: that the ITR can state “no 
>> preference” using value 0.
>> Would be good if you can state it more clearly.
>
> I've added text to clarify this.
>
>>
>>
>>>
>>> In the ITR processing section 5.4,  we should add to
>>>
>>> The KDF ID field, specifies the suggested key derivation function to
>>>     be used by the Map-Server to derive the MS-OTK.
>>>
>>> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify 
>>> that the ITR has no preferred KDF ID".
>>>
>>>
>>>
>>>> Is the MS free to choose the algorithm? This should be clarified.
>>> This is specified in section 5.7.
>>>
>>> "
>>> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>     applying the key derivation function specified in the KDF ID field.
>>>     If the algorithm specified in the KDF ID field is not supported, the
>>>     Map-Server uses a different algorithm to derive the key and updates
>>>     the KDF ID field accordingly.
>>> "
>>>
>>>
>>
>> Since this paragraph does not use any 2119 language it actually mean 
>> that an MS can choose freely the  algorithm to use.
>> right?
>
> right. If the ITR does support that specific ID, the ITR may still 
> decide to use it.
>
>>
>>>
>>>>
>>>>>   The Map-
>>>>>        Server can overwrite the KDF ID if it does not support the KDF ID
>>>>>        recommended by the ITR.
>>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>>> Can you clarify how to solve this situation or explain why this 
>>>> will never happen?
>>>
>>> This is specified in 5.4, ITR processing.
>>>
>>> "
>>> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>     from the locally stored ITR-OTK using the algorithm specified in the
>>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>     Request with a different KDF ID, according to ITR's local policy.
>>> "
>>>
>>>
>>> There are two typical use cases:
>>> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard 
>>> map-reply with different KDF IDs. If local policy allows, another 
>>> map-request will be sent with a different KDF ID
>>> - loose KDF ID policy: ITR specify KDF ID = none, and will accept 
>>> map-reply with any KDF ID (if supported by ITR). If received KDF is 
>>> not supported the ITR shall drop the map-reply
>>>
>>
>> The above text does not reflect the policies you are describing. That 
>> “SHOULD” should be a “MAY” and your policies spelled out.
> I think we need to separate the recommendations for the two actions: 
> SHOULD drop and MAY resend.
>
> "
> , the ITR SHOULD discard the Map-
>     Reply. At the first opportunity it needs to, the ITR MAY send a new Map-
>     Request with a different KDF ID, according to ITR's local policy.
>
> What do you think?
>
>>
>> Also, what is the MS stubbornly insists in using an algorithm that 
>> the ITR does not support?
>
> The MS might not have alternatives, as it might only support one 
> algorithm.
>
>
>
>>
>>
>>>
>>>>
>>>>> See Section 5.4 for more details.
>>>>>
>>>>>        Record Count: The number of records in this Map-Request message.
>>>>>        A record is comprised of the portion of the packet that is labeled
>>>>>        'Rec' above and occurs the number of times equal to Record Count.
>>>>>
>>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>
>>>>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>>        integrity of the EID-AD.  This field is filled by Map-Server that
>>>>>        computed the EID-prefix HMAC.  See Section 5.4 for more details.
>>>>>
>>>>>        EID mask-len: Mask length for EID-prefix.
>>>>>
>>>>>        EID-AFI: Address family of EID-prefix according to [RFC5226]
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                 [Page 8]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>        EID-prefix: The Map-Server uses this field to specify the EID-
>>>>>        prefix that the destination ETR is authoritative for, and is the
>>>>>        longest match for the requested EID.
>>>>>
>>>>>        EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
>>>>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>>>>        to 0.  The HMAC covers the entire EID-AD.
>>>>>
>>>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>>>
>>>>>     LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
>>>>>     and S bit set to 1 to indicate that the Map-Reply message includes
>>>>>     Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>>>>     Authentication Data is defined in the following figure.  PKT-AD is
>>>>>     the Packet Authentication Data that covers the Map-Reply payload.
>>>>>
>>>>>   0                   1                   2                   3
>>>>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>> |    AD Type    |                 Reserved                      |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>>> |           EID-AD Length       |           KDF ID              |     |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>>>> ~                          EID-prefix ...                       ~ |   |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>>> ~                            EID HMAC                           ~     |
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>>> |         PKT-AD Length         |         PKT HMAC ID           |\
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>>> ~                            PKT HMAC                           ~ PKT-AD
>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>>>
>>>>>                    LISP-SEC Map-Reply Authentication Data
>>>>>
>>>>>        AD Type: 1 (LISP-SEC Authentication Data)
>>>> Shouldn’t this be a different value? This AD  format is different 
>>>> from the one described in section 5.1!
>>>> Another reason to ask IANA for a registry….
>>>
>>> One is the LISP-SEC authentication data that applies to the ECM 
>>> message (when S-bit = 1), the other is the LISP-SEC authentication 
>>> data that applies to the Map-Reply (when S-bit = 1).
>>>
>>> Those are extensions of two different messages (ECM and map-reply), 
>>> and they are both identified by an AD Type (that happens to be set 
>>> to value 1 for both).
>>
>> This is not clear in the current text.
>
> Right. I have updated the text to clarify it. Together with the IANA 
> disposition it should be clear now.
>
>
>>
>>>
>>> Yes, the AD type space is different so we will need two IANA 
>>> registries.
>>>
>>>
>>> Question for the co-auhtors: should we change the name to 'ECM AD 
>>> Type' and 'Map-Reply AD Type’?
>>
>> IMHO you have to, otherwise there will be always confusion….
>
> done.
>
>>
>>>
>>>
>>>
>>>>
>>>>
>>>>>        EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>>>>        contain multiple EID-records.  Each EID-record is 4-byte long plus
>>>>>        the length of the AFI-encoded EID-prefix.
>>>>>
>>>>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>>>>        MS-OTK.  See Section 5.7 for more details.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                 [Page 9]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>        Record Count: The number of records in this Map-Reply message.  A
>>>>>        record is comprised of the portion of the packet that is labeled
>>>>>        'Rec' above and occurs the number of times equal to Record Count.
>>>>>
>>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>
>>>>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>>        integrity of the EID-AD.  See Section 5.7 for more details.
>>>>>
>>>>>        EID mask-len: Mask length for EID-prefix.
>>>>>
>>>>>        EID-AFI: Address family of EID-prefix according to [RFC5226].
>>>>>
>>>>>        EID-prefix: This field contains an EID-prefix that the destination
>>>>>        ETR is authoritative for, and is the longest match for the
>>>>>        requested EID.
>>>>>
>>>>>        EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>>>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>>>>        to 0.  The HMAC covers the entire EID-AD.
>>>>>
>>>>>        PKT-AD Length: length (in bytes) of the Packet Authentication Data
>>>>>        (PKT-AD).
>>>>>
>>>>>        PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>>        integrity of the Map-reply Location Data.
>>>> “Location Data” is something nowhere defined. Can you clarify what 
>>>> do you mean?
>>>
>>> we can just remove 'Location Data’
>>
>> OK.
>>
>>>
>>>
>>>>
>>>>
>>>>>        PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
>>>>>        SEC Authentication Data.  The scope of the authentication goes
>>>>>        from the Map-Reply Type field to the PKT HMAC field included.
>>>>>        Before computing the HMAC operation the PKT HMAC field MUST be set
>>>>>        to 0.  See Section 5.8 for more details.
>>>>>
>>>>> 5.3.  Map-Register LISP-SEC Extentions
>>>>>
>>>>>     The second bit after the Type field in a Map-Register message is
>>>>>     allocated as the S bit.
>>>> I would better explain that this document is allocating a bit 
>>>> marked as reserved in 6830.
>>>
>>> Ok. We will need to reflect this in 6830bis as well.
>>
>> Sure
>>
>>
>>>
>>>> Furthermore, at the cost of being redundant, I would put the packet 
>>>> format highlighting the position of the bit so that there is no 
>>>> confusion whatsoever.
>>>
>>> We wanted to  explicitly avoid to include the format of messages 
>>> when already defined in other documents,
>>
>> The S-bit is not defined in other documents. IMHO is important to 
>> have the visual aid of which exact bit your are talking about.
>>
> I've added text to clarify. I really prefer not to have the whole 
> picture, but just refer to it.
>
> Considering that 6830 will evolve into 6830bis, eventually (with the 
> next LISP-SEC) the reference will be updated in 6830bis.
>
>
>>> so we point rather than copy. If we address this in 6830bis, the 
>>> problem will be solved.
>>
>> You mentioned 6830bis several time, let me ask: Would you like to 
>> reference that document?
>> In this case we have to hold this back until we have at least a 
>> stable version of that document.
>> Then the RFC editor will hold this document back until that one is 
>> RFC, because of missing reference.
>> Or you keep it this way and later on you make a ST version.
>>
>> Either way is fine for me.
>
> I think we should move this draft forward, without waiting for 
> 6830bis. Considering that this is security I expect the review process 
> to last quite some time, so we can make progress without waiting for 
> 6830bis. Eventually even teh LISP-SEC RFC will be updated, and all 
> will be good.
>
>>
>>
>>
>>>
>>>
>>>>
>>>>> The S bit indicates to the Map-Server that
>>>>>     the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
>>>>>     SEC MUST set the S bit in its Map-Register messages.
>>>>>
>>>>> 5.4.  ITR Processing
>>>>>
>>>>>     Upon creating a Map-Request, the ITR generates a random ITR-OTK that
>>>>>     is stored locally, together with the nonce generated as specified in
>>>>>     [RFC6830].
>>>>>
>>>>>     The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
>>>>>     1, to indicate the presence of Authentication Data.  If the ITR and
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 10]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     the Map-Resolver are configured with a shared key,
>>>> In section 4 you seem to suggest that this is not the only way to 
>>>> protect the OTK (see my comment).
>>>> Here instead you suggest that a shared key is the only way.
>>>
>>>
>>> Right. Here it says what to do IF there is a shared key, that is 
>>> consistent with the SHOULD above.
>>
>> OK.
>>
>>>
>>>
>>>>>   the ITR-OTK
>>>>>     confidentiality SHOULD be protected by wrapping the ITR-OTK with the
>>>>>     algorithm specified by the OTK Encryption ID field.
>>>> Not clear what this “SHOULD” refers to.
>>>> IS the SHOULD related to the fact to encrypt the OTK? The ITR 
>>>> SHOULD encrypt.
>>>> Or the choice of the algorithm? The ITR SHOULD use the algorithm 
>>>> specified by the OTK Encryption ID?
>>>> The second case looks impossible since is the ITR is choosing the 
>>>> algorithm. May be the sentence can be rewritten.
>>>
>>> SHOULD refers to protecting the confidentiality of the ITR-OTK. 
>>> Maybe the 'by' should be replaced by 'with’?
>>
>> Just drop the “by”?
>>
>>
>>>
>>>>
>>>> Similarly to previous comment: Why it is not a MUST?
>>> Same as other SHOULD.
>>>
>>>
>>>
>>>>>   See Section 5.5
>>>>>     for further details on OTK encryption.
>>>>>
>>>>>     The Requested HMAC ID field contains the suggested HMAC algorithm to
>>>>>     be used by the Map-Server and the ETR to protect the integrity of the
>>>>>     ECM Authentication data and of the Map-Reply.
>>>>>
>>>> What happens if the MS will choose a HMAC not supported by the ETR 
>>>> or the ITR?
>>>> Can you clarify how to solve this situation or explain why this 
>>>> will never happen?
>>>
>>> This is described 5 paragraphs below:
>>>
>>> "
>>> If the EID HMAC ID field does
>>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>>>     and send, at the first opportunity it needs to, a new Map-Request
>>>     with a different Requested HMAC ID field, according to ITR's local
>>>     policy.
>>> "
>>>
>>
>> What about the ETR?
>
> It's specified in 5.8, the ETR makes the same processing as the MS.
>
> "If the ETR does not support the Requested HMAC ID, it uses a 
> different algorithm and updates the PKT HMAC ID field accordingly. "
>
> Also the ETR doesn't process the AD computed by the MS, it just copies 
> into the Map-Reply.
>
>
>
>>
>>>
>>>>
>>>>>     The KDF ID field, specifies the suggested key derivation function to
>>>>>     be used by the Map-Server to derive the MS-OTK.
>>>>
>>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>>> Can you clarify how to solve this situation or explain why this 
>>>> will never happen?
>>>
>>> This is described a few paragraphs below:
>>> "
>>> If the KDF ID in the Map-Reply does not match the
>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>     Request with a different KDF ID, according to ITR's...
>>> "
>>>
>>
>> This does not guarantee that the MS will reply with something the ITR 
>> understands….
>
> For some local ITR's policy it may not be guaranteed. It's a balance 
> between reachability and security that the ITR will have to choose.
>
>
>
>
>
>
>>
>>
>>
>>>>
>>>>>     The EID-AD length is set to 4 bytes, since the Authentication Data
>>>>>     does not contain EID-prefix Authentication Data, and the EID-AD
>>>>>     contains only the KDF ID field.
>>>>>
>>>>>     In response to an encapsulated Map-Request that has the S-bit set, an
>>>>>     ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>>>>     EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
>>>>>     ITR MUST discard it.  In response to an encapsulated Map-Request with
>>>>>     S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
>>>>>     the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>>> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there 
>>>> is no AD, hence no OTK, how can the ITR decrypt the reply?????
>>>> It MUST discard…..
>>>
>>> If S-bit = 0 there's no Authentication Data. The Map-reply is in 
>>> clear, and can be read.
>>
>> I am not sure you understood my point.
>>
>> You send a Map-Request with S=0, hence unenbcrypted. How can you 
>> possible receive a Map-Reply with S=1?
>> How is it encrypted if the ITR did not provide any OTK?
>
> Misconfiguration, bugs? I was just trying to enumerate the behaviors 
> of the ITR. There's probably something wrong, and the map-reply should 
> be discarded. Still the mapping is readable, so an ITR favoring 
> reachability may decide to use the mapping.
>
>>
>>
>>
>>
>>>
>>>
>>> Here again the SHOULD leaves open to ITR local policy that can be 
>>> strict (drop anything not authenticated) or loose (accept 
>>> unauthenticated map-reply).
>>>
>>> There are use cases where LISP-SEC is not deployed everywhere, where 
>>> the ITR might have to use loose policy.
>>>
>>>
>>>>
>>>>
>>>>>     Upon receiving a Map-Reply, the ITR must verify the integrity of both
>>>>>     the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>>>>>     the integrity checks fails.
>>>>>
>>>>>     The integrity of the EID-AD is verified using the locally stored ITR-
>>>>>     OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>>>     specified in the EID HMAC ID field.  If the EID HMAC ID field does
>>>>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>>>> Why is this a SHOULD? If it supports the HMAC Algorithm why not 
>>>> decrypt? Shouldn’t this be a “MAY”, according to internal policy?
>>>
>>> because this could be used by an attacker to force weaker HMACs 
>>> (e.g. MD5).
>>
>> OK
>>
>>> The SHOULD leaves open the door to not discarding, according to 
>>> local policy.
>>>
>>>
>>
>> OK.
>>
>>
>>>
>>>
>>>>>     and send, at the first opportunity it needs to, a new Map-Request
>>>>>     with a different Requested HMAC ID field, according to ITR's local
>>>>>     policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
>>>>>     the HMAC.
>>>> Shouldn’t the MS do the same thing? Otherwise different values will 
>>>> be obtained. This is not specified in the MS functioning description.
>>>
>>> good catch. Actually it's a typo here, the EID HMAC field should be 
>>> set to 0 (that is consistent with section 5.7), not the EID HMAC ID 
>>> that should not be touched.
>>>
>>
>> OK
>>>
>>> The ITR MUST set the EID HMAC ID field to 0 before computing
>>>     the HMAC.
>>>
>>> should change to
>>>
>>> The scope of the HMAC operation covers the
>>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>     which must be set to 0 before the computation.
>>>>>     To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>>>     from the locally stored ITR-OTK using the algorithm specified in the
>>>>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>>>     Request with a different KDF ID, according to ITR's local policy.
>>>>>     The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
>>>>>     using the Algorithm specified in the PKT HMAC ID field.  If the PKT
>>>>>     HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>>>>     discard the Map-Reply and send, at the first opportunity it needs to,
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 11]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     a new Map-Request with a different Requested HMAC ID according to
>>>>>     ITR's local policy.
>>>>>
>>>>>     Each individual Map-Reply EID-record is considered valid only if: (1)
>>>>>     both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>>>>     EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>>>>>     contained in the EID-AD is not empty.  After identifying the Map-
>>>>>     Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>>>>>     record to the value of the intersection set computed before, and adds
>>>>>     the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>>>>>     [RFC6830].  An example of Map-Reply record validation is provided in
>>>>>     Section 5.4.1.
>>>>>
>>>>>     The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>>>>     system in order to receive a secure Map-Reply.
>>>> I do not understand this “SHOULD”.  This has consequences in the 
>>>> choice how to react to SMR. This is a local policy.
>>>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than SMR 
>>>> triggered Map-Request MUST be sent through the mapping system.
>>
>>> so the _if_ is what makes that MUST a SHOULD... According to local 
>>> policy the ITR SHOULD send the SMR.
>>
>> I read the sentence in this way:
>>
>> In order to received a secure Map-Reply, the ITR MUST send SMR 
>> triggered Map-Requests over the mapping system.
>>
>> No?
>
> I see what you are saying. I'll rephrase as:
>
> If an ITR accepts piggybacked Map-Replies, it SHOULD also send a 
> Map-Request over the mapping system in order to verify the piggybacked 
> Map-Reply with a secure Map-Reply.
>
>
>
>
>>
>>>>> If an ITR accepts
>>>>>     piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>>>>>     mapping system in order to securely verify the piggybacked Map-Reply.
>>>> Same as above.
>>>>> 5.4.1.  Map-Reply Record Validation
>>>>>
>>>>>     The payload of a Map-Reply may contain multiple EID-records.  The
>>>>>     whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>>>>>     integrity protection and origin authentication to the EID-prefix
>>>>>     records claimed by the ETR.  The Authentication Data field of a Map-
>>>>>     Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
>>>>>     signed by the Map-Server, with the EID HMAC, to provide integrity
>>>>>     protection and origin authentication to the EID-prefix records
>>>>>     inserted by the Map-Server.
>>>>>
>>>>>     Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>>>>>     the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
>>>>>     one of the HMACs is not valid, a log message is issued and the Map-
>>>>>     Reply is not processed any further.
>>>> I think “log message" is too much implementation specific.
>>>> If there is a notification, and how this notification is done, is 
>>>> implementation specific IMHO.
>>> Ok. 'a log message is issued' will change to 'a log action should be 
>>> taken'. The point is that there could be an attack behind it, and we 
>>> want to record the event
>>
>> OK
>>
>>>>> If both HMACs are valid, the ITR
>>>>>     proceeds with validating each individual EID-record claimed by the
>>>>>     ETR by computing the intersection of each one of the EID-prefix
>>>>>     contained in the payload of the Map-Reply with each one of the EID-
>>>>>     prefixes contained in the EID-AD.  An EID-record is valid only if at
>>>>>     least one of the intersections is not the empty set.
>>>>>
>>>>>     For instance, the Map-Reply payload contains 3 mapping record EID-
>>>>>     prefixes:
>>>>>
>>>>>        1.1.1.0/24
>>>>>
>>>>>        1.1.2.0/24
>>>>>
>>>>>        1.2.0.0/16
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 12]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     The EID-AD contains two EID-prefixes:
>>>>>
>>>>>        1.1.2.0/24
>>>>>
>>>>>        1.2.3.0/24
>>>>>
>>>>>     The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>>>>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>>     log message is issued.
>>>> I think “log message" is too much implementation specific.
>>>> If there is a notification, and how this notification is done, is 
>>>> implementation specific IMHO.
>>> ok. Same as above.
>>>>>     The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
>>>>>     because it matches the second EID-prefix contained in the EID-AD.
>>>>>
>>>>>     The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>>>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>>     log message is issued.
>>>> I think “log message" is too much implementation specific.
>>>> If there is a notification, and how this notification is done, is 
>>>> implementation specific IMHO.
>>> ok. Same as above
>>>>>    In this last example the ETR is trying to
>>>>>     over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>>>>     only 1.2.3.0/24, hence the EID-record is discarded.
>>>> Reading the example I am not sure I would follow this behaviour.
>>>> Only 1 record out of 3 is valid so why should I actually trust the 
>>>> ETR instead of throwing everything away?
>>>> Can you explain ???
>>> The other two records are validated by the MS, so there is no reason 
>>> to throw those away.
>>
>> Yes, but the ETR is still trying to cheat on the third one….
>> So the ETR may be compromised, why should I send traffic to him???
>
> ITR has flagged the security exception with the log entry, and some 
> local ITR policy will decide what to do (including stop encapsulating 
> to the ETR, if that's what is specified by the policy).  At the LISP 
> level LISP-SEC has done its job: verified mapping  goes into the 
> map-cache, overclaimed mapping is dropped.
>
>
>>
>>
>>>>> 5.4.2.  PITR Processing
>>>>>
>>>>>     The processing performed by a PITR is equivalent to the processing of
>>>>>     an ITR.  However, if the PITR is directly connected to the ALT,
>>>> This would be LISP+ALT. Pleas add a reference to 6836.
>>> ok.
>>>>> the
>>>>>     PITR performs the functions of both the ITR and the Map-Resolver
>>>>>     forwarding the Map-Request encapsulated in an ECM header that
>>>>>     includes the Authentication Data fields as described in Section 5.6.
>>>>>
>>>>> 5.5.  Encrypting and Decrypting an OTK
>>>>>
>>>>>     MS-OTK confidentiality is required in the path between the Map-Server
>>>>>     and the ETR, the MS-OTK SHOULD
>>>> If confidentiality is required why there is not a MUST?
>>> Same.
>>>>>   be encrypted using the preconfigured
>>>>>     key shared between the Map-Server and the ETR for the purpose of
>>>>>     securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>>>     confidentiality is required in the path between the ITR and the Map-
>>>>>     Resolver, the ITR-OTK SHOULD
>>>> Again, if confidentiality is required why there is not a MUST?
>>> Same.
>>>>> be encrypted with a key shared between
>>>>>     the ITR and the Map-Resolver.
>>>>>
>>>>>     The OTK is encrypted using the algorithm specified in the OTK
>>>>>     Encryption ID field.  When the AES Key Wrap algorithm is used to
>>>>>     encrypt a 128-bit OTK, according to [RFC3339],
>>>> The correct RFC is 3394.
>>> ok.
>>>>>   the AES Key Wrap
>>>>>     Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>>>>     The output of the AES Key Wrap operation is 192-bit long.  The most
>>>>>     significant 64-bit are copied in the One-Time Key Preamble field,
>>>>>     while the 128 less significant bits are copied in the One-Time Key
>>>>>     field of the LISP-SEC Authentication Data.
>>>>>
>>>>>     When decrypting an encrypted OTK the receiver MUST verify that the
>>>>>     Initialization Value resulting from the AES Key Wrap decryption
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 13]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
>>>>>     the receiver MUST discard the entire message.
>>>>>
>>>>>     When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>>>>>     to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>>>     0x0000000000000000 (64 bits).
>>>>>
>>>>> 5.6.  Map-Resolver Processing
>>>>>
>>>>>     Upon receiving an encapsulated Map-Request with the S-bit set, the
>>>>>     Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>>>     encrypted, is decrypted as specified in Section 5.5.
>>>>>
>>>>>     The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>>>>     header with the S-bit set, that contains the unencrypted ITR-OTK, as
>>>>>     specified in Section 5.5, and the other data derived from the ECM
>>>>>     Authentication Data of the received encapsulated Map-Request.
>>>> Few points on this last paragraph:
>>>> - You assume that there is no need of confidentiality inside the 
>>>> Mapping System?
>>>> - Why not stating that encryption inside the mapping system is 
>>>> mapping system specify and out of scope of this document?
>>> ok. as it was pointed out above.
>>>> - Why are you assuming that all of the Mapping system will use ECM? 
>>>> Future Mapping system may use soemthos different. The important 
>>>> point is to ship the AD along.
>>> good point, and I agree with your suggestion to fix this below.
>>>>>     The Map-Resolver then forwards
>>>> to whom?
>>> ok. add 'to the Map-Server'
>>>>>   the received Map-Request, encapsulated
>>>>>     in the new ECM header that includes the newly computed Authentication
>>>>>     Data fields.
>>>> As for my comment of the previous paragraph I would be more generic 
>>>> stating that the MR will hand over the request to the mapping system.
>>>> You can still provide the example of DDT using ECM.
>>> right.
>>>>> 5.7.  Map-Server Processing
>>>>>
>>>>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>>     the Map-Server process the Map-Request according to the value of the
>>>>>     S-bit contained in the Map-Register sent by the ETR during
>>>>>     registration.
>>>>>
>>>>>     If the S-bit contained in the Map-Register was clear the Map-Server
>>>>>     decapsulates the ECM and generates a new ECM encapsulated Map-Request
>>>>>     that does not contain an ECM Authentication Data, as specified in
>>>>>     [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>>>>     processing.
>>>> This equivalent to not using LISP-SEC. Please specify that the 
>>>> Map-Reply will be not protected.
>>> ok.
>>>>>     If the S-bit contained in the Map-Register was set the Map-Server
>>>>>     decapsulates the ECM and generates a new ECM Authentication Data.
>>>>>     The Authentication Data includes the OTK-AD and the EID-AD, that
>>>>>     contains EID-prefix authorization information, that are ultimately
>>>>>     sent to the requesting ITR.
>>>>>
>>>>>     The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>>>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>>     applying the key derivation function specified in the KDF ID field.
>>>>>     If the algorithm specified in the KDF ID field is not supported, the
>>>>>     Map-Server uses a different algorithm to derive the key and updates
>>>>>     the KDF ID field accordingly.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 14]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     The Map-Server and the ETR MUST be configured with a shared key for
>>>>>     mapping registration according to [RFC6833].  If MS-OTK
>>>>>     confidentiality is required, then the MS-OTK SHOULD be encrypted,
>>>> Again, if confidentiality is required why there is not a MUST?
>>> same as above.
>>>>>   by
>>>>>     wrapping the MS-OTK with the algorithm specified by the OTK
>>>>>     Encryption ID field as specified in Section 5.5.
>>>>>
>>>>>     The Map-Server includes in the EID-AD the longest match registered
>>>>>     EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>>>>>     The HMAC is keyed with the ITR-OTK contained in the received ECM
>>>>>     Authentication Data, and the HMAC algorithm is chosen according to
>>>>>     the Requested HMAC ID field.  If The Map-Server does not support this
>>>>>     algorithm, the Map-Server uses a different algorithm and specifies it
>>>>>     in the EID HMAC ID field.  The scope of the HMAC operation covers the
>>>>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>>>     which must be set to 0 before the computation.
>>>>>
>>>>>     The Map-Server then forwards the updated ECM encapsulated Map-
>>>>>     Request, that contains the OTK-AD, the EID-AD, and the received Map-
>>>>>     Request to an authoritative ETR as specified in [RFC6830].
>>>>>
>>>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>>>
>>>>>     If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>>>>     specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>>>>     includes the Authentication Data that contains the EID-AD, computed
>>>>>     as specified in Section 5.7, as well as the PKT-AD computed as
>>>>>     specified in Section 5.8.
>>>>>
>>>>> 5.8.  ETR Processing
>>>>>
>>>>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>>     the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>>>>>     is decrypted as specified in Section 5.5 to obtain the unencrypted
>>>>>     MS-OTK.
>>>>>
>>>>>     The ETR then generates a Map-Reply as specified in [RFC6830] and
>>>>>     includes the Authentication Data that contains the EID-AD, as
>>>>>     received in the encapsulated Map-Request, as well as the PKT-AD.
>>>>>
>>>>>     The EID-AD is copied from the Authentication Data of the received
>>>>>     encapsulated Map-Request.
>>>>>
>>>>>     The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>>>>     with the MS-OTK and computed using the HMAC algorithm specified in
>>>>>     the Requested HMAC ID field of the received encapsulated Map-Request.
>>>>>     If the ETR does not support the Requested HMAC ID, it uses a
>>>>>     different algorithm and updates the PKT HMAC ID field accordingly.
>>>>>     The scope of the HMAC operation covers the entire PKT-AD, from the
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 15]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     Map-Reply Type field to the PKT HMAC field, which must be set to 0
>>>>>     before the computation.
>>>>>
>>>>>     Finally the ETR sends the Map-Reply to the requesting ITR as
>>>>>     specified in [RFC6830].
>>>>>
>>>>> 6.  Security Considerations
>>>>>
>>>>> 6.1.  Mapping System Security
>>>>>
>>>>>     The LISP-SEC threat model described in Section 3, assumes that the
>>>>>     LISP Mapping System is working properly and eventually delivers Map-
>>>>>     Request messages to a Map-Server that is authoritative for the
>>>>>     requested EID.
>>>>>
>>>> As for a previous comment, can you elaborate if OTK confidentiality 
>>>> is required in the mapping system and what are the consequences?
>>> ok.
>>>>>     Map-Register security, including the right for a LISP entity to
>>>>>     register an EID-prefix or to claim presence at an RLOC, is out of the
>>>>>     scope of LISP-SEC.
>>>>>
>>>>> 6.2.  Random Number Generation
>>>>>
>>>>>     The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
>>>>>     strong random) source.  See [RFC4086] for advice on generating
>>>>>     security-sensitive random data
>>>>>
>>>>> 6.3.  Map-Server and ETR Colocation
>>>>>
>>>>>     If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>>>     provide protection from overclaiming attacks mounted by the ETR.
>>>>>     However, in this particular case, since the ETR is within the trust
>>>>>     boundaries of the Map-Server, ETR's overclaiming attacks are not
>>>>>     included in the threat model.
>>>>>
>>>>> 7.  IANA Considerations
>>>> This section is not conform to RFC 5226.
>>>> There right way to go is to ask IANA to create three new 
>>>> registries, for HMAC, Key Wrap, and Key Derivation functions.
>>>> Define what is the allocation process (in light of the size of the 
>>>> field FCFS should not cause any problem IMHO)
>>>> Then ask to populate the registries as already described.
>>> Ok, so each one of the sections 7.x will say: IANA is requested to 
>>> create a new <registry-name> registry for use …
>>
>> There is slightly more text to add.
>
> right. I have added more. I'm almost ready to send a new rev.
>
>>
>>
>>>>> 7.1.  HMAC functions
>>>>>
>>>>>     The following HMAC ID values are defined by this memo for use as
>>>>>     Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>>>>     Authentication Data:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 16]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>               Name                     Number        Defined In
>>>>>               -------------------------------------------------
>>>>>               NONE                     0
>>>>>               AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>>>>               AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>>>>
>>>>>               values 2-65535 are reserved to IANA.
>>>>>
>>>>>                                HMAC Functions
>>>>>
>>>>>     AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
>>>>>     supported.
>>>>>
>>>>> 7.2.  Key Wrap Functions
>>>>>
>>>>>     The following OTK Encryption ID values are defined by this memo for
>>>>>     use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>>>>     Data:
>>>>>
>>>>>               Name                     Number        Defined In
>>>>>               -------------------------------------------------
>>>>>               NULL-KEY-WRAP-128        1
>>>>>               AES-KEY-WRAP-128         2             [RFC3394]
>>>>>
>>>>>               values 0 and 3-65535 are reserved to IANA.
>>>>>
>>>>>                              Key Wrap Functions
>>>>>
>>>>>     NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>>>
>>>>>     NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
>>>>>     64-bit preamble set to 0x0000000000000000 (64 bits).
>>>>>
>>>>> 7.3.  Key Derivation Functions
>>>>>
>>>>>     The following KDF ID values are defined by this memo for use as KDF
>>>>>     ID in the LISP-SEC Authentication Data:
>>>>>
>>>>>               Name                     Number        Defined In
>>>>>               -------------------------------------------------
>>>>>               NONE                     0
>>>>>               HKDF-SHA1-128            1             [RFC5869]
>>>>>
>>>>>               values 2-65535 are reserved to IANA.
>>>>>
>>>>>                           Key Derivation Functions
>>>>>
>>>>>     HKDF-SHA1-128 MUST be supported
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 17]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>> 8.  Acknowledgements
>>>>>
>>>>>     The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
>>>>>     Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>>>>     Noll for their valuable suggestions provided during the preparation
>>>>>     of this document.
>>>>>
>>>>> 9.  Normative References
>>>> Please Check your reference, this is the output if the nits tool:
>>>> Checking references for intended status: Experimental
>>>> ----------------------------------------------------------------------------
>>>>   == Missing Reference: 'RFC3339' is mentioned on line 602, but not 
>>>> defined
>>>>   == Missing Reference: 'RFC4634' is mentioned on line 752, but not 
>>>> defined
>>>>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
>>> ok.
>>>>>     [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>>>>>                Hashing for Message Authentication", RFC 2104,
>>>>>                DOI 10.17487/RFC2104, February 1997,
>>>>>                <http://www.rfc-editor.org/info/rfc2104>.
>>>>>
>>>>>     [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>>>                Requirement Levels", BCP 14, RFC 2119,
>>>>>                DOI 10.17487/RFC2119, March 1997,
>>>>>                <http://www.rfc-editor.org/info/rfc2119>.
>>>>>
>>>>>     [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>>>>>                (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
>>>>>                September 2002, <http://www.rfc-editor.org/info/rfc3394>.
>>>>>
>>>>>     [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>>>                "Randomness Requirements for Security", BCP 106, RFC 4086,
>>>>>                DOI 10.17487/RFC4086, June 2005,
>>>>>                <http://www.rfc-editor.org/info/rfc4086>.
>>>>>
>>>>>     [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>>>>>                IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>>>>>                DOI 10.17487/RFC5226, May 2008,
>>>>>                <http://www.rfc-editor.org/info/rfc5226>.
>>>>>
>>>>>     [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
>>>>>                Key Derivation Function (HKDF)", RFC 5869,
>>>>>                DOI 10.17487/RFC5869, May 2010,
>>>>>                <http://www.rfc-editor.org/info/rfc5869>.
>>>>>
>>>>>     [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>>>>>                Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>>>                DOI 10.17487/RFC6830, January 2013,
>>>>>                <http://www.rfc-editor.org/info/rfc6830>.
>>>>>
>>>>>     [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>>>                Protocol (LISP) Map-Server Interface", RFC 6833,
>>>>>                DOI 10.17487/RFC6833, January 2013,
>>>>>                <http://www.rfc-editor.org/info/rfc6833>.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 18]
>>>>> 
>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>
>>>>>
>>>>>     [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>>>>>                Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>>>>                DOI 10.17487/RFC7835, April 2016,
>>>>>                <http://www.rfc-editor.org/info/rfc7835>.
>>>>>
>>>>> Authors' Addresses
>>>>>
>>>>>     Fabio Maino
>>>>>     Cisco Systems
>>>>>     170 Tasman Drive
>>>>>     San Jose, California  95134
>>>>>     USA
>>>>>
>>>>>     Email:fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>>>
>>>>>
>>>>>     Vina Ermagan
>>>>>     Cisco Systems
>>>>>     170 Tasman Drive
>>>>>     San Jose, California  95134
>>>>>     USA
>>>>>
>>>>>     Email:vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>>>
>>>>>
>>>>>     Albert Cabellos
>>>>>     Technical University of Catalonia
>>>>>     c/ Jordi Girona s/n
>>>>>     Barcelona  08034
>>>>>     Spain
>>>>>
>>>>>     Email:acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>>>
>>>>>
>>>>>     Damien Saucez
>>>>>     INRIA
>>>>>     2004 route des Lucioles - BP 93
>>>>>     Sophia Antipolis
>>>>>     France
>>>>>
>>>>>     Email:damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maino, et al.             Expires April 6, 2017                [Page 19]
>>>
>>
>


--------------A72D377FADDF4FF556CDE0B9
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Ciao Luigi, <br>
      here is the updated draft and the diff from -11. <br>
      <br>
      <br>
      Thanks,<br>
      Fabio<br>
      <br>
      <br>
      On 10/25/16 5:14 PM, Fabio Maino wrote:<br>
    </div>
    <blockquote
      cite="mid:37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com"
      type="cite">
      <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
      <div class="moz-cite-prefix">Hi Luigi, <br>
        below are more replies skipping the ones we agreed already.
        Looks like we are converging... <br>
        <br>
        <br>
        wrt to 6830bis, I think we should not wait. I suspect the
        security review of the document will take some time, so we can
        do some progress in parallel to 6830bis. <br>
        <br>
        We will have to do a LISP-SECbis afterwards, but that should be
        simple. <br>
        <br>
        Please, see below. <br>
        <br>
        <br>
        <br>
        <br>
        On 10/24/16 3:02 AM, Luigi Iannone wrote:<br>
      </div>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <meta http-equiv="Content-Type" content="text/html;
          charset=utf-8">
        Hi Fabio,
        <div class=""><br class="">
        </div>
        <div class="">se my comment inline. </div>
        <div class="">(I do not consider the points we agree and
          everything related to the “SHOULD” clarification)</div>
        <div class=""><br class="">
        </div>
        <div class="">Thanks for your work</div>
        <div class=""><br class="">
        </div>
        <div class="">Ciao</div>
        <div class=""><br class="">
        </div>
        <div class="">L.</div>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
          <div>
            <blockquote type="cite" class="">
              <div class="">On 22 Oct 2016, at 01:23, Fabio Maino &lt;<a
                  moz-do-not-send="true" href="mailto:fmaino@cisco.com"
                  class="">fmaino@cisco.com</a>&gt; wrote:</div>
              <br class="Apple-interchange-newline">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <div class="moz-cite-prefix">Ciao Luigi, <br class="">
                    below I have replied to each comment. I'm working to
                    the updated text, that I will send as soon as it is
                    ready. ideally we might be able to publish a new
                    version before draft deadline. <br class="">
                  </div>
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>Excellent. Thanks</div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <div class="moz-cite-prefix"> <br class="">
                    Just a note on the most recurring comment: SHOULD
                    vs. MUST. <br class="">
                    <br class="">
                    The use of SHOULD across the document is according
                    to RFC 2119: <br class="">
                    <br class="">
                    <pre style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span class="h2" style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;"><h2 style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;" class="">SHOULD  </h2></span> This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.</pre>
                    <br class="">
                    <br class="">
                    There are use cases where, carefully weighing the
                    implications, some of the security services of
                    LISP-SEC can be turned-off. We want to leave
                    implementors the freedom to allow this flexibility.
                    <br class="">
                    <br class="">
                    For example, in a DC deployment it may make sense to
                    turn off OTK decryption between XTR and MS/MR, as
                    MiTM is very unlikely. <br class="">
                    <br class="">
                    Similarly, an ITR may decide to implement a loose
                    policy on accepting an AD authenticated with an
                    algorithm different from the preferred
                    authentication algorithm expressed by the ITR. Using
                    a MUST would force support of a given authentication
                    algorithm across each and every MS and ETR, that
                    might not be the case when incrementally deploying
                    LISP-SEC (or while upgrading routers). <br class="">
                    <br class="">
                    Using a MUST would prevent this flexibility, that we
                    would like to leave to the implementors. <br
                      class="">
                    <br class="">
                    <br class="">
                    <br class="">
                  </div>
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>This is fixed as for the suggestion of Joel. Thanks.</div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <div class="moz-cite-prefix"> <br class="">
                    <br class="">
                    On 10/19/16 8:06 AM, Luigi Iannone wrote:<br
                      class="">
                  </div>
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">Dear Authors of the LISP-SEC document,</div>
                    <div class=""><br class="">
                    </div>
                    <div class="">hereafter my review of the document.</div>
                    <div class="">This was long overdue, sorry for being
                      so late.</div>
                    <div class=""><br class="">
                    </div>
                    <div class="">I really like the solution and the
                      majority of my comments are just clarification
                      questions.</div>
                    <div class="">Let me know if my comments are clear.</div>
                    <div class=""><br class="">
                    </div>
                    <div class="">ciao</div>
                    <div class=""><br class="">
                    </div>
                    <div class="">L.</div>
                    <div class=""><br class="">
                    </div>
                    <div class=""><br class="">
                    </div>
                    <div class=""><br class="">
                    </div>
                    <blockquote type="cite" class="">
                      <div class="">
                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre>
                      </div>
                    </blockquote>
                    I find the above sentence confusing. Wouldn’t be
                    better to specify that we are talking about IP
                    addresses?</blockquote>
                  <br class="">
                  That's how LISP is described in RFC6830, section 1. If
                  you start using the term IP address then you need to
                  qualify if you are talking about Identity-IP or
                  Locator-IP, so the sentence gets complicated pretty
                  quickly. <br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>Not really. The very first sentence of the abstract of
              6830 states:</div>
            <div><br class="">
            </div>
            <div>
              <pre style="font-size: 13.333333015441895px; margin-top: 0px; margin-bottom: 0px;" class="">This document describes a network-layer-based protocol that enables
   separation of IP addresses into two new numbering spaces: Endpoint
   Identifiers (EIDs) and Routing Locators (RLOCs). </pre>
              <div class=""><br class="">
              </div>
              <div class=""><br class="">
              </div>
              <div class="">So clearly speaks about IP address.</div>
              <div class="">Furthermore “routable" en “non routable” is
                true only in the inter-domain point of view, because EID
                are locally routable.</div>
              <div class="">Note that 6830 does not specify in the first
                sentence what is routable and what is not.</div>
            </div>
          </div>
        </div>
      </blockquote>
      <br>
      ok, fixed with text from 6830. <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div>
              <div class=""><br class="">
              </div>
              <div class=""><br class="">
              </div>
            </div>
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> I would
                  leave this one unchanged.<br class="">
                </div>
              </div>
            </blockquote>
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                    </div>
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If these EID-to-RLOC mappings, carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre>
                        </div>
                      </blockquote>
                      <div class=""><br class="">
                      </div>
                      <div class="">I would put s forward reference to
                        section 3 stating that the reader will find
                        details about the threat model.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  OK. We can replace the sentence <br class="">
                  <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">A detailed description of "overclaiming" attack is provided
   in [RFC7835]

with 

The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack. 
</pre>
                </div>
              </div>
            </blockquote>
            <div>OK</div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre>
                        </div>
                      </blockquote>
                      <div class=""><br class="">
                      </div>
                      <div class="">Why are you considering ITR-OTK and
                        MS-OTK sub-terms? </div>
                      <div class="">I would elevate them at full terms,
                        hence avoiding spacing and indentation.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  Ok. <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Encapsulated Control Message (ECM): A LISP control message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre>
                        </div>
                      </blockquote>
                      <div class="">Why are you re-defining ECM? </div>
                      <div class="">You do not specify other packets,
                        e.g., Map-Reply, so why ECM?</div>
                      <div class="">I would drop it.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  It is not defined in the Definitions section of 6830.
                  One would need to go through the body of 6830 to find
                  it. <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>I see your point. Just keep the text and add a ref to
              section 6.1.8 of 6830. This will clarify that is something
              coming from a specific section of that document.</div>
          </div>
        </div>
      </blockquote>
      <br>
      I have dropped the definition, expanded the acronym ECM and
      referred to the specific section. <br>
      <br>
      In this way we don't have to wait for 6830bis, but we refer to the
      proper definition.<br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <div> </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  I'll drop it, but we need to make sure that ECM gets
                  into the definition section of 6830bis. <br class="">
                  <br class="">
                  Albert: are you looking into that document? Can you
                  take care of this? <br class="">
                  <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Authentication Data (AD): Metadata that is included either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]

Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre>
                        </div>
                      </blockquote>
                      <div class=""><br class="">
                      </div>
                      <div class=""><br class="">
                      </div>
                      <div class="">
                        <div class="">Why are you considering OTK-AD,
                          EID-AD, and PKT-AD sub-terms? </div>
                        <div class="">I would elevate them at full
                          terms, hence avoiding spacing and indentation.</div>
                        <br class="">
                      </div>
                    </div>
                  </blockquote>
                  ok. <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   For definitions of other terms, notably Map-Request, Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre>
                        </div>
                      </blockquote>
                      <div class="">LISP-SEC does not require OTK
                        confidentiality in the mapping system. This
                        should be discussed here.</div>
                    </div>
                  </blockquote>
                  we could add to the above<br class="">
                  <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">"and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System." 

How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo. 

</pre>
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>That’s fine for me.</div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   According to the threat model described in [RFC7835] LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]

Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre>
                        </div>
                      </blockquote>
                      <div class="">You did not define HMAC acronym.
                        Please define and add a reference.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  ok. <br class="">
                  <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      the integrity of the mapping data known to the Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre>
                        </div>
                      </blockquote>
                      <div class="">Why not using “MUST”???</div>
                      <div class="">Are you suggesting that a different
                        way to provide confidentiality can be used (e.g.
                        a different shared key)???</div>
                      <div class="">If yes, please state so.</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">Or are you suggesting that no
                        encryption at all is used? But this means not
                        providing confidentiality…</div>
                      <div class="">Can you clarify?</div>
                      <div class=""><br class="">
                      </div>
                      (this very same comment will appear several time
                      in this review)<br class="">
                    </div>
                  </blockquote>
                  <br class="">
                  We don't want to make the use of pre-shared key
                  *mandatory* to all LISP deployments. There are
                  deployments where the risk of MiTM between the xTR and
                  the MS/MR may not justify the cost of provisioning a
                  shared key (data centers, for example). <br class="">
                  <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using a preconfigured key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]

Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre>
                        </div>
                      </blockquote>
                      <div class="">This “should” should be a “SHOULD”
                         (sorry for the cacophony…)</div>
                    </div>
                  </blockquote>
                  <br class="">
                  Ok. <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <div class="">
                        <div class="">Why not using “MUST”???</div>
                        <div class="">Are you suggesting that a
                          different way to provide confidentiality can
                          be used (e.g. a different shared key)???</div>
                        <div class="">If yes, please state so.</div>
                        <div class=""><br class="">
                        </div>
                        <div class="">Or are you suggesting that no
                          encryption at all is used? But this means not
                          providing confidentiality…</div>
                        <div class="">Can you clarify?</div>
                      </div>
                    </div>
                  </blockquote>
                  <br class="">
                  Same as above. <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using the key shared between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]

Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;—+
</pre>
                        </div>
                      </blockquote>
                      <div class="">I think that “rec” is mis-aligned
                        and should be shifted one character upward.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  No. The row above is the portion of the header that
                  specifies how many records will follow. Rec shows one
                  Rec item, in the array of Records.  It is consistent
                  with 6830.<br class="">
                  <br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>OK</div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">                     LISP-SEC ECM Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                        </div>
                      </blockquote>
                      <div class="">This is the first document starting
                        to allocate values to the "AD Type” value. </div>
                      <div class="">Why not asking IANA to create a
                        registry??</div>
                      <div class="">(to be done in the IANA
                        Considerations Section) <br class="">
                      </div>
                    </div>
                  </blockquote>
                  <br class="">
                  <br class="">
                  Ok.<br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <div class=""><br class="">
                      </div>
                      <br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      V: Key Version bit.  This bit is toggled when the sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]

Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. </pre>
                        </div>
                      </blockquote>
                      <div class="">I am not sure I understand the
                        rationale of this “SHOULD”. If for any reason
                        the ITR does not indicate the KDF ID what are
                        the consequences?</div>
                    </div>
                  </blockquote>
                  <br class="">
                  That should be a MAY, I believe, <br class="">
                  <br class="">
                  The ITR can specify "no preference" for KDF ID, using
                  a value of 0. <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>I think this is the unclear information: that the ITR
              can state “no preference” using value 0.</div>
            <div>Would be good if you can state it more clearly.</div>
          </div>
        </div>
      </blockquote>
      <br>
      I've added text to clarify this. <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  In the ITR processing section 5.4,  we should add to <br
                    class="">
                  <br class="">
                  <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.</pre>
                  <br class="">
                  a text like: "A KDF ID value of 0 (NONE), MAY be used
                  to specify that the ITR has no preferred KDF ID".  <br
                    class="">
                  <br class="">
                  <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class="">Is the MS free to choose the
                        algorithm? This should be clarified.</div>
                    </div>
                  </blockquote>
                  This is specified in section 5.7. <br class="">
                  <br class="">
                  "
                  <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.</pre>
                  "<br class="">
                  <br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>Since this paragraph does not use any 2119 language it
              actually mean that an MS can choose freely the  algorithm
              to use.</div>
            <div>right?</div>
          </div>
        </div>
      </blockquote>
      <br>
      right. If the ITR does support that specific ID, the ITR may still
      decide to use it. <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre>
                        </div>
                      </blockquote>
                      <div class="">What happens if the MS will choose a
                        KDF ID not supported by the ITR?</div>
                      <div class="">Can you clarify how to solve this
                        situation or explain why this will never happen?</div>
                    </div>
                  </blockquote>
                  <br class="">
                  This is specified in 5.4, ITR processing. <br
                    class="">
                  <br class="">
                  "
                  <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.</pre>
                  " <br class="">
                  <br class="">
                  <br class="">
                  There are two typical use cases: <br class="">
                  - strict KDF ID policy: ITR specifiy a KDF ID, and
                  will discard map-reply with different KDF IDs. If
                  local policy allows, another map-request will be sent
                  with a different KDF ID<br class="">
                  - loose KDF ID policy: ITR specify KDF ID = none, and
                  will accept map-reply with any KDF ID (if supported by
                  ITR). If received KDF is not supported the ITR shall
                  drop the map-reply<br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>The above text does not reflect the policies you are
              describing. That “SHOULD” should be a “MAY” and your
              policies spelled out. <br>
            </div>
          </div>
        </div>
      </blockquote>
      I think we need to separate the recommendations for the two
      actions: SHOULD drop and MAY resend. <br>
      <br>
      "<br>
      <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">, the ITR SHOULD discard the Map-
   Reply. At the first opportunity it needs to, the ITR MAY send a new Map-
   Request with a different KDF ID, according to ITR's local policy.

What do you think? 
</pre>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <div>Also, what is the MS stubbornly insists in using an
              algorithm that the ITR does not support?</div>
          </div>
        </div>
      </blockquote>
      <br>
      The MS might not have alternatives, as it might only support one
      algorithm. <br>
      <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">See Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]

Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                        </div>
                      </blockquote>
                      <div class="">Shouldn’t this be a different value?
                        This AD  format is different from the one
                        described in section 5.1!</div>
                      <div class="">Another reason to ask IANA for a
                        registry….</div>
                    </div>
                  </blockquote>
                  <br class="">
                  One is the LISP-SEC authentication data that applies
                  to the ECM message (when S-bit = 1), the other is the
                  LISP-SEC authentication data that applies to the
                  Map-Reply (when S-bit = 1).  <br class="">
                  <br class="">
                  Those are extensions of two different messages (ECM
                  and map-reply), and they are both identified by an AD
                  Type (that happens to be set to value 1 for both). <br
                    class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>This is not clear in the current text.</div>
          </div>
        </div>
      </blockquote>
      <br>
      Right. I have updated the text to clarify it. Together with the
      IANA disposition it should be clear now. <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  Yes, the AD type space is different so we will need
                  two IANA registries. </div>
              </div>
            </blockquote>
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  Question for the co-auhtors: should we change the name
                  to 'ECM AD Type' and 'Map-Reply AD Type’?<br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>IMHO you have to, otherwise there will be always
              confusion….</div>
          </div>
        </div>
      </blockquote>
      <br>
      done.<br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]

Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre>
                        </div>
                      </blockquote>
                      <div class="">“Location Data” is something nowhere
                        defined. Can you clarify what do you mean?</div>
                    </div>
                  </blockquote>
                  <br class="">
                  we can just remove 'Location Data’</div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>OK.</div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre>
                        </div>
                      </blockquote>
                      <div class="">I would better explain that this
                        document is allocating a bit marked as reserved
                        in 6830.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  Ok. We will need to reflect this in 6830bis as well. <br
                    class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>Sure</div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class="">Furthermore, at the cost of being
                        redundant, I would put the packet format
                        highlighting the position of the bit so that
                        there is no confusion whatsoever.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  We wanted to  explicitly avoid to include the format
                  of messages when already defined in other documents, </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            The S-bit is not defined in other documents. IMHO is
            important to have the visual aid of which exact bit your are
            talking about.</div>
          <div><br class="">
          </div>
        </div>
      </blockquote>
      I've added text to clarify. I really prefer not to have the whole
      picture, but just refer to it. <br>
      <br>
      Considering that 6830 will evolve into 6830bis, eventually (with
      the next LISP-SEC) the reference will be updated in 6830bis.  <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">so we
                  point rather than copy. If we address this in 6830bis,
                  the problem will be solved. <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            You mentioned 6830bis several time, let me ask: Would you
            like to reference that document?</div>
          <div>In this case we have to hold this back until we have at
            least a stable version of that document.</div>
          <div>Then the RFC editor will hold this document back until
            that one is RFC, because of missing reference.</div>
          <div>
            <div>Or you keep it this way and later on you make a ST
              version.</div>
            <div><br class="">
            </div>
            <div>Either way is fine for me.</div>
          </div>
        </div>
      </blockquote>
      <br>
      I think we should move this draft forward, without waiting for
      6830bis. Considering that this is security I expect the review
      process to last quite some time, so we can make progress without
      waiting for 6830bis. Eventually even teh LISP-SEC RFC will be
      updated, and all will be good. <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The S bit indicates to the Map-Server that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]

Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared key,</pre>
                        </div>
                      </blockquote>
                      In section 4 you seem to suggest that this is not
                      the only way to protect the OTK (see my comment).</div>
                    <div class="">Here instead you suggest that a shared
                      key is the only way.<br class="">
                    </div>
                  </blockquote>
                  <br class="">
                  <br class="">
                  Right. Here it says what to do IF there is a shared
                  key, that is consistent with the SHOULD above. <br
                    class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>OK.</div>
            <div><br class="">
            </div>
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. </pre>
                        </div>
                      </blockquote>
                      <div class="">Not clear what this “SHOULD” refers
                        to.</div>
                      <div class="">IS the SHOULD related to the fact to
                        encrypt the OTK? The ITR SHOULD encrypt.</div>
                      <div class="">Or the choice of the algorithm? The
                        ITR SHOULD use the algorithm specified by the
                        OTK Encryption ID?</div>
                      <div class="">The second case looks impossible
                        since is the ITR is choosing the algorithm. May
                        be the sentence can be rewritten.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  SHOULD refers to protecting the confidentiality of the
                  ITR-OTK. Maybe the 'by' should be replaced by 'with’?<br
                    class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            Just drop the “by”?</div>
          <div><br class="">
          </div>
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      Similarly to previous comment: Why it is not a
                      MUST?<br class="">
                    </div>
                  </blockquote>
                  Same as other SHOULD. <br class="">
                  <br class="">
                  <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre>
                        </div>
                      </blockquote>
                      <div class="">What happens if the MS will choose a
                        HMAC not supported by the ETR or the ITR?</div>
                      <div class="">Can you clarify how to solve this
                        situation or explain why this will never happen?</div>
                    </div>
                  </blockquote>
                  <br class="">
                  This is described 5 paragraphs below: <br class="">
                  <br class="">
                  "
                  <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  </pre>
                  "<br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>What about the ETR?</div>
          </div>
        </div>
      </blockquote>
      <br>
      It's specified in 5.8, the ETR makes the same processing as the
      MS. <br>
      <br>
      "If the ETR does not support the Requested HMAC ID, it uses a
      different algorithm and updates the PKT HMAC ID field accordingly.
      " <br>
      <br>
      Also the ETR doesn't process the AD computed by the MS, it just
      copies into the Map-Reply. <br>
      <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
                        </div>
                      </blockquote>
                      <div class=""><br class="">
                      </div>
                      <div class="">What happens if the MS will choose a
                        KDF ID not supported by the ITR?</div>
                      <div class="">Can you clarify how to solve this
                        situation or explain why this will never happen?</div>
                    </div>
                  </blockquote>
                  <br class="">
                  This is described a few paragraphs below: <br
                    class="">
                  "
                  <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
                  "<br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>This does not guarantee that the MS will reply with
              something the ITR understands….</div>
          </div>
        </div>
      </blockquote>
      <br>
      For some local ITR's policy it may not be guaranteed. It's a
      balance between reachability and security that the ITR will have
      to choose. <br>
      <br>
      <br>
      <br>
      <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-AD length is set to 4 bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
                        </div>
                      </blockquote>
                      <div class="">Why a “SHOULD”? If the Map-Request
                        has S-bit=0 it mean that there is no AD, hence
                        no OTK, how can the ITR decrypt the reply?????</div>
                      <div class="">It MUST discard…..</div>
                    </div>
                  </blockquote>
                  <br class="">
                  If S-bit = 0 there's no Authentication Data. The
                  Map-reply is in clear, and can be read.</div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>I am not sure you understood my point.</div>
            <div><br class="">
            </div>
            <div>You send a Map-Request with S=0, hence unenbcrypted.
              How can you possible receive a Map-Reply with S=1?</div>
            <div>How is it encrypted if the ITR did not provide any OTK?</div>
          </div>
        </div>
      </blockquote>
      <br>
      Misconfiguration, bugs? I was just trying to enumerate the
      behaviors of the ITR. There's probably something wrong, and the
      map-reply should be discarded. Still the mapping is readable, so
      an ITR favoring reachability may decide to use the mapping. <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <div><br class="">
            </div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  Here again the SHOULD leaves open to ITR local policy
                  that can be strict (drop anything not authenticated)
                  or loose (accept unauthenticated map-reply). <br
                    class="">
                  <br class="">
                  There are use cases where LISP-SEC is not deployed
                  everywhere, where the ITR might have to use loose
                  policy.   <br class="">
                  <br class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Upon receiving a Map-Reply, the ITR must verify the integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre>
                        </div>
                      </blockquote>
                      Why is this a SHOULD? If it supports the HMAC
                      Algorithm why not decrypt? Shouldn’t this be a
                      “MAY”, according to internal policy?<br class="">
                    </div>
                  </blockquote>
                  <br class="">
                  because this could be used by an attacker to force
                  weaker HMACs (e.g. MD5). </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            OK</div>
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">The
                  SHOULD leaves open the door to not discarding,
                  according to local policy. <br class="">
                  <br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>OK.</div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <br class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre>
                        </div>
                      </blockquote>
                      <div class="">Shouldn’t the MS do the same thing?
                        Otherwise different values will be obtained.
                        This is not specified in the MS functioning
                        description.</div>
                    </div>
                  </blockquote>
                  <br class="">
                  good catch. Actually it's a typo here, the EID HMAC
                  field should be set to 0 (that is consistent with
                  section 5.7), not the EID HMAC ID that should not be
                  touched. <br class="">
                  <br class="">
                </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            OK<br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                    class="">
                  <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.

should change to 

The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.
</pre>
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""> </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]

Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  </pre>
                        </div>
                      </blockquote>
                      <div class="">I do not understand this “SHOULD”.
                         This has consequences in the choice how to
                        react to SMR. This is a local policy.</div>
                      <div class="">_If_ the ITR wants to protect
                        Map-Requests using LISP-SEC, than SMR triggered
                        Map-Request MUST be sent through the mapping
                        system.</div>
                    </div>
                  </blockquote>
                </div>
              </div>
            </blockquote>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class=""> so the
                  _if_ is what makes that MUST a SHOULD... According to
                  local policy the ITR SHOULD send the SMR. </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>I read the sentence in this way:</div>
            <div><br class="">
            </div>
            <div><span class="Apple-tab-span" style="white-space:pre">	</span>In
              order to received a secure Map-Reply, the ITR MUST send
              SMR triggered Map-Requests over the mapping system.</div>
          </div>
          <div><br class="">
          </div>
          <div>No?</div>
        </div>
      </blockquote>
      <br>
      I see what you are saying. I'll rephrase as: <br>
      <br>
      If an ITR accepts piggybacked Map-Replies, it SHOULD also send a
      Map-Request over the mapping system in order to verify the
      piggybacked Map-Reply with a secure Map-Reply. <br>
      <br>
      <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div><br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""> </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If an ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre>
                        </div>
                      </blockquote>
                      <div class="">Same as above.</div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.1.  Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre>
                        </div>
                      </blockquote>
                      <div class="">I think “log message" is too much
                        implementation specific. </div>
                      <div class="">If there is a notification, and how
                        this notification is done, is implementation
                        specific IMHO.</div>
                    </div>
                  </blockquote>
                  Ok. 'a log message is issued' will change to 'a log
                  action should be taken'. The point is that there could
                  be an attack behind it, and we want to record the
                  event </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>OK</div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]

Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre>
                        </div>
                      </blockquote>
                      <div class="">I think “log message" is too much
                        implementation specific. </div>
                      <div class="">If there is a notification, and how
                        this notification is done, is implementation
                        specific IMHO.</div>
                    </div>
                  </blockquote>
                  ok. Same as above.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""> </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre>
                        </div>
                      </blockquote>
                      <div class="">I think “log message" is too much
                        implementation specific. </div>
                      <div class="">If there is a notification, and how
                        this notification is done, is implementation
                        specific IMHO.</div>
                    </div>
                  </blockquote>
                  ok. Same as above
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""> </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">  In this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre>
                        </div>
                      </blockquote>
                      <div class="">Reading the example I am not sure I
                        would follow this behaviour.</div>
                      <div class="">Only 1 record out of 3 is valid so
                        why should I actually trust the ETR instead of
                        throwing everything away?</div>
                      <div class="">Can you explain ???</div>
                    </div>
                  </blockquote>
                  The other two records are validated by the MS, so
                  there is no reason to throw those away. </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>Yes, but the ETR is still trying to cheat on the third
              one….</div>
            <div>So the ETR may be compromised, why should I send
              traffic to him???</div>
          </div>
        </div>
      </blockquote>
      <br>
      ITR has flagged the security exception with the log entry, and
      some local ITR policy will decide what to do (including stop
      encapsulating to the ETR, if that's what is specified by the
      policy).  At the LISP level LISP-SEC has done its job: verified
      mapping  goes into the map-cache, overclaimed mapping is dropped.
      <br>
      <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <div><br class="">
            </div>
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""> </div>
                      <div class=""> </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.2.  PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, </pre>
                        </div>
                      </blockquote>
                      <div class="">This would be LISP+ALT. Pleas add a
                        reference to 6836.</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre>
                        </div>
                      </blockquote>
                      <div class="">If confidentiality is required why
                        there is not a MUST?</div>
                    </div>
                  </blockquote>
                  Same.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre>
                        </div>
                      </blockquote>
                      Again, if confidentiality is required why there is
                      not a MUST?</div>
                  </blockquote>
                  Same.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted with a key shared between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to [RFC3339],</pre>
                        </div>
                      </blockquote>
                      <div class="">The correct RFC is 3394.</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]

Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre>
                        </div>
                      </blockquote>
                      <div class="">Few points on this last paragraph:</div>
                      <div class="">- You assume that there is no need
                        of confidentiality inside the Mapping System?</div>
                      <div class="">- Why not stating that encryption
                        inside the mapping system is mapping system
                        specify and out of scope of this document?</div>
                    </div>
                  </blockquote>
                  ok. as it was pointed out above.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class="">- Why are you assuming that all of
                        the Mapping system will use ECM? Future Mapping
                        system may use soemthos different. The important
                        point is to ship the AD along.</div>
                    </div>
                  </blockquote>
                  good point, and I agree with your suggestion to fix
                  this below.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The Map-Resolver then forwards</pre>
                        </div>
                      </blockquote>
                      to whom? </div>
                  </blockquote>
                  ok. add 'to the Map-Server'
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the received Map-Request, encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre>
                        </div>
                      </blockquote>
                      <div class="">As for my comment of the previous
                        paragraph I would be more generic stating that
                        the MR will hand over the request to the mapping
                        system.</div>
                      <div class=""> </div>
                      <div class="">You can still provide the example of
                        DDT using ECM.</div>
                    </div>
                  </blockquote>
                  right.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.7.  Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre>
                        </div>
                      </blockquote>
                      <div class="">This equivalent to not using
                        LISP-SEC. Please specify that the Map-Reply will
                        be not protected.</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   If the S-bit contained in the Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]

Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be encrypted,</pre>
                        </div>
                      </blockquote>
                      Again, if confidentiality is required why there is
                      not a MUST? </div>
                  </blockquote>
                  same as above.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]

Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre>
                        </div>
                      </blockquote>
                      <div class=""> </div>
                      <div class="">As for a previous comment, can you
                        elaborate if OTK confidentiality is required in
                        the mapping system and what are the
                        consequences?</div>
                      <div class=""> </div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Map-Register security, including the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre>
                        </div>
                      </blockquote>
                      <div class="">This section is not conform to RFC
                        5226.</div>
                      <div class=""> </div>
                      <div class="">There right way to go is to ask IANA
                        to create three new registries, for HMAC, Key
                        Wrap, and Key Derivation functions.</div>
                      <div class="">Define what is the allocation
                        process (in light of the size of the field FCFS
                        should not cause any problem IMHO)</div>
                      <div class=""> </div>
                      <div class="">Then ask to populate the registries
                        as already described.</div>
                    </div>
                  </blockquote>
                  Ok, so each one of the sections 7.x will say: IANA is
                  requested to create a new &lt;registry-name&gt; 
                  registry for use … </div>
              </div>
            </blockquote>
            <div><br class="">
            </div>
            <div>There is slightly more text to add.</div>
          </div>
        </div>
      </blockquote>
      <br>
      right. I have added more. I'm almost ready to send a new rev.  <br>
      <br>
      <blockquote
        cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
        type="cite">
        <div class="">
          <div>
            <div><br class="">
            </div>
            <br class="">
            <blockquote type="cite" class="">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""> </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">7.1.  HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]

Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]

Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre>
                        </div>
                      </blockquote>
                      <div class=""> </div>
                      <div class=""> </div>
                      <div class="">Please Check your reference, this is
                        the output if the nits tool:</div>
                      <div class=""> </div>
                      <div class=""> </div>
                      <div class="">Checking references for intended
                        status: Experimental</div>
                      <div class=""> 
----------------------------------------------------------------------------</div>
                      <div class=""> </div>
                      <div class="">  == Missing Reference: 'RFC3339' is
                        mentioned on line 602, but not defined</div>
                      <div class=""> </div>
                      <div class="">  == Missing Reference: 'RFC4634' is
                        mentioned on line 752, but not defined</div>
                      <div class=""> </div>
                      <div class="">  ** Obsolete undefined reference:
                        RFC 4634 (Obsoleted by RFC 6234)</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote
                    cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                    type="cite" class="">
                    <div class="">
                      <div class=""> </div>
                      <blockquote type="cite" class="">
                        <div class="">
                          <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2104" class="">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2119" class="">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc3394" class="">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc4086" class="">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5226" class="">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5869" class="">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6830" class="">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6833" class="">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]

Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc7835" class="">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:fmaino@cisco.com" class="">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:vermagan@cisco.com" class="">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a moz-do-not-send="true" href="mailto:acabello@ac.upc.edu" class="">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a moz-do-not-send="true" href="mailto:damien.saucez@inria.fr" class="">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page 19]</pre>
                          <div class=""> </div>
                        </div>
                        <div class=""> </div>
                        <div class=""> </div>
                      </blockquote>
                      <div class="">
                        <div class=""> </div>
                        <div class=""> </div>
                      </div>
                    </div>
                  </blockquote>
                  <div class=""> <br class="webkit-block-placeholder">
                  </div>
                </div>
              </div>
            </blockquote>
          </div>
          <br class="">
        </div>
      </blockquote>
      <p><br>
      </p>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>

--------------A72D377FADDF4FF556CDE0B9--

--------------4FAFE1DA8AE8F9CD37E340F5
Content-Type: text/html; charset=UTF-8;
 name="Diff_ draft-ietf-lisp-sec-11.txt - draft-ietf-lisp-sec-12a.txt.html"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename*0="Diff_ draft-ietf-lisp-sec-11.txt - draft-ietf-lisp-sec-12a.t";
 filename*1="xt.html"

PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlv
bmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5z
aXRpb25hbC5kdGQiPgo8IS0tIHNhdmVkIGZyb20gdXJsPSgwMDQ5KWh0dHBzOi8vdG9vbHMu
aWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQgLS0+CjxodG1sIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48c2NyaXB0IHR5cGU9InRleHQvamF2YXNj
cmlwdCI+d2luZG93WyJfZ2FVc2VyUHJlZnMiXSA9IHsgaW9vIDogZnVuY3Rpb24oKSB7IHJl
dHVybiB0cnVlOyB9IH08L3NjcmlwdD48aGVhZD48bWV0YSBodHRwLWVxdWl2PSJDb250ZW50
LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+IAogICAKICA8bWV0
YSBodHRwLWVxdWl2PSJDb250ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4g
CiAgPHRpdGxlPkRpZmY6IGRyYWZ0LWlldGYtbGlzcC1zZWMtMTEudHh0IC0gZHJhZnQtaWV0
Zi1saXNwLXNlYy0xMmEudHh0PC90aXRsZT4gCiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4g
CiAgICBib2R5ICAgIHsgbWFyZ2luOiAwLjRleDsgbWFyZ2luLXJpZ2h0OiBhdXRvOyB9IAog
ICAgdHIgICAgICB7IH0gCiAgICB0ZCAgICAgIHsgd2hpdGUtc3BhY2U6IHByZTsgZm9udC1m
YW1pbHk6IG1vbm9zcGFjZTsgdmVydGljYWwtYWxpZ246IHRvcDsgZm9udC1zaXplOiAwLjg2
ZW07fSAKICAgIHRoICAgICAgeyBmb250LXNpemU6IDAuODZlbTsgfSAKICAgIC5zbWFsbCAg
eyBmb250LXNpemU6IDAuNmVtOyBmb250LXN0eWxlOiBpdGFsaWM7IGZvbnQtZmFtaWx5OiBW
ZXJkYW5hLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IH0gCiAgICAubGVmdCAgIHsgYmFja2dy
b3VuZC1jb2xvcjogI0VFRTsgfSAKICAgIC5yaWdodCAgeyBiYWNrZ3JvdW5kLWNvbG9yOiAj
RkZGOyB9IAogICAgLmRpZmYgICB7IGJhY2tncm91bmQtY29sb3I6ICNDQ0Y7IH0gCiAgICAu
bGJsb2NrIHsgYmFja2dyb3VuZC1jb2xvcjogI0JGQjsgfSAKICAgIC5yYmxvY2sgeyBiYWNr
Z3JvdW5kLWNvbG9yOiAjRkY4OyB9IAogICAgLmluc2VydCB7IGJhY2tncm91bmQtY29sb3I6
ICM4RkY7IH0gCiAgICAuZGVsZXRlIHsgYmFja2dyb3VuZC1jb2xvcjogI0FDRjsgfSAKICAg
IC52b2lkICAgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkZCOyB9IAogICAgLmNvbnQgICB7IGJh
Y2tncm91bmQtY29sb3I6ICNFRUU7IH0gCiAgICAubGluZWJyIHsgYmFja2dyb3VuZC1jb2xv
cjogI0FBQTsgfSAKICAgIC5saW5lbm8geyBjb2xvcjogcmVkOyBiYWNrZ3JvdW5kLWNvbG9y
OiAjRkZGOyBmb250LXNpemU6IDAuN2VtOyB0ZXh0LWFsaWduOiByaWdodDsgcGFkZGluZzog
MCAycHg7IH0gCiAgICAuZWxpcHNpc3sgYmFja2dyb3VuZC1jb2xvcjogI0FBQTsgfSAKICAg
IC5sZWZ0IC5jb250IHsgYmFja2dyb3VuZC1jb2xvcjogI0RERDsgfSAKICAgIC5yaWdodCAu
Y29udCB7IGJhY2tncm91bmQtY29sb3I6ICNFRUU7IH0gCiAgICAubGJsb2NrIC5jb250IHsg
YmFja2dyb3VuZC1jb2xvcjogIzlEOTsgfSAKICAgIC5yYmxvY2sgLmNvbnQgeyBiYWNrZ3Jv
dW5kLWNvbG9yOiAjREQ2OyB9IAogICAgLmluc2VydCAuY29udCB7IGJhY2tncm91bmQtY29s
b3I6ICMwREQ7IH0gCiAgICAuZGVsZXRlIC5jb250IHsgYmFja2dyb3VuZC1jb2xvcjogIzhB
RDsgfSAKICAgIC5zdGF0cywgLnN0YXRzIHRkLCAuc3RhdHMgdGggeyBiYWNrZ3JvdW5kLWNv
bG9yOiAjRUVFOyBwYWRkaW5nOiAycHggMDsgfSAKICAgIHNwYW4uaGlkZSB7IGRpc3BsYXk6
IG5vbmU7IGNvbG9yOiAjYWFhO30gICAgYTpob3ZlciBzcGFuIHsgZGlzcGxheTogaW5saW5l
OyB9ICAgIHRyLmNoYW5nZSB7IGJhY2tncm91bmQtY29sb3I6IGdyYXk7IH0gCiAgICB0ci5j
aGFuZ2UgYSB7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsgY29sb3I6IGJsYWNrIH0gCiAgPC9z
dHlsZT4gCiAgICAgPHNjcmlwdD4KdmFyIGNodW5rX2luZGV4ID0gMDsKdmFyIG9sZF9jaHVu
ayA9IG51bGw7CgpmdW5jdGlvbiBmb3JtYXRfY2h1bmsoaW5kZXgpIHsKICAgIHZhciBwcmVm
aXggPSAiZGlmZiI7CiAgICB2YXIgc3RyID0gaW5kZXgudG9TdHJpbmcoKTsKICAgIGZvciAo
eD0wOyB4PCg0LXN0ci5sZW5ndGgpOyArK3gpIHsKICAgICAgICBwcmVmaXgrPScwJzsKICAg
IH0KICAgIHJldHVybiBwcmVmaXggKyBzdHI7Cn0KCmZ1bmN0aW9uIGZpbmRfY2h1bmsobil7
CiAgICByZXR1cm4gZG9jdW1lbnQucXVlcnlTZWxlY3RvcigndHJbaWQkPSInICsgbiArICci
XScpOwp9CgpmdW5jdGlvbiBjaGFuZ2VfY2h1bmsob2Zmc2V0KSB7CiAgICB2YXIgaW5kZXgg
PSBjaHVua19pbmRleCArIG9mZnNldDsKICAgIHZhciBuZXdfc3RyOwogICAgdmFyIG5ld19j
aHVuazsKCiAgICBuZXdfc3RyID0gZm9ybWF0X2NodW5rKGluZGV4KTsKICAgIG5ld19jaHVu
ayA9IGZpbmRfY2h1bmsobmV3X3N0cik7CiAgICBpZiAoIW5ld19jaHVuaykgewogICAgICAg
IHJldHVybjsKICAgIH0KICAgIGlmIChvbGRfY2h1bmspIHsKICAgICAgICBvbGRfY2h1bmsu
c3R5bGUub3V0bGluZSA9ICIiOwogICAgfQogICAgb2xkX2NodW5rID0gbmV3X2NodW5rOwog
ICAgb2xkX2NodW5rLnN0eWxlLm91dGxpbmUgPSAiMXB4IHNvbGlkIHJlZCI7CiAgICB3aW5k
b3cubG9jYXRpb24uaGFzaCA9ICIjIiArIG5ld19zdHI7CiAgICB3aW5kb3cuc2Nyb2xsQnko
MCwtMTAwKTsKICAgIGNodW5rX2luZGV4ID0gaW5kZXg7Cn0KCmRvY3VtZW50Lm9ua2V5ZG93
biA9IGZ1bmN0aW9uKGUpIHsKICAgIHN3aXRjaCAoZS5rZXlDb2RlKSB7CiAgICBjYXNlIDc4
OgogICAgICAgIGNoYW5nZV9jaHVuaygxKTsKICAgICAgICBicmVhazsKICAgIGNhc2UgODA6
CiAgICAgICAgY2hhbmdlX2NodW5rKC0xKTsKICAgICAgICBicmVhazsKICAgIH0KfTsKICAg
PC9zY3JpcHQ+IAo8L2hlYWQ+IAo8Ym9keT4gCiAgPHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIj4gCiAgPHRib2R5Pjx0ciBpZD0icGFydC0xIiBi
Z2NvbG9yPSJvcmFuZ2UiPjx0aD48L3RoPjx0aD48YSBocmVmPSJodHRwczovL3Rvb2xzLmll
dGYub3JnL3JmY2RpZmY/dXJsMj1kcmFmdC1pZXRmLWxpc3Atc2VjLTExLnR4dCIgc3R5bGU9
ImNvbG9yOiMwMDg7IHRleHQtZGVjb3JhdGlvbjpub25lOyI+Jmx0OzwvYT4mbmJzcDs8YSBo
cmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1saXNwLXNlYy0x
MS50eHQiIHN0eWxlPSJjb2xvcjojMDA4Ij5kcmFmdC1pZXRmLWxpc3Atc2VjLTExLnR4dDwv
YT4mbmJzcDs8L3RoPjx0aD4gPC90aD48dGg+Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly90b29s
cy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtbGlzcC1zZWMtMTJhLnR4dCIgc3R5bGU9ImNv
bG9yOiMwMDgiPmRyYWZ0LWlldGYtbGlzcC1zZWMtMTJhLnR4dDwvYT4mbmJzcDs8YSBocmVm
PSJodHRwczovL3Rvb2xzLmlldGYub3JnL3JmY2RpZmY/dXJsMT1kcmFmdC1pZXRmLWxpc3At
c2VjLTEyYS50eHQiIHN0eWxlPSJjb2xvcjojMDA4OyB0ZXh0LWRlY29yYXRpb246bm9uZTsi
PiZndDs8L2E+PC90aD48dGg+PC90aD48L3RyPiAKICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5OZXR3b3JrIFdvcmtpbmcg
R3JvdXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRi4gTWFp
bm88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij5OZXR3b3JrIFdvcmtpbmcgR3Jv
dXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRi4gTWFpbm88
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPkludGVybmV0LURyYWZ0ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVi4gRXJtYWdhbjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPkludGVybmV0LURyYWZ0ICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVi4gRXJtYWdhbjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+SW50ZW5kZWQgc3RhdHVzOiBFeHBlcmltZW50YWwg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaXNjbyBTeXN0ZW1zPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+SW50ZW5kZWQgc3RhdHVzOiBFeHBlcmltZW50YWwgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBDaXNjbyBTeXN0ZW1zPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDAxIj48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPkV4cGlyZXM6IDxzcGFuIGNsYXNzPSJkZWxldGUiPkFwcmlsIDYsIDIwMTc8L3NwYW4+
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQS4gQ2FiZWxsb3M8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+RXhwaXJlczogPHNwYW4gY2xhc3M9Imlu
c2VydCI+TWF5IDQsIDIwMTcgIDwvc3Bhbj4gICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBBLiBDYWJlbGxvczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGVjaG5pY2FsIFVuaXZl
cnNpdHkgb2YgQ2F0YWxvbmlhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGVjaG5pY2FsIFVuaXZlcnNp
dHkgb2YgQ2F0YWxvbmlhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBELiBTYXVjZXo8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBE
LiBTYXVjZXo8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJ
TlJJQTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJTlJJ
QTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZm
MDAwMiI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPiBPY3RvYmVyIDM8
L3NwYW4+LCAyMDE2PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4g
Y2xhc3M9Imluc2VydCI+T2N0b2JlciAzMTwvc3Bhbj4sIDIwMTY8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICAgICAgICAgICAgTElT
UC1TZWN1cml0eSAoTElTUC1TRUMpPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgICAgICAgICAgICAgICAgICAgTElTUC1TZWN1cml0eSAoTElTUC1TRUMpPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDAzIj48
dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgICAgICAgICAgICAgICAgICAgICAgICBkcmFmdC1pZXRmLWxpc3At
c2VjLTE8c3BhbiBjbGFzcz0iZGVsZXRlIj4xPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gICAgICAgICAgICAgICAgICAgICAgICAgZHJhZnQtaWV0Zi1saXNw
LXNlYy0xPHNwYW4gY2xhc3M9Imluc2VydCI+Mjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+QWJzdHJhY3Q8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij5BYnN0cmFjdDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICBUaGlzIG1lbW8gc3BlY2lmaWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1
cml0eSBtZWNoYW5pc21zIHRoYXQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICBUaGlzIG1lbW8gc3BlY2lmaWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1cml0eSBtZWNo
YW5pc21zIHRoYXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHByb3ZpZGVz
IG9yaWdpbiBhdXRoZW50aWNhdGlvbiwgaW50ZWdyaXR5IGFuZCBhbnRpLXJlcGxheSBwcm90
ZWN0aW9uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJvdmlkZXMgb3Jp
Z2luIGF1dGhlbnRpY2F0aW9uLCBpbnRlZ3JpdHkgYW5kIGFudGktcmVwbGF5IHByb3RlY3Rp
b248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRvIExJU1AncyBFSUQtdG8t
UkxPQyBtYXBwaW5nIGRhdGEgY29udmV5ZWQgdmlhIG1hcHBpbmcgbG9va3VwPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdG8gTElTUCdzIEVJRC10by1STE9DIG1hcHBp
bmcgZGF0YSBjb252ZXllZCB2aWEgbWFwcGluZyBsb29rdXA8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIHByb2Nlc3MuICBMSVNQLVNFQyBhbHNvIGVuYWJsZXMgdmVyaWZp
Y2F0aW9uIG9mIGF1dGhvcml6YXRpb24gb24gRUlELTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIHByb2Nlc3MuICBMSVNQLVNFQyBhbHNvIGVuYWJsZXMgdmVyaWZpY2F0
aW9uIG9mIGF1dGhvcml6YXRpb24gb24gRUlELTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgcHJlZml4IGNsYWltcyBpbiBNYXAtUmVwbHkgbWVzc2FnZXMuPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJlZml4IGNsYWltcyBpbiBNYXAtUmVwbHkg
bWVzc2FnZXMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPlJl
cXVpcmVtZW50cyBMYW5ndWFnZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPlJl
cXVpcmVtZW50cyBMYW5ndWFnZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHIgaWQ9InBhcnQtMiIgY2xhc3M9ImNoYW5nZSI+PHRkPjwv
dGQ+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0
dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC0y
Ij48ZW0+IHBhZ2UgMSwgbGluZSA0NDxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9l
bT48L2E+PC90aD48dGg+IDwvdGg+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8
L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9y
ZmNkaWZmLnB5aHQjcGFydC0yIj48ZW0+IHBhZ2UgMSwgbGluZSA0NDxzcGFuIGNsYXNzPSJo
aWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJbnRlcm5ldC1E
cmFmdHMgYXJlIHdvcmtpbmcgZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmlu
ZzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEludGVybmV0LURyYWZ0cyBh
cmUgd29ya2luZyBkb2N1bWVudHMgb2YgdGhlIEludGVybmV0IEVuZ2luZWVyaW5nPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUYXNrIEZvcmNlIChJRVRGKS4gIE5vdGUg
dGhhdCBvdGhlciBncm91cHMgbWF5IGFsc28gZGlzdHJpYnV0ZTwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVy
IGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICB3b3JraW5nIGRvY3VtZW50cyBhcyBJbnRlcm5ldC1EcmFmdHMuICBUaGUgbGlz
dCBvZiBjdXJyZW50IEludGVybmV0LTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBsaXN0IG9m
IGN1cnJlbnQgSW50ZXJuZXQtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBE
cmFmdHMgaXMgYXQgaHR0cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RyYWZ0cy9jdXJyZW50
Ly48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBEcmFmdHMgaXMgYXQgaHR0
cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RyYWZ0cy9jdXJyZW50Ly48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBk
cmFmdCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggbW9udGhzPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBkcmFm
dCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggbW9udGhzPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhbmQgbWF5IGJlIHVwZGF0ZWQsIHJlcGxhY2Vk
LCBvciBvYnNvbGV0ZWQgYnkgb3RoZXIgZG9jdW1lbnRzIGF0IGFueTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFuZCBtYXkgYmUgdXBkYXRlZCwgcmVwbGFjZWQsIG9y
IG9ic29sZXRlZCBieSBvdGhlciBkb2N1bWVudHMgYXQgYW55PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICB0aW1lLiAgSXQgaXMgaW5hcHByb3ByaWF0ZSB0byB1c2UgSW50
ZXJuZXQtRHJhZnRzIGFzIHJlZmVyZW5jZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIHRpbWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFm
dHMgYXMgcmVmZXJlbmNlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBtYXRl
cmlhbCBvciB0byBjaXRlIHRoZW0gb3RoZXIgdGhhbiBhcyAid29yayBpbiBwcm9ncmVzcy4i
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgbWF0ZXJpYWwgb3IgdG8gY2l0
ZSB0aGVtIG90aGVyIHRoYW4gYXMgIndvcmsgaW4gcHJvZ3Jlc3MuIjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDA0
Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsYmxvY2siPiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBpcmUgb24g
PHNwYW4gY2xhc3M9ImRlbGV0ZSI+QXByaWwgNjwvc3Bhbj4sIDIwMTcuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBp
cmUgb24gPHNwYW4gY2xhc3M9Imluc2VydCI+TWF5IDQ8L3NwYW4+LCAyMDE3LjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5Db3B5cmlnaHQgTm90aWNlPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+Q29weXJpZ2h0IE5vdGljZTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBDb3B5cmlnaHQgKGMpIDIw
MTYgSUVURiBUcnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGU8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBDb3B5cmlnaHQgKGMpIDIwMTYgSUVURiBU
cnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIGRvY3VtZW50IGF1dGhvcnMuICBBbGwgcmlnaHRzIHJlc2Vy
dmVkLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGRvY3VtZW50IGF1dGhv
cnMuICBBbGwgcmlnaHRzIHJlc2VydmVkLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBUaGlzIGRvY3VtZW50IGlzIHN1YmplY3QgdG8gQkNQIDc4IGFu
ZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgVGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIEJDUCA3OCBhbmQgdGhlIElFVEYg
VHJ1c3QncyBMZWdhbDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUHJvdmlz
aW9ucyBSZWxhdGluZyB0byBJRVRGIERvY3VtZW50czwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFByb3Zpc2lvbnMgUmVsYXRpbmcgdG8gSUVURiBEb2N1bWVudHM8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIChodHRwOi8vdHJ1c3RlZS5pZXRmLm9y
Zy9saWNlbnNlLWluZm8pIGluIGVmZmVjdCBvbiB0aGUgZGF0ZSBvZjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIChodHRwOi8vdHJ1c3RlZS5pZXRmLm9yZy9saWNlbnNl
LWluZm8pIGluIGVmZmVjdCBvbiB0aGUgZGF0ZSBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgcHVibGljYXRpb24gb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSByZXZp
ZXcgdGhlc2UgZG9jdW1lbnRzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
cHVibGljYXRpb24gb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSByZXZpZXcgdGhlc2UgZG9j
dW1lbnRzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0icGFydC0zIiBjbGFzcz0iY2hhbmdlIj48dGQ+PC90ZD48dGg+PHNtYWxs
PnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5p
ZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTMiPjxlbT4gcGFnZSAy
LCBsaW5lIDQyPHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0
aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJl
Zj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNw
YXJ0LTMiPjxlbT4gcGFnZSAyLCBsaW5lIDQyPHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bh
bj48L2VtPjwvYT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICA1LjQuMi4gIFBJVFIgUHJvY2Vz
c2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxMzwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICA1LjQuMi4gIFBJVFIgUHJvY2Vzc2lu
ZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxMzwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA1LjUuICBFbmNyeXB0aW5nIGFuZCBEZWNyeXB0
aW5nIGFuIE9USyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEzPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICA1LjUuICBFbmNyeXB0aW5nIGFuZCBEZWNyeXB0aW5n
IGFuIE9USyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEzPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgIDUuNi4gIE1hcC1SZXNvbHZlciBQcm9jZXNzaW5nIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAgIDUuNi4gIE1hcC1SZXNvbHZlciBQcm9jZXNzaW5nIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgNS43LiAgTWFwLVNlcnZlciBQcm9jZXNzaW5nIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgNS43LiAgTWFwLVNlcnZlciBQcm9jZXNzaW5nIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuICAxNDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgIDUuNy4xLiAgTWFwLVNlcnZlciBQcm9jZXNzaW5nIGluIFByb3h5IG1vZGUgLiAu
IC4gLiAuIC4gLiAuIC4gIDE1PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ICAgIDUuNy4xLiAgTWFwLVNlcnZlciBQcm9jZXNzaW5nIGluIFByb3h5IG1vZGUgLiAuIC4g
LiAuIC4gLiAuIC4gIDE1PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDUu
OC4gIEVUUiBQcm9jZXNzaW5nICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAgMTU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDUuOC4g
IEVUUiBQcm9jZXNzaW5nICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAgMTU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDYuICBTZWN1cml0
eSBDb25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
ICAxNjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIDYuICBTZWN1cml0eSBD
b25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAx
NjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA2LjEuICBNYXBwaW5nIFN5
c3RlbSBTZWN1cml0eSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE2PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICA2LjEuICBNYXBwaW5nIFN5c3Rl
bSBTZWN1cml0eSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE2PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDYuMi4gIFJhbmRvbSBOdW1iZXIgR2Vu
ZXJhdGlvbiAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTY8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDYuMi4gIFJhbmRvbSBOdW1iZXIgR2VuZXJh
dGlvbiAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTY8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgNi4zLiAgTWFwLVNlcnZlciBhbmQgRVRSIENvbG9j
YXRpb24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgICAgNi4zLiAgTWFwLVNlcnZlciBhbmQgRVRSIENvbG9jYXRp
b24gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAwNSI+PHRkPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4g
ICA3LiAgSUFOQSBDb25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+MTY8L3NwYW4+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+Ni40
LiAgRGVwbG95aW5nIExJU1AtU0VDICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuICAxNzwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAg
ICA3LjEuICBITUFDIDxzcGFuIGNsYXNzPSJkZWxldGUiPmZ1bmN0aW9uczwvc3Bhbj4gIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8c3BhbiBjbGFzcz0i
ZGVsZXRlIj4xNjwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAg
Ny4gIElBTkEgQ29uc2lkZXJhdGlvbnMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjE3PC9zcGFuPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0iZGVsZXRlIj4gICAgIDcuMi48
L3NwYW4+ICBLZXkgV3JhcCBGdW5jdGlvbnMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJkZWxldGUiPjE3PC9zcGFuPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgIDcuMS4gIDxzcGFuIGNsYXNzPSJpbnNlcnQi
PkVDTSBBRCBUeXBlIFJlZ2lzdHJ5ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAgMTc8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFu
IGNsYXNzPSJkZWxldGUiPiAgICAgNy4zLjwvc3Bhbj4gIEtleSBEZXJpdmF0aW9uIEZ1bmN0
aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNwYW4gY2xhc3M9ImRl
bGV0ZSI+MTc8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFu
IGNsYXNzPSJpbnNlcnQiPiAgICAgNy4yLiAgTWFwLVJlcGx5IEFEIFR5cGUgUmVnaXN0cnkg
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxODwvc3Bhbj48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgOC4gIEFja25vd2xlZGdlbWVudHMgIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJkZWxl
dGUiPjE4PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBj
bGFzcz0iaW5zZXJ0Ij4gICAgIDcuMy48L3NwYW4+ICBITUFDIDxzcGFuIGNsYXNzPSJpbnNl
cnQiPkZ1bmN0aW9uczwvc3Bhbj4gIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4xODwvc3Bhbj48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgOS4gIE5vcm1hdGl2ZSBSZWZlcmVuY2VzICAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJkZWxl
dGUiPjE4PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBj
bGFzcz0iaW5zZXJ0Ij4gICAgIDcuNC48L3NwYW4+ICBLZXkgV3JhcCBGdW5jdGlvbnMgIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJpbnNl
cnQiPjE5PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBBdXRo
b3JzJyBBZGRyZXNzZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+MTk8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgNy41Ljwvc3Bh
bj4gIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAgPHNwYW4gY2xhc3M9Imluc2VydCI+MTk8L3NwYW4+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g
ICA4LiAgQWNrbm93bGVkZ2VtZW50cyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAgPHNwYW4gY2xhc3M9Imluc2VydCI+MTk8L3NwYW4+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj4gICA5LiAgTm9ybWF0aXZlIFJlZmVyZW5jZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNwYW4gY2xhc3M9Imluc2VydCI+MjA8L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gICBBdXRob3JzJyBBZGRyZXNzZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNwYW4gY2xhc3M9Imluc2VydCI+MjE8L3Nw
YW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjEuICBJbnRy
b2R1Y3Rpb248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4xLiAgSW50cm9kdWN0
aW9uPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0ciBpZD0iZGlmZjAwMDYiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgVGhlIExvY2F0b3IvSUQgU2Vw
YXJhdGlvbiBQcm90b2NvbCBbUkZDNjgzMF0gPHNwYW4gY2xhc3M9ImRlbGV0ZSI+ZGVmaW5l
czwvc3Bhbj4gYSA8c3BhbiBjbGFzcz0iZGVsZXRlIj5zZXQ8L3NwYW4+IG9mPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFRoZSBMb2NhdG9yL0lEIFNlcGFyYXRpb24g
UHJvdG9jb2wgW1JGQzY4MzBdIDxzcGFuIGNsYXNzPSJpbnNlcnQiPmlzPC9zcGFuPiBhIDxz
cGFuIGNsYXNzPSJpbnNlcnQiPm5ldHdvcmstbGF5ZXItYmFzZWQ8L3NwYW4+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPmZ1bmN0
aW9ucyBmb3Igcm91dGVycyB0byBleGNoYW5nZSBpbmZvcm1hdGlvbiB1c2VkIHRvIG1hcCBm
cm9tIG5vbi08L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFu
IGNsYXNzPSJpbnNlcnQiPiAgIHByb3RvY29sIHRoYXQgZW5hYmxlcyBzZXBhcmF0aW9uPC9z
cGFuPiBvZiA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5JUCBhZGRyZXNzZXMgaW50byB0d28gbmV3
PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0i
ZGVsZXRlIj4gICByb3V0YWJsZTwvc3Bhbj4gRW5kcG9pbnQgSWRlbnRpZmllcnMgKEVJRHMp
IDxzcGFuIGNsYXNzPSJkZWxldGUiPnRvIHJvdXRhYmxlPC9zcGFuPiBSb3V0aW5nIExvY2F0
b3JzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNl
cnQiPiAgIG51bWJlcmluZyBzcGFjZXM6PC9zcGFuPiBFbmRwb2ludCBJZGVudGlmaWVycyAo
RUlEcykgPHNwYW4gY2xhc3M9Imluc2VydCI+YW5kPC9zcGFuPiBSb3V0aW5nIExvY2F0b3Jz
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAoUkxPQ3MpLiAgSWYgdGhlc2Ug
RUlELXRvLVJMT0MgbWFwcGluZ3MsIGNhcnJpZWQgdGhyb3VnaCBNYXAtUmVwbHk8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAoUkxPQ3MpLiAgSWYgdGhlc2UgRUlELXRv
LVJMT0MgbWFwcGluZ3MsIGNhcnJpZWQgdGhyb3VnaCBNYXAtUmVwbHk8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG1lc3NhZ2VzLCBhcmUgdHJhbnNtaXR0ZWQgd2l0aG91
dCBpbnRlZ3JpdHkgcHJvdGVjdGlvbiwgYW4gYWR2ZXJzYXJ5PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgbWVzc2FnZXMsIGFyZSB0cmFuc21pdHRlZCB3aXRob3V0IGlu
dGVncml0eSBwcm90ZWN0aW9uLCBhbiBhZHZlcnNhcnk8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIGNhbiBtYW5pcHVsYXRlIHRoZW0gYW5kIGhpamFjayB0aGUgY29tbXVu
aWNhdGlvbiwgaW1wZXJzb25hdGUgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgY2FuIG1hbmlwdWxhdGUgdGhlbSBhbmQgaGlqYWNrIHRoZSBjb21tdW5pY2F0aW9u
LCBpbXBlcnNvbmF0ZSB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHJl
cXVlc3RlZCBFSUQsIG9yIG1vdW50IERlbmlhbCBvZiBTZXJ2aWNlIG9yIERpc3RyaWJ1dGVk
IERlbmlhbCBvZjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHJlcXVlc3Rl
ZCBFSUQsIG9yIG1vdW50IERlbmlhbCBvZiBTZXJ2aWNlIG9yIERpc3RyaWJ1dGVkIERlbmlh
bCBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgU2VydmljZSBhdHRhY2tz
LiAgQWxzbywgaWYgdGhlIE1hcC1SZXBseSBtZXNzYWdlIGlzIHRyYW5zcG9ydGVkPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgU2VydmljZSBhdHRhY2tzLiAgQWxzbywg
aWYgdGhlIE1hcC1SZXBseSBtZXNzYWdlIGlzIHRyYW5zcG9ydGVkPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICB1bmF1dGhlbnRpY2F0ZWQsIGFuIGFkdmVyc2FyaWFsIExJ
U1AgZW50aXR5IGNhbiBvdmVyY2xhaW0gYW4gRUlELTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIHVuYXV0aGVudGljYXRlZCwgYW4gYWR2ZXJzYXJpYWwgTElTUCBlbnRp
dHkgY2FuIG92ZXJjbGFpbSBhbiBFSUQtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBwcmVmaXggYW5kIG1hbGljaW91c2x5IHJlZGlyZWN0IHRyYWZmaWMgZGlyZWN0ZWQg
dG8gYSBsYXJnZSBudW1iZXIgb2Y8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICBwcmVmaXggYW5kIG1hbGljaW91c2x5IHJlZGlyZWN0IHRyYWZmaWMgZGlyZWN0ZWQgdG8g
YSBsYXJnZSBudW1iZXIgb2Y8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0iZGlmZjAwMDciPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgaG9zdHMuICA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5BPC9zcGFuPiBkZXRhaWxlZCBkZXNjcmlwdGlvbiBvZiAib3ZlcmNs
YWltaW5nIiA8c3BhbiBjbGFzcz0iZGVsZXRlIj5hdHRhY2sgaXMgcHJvdmlkZWQ8L3NwYW4+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGhvc3RzLiAgPHNwYW4gY2xh
c3M9Imluc2VydCI+VGhlIExJU1AtU0VDIHRocmVhdCBtb2RlbCwgZGVzY3JpYmVkIGluIFNl
Y3Rpb24gMywgaXMgYnVpbHQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPjxzcGFuIGNsYXNzPSJkZWxldGUiPiAgIGluIFtSRkM3ODM1XS48L3NwYW4+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIG9u
IHRvcCBvZiB0aGUgTElTUCB0aHJlYXQgbW9kZWwgZGVmaW5lZCBpbiBbUkZDNzgzNV0sIHRo
YXQgaW5jbHVkZXM8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBkZXRhaWxlZCBkZXNjcmlwdGlv
biBvZiAib3ZlcmNsYWltaW5nIiA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5hdHRhY2suPC9zcGFu
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGlzIG1l
bW8gc3BlY2lmaWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1cml0eSBtZWNoYW5pc21zIHRo
YXQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGlzIG1lbW8gc3BlY2lm
aWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1cml0eSBtZWNoYW5pc21zIHRoYXQ8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHByb3ZpZGVzIG9yaWdpbiBhdXRoZW50aWNh
dGlvbiwgaW50ZWdyaXR5IGFuZCBhbnRpLXJlcGxheSBwcm90ZWN0aW9uPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJvdmlkZXMgb3JpZ2luIGF1dGhlbnRpY2F0aW9u
LCBpbnRlZ3JpdHkgYW5kIGFudGktcmVwbGF5IHByb3RlY3Rpb248L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIHRvIExJU1AncyBFSUQtdG8tUkxPQyBtYXBwaW5nIGRhdGEg
Y29udmV5ZWQgdmlhIG1hcHBpbmcgbG9va3VwPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgdG8gTElTUCdzIEVJRC10by1STE9DIG1hcHBpbmcgZGF0YSBjb252ZXllZCB2
aWEgbWFwcGluZyBsb29rdXA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHBy
b2Nlc3MuICBMSVNQLVNFQyBhbHNvIGVuYWJsZXMgdmVyaWZpY2F0aW9uIG9mIGF1dGhvcml6
YXRpb24gb24gRUlELTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHByb2Nl
c3MuICBMSVNQLVNFQyBhbHNvIGVuYWJsZXMgdmVyaWZpY2F0aW9uIG9mIGF1dGhvcml6YXRp
b24gb24gRUlELTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcHJlZml4IGNs
YWltcyBpbiBNYXAtUmVwbHkgbWVzc2FnZXMsIGVuc3VyaW5nIHRoYXQgdGhlIHNlbmRlciBv
ZiBhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJlZml4IGNsYWltcyBp
biBNYXAtUmVwbHkgbWVzc2FnZXMsIGVuc3VyaW5nIHRoYXQgdGhlIHNlbmRlciBvZiBhPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBNYXAtUmVwbHkgdGhhdCBwcm92aWRl
cyB0aGUgbG9jYXRpb24gZm9yIGEgZ2l2ZW4gRUlELXByZWZpeCBpczwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIE1hcC1SZXBseSB0aGF0IHByb3ZpZGVzIHRoZSBsb2Nh
dGlvbiBmb3IgYSBnaXZlbiBFSUQtcHJlZml4IGlzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICBlbnRpdGxlZCB0byBkbyBzbyBhY2NvcmRpbmcgdG8gdGhlIEVJRCBwcmVm
aXggcmVnaXN0ZXJlZCBpbiB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICBlbnRpdGxlZCB0byBkbyBzbyBhY2NvcmRpbmcgdG8gdGhlIEVJRCBwcmVmaXggcmVnaXN0
ZXJlZCBpbiB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGFzc29jaWF0
ZWQgTWFwLVNlcnZlci4gIE1hcC1SZWdpc3RlciBzZWN1cml0eSwgaW5jbHVkaW5nIHRoZSBy
aWdodDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFzc29jaWF0ZWQgTWFw
LVNlcnZlci4gIE1hcC1SZWdpc3RlciBzZWN1cml0eSwgaW5jbHVkaW5nIHRoZSByaWdodDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZm9yIGEgTElTUCBlbnRpdHkgdG8g
cmVnaXN0ZXIgYW4gRUlELXByZWZpeCBvciB0byBjbGFpbSBwcmVzZW5jZSBhdDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGZvciBhIExJU1AgZW50aXR5IHRvIHJlZ2lz
dGVyIGFuIEVJRC1wcmVmaXggb3IgdG8gY2xhaW0gcHJlc2VuY2UgYXQ8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGFuIFJMT0MsIGlzIG91dCBvZiB0aGUgc2NvcGUgb2Yg
TElTUC1TRUMuICBBZGRpdGlvbmFsIHNlY3VyaXR5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgYW4gUkxPQywgaXMgb3V0IG9mIHRoZSBzY29wZSBvZiBMSVNQLVNFQy4g
IEFkZGl0aW9uYWwgc2VjdXJpdHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
IGNvbnNpZGVyYXRpb25zIGFyZSBkZXNjcmliZWQgaW4gU2VjdGlvbiA2LjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGNvbnNpZGVyYXRpb25zIGFyZSBkZXNjcmliZWQg
aW4gU2VjdGlvbiA2LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4yLiAgRGVmaW5pdGlvbiBvZiBUZXJtczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPjIuICBEZWZpbml0aW9uIG9mIFRlcm1zPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgIE9uZS1UaW1lIEtleSAoT1RLKTogQW4gZXBoZW1lcmFs
IHJhbmRvbWx5IGdlbmVyYXRlZCBrZXkgdGhhdCBtdXN0PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgICAgT25lLVRpbWUgS2V5IChPVEspOiBBbiBlcGhlbWVyYWwgcmFu
ZG9tbHkgZ2VuZXJhdGVkIGtleSB0aGF0IG11c3Q8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIGJlIHVzZWQgZm9yIGEgc2luZ2xlIE1hcC1SZXF1ZXN0L01hcC1SZXBs
eSBleGNoYW5nZS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBiZSB1
c2VkIGZvciBhIHNpbmdsZSBNYXAtUmVxdWVzdC9NYXAtUmVwbHkgZXhjaGFuZ2UuPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0i
ZGlmZjAwMDgiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+
SVRSLU9USzogVGhlPC9zcGFuPiBPbmUtVGltZSBLZXkgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+
Z2VuZXJhdGVkIGF0IHRoZSBJVFIuPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj4gICAgICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5JVFI8L3NwYW4+IE9uZS1UaW1l
IEtleSA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4oSVRSLU9USyk6PC9zcGFuPiBUaGUgT25lLVRp
bWUgS2V5IGdlbmVyYXRlZCBhdCB0aGUgPHNwYW4gY2xhc3M9Imluc2VydCI+SVRSLjwvc3Bh
bj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRlbGV0
ZSI+PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRlbGV0ZSI+ICAgICAgICAg
TVMtT1RLOjwvc3Bhbj4gVGhlIE9uZS1UaW1lIEtleSBnZW5lcmF0ZWQgYXQgdGhlIDxzcGFu
IGNsYXNzPSJkZWxldGUiPk1hcC1TZXJ2ZXIuPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAwOSI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICA8c3Bh
biBjbGFzcz0iZGVsZXRlIj5FbmNhcHN1bGF0ZWQgQ29udHJvbCBNZXNzYWdlIChFQ00pOiBB
IExJU1AgY29udHJvbCBtZXNzYWdlIHRoYXQgaXM8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiAgICAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPk1TIE9uZS1UaW1l
IEtleSAoTVMtT1RLKTogVGhlIE9uZS1UaW1lIEtleSBnZW5lcmF0ZWQgYXQgdGhlPC9zcGFu
PiBNYXAtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNsYXNzPSJk
ZWxldGUiPiAgICAgIHByZXBlbmRlZCB3aXRoIGFuIGFkZGl0aW9uYWwgTElTUCBoZWFkZXIu
ICBFQ00gaXMgdXNlZCBieSBJVFJzIHRvPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gICAgICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5TZXJ2ZXIuPC9zcGFuPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0iZGVsZXRlIj4g
ICAgICBzZW5kIExJU1AgY29udHJvbCBtZXNzYWdlcyB0byBhIE1hcC1SZXNvbHZlciwgYnkg
TWFwLVJlc29sdmVycyB0bzwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNsYXNzPSJkZWxl
dGUiPiAgICAgIGZvcndhcmQgTElTUCBjb250cm9sIG1lc3NhZ2VzIHRvIGEgTWFwLVNlcnZl
ciwgYW5kIGJ5PC9zcGFuPiBNYXAtPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICA8c3BhbiBjbGFzcz0i
ZGVsZXRlIj5SZXNvbHZlcnMgdG8gZm9yd2FyZCBMSVNQIGNvbnRyb2wgbWVzc2FnZXMgdG8g
YW4gRVRSLjwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIEF1dGhlbnRpY2F0
aW9uIERhdGEgKEFEKTogTWV0YWRhdGEgdGhhdCBpcyBpbmNsdWRlZCBlaXRoZXIgaW4gYTwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIEF1dGhlbnRpY2F0aW9uIERh
dGEgKEFEKTogTWV0YWRhdGEgdGhhdCBpcyBpbmNsdWRlZCBlaXRoZXIgaW4gYTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAxMCI+PHRk
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj4gICAgICBMSVNQIDxzcGFuIGNsYXNzPSJkZWxldGUiPkVDTSBoZWFkZXI8
L3NwYW4+IG9yIGluIGEgTWFwLVJlcGx5IG1lc3NhZ2UgdG8gc3VwcG9ydDwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICBMSVNQIDxzcGFuIGNsYXNzPSJpbnNlcnQi
PkVuY2Fwc3VsYXRlZCBDb250cm9sIE1lc3NhZ2UgKEVDTSkgaGVhZGVyLCBhcyBkZWZpbmVk
IGluPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgICAgU2Vj
dGlvbiA2LjEuOCBvZiBbUkZDNjgzMF0sPC9zcGFuPiBvciBpbiBhIE1hcC1SZXBseSBtZXNz
YWdlIHRvIHN1cHBvcnQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIGNv
bmZpZGVudGlhbGl0eSwgaW50ZWdyaXR5IHByb3RlY3Rpb24sIGFuZCB2ZXJpZmljYXRpb24g
b2YgRUlELTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIGNvbmZpZGVu
dGlhbGl0eSwgaW50ZWdyaXR5IHByb3RlY3Rpb24sIGFuZCB2ZXJpZmljYXRpb24gb2YgRUlE
LTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgcHJlZml4IGF1dGhvcml6
YXRpb24uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgcHJlZml4IGF1
dGhvcml6YXRpb24uPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMTEiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAgPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+T1RLLUFEOjwvc3Bhbj4gVGhlIHBvcnRpb24gb2YgRUNNIEF1
dGhlbnRpY2F0aW9uIERhdGEgdGhhdCBjb250YWlucyBhPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPiAgICAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPk9USyBBdXRoZW50aWNh
dGlvbiBEYXRhIChPVEstQUQpOjwvc3Bhbj4gVGhlIHBvcnRpb24gb2YgRUNNPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAgICAgIE9uZS1UaW1lIEtleS48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgQXV0aGVudGljYXRpb24gRGF0YSB0
aGF0IGNvbnRhaW5zIGEgT25lLVRpbWUgS2V5LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDEyIj48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPiAgICAgICAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPkVJRC1BRDo8L3NwYW4+IFRoZSBw
b3J0aW9uIG9mIEVDTSBhbmQgTWFwLVJlcGx5IEF1dGhlbnRpY2F0aW9uIERhdGE8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+
RUlEIEF1dGhlbnRpY2F0aW9uIERhdGEgKEVJRC1BRCk6PC9zcGFuPiBUaGUgcG9ydGlvbiBv
ZiBFQ00gYW5kIE1hcC1SZXBseTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4g
ICAgICAgICB1c2VkIGZvciB2ZXJpZmljYXRpb24gb2YgRUlELXByZWZpeCBhdXRob3JpemF0
aW9uLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICBBdXRoZW50aWNh
dGlvbiBEYXRhIHVzZWQgZm9yIHZlcmlmaWNhdGlvbiBvZiBFSUQtcHJlZml4PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj4gICAgICBhdXRob3JpemF0aW9uLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDEzIj48dGQ+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PiAgICAgICAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPlBLVC1BRDo8L3NwYW4+IFRoZSBwb3J0
aW9uIG9mIE1hcC1SZXBseSBBdXRoZW50aWNhdGlvbiBEYXRhIHVzZWQgdG88L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+UGFj
a2V0IEF1dGhlbnRpY2F0aW9uIERhdGEgKFBLVC1BRCk6PC9zcGFuPiBUaGUgcG9ydGlvbiBv
ZiBNYXAtUmVwbHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAg
cHJvdGVjdCB0aGUgaW50ZWdyaXR5IG9mIHRoZSBNYXAtUmVwbHkgbWVzc2FnZS48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgQXV0aGVudGljYXRpb24gRGF0YSB1
c2VkIHRvIHByb3RlY3QgdGhlIGludGVncml0eSBvZiB0aGUgTWFwLVJlcGx5PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj4gICAgICBtZXNzYWdlLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICBGb3IgZGVmaW5pdGlvbnMgb2Ygb3RoZXIgdGVybXMsIG5vdGFibHkgTWFw
LVJlcXVlc3QsIE1hcC1SZXBseSw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICBGb3IgZGVmaW5pdGlvbnMgb2Ygb3RoZXIgdGVybXMsIG5vdGFibHkgTWFwLVJlcXVlc3Qs
IE1hcC1SZXBseSw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIEluZ3Jlc3Mg
VHVubmVsIFJvdXRlciAoSVRSKSwgRWdyZXNzIFR1bm5lbCBSb3V0ZXIgKEVUUiksIE1hcC1T
ZXJ2ZXI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJbmdyZXNzIFR1bm5l
bCBSb3V0ZXIgKElUUiksIEVncmVzcyBUdW5uZWwgUm91dGVyIChFVFIpLCBNYXAtU2VydmVy
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAoTVMpLCBhbmQgTWFwLVJlc29s
dmVyIChNUikgcGxlYXNlIGNvbnN1bHQgdGhlIExJU1Agc3BlY2lmaWNhdGlvbjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIChNUyksIGFuZCBNYXAtUmVzb2x2ZXIgKE1S
KSBwbGVhc2UgY29uc3VsdCB0aGUgTElTUCBzcGVjaWZpY2F0aW9uPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICBbUkZDNjgzMF0uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgW1JGQzY4MzBdLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4zLiAgTElTUC1TRUMgVGhyZWF0IE1vZGVsPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+My4gIExJU1AtU0VDIFRocmVhdCBNb2RlbDwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBMSVNQLVNFQyBhZGRyZXNzZXMgdGhl
IGNvbnRyb2wgcGxhbmUgdGhyZWF0cywgZGVzY3JpYmVkIGluIFtSRkM3ODM1XSw8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBMSVNQLVNFQyBhZGRyZXNzZXMgdGhlIGNv
bnRyb2wgcGxhbmUgdGhyZWF0cywgZGVzY3JpYmVkIGluIFtSRkM3ODM1XSw8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoYXQgdGFyZ2V0IEVJRC10by1STE9DIG1hcHBp
bmdzLCBpbmNsdWRpbmcgbWFuaXB1bGF0aW9ucyBvZiBNYXAtPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgdGhhdCB0YXJnZXQgRUlELXRvLVJMT0MgbWFwcGluZ3MsIGlu
Y2x1ZGluZyBtYW5pcHVsYXRpb25zIG9mIE1hcC08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIFJlcXVlc3QgYW5kIE1hcC1SZXBseSBtZXNzYWdlcywgYW5kIG1hbGljaW91
cyBFVFIgRUlEIHByZWZpeDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFJl
cXVlc3QgYW5kIE1hcC1SZXBseSBtZXNzYWdlcywgYW5kIG1hbGljaW91cyBFVFIgRUlEIHBy
ZWZpeDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgb3ZlcmNsYWltaW5nLiAg
TElTUC1TRUMgbWFrZXMgdHdvIG1haW4gYXNzdW1wdGlvbnM6ICgxKSB0aGUgTElTUDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIG92ZXJjbGFpbWluZy4gIExJU1AtU0VD
IG1ha2VzIHR3byBtYWluIGFzc3VtcHRpb25zOiAoMSkgdGhlIExJU1A8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG1hcHBpbmcgc3lzdGVtIGlzIGV4cGVjdGVkIHRvIGRl
bGl2ZXIgYSBNYXAtUmVxdWVzdCBtZXNzYWdlIHRvIHRoZWlyPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgbWFwcGluZyBzeXN0ZW0gaXMgZXhwZWN0ZWQgdG8gZGVsaXZl
ciBhIE1hcC1SZXF1ZXN0IG1lc3NhZ2UgdG8gdGhlaXI8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIGludGVuZGVkIGRlc3RpbmF0aW9uIEVUUiBhcyBpZGVudGlmaWVkIGJ5
IHRoZSBFSUQsIGFuZCAoMikgbm8gbWFuLWluLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIGludGVuZGVkIGRlc3RpbmF0aW9uIEVUUiBhcyBpZGVudGlmaWVkIGJ5IHRo
ZSBFSUQsIGFuZCAoMikgbm8gbWFuLWluLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgdGhlLW1pZGRsZSAoTUlUTSkgYXR0YWNrIGNhbiBiZSBtb3VudGVkIHdpdGhpbiB0
aGUgTElTUCBNYXBwaW5nPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhl
LW1pZGRsZSAoTUlUTSkgYXR0YWNrIGNhbiBiZSBtb3VudGVkIHdpdGhpbiB0aGUgTElTUCBN
YXBwaW5nPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9
ImRpZmYwMDE0Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIFN5c3RlbS4gIEZ1cnRoZXJtb3JlLCB3aGls
ZSBMSVNQLVNFQyBlbmFibGVzIGRldGVjdGlvbiBvZiBFSUQgcHJlZml4PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFN5c3RlbS4gIDxzcGFuIGNsYXNzPSJpbnNlcnQi
PkhvdyB0aGUgTWFwcGluZyBTeXN0ZW0gaXMgcHJvdGVjdGVkIGZyb20gTUlUTSBhdHRhY2tz
PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBvdmVyY2xhaW1p
bmcgYXR0YWNrcywgaXQgYXNzdW1lcyB0aGF0IE1hcC1TZXJ2ZXJzIGNhbiB2ZXJpZnkgdGhl
IEVJRDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5z
ZXJ0Ij4gICBkZXBlbmRzIGZyb20gdGhlIHBhcnRpY3VsYXIgTWFwcGluZyBTeXN0ZW1zIHVz
ZWQsIGFuZCBpcyBvdXQgb2YgdGhlPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj4gICBwcmVmaXggYXV0aG9yaXphdGlvbiBhdCB0aW1lIG9mIHJlZ2lzdHJhdGlv
bi48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2Vy
dCI+ICAgc2NvcGUgb2YgdGhpcyBtZW1vLjwvc3Bhbj4gIEZ1cnRoZXJtb3JlLCB3aGlsZSBM
SVNQLVNFQyBlbmFibGVzIGRldGVjdGlvbiBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgRUlEIHByZWZp
eCBvdmVyY2xhaW1pbmcgYXR0YWNrcywgaXQgYXNzdW1lcyB0aGF0IE1hcC1TZXJ2ZXJzIGNh
bjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+ICAgdmVyaWZ5IHRoZSBFSUQgcHJlZml4IGF1dGhvcml6YXRpb24g
YXQgdGltZSBvZiByZWdpc3RyYXRpb24uPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIEFjY29yZGluZyB0byB0aGUgdGhyZWF0IG1vZGVsIGRlc2NyaWJl
ZCBpbiBbUkZDNzgzNV0gTElTUC1TRUMgYXNzdW1lczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIEFjY29yZGluZyB0byB0aGUgdGhyZWF0IG1vZGVsIGRlc2NyaWJlZCBp
biBbUkZDNzgzNV0gTElTUC1TRUMgYXNzdW1lczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgdGhhdCBhbnkga2luZCBvZiBhdHRhY2ssIGluY2x1ZGluZyBNSVRNIGF0dGFj
a3MsIGNhbiBiZSBtb3VudGVkIGluPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgdGhhdCBhbnkga2luZCBvZiBhdHRhY2ssIGluY2x1ZGluZyBNSVRNIGF0dGFja3MsIGNh
biBiZSBtb3VudGVkIGluPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUg
YWNjZXNzIG5ldHdvcmssIG91dHNpZGUgb2YgdGhlIGJvdW5kYXJpZXMgb2YgdGhlIExJU1Ag
bWFwcGluZzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBhY2Nlc3Mg
bmV0d29yaywgb3V0c2lkZSBvZiB0aGUgYm91bmRhcmllcyBvZiB0aGUgTElTUCBtYXBwaW5n
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBzeXN0ZW0uICBBbiBvbi1wYXRo
IGF0dGFja2VyLCBvdXRzaWRlIG9mIHRoZSBMSVNQIG1hcHBpbmcgc3lzdGVtIGNhbiw8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBzeXN0ZW0uICBBbiBvbi1wYXRoIGF0
dGFja2VyLCBvdXRzaWRlIG9mIHRoZSBMSVNQIG1hcHBpbmcgc3lzdGVtIGNhbiw8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGZvciBleGFtcGxlLCBoaWphY2sgTWFwLVJl
cXVlc3QgYW5kIE1hcC1SZXBseSBtZXNzYWdlcywgc3Bvb2ZpbmcgdGhlPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZm9yIGV4YW1wbGUsIGhpamFjayBNYXAtUmVxdWVz
dCBhbmQgTWFwLVJlcGx5IG1lc3NhZ2VzLCBzcG9vZmluZyB0aGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIGlkZW50aXR5IG9mIGEgTElTUCBub2RlLiAgQW5vdGhlciBl
eGFtcGxlIG9mIG9uLXBhdGggYXR0YWNrLCBjYWxsZWQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBpZGVudGl0eSBvZiBhIExJU1Agbm9kZS4gIEFub3RoZXIgZXhhbXBs
ZSBvZiBvbi1wYXRoIGF0dGFjaywgY2FsbGVkPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBvdmVyY2xhaW1pbmcgYXR0YWNrLCBjYW4gYmUgbW91bnRlZCBieSBhIG1hbGlj
aW91cyBFZ3Jlc3MgVHVubmVsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
b3ZlcmNsYWltaW5nIGF0dGFjaywgY2FuIGJlIG1vdW50ZWQgYnkgYSBtYWxpY2lvdXMgRWdy
ZXNzIFR1bm5lbDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUm91dGVyIChF
VFIpLCBieSBvdmVyY2xhaW1pbmcgdGhlIEVJRC1wcmVmaXhlcyBmb3Igd2hpY2ggaXQgaXM8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBSb3V0ZXIgKEVUUiksIGJ5IG92
ZXJjbGFpbWluZyB0aGUgRUlELXByZWZpeGVzIGZvciB3aGljaCBpdCBpczwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYXV0aG9yaXRhdGl2ZS4gIEluIHRoaXMgd2F5IHRo
ZSBFVFIgY2FuIG1hbGljaW91c2x5IHJlZGlyZWN0IHRyYWZmaWM8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBhdXRob3JpdGF0aXZlLiAgSW4gdGhpcyB3YXkgdGhlIEVU
UiBjYW4gbWFsaWNpb3VzbHkgcmVkaXJlY3QgdHJhZmZpYzwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9InBhcnQtNCIgY2xhc3M9
ImNoYW5nZSI+PHRkPjwvdGQ+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3Nt
YWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNk
aWZmLnB5aHQjcGFydC00Ij48ZW0+IHBhZ2UgNSwgbGluZSAxNjxzcGFuIGNsYXNzPSJoaWRl
Ij4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGg+IDwvdGg+PHRoPjxzbWFsbD5za2lwcGlu
ZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcv
dG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC00Ij48ZW0+IHBhZ2UgNSwgbGluZSAx
OTxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBUaG9zZSB0cnVzdCByZWxhdGlvbnNoaXBzIGFyZSB1c2VkIHRvIHNlY3VyZWx5IGRp
c3RyaWJ1dGUgYSBPbmUtVGltZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
IFRob3NlIHRydXN0IHJlbGF0aW9uc2hpcHMgYXJlIHVzZWQgdG8gc2VjdXJlbHkgZGlzdHJp
YnV0ZSBhIE9uZS1UaW1lPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBLZXkg
KE9USykgdGhhdCBwcm92aWRlcyBvcmlnaW4gYXV0aGVudGljYXRpb24sIGludGVncml0eSBh
bmQgYW50aS08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBLZXkgKE9USykg
dGhhdCBwcm92aWRlcyBvcmlnaW4gYXV0aGVudGljYXRpb24sIGludGVncml0eSBhbmQgYW50
aS08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHJlcGxheSBwcm90ZWN0aW9u
IHRvIG1hcHBpbmcgZGF0YSBjb252ZXllZCB2aWEgdGhlIG1hcHBpbmcgbG9va3VwPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcmVwbGF5IHByb3RlY3Rpb24gdG8gbWFw
cGluZyBkYXRhIGNvbnZleWVkIHZpYSB0aGUgbWFwcGluZyBsb29rdXA8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHByb2Nlc3MsIGFuZCB0aGF0IGVmZmVjdGl2ZWx5IHBy
ZXZlbnQgb3ZlcmNsYWltaW5nIGF0dGFja3MuICBUaGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBwcm9jZXNzLCBhbmQgdGhhdCBlZmZlY3RpdmVseSBwcmV2ZW50IG92
ZXJjbGFpbWluZyBhdHRhY2tzLiAgVGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBwcm9jZXNzaW5nIG9mIHNlY3VyaXR5IHBhcmFtZXRlcnMgZHVyaW5nIHRoZSBNYXAt
UmVxdWVzdC9NYXAtUmVwbHk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBw
cm9jZXNzaW5nIG9mIHNlY3VyaXR5IHBhcmFtZXRlcnMgZHVyaW5nIHRoZSBNYXAtUmVxdWVz
dC9NYXAtUmVwbHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGV4Y2hhbmdl
IGlzIGFzIGZvbGxvd3M6PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZXhj
aGFuZ2UgaXMgYXMgZm9sbG93czo8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgbyAgVGhlIElUUi1PVEsgaXMgZ2VuZXJhdGVkIGFuZCBzdG9yZWQgYXQg
dGhlIElUUiwgYW5kIHNlY3VyZWx5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgbyAgVGhlIElUUi1PVEsgaXMgZ2VuZXJhdGVkIGFuZCBzdG9yZWQgYXQgdGhlIElUUiwg
YW5kIHNlY3VyZWx5PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICB0cmFu
c3BvcnRlZCB0byB0aGUgTWFwLVNlcnZlci48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICAgICB0cmFuc3BvcnRlZCB0byB0aGUgTWFwLVNlcnZlci48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAx
NSI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGJsb2NrIj4gICBvICBUaGUgTWFwLVNlcnZlciB1c2VzIHRoZSBJVFItT1RL
IHRvIGNvbXB1dGUgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+YW4gSE1BQzwvc3Bhbj4gdGhhdCBw
cm90ZWN0czwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBvICBUaGUgTWFw
LVNlcnZlciB1c2VzIHRoZSBJVFItT1RLIHRvIGNvbXB1dGUgPHNwYW4gY2xhc3M9Imluc2Vy
dCI+YSBLZXllZC1IYXNoaW5nIGZvcjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+ICAgICAgdGhlIGludGVncml0eSBvZiB0aGUgbWFwcGluZyBkYXRhIGtub3du
IHRvIHRoZSBNYXAtU2VydmVyIHRvPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgIE1lc3NhZ2UgQXV0aGVudGljYXRpb24gKEhN
QUMpIFtSRkMyMTA0XTwvc3Bhbj4gdGhhdCBwcm90ZWN0cyB0aGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+ICAgICAgcHJldmVudCBvdmVyY2xhaW1pbmcgYXR0YWNrcy4g
IFRoZSBNYXAtU2VydmVyIGFsc28gZGVyaXZlcyBhIG5ldzwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gICAgICBpbnRlZ3JpdHkgb2YgdGhlIG1hcHBpbmcgZGF0YSBrbm93
biB0byB0aGUgTWFwLVNlcnZlciB0byBwcmV2ZW50PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPiAgICAgIE9USywgdGhlIE1TLU9USywgdGhhdCBpcyBwYXNzZWQgdG8gdGhl
IEVUUiwgYnkgYXBwbHlpbmcgYSBLZXk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+ICAgICAgb3ZlcmNsYWltaW5nIGF0dGFja3MuICBUaGUgTWFwLVNlcnZlciBhbHNvIGRl
cml2ZXMgYSBuZXcgT1RLLCB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
ICAgICAgRGVyaXZhdGlvbiBGdW5jdGlvbiAoS0RGKSB0byB0aGUgSVRSLU9USy48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgTVMtT1RLLCB0aGF0IGlzIHBhc3Nl
ZCB0byB0aGUgRVRSLCBieSBhcHBseWluZyBhIEtleSBEZXJpdmF0aW9uPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij4gICAgICBGdW5jdGlvbiAoS0RGKSB0byB0aGUgSVRSLU9USy48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbyAgVGhlIEVUUiB1c2VzIHRoZSBNUy1P
VEsgdG8gY29tcHV0ZSBhbiBITUFDIHRoYXQgcHJvdGVjdHMgdGhlPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgbyAgVGhlIEVUUiB1c2VzIHRoZSBNUy1PVEsgdG8gY29t
cHV0ZSBhbiBITUFDIHRoYXQgcHJvdGVjdHMgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICAgICBpbnRlZ3JpdHkgb2YgdGhlIE1hcC1SZXBseSBzZW50IHRvIHRoZSBJ
VFIuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgaW50ZWdyaXR5IG9m
IHRoZSBNYXAtUmVwbHkgc2VudCB0byB0aGUgSVRSLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBvICBGaW5hbGx5LCB0aGUgSVRSIHVzZXMgdGhlIHN0
b3JlZCBJVFItT1RLIHRvIHZlcmlmeSB0aGUgaW50ZWdyaXR5PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgbyAgRmluYWxseSwgdGhlIElUUiB1c2VzIHRoZSBzdG9yZWQg
SVRSLU9USyB0byB2ZXJpZnkgdGhlIGludGVncml0eTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgICAgb2YgdGhlIG1hcHBpbmcgZGF0YSBwcm92aWRlZCBieSBib3RoIHRo
ZSBNYXAtU2VydmVyIGFuZCB0aGUgRVRSLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgIG9mIHRoZSBtYXBwaW5nIGRhdGEgcHJvdmlkZWQgYnkgYm90aCB0aGUgTWFw
LVNlcnZlciBhbmQgdGhlIEVUUiw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
ICAgIGFuZCB0byB2ZXJpZnkgdGhhdCBubyBvdmVyY2xhaW1pbmcgYXR0YWNrcyB3ZXJlIG1v
dW50ZWQgYWxvbmcgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAg
YW5kIHRvIHZlcmlmeSB0aGF0IG5vIG92ZXJjbGFpbWluZyBhdHRhY2tzIHdlcmUgbW91bnRl
ZCBhbG9uZyB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIHBhdGgg
YmV0d2VlbiB0aGUgTWFwLVNlcnZlciBhbmQgdGhlIElUUi48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICAgICBwYXRoIGJldHdlZW4gdGhlIE1hcC1TZXJ2ZXIgYW5kIHRo
ZSBJVFIuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFNl
Y3Rpb24gNSBwcm92aWRlcyB0aGUgZGV0YWlsZWQgZGVzY3JpcHRpb24gb2YgdGhlIExJU1At
U0VDIGNvbnRyb2w8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBTZWN0aW9u
IDUgcHJvdmlkZXMgdGhlIGRldGFpbGVkIGRlc2NyaXB0aW9uIG9mIHRoZSBMSVNQLVNFQyBj
b250cm9sPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0icGFydC01IiBjbGFzcz0iY2hhbmdlIj48dGQ+PC90ZD48dGg+PHNtYWxs
PnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5p
ZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTUiPjxlbT4gcGFnZSA2
LCBsaW5lIDE5PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0
aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJl
Zj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNw
YXJ0LTUiPjxlbT4gcGFnZSA2LCBsaW5lIDIxPHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bh
bj48L2VtPjwvYT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIG1hdGNoIEVJRC1wcmVmaXggdGhh
dCBjb3ZlcnMgdGhlIHJlcXVlc3RlZCBFSUQgaW4gdGhlIHJlY2VpdmVkPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgbWF0Y2ggRUlELXByZWZpeCB0aGF0IGNvdmVy
cyB0aGUgcmVxdWVzdGVkIEVJRCBpbiB0aGUgcmVjZWl2ZWQ8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgIE1hcC1SZXF1ZXN0LiAgVGhlIE1hcC1TZXJ2ZXIgYWRkcyB0
aGlzIEVJRC1wcmVmaXgsIHRvZ2V0aGVyIHdpdGg8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICBNYXAtUmVxdWVzdC4gIFRoZSBNYXAtU2VydmVyIGFkZHMgdGhpcyBF
SUQtcHJlZml4LCB0b2dldGhlciB3aXRoPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICAgICBhbiBITUFDIGNvbXB1dGVkIHVzaW5nIHRoZSBJVFItT1RLLCB0byBhIG5ldyBF
bmNhcHN1bGF0ZWQgQ29udHJvbDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
ICAgIGFuIEhNQUMgY29tcHV0ZWQgdXNpbmcgdGhlIElUUi1PVEssIHRvIGEgbmV3IEVuY2Fw
c3VsYXRlZCBDb250cm9sPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBN
ZXNzYWdlIHRoYXQgY29udGFpbnMgdGhlIHJlY2VpdmVkIE1hcC1SZXF1ZXN0LjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIE1lc3NhZ2UgdGhhdCBjb250YWlucyB0
aGUgcmVjZWl2ZWQgTWFwLVJlcXVlc3QuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIG8gIFRoZSBNYXAtU2VydmVyIGRlcml2ZXMgYSBuZXcgT1RLLCB0
aGUgTVMtT1RLLCBieSBhcHBseWluZyBhIEtleTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIG8gIFRoZSBNYXAtU2VydmVyIGRlcml2ZXMgYSBuZXcgT1RLLCB0aGUgTVMt
T1RLLCBieSBhcHBseWluZyBhIEtleTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgRGVyaXZhdGlvbiBGdW5jdGlvbiAoS0RGKSB0byB0aGUgSVRSLU9USy4gIFRoaXMg
TVMtT1RLIGlzIGluY2x1ZGVkPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ICAgRGVyaXZhdGlvbiBGdW5jdGlvbiAoS0RGKSB0byB0aGUgSVRSLU9USy4gIFRoaXMgTVMt
T1RLIGlzIGluY2x1ZGVkPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBp
biB0aGUgRW5jYXBzdWxhdGVkIENvbnRyb2wgTWVzc2FnZSB0aGF0IHRoZSBNYXAtU2VydmVy
IHVzZXMgdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBpbiB0aGUg
RW5jYXBzdWxhdGVkIENvbnRyb2wgTWVzc2FnZSB0aGF0IHRoZSBNYXAtU2VydmVyIHVzZXMg
dG88L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIGZvcndhcmQgdGhlIE1h
cC1SZXF1ZXN0IHRvIHRoZSBFVFIuICBUbyBwcm92aWRlIE1TLU9USzwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIGZvcndhcmQgdGhlIE1hcC1SZXF1ZXN0IHRvIHRo
ZSBFVFIuICBUbyBwcm92aWRlIE1TLU9USzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgY29uZmlkZW50aWFsaXR5IG92ZXIgdGhlIHBhdGggYmV0d2VlbiB0aGUgTWFw
LVNlcnZlciBhbmQgdGhlIEVUUiw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBjb25maWRlbnRpYWxpdHkgb3ZlciB0aGUgcGF0aCBiZXR3ZWVuIHRoZSBNYXAtU2Vy
dmVyIGFuZCB0aGUgRVRSLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyIGlkPSJkaWZmMDAxNiI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICB0aGUgTVMtT1RLIDxz
cGFuIGNsYXNzPSJkZWxldGUiPnNob3VsZDwvc3Bhbj4gYmUgZW5jcnlwdGVkIHVzaW5nIHRo
ZSBrZXkgc2hhcmVkIGJldHdlZW4gdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxv
Y2siPiAgICAgIHRoZSBNUy1PVEsgPHNwYW4gY2xhc3M9Imluc2VydCI+U0hPVUxEPC9zcGFu
PiBiZSBlbmNyeXB0ZWQgdXNpbmcgdGhlIGtleSBzaGFyZWQgYmV0d2VlbiB0aGU8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIEVUUiBhbmQgdGhlIE1hcC1TZXJ2ZXIg
aW4gb3JkZXIgdG8gc2VjdXJlIEVUUiByZWdpc3RyYXRpb248L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICAgICBFVFIgYW5kIHRoZSBNYXAtU2VydmVyIGluIG9yZGVyIHRv
IHNlY3VyZSBFVFIgcmVnaXN0cmF0aW9uPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICAgICBbUkZDNjgzM10uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ICAgW1JGQzY4MzNdLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBvICBJZiB0aGUgTWFwLVNlcnZlciBpcyBhY3RpbmcgaW4gcHJveHkgbW9kZSwgYXMg
c3BlY2lmaWVkIGluPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgbyAgSWYg
dGhlIE1hcC1TZXJ2ZXIgaXMgYWN0aW5nIGluIHByb3h5IG1vZGUsIGFzIHNwZWNpZmllZCBp
bjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgW1JGQzY4MzBdLCB0aGUg
RVRSIGlzIG5vdCBpbnZvbHZlZCBpbiB0aGUgZ2VuZXJhdGlvbiBvZiB0aGUgTWFwLTwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIFtSRkM2ODMwXSwgdGhlIEVUUiBp
cyBub3QgaW52b2x2ZWQgaW4gdGhlIGdlbmVyYXRpb24gb2YgdGhlIE1hcC08L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIFJlcGx5LiAgSW4gdGhpcyBjYXNlIHRoZSBN
YXAtU2VydmVyIGdlbmVyYXRlcyB0aGUgTWFwLVJlcGx5IG9uPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgICAgUmVwbHkuICBJbiB0aGlzIGNhc2UgdGhlIE1hcC1TZXJ2
ZXIgZ2VuZXJhdGVzIHRoZSBNYXAtUmVwbHkgb248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIGJlaGFsZiBvZiB0aGUgRVRSIGFzIGRlc2NyaWJlZCBiZWxvdy48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBiZWhhbGYgb2YgdGhlIEVUUiBh
cyBkZXNjcmliZWQgYmVsb3cuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIG8gIFRoZSBFVFIsIHVwb24gcmVjZWl2aW5nIHRoZSBFQ00gZW5jYXBzdWxh
dGVkIE1hcC1SZXF1ZXN0IGZyb20gdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgbyAgVGhlIEVUUiwgdXBvbiByZWNlaXZpbmcgdGhlIEVDTSBlbmNhcHN1bGF0ZWQg
TWFwLVJlcXVlc3QgZnJvbSB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
ICAgIE1hcC1TZXJ2ZXIsIGRlY3J5cHRzIHRoZSBNUy1PVEssIGlmIG5lZWRlZCwgYW5kIG9y
aWdpbmF0ZXMgYTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIE1hcC1T
ZXJ2ZXIsIGRlY3J5cHRzIHRoZSBNUy1PVEssIGlmIG5lZWRlZCwgYW5kIG9yaWdpbmF0ZXMg
YTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHIgaWQ9InBhcnQtNiIgY2xhc3M9ImNoYW5nZSI+PHRkPjwvdGQ+PHRoPjxzbWFsbD5za2lw
cGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5v
cmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC02Ij48ZW0+IHBhZ2UgNywgbGlu
ZSAyMjxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGg+IDwv
dGg+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0
dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC02
Ij48ZW0+IHBhZ2UgNywgbGluZSAyMjxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9l
bT48L2E+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjUuMS4gIEVuY2Fwc3VsYXRlZCBD
b250cm9sIE1lc3NhZ2UgTElTUC1TRUMgRXh0ZW5zaW9uczwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPjUuMS4gIEVuY2Fwc3VsYXRlZCBDb250cm9sIE1lc3NhZ2UgTElTUC1T
RUMgRXh0ZW5zaW9uczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBMSVNQLVNFQyB1c2VzIHRoZSBFQ00gKEVuY2Fwc3VsYXRlZCBDb250cm9sIE1lc3Nh
Z2UpIGRlZmluZWQgaW48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBMSVNQ
LVNFQyB1c2VzIHRoZSBFQ00gKEVuY2Fwc3VsYXRlZCBDb250cm9sIE1lc3NhZ2UpIGRlZmlu
ZWQgaW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkM2ODMwXSB3aXRo
IFR5cGUgc2V0IHRvIDgsIGFuZCBTIGJpdCBzZXQgdG8gMSB0byBpbmRpY2F0ZSB0aGF0IHRo
ZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFtSRkM2ODMwXSB3aXRoIFR5
cGUgc2V0IHRvIDgsIGFuZCBTIGJpdCBzZXQgdG8gMSB0byBpbmRpY2F0ZSB0aGF0IHRoZTwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgTElTUCBoZWFkZXIgaW5jbHVkZXMg
QXV0aGVudGljYXRpb24gRGF0YSAoQUQpLiAgVGhlIGZvcm1hdCBvZiB0aGU8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBMSVNQIGhlYWRlciBpbmNsdWRlcyBBdXRoZW50
aWNhdGlvbiBEYXRhIChBRCkuICBUaGUgZm9ybWF0IG9mIHRoZTwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgTElTUC1TRUMgRUNNIEF1dGhlbnRpY2F0aW9uIERhdGEgaXMg
ZGVmaW5lZCBpbiB0aGUgZm9sbG93aW5nIGZpZ3VyZS48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBMSVNQLVNFQyBFQ00gQXV0aGVudGljYXRpb24gRGF0YSBpcyBkZWZp
bmVkIGluIHRoZSBmb2xsb3dpbmcgZmlndXJlLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgT1RLLUFEIHN0YW5kcyBmb3IgT25lLVRpbWUgS2V5IEF1dGhlbnRpY2F0aW9u
IERhdGEgYW5kIEVJRC1BRCBzdGFuZHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBPVEstQUQgc3RhbmRzIGZvciBPbmUtVGltZSBLZXkgQXV0aGVudGljYXRpb24gRGF0
YSBhbmQgRUlELUFEIHN0YW5kczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
Zm9yIEVJRCBBdXRoZW50aWNhdGlvbiBEYXRhLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIGZvciBFSUQgQXV0aGVudGljYXRpb24gRGF0YS48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAxNyI+
PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj4gMCAgICAgICAgICAgICAgICAgICAxICAgICAgICAgICAgICAgICAg
IDIgICAgICAgICAgICAgICAgICAgMzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij4gIDAgICAgICAgICAgICAgICAgICAgMSAgICAgICAgICAgICAgICAgICAyICAgICAgICAg
ICAgICAgICAgIDM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+IDAgMSAyIDMg
NCA1IDYgNyA4IDkgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAg
MTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gIDAgMSAyIDMgNCA1IDYgNyA4
IDkgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKzwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSs8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+fCAgICAgQUQgVHlwZSAgIHxWfCAgUmVzZXJ2ZWQgICB8ICAgICAgICBSZXF1
ZXN0ZWQgSE1BQyBJRCAgICAgIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
IHwgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPkVDTTwvc3Bhbj4gQUQgVHlwZSAgfFZ8ICBSZXNl
cnZlZCAgIHwgICAgICAgIFJlcXVlc3RlZCBITUFDIElEICAgICAgfDwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstK1w8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rXDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj58ICAgICAgICAgICAgICBPVEsgTGVuZ3RoICAgICAgIHwgICAgICAgT1RLIEVuY3J5
cHRpb24gSUQgICAgICAgfCB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiB8
ICAgICAgICAgICAgICBPVEsgTGVuZ3RoICAgICAgIHwgICAgICAgT1RLIEVuY3J5cHRpb24g
SUQgICAgICAgfCB8PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rIHw8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+fCAgICAgICAgICAgICAgICAgICAg
ICAgT25lLVRpbWUtS2V5IFByZWFtYmxlIC4uLiAgICAgICAgICAgICAgIHwgfDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gfCAgICAgICAgICAgICAgICAgICAgICAgT25l
LVRpbWUtS2V5IFByZWFtYmxlIC4uLiAgICAgICAgICAgICAgIHwgfDwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0iZGVsZXRlIj4rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyBP
VEstQUQ8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiA8c3BhbiBj
bGFzcz0iaW5zZXJ0Ij4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstK09USy1BRDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+fCAgICAgICAgICAgICAgICAgICAuLi4gT25lLVRpbWUtS2V5
IFByZWFtYmxlICAgICAgICAgICAgICAgICAgIHwgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gfCAgICAgICAgICAgICAgICAgICAuLi4gT25lLVRpbWUtS2V5IFByZWFt
YmxlICAgICAgICAgICAgICAgICAgIHwgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKyB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAr
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKyB8PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPn4gICAgICAg
ICAgICAgICAgICAgICAgT25lLVRpbWUgS2V5ICgxMjggYml0cykgICAgICAgICAgICAgICAg
ICB+LzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gfiAgICAgICAgICAgICAg
ICAgICAgICBPbmUtVGltZSBLZXkgKDEyOCBiaXRzKSAgICAgICAgICAgICAgICAgIH4vPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rICZsdDstLS0rPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyAmbHQ7LS0tKzwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAgICAgICAgICBFSUQtQUQgTGVu
Z3RoICAgICAgIHwgICAgICAgICAgIEtERiBJRCAgICAgICAgICAgICAgfCAgICAgfDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gfCAgICAgICAgICAgRUlELUFEIExlbmd0
aCAgICAgICB8ICAgICAgICAgICBLREYgSUQgICAgICAgICAgICAgIHwgICAgIHw8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgICAgIHw8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rICAgICB8PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPnwgUmVjb3JkIENvdW50ICB8ICAgIFJlc2VydmVkICAg
fCAgICAgICAgIEVJRCBITUFDIElEICAgICAgICAgICA8c3BhbiBjbGFzcz0iZGVsZXRlIj58
ICAgICBFSUQtQUQ8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiB8
IFJlY29yZCBDb3VudCAgfCAgICBSZXNlcnZlZCAgIHwgICAgICAgICBFSUQgSE1BQyBJRCAg
ICAgICAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+fEVJRC1BRDwvc3Bhbj48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcICAgIHw8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rXCAgICB8PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPnwgICBSZXNlcnZlZCAgICB8IEVJRCBtYXNrLWxlbiAgfCAg
ICAgICAgICAgRUlELUFGSSAgICAgICAgICAgICB8IHwgICB8PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiB8ICAgUmVzZXJ2ZWQgICAgfCBFSUQgbWFzay1sZW4gIHwgICAg
ICAgICAgIEVJRC1BRkkgICAgICAgICAgICAgfCB8ICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKyBSZWMgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSsgUmVjIHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+fiAgICAgICAgICAgICAgICAgICAgICAgICAgRUlELXByZWZpeCAuLi4gICAg
ICAgICAgICAgICAgICAgICAgIH4gfCAgIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi
bG9jayI+IH4gICAgICAgICAgICAgICAgICAgICAgICAgIEVJRC1wcmVmaXggLi4uICAgICAg
ICAgICAgICAgICAgICAgICB+IHwgICB8PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPistKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLyAgICB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy8gICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj5+
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEVJRCBITUFDICAgICAgICAgICAgICAgICAg
ICAgICAgICAgfiAgICAgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gfiAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBFSUQgSE1BQyAgICAgICAgICAgICAgICAgICAg
ICAgICAgIH4gICAgIHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ky0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSsgJmx0Oy0tLSs8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rICZsdDstLS0rPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgICAgICAgICAgICAgICAgIExJU1AtU0VDIEVDTSBBdXRoZW50aWNhdGlvbiBE
YXRhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICAgICAg
ICAgTElTUC1TRUMgRUNNIEF1dGhlbnRpY2F0aW9uIERhdGE8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAxOCI+PHRk
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj4gICAgICA8c3BhbiBjbGFzcz0iZGVsZXRlIj5BRCBUeXBlOiAxIChMSVNQ
LVNFQyBBdXRoZW50aWNhdGlvbiBEYXRhKTwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+ICAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+RUNNIEFEIFR5cGU6IDEg
KExJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEpLiAgU2VlIFNlY3Rpb24gNy48L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIFY6IEtl
eSBWZXJzaW9uIGJpdC4gIFRoaXMgYml0IGlzIHRvZ2dsZWQgd2hlbiB0aGUgc2VuZGVyIHN3
aXRjaGVzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgVjogS2V5IFZl
cnNpb24gYml0LiAgVGhpcyBiaXQgaXMgdG9nZ2xlZCB3aGVuIHRoZSBzZW5kZXIgc3dpdGNo
ZXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIHRvIGEgbmV3IE9USyB3
cmFwcGluZyBrZXk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICB0byBh
IG5ldyBPVEsgd3JhcHBpbmcga2V5PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICAgICBSZXNlcnZlZDogU2V0IHRvIDAgb24gdHJhbnNtaXNzaW9uIGFuZCBpZ25vcmVkIG9u
IHJlY2VpcHQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgUmVzZXJ2
ZWQ6IFNldCB0byAwIG9uIHRyYW5zbWlzc2lvbiBhbmQgaWdub3JlZCBvbiByZWNlaXB0Ljwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBSZXF1ZXN0
ZWQgSE1BQyBJRDogVGhlIEhNQUMgYWxnb3JpdGhtIHJlcXVlc3RlZCBieSB0aGUgSVRSLiAg
U2VlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgUmVxdWVzdGVkIEhN
QUMgSUQ6IFRoZSBITUFDIGFsZ29yaXRobSByZXF1ZXN0ZWQgYnkgdGhlIElUUi4gIFNlZTwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgU2VjdGlvbiA1LjQgZm9yIGRl
dGFpbHMuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgU2VjdGlvbiA1
LjQgZm9yIGRldGFpbHMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgIE9USyBMZW5ndGg6IFRoZSBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUgT1RL
IEF1dGhlbnRpY2F0aW9uIERhdGE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBPVEsgTGVuZ3RoOiBUaGUgbGVuZ3RoIChpbiBieXRlcykgb2YgdGhlIE9USyBBdXRo
ZW50aWNhdGlvbiBEYXRhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAo
T1RLLUFEKSwgdGhhdCBjb250YWlucyB0aGUgT1RLIFByZWFtYmxlIGFuZCB0aGUgT1RLLjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIChPVEstQUQpLCB0aGF0IGNv
bnRhaW5zIHRoZSBPVEsgUHJlYW1ibGUgYW5kIHRoZSBPVEsuPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIE9USyBFbmNyeXB0aW9uIElEOiBUaGUg
aWRlbnRpZmllciBvZiB0aGUga2V5IHdyYXBwaW5nIGFsZ29yaXRobTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIE9USyBFbmNyeXB0aW9uIElEOiBUaGUgaWRlbnRp
ZmllciBvZiB0aGUga2V5IHdyYXBwaW5nIGFsZ29yaXRobTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgdXNlZCB0byBlbmNyeXB0IHRoZSBPbmUtVGltZS1LZXkuIFdo
ZW4gYSAxMjgtYml0IE9USyBpcyBzZW50PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgICAgdXNlZCB0byBlbmNyeXB0IHRoZSBPbmUtVGltZS1LZXkuIFdoZW4gYSAxMjgt
Yml0IE9USyBpcyBzZW50PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICB1
bmVuY3J5cHRlZCBieSB0aGUgTWFwLVJlc29sdmVyLCB0aGUgT1RLIEVuY3J5cHRpb24gSUQg
aXMgc2V0IHRvPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgdW5lbmNy
eXB0ZWQgYnkgdGhlIE1hcC1SZXNvbHZlciwgdGhlIE9USyBFbmNyeXB0aW9uIElEIGlzIHNl
dCB0bzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgTlVMTF9LRVlfV1JB
UF8xMjguICBTZWUgU2VjdGlvbiA1LjUgZm9yIG1vcmUgZGV0YWlscy48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBOVUxMX0tFWV9XUkFQXzEyOC4gIFNlZSBTZWN0
aW9uIDUuNSBmb3IgbW9yZSBkZXRhaWxzLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgICBPbmUtVGltZS1LZXkgUHJlYW1ibGU6IHNldCB0byAwIGlm
IHRoZSBPVEsgaXMgbm90IGVuY3J5cHRlZC4gIFdoZW48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAgICBPbmUtVGltZS1LZXkgUHJlYW1ibGU6IHNldCB0byAwIGlmIHRo
ZSBPVEsgaXMgbm90IGVuY3J5cHRlZC4gIFdoZW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMTkiPjx0ZD48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAg
dGhlIE9USyBpcyBlbmNyeXB0ZWQsIHRoaXMgZmllbGQgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+
bWF5PC9zcGFuPiBjYXJyeSBhZGRpdGlvbmFsIG1ldGFkYXRhPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiAgICAgIHRoZSBPVEsgaXMgZW5jcnlwdGVkLCB0aGlzIGZpZWxk
IDxzcGFuIGNsYXNzPSJpbnNlcnQiPk1BWTwvc3Bhbj4gY2FycnkgYWRkaXRpb25hbCBtZXRh
ZGF0YTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgcmVzdWx0aW5nIGZy
b20gdGhlIGtleSB3cmFwcGluZyBvcGVyYXRpb24uICBXaGVuIGEgMTI4LWJpdCBPVEsgaXM8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICByZXN1bHRpbmcgZnJvbSB0
aGUga2V5IHdyYXBwaW5nIG9wZXJhdGlvbi4gIFdoZW4gYSAxMjgtYml0IE9USyBpczwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgc2VudCB1bmVuY3J5cHRlZCBieSBN
YXAtUmVzb2x2ZXIsIHRoZSBPVEsgUHJlYW1ibGUgaXMgc2V0IHRvPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgc2VudCB1bmVuY3J5cHRlZCBieSBNYXAtUmVzb2x2
ZXIsIHRoZSBPVEsgUHJlYW1ibGUgaXMgc2V0IHRvPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICAgICAweDAwMDAwMDAwMDAwMDAwMDAgKDY0IGJpdHMpLiAgU2VlIFNlY3Rp
b24gNS41IGZvciBkZXRhaWxzLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
ICAgIDB4MDAwMDAwMDAwMDAwMDAwMCAoNjQgYml0cykuICBTZWUgU2VjdGlvbiA1LjUgZm9y
IGRldGFpbHMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
ICAgIE9uZS1UaW1lLUtleTogdGhlIE9USyBlbmNyeXB0ZWQgKG9yIG5vdCkgYXMgc3BlY2lm
aWVkIGJ5IE9USzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIE9uZS1U
aW1lLUtleTogdGhlIE9USyBlbmNyeXB0ZWQgKG9yIG5vdCkgYXMgc3BlY2lmaWVkIGJ5IE9U
SzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgRW5jcnlwdGlvbiBJRC4g
IFNlZSBTZWN0aW9uIDUuNSBmb3IgZGV0YWlscy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICBFbmNyeXB0aW9uIElELiAgU2VlIFNlY3Rpb24gNS41IGZvciBkZXRh
aWxzLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBF
SUQtQUQgTGVuZ3RoOiBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUgRUlEIEF1dGhlbnRpY2F0
aW9uIERhdGE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBFSUQtQUQg
TGVuZ3RoOiBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUgRUlEIEF1dGhlbnRpY2F0aW9uIERh
dGE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIChFSUQtQUQpLiAgVGhl
IElUUiBNVVNUIHNldCBFSUQtQUQgTGVuZ3RoIHRvIDQgYnl0ZXMsIGFzIGl0IG9ubHk8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAoRUlELUFEKS4gIFRoZSBJVFIg
TVVTVCBzZXQgRUlELUFEIExlbmd0aCB0byA0IGJ5dGVzLCBhcyBpdCBvbmx5PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBmaWxscyB0aGUgS0RGIElEIGZpZWxkLCBh
bmQgYWxsIHRoZSByZW1haW5pbmcgZmllbGRzIHBhcnQgb2YgdGhlPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgZmlsbHMgdGhlIEtERiBJRCBmaWVsZCwgYW5kIGFs
bCB0aGUgcmVtYWluaW5nIGZpZWxkcyBwYXJ0IG9mIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgRUlELUFEIGFyZSBub3QgcHJlc2VudC4gIEFuIEVJRC1BRCBN
QVkgY29udGFpbiBtdWx0aXBsZSBFSUQtPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgICAgRUlELUFEIGFyZSBub3QgcHJlc2VudC4gIEFuIEVJRC1BRCBNQVkgY29udGFp
biBtdWx0aXBsZSBFSUQtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBy
ZWNvcmRzLiAgRWFjaCBFSUQtcmVjb3JkIGlzIDQtYnl0ZSBsb25nIHBsdXMgdGhlIGxlbmd0
aCBvZiB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICByZWNvcmRz
LiAgRWFjaCBFSUQtcmVjb3JkIGlzIDQtYnl0ZSBsb25nIHBsdXMgdGhlIGxlbmd0aCBvZiB0
aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIEFGSS1lbmNvZGVkIEVJ
RC1wcmVmaXguPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgQUZJLWVu
Y29kZWQgRUlELXByZWZpeC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgICAgS0RGIElEOiBJZGVudGlmaWVyIG9mIHRoZSBLZXkgRGVyaXZhdGlvbiBG
dW5jdGlvbiB1c2VkIHRvIGRlcml2ZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgICAgIEtERiBJRDogSWRlbnRpZmllciBvZiB0aGUgS2V5IERlcml2YXRpb24gRnVuY3Rp
b24gdXNlZCB0byBkZXJpdmU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0iZGlmZjAwMjAiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgdGhlIE1TLU9USy4g
IFRoZSBJVFIgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+U0hPVUxEPC9zcGFuPiB1c2UgdGhpcyBm
aWVsZCB0byBpbmRpY2F0ZSB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
ICAgICAgdGhlIE1TLU9USy4gIFRoZSBJVFIgPHNwYW4gY2xhc3M9Imluc2VydCI+TUFZPC9z
cGFuPiB1c2UgdGhpcyBmaWVsZCB0byBpbmRpY2F0ZSB0aGU8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgIHJlY29tbWVuZGVkIEtERiBhbGdvcml0aG0sIGFjY29yZGlu
ZyB0byBsb2NhbCBwb2xpY3kuICBUaGUgTWFwLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgIHJlY29tbWVuZGVkIEtERiBhbGdvcml0aG0sIGFjY29yZGluZyB0byBs
b2NhbCBwb2xpY3kuICBUaGUgTWFwLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgU2VydmVyIGNhbiBvdmVyd3JpdGUgdGhlIEtERiBJRCBpZiBpdCBkb2VzIG5vdCBz
dXBwb3J0IHRoZSBLREYgSUQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAg
ICBTZXJ2ZXIgY2FuIG92ZXJ3cml0ZSB0aGUgS0RGIElEIGlmIGl0IGRvZXMgbm90IHN1cHBv
cnQgdGhlIEtERiBJRDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgcmVj
b21tZW5kZWQgYnkgdGhlIElUUi4gIFNlZSBTZWN0aW9uIDUuNCBmb3IgbW9yZSBkZXRhaWxz
LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHJlY29tbWVuZGVkIGJ5
IHRoZSBJVFIuICBTZWUgU2VjdGlvbiA1LjQgZm9yIG1vcmUgZGV0YWlscy48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgUmVjb3JkIENvdW50OiBU
aGUgbnVtYmVyIG9mIHJlY29yZHMgaW4gdGhpcyBNYXAtUmVxdWVzdCBtZXNzYWdlLjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIFJlY29yZCBDb3VudDogVGhlIG51
bWJlciBvZiByZWNvcmRzIGluIHRoaXMgTWFwLVJlcXVlc3QgbWVzc2FnZS48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIEEgcmVjb3JkIGlzIGNvbXByaXNlZCBvZiB0
aGUgcG9ydGlvbiBvZiB0aGUgcGFja2V0IHRoYXQgaXMgbGFiZWxlZDwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIEEgcmVjb3JkIGlzIGNvbXByaXNlZCBvZiB0aGUg
cG9ydGlvbiBvZiB0aGUgcGFja2V0IHRoYXQgaXMgbGFiZWxlZDwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgICAgJ1JlYycgYWJvdmUgYW5kIG9jY3VycyB0aGUgbnVtYmVy
IG9mIHRpbWVzIGVxdWFsIHRvIFJlY29yZCBDb3VudC48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAgICAnUmVjJyBhYm92ZSBhbmQgb2NjdXJzIHRoZSBudW1iZXIgb2Yg
dGltZXMgZXF1YWwgdG8gUmVjb3JkIENvdW50LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBSZXNlcnZlZDogU2V0IHRvIDAgb24gdHJhbnNtaXNz
aW9uIGFuZCBpZ25vcmVkIG9uIHJlY2VpcHQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgUmVzZXJ2ZWQ6IFNldCB0byAwIG9uIHRyYW5zbWlzc2lvbiBhbmQgaWdu
b3JlZCBvbiByZWNlaXB0LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0icGFydC03IiBjbGFzcz0iY2hhbmdl
Ij48dGQ+PC90ZD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEg
aHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlo
dCNwYXJ0LTciPjxlbT4gcGFnZSA5LCBsaW5lIDIwPHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwv
c3Bhbj48L2VtPjwvYT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNo
YW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9y
ZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTciPjxlbT4gcGFnZSA5LCBsaW5lIDIwPHNwYW4g
Y2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0ZD48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAg
IHRvIDAuICBUaGUgSE1BQyBjb3ZlcnMgdGhlIGVudGlyZSBFSUQtQUQuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgdG8gMC4gIFRoZSBITUFDIGNvdmVycyB0aGUg
ZW50aXJlIEVJRC1BRC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+NS4yLiAgTWFwLVJlcGx5IExJU1AtU0VDIEV4dGVuc2lvbnM8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij41LjIuICBNYXAtUmVwbHkgTElTUC1TRUMgRXh0ZW5zaW9uczwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBMSVNQLVNFQyB1
c2VzIHRoZSBNYXAtUmVwbHkgZGVmaW5lZCBpbiBbUkZDNjgzMF0sIHdpdGggVHlwZSBzZXQg
dG8gMiw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBMSVNQLVNFQyB1c2Vz
IHRoZSBNYXAtUmVwbHkgZGVmaW5lZCBpbiBbUkZDNjgzMF0sIHdpdGggVHlwZSBzZXQgdG8g
Miw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGFuZCBTIGJpdCBzZXQgdG8g
MSB0byBpbmRpY2F0ZSB0aGF0IHRoZSBNYXAtUmVwbHkgbWVzc2FnZSBpbmNsdWRlczwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFuZCBTIGJpdCBzZXQgdG8gMSB0byBp
bmRpY2F0ZSB0aGF0IHRoZSBNYXAtUmVwbHkgbWVzc2FnZSBpbmNsdWRlczwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgQXV0aGVudGljYXRpb24gRGF0YSAoQUQpLiAgVGhl
IGZvcm1hdCBvZiB0aGUgTElTUC1TRUMgTWFwLVJlcGx5PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgQXV0aGVudGljYXRpb24gRGF0YSAoQUQpLiAgVGhlIGZvcm1hdCBv
ZiB0aGUgTElTUC1TRUMgTWFwLVJlcGx5PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBBdXRoZW50aWNhdGlvbiBEYXRhIGlzIGRlZmluZWQgaW4gdGhlIGZvbGxvd2luZyBm
aWd1cmUuICBQS1QtQUQgaXM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBB
dXRoZW50aWNhdGlvbiBEYXRhIGlzIGRlZmluZWQgaW4gdGhlIGZvbGxvd2luZyBmaWd1cmUu
ICBQS1QtQUQgaXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSBQYWNr
ZXQgQXV0aGVudGljYXRpb24gRGF0YSB0aGF0IGNvdmVycyB0aGUgTWFwLVJlcGx5IHBheWxv
YWQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIFBhY2tldCBBdXRo
ZW50aWNhdGlvbiBEYXRhIHRoYXQgY292ZXJzIHRoZSBNYXAtUmVwbHkgcGF5bG9hZC48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlk
PSJkaWZmMDAyMSI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gMCAgICAgICAgICAgICAgICAgICAxICAgICAg
ICAgICAgICAgICAgIDIgICAgICAgICAgICAgICAgICAgMzwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gIDAgICAgICAgICAgICAgICAgICAgMSAgICAgICAgICAgICAgICAg
ICAyICAgICAgICAgICAgICAgICAgIDM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9j
ayI+IDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQg
NSA2IDcgOCA5IDAgMTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gIDAgMSAy
IDMgNCA1IDYgNyA4IDkgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5
IDAgMTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKzwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSs8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+fCAgICBBRCBUeXBlICAgIHwgICAgICAgICAgICAgICAg
IFJlc2VydmVkICAgICAgICAgICAgICAgICAgICAgIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+IHwgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPk1SPC9zcGFuPiBBRCBUeXBl
ICAgfCAgICAgICAgICAgICAgICAgUmVzZXJ2ZWQgICAgICAgICAgICAgICAgICAgICAgfDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyAmbHQ7LS0tKzwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgJmx0Oy0tLSs8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+fCAgICAgICAgICAgRUlELUFEIExl
bmd0aCAgICAgICB8ICAgICAgICAgICBLREYgSUQgICAgICAgICAgICAgIHwgICAgIHw8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+IHwgICAgICAgICAgIEVJRC1BRCBMZW5n
dGggICAgICAgfCAgICAgICAgICAgS0RGIElEICAgICAgICAgICAgICB8ICAgICB8PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rICAgICB8PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyAgICAgfDwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58IFJlY29yZCBDb3VudCAgfCAgICBSZXNlcnZlZCAg
IHwgICAgICAgICBFSUQgSE1BQyBJRCAgICAgICAgICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+
fCAgICAgRUlELUFEPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g
fCBSZWNvcmQgQ291bnQgIHwgICAgUmVzZXJ2ZWQgICB8ICAgICAgICAgRUlEIEhNQUMgSUQg
ICAgICAgICAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPnxFSUQtQUQ8L3NwYW4+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rXCAgICB8PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstK1wgICAgfDwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAgUmVzZXJ2ZWQgICAgfCBFSUQgbWFzay1sZW4gIHwg
ICAgICAgICAgIEVJRC1BRkkgICAgICAgICAgICAgfCB8ICAgfDwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj4gfCAgIFJlc2VydmVkICAgIHwgRUlEIG1hc2stbGVuICB8ICAg
ICAgICAgICBFSUQtQUZJICAgICAgICAgICAgIHwgfCAgIHw8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgUmVjIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rIFJlYyB8PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPn4gICAgICAgICAgICAgICAgICAgICAgICAgIEVJRC1wcmVmaXggLi4uICAg
ICAgICAgICAgICAgICAgICAgICB+IHwgICB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPiB+ICAgICAgICAgICAgICAgICAgICAgICAgICBFSUQtcHJlZml4IC4uLiAgICAg
ICAgICAgICAgICAgICAgICAgfiB8ICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy8gICAgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij4gKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSsvICAgIHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
fiAgICAgICAgICAgICAgICAgICAgICAgICAgICBFSUQgSE1BQyAgICAgICAgICAgICAgICAg
ICAgICAgICAgIH4gICAgIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+IH4g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgRUlEIEhNQUMgICAgICAgICAgICAgICAgICAg
ICAgICAgICB+ICAgICB8PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rICZsdDstLS0rPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKyAmbHQ7LS0tKzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAg
ICAgICAgUEtULUFEIExlbmd0aCAgICAgICAgIHwgICAgICAgICBQS1QgSE1BQyBJRCAgICAg
ICAgICAgfFw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+IHwgICAgICAgICBQ
S1QtQUQgTGVuZ3RoICAgICAgICAgfCAgICAgICAgIFBLVCBITUFDIElEICAgICAgICAgICB8
XDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyB8PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyB8PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPn4gICAgICAgICAgICAgICAgICAgICAgICAgICAgUEtU
IEhNQUMgICAgICAgICAgICAgICAgICAgICAgICAgICA8c3BhbiBjbGFzcz0iZGVsZXRlIj5+
IFBLVC1BRDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+IH4gICAg
ICAgICAgICAgICAgICAgICAgICAgICAgUEtUIEhNQUMgICAgICAgICAgICAgICAgICAgICAg
ICAgICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5+UEtULUFEPC9zcGFuPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy88L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAgICBMSVNQLVNFQyBNYXAtUmVwbHkgQXV0
aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAg
ICAgICAgICAgICAgIExJU1AtU0VDIE1hcC1SZXBseSBBdXRoZW50aWNhdGlvbiBEYXRhPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBp
ZD0iZGlmZjAwMjIiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+
QUQgVHlwZTogMSAoTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YSk8L3NwYW4+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIDxzcGFuIGNsYXNzPSJpbnNlcnQi
Pk1SIEFEIFR5cGU6IDEgKExJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEpLiAgU2VlIFNl
Y3Rpb24gNy48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgIEVJRC1BRCBMZW5ndGg6IGxlbmd0aCAoaW4gYnl0ZXMpIG9mIHRoZSBFSUQt
QUQuICBBbiBFSUQtQUQgTUFZPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ICAgRUlELUFEIExlbmd0aDogbGVuZ3RoIChpbiBieXRlcykgb2YgdGhlIEVJRC1BRC4gIEFu
IEVJRC1BRCBNQVk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIGNvbnRh
aW4gbXVsdGlwbGUgRUlELXJlY29yZHMuICBFYWNoIEVJRC1yZWNvcmQgaXMgNC1ieXRlIGxv
bmcgcGx1czwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIGNvbnRhaW4g
bXVsdGlwbGUgRUlELXJlY29yZHMuICBFYWNoIEVJRC1yZWNvcmQgaXMgNC1ieXRlIGxvbmcg
cGx1czwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgdGhlIGxlbmd0aCBv
ZiB0aGUgQUZJLWVuY29kZWQgRUlELXByZWZpeC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICB0aGUgbGVuZ3RoIG9mIHRoZSBBRkktZW5jb2RlZCBFSUQtcHJlZml4
LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBLREYg
SUQ6IElkZW50aWZpZXIgb2YgdGhlIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9uIHVzZWQgdG8g
ZGVyaXZlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgS0RGIElEOiBJ
ZGVudGlmaWVyIG9mIHRoZSBLZXkgRGVyaXZhdGlvbiBGdW5jdGlvbiB1c2VkIHRvIGRlcml2
ZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgTVMtT1RLLiAgU2VlIFNl
Y3Rpb24gNS43IGZvciBtb3JlIGRldGFpbHMuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgTVMtT1RLLiAgU2VlIFNlY3Rpb24gNS43IGZvciBtb3JlIGRldGFpbHMu
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIFJlY29y
ZCBDb3VudDogVGhlIG51bWJlciBvZiByZWNvcmRzIGluIHRoaXMgTWFwLVJlcGx5IG1lc3Nh
Z2UuICBBPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgUmVjb3JkIENv
dW50OiBUaGUgbnVtYmVyIG9mIHJlY29yZHMgaW4gdGhpcyBNYXAtUmVwbHkgbWVzc2FnZS4g
IEE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIHJlY29yZCBpcyBjb21w
cmlzZWQgb2YgdGhlIHBvcnRpb24gb2YgdGhlIHBhY2tldCB0aGF0IGlzIGxhYmVsZWQ8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICByZWNvcmQgaXMgY29tcHJpc2Vk
IG9mIHRoZSBwb3J0aW9uIG9mIHRoZSBwYWNrZXQgdGhhdCBpcyBsYWJlbGVkPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0icGFy
dC04IiBjbGFzcz0iY2hhbmdlIj48dGQ+PC90ZD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNo
YW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9y
ZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTgiPjxlbT4gcGFnZSAxMCwgbGluZSAzMDxzcGFu
IGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGg+IDwvdGg+PHRoPjxz
bWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9v
bHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC04Ij48ZW0+IHBh
Z2UgMTAsIGxpbmUgMzA8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwv
dGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgICAgcmVxdWVzdGVkIEVJRC48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICAgICByZXF1ZXN0ZWQgRUlELjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBFSUQgSE1BQzogSE1BQyBvZiB0aGUgRUlE
LUFELCBhcyBjb21wdXRlZCBieSB0aGUgTWFwLVNlcnZlci48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICAgICBFSUQgSE1BQzogSE1BQyBvZiB0aGUgRUlELUFELCBhcyBj
b21wdXRlZCBieSB0aGUgTWFwLVNlcnZlci48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgIEJlZm9yZSBjb21wdXRpbmcgdGhlIEhNQUMgb3BlcmF0aW9uIHRoZSBFSUQg
SE1BQyBmaWVsZCBNVVNUIGJlIHNldDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgICAgIEJlZm9yZSBjb21wdXRpbmcgdGhlIEhNQUMgb3BlcmF0aW9uIHRoZSBFSUQgSE1B
QyBmaWVsZCBNVVNUIGJlIHNldDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
ICAgdG8gMC4gIFRoZSBITUFDIGNvdmVycyB0aGUgZW50aXJlIEVJRC1BRC48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICB0byAwLiAgVGhlIEhNQUMgY292ZXJzIHRo
ZSBlbnRpcmUgRUlELUFELjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICAgICBQS1QtQUQgTGVuZ3RoOiBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUgUGFj
a2V0IEF1dGhlbnRpY2F0aW9uIERhdGE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgICBQS1QtQUQgTGVuZ3RoOiBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUgUGFja2V0
IEF1dGhlbnRpY2F0aW9uIERhdGE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
ICAgIChQS1QtQUQpLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIChQ
S1QtQUQpLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAg
ICBQS1QgSE1BQyBJRDogSWRlbnRpZmllciBvZiB0aGUgSE1BQyBhbGdvcml0aG0gdXNlZCB0
byBwcm90ZWN0IHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIFBL
VCBITUFDIElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFsZ29yaXRobSB1c2VkIHRvIHBy
b3RlY3QgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIg
aWQ9ImRpZmYwMDIzIj48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAgIGludGVncml0eSBvZiB0aGUgTWFw
LXJlcGx5PHNwYW4gY2xhc3M9ImRlbGV0ZSI+IExvY2F0aW9uIERhdGE8L3NwYW4+LjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICBpbnRlZ3JpdHkgb2YgdGhlIE1h
cC1yZXBseS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
ICAgUEtUIEhNQUM6IEhNQUMgb2YgdGhlIHdob2xlIE1hcC1SZXBseSBwYWNrZXQsIGluY2x1
ZGluZyB0aGUgTElTUC08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBQ
S1QgSE1BQzogSE1BQyBvZiB0aGUgd2hvbGUgTWFwLVJlcGx5IHBhY2tldCwgaW5jbHVkaW5n
IHRoZSBMSVNQLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgU0VDIEF1
dGhlbnRpY2F0aW9uIERhdGEuICBUaGUgc2NvcGUgb2YgdGhlIGF1dGhlbnRpY2F0aW9uIGdv
ZXM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBTRUMgQXV0aGVudGlj
YXRpb24gRGF0YS4gIFRoZSBzY29wZSBvZiB0aGUgYXV0aGVudGljYXRpb24gZ29lczwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgZnJvbSB0aGUgTWFwLVJlcGx5IFR5
cGUgZmllbGQgdG8gdGhlIFBLVCBITUFDIGZpZWxkIGluY2x1ZGVkLjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIGZyb20gdGhlIE1hcC1SZXBseSBUeXBlIGZpZWxk
IHRvIHRoZSBQS1QgSE1BQyBmaWVsZCBpbmNsdWRlZC48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgICAgIEJlZm9yZSBjb21wdXRpbmcgdGhlIEhNQUMgb3BlcmF0aW9uIHRo
ZSBQS1QgSE1BQyBmaWVsZCBNVVNUIGJlIHNldDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgIEJlZm9yZSBjb21wdXRpbmcgdGhlIEhNQUMgb3BlcmF0aW9uIHRoZSBQ
S1QgSE1BQyBmaWVsZCBNVVNUIGJlIHNldDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgdG8gMC4gIFNlZSBTZWN0aW9uIDUuOCBmb3IgbW9yZSBkZXRhaWxzLjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHRvIDAuICBTZWUgU2VjdGlvbiA1
LjggZm9yIG1vcmUgZGV0YWlscy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+NS4zLiAgTWFwLVJlZ2lzdGVyIExJU1AtU0VDIEV4dGVudGlvbnM8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij41LjMuICBNYXAtUmVnaXN0ZXIgTElTUC1TRUMg
RXh0ZW50aW9uczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHIgaWQ9ImRpZmYwMDI0Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNz
PSJkZWxldGUiPlRoZTwvc3Bhbj4gc2Vjb25kIGJpdCBhZnRlciB0aGUgVHlwZSBmaWVsZCBp
biBhIE1hcC1SZWdpc3RlciBtZXNzYWdlIGlzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPlRoaXMgbWVtbyBpcyBhbGxvY2F0aW5n
IG9uZSBvZiB0aGUgYml0cyBtYXJrZWQgYXMgUmVzZXJ2ZWQgaW4gdGhlPC9zcGFuPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBhbGxvY2F0ZWQgYXMgdGhlIFMgYml0
LiAgVGhlIFMgYml0IGluZGljYXRlcyB0byB0aGUgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+TWFw
LVNlcnZlcjwvc3Bhbj4gdGhhdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48
c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBNYXAtUmVnaXN0ZXIgbWVzc2FnZSBkZWZpbmVkIGlu
IFNlY3Rpb24gNi4xLjYgb2YgW1JGQzY4MzBdLiAgTW9yZTwvc3Bhbj48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgdGhlIHJlZ2lzdGVyaW5nIEVUUiBpcyBMSVNQLVNF
QyBlbmFibGVkLiAgQW4gRVRSIHRoYXQgc3VwcG9ydHMgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+
TElTUC08L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNs
YXNzPSJpbnNlcnQiPiAgIHByZWNpc2VseSwgdGhlPC9zcGFuPiBzZWNvbmQgYml0IGFmdGVy
IHRoZSBUeXBlIGZpZWxkIGluIGEgTWFwLVJlZ2lzdGVyPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPjxzcGFuIGNsYXNzPSJkZWxldGUiPiAgIFNFQzwvc3Bhbj4gTVVTVCBz
ZXQgdGhlIFMgYml0IGluIGl0cyBNYXAtUmVnaXN0ZXIgbWVzc2FnZXMuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIG1lc3NhZ2UgaXMgYWxsb2NhdGVkIGFzIHRoZSBT
IGJpdC4gIFRoZSBTIGJpdCBpbmRpY2F0ZXMgdG8gdGhlIDxzcGFuIGNsYXNzPSJpbnNlcnQi
Pk1hcC08L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBTZXJ2
ZXI8L3NwYW4+IHRoYXQgdGhlIHJlZ2lzdGVyaW5nIEVUUiBpcyBMSVNQLVNFQyBlbmFibGVk
LiAgQW4gRVRSIHRoYXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIHN1cHBvcnRzIDxzcGFuIGNsYXNzPSJp
bnNlcnQiPkxJU1AtU0VDPC9zcGFuPiBNVVNUIHNldCB0aGUgUyBiaXQgaW4gaXRzIE1hcC1S
ZWdpc3RlciBtZXNzYWdlcy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+NS40LiAgSVRSIFByb2Nlc3Npbmc8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij41LjQuICBJVFIgUHJvY2Vzc2luZzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBVcG9uIGNyZWF0aW5nIGEgTWFwLVJlcXVlc3QsIHRoZSBJVFIg
Z2VuZXJhdGVzIGEgcmFuZG9tIElUUi1PVEsgdGhhdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFVwb24gY3JlYXRpbmcgYSBNYXAtUmVxdWVzdCwgdGhlIElUUiBnZW5l
cmF0ZXMgYSByYW5kb20gSVRSLU9USyB0aGF0PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBpcyBzdG9yZWQgbG9jYWxseSwgdG9nZXRoZXIgd2l0aCB0aGUgbm9uY2UgZ2Vu
ZXJhdGVkIGFzIHNwZWNpZmllZCBpbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIGlzIHN0b3JlZCBsb2NhbGx5LCB0b2dldGhlciB3aXRoIHRoZSBub25jZSBnZW5lcmF0
ZWQgYXMgc3BlY2lmaWVkIGluPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBb
UkZDNjgzMF0uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgW1JGQzY4MzBd
LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgTWFw
LVJlcXVlc3QgTVVTVCBiZSBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNLCB3aXRoIHRoZSBTLWJp
dCBzZXQgdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGUgTWFwLVJl
cXVlc3QgTVVTVCBiZSBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNLCB3aXRoIHRoZSBTLWJpdCBz
ZXQgdG88L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDEsIHRvIGluZGljYXRl
IHRoZSBwcmVzZW5jZSBvZiBBdXRoZW50aWNhdGlvbiBEYXRhLiAgSWYgdGhlIElUUiBhbmQ8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAxLCB0byBpbmRpY2F0ZSB0aGUg
cHJlc2VuY2Ugb2YgQXV0aGVudGljYXRpb24gRGF0YS4gIElmIHRoZSBJVFIgYW5kPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgTWFwLVJlc29sdmVyIGFyZSBjb25m
aWd1cmVkIHdpdGggYSBzaGFyZWQga2V5LCB0aGUgSVRSLU9USzwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBNYXAtUmVzb2x2ZXIgYXJlIGNvbmZpZ3VyZWQgd2l0
aCBhIHNoYXJlZCBrZXksIHRoZSBJVFItT1RLPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBjb25maWRlbnRpYWxpdHkgU0hPVUxEIGJlIHByb3RlY3RlZCBieSB3cmFwcGlu
ZyB0aGUgSVRSLU9USyB3aXRoIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIGNvbmZpZGVudGlhbGl0eSBTSE9VTEQgYmUgcHJvdGVjdGVkIGJ5IHdyYXBwaW5nIHRo
ZSBJVFItT1RLIHdpdGggdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBh
bGdvcml0aG0gc3BlY2lmaWVkIGJ5IHRoZSBPVEsgRW5jcnlwdGlvbiBJRCBmaWVsZC4gIFNl
ZSBTZWN0aW9uIDUuNTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFsZ29y
aXRobSBzcGVjaWZpZWQgYnkgdGhlIE9USyBFbmNyeXB0aW9uIElEIGZpZWxkLiAgU2VlIFNl
Y3Rpb24gNS41PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBmb3IgZnVydGhl
ciBkZXRhaWxzIG9uIE9USyBlbmNyeXB0aW9uLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIGZvciBmdXJ0aGVyIGRldGFpbHMgb24gT1RLIGVuY3J5cHRpb24uPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBSZXF1ZXN0ZWQg
SE1BQyBJRCBmaWVsZCBjb250YWlucyB0aGUgc3VnZ2VzdGVkIEhNQUMgYWxnb3JpdGhtIHRv
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIFJlcXVlc3RlZCBITUFD
IElEIGZpZWxkIGNvbnRhaW5zIHRoZSBzdWdnZXN0ZWQgSE1BQyBhbGdvcml0aG0gdG88L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGJlIHVzZWQgYnkgdGhlIE1hcC1TZXJ2
ZXIgYW5kIHRoZSBFVFIgdG8gcHJvdGVjdCB0aGUgaW50ZWdyaXR5IG9mIHRoZTwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGJlIHVzZWQgYnkgdGhlIE1hcC1TZXJ2ZXIg
YW5kIHRoZSBFVFIgdG8gcHJvdGVjdCB0aGUgaW50ZWdyaXR5IG9mIHRoZTwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgRUNNIEF1dGhlbnRpY2F0aW9uIGRhdGEgYW5kIG9m
IHRoZSBNYXAtUmVwbHkuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgRUNN
IEF1dGhlbnRpY2F0aW9uIGRhdGEgYW5kIG9mIHRoZSBNYXAtUmVwbHkuPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAw
MjUiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+ICAgVGhlIEtERiBJRCA8c3BhbiBjbGFzcz0iZGVsZXRlIj5m
aWVsZCw8L3NwYW4+IHNwZWNpZmllcyB0aGUgc3VnZ2VzdGVkIGtleSBkZXJpdmF0aW9uIGZ1
bmN0aW9uIHRvPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFRoZSBLREYg
SUQgPHNwYW4gY2xhc3M9Imluc2VydCI+ZmllbGQ8L3NwYW4+IHNwZWNpZmllcyB0aGUgc3Vn
Z2VzdGVkIGtleSBkZXJpdmF0aW9uIGZ1bmN0aW9uIHRvPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgIGJlIHVzZWQgYnkgdGhlIE1hcC1TZXJ2ZXIgdG8gZGVyaXZlIHRo
ZSBNUy1PVEsuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGJlIHVzZWQg
YnkgdGhlIE1hcC1TZXJ2ZXIgdG8gZGVyaXZlIHRoZSBNUy1PVEsuICA8c3BhbiBjbGFzcz0i
aW5zZXJ0Ij5BIEtERiBWYWx1ZSBvZiBOT05FPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4g
Y2xhc3M9Imluc2VydCI+ICAgKDApLCBNQVkgYmUgdXNlZCB0byBzcGVjaWZ5IHRoYXQgdGhl
IElUUiBoYXMgbm8gcHJlZmVycmVkIEtERiBJRC48L3NwYW4+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBFSUQtQUQgbGVuZ3RoIGlzIHNldCB0
byA0IGJ5dGVzLCBzaW5jZSB0aGUgQXV0aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBFSUQtQUQgbGVuZ3RoIGlzIHNldCB0byA0IGJ5
dGVzLCBzaW5jZSB0aGUgQXV0aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgZG9lcyBub3QgY29udGFpbiBFSUQtcHJlZml4IEF1dGhlbnRpY2F0
aW9uIERhdGEsIGFuZCB0aGUgRUlELUFEPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgZG9lcyBub3QgY29udGFpbiBFSUQtcHJlZml4IEF1dGhlbnRpY2F0aW9uIERhdGEs
IGFuZCB0aGUgRUlELUFEPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBjb250
YWlucyBvbmx5IHRoZSBLREYgSUQgZmllbGQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgY29udGFpbnMgb25seSB0aGUgS0RGIElEIGZpZWxkLjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJbiByZXNwb25zZSB0byBhbiBlbmNh
cHN1bGF0ZWQgTWFwLVJlcXVlc3QgdGhhdCBoYXMgdGhlIFMtYml0IHNldCwgYW48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJbiByZXNwb25zZSB0byBhbiBlbmNhcHN1
bGF0ZWQgTWFwLVJlcXVlc3QgdGhhdCBoYXMgdGhlIFMtYml0IHNldCwgYW48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIElUUiBNVVNUIHJlY2VpdmUgYSBNYXAtUmVwbHkg
d2l0aCB0aGUgUy1iaXQgc2V0LCB0aGF0IGluY2x1ZGVzIGFuPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgSVRSIE1VU1QgcmVjZWl2ZSBhIE1hcC1SZXBseSB3aXRoIHRo
ZSBTLWJpdCBzZXQsIHRoYXQgaW5jbHVkZXMgYW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIEVJRC1BRCBhbmQgYSBQS1QtQUQuICBJZiB0aGUgTWFwLVJlcGx5IGRvZXMg
bm90IGluY2x1ZGUgYm90aCBBRHMsIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIEVJRC1BRCBhbmQgYSBQS1QtQUQuICBJZiB0aGUgTWFwLVJlcGx5IGRvZXMgbm90
IGluY2x1ZGUgYm90aCBBRHMsIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgSVRSIE1VU1QgZGlzY2FyZCBpdC4gIEluIHJlc3BvbnNlIHRvIGFuIGVuY2Fwc3VsYXRl
ZCBNYXAtUmVxdWVzdCB3aXRoPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
SVRSIE1VU1QgZGlzY2FyZCBpdC4gIEluIHJlc3BvbnNlIHRvIGFuIGVuY2Fwc3VsYXRlZCBN
YXAtUmVxdWVzdCB3aXRoPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBTLWJp
dCBzZXQgdG8gMCwgdGhlIElUUiBleHBlY3RzIGEgTWFwLVJlcGx5IHdpdGggUy1iaXQgc2V0
IHRvIDAsIGFuZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFMtYml0IHNl
dCB0byAwLCB0aGUgSVRSIGV4cGVjdHMgYSBNYXAtUmVwbHkgd2l0aCBTLWJpdCBzZXQgdG8g
MCwgYW5kPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0icGFydC05IiBjbGFzcz0iY2hhbmdlIj48dGQ+PC90ZD48dGg+PHNtYWxs
PnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5p
ZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTkiPjxlbT4gcGFnZSAx
MSwgbGluZSAzNzxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48
dGg+IDwvdGg+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhy
ZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQj
cGFydC05Ij48ZW0+IHBhZ2UgMTEsIGxpbmUgNDE8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9z
cGFuPjwvZW0+PC9hPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVXBvbiByZWNlaXZpbmcgYSBNYXAt
UmVwbHksIHRoZSBJVFIgbXVzdCB2ZXJpZnkgdGhlIGludGVncml0eSBvZiBib3RoPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVXBvbiByZWNlaXZpbmcgYSBNYXAtUmVw
bHksIHRoZSBJVFIgbXVzdCB2ZXJpZnkgdGhlIGludGVncml0eSBvZiBib3RoPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgRUlELUFEIGFuZCB0aGUgUEtULUFELCBh
bmQgTVVTVCBkaXNjYXJkIHRoZSBNYXAtUmVwbHkgaWYgb25lIG9mPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIEVJRC1BRCBhbmQgdGhlIFBLVC1BRCwgYW5kIE1V
U1QgZGlzY2FyZCB0aGUgTWFwLVJlcGx5IGlmIG9uZSBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgdGhlIGludGVncml0eSBjaGVja3MgZmFpbHMuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIGludGVncml0eSBjaGVja3MgZmFpbHMuPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBpbnRlZ3Jp
dHkgb2YgdGhlIEVJRC1BRCBpcyB2ZXJpZmllZCB1c2luZyB0aGUgbG9jYWxseSBzdG9yZWQg
SVRSLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBpbnRlZ3JpdHkg
b2YgdGhlIEVJRC1BRCBpcyB2ZXJpZmllZCB1c2luZyB0aGUgbG9jYWxseSBzdG9yZWQgSVRS
LTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgT1RLIHRvIHJlLWNvbXB1dGUg
dGhlIEhNQUMgb2YgdGhlIEVJRC1BRCB1c2luZyB0aGUgYWxnb3JpdGhtPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgT1RLIHRvIHJlLWNvbXB1dGUgdGhlIEhNQUMgb2Yg
dGhlIEVJRC1BRCB1c2luZyB0aGUgYWxnb3JpdGhtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICBzcGVjaWZpZWQgaW4gdGhlIEVJRCBITUFDIElEIGZpZWxkLiAgSWYgdGhl
IEVJRCBITUFDIElEIGZpZWxkIGRvZXM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBzcGVjaWZpZWQgaW4gdGhlIEVJRCBITUFDIElEIGZpZWxkLiAgSWYgdGhlIEVJRCBI
TUFDIElEIGZpZWxkIGRvZXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG5v
dCBtYXRjaCB0aGUgUmVxdWVzdGVkIEhNQUMgSUQgdGhlIElUUiBTSE9VTEQgZGlzY2FyZCB0
aGUgTWFwLVJlcGx5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgbm90IG1h
dGNoIHRoZSBSZXF1ZXN0ZWQgSE1BQyBJRCB0aGUgSVRSIFNIT1VMRCBkaXNjYXJkIHRoZSBN
YXAtUmVwbHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGFuZCBzZW5kLCBh
dCB0aGUgZmlyc3Qgb3Bwb3J0dW5pdHkgaXQgbmVlZHMgdG8sIGEgbmV3IE1hcC1SZXF1ZXN0
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgYW5kIHNlbmQsIGF0IHRoZSBm
aXJzdCBvcHBvcnR1bml0eSBpdCBuZWVkcyB0bywgYSBuZXcgTWFwLVJlcXVlc3Q8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHdpdGggYSBkaWZmZXJlbnQgUmVxdWVzdGVk
IEhNQUMgSUQgZmllbGQsIGFjY29yZGluZyB0byBJVFIncyBsb2NhbDwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIHdpdGggYSBkaWZmZXJlbnQgUmVxdWVzdGVkIEhNQUMg
SUQgZmllbGQsIGFjY29yZGluZyB0byBJVFIncyBsb2NhbDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAyNiI+PHRkPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4g
ICBwb2xpY3kuICBUaGUgSVRSIE1VU1Qgc2V0IHRoZSBFSUQgSE1BQyBJRCBmaWVsZCB0byAw
IGJlZm9yZSBjb21wdXRpbmc8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAg
cG9saWN5LiAgVGhlIDxzcGFuIGNsYXNzPSJpbnNlcnQiPnNjb3BlIG9mIHRoZSBITUFDIG9w
ZXJhdGlvbiBjb3ZlcnMgdGhlIGVudGlyZSBFSUQtQUQsPC9zcGFuPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj4gICB0aGUgSE1BQy48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgZnJvbSB0aGUgRUlELUFEIExl
bmd0aCBmaWVsZCB0byB0aGUgRUlEIEhNQUMgZmllbGQsIHdoaWNoIG11c3QgYmUgc2V0PC9z
cGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgdG8gMCBiZWZvcmUg
dGhlIGNvbXB1dGF0aW9uIG9mIHRoZSBITUFDLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIElUUiBNVVNUIHNldCB0aGUgRUlEIEhN
QUMgSUQgZmllbGQgdG8gMCBiZWZvcmUgY29tcHV0aW5nIHRoZSBITUFDLjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUbyB2ZXJpZnkgdGhlIGludGVn
cml0eSBvZiB0aGUgUEtULUFELCBmaXJzdCB0aGUgTVMtT1RLIGlzIGRlcml2ZWQ8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUbyB2ZXJpZnkgdGhlIGludGVncml0eSBv
ZiB0aGUgUEtULUFELCBmaXJzdCB0aGUgTVMtT1RLIGlzIGRlcml2ZWQ8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGZyb20gdGhlIGxvY2FsbHkgc3RvcmVkIElUUi1PVEsg
dXNpbmcgdGhlIGFsZ29yaXRobSBzcGVjaWZpZWQgaW4gdGhlPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgZnJvbSB0aGUgbG9jYWxseSBzdG9yZWQgSVRSLU9USyB1c2lu
ZyB0aGUgYWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIEtERiBJRCBmaWVsZC4gIFRoaXMgaXMgYmVjYXVzZSB0aGUgUEtULUFE
IGlzIGdlbmVyYXRlZCBieSB0aGUgRVRSPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgS0RGIElEIGZpZWxkLiAgVGhpcyBpcyBiZWNhdXNlIHRoZSBQS1QtQUQgaXMgZ2Vu
ZXJhdGVkIGJ5IHRoZSBFVFI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHVz
aW5nIHRoZSBNUy1PVEsuICBJZiB0aGUgS0RGIElEIGluIHRoZSBNYXAtUmVwbHkgZG9lcyBu
b3QgbWF0Y2ggdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdXNpbmcg
dGhlIE1TLU9USy4gIElmIHRoZSBLREYgSUQgaW4gdGhlIE1hcC1SZXBseSBkb2VzIG5vdCBt
YXRjaCB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIEtERiBJRCByZXF1
ZXN0ZWQgaW4gdGhlIE1hcC1SZXF1ZXN0LCB0aGUgSVRSIFNIT1VMRCBkaXNjYXJkIHRoZSBN
YXAtPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgS0RGIElEIHJlcXVlc3Rl
ZCBpbiB0aGUgTWFwLVJlcXVlc3QsIHRoZSBJVFIgU0hPVUxEIGRpc2NhcmQgdGhlIE1hcC08
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFJlcGx5IGFuZCBzZW5kLCBhdCB0
aGUgZmlyc3Qgb3Bwb3J0dW5pdHkgaXQgbmVlZHMgdG8sIGEgbmV3IE1hcC08L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBSZXBseSBhbmQgc2VuZCwgYXQgdGhlIGZpcnN0
IG9wcG9ydHVuaXR5IGl0IG5lZWRzIHRvLCBhIG5ldyBNYXAtPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBSZXF1ZXN0IHdpdGggYSBkaWZmZXJlbnQgS0RGIElELCBhY2Nv
cmRpbmcgdG8gSVRSJ3MgbG9jYWwgcG9saWN5LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIFJlcXVlc3Qgd2l0aCBhIGRpZmZlcmVudCBLREYgSUQsIGFjY29yZGluZyB0
byBJVFIncyBsb2NhbCBwb2xpY3kuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICBUaGUgZGVyaXZlZCBNUy1PVEsgaXMgdGhlbiB1c2VkIHRvIHJlLWNvbXB1dGUgdGhlIEhN
QUMgb2YgdGhlIFBLVC1BRDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRo
ZSBkZXJpdmVkIE1TLU9USyBpcyB0aGVuIHVzZWQgdG8gcmUtY29tcHV0ZSB0aGUgSE1BQyBv
ZiB0aGUgUEtULUFEPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB1c2luZyB0
aGUgQWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0aGUgUEtUIEhNQUMgSUQgZmllbGQuICBJZiB0
aGUgUEtUPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdXNpbmcgdGhlIEFs
Z29yaXRobSBzcGVjaWZpZWQgaW4gdGhlIFBLVCBITUFDIElEIGZpZWxkLiAgSWYgdGhlIFBL
VDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHIgaWQ9InBhcnQtMTAiIGNsYXNzPSJjaGFuZ2UiPjx0ZD48L3RkPjx0aD48c21hbGw+c2tp
cHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYu
b3JnL3Rvb2xzL3JmY2RpZmYvcmZjZGlmZi5weWh0I3BhcnQtMTAiPjxlbT4gcGFnZSAxMiwg
bGluZSAyMDxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGg+
IDwvdGg+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9
Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFy
dC0xMCI+PGVtPiBwYWdlIDEyLCBsaW5lIDI1PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bh
bj48L2VtPjwvYT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGNvbnRhaW5lZCBpbiB0aGUgRUlELUFE
IGlzIG5vdCBlbXB0eS4gIEFmdGVyIGlkZW50aWZ5aW5nIHRoZSBNYXAtPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgY29udGFpbmVkIGluIHRoZSBFSUQtQUQgaXMgbm90
IGVtcHR5LiAgQWZ0ZXIgaWRlbnRpZnlpbmcgdGhlIE1hcC08L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIFJlcGx5IHJlY29yZCBhcyB2YWxpZCwgdGhlIElUUiBzZXRzIHRo
ZSBFSUQtcHJlZml4IGluIHRoZSBNYXAtUmVwbHk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBSZXBseSByZWNvcmQgYXMgdmFsaWQsIHRoZSBJVFIgc2V0cyB0aGUgRUlE
LXByZWZpeCBpbiB0aGUgTWFwLVJlcGx5PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICByZWNvcmQgdG8gdGhlIHZhbHVlIG9mIHRoZSBpbnRlcnNlY3Rpb24gc2V0IGNvbXB1
dGVkIGJlZm9yZSwgYW5kIGFkZHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICByZWNvcmQgdG8gdGhlIHZhbHVlIG9mIHRoZSBpbnRlcnNlY3Rpb24gc2V0IGNvbXB1dGVk
IGJlZm9yZSwgYW5kIGFkZHM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRo
ZSBNYXAtUmVwbHkgRUlELXJlY29yZCB0byBpdHMgRUlELXRvLVJMT0MgY2FjaGUsIGFzIGRl
c2NyaWJlZCBpbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBNYXAt
UmVwbHkgRUlELXJlY29yZCB0byBpdHMgRUlELXRvLVJMT0MgY2FjaGUsIGFzIGRlc2NyaWJl
ZCBpbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgW1JGQzY4MzBdLiAgQW4g
ZXhhbXBsZSBvZiBNYXAtUmVwbHkgcmVjb3JkIHZhbGlkYXRpb24gaXMgcHJvdmlkZWQgaW48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZDNjgzMF0uICBBbiBleGFt
cGxlIG9mIE1hcC1SZXBseSByZWNvcmQgdmFsaWRhdGlvbiBpcyBwcm92aWRlZCBpbjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgU2VjdGlvbiA1LjQuMS48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBTZWN0aW9uIDUuNC4xLjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgSVRSIFNIT1VMRCBzZW5kIFNN
UiB0cmlnZ2VyZWQgTWFwLVJlcXVlc3RzIG92ZXIgdGhlIG1hcHBpbmc8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGUgSVRSIFNIT1VMRCBzZW5kIFNNUiB0cmlnZ2Vy
ZWQgTWFwLVJlcXVlc3RzIG92ZXIgdGhlIG1hcHBpbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIHN5c3RlbSBpbiBvcmRlciB0byByZWNlaXZlIGEgc2VjdXJlIE1hcC1S
ZXBseS4gIElmIGFuIElUUiBhY2NlcHRzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgc3lzdGVtIGluIG9yZGVyIHRvIHJlY2VpdmUgYSBzZWN1cmUgTWFwLVJlcGx5LiAg
SWYgYW4gSVRSIGFjY2VwdHM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHBp
Z2d5YmFja2VkIE1hcC1SZXBsaWVzLCBpdCBTSE9VTEQgYWxzbyBzZW5kIGEgTWFwLVJlcXVl
c3Qgb3ZlciB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBwaWdneWJh
Y2tlZCBNYXAtUmVwbGllcywgaXQgU0hPVUxEIGFsc28gc2VuZCBhIE1hcC1SZXF1ZXN0IG92
ZXIgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9
ImRpZmYwMDI3Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIG1hcHBpbmcgc3lzdGVtIGluIG9yZGVyIHRv
IDxzcGFuIGNsYXNzPSJkZWxldGUiPnNlY3VyZWx5PC9zcGFuPiB2ZXJpZnkgdGhlIHBpZ2d5
YmFja2VkIE1hcC1SZXBseS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAg
bWFwcGluZyBzeXN0ZW0gaW4gb3JkZXIgdG8gdmVyaWZ5IHRoZSBwaWdneWJhY2tlZCA8c3Bh
biBjbGFzcz0iaW5zZXJ0Ij5NYXAtUmVwbHkgd2l0aCBhPC9zcGFuPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgc2VjdXJlPC9zcGFuPiBNYXAtUmVwbHkuPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjUuNC4xLiAgTWFwLVJlcGx5
IFJlY29yZCBWYWxpZGF0aW9uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+NS40
LjEuICBNYXAtUmVwbHkgUmVjb3JkIFZhbGlkYXRpb248L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIHBheWxvYWQgb2YgYSBNYXAtUmVwbHkgbWF5
IGNvbnRhaW4gbXVsdGlwbGUgRUlELXJlY29yZHMuICBUaGU8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICBUaGUgcGF5bG9hZCBvZiBhIE1hcC1SZXBseSBtYXkgY29udGFp
biBtdWx0aXBsZSBFSUQtcmVjb3Jkcy4gIFRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgd2hvbGUgTWFwLVJlcGx5IGlzIHNpZ25lZCBieSB0aGUgRVRSLCB3aXRoIHRo
ZSBQS1QgSE1BQywgdG8gcHJvdmlkZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIHdob2xlIE1hcC1SZXBseSBpcyBzaWduZWQgYnkgdGhlIEVUUiwgd2l0aCB0aGUgUEtU
IEhNQUMsIHRvIHByb3ZpZGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGlu
dGVncml0eSBwcm90ZWN0aW9uIGFuZCBvcmlnaW4gYXV0aGVudGljYXRpb24gdG8gdGhlIEVJ
RC1wcmVmaXg8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBpbnRlZ3JpdHkg
cHJvdGVjdGlvbiBhbmQgb3JpZ2luIGF1dGhlbnRpY2F0aW9uIHRvIHRoZSBFSUQtcHJlZml4
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICByZWNvcmRzIGNsYWltZWQgYnkg
dGhlIEVUUi4gIFRoZSBBdXRoZW50aWNhdGlvbiBEYXRhIGZpZWxkIG9mIGEgTWFwLTwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHJlY29yZHMgY2xhaW1lZCBieSB0aGUg
RVRSLiAgVGhlIEF1dGhlbnRpY2F0aW9uIERhdGEgZmllbGQgb2YgYSBNYXAtPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBSZXBseSBtYXkgY29udGFpbiBtdWx0aXBsZSBF
SUQtcmVjb3JkcyBpbiB0aGUgRUlELUFELiAgVGhlIEVJRC1BRCBpczwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIFJlcGx5IG1heSBjb250YWluIG11bHRpcGxlIEVJRC1y
ZWNvcmRzIGluIHRoZSBFSUQtQUQuICBUaGUgRUlELUFEIGlzPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBzaWduZWQgYnkgdGhlIE1hcC1TZXJ2ZXIsIHdpdGggdGhlIEVJ
RCBITUFDLCB0byBwcm92aWRlIGludGVncml0eTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIHNpZ25lZCBieSB0aGUgTWFwLVNlcnZlciwgd2l0aCB0aGUgRUlEIEhNQUMs
IHRvIHByb3ZpZGUgaW50ZWdyaXR5PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICBwcm90ZWN0aW9uIGFuZCBvcmlnaW4gYXV0aGVudGljYXRpb24gdG8gdGhlIEVJRC1wcmVm
aXggcmVjb3JkczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHByb3RlY3Rp
b24gYW5kIG9yaWdpbiBhdXRoZW50aWNhdGlvbiB0byB0aGUgRUlELXByZWZpeCByZWNvcmRz
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBpbnNlcnRlZCBieSB0aGUgTWFw
LVNlcnZlci48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBpbnNlcnRlZCBi
eSB0aGUgTWFwLVNlcnZlci48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgVXBvbiByZWNlaXZpbmcgYSBNYXAtUmVwbHkgd2l0aCB0aGUgUy1iaXQgc2V0
LCB0aGUgSVRSIGZpcnN0IGNoZWNrczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIFVwb24gcmVjZWl2aW5nIGEgTWFwLVJlcGx5IHdpdGggdGhlIFMtYml0IHNldCwgdGhl
IElUUiBmaXJzdCBjaGVja3M8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRo
ZSB2YWxpZGl0eSBvZiBib3RoIHRoZSBFSUQgSE1BQyBhbmQgb2YgdGhlIFBLVC1BRCBITUFD
LiAgSWYgZWl0aGVyPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIHZh
bGlkaXR5IG9mIGJvdGggdGhlIEVJRCBITUFDIGFuZCBvZiB0aGUgUEtULUFEIEhNQUMuICBJ
ZiBlaXRoZXI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBp
ZD0iZGlmZjAwMjgiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgb25lIG9mIHRoZSBITUFDcyBpcyBub3Qg
dmFsaWQsIGEgbG9nIDxzcGFuIGNsYXNzPSJkZWxldGUiPm1lc3NhZ2UgaXMgaXNzdWVkPC9z
cGFuPiBhbmQgdGhlIDxzcGFuIGNsYXNzPSJkZWxldGUiPk1hcC08L3NwYW4+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIG9uZSBvZiB0aGUgSE1BQ3MgaXMgbm90IHZh
bGlkLCBhIGxvZyA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5hY3Rpb24gTVVTVCBiZSB0YWtlbjwv
c3Bhbj4gYW5kIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBj
bGFzcz0iZGVsZXRlIj4gICBSZXBseSBpcyBub3Q8L3NwYW4+IHByb2Nlc3NlZCBhbnkgZnVy
dGhlci4gIElmIGJvdGggSE1BQ3MgYXJlIHZhbGlkLCB0aGUgSVRSPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPk1hcC1SZXBseSBN
VVNUIE5PVCBiZTwvc3Bhbj4gcHJvY2Vzc2VkIGFueSBmdXJ0aGVyLiAgSWYgYm90aCBITUFD
cyBhcmU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgcHJvY2VlZHMgd2l0
aCB2YWxpZGF0aW5nIGVhY2ggaW5kaXZpZHVhbCBFSUQtcmVjb3JkIGNsYWltZWQgYnkgdGhl
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIHZhbGlkLCB0aGUgSVRSIHBy
b2NlZWRzIHdpdGggdmFsaWRhdGluZyBlYWNoIGluZGl2aWR1YWwgRUlELXJlY29yZDwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBFVFIgYnkgY29tcHV0aW5nIHRoZSBp
bnRlcnNlY3Rpb24gb2YgZWFjaCBvbmUgb2YgdGhlIEVJRC1wcmVmaXg8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+ICAgY2xhaW1lZCBieSB0aGUgRVRSIGJ5IGNvbXB1dGlu
ZyB0aGUgaW50ZXJzZWN0aW9uIG9mIGVhY2ggb25lIG9mIHRoZTwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGJsb2NrIj4gICBjb250YWluZWQgaW4gdGhlIHBheWxvYWQgb2YgdGhlIE1h
cC1SZXBseSB3aXRoIGVhY2ggb25lIG9mIHRoZSA8c3BhbiBjbGFzcz0iZGVsZXRlIj5FSUQt
PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBFSUQtcHJlZml4
IGNvbnRhaW5lZCBpbiB0aGUgcGF5bG9hZCBvZiB0aGUgTWFwLVJlcGx5IHdpdGggZWFjaCBv
bmUgb2Y8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRl
bGV0ZSI+ICAgcHJlZml4ZXM8L3NwYW4+IGNvbnRhaW5lZCBpbiB0aGUgRUlELUFELiAgQW4g
RUlELXJlY29yZCBpcyB2YWxpZCBvbmx5IGlmIGF0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPiAgIHRoZSA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5FSUQtcHJlZml4ZXM8L3Nw
YW4+IGNvbnRhaW5lZCBpbiB0aGUgRUlELUFELiAgQW4gRUlELXJlY29yZCBpcyB2YWxpZDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBsZWFzdCBvbmUgb2YgdGhlIGlu
dGVyc2VjdGlvbnMgaXMgbm90IHRoZSBlbXB0eSBzZXQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPiAgIG9ubHkgaWYgYXQgbGVhc3Qgb25lIG9mIHRoZSBpbnRlcnNlY3Rp
b25zIGlzIG5vdCB0aGUgZW1wdHkgc2V0LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBGb3IgaW5zdGFuY2UsIHRoZSBNYXAtUmVwbHkgcGF5bG9hZCBj
b250YWlucyAzIG1hcHBpbmcgcmVjb3JkIEVJRC08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBGb3IgaW5zdGFuY2UsIHRoZSBNYXAtUmVwbHkgcGF5bG9hZCBjb250YWlu
cyAzIG1hcHBpbmcgcmVjb3JkIEVJRC08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIHByZWZpeGVzOjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHByZWZp
eGVzOjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAx
LjEuMS4wLzI0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgMS4xLjEu
MC8yNDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAx
LjEuMi4wLzI0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgMS4xLjIu
MC8yNDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAx
LjIuMC4wLzE2PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgMS4yLjAu
MC8xNjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUg
RUlELUFEIGNvbnRhaW5zIHR3byBFSUQtcHJlZml4ZXM6PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgVGhlIEVJRC1BRCBjb250YWlucyB0d28gRUlELXByZWZpeGVzOjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAxLjEuMi4w
LzI0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgMS4xLjIuMC8yNDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAxLjIuMy4w
LzI0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgMS4yLjMuMC8yNDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgRUlELXJl
Y29yZCB3aXRoIEVJRC1wcmVmaXggMS4xLjEuMC8yNCBpcyBub3QgcHJvY2Vzc2VkIHNpbmNl
IGl0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIEVJRC1yZWNvcmQg
d2l0aCBFSUQtcHJlZml4IDEuMS4xLjAvMjQgaXMgbm90IHByb2Nlc3NlZCBzaW5jZSBpdDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgaXMgbm90IGluY2x1ZGVkIGluIGFu
eSBvZiB0aGUgRUlELUFEcyBzaWduZWQgYnkgdGhlIE1hcC1TZXJ2ZXIuICBBPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgaXMgbm90IGluY2x1ZGVkIGluIGFueSBvZiB0
aGUgRUlELUFEcyBzaWduZWQgYnkgdGhlIE1hcC1TZXJ2ZXIuICBBPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDI5Ij48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPiAgIGxvZyA8c3BhbiBjbGFzcz0iZGVsZXRlIj5tZXNzYWdlIGlzIGlzc3VlZDwvc3Bh
bj4uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGxvZyA8c3BhbiBjbGFz
cz0iaW5zZXJ0Ij5hY3Rpb24gTVVTVCBiZSB0YWtlbjwvc3Bhbj4uPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBFSUQtcmVjb3JkIHdpdGggRUlE
LXByZWZpeCAxLjEuMi4wLzI0IGlzIHN0b3JlZCBpbiB0aGUgbWFwLWNhY2hlPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIEVJRC1yZWNvcmQgd2l0aCBFSUQtcHJl
Zml4IDEuMS4yLjAvMjQgaXMgc3RvcmVkIGluIHRoZSBtYXAtY2FjaGU8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGJlY2F1c2UgaXQgbWF0Y2hlcyB0aGUgc2Vjb25kIEVJ
RC1wcmVmaXggY29udGFpbmVkIGluIHRoZSBFSUQtQUQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgYmVjYXVzZSBpdCBtYXRjaGVzIHRoZSBzZWNvbmQgRUlELXByZWZp
eCBjb250YWluZWQgaW4gdGhlIEVJRC1BRC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIEVJRC1yZWNvcmQgd2l0aCBFSUQtcHJlZml4IDEuMi4w
LjAvMTYgaXMgbm90IHByb2Nlc3NlZCBzaW5jZSBpdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFRoZSBFSUQtcmVjb3JkIHdpdGggRUlELXByZWZpeCAxLjIuMC4wLzE2
IGlzIG5vdCBwcm9jZXNzZWQgc2luY2UgaXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgIGlzIG5vdCBpbmNsdWRlZCBpbiBhbnkgb2YgdGhlIEVJRC1BRHMgc2lnbmVkIGJ5
IHRoZSBNYXAtU2VydmVyLiAgQTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
IGlzIG5vdCBpbmNsdWRlZCBpbiBhbnkgb2YgdGhlIEVJRC1BRHMgc2lnbmVkIGJ5IHRoZSBN
YXAtU2VydmVyLiAgQTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyIGlkPSJkaWZmMDAzMCI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBsb2cgPHNwYW4gY2xhc3M9ImRl
bGV0ZSI+bWVzc2FnZSBpcyBpc3N1ZWQ8L3NwYW4+LiAgSW4gdGhpcyBsYXN0IGV4YW1wbGUg
dGhlIEVUUiBpcyB0cnlpbmcgdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
ICAgbG9nIDxzcGFuIGNsYXNzPSJpbnNlcnQiPmFjdGlvbiBNVVNUIGJlIHRha2VuPC9zcGFu
Pi4gIEluIHRoaXMgbGFzdCBleGFtcGxlIHRoZSBFVFIgaXMgdHJ5aW5nIHRvPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBvdmVyIGNsYWltIHRoZSBFSUQtcHJlZml4IDEu
Mi4wLjAvMTYsIGJ1dCB0aGUgTWFwLVNlcnZlciBhdXRob3JpemVkPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgb3ZlciBjbGFpbSB0aGUgRUlELXByZWZpeCAxLjIuMC4w
LzE2LCBidXQgdGhlIE1hcC1TZXJ2ZXIgYXV0aG9yaXplZDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgb25seSAxLjIuMy4wLzI0LCBoZW5jZSB0aGUgRUlELXJlY29yZCBp
cyBkaXNjYXJkZWQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgb25seSAx
LjIuMy4wLzI0LCBoZW5jZSB0aGUgRUlELXJlY29yZCBpcyBkaXNjYXJkZWQuPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjUuNC4yLiAgUElUUiBQcm9jZXNz
aW5nPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+NS40LjIuICBQSVRSIFByb2Nl
c3Npbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhl
IHByb2Nlc3NpbmcgcGVyZm9ybWVkIGJ5IGEgUElUUiBpcyBlcXVpdmFsZW50IHRvIHRoZSBw
cm9jZXNzaW5nIG9mPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIHBy
b2Nlc3NpbmcgcGVyZm9ybWVkIGJ5IGEgUElUUiBpcyBlcXVpdmFsZW50IHRvIHRoZSBwcm9j
ZXNzaW5nIG9mPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIg
aWQ9ImRpZmYwMDMxIj48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIGFuIElUUi4gIEhvd2V2ZXIsIGlmIHRo
ZSBQSVRSIGlzIGRpcmVjdGx5IGNvbm5lY3RlZCB0byA8c3BhbiBjbGFzcz0iZGVsZXRlIj50
aGUgQUxULDwvc3Bhbj4gdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAg
IGFuIElUUi4gIEhvd2V2ZXIsIGlmIHRoZSBQSVRSIGlzIGRpcmVjdGx5IGNvbm5lY3RlZCB0
byA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5hIE1hcHBpbmc8L3NwYW4+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPiAgIFBJVFIgcGVyZm9ybXMgdGhlIGZ1bmN0aW9ucyBvZiBi
b3RoIHRoZSBJVFIgYW5kIHRoZSBNYXAtUmVzb2x2ZXI8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgU3lzdGVtIHN1Y2ggYXMgTElT
UCtBTFQgW1JGQzY4MzZdLDwvc3Bhbj4gdGhlIFBJVFIgcGVyZm9ybXMgdGhlIGZ1bmN0aW9u
cyBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBmb3J3YXJkaW5nIHRo
ZSBNYXAtUmVxdWVzdCBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNIGhlYWRlciB0aGF0PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGJvdGggdGhlIElUUiBhbmQgdGhlIE1h
cC1SZXNvbHZlciBmb3J3YXJkaW5nIHRoZSBNYXAtUmVxdWVzdDwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGJsb2NrIj4gICBpbmNsdWRlcyB0aGUgQXV0aGVudGljYXRpb24gRGF0YSBm
aWVsZHMgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS42LjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gICBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNIGhlYWRlciB0aGF0IGlu
Y2x1ZGVzIHRoZSBBdXRoZW50aWNhdGlvbiBEYXRhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBmaWVsZHMg
YXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS42LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij41LjUuICBFbmNyeXB0aW5nIGFuZCBEZWNyeXB0aW5nIGFuIE9U
SzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjUuNS4gIEVuY3J5cHRpbmcgYW5k
IERlY3J5cHRpbmcgYW4gT1RLPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIE1TLU9USyBjb25maWRlbnRpYWxpdHkgaXMgcmVxdWlyZWQgaW4gdGhlIHBh
dGggYmV0d2VlbiB0aGUgTWFwLVNlcnZlcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIE1TLU9USyBjb25maWRlbnRpYWxpdHkgaXMgcmVxdWlyZWQgaW4gdGhlIHBhdGgg
YmV0d2VlbiB0aGUgTWFwLVNlcnZlcjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgYW5kIHRoZSBFVFIsIHRoZSBNUy1PVEsgU0hPVUxEIGJlIGVuY3J5cHRlZCB1c2luZyB0
aGUgcHJlY29uZmlndXJlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFu
ZCB0aGUgRVRSLCB0aGUgTVMtT1RLIFNIT1VMRCBiZSBlbmNyeXB0ZWQgdXNpbmcgdGhlIHBy
ZWNvbmZpZ3VyZWQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGtleSBzaGFy
ZWQgYmV0d2VlbiB0aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVUUiBmb3IgdGhlIHB1cnBvc2Ug
b2Y8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBrZXkgc2hhcmVkIGJldHdl
ZW4gdGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBFVFIgZm9yIHRoZSBwdXJwb3NlIG9mPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBzZWN1cmluZyBFVFIgcmVnaXN0cmF0aW9u
IFtSRkM2ODMzXS4gIFNpbWlsYXJseSwgaWYgSVRSLU9USzwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIHNlY3VyaW5nIEVUUiByZWdpc3RyYXRpb24gW1JGQzY4MzNdLiAg
U2ltaWxhcmx5LCBpZiBJVFItT1RLPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICBjb25maWRlbnRpYWxpdHkgaXMgcmVxdWlyZWQgaW4gdGhlIHBhdGggYmV0d2VlbiB0aGUg
SVRSIGFuZCB0aGUgTWFwLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGNv
bmZpZGVudGlhbGl0eSBpcyByZXF1aXJlZCBpbiB0aGUgcGF0aCBiZXR3ZWVuIHRoZSBJVFIg
YW5kIHRoZSBNYXAtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBSZXNvbHZl
ciwgdGhlIElUUi1PVEsgU0hPVUxEIGJlIGVuY3J5cHRlZCB3aXRoIGEga2V5IHNoYXJlZCBi
ZXR3ZWVuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgUmVzb2x2ZXIsIHRo
ZSBJVFItT1RLIFNIT1VMRCBiZSBlbmNyeXB0ZWQgd2l0aCBhIGtleSBzaGFyZWQgYmV0d2Vl
bjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhlIElUUiBhbmQgdGhlIE1h
cC1SZXNvbHZlci48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGUgSVRS
IGFuZCB0aGUgTWFwLVJlc29sdmVyLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICBUaGUgT1RLIGlzIGVuY3J5cHRlZCB1c2luZyB0aGUgYWxnb3JpdGht
IHNwZWNpZmllZCBpbiB0aGUgT1RLPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgVGhlIE9USyBpcyBlbmNyeXB0ZWQgdXNpbmcgdGhlIGFsZ29yaXRobSBzcGVjaWZpZWQg
aW4gdGhlIE9USzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgRW5jcnlwdGlv
biBJRCBmaWVsZC4gIFdoZW4gdGhlIEFFUyBLZXkgV3JhcCBhbGdvcml0aG0gaXMgdXNlZCB0
bzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEVuY3J5cHRpb24gSUQgZmll
bGQuICBXaGVuIHRoZSBBRVMgS2V5IFdyYXAgYWxnb3JpdGhtIGlzIHVzZWQgdG88L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMzIiPjx0
ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+ICAgZW5jcnlwdCBhIDEyOC1iaXQgT1RLLCBhY2NvcmRpbmcgdG8gW1JG
QzMzPHNwYW4gY2xhc3M9ImRlbGV0ZSI+Mzk8L3NwYW4+XSwgdGhlIEFFUyBLZXkgV3JhcDwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBlbmNyeXB0IGEgMTI4LWJpdCBP
VEssIGFjY29yZGluZyB0byBbUkZDMzM8c3BhbiBjbGFzcz0iaW5zZXJ0Ij45NDwvc3Bhbj5d
LCB0aGUgQUVTIEtleSBXcmFwPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJ
bml0aWFsaXphdGlvbiBWYWx1ZSBNVVNUIGJlIHNldCB0byAweEE2QTZBNkE2QTZBNkE2QTYg
KDY0IGJpdHMpLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEluaXRpYWxp
emF0aW9uIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDB4QTZBNkE2QTZBNkE2QTZBNiAoNjQgYml0
cykuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRp
ZmYwMDMzIj48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC9zcGFuPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIG91dHB1dCBvZiB0aGUgQUVTIEtl
eSBXcmFwIG9wZXJhdGlvbiBpcyAxOTItYml0IGxvbmcuICBUaGUgbW9zdDwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBvdXRwdXQgb2YgdGhlIEFFUyBLZXkgV3Jh
cCBvcGVyYXRpb24gaXMgMTkyLWJpdCBsb25nLiAgVGhlIG1vc3Q8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIHNpZ25pZmljYW50IDY0LWJpdCBhcmUgY29waWVkIGluIHRo
ZSBPbmUtVGltZSBLZXkgUHJlYW1ibGUgZmllbGQsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgc2lnbmlmaWNhbnQgNjQtYml0IGFyZSBjb3BpZWQgaW4gdGhlIE9uZS1U
aW1lIEtleSBQcmVhbWJsZSBmaWVsZCw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIHdoaWxlIHRoZSAxMjggbGVzcyBzaWduaWZpY2FudCBiaXRzIGFyZSBjb3BpZWQgaW4g
dGhlIE9uZS1UaW1lIEtleTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHdo
aWxlIHRoZSAxMjggbGVzcyBzaWduaWZpY2FudCBiaXRzIGFyZSBjb3BpZWQgaW4gdGhlIE9u
ZS1UaW1lIEtleTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZmllbGQgb2Yg
dGhlIExJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEuPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgZmllbGQgb2YgdGhlIExJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERh
dGEuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFdoZW4g
ZGVjcnlwdGluZyBhbiBlbmNyeXB0ZWQgT1RLIHRoZSByZWNlaXZlciBNVVNUIHZlcmlmeSB0
aGF0IHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFdoZW4gZGVjcnlw
dGluZyBhbiBlbmNyeXB0ZWQgT1RLIHRoZSByZWNlaXZlciBNVVNUIHZlcmlmeSB0aGF0IHRo
ZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSW5pdGlhbGl6YXRpb24gVmFs
dWUgcmVzdWx0aW5nIGZyb20gdGhlIEFFUyBLZXkgV3JhcCBkZWNyeXB0aW9uPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgSW5pdGlhbGl6YXRpb24gVmFsdWUgcmVzdWx0
aW5nIGZyb20gdGhlIEFFUyBLZXkgV3JhcCBkZWNyeXB0aW9uPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBvcGVyYXRpb24gaXMgZXF1YWwgdG8gMHhBNkE2QTZBNkE2QTZB
NkE2LiAgSWYgdGhpcyB2ZXJpZmljYXRpb24gZmFpbHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBvcGVyYXRpb24gaXMgZXF1YWwgdG8gMHhBNkE2QTZBNkE2QTZBNkE2
LiAgSWYgdGhpcyB2ZXJpZmljYXRpb24gZmFpbHM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIHRoZSByZWNlaXZlciBNVVNUIGRpc2NhcmQgdGhlIGVudGlyZSBtZXNzYWdl
LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSByZWNlaXZlciBNVVNU
IGRpc2NhcmQgdGhlIGVudGlyZSBtZXNzYWdlLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0icGFydC0xMSIg
Y2xhc3M9ImNoYW5nZSI+PHRkPjwvdGQ+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2Ug
YXQ8L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlm
Zi9yZmNkaWZmLnB5aHQjcGFydC0xMSI+PGVtPiBwYWdlIDE0LCBsaW5lIDE3PHNwYW4gY2xh
c3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxs
PnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5p
ZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTExIj48ZW0+IHBhZ2Ug
MTQsIGxpbmUgMjU8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwvdGg+
PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgV2hlbiBhIDEyOC1iaXQgT1RLIGlzIHNlbnQgdW5lbmNyeXB0ZWQg
dGhlIE9USyBFbmNyeXB0aW9uIElEIGlzIHNldDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIFdoZW4gYSAxMjgtYml0IE9USyBpcyBzZW50IHVuZW5jcnlwdGVkIHRoZSBP
VEsgRW5jcnlwdGlvbiBJRCBpcyBzZXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIHRvIE5VTExfS0VZX1dSQVBfMTI4LCBhbmQgdGhlIE9USyBQcmVhbWJsZSBpcyBzZXQg
dG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0byBOVUxMX0tFWV9XUkFQ
XzEyOCwgYW5kIHRoZSBPVEsgUHJlYW1ibGUgaXMgc2V0IHRvPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAweDAwMDAwMDAwMDAwMDAwMDAgKDY0IGJpdHMpLjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIDB4MDAwMDAwMDAwMDAwMDAwMCAoNjQgYml0
cykuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjUuNi4gIE1h
cC1SZXNvbHZlciBQcm9jZXNzaW5nPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
NS42LiAgTWFwLVJlc29sdmVyIFByb2Nlc3Npbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgVXBvbiByZWNlaXZpbmcgYW4gZW5jYXBzdWxhdGVkIE1h
cC1SZXF1ZXN0IHdpdGggdGhlIFMtYml0IHNldCwgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgVXBvbiByZWNlaXZpbmcgYW4gZW5jYXBzdWxhdGVkIE1hcC1SZXF1
ZXN0IHdpdGggdGhlIFMtYml0IHNldCwgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBNYXAtUmVzb2x2ZXIgZGVjYXBzdWxhdGVzIHRoZSBFQ00gbWVzc2FnZS4gIFRo
ZSBJVFItT1RLLCBpZjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIE1hcC1S
ZXNvbHZlciBkZWNhcHN1bGF0ZXMgdGhlIEVDTSBtZXNzYWdlLiAgVGhlIElUUi1PVEssIGlm
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBlbmNyeXB0ZWQsIGlzIGRlY3J5
cHRlZCBhcyBzcGVjaWZpZWQgaW4gU2VjdGlvbiA1LjUuPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgZW5jcnlwdGVkLCBpcyBkZWNyeXB0ZWQgYXMgc3BlY2lmaWVkIGlu
IFNlY3Rpb24gNS41LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDM0Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNs
YXNzPSJkZWxldGUiPlRoZSBNYXAtUmVzb2x2ZXIsIGFzIHNwZWNpZmllZCBpbiBbUkZDNjgz
M10sIG9yaWdpbmF0ZXMgYSBuZXcgRUNNPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5Qcm90ZWN0aW5nIHRoZSBjb25m
aWRlbnRpYWxpdHkgb2YgdGhlIElUUi1PVEsgYW5kLDwvc3Bhbj4gaW4gPHNwYW4gY2xhc3M9
Imluc2VydCI+Z2VuZXJhbCwgdGhlPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48c3BhbiBjbGFzcz0iZGVsZXRlIj4gICBoZWFkZXIgd2l0aCB0aGUgUy1iaXQg
c2V0LCB0aGF0IGNvbnRhaW5zIHRoZSB1bmVuY3J5cHRlZCBJVFItT1RLLCBhczwvc3Bhbj48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+
ICAgc2VjdXJpdHkgb2YgaG93IHRoZSBNYXAtUmVxdWVzdCBpcyBoYW5kZWQgYnkgdGhlIE1h
cC1SZXNvbHZlciB0bzwvc3Bhbj4gdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPjxzcGFuIGNsYXNzPSJkZWxldGUiPiAgIHNwZWNpZmllZDwvc3Bhbj4gaW4gPHNwYW4g
Y2xhc3M9ImRlbGV0ZSI+U2VjdGlvbiA1LjUsIGFuZDwvc3Bhbj4gdGhlIDxzcGFuIGNsYXNz
PSJkZWxldGUiPm90aGVyIGRhdGEgZGVyaXZlZCBmcm9tIHRoZSBFQ008L3NwYW4+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPk1h
cC1TZXJ2ZXIsIGlzIHNwZWNpZmljIHRvIHRoZSBwYXJ0aWN1bGFyIE1hcHBpbmcgU3lzdGVt
IHVzZWQsIGFuZDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNw
YW4gY2xhc3M9ImRlbGV0ZSI+ICAgQXV0aGVudGljYXRpb24gRGF0YTwvc3Bhbj4gb2YgdGhl
IDxzcGFuIGNsYXNzPSJkZWxldGUiPnJlY2VpdmVkIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVz
dC48L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNz
PSJpbnNlcnQiPiAgIG91dHNpZGU8L3NwYW4+IG9mIHRoZSA8c3BhbiBjbGFzcz0iaW5zZXJ0
Ij5zY29wZSBvZiB0aGlzIG1lbW8uPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDM1Ij48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPiAgIFRoZSBNYXAtUmVzb2x2ZXIgdGhlbiBmb3J3YXJkcyB0aGUgcmVjZWl2ZWQgPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+TWFwLVJlcXVlc3QsPC9zcGFuPiBlbmNhcHN1bGF0ZWQ8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+
SW4gTWFwcGluZyBTeXN0ZW1zIHdoZXJlIHRoZSBNYXAtU2VydmVyIGlzIGNvbXBsaWFudCB3
aXRoIFtSRkM2ODMzXSw8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PiAgIGluIHRoZSBuZXcgRUNNIGhlYWRlciB0aGF0IGluY2x1ZGVzIHRoZSBuZXdseSBjb21w
dXRlZCBBdXRoZW50aWNhdGlvbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48
c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB0aGUgTWFwLVJlc29sdmVyIG9yaWdpbmF0ZXMgYSBu
ZXcgRUNNIGhlYWRlciB3aXRoIHRoZSBTLWJpdCBzZXQsIHRoYXQ8L3NwYW4+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIERhdGEgZmllbGRzLjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBjb250YWlucyB0
aGUgdW5lbmNyeXB0ZWQgSVRSLU9USywgYXMgc3BlY2lmaWVkIGluIFNlY3Rpb24gNS41LCBh
bmQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB0aGUgb3Ro
ZXIgZGF0YSBkZXJpdmVkIGZyb20gdGhlIEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhIG9mIHRo
ZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIHJlY2VpdmVk
IGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdC48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBUaGUgTWFwLVJlc29sdmVyIHRoZW4gZm9y
d2FyZHMgPHNwYW4gY2xhc3M9Imluc2VydCI+dG8gdGhlIE1hcC1TZXJ2ZXI8L3NwYW4+IHRo
ZSByZWNlaXZlZCA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5NYXAtPC9zcGFuPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgUmVxdWVzdCw8L3NwYW4+IGVuY2Fwc3VsYXRl
ZCBpbiB0aGUgbmV3IEVDTSBoZWFkZXIgdGhhdCBpbmNsdWRlcyB0aGUgbmV3bHk8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPiAgIGNvbXB1dGVkIEF1dGhlbnRpY2F0aW9uIERhdGEgZmllbGRzLjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij41LjcuICBNYXAtU2VydmVyIFBy
b2Nlc3Npbmc8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij41LjcuICBNYXAtU2Vy
dmVyIFByb2Nlc3Npbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgVXBvbiByZWNlaXZpbmcgYW4gRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCB3
aXRoIHRoZSBTLWJpdCBzZXQsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
VXBvbiByZWNlaXZpbmcgYW4gRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCB3aXRoIHRo
ZSBTLWJpdCBzZXQsPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgTWFw
LVNlcnZlciBwcm9jZXNzIHRoZSBNYXAtUmVxdWVzdCBhY2NvcmRpbmcgdG8gdGhlIHZhbHVl
IG9mIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBNYXAtU2Vy
dmVyIHByb2Nlc3MgdGhlIE1hcC1SZXF1ZXN0IGFjY29yZGluZyB0byB0aGUgdmFsdWUgb2Yg
dGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBTLWJpdCBjb250YWluZWQg
aW4gdGhlIE1hcC1SZWdpc3RlciBzZW50IGJ5IHRoZSBFVFIgZHVyaW5nPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgUy1iaXQgY29udGFpbmVkIGluIHRoZSBNYXAtUmVn
aXN0ZXIgc2VudCBieSB0aGUgRVRSIGR1cmluZzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgcmVnaXN0cmF0aW9uLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIHJlZ2lzdHJhdGlvbi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgSWYgdGhlIFMtYml0IGNvbnRhaW5lZCBpbiB0aGUgTWFwLVJlZ2lzdGVyIHdh
cyBjbGVhciB0aGUgTWFwLVNlcnZlcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIElmIHRoZSBTLWJpdCBjb250YWluZWQgaW4gdGhlIE1hcC1SZWdpc3RlciB3YXMgY2xl
YXIgdGhlIE1hcC1TZXJ2ZXI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGRl
Y2Fwc3VsYXRlcyB0aGUgRUNNIGFuZCBnZW5lcmF0ZXMgYSBuZXcgRUNNIGVuY2Fwc3VsYXRl
ZCBNYXAtUmVxdWVzdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGRlY2Fw
c3VsYXRlcyB0aGUgRUNNIGFuZCBnZW5lcmF0ZXMgYSBuZXcgRUNNIGVuY2Fwc3VsYXRlZCBN
YXAtUmVxdWVzdDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhhdCBkb2Vz
IG5vdCBjb250YWluIGFuIEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhLCBhcyBzcGVjaWZpZWQg
aW48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGF0IGRvZXMgbm90IGNv
bnRhaW4gYW4gRUNNIEF1dGhlbnRpY2F0aW9uIERhdGEsIGFzIHNwZWNpZmllZCBpbjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgW1JGQzY4MzBdLiAgVGhlIE1hcC1TZXJ2
ZXIgZG9lcyBub3QgcGVyZm9ybSBhbnkgZnVydGhlciBMSVNQLVNFQzwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIFtSRkM2ODMwXS4gIFRoZSBNYXAtU2VydmVyIGRvZXMg
bm90IHBlcmZvcm0gYW55IGZ1cnRoZXIgTElTUC1TRUM8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMzYiPjx0ZD48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAg
cHJvY2Vzc2luZy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgcHJvY2Vz
c2luZzxzcGFuIGNsYXNzPSJpbnNlcnQiPiwgYW5kIHRoZSBNYXAtUmVwbHkgd2lsbCBub3Qg
YmUgcHJvdGVjdGVkPC9zcGFuPi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgSWYgdGhlIFMtYml0IGNvbnRhaW5lZCBpbiB0aGUgTWFwLVJlZ2lzdGVy
IHdhcyBzZXQgdGhlIE1hcC1TZXJ2ZXI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBJZiB0aGUgUy1iaXQgY29udGFpbmVkIGluIHRoZSBNYXAtUmVnaXN0ZXIgd2FzIHNl
dCB0aGUgTWFwLVNlcnZlcjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZGVj
YXBzdWxhdGVzIHRoZSBFQ00gYW5kIGdlbmVyYXRlcyBhIG5ldyBFQ00gQXV0aGVudGljYXRp
b24gRGF0YS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBkZWNhcHN1bGF0
ZXMgdGhlIEVDTSBhbmQgZ2VuZXJhdGVzIGEgbmV3IEVDTSBBdXRoZW50aWNhdGlvbiBEYXRh
LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIEF1dGhlbnRpY2F0aW9u
IERhdGEgaW5jbHVkZXMgdGhlIE9USy1BRCBhbmQgdGhlIEVJRC1BRCwgdGhhdDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBBdXRoZW50aWNhdGlvbiBEYXRhIGlu
Y2x1ZGVzIHRoZSBPVEstQUQgYW5kIHRoZSBFSUQtQUQsIHRoYXQ8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIGNvbnRhaW5zIEVJRC1wcmVmaXggYXV0aG9yaXphdGlvbiBp
bmZvcm1hdGlvbiwgdGhhdCBhcmUgdWx0aW1hdGVseTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIGNvbnRhaW5zIEVJRC1wcmVmaXggYXV0aG9yaXphdGlvbiBpbmZvcm1h
dGlvbiwgdGhhdCBhcmUgdWx0aW1hdGVseTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgc2VudCB0byB0aGUgcmVxdWVzdGluZyBJVFIuPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgc2VudCB0byB0aGUgcmVxdWVzdGluZyBJVFIuPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBNYXAtU2VydmVyIHVwZGF0
ZXMgdGhlIE9USy1BRCBieSBkZXJpdmluZyBhIG5ldyBPVEsgKE1TLU9USykgZnJvbTwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBNYXAtU2VydmVyIHVwZGF0ZXMg
dGhlIE9USy1BRCBieSBkZXJpdmluZyBhIG5ldyBPVEsgKE1TLU9USykgZnJvbTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhlIElUUi1PVEsgcmVjZWl2ZWQgd2l0aCB0
aGUgTWFwLVJlcXVlc3QuICBNUy1PVEsgaXMgZGVyaXZlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIHRoZSBJVFItT1RLIHJlY2VpdmVkIHdpdGggdGhlIE1hcC1SZXF1
ZXN0LiAgTVMtT1RLIGlzIGRlcml2ZWQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIGFwcGx5aW5nIHRoZSBrZXkgZGVyaXZhdGlvbiBmdW5jdGlvbiBzcGVjaWZpZWQgaW4g
dGhlIEtERiBJRCBmaWVsZC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBh
cHBseWluZyB0aGUga2V5IGRlcml2YXRpb24gZnVuY3Rpb24gc3BlY2lmaWVkIGluIHRoZSBL
REYgSUQgZmllbGQuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0ciBpZD0icGFydC0xMiIgY2xhc3M9ImNoYW5nZSI+PHRkPjwvdGQ+PHRo
PjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8v
dG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC0xMiI+PGVt
PiBwYWdlIDE2LCBsaW5lIDE5PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwv
YT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21h
bGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2Rp
ZmYucHlodCNwYXJ0LTEyIj48ZW0+IHBhZ2UgMTYsIGxpbmUgMzM8c3BhbiBjbGFzcz0iaGlk
ZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij42LiAg
U2VjdXJpdHkgQ29uc2lkZXJhdGlvbnM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij42LiAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+Ni4xLiAgTWFwcGluZyBTeXN0ZW0gU2VjdXJpdHk8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij42LjEuICBNYXBwaW5nIFN5c3RlbSBTZWN1cml0
eTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgTElT
UC1TRUMgdGhyZWF0IG1vZGVsIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDMsIGFzc3VtZXMgdGhh
dCB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGUgTElTUC1TRUMg
dGhyZWF0IG1vZGVsIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDMsIGFzc3VtZXMgdGhhdCB0aGU8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIExJU1AgTWFwcGluZyBTeXN0ZW0g
aXMgd29ya2luZyBwcm9wZXJseSBhbmQgZXZlbnR1YWxseSBkZWxpdmVycyBNYXAtPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgTElTUCBNYXBwaW5nIFN5c3RlbSBpcyB3
b3JraW5nIHByb3Blcmx5IGFuZCBldmVudHVhbGx5IGRlbGl2ZXJzIE1hcC08L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFJlcXVlc3QgbWVzc2FnZXMgdG8gYSBNYXAtU2Vy
dmVyIHRoYXQgaXMgYXV0aG9yaXRhdGl2ZSBmb3IgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgUmVxdWVzdCBtZXNzYWdlcyB0byBhIE1hcC1TZXJ2ZXIgdGhhdCBp
cyBhdXRob3JpdGF0aXZlIGZvciB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIHJlcXVlc3RlZCBFSUQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
cmVxdWVzdGVkIEVJRC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAzNyI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBNYXAtUmVn
aXN0ZXIgc2VjdXJpdHksIGluY2x1ZGluZyB0aGUgcmlnaHQgZm9yIGEgTElTUCBlbnRpdHkg
dG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imlu
c2VydCI+SXQgaXMgYXNzdW1lZCB0aGF0IHRoZSBNYXBwaW5nIFN5c3RlbSBlbnN1cmVzIHRo
ZSBjb25maWRlbnRpYWxpdHkgb2Y8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
YmxvY2siPiAgIHJlZ2lzdGVyIGFuIEVJRC1wcmVmaXggb3IgdG8gY2xhaW0gcHJlc2VuY2Ug
YXQgYW4gUkxPQywgaXMgb3V0IG9mIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB0aGUgT1RLLCBhbmQgdGhlIGludGVncml0
eSBvZiB0aGUgTWFwLVJlcGx5IGRhdGEuICBIb3dldmVyLCBob3cgdGhlPC9zcGFuPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBzY29wZSBvZiBMSVNQLVNFQy48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAg
TElTUCBNYXBwaW5nIFN5c3RlbSBpcyBzZWN1cmVkIGlzIG91dCBvZiB0aGUgc2NvcGUgb2Yg
dGhpcyBkb2N1bWVudC48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0
Ij48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBTaW1pbGFy
bHksPC9zcGFuPiBNYXAtUmVnaXN0ZXIgc2VjdXJpdHksIGluY2x1ZGluZyB0aGUgcmlnaHQg
Zm9yIGEgTElTUDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgZW50aXR5IHRvIHJlZ2lzdGVyIGFuIEVJRC1w
cmVmaXggb3IgdG8gY2xhaW0gcHJlc2VuY2UgYXQgYW4gUkxPQywgaXM8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PiAgIG91dCBvZiB0aGUgc2NvcGUgb2YgTElTUC1TRUMuPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPjYuMi4gIFJhbmRvbSBOdW1iZXIgR2VuZXJhdGlvbjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjYuMi4gIFJhbmRvbSBOdW1iZXIgR2Vu
ZXJhdGlvbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBU
aGUgSVRSLU9USyBNVVNUIGJlIGdlbmVyYXRlZCBieSBhIHByb3Blcmx5IHNlZWRlZCBwc2V1
ZG8tcmFuZG9tIChvcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBJ
VFItT1RLIE1VU1QgYmUgZ2VuZXJhdGVkIGJ5IGEgcHJvcGVybHkgc2VlZGVkIHBzZXVkby1y
YW5kb20gKG9yPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBzdHJvbmcgcmFu
ZG9tKSBzb3VyY2UuICBTZWUgW1JGQzQwODZdIGZvciBhZHZpY2Ugb24gZ2VuZXJhdGluZzwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHN0cm9uZyByYW5kb20pIHNvdXJj
ZS4gIFNlZSBbUkZDNDA4Nl0gZm9yIGFkdmljZSBvbiBnZW5lcmF0aW5nPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBzZWN1cml0eS1zZW5zaXRpdmUgcmFuZG9tIGRhdGE8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBzZWN1cml0eS1zZW5zaXRpdmUg
cmFuZG9tIGRhdGE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
Ni4zLiAgTWFwLVNlcnZlciBhbmQgRVRSIENvbG9jYXRpb248L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij42LjMuICBNYXAtU2VydmVyIGFuZCBFVFIgQ29sb2NhdGlvbjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJZiB0aGUgTWFwLVNl
cnZlciBhbmQgdGhlIEVUUiBhcmUgY29sb2NhdGVkLCBMSVNQLVNFQyBkb2VzIG5vdDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIElmIHRoZSBNYXAtU2VydmVyIGFuZCB0
aGUgRVRSIGFyZSBjb2xvY2F0ZWQsIExJU1AtU0VDIGRvZXMgbm90PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICBwcm92aWRlIHByb3RlY3Rpb24gZnJvbSBvdmVyY2xhaW1p
bmcgYXR0YWNrcyBtb3VudGVkIGJ5IHRoZSBFVFIuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgcHJvdmlkZSBwcm90ZWN0aW9uIGZyb20gb3ZlcmNsYWltaW5nIGF0dGFj
a3MgbW91bnRlZCBieSB0aGUgRVRSLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgSG93ZXZlciwgaW4gdGhpcyBwYXJ0aWN1bGFyIGNhc2UsIHNpbmNlIHRoZSBFVFIgaXMg
d2l0aGluIHRoZSB0cnVzdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEhv
d2V2ZXIsIGluIHRoaXMgcGFydGljdWxhciBjYXNlLCBzaW5jZSB0aGUgRVRSIGlzIHdpdGhp
biB0aGUgdHJ1c3Q8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGJvdW5kYXJp
ZXMgb2YgdGhlIE1hcC1TZXJ2ZXIsIEVUUidzIG92ZXJjbGFpbWluZyBhdHRhY2tzIGFyZSBu
b3Q8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBib3VuZGFyaWVzIG9mIHRo
ZSBNYXAtU2VydmVyLCBFVFIncyBvdmVyY2xhaW1pbmcgYXR0YWNrcyBhcmUgbm90PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBpbmNsdWRlZCBpbiB0aGUgdGhyZWF0IG1v
ZGVsLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGluY2x1ZGVkIGluIHRo
ZSB0aHJlYXQgbW9kZWwuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMzgiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjYuNC4gIERl
cGxveWluZyBMSVNQLVNFQzwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9j
ayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNl
cnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIFRoaXMg
bWVtbyBpcyB3cml0dGVuIGFjY29yZGluZyB0byBbUkZDMjExOV0uICBTcGVjaWZpY2FsbHks
IHRoZSB1c2U8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBv
ZiB0aGUga2V5IHdvcmQgU0hPVUxEICIgb3IgdGhlIGFkamVjdGl2ZSAnUkVDT01NRU5ERUQn
LCBtZWFuIHRoYXQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4g
ICB0aGVyZSBtYXkgZXhpc3QgdmFsaWQgcmVhc29ucyBpbiBwYXJ0aWN1bGFyIGNpcmN1bXN0
YW5jZXMgdG8gaWdub3JlIGE8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5z
ZXJ0Ij4gICBwYXJ0aWN1bGFyIGl0ZW0sIGJ1dCB0aGUgZnVsbCBpbXBsaWNhdGlvbnMgbXVz
dCBiZSB1bmRlcnN0b29kIGFuZDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJp
bnNlcnQiPiAgIGNhcmVmdWxseSB3ZWlnaGVkIGJlZm9yZSBjaG9vc2luZyBhIGRpZmZlcmVu
dCBjb3Vyc2UiLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIFRob3NlIGRlcGxv
eWluZyBMSVNQLVNFQyBhY2NvcmRpbmcgdG8gdGhpcyBtZW1vLCBzaG91bGQgY2FyZWZ1bGx5
PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgd2VpZ2h0IGhv
dyB0aGUgTElTUC1TRUMgdGhyZWF0IG1vZGVsIGFwcGxpZXMgdG8gdGhlaXIgcGFydGljdWxh
ciB1c2U8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBjYXNl
IG9yIGRlcGxveW1lbnQuICBXaGVuIHRoZXkgZGVjaWRlIHRvIGlnbm9yZSBhIHBhcnRpY3Vs
YXI8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICByZWNvbW1l
bmRhdGlvbiB0aGV5IHNob3VsZCBtYWtlIHN1cmUgdGhlIHJpc2sgYXNzb2NpYXRlZCB3aXRo
IHRoZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGNvcnJl
c3BvbmRpbmcgdGhyZWF0cyBpcyB3ZWxsIHVuZGVyc3Rvb2QuPC9zcGFuPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+PHNwYW4gY2xhc3M9Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xh
c3M9Imluc2VydCI+ICAgQXMgYW4gZXhhbXBsZSwgaW4gY2VydGFpbiBjbG9zZWQgYW5kIGNv
bnRyb2xsZWQgZGVwbG95bWVudHMsIGl0IGlzPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4g
Y2xhc3M9Imluc2VydCI+ICAgcG9zc2libGUgdGhhdCB0aGUgdGhyZWF0IGFzc29jaWF0ZWQg
d2l0aCBhIE1pVE0gYmV0d2VlbiB0aGUgeFRSIGFuZDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxz
cGFuIGNsYXNzPSJpbnNlcnQiPiAgIHRoZSBNYXBwaW5nIFN5c3RlbSBpcyB2ZXJ5IGxvdywg
YW5kIGFmdGVyIGNhcmZldWwgY29uc2lkZXJhdGlvbiBpdDwvc3Bhbj48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIG1heSBiZSBkZWNpZGVkIHRvIGFsbG93IGEgTlVM
TCBrZXkgd3JhcHBpbmcgYWxnb3JpdGhtIHdoaWxlIGNhcnJ5aW5nPC9zcGFuPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi
bG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgdGhlIE9US3MgYmV0d2VlbiB0aGUgeFRS
IGFuZCB0aGUgTWFwcGluZyBTeXN0ZW0uPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xh
c3M9Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+
ICAgQXMgYW4gZXhhbXBsZSBhdCB0aGUgb3RoZXIgZW5kIG9mIHRoZSBzcGVjdHJ1bSwgaW4g
Y2VydGFpbiBvdGhlcjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQi
PiAgIGRlcGxveW1lbnRzLCBhdHRhY2tlcnMgbWF5IGJlIHZlcnkgc29waGlzdGljYXRlZCwg
YW5kIGZvcmNlIHRoZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQi
PiAgIGRlcGxveWVycyB0byBlbmZvcmNlIHZlcnkgc3RyaWN0IHBvbGljaWVzIGluIHRlcm0g
b2YgT1RLIHdyYXBwaW5nPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2Nr
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2Vy
dCI+ICAgYWxnb3JpdGhtcyBhbGxvd2VkLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNs
YXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQi
PiAgIFNpbWlsYXIgY29uc2lkZXJhdGlvbnMgYXBwbHkgdG8gdGhlIGVudGlyZSBMSVNQLVNF
QyB0aHJlYXQgbW9kZWwsIGFuZDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJp
bnNlcnQiPiAgIHNob3VsZCBndWlkZSB0aGUgZGVwbG95ZXJzIGFuZCBpbXBsZW1lbnRvcnMg
d2hlbmV2ZXIgdGhleSBlbmNvdW50ZXI8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFz
cz0iaW5zZXJ0Ij4gICB0aGUga2V5IHdvcmQgU0hPVUxEIGFjcm9zcyB0aGlzIG1lbW8uPC9z
cGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJibG9jayI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+Ny4gIElBTkEgQ29uc2lkZXJhdGlvbnM8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij43LiAgSUFOQSBDb25zaWRlcmF0aW9uczwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDM5
Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsYmxvY2siPjcuMS4gIDxzcGFuIGNsYXNzPSJkZWxldGUiPkhNQUMgZnVuY3Rp
b25zPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj43LjEuICA8c3Bh
biBjbGFzcz0iaW5zZXJ0Ij5FQ00gQUQgVHlwZSBSZWdpc3RyeTwvc3Bhbj48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZm
MDA0MCI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBUaGUgZm9sbG93aW5nIDxzcGFuIGNsYXNzPSJkZWxl
dGUiPkhNQUMgSUQ8L3NwYW4+IHZhbHVlcyBhcmUgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+ZGVm
aW5lZCBieSB0aGlzPC9zcGFuPiBtZW1vIGZvciB1c2UgYXM8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+SUFOQSBpcyByZXF1ZXN0
ZWQgdG8gY3JlYXRlIHRoZSAiRUNNIEF1dGhlbnRpY2F0aW9uIERhdGEgVHlwZSI8L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIFJlcXVlc3RlZCBITUFDIElE
LCBFSUQgSE1BQyBJRCwgYW5kIFBLVCBITUFDIElEIGluIHRoZSBMSVNQLVNFQzwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICByZWdp
c3RyeSB3aXRoIHZhbHVlcyAwLTI1NSwgZm9yIHVzZSBpbiB0aGUgRUNNIExJU1AtU0VDIEV4
dGVuc2lvbnM8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIEF1
dGhlbnRpY2F0aW9uIERhdGE6PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxz
cGFuIGNsYXNzPSJpbnNlcnQiPiAgIFNlY3Rpb24gNS4xLjwvc3Bhbj4gIFRoZSA8c3BhbiBj
bGFzcz0iaW5zZXJ0Ij5yZWdpc3RyeSBNVVNUIGJlIGluaXRpYWxseSBwb3B1bGF0ZWQgd2l0
aCB0aGU8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBmb2xsb3dpbmcgPHNwYW4gY2xhc3M9Imlu
c2VydCI+dmFsdWVzOjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQi
Pjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAg
ICBOYW1lICAgICAgICAgICAgICAgICAgICAgVmFsdWUgICAgICAgIERlZmluZWQgSW48L3Nw
YW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICAgICAgLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvc3Bhbj48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBSZXNlcnZl
ZCAgICAgICAgICAgICAgICAgMDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJp
bnNlcnQiPiAgICAgICAgICAgICBMSVNQLVNFQy1FQ00tRVhUICAgICAgICAgMSAgICAgICAg
ICAgICBUaGlzIG1lbW88L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gICAgICAgICAgICAgdmFsdWVzIDxzcGFuIGNsYXNzPSJpbnNlcnQi
PjItMjU1PC9zcGFuPiBhcmUgPHNwYW4gY2xhc3M9Imluc2VydCI+cmVzZXJ2ZWQgdG8gSUFO
QS48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij48L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICBITUFDIEZ1bmN0aW9uczwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNz
PSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjcu
Mi4gIE1hcC1SZXBseSBBRCBUeXBlIFJlZ2lzdHJ5PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNw
YW4gY2xhc3M9Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imlu
c2VydCI+ICAgSUFOQSBpcyByZXF1ZXN0ZWQgdG8gY3JlYXRlIHRoZSAiTWFwLVJlcGx5IEF1
dGhlbnRpY2F0aW9uIERhdGEgVHlwZSI8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFz
cz0iaW5zZXJ0Ij4gICByZWdpc3RyeSB3aXRoIHZhbHVlcyAwLTI1NSwgZm9yIHVzZSBpbiB0
aGUgTWFwLVJlcGx5IExJU1AtU0VDPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9
Imluc2VydCI+ICAgRXh0ZW5zaW9ucyBTZWN0aW9uIDUuMi4gIFRoZSByZWdpc3RyeSBNVVNU
IGJlIGluaXRpYWxseSBwb3B1bGF0ZWQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFz
cz0iaW5zZXJ0Ij4gICB3aXRoIHRoZSBmb2xsb3dpbmcgdmFsdWVzOjwvc3Bhbj48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFu
IGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBOYW1lICAgICAgICAgICAgICAgICAgICAg
VmFsdWUgICAgICAgIERlZmluZWQgSW48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFz
cz0iaW5zZXJ0Ij4gICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJp
bnNlcnQiPiAgICAgICAgICAgICBSZXNlcnZlZCAgICAgICAgICAgICAgICAgMDwvc3Bhbj48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBMSVNQLVNF
Qy1NUi1FWFQgICAgICAgICAgMSAgICAgICAgICAgICBUaGlzPC9zcGFuPiBtZW1vPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
YmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICAgICAgICAg
PHNwYW4gY2xhc3M9Imluc2VydCI+dmFsdWVzIDItMjU1IGFyZSByZXNlcnZlZCB0byBJQU5B
Ljwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIEhNQUMgRnVuY3Rpb25zPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9
Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+Ny4z
LiAgSE1BQyBGdW5jdGlvbnM8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5z
ZXJ0Ij48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBJQU5B
IGlzIHJlcXVlc3RlZCB0byBjcmVhdGUgdGhlICJMSVNQLVNFQyBBdXRoZW50aWNhdGlvbiBE
YXRhIEhNQUM8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBJ
RCIgcmVnaXN0cnkgd2l0aCB2YWx1ZXMgMC02NTUzNTwvc3Bhbj4gZm9yIHVzZSBhcyBSZXF1
ZXN0ZWQgSE1BQyBJRCwgRUlEPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBITUFDIElELCBhbmQgUEtUIEhN
QUMgSUQgaW4gdGhlIExJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGE6PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBOYW1lICAgICAg
ICAgICAgICAgICAgICAgTnVtYmVyICAgICAgICBEZWZpbmVkIEluPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIE5hbWUgICAgICAgICAgICAgICAgICAg
ICBOdW1iZXIgICAgICAgIERlZmluZWQgSW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgICAgICAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAg
ICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBOT05FICAgICAg
ICAgICAgICAgICAgICAgMDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAg
ICAgICAgICBOT05FICAgICAgICAgICAgICAgICAgICAgMDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgICAgICAgIEFVVEgtSE1BQy1TSEEtMS05NiAgICAgICAxICAg
ICAgICAgICAgIFtSRkMyMTA0XTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
ICAgICAgICAgICBBVVRILUhNQUMtU0hBLTEtOTYgICAgICAgMSAgICAgICAgICAgICBbUkZD
MjEwNF08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBBVVRI
LUhNQUMtU0hBLTI1Ni0xMjggICAgMiAgICAgICAgICAgICBbUkZDNDYzNF08L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgQVVUSC1ITUFDLVNIQS0yNTYt
MTI4ICAgIDIgICAgICAgICAgICAgW1JGQzQ2MzRdPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwNDEiPjx0ZD48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+ICAgICAgICAgICAgIHZhbHVlcyA8c3BhbiBjbGFzcz0iZGVsZXRlIj4yPC9zcGFu
Pi02NTUzNSBhcmUgcmVzZXJ2ZWQgdG8gSUFOQS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+ICAgICAgICAgICAgIHZhbHVlcyA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4zPC9z
cGFuPi02NTUzNSBhcmUgcmVzZXJ2ZWQgdG8gSUFOQS48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSE1B
QyBGdW5jdGlvbnM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICBITUFDIEZ1bmN0aW9uczwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDQyIj48dGQ+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPiAgIEFVVEgtSE1BQy1TSEEtMS05NiBNVVNUIGJlIHN1cHBvcnRlZCwgQVVU
SC1ITUFDLVNIQS0yNTYtMTI4IDxzcGFuIGNsYXNzPSJkZWxldGUiPnNob3VsZDwvc3Bhbj4g
YmU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgQVVUSC1ITUFDLVNIQS0x
LTk2IE1VU1QgYmUgc3VwcG9ydGVkLCBBVVRILUhNQUMtU0hBLTI1Ni0xMjggPHNwYW4gY2xh
c3M9Imluc2VydCI+U0hPVUxEPC9zcGFuPiBiZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgc3VwcG9ydGVkLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
IHN1cHBvcnRlZC48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyIGlkPSJkaWZmMDA0MyI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj43LjxzcGFuIGNsYXNz
PSJkZWxldGUiPjI8L3NwYW4+LiAgS2V5IFdyYXAgRnVuY3Rpb25zPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjcuPHNwYW4gY2xhc3M9Imluc2VydCI+NDwvc3Bhbj4uICBL
ZXkgV3JhcCBGdW5jdGlvbnM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDA0NCI+PHRkPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8c3Bh
biBjbGFzcz0iZGVsZXRlIj5UaGUgZm9sbG93aW5nIE9USyBFbmNyeXB0aW9uIElEPC9zcGFu
PiB2YWx1ZXMgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+YXJlIGRlZmluZWQgYnkgdGhpcyBtZW1v
PC9zcGFuPiBmb3I8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4g
Y2xhc3M9Imluc2VydCI+SUFOQSBpcyByZXF1ZXN0ZWQgdG8gY3JlYXRlIHRoZSAiTElTUC1T
RUMgQXV0aGVudGljYXRpb24gRGF0YSBLZXk8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgIHVzZSBhcyBPVEsga2V5IHdyYXAgYWxnb3JpdGhtcyBJRCBpbiB0
aGUgTElTUC1TRUMgQXV0aGVudGljYXRpb248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi
bG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgV3JhcCBJRCIgcmVnaXN0cnkgd2l0aDwv
c3Bhbj4gdmFsdWVzIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjAtNjU1MzU8L3NwYW4+IGZvciB1
c2UgYXMgT1RLIGtleSB3cmFwPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAg
IERhdGE6PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGFsZ29yaXRobXMg
SUQgaW4gdGhlIExJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGE6PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBOYW1lICAgICAgICAg
ICAgICAgICAgICAgTnVtYmVyICAgICAgICBEZWZpbmVkIEluPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIE5hbWUgICAgICAgICAgICAgICAgICAgICBO
dW1iZXIgICAgICAgIERlZmluZWQgSW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgICAgICAgICAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAg
IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwNDUi
Pjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+ICAgICAgICAgICAgIE5VTEwtS0VZLVdSQVAtMTI4ICAgICAgICAx
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAgICAgICBOVUxMLUtF
WS1XUkFQLTEyOCAgICAgICAgMTxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBU
aGlzIG1lbW88L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAg
ICAgICAgQUVTLUtFWS1XUkFQLTEyOCAgICAgICAgIDIgICAgICAgICAgICAgW1JGQzMzOTRd
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIEFFUy1LRVkt
V1JBUC0xMjggICAgICAgICAyICAgICAgICAgICAgIFtSRkMzMzk0XTwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgdmFsdWVzIDAgYW5k
IDMtNjU1MzUgYXJlIHJlc2VydmVkIHRvIElBTkEuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgICAgICAgICAgIHZhbHVlcyAwIGFuZCAzLTY1NTM1IGFyZSByZXNlcnZl
ZCB0byBJQU5BLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgS2V5IFdyYXAgRnVuY3Rpb25zPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtl
eSBXcmFwIEZ1bmN0aW9uczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBOVUxMLUtFWS1XUkFQLTEyOCwgYW5kIEFFUy1LRVktV1JBUC0xMjggTVVTVCBi
ZSBzdXBwb3J0ZWQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgTlVMTC1L
RVktV1JBUC0xMjgsIGFuZCBBRVMtS0VZLVdSQVAtMTI4IE1VU1QgYmUgc3VwcG9ydGVkLjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBOVUxMLUtFWS1X
UkFQLTEyOCBpcyB1c2VkIHRvIGNhcnJ5IGFuIHVuZW5jcnlwdGVkIDEyOC1iaXQgT1RLLCB3
aXRoIGE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBOVUxMLUtFWS1XUkFQ
LTEyOCBpcyB1c2VkIHRvIGNhcnJ5IGFuIHVuZW5jcnlwdGVkIDEyOC1iaXQgT1RLLCB3aXRo
IGE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDY0LWJpdCBwcmVhbWJsZSBz
ZXQgdG8gMHgwMDAwMDAwMDAwMDAwMDAwICg2NCBiaXRzKS48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICA2NC1iaXQgcHJlYW1ibGUgc2V0IHRvIDB4MDAwMDAwMDAwMDAw
MDAwMCAoNjQgYml0cykuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwNDYiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ny48c3BhbiBj
bGFzcz0iZGVsZXRlIj4zPC9zcGFuPi4gIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9uczwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj43LjxzcGFuIGNsYXNzPSJpbnNlcnQiPjU8
L3NwYW4+LiAgS2V5IERlcml2YXRpb24gRnVuY3Rpb25zPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwNDciPjx0ZD48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+VGhlIGZvbGxvd2luZyBLREYgSUQ8
L3NwYW4+IHZhbHVlcyA8c3BhbiBjbGFzcz0iZGVsZXRlIj5hcmUgZGVmaW5lZCBieSB0aGlz
IG1lbW88L3NwYW4+IGZvciB1c2UgYXMgS0RGPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPklBTkEgaXMgcmVxdWVzdGVkIHRvIGNy
ZWF0ZSB0aGUgIkxJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEgS2V5PC9zcGFuPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgRGVyaXZhdGlvbiBGdW5jdGlvbiBJ
RCIgcmVnaXN0cnkgd2l0aDwvc3Bhbj4gdmFsdWVzIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjAt
NjU1MzU8L3NwYW4+IGZvciB1c2UgYXMgS0RGPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBJRCBpbiB0aGUgTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YTo8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJRCBpbiB0aGUgTElTUC1TRUMgQXV0aGVu
dGljYXRpb24gRGF0YTo8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgICAgICAgIE5hbWUgICAgICAgICAgICAgICAgICAgICBOdW1iZXIgICAgICAg
IERlZmluZWQgSW48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAg
ICAgTmFtZSAgICAgICAgICAgICAgICAgICAgIE51bWJlciAgICAgICAgRGVmaW5lZCBJbjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgIC0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgICAgICAgIE5PTkUgICAgICAgICAgICAgICAgICAgICAwPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIE5PTkUgICAgICAgICAgICAgICAg
ICAgICAwPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgSEtE
Ri1TSEExLTEyOCAgICAgICAgICAgIDEgICAgICAgICAgICAgW1JGQzU4NjldPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIEhLREYtU0hBMS0xMjggICAg
ICAgICAgICAxICAgICAgICAgICAgIFtSRkM1ODY5XTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgdmFsdWVzIDItNjU1MzUgYXJlIHJl
c2VydmVkIHRvIElBTkEuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAg
ICAgICAgIHZhbHVlcyAyLTY1NTM1IGFyZSByZXNlcnZlZCB0byBJQU5BLjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAgICAgICAg
ICAgS2V5IERlcml2YXRpb24gRnVuY3Rpb25zPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgICAgICAgICAgICAgICAgICAgIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9u
czwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHIgaWQ9InBhcnQtMTMiIGNsYXNzPSJjaGFuZ2UiPjx0ZD48L3RkPjx0aD48c21hbGw+c2tp
cHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYu
b3JnL3Rvb2xzL3JmY2RpZmYvcmZjZGlmZi5weWh0I3BhcnQtMTMiPjxlbT4gcGFnZSAxOSwg
bGluZSA1PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0aD4g
PC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0i
aHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0
LTEzIj48ZW0+IHBhZ2UgMjAsIGxpbmUgNDY8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9zcGFu
PjwvZW0+PC9hPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgW1JGQzY4MzBdICBGYXJpbmFjY2ksIEQu
LCBGdWxsZXIsIFYuLCBNZXllciwgRC4sIGFuZCBELiBMZXdpcywgIlRoZTwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFtSRkM2ODMwXSAgRmFyaW5hY2NpLCBELiwgRnVs
bGVyLCBWLiwgTWV5ZXIsIEQuLCBhbmQgRC4gTGV3aXMsICJUaGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgTG9jYXRvci9JRCBTZXBhcmF0aW9uIFBy
b3RvY29sIChMSVNQKSIsIFJGQyA2ODMwLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgICAgICAgICAgTG9jYXRvci9JRCBTZXBhcmF0aW9uIFByb3RvY29sIChMSVNQ
KSIsIFJGQyA2ODMwLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAg
ICAgICBET0kgMTAuMTc0ODcvUkZDNjgzMCwgSmFudWFyeSAyMDEzLDwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3L1JGQzY4MzAs
IEphbnVhcnkgMjAxMyw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAg
ICAgICAgJmx0O2h0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM2ODMwJmd0Oy48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgICZsdDtodHRw
Oi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjNjgzMCZndDsuPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkM2ODMzXSAgRnVsbGVyLCBWLiBh
bmQgRC4gRmFyaW5hY2NpLCAiTG9jYXRvci9JRCBTZXBhcmF0aW9uPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgW1JGQzY4MzNdICBGdWxsZXIsIFYuIGFuZCBELiBGYXJp
bmFjY2ksICJMb2NhdG9yL0lEIFNlcGFyYXRpb248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgICAgICAgICAgUHJvdG9jb2wgKExJU1ApIE1hcC1TZXJ2ZXIgSW50ZXJm
YWNlIiwgUkZDIDY4MzMsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAg
ICAgICAgICBQcm90b2NvbCAoTElTUCkgTWFwLVNlcnZlciBJbnRlcmZhY2UiLCBSRkMgNjgz
Myw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgRE9JIDEw
LjE3NDg3L1JGQzY4MzMsIEphbnVhcnkgMjAxMyw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICAgICAgICAgIERPSSAxMC4xNzQ4Ny9SRkM2ODMzLCBKYW51YXJ5IDIw
MTMsPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICZsdDto
dHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjNjgzMyZndDsuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICAmbHQ7aHR0cDovL3d3dy5yZmMt
ZWRpdG9yLm9yZy9pbmZvL3JmYzY4MzMmZ3Q7LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDQ4Ij48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICA8c3BhbiBjbGFzcz0i
aW5zZXJ0Ij5bUkZDNjgzNl0gIEZ1bGxlciwgVi4sIEZhcmluYWNjaSwgRC4sIE1leWVyLCBE
LiwgYW5kIEQuIExld2lzLDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9j
ayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNl
cnQiPiAgICAgICAgICAgICAgIkxvY2F0b3IvSUQgU2VwYXJhdGlvbiBQcm90b2NvbCBBbHRl
cm5hdGl2ZSBMb2dpY2FsPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2Nr
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2Vy
dCI+ICAgICAgICAgICAgICBUb3BvbG9neSAoTElTUCtBTFQpIiwgUkZDIDY4MzYsIERPSSAx
MC4xNzQ4Ny9SRkM2ODM2LDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9j
ayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNl
cnQiPiAgICAgICAgICAgICAgSmFudWFyeSAyMDEzLCAmbHQ7aHR0cDovL3d3dy5yZmMtZWRp
dG9yLm9yZy9pbmZvL3JmYzY4MzYmZ3Q7Ljwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkM3ODM1
XSAgU2F1Y2V6LCBELiwgSWFubm9uZSwgTC4sIGFuZCBPLiBCb25hdmVudHVyZSwgIkxvY2F0
b3IvSUQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZDNzgzNV0gIFNh
dWNleiwgRC4sIElhbm5vbmUsIEwuLCBhbmQgTy4gQm9uYXZlbnR1cmUsICJMb2NhdG9yL0lE
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgIFNlcGFyYXRp
b24gUHJvdG9jb2wgKExJU1ApIFRocmVhdCBBbmFseXNpcyIsIFJGQyA3ODM1LDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgU2VwYXJhdGlvbiBQcm90
b2NvbCAoTElTUCkgVGhyZWF0IEFuYWx5c2lzIiwgUkZDIDc4MzUsPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgIERPSSAxMC4xNzQ4Ny9SRkM3ODM1LCBB
cHJpbCAyMDE2LDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAg
ICAgRE9JIDEwLjE3NDg3L1JGQzc4MzUsIEFwcmlsIDIwMTYsPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICZsdDtodHRwOi8vd3d3LnJmYy1lZGl0b3Iu
b3JnL2luZm8vcmZjNzgzNSZndDsuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgICAgICAgICAmbHQ7aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZvL3JmYzc4
MzUmZ3Q7LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5BdXRo
b3JzJyBBZGRyZXNzZXM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij5BdXRob3Jz
JyBBZGRyZXNzZXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgRmFiaW8gTWFpbm88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBGYWJp
byBNYWlubzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgQ2lzY28gU3lzdGVt
czwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIENpc2NvIFN5c3RlbXM8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDE3MCBUYXNtYW4gRHJpdmU8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAxNzAgVGFzbWFuIERyaXZlPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgoKICAgICA8dHI+PHRkPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZD48L3Rk
PjwvdHI+CiAgICAgPHRyIGlkPSJlbmQiIGJnY29sb3I9ImdyYXkiPjx0aCBjb2xzcGFuPSI1
IiBhbGlnbj0iY2VudGVyIj4mbmJzcDtFbmQgb2YgY2hhbmdlcy4gNDggY2hhbmdlIGJsb2Nr
cy4mbmJzcDs8L3RoPjwvdHI+CiAgICAgPHRyIGNsYXNzPSJzdGF0cyI+PHRkPjwvdGQ+PHRo
PjxpPjEzNCBsaW5lcyBjaGFuZ2VkIG9yIGRlbGV0ZWQ8L2k+PC90aD48dGg+PGk+IDwvaT48
L3RoPjx0aD48aT4yMjUgbGluZXMgY2hhbmdlZCBvciBhZGRlZDwvaT48L3RoPjx0ZD48L3Rk
PjwvdHI+CiAgICAgPHRyPjx0ZCBjb2xzcGFuPSI1IiBhbGlnbj0iY2VudGVyIiBjbGFzcz0i
c21hbGwiPjxicj5UaGlzIGh0bWwgZGlmZiB3YXMgcHJvZHVjZWQgYnkgcmZjZGlmZiAxLjQ1
LiBUaGUgbGF0ZXN0IHZlcnNpb24gaXMgYXZhaWxhYmxlIGZyb20gPGEgaHJlZj0iaHR0cDov
L3d3dy50b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmLyI+aHR0cDovL3Rvb2xzLmlldGYu
b3JnL3Rvb2xzL3JmY2RpZmYvPC9hPiA8L3RkPjwvdHI+CiAgIDwvdGJvZHk+PC90YWJsZT4K
ICAgCiAgIAo8L2JvZHk+PC9odG1sPg==
--------------4FAFE1DA8AE8F9CD37E340F5
Content-Type: text/plain; charset=UTF-8;
 name="draft-ietf-lisp-sec-12a.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="draft-ietf-lisp-sec-12a.txt"

CgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBGLiBNYWlubwpJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFYuIEVybWFnYW4KSW50ZW5kZWQgc3Rh
dHVzOiBFeHBlcmltZW50YWwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaXNjbyBT
eXN0ZW1zCkV4cGlyZXM6IE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBBLiBDYWJlbGxvcwogICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBUZWNobmljYWwgVW5pdmVyc2l0eSBvZiBDYXRhbG9uaWEKICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
RC4gU2F1Y2V6CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICBJTlJJQQogICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMzEsIDIwMTYKCgogICAg
ICAgICAgICAgICAgICAgICAgICBMSVNQLVNlY3VyaXR5IChMSVNQLVNFQykKICAgICAgICAg
ICAgICAgICAgICAgICAgIGRyYWZ0LWlldGYtbGlzcC1zZWMtMTIKCkFic3RyYWN0CgogICBU
aGlzIG1lbW8gc3BlY2lmaWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1cml0eSBtZWNoYW5p
c21zIHRoYXQKICAgcHJvdmlkZXMgb3JpZ2luIGF1dGhlbnRpY2F0aW9uLCBpbnRlZ3JpdHkg
YW5kIGFudGktcmVwbGF5IHByb3RlY3Rpb24KICAgdG8gTElTUCdzIEVJRC10by1STE9DIG1h
cHBpbmcgZGF0YSBjb252ZXllZCB2aWEgbWFwcGluZyBsb29rdXAKICAgcHJvY2Vzcy4gIExJ
U1AtU0VDIGFsc28gZW5hYmxlcyB2ZXJpZmljYXRpb24gb2YgYXV0aG9yaXphdGlvbiBvbiBF
SUQtCiAgIHByZWZpeCBjbGFpbXMgaW4gTWFwLVJlcGx5IG1lc3NhZ2VzLgoKUmVxdWlyZW1l
bnRzIExhbmd1YWdlCgogICBUaGUga2V5IHdvcmRzICJNVVNUIiwgIk1VU1QgTk9UIiwgIlJF
UVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsCiAgICJTSE9VTEQiLCAiU0hPVUxEIE5P
VCIsICJSRUNPTU1FTkRFRCIsICJNQVkiLCBhbmQgIk9QVElPTkFMIiBpbiB0aGlzCiAgIGRv
Y3VtZW50IGFyZSB0byBiZSBpbnRlcnByZXRlZCBhcyBkZXNjcmliZWQgaW4gW1JGQzIxMTld
LgoKU3RhdHVzIG9mIFRoaXMgTWVtbwoKICAgVGhpcyBJbnRlcm5ldC1EcmFmdCBpcyBzdWJt
aXR0ZWQgaW4gZnVsbCBjb25mb3JtYW5jZSB3aXRoIHRoZQogICBwcm92aXNpb25zIG9mIEJD
UCA3OCBhbmQgQkNQIDc5LgoKICAgSW50ZXJuZXQtRHJhZnRzIGFyZSB3b3JraW5nIGRvY3Vt
ZW50cyBvZiB0aGUgSW50ZXJuZXQgRW5naW5lZXJpbmcKICAgVGFzayBGb3JjZSAoSUVURiku
ICBOb3RlIHRoYXQgb3RoZXIgZ3JvdXBzIG1heSBhbHNvIGRpc3RyaWJ1dGUKICAgd29ya2lu
ZyBkb2N1bWVudHMgYXMgSW50ZXJuZXQtRHJhZnRzLiAgVGhlIGxpc3Qgb2YgY3VycmVudCBJ
bnRlcm5ldC0KICAgRHJhZnRzIGlzIGF0IGh0dHA6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k
cmFmdHMvY3VycmVudC8uCgogICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50
cyB2YWxpZCBmb3IgYSBtYXhpbXVtIG9mIHNpeCBtb250aHMKICAgYW5kIG1heSBiZSB1cGRh
dGVkLCByZXBsYWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnkK
ICAgdGltZS4gIEl0IGlzIGluYXBwcm9wcmlhdGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBh
cyByZWZlcmVuY2UKICAgbWF0ZXJpYWwgb3IgdG8gY2l0ZSB0aGVtIG90aGVyIHRoYW4gYXMg
IndvcmsgaW4gcHJvZ3Jlc3MuIgoKICAgVGhpcyBJbnRlcm5ldC1EcmFmdCB3aWxsIGV4cGly
ZSBvbiBNYXkgNCwgMjAxNy4KCgoKCgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBF
eHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICAgW1BhZ2UgMV0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBP
Y3RvYmVyIDIwMTYKCgpDb3B5cmlnaHQgTm90aWNlCgogICBDb3B5cmlnaHQgKGMpIDIwMTYg
SUVURiBUcnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGUKICAgZG9jdW1l
bnQgYXV0aG9ycy4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuCgogICBUaGlzIGRvY3VtZW50IGlz
IHN1YmplY3QgdG8gQkNQIDc4IGFuZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsCiAgIFByb3Zp
c2lvbnMgUmVsYXRpbmcgdG8gSUVURiBEb2N1bWVudHMKICAgKGh0dHA6Ly90cnVzdGVlLmll
dGYub3JnL2xpY2Vuc2UtaW5mbykgaW4gZWZmZWN0IG9uIHRoZSBkYXRlIG9mCiAgIHB1Ymxp
Y2F0aW9uIG9mIHRoaXMgZG9jdW1lbnQuICBQbGVhc2UgcmV2aWV3IHRoZXNlIGRvY3VtZW50
cwogICBjYXJlZnVsbHksIGFzIHRoZXkgZGVzY3JpYmUgeW91ciByaWdodHMgYW5kIHJlc3Ry
aWN0aW9ucyB3aXRoIHJlc3BlY3QKICAgdG8gdGhpcyBkb2N1bWVudC4gIENvZGUgQ29tcG9u
ZW50cyBleHRyYWN0ZWQgZnJvbSB0aGlzIGRvY3VtZW50IG11c3QKICAgaW5jbHVkZSBTaW1w
bGlmaWVkIEJTRCBMaWNlbnNlIHRleHQgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNC5lIG9m
CiAgIHRoZSBUcnVzdCBMZWdhbCBQcm92aXNpb25zIGFuZCBhcmUgcHJvdmlkZWQgd2l0aG91
dCB3YXJyYW50eSBhcwogICBkZXNjcmliZWQgaW4gdGhlIFNpbXBsaWZpZWQgQlNEIExpY2Vu
c2UuCgpUYWJsZSBvZiBDb250ZW50cwoKICAgMS4gIEludHJvZHVjdGlvbiAgLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICAzCiAgIDIuICBEZWZp
bml0aW9uIG9mIFRlcm1zIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuICAgMwogICAzLiAgTElTUC1TRUMgVGhyZWF0IE1vZGVsIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgIDQKICAgNC4gIFByb3RvY29sIE9wZXJhdGlvbnMg
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICA0CiAgIDUuICBM
SVNQLVNFQyBDb250cm9sIE1lc3NhZ2VzIERldGFpbHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuICAgNwogICAgIDUuMS4gIEVuY2Fwc3VsYXRlZCBDb250cm9sIE1lc3NhZ2UgTElT
UC1TRUMgRXh0ZW5zaW9ucyAgLiAuIC4gLiAgIDcKICAgICA1LjIuICBNYXAtUmVwbHkgTElT
UC1TRUMgRXh0ZW5zaW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICA5CiAgICAg
NS4zLiAgTWFwLVJlZ2lzdGVyIExJU1AtU0VDIEV4dGVudGlvbnMgIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuICAxMAogICAgIDUuNC4gIElUUiBQcm9jZXNzaW5nICAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTAKICAgICAgIDUuNC4xLiAgTWFwLVJl
cGx5IFJlY29yZCBWYWxpZGF0aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEyCiAg
ICAgICA1LjQuMi4gIFBJVFIgUHJvY2Vzc2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuICAxMwogICAgIDUuNS4gIEVuY3J5cHRpbmcgYW5kIERlY3J5cHRpbmcg
YW4gT1RLICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTMKICAgICA1LjYuICBNYXAtUmVz
b2x2ZXIgUHJvY2Vzc2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE0
CiAgICAgNS43LiAgTWFwLVNlcnZlciBQcm9jZXNzaW5nIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuICAxNAogICAgICAgNS43LjEuICBNYXAtU2VydmVyIFByb2Nlc3Np
bmcgaW4gUHJveHkgbW9kZSAuIC4gLiAuIC4gLiAuIC4gLiAgMTUKICAgICA1LjguICBFVFIg
UHJvY2Vzc2luZyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
IDE1CiAgIDYuICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuICAxNgogICAgIDYuMS4gIE1hcHBpbmcgU3lzdGVtIFNlY3Vy
aXR5IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTYKICAgICA2LjIuICBS
YW5kb20gTnVtYmVyIEdlbmVyYXRpb24gIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gIDE2CiAgICAgNi4zLiAgTWFwLVNlcnZlciBhbmQgRVRSIENvbG9jYXRpb24gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNgogICAgIDYuNC4gIERlcGxveWluZyBMSVNQLVNF
QyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTcKICAgNy4gIElB
TkEgQ29uc2lkZXJhdGlvbnMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gIDE3CiAgICAgNy4xLiAgRUNNIEFEIFR5cGUgUmVnaXN0cnkgIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNwogICAgIDcuMi4gIE1hcC1SZXBseSBBRCBU
eXBlIFJlZ2lzdHJ5ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTgKICAgICA3
LjMuICBITUFDIEZ1bmN0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gIDE4CiAgICAgNy40LiAgS2V5IFdyYXAgRnVuY3Rpb25zICAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxOQogICAgIDcuNS4gIEtleSBEZXJpdmF0
aW9uIEZ1bmN0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTkKICAg
OC4gIEFja25vd2xlZGdlbWVudHMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gIDE5CiAgIDkuICBOb3JtYXRpdmUgUmVmZXJlbmNlcyAgLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAyMAogICBBdXRob3JzJyBBZGRyZXNz
ZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMjEK
CgoKCk1haW5vLCBldCBhbC4gICAgICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAg
ICAgICAgICAgICAgICBbUGFnZSAyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg
ICAgTElTUC1TRUMgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCjEuICBJbnRy
b2R1Y3Rpb24KCiAgIFRoZSBMb2NhdG9yL0lEIFNlcGFyYXRpb24gUHJvdG9jb2wgW1JGQzY4
MzBdIGlzIGEgbmV0d29yay1sYXllci1iYXNlZAogICBwcm90b2NvbCB0aGF0IGVuYWJsZXMg
c2VwYXJhdGlvbiBvZiBJUCBhZGRyZXNzZXMgaW50byB0d28gbmV3CiAgIG51bWJlcmluZyBz
cGFjZXM6IEVuZHBvaW50IElkZW50aWZpZXJzIChFSURzKSBhbmQgUm91dGluZyBMb2NhdG9y
cwogICAoUkxPQ3MpLiAgSWYgdGhlc2UgRUlELXRvLVJMT0MgbWFwcGluZ3MsIGNhcnJpZWQg
dGhyb3VnaCBNYXAtUmVwbHkKICAgbWVzc2FnZXMsIGFyZSB0cmFuc21pdHRlZCB3aXRob3V0
IGludGVncml0eSBwcm90ZWN0aW9uLCBhbiBhZHZlcnNhcnkKICAgY2FuIG1hbmlwdWxhdGUg
dGhlbSBhbmQgaGlqYWNrIHRoZSBjb21tdW5pY2F0aW9uLCBpbXBlcnNvbmF0ZSB0aGUKICAg
cmVxdWVzdGVkIEVJRCwgb3IgbW91bnQgRGVuaWFsIG9mIFNlcnZpY2Ugb3IgRGlzdHJpYnV0
ZWQgRGVuaWFsIG9mCiAgIFNlcnZpY2UgYXR0YWNrcy4gIEFsc28sIGlmIHRoZSBNYXAtUmVw
bHkgbWVzc2FnZSBpcyB0cmFuc3BvcnRlZAogICB1bmF1dGhlbnRpY2F0ZWQsIGFuIGFkdmVy
c2FyaWFsIExJU1AgZW50aXR5IGNhbiBvdmVyY2xhaW0gYW4gRUlELQogICBwcmVmaXggYW5k
IG1hbGljaW91c2x5IHJlZGlyZWN0IHRyYWZmaWMgZGlyZWN0ZWQgdG8gYSBsYXJnZSBudW1i
ZXIgb2YKICAgaG9zdHMuICBUaGUgTElTUC1TRUMgdGhyZWF0IG1vZGVsLCBkZXNjcmliZWQg
aW4gU2VjdGlvbiAzLCBpcyBidWlsdAogICBvbiB0b3Agb2YgdGhlIExJU1AgdGhyZWF0IG1v
ZGVsIGRlZmluZWQgaW4gW1JGQzc4MzVdLCB0aGF0IGluY2x1ZGVzCiAgIGRldGFpbGVkIGRl
c2NyaXB0aW9uIG9mICJvdmVyY2xhaW1pbmciIGF0dGFjay4KCiAgIFRoaXMgbWVtbyBzcGVj
aWZpZXMgTElTUC1TRUMsIGEgc2V0IG9mIHNlY3VyaXR5IG1lY2hhbmlzbXMgdGhhdAogICBw
cm92aWRlcyBvcmlnaW4gYXV0aGVudGljYXRpb24sIGludGVncml0eSBhbmQgYW50aS1yZXBs
YXkgcHJvdGVjdGlvbgogICB0byBMSVNQJ3MgRUlELXRvLVJMT0MgbWFwcGluZyBkYXRhIGNv
bnZleWVkIHZpYSBtYXBwaW5nIGxvb2t1cAogICBwcm9jZXNzLiAgTElTUC1TRUMgYWxzbyBl
bmFibGVzIHZlcmlmaWNhdGlvbiBvZiBhdXRob3JpemF0aW9uIG9uIEVJRC0KICAgcHJlZml4
IGNsYWltcyBpbiBNYXAtUmVwbHkgbWVzc2FnZXMsIGVuc3VyaW5nIHRoYXQgdGhlIHNlbmRl
ciBvZiBhCiAgIE1hcC1SZXBseSB0aGF0IHByb3ZpZGVzIHRoZSBsb2NhdGlvbiBmb3IgYSBn
aXZlbiBFSUQtcHJlZml4IGlzCiAgIGVudGl0bGVkIHRvIGRvIHNvIGFjY29yZGluZyB0byB0
aGUgRUlEIHByZWZpeCByZWdpc3RlcmVkIGluIHRoZQogICBhc3NvY2lhdGVkIE1hcC1TZXJ2
ZXIuICBNYXAtUmVnaXN0ZXIgc2VjdXJpdHksIGluY2x1ZGluZyB0aGUgcmlnaHQKICAgZm9y
IGEgTElTUCBlbnRpdHkgdG8gcmVnaXN0ZXIgYW4gRUlELXByZWZpeCBvciB0byBjbGFpbSBw
cmVzZW5jZSBhdAogICBhbiBSTE9DLCBpcyBvdXQgb2YgdGhlIHNjb3BlIG9mIExJU1AtU0VD
LiAgQWRkaXRpb25hbCBzZWN1cml0eQogICBjb25zaWRlcmF0aW9ucyBhcmUgZGVzY3JpYmVk
IGluIFNlY3Rpb24gNi4KCjIuICBEZWZpbml0aW9uIG9mIFRlcm1zCgogICAgICBPbmUtVGlt
ZSBLZXkgKE9USyk6IEFuIGVwaGVtZXJhbCByYW5kb21seSBnZW5lcmF0ZWQga2V5IHRoYXQg
bXVzdAogICAgICBiZSB1c2VkIGZvciBhIHNpbmdsZSBNYXAtUmVxdWVzdC9NYXAtUmVwbHkg
ZXhjaGFuZ2UuCgogICAgICBJVFIgT25lLVRpbWUgS2V5IChJVFItT1RLKTogVGhlIE9uZS1U
aW1lIEtleSBnZW5lcmF0ZWQgYXQgdGhlIElUUi4KCiAgICAgIE1TIE9uZS1UaW1lIEtleSAo
TVMtT1RLKTogVGhlIE9uZS1UaW1lIEtleSBnZW5lcmF0ZWQgYXQgdGhlIE1hcC0KICAgICAg
U2VydmVyLgoKICAgICAgQXV0aGVudGljYXRpb24gRGF0YSAoQUQpOiBNZXRhZGF0YSB0aGF0
IGlzIGluY2x1ZGVkIGVpdGhlciBpbiBhCiAgICAgIExJU1AgRW5jYXBzdWxhdGVkIENvbnRy
b2wgTWVzc2FnZSAoRUNNKSBoZWFkZXIsIGFzIGRlZmluZWQgaW4KICAgICAgU2VjdGlvbiA2
LjEuOCBvZiBbUkZDNjgzMF0sIG9yIGluIGEgTWFwLVJlcGx5IG1lc3NhZ2UgdG8gc3VwcG9y
dAogICAgICBjb25maWRlbnRpYWxpdHksIGludGVncml0eSBwcm90ZWN0aW9uLCBhbmQgdmVy
aWZpY2F0aW9uIG9mIEVJRC0KICAgICAgcHJlZml4IGF1dGhvcml6YXRpb24uCgogICAgICBP
VEsgQXV0aGVudGljYXRpb24gRGF0YSAoT1RLLUFEKTogVGhlIHBvcnRpb24gb2YgRUNNCiAg
ICAgIEF1dGhlbnRpY2F0aW9uIERhdGEgdGhhdCBjb250YWlucyBhIE9uZS1UaW1lIEtleS4K
CgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAg
ICAgICAgICAgICAgICAgW1BhZ2UgM10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg
ICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICAgICBF
SUQgQXV0aGVudGljYXRpb24gRGF0YSAoRUlELUFEKTogVGhlIHBvcnRpb24gb2YgRUNNIGFu
ZCBNYXAtUmVwbHkKICAgICAgQXV0aGVudGljYXRpb24gRGF0YSB1c2VkIGZvciB2ZXJpZmlj
YXRpb24gb2YgRUlELXByZWZpeAogICAgICBhdXRob3JpemF0aW9uLgoKICAgICAgUGFja2V0
IEF1dGhlbnRpY2F0aW9uIERhdGEgKFBLVC1BRCk6IFRoZSBwb3J0aW9uIG9mIE1hcC1SZXBs
eQogICAgICBBdXRoZW50aWNhdGlvbiBEYXRhIHVzZWQgdG8gcHJvdGVjdCB0aGUgaW50ZWdy
aXR5IG9mIHRoZSBNYXAtUmVwbHkKICAgICAgbWVzc2FnZS4KCgoKICAgRm9yIGRlZmluaXRp
b25zIG9mIG90aGVyIHRlcm1zLCBub3RhYmx5IE1hcC1SZXF1ZXN0LCBNYXAtUmVwbHksCiAg
IEluZ3Jlc3MgVHVubmVsIFJvdXRlciAoSVRSKSwgRWdyZXNzIFR1bm5lbCBSb3V0ZXIgKEVU
UiksIE1hcC1TZXJ2ZXIKICAgKE1TKSwgYW5kIE1hcC1SZXNvbHZlciAoTVIpIHBsZWFzZSBj
b25zdWx0IHRoZSBMSVNQIHNwZWNpZmljYXRpb24KICAgW1JGQzY4MzBdLgoKMy4gIExJU1At
U0VDIFRocmVhdCBNb2RlbAoKICAgTElTUC1TRUMgYWRkcmVzc2VzIHRoZSBjb250cm9sIHBs
YW5lIHRocmVhdHMsIGRlc2NyaWJlZCBpbiBbUkZDNzgzNV0sCiAgIHRoYXQgdGFyZ2V0IEVJ
RC10by1STE9DIG1hcHBpbmdzLCBpbmNsdWRpbmcgbWFuaXB1bGF0aW9ucyBvZiBNYXAtCiAg
IFJlcXVlc3QgYW5kIE1hcC1SZXBseSBtZXNzYWdlcywgYW5kIG1hbGljaW91cyBFVFIgRUlE
IHByZWZpeAogICBvdmVyY2xhaW1pbmcuICBMSVNQLVNFQyBtYWtlcyB0d28gbWFpbiBhc3N1
bXB0aW9uczogKDEpIHRoZSBMSVNQCiAgIG1hcHBpbmcgc3lzdGVtIGlzIGV4cGVjdGVkIHRv
IGRlbGl2ZXIgYSBNYXAtUmVxdWVzdCBtZXNzYWdlIHRvIHRoZWlyCiAgIGludGVuZGVkIGRl
c3RpbmF0aW9uIEVUUiBhcyBpZGVudGlmaWVkIGJ5IHRoZSBFSUQsIGFuZCAoMikgbm8gbWFu
LWluLQogICB0aGUtbWlkZGxlIChNSVRNKSBhdHRhY2sgY2FuIGJlIG1vdW50ZWQgd2l0aGlu
IHRoZSBMSVNQIE1hcHBpbmcKICAgU3lzdGVtLiAgSG93IHRoZSBNYXBwaW5nIFN5c3RlbSBp
cyBwcm90ZWN0ZWQgZnJvbSBNSVRNIGF0dGFja3MKICAgZGVwZW5kcyBmcm9tIHRoZSBwYXJ0
aWN1bGFyIE1hcHBpbmcgU3lzdGVtcyB1c2VkLCBhbmQgaXMgb3V0IG9mIHRoZQogICBzY29w
ZSBvZiB0aGlzIG1lbW8uICBGdXJ0aGVybW9yZSwgd2hpbGUgTElTUC1TRUMgZW5hYmxlcyBk
ZXRlY3Rpb24gb2YKICAgRUlEIHByZWZpeCBvdmVyY2xhaW1pbmcgYXR0YWNrcywgaXQgYXNz
dW1lcyB0aGF0IE1hcC1TZXJ2ZXJzIGNhbgogICB2ZXJpZnkgdGhlIEVJRCBwcmVmaXggYXV0
aG9yaXphdGlvbiBhdCB0aW1lIG9mIHJlZ2lzdHJhdGlvbi4KCiAgIEFjY29yZGluZyB0byB0
aGUgdGhyZWF0IG1vZGVsIGRlc2NyaWJlZCBpbiBbUkZDNzgzNV0gTElTUC1TRUMgYXNzdW1l
cwogICB0aGF0IGFueSBraW5kIG9mIGF0dGFjaywgaW5jbHVkaW5nIE1JVE0gYXR0YWNrcywg
Y2FuIGJlIG1vdW50ZWQgaW4KICAgdGhlIGFjY2VzcyBuZXR3b3JrLCBvdXRzaWRlIG9mIHRo
ZSBib3VuZGFyaWVzIG9mIHRoZSBMSVNQIG1hcHBpbmcKICAgc3lzdGVtLiAgQW4gb24tcGF0
aCBhdHRhY2tlciwgb3V0c2lkZSBvZiB0aGUgTElTUCBtYXBwaW5nIHN5c3RlbSBjYW4sCiAg
IGZvciBleGFtcGxlLCBoaWphY2sgTWFwLVJlcXVlc3QgYW5kIE1hcC1SZXBseSBtZXNzYWdl
cywgc3Bvb2ZpbmcgdGhlCiAgIGlkZW50aXR5IG9mIGEgTElTUCBub2RlLiAgQW5vdGhlciBl
eGFtcGxlIG9mIG9uLXBhdGggYXR0YWNrLCBjYWxsZWQKICAgb3ZlcmNsYWltaW5nIGF0dGFj
aywgY2FuIGJlIG1vdW50ZWQgYnkgYSBtYWxpY2lvdXMgRWdyZXNzIFR1bm5lbAogICBSb3V0
ZXIgKEVUUiksIGJ5IG92ZXJjbGFpbWluZyB0aGUgRUlELXByZWZpeGVzIGZvciB3aGljaCBp
dCBpcwogICBhdXRob3JpdGF0aXZlLiAgSW4gdGhpcyB3YXkgdGhlIEVUUiBjYW4gbWFsaWNp
b3VzbHkgcmVkaXJlY3QgdHJhZmZpYwogICBkaXJlY3RlZCB0byBhIGxhcmdlIG51bWJlciBv
ZiBob3N0cy4KCjQuICBQcm90b2NvbCBPcGVyYXRpb25zCgogICBUaGUgZ29hbCBvZiB0aGUg
c2VjdXJpdHkgbWVjaGFuaXNtcyBkZWZpbmVkIGluIFtSRkM2ODMwXSBpcyB0bwogICBwcmV2
ZW50IHVuYXV0aG9yaXplZCBpbnNlcnRpb24gb2YgbWFwcGluZyBkYXRhIGJ5IHByb3ZpZGlu
ZyBvcmlnaW4KICAgYXV0aGVudGljYXRpb24gYW5kIGludGVncml0eSBwcm90ZWN0aW9uIGZv
ciB0aGUgTWFwLVJlZ2lzdHJhdGlvbiwgYW5kCiAgIGJ5IHVzaW5nIHRoZSBub25jZSB0byBk
ZXRlY3QgdW5zb2xpY2l0ZWQgTWFwLVJlcGx5IHNlbnQgYnkgb2ZmLXBhdGgKICAgYXR0YWNr
ZXJzLgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3
ICAgICAgICAgICAgICAgICAgW1BhZ2UgNF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAg
ICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICBM
SVNQLVNFQyBidWlsZHMgb24gdG9wIG9mIHRoZSBzZWN1cml0eSBtZWNoYW5pc21zIGRlZmlu
ZWQgaW4KICAgW1JGQzY4MzBdIHRvIGFkZHJlc3MgdGhlIHRocmVhdHMgZGVzY3JpYmVkIGlu
IFNlY3Rpb24gMyBieSBsZXZlcmFnaW5nCiAgIHRoZSB0cnVzdCByZWxhdGlvbnNoaXBzIGV4
aXN0aW5nIGFtb25nIHRoZSBMSVNQIGVudGl0aWVzCiAgIHBhcnRpY2lwYXRpbmcgdG8gdGhl
IGV4Y2hhbmdlIG9mIHRoZSBNYXAtUmVxdWVzdC9NYXAtUmVwbHkgbWVzc2FnZXMuCiAgIFRo
b3NlIHRydXN0IHJlbGF0aW9uc2hpcHMgYXJlIHVzZWQgdG8gc2VjdXJlbHkgZGlzdHJpYnV0
ZSBhIE9uZS1UaW1lCiAgIEtleSAoT1RLKSB0aGF0IHByb3ZpZGVzIG9yaWdpbiBhdXRoZW50
aWNhdGlvbiwgaW50ZWdyaXR5IGFuZCBhbnRpLQogICByZXBsYXkgcHJvdGVjdGlvbiB0byBt
YXBwaW5nIGRhdGEgY29udmV5ZWQgdmlhIHRoZSBtYXBwaW5nIGxvb2t1cAogICBwcm9jZXNz
LCBhbmQgdGhhdCBlZmZlY3RpdmVseSBwcmV2ZW50IG92ZXJjbGFpbWluZyBhdHRhY2tzLiAg
VGhlCiAgIHByb2Nlc3Npbmcgb2Ygc2VjdXJpdHkgcGFyYW1ldGVycyBkdXJpbmcgdGhlIE1h
cC1SZXF1ZXN0L01hcC1SZXBseQogICBleGNoYW5nZSBpcyBhcyBmb2xsb3dzOgoKICAgbyAg
VGhlIElUUi1PVEsgaXMgZ2VuZXJhdGVkIGFuZCBzdG9yZWQgYXQgdGhlIElUUiwgYW5kIHNl
Y3VyZWx5CiAgICAgIHRyYW5zcG9ydGVkIHRvIHRoZSBNYXAtU2VydmVyLgoKICAgbyAgVGhl
IE1hcC1TZXJ2ZXIgdXNlcyB0aGUgSVRSLU9USyB0byBjb21wdXRlIGEgS2V5ZWQtSGFzaGlu
ZyBmb3IKICAgICAgTWVzc2FnZSBBdXRoZW50aWNhdGlvbiAoSE1BQykgW1JGQzIxMDRdIHRo
YXQgcHJvdGVjdHMgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgbWFwcGluZyBkYXRhIGtu
b3duIHRvIHRoZSBNYXAtU2VydmVyIHRvIHByZXZlbnQKICAgICAgb3ZlcmNsYWltaW5nIGF0
dGFja3MuICBUaGUgTWFwLVNlcnZlciBhbHNvIGRlcml2ZXMgYSBuZXcgT1RLLCB0aGUKICAg
ICAgTVMtT1RLLCB0aGF0IGlzIHBhc3NlZCB0byB0aGUgRVRSLCBieSBhcHBseWluZyBhIEtl
eSBEZXJpdmF0aW9uCiAgICAgIEZ1bmN0aW9uIChLREYpIHRvIHRoZSBJVFItT1RLLgoKICAg
byAgVGhlIEVUUiB1c2VzIHRoZSBNUy1PVEsgdG8gY29tcHV0ZSBhbiBITUFDIHRoYXQgcHJv
dGVjdHMgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgTWFwLVJlcGx5IHNlbnQgdG8gdGhl
IElUUi4KCiAgIG8gIEZpbmFsbHksIHRoZSBJVFIgdXNlcyB0aGUgc3RvcmVkIElUUi1PVEsg
dG8gdmVyaWZ5IHRoZSBpbnRlZ3JpdHkKICAgICAgb2YgdGhlIG1hcHBpbmcgZGF0YSBwcm92
aWRlZCBieSBib3RoIHRoZSBNYXAtU2VydmVyIGFuZCB0aGUgRVRSLAogICAgICBhbmQgdG8g
dmVyaWZ5IHRoYXQgbm8gb3ZlcmNsYWltaW5nIGF0dGFja3Mgd2VyZSBtb3VudGVkIGFsb25n
IHRoZQogICAgICBwYXRoIGJldHdlZW4gdGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBJVFIuCgog
ICBTZWN0aW9uIDUgcHJvdmlkZXMgdGhlIGRldGFpbGVkIGRlc2NyaXB0aW9uIG9mIHRoZSBM
SVNQLVNFQyBjb250cm9sCiAgIG1lc3NhZ2VzIGFuZCB0aGVpciBwcm9jZXNzaW5nLCB3aGls
ZSB0aGUgcmVzdCBvZiB0aGlzIHNlY3Rpb24KICAgZGVzY3JpYmVzIHRoZSBmbG93IG9mIHBy
b3RvY29sIG9wZXJhdGlvbnMgYXQgZWFjaCBlbnRpdHkgaW52b2x2ZWQgaW4KICAgdGhlIE1h
cC1SZXF1ZXN0L01hcC1SZXBseSBleGNoYW5nZToKCiAgIG8gIFRoZSBJVFIsIHVwb24gbmVl
ZGluZyB0byB0cmFuc21pdCBhIE1hcC1SZXF1ZXN0IG1lc3NhZ2UsIGdlbmVyYXRlcwogICAg
ICBhbmQgc3RvcmVzIGFuIE9USyAoSVRSLU9USykuICBUaGlzIElUUi1PVEsgaXMgaW5jbHVk
ZWQgaW50byB0aGUKICAgICAgRW5jYXBzdWxhdGVkIENvbnRyb2wgTWVzc2FnZSAoRUNNKSB0
aGF0IGNvbnRhaW5zIHRoZSBNYXAtUmVxdWVzdAogICAgICBzZW50IHRvIHRoZSBNYXAtUmVz
b2x2ZXIuICBUbyBwcm92aWRlIGNvbmZpZGVudGlhbGl0eSB0byB0aGUgSVRSLQogICAgICBP
VEsgb3ZlciB0aGUgcGF0aCBiZXR3ZWVuIHRoZSBJVFIgYW5kIGl0cyBNYXAtUmVzb2x2ZXIs
IHRoZSBJVFItCiAgICAgIE9USyBTSE9VTEQgYmUgZW5jcnlwdGVkIHVzaW5nIGEgcHJlY29u
ZmlndXJlZCBrZXkgc2hhcmVkIGJldHdlZW4KICAgICAgdGhlIElUUiBhbmQgdGhlIE1hcC1S
ZXNvbHZlciwgc2ltaWxhciB0byB0aGUga2V5IHNoYXJlZCBiZXR3ZWVuCiAgICAgIHRoZSBF
VFIgYW5kIHRoZSBNYXAtU2VydmVyIGluIG9yZGVyIHRvIHNlY3VyZSBFVFIgcmVnaXN0cmF0
aW9uCiAgICAgIFtSRkM2ODMzXS4KCiAgIG8gIFRoZSBNYXAtUmVzb2x2ZXIgZGVjYXBzdWxh
dGVzIHRoZSBFQ00gbWVzc2FnZSwgZGVjcnlwdHMgdGhlIElUUi0KICAgICAgT1RLLCBpZiBu
ZWVkZWQsIGFuZCBmb3J3YXJkcyB0aHJvdWdoIHRoZSBNYXBwaW5nIFN5c3RlbSB0aGUKICAg
ICAgcmVjZWl2ZWQgTWFwLVJlcXVlc3QgYW5kIHRoZSBJVFItT1RLLCBhcyBwYXJ0IG9mIGEg
bmV3IEVDTQogICAgICBtZXNzYWdlLiAgQXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS42LCB0
aGUgTElTUCBNYXBwaW5nIFN5c3RlbQoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBF
eHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICAgW1BhZ2UgNV0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBP
Y3RvYmVyIDIwMTYKCgogICAgICBkZWxpdmVycyB0aGUgRUNNIHRvIHRoZSBhcHByb3ByaWF0
ZSBNYXAtU2VydmVyLCBhcyBpZGVudGlmaWVkIGJ5CiAgICAgIHRoZSBFSUQgZGVzdGluYXRp
b24gYWRkcmVzcyBvZiB0aGUgTWFwLVJlcXVlc3QuCgogICBvICBUaGUgTWFwLVNlcnZlciBp
cyBjb25maWd1cmVkIHdpdGggdGhlIGxvY2F0aW9uIG1hcHBpbmdzIGFuZCBwb2xpY3kKICAg
ICAgaW5mb3JtYXRpb24gZm9yIHRoZSBFVFIgcmVzcG9uc2libGUgZm9yIHRoZSBFSUQgZGVz
dGluYXRpb24KICAgICAgYWRkcmVzcy4gIFVzaW5nIHRoaXMgcHJlY29uZmlndXJlZCBpbmZv
cm1hdGlvbiwgdGhlIE1hcC1TZXJ2ZXIsCiAgICAgIGFmdGVyIHRoZSBkZWNhcHN1bGF0aW9u
IG9mIHRoZSBFQ00gbWVzc2FnZSwgZmluZHMgdGhlIGxvbmdlc3QKICAgICAgbWF0Y2ggRUlE
LXByZWZpeCB0aGF0IGNvdmVycyB0aGUgcmVxdWVzdGVkIEVJRCBpbiB0aGUgcmVjZWl2ZWQK
ICAgICAgTWFwLVJlcXVlc3QuICBUaGUgTWFwLVNlcnZlciBhZGRzIHRoaXMgRUlELXByZWZp
eCwgdG9nZXRoZXIgd2l0aAogICAgICBhbiBITUFDIGNvbXB1dGVkIHVzaW5nIHRoZSBJVFIt
T1RLLCB0byBhIG5ldyBFbmNhcHN1bGF0ZWQgQ29udHJvbAogICAgICBNZXNzYWdlIHRoYXQg
Y29udGFpbnMgdGhlIHJlY2VpdmVkIE1hcC1SZXF1ZXN0LgoKICAgbyAgVGhlIE1hcC1TZXJ2
ZXIgZGVyaXZlcyBhIG5ldyBPVEssIHRoZSBNUy1PVEssIGJ5IGFwcGx5aW5nIGEgS2V5CiAg
ICAgIERlcml2YXRpb24gRnVuY3Rpb24gKEtERikgdG8gdGhlIElUUi1PVEsuICBUaGlzIE1T
LU9USyBpcyBpbmNsdWRlZAogICAgICBpbiB0aGUgRW5jYXBzdWxhdGVkIENvbnRyb2wgTWVz
c2FnZSB0aGF0IHRoZSBNYXAtU2VydmVyIHVzZXMgdG8KICAgICAgZm9yd2FyZCB0aGUgTWFw
LVJlcXVlc3QgdG8gdGhlIEVUUi4gIFRvIHByb3ZpZGUgTVMtT1RLCiAgICAgIGNvbmZpZGVu
dGlhbGl0eSBvdmVyIHRoZSBwYXRoIGJldHdlZW4gdGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBF
VFIsCiAgICAgIHRoZSBNUy1PVEsgU0hPVUxEIGJlIGVuY3J5cHRlZCB1c2luZyB0aGUga2V5
IHNoYXJlZCBiZXR3ZWVuIHRoZQogICAgICBFVFIgYW5kIHRoZSBNYXAtU2VydmVyIGluIG9y
ZGVyIHRvIHNlY3VyZSBFVFIgcmVnaXN0cmF0aW9uCiAgICAgIFtSRkM2ODMzXS4KCiAgIG8g
IElmIHRoZSBNYXAtU2VydmVyIGlzIGFjdGluZyBpbiBwcm94eSBtb2RlLCBhcyBzcGVjaWZp
ZWQgaW4KICAgICAgW1JGQzY4MzBdLCB0aGUgRVRSIGlzIG5vdCBpbnZvbHZlZCBpbiB0aGUg
Z2VuZXJhdGlvbiBvZiB0aGUgTWFwLQogICAgICBSZXBseS4gIEluIHRoaXMgY2FzZSB0aGUg
TWFwLVNlcnZlciBnZW5lcmF0ZXMgdGhlIE1hcC1SZXBseSBvbgogICAgICBiZWhhbGYgb2Yg
dGhlIEVUUiBhcyBkZXNjcmliZWQgYmVsb3cuCgogICBvICBUaGUgRVRSLCB1cG9uIHJlY2Vp
dmluZyB0aGUgRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCBmcm9tIHRoZQogICAgICBN
YXAtU2VydmVyLCBkZWNyeXB0cyB0aGUgTVMtT1RLLCBpZiBuZWVkZWQsIGFuZCBvcmlnaW5h
dGVzIGEKICAgICAgc3RhbmRhcmQgTWFwLVJlcGx5IHRoYXQgY29udGFpbnMgdGhlIEVJRC10
by1STE9DIG1hcHBpbmcKICAgICAgaW5mb3JtYXRpb24gYXMgc3BlY2lmaWVkIGluIFtSRkM2
ODMwXS4KCiAgIG8gIFRoZSBFVFIgY29tcHV0ZXMgYW4gSE1BQyBvdmVyIHRoaXMgc3RhbmRh
cmQgTWFwLVJlcGx5LCBrZXllZCB3aXRoCiAgICAgIE1TLU9USyB0byBwcm90ZWN0IHRoZSBp
bnRlZ3JpdHkgb2YgdGhlIHdob2xlIE1hcC1SZXBseS4gIFRoZSBFVFIKICAgICAgYWxzbyBj
b3BpZXMgdGhlIEVJRC1wcmVmaXggYXV0aG9yaXphdGlvbiBkYXRhIHRoYXQgdGhlIE1hcC1T
ZXJ2ZXIKICAgICAgaW5jbHVkZWQgaW4gdGhlIEVDTSBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVl
c3QgaW50byB0aGUgTWFwLVJlcGx5CiAgICAgIG1lc3NhZ2UuICBUaGUgRVRSIHRoZW4gc2Vu
ZHMgdGhpcyBjb21wbGV0ZSBNYXAtUmVwbHkgbWVzc2FnZSB0bwogICAgICB0aGUgcmVxdWVz
dGluZyBJVFIuCgogICBvICBUaGUgSVRSLCB1cG9uIHJlY2VpdmluZyB0aGUgTWFwLVJlcGx5
LCB1c2VzIHRoZSBsb2NhbGx5IHN0b3JlZAogICAgICBJVFItT1RLIHRvIHZlcmlmeSB0aGUg
aW50ZWdyaXR5IG9mIHRoZSBFSUQtcHJlZml4IGF1dGhvcml6YXRpb24KICAgICAgZGF0YSBp
bmNsdWRlZCBpbiB0aGUgTWFwLVJlcGx5IGJ5IHRoZSBNYXAtU2VydmVyLiAgVGhlIElUUgog
ICAgICBjb21wdXRlcyB0aGUgTVMtT1RLIGJ5IGFwcGx5aW5nIHRoZSBzYW1lIEtERiB1c2Vk
IGJ5IHRoZSBNYXAtCiAgICAgIFNlcnZlciwgYW5kIHZlcmlmaWVzIHRoZSBpbnRlZ3JpdHkg
b2YgdGhlIE1hcC1SZXBseS4gIElmIHRoZQogICAgICBpbnRlZ3JpdHkgY2hlY2tzIGZhaWws
IHRoZSBNYXAtUmVwbHkgTVVTVCBiZSBkaXNjYXJkZWQuICBBbHNvLCBpZgogICAgICB0aGUg
RUlELXByZWZpeGVzIGNsYWltZWQgYnkgdGhlIEVUUiBpbiB0aGUgTWFwLVJlcGx5IGFyZSBu
b3QgZXF1YWwKICAgICAgb3IgbW9yZSBzcGVjaWZpYyB0aGFuIHRoZSBFSUQtcHJlZml4IGF1
dGhvcml6YXRpb24gZGF0YSBpbnNlcnRlZAogICAgICBieSB0aGUgTWFwLVNlcnZlciwgdGhl
IElUUiBNVVNUIGRpc2NhcmQgdGhlIE1hcC1SZXBseS4KCgoKCk1haW5vLCBldCBhbC4gICAg
ICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAgICAgICAgICAgICBbUGFnZSA2
XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgTElTUC1TRUMgICAgICAgICAg
ICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCjUuICBMSVNQLVNFQyBDb250cm9sIE1lc3NhZ2Vz
IERldGFpbHMKCiAgIExJU1AtU0VDIG1ldGFkYXRhIGFzc29jaWF0ZWQgd2l0aCBhIE1hcC1S
ZXF1ZXN0IGlzIHRyYW5zcG9ydGVkIHdpdGhpbgogICB0aGUgRW5jYXBzdWxhdGVkIENvbnRy
b2wgTWVzc2FnZSB0aGF0IGNvbnRhaW5zIHRoZSBNYXAtUmVxdWVzdC4KCiAgIExJU1AtU0VD
IG1ldGFkYXRhIGFzc29jaWF0ZWQgd2l0aCB0aGUgTWFwLVJlcGx5IGlzIHRyYW5zcG9ydGVk
IHdpdGhpbgogICB0aGUgTWFwLVJlcGx5IGl0c2VsZi4KCjUuMS4gIEVuY2Fwc3VsYXRlZCBD
b250cm9sIE1lc3NhZ2UgTElTUC1TRUMgRXh0ZW5zaW9ucwoKICAgTElTUC1TRUMgdXNlcyB0
aGUgRUNNIChFbmNhcHN1bGF0ZWQgQ29udHJvbCBNZXNzYWdlKSBkZWZpbmVkIGluCiAgIFtS
RkM2ODMwXSB3aXRoIFR5cGUgc2V0IHRvIDgsIGFuZCBTIGJpdCBzZXQgdG8gMSB0byBpbmRp
Y2F0ZSB0aGF0IHRoZQogICBMSVNQIGhlYWRlciBpbmNsdWRlcyBBdXRoZW50aWNhdGlvbiBE
YXRhIChBRCkuICBUaGUgZm9ybWF0IG9mIHRoZQogICBMSVNQLVNFQyBFQ00gQXV0aGVudGlj
YXRpb24gRGF0YSBpcyBkZWZpbmVkIGluIHRoZSBmb2xsb3dpbmcgZmlndXJlLgogICBPVEst
QUQgc3RhbmRzIGZvciBPbmUtVGltZSBLZXkgQXV0aGVudGljYXRpb24gRGF0YSBhbmQgRUlE
LUFEIHN0YW5kcwogICBmb3IgRUlEIEF1dGhlbnRpY2F0aW9uIERhdGEuCgogIDAgICAgICAg
ICAgICAgICAgICAgMSAgICAgICAgICAgICAgICAgICAyICAgICAgICAgICAgICAgICAgIDMK
ICAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAxIDIgMyA0IDUg
NiA3IDggOSAwIDEKICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rCiB8ICBFQ00gQUQgVHlwZSAgfFZ8ICBSZXNlcnZl
ZCAgIHwgICAgICAgIFJlcXVlc3RlZCBITUFDIElEICAgICAgfAogKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcCiB8
ICAgICAgICAgICAgICBPVEsgTGVuZ3RoICAgICAgIHwgICAgICAgT1RLIEVuY3J5cHRpb24g
SUQgICAgICAgfCB8CiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKyB8CiB8ICAgICAgICAgICAgICAgICAgICAgICBP
bmUtVGltZS1LZXkgUHJlYW1ibGUgLi4uICAgICAgICAgICAgICAgfCB8CiArLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
K09USy1BRAogfCAgICAgICAgICAgICAgICAgICAuLi4gT25lLVRpbWUtS2V5IFByZWFtYmxl
ICAgICAgICAgICAgICAgICAgIHwgfAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgfAogfiAgICAgICAgICAgICAg
ICAgICAgICBPbmUtVGltZSBLZXkgKDEyOCBiaXRzKSAgICAgICAgICAgICAgICAgIH4vCiAr
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKyA8LS0tKwogfCAgICAgICAgICAgRUlELUFEIExlbmd0aCAgICAgICB8ICAg
ICAgICAgICBLREYgSUQgICAgICAgICAgICAgIHwgICAgIHwKICstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rICAgICB8
CiB8IFJlY29yZCBDb3VudCAgfCAgICBSZXNlcnZlZCAgIHwgICAgICAgICBFSUQgSE1BQyBJ
RCAgICAgICAgICAgfEVJRC1BRAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcICAgIHwKIHwgICBSZXNlcnZlZCAg
ICB8IEVJRCBtYXNrLWxlbiAgfCAgICAgICAgICAgRUlELUFGSSAgICAgICAgICAgICB8IHwg
ICB8CiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKyBSZWMgfAogfiAgICAgICAgICAgICAgICAgICAgICAgICAgRUlE
LXByZWZpeCAuLi4gICAgICAgICAgICAgICAgICAgICAgIH4gfCAgIHwKICstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LyAgICB8CiB+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEVJRCBITUFDICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfiAgICAgfAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgPC0tLSsKCiAgICAgICAg
ICAgICAgICAgICAgIExJU1AtU0VDIEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhCgogICAgICBF
Q00gQUQgVHlwZTogMSAoTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YSkuICBTZWUgU2Vj
dGlvbiA3LgoKICAgICAgVjogS2V5IFZlcnNpb24gYml0LiAgVGhpcyBiaXQgaXMgdG9nZ2xl
ZCB3aGVuIHRoZSBzZW5kZXIgc3dpdGNoZXMKICAgICAgdG8gYSBuZXcgT1RLIHdyYXBwaW5n
IGtleQoKCgoKTWFpbm8sIGV0IGFsLiAgICAgICAgICAgICAgRXhwaXJlcyBNYXkgNCwgMjAx
NyAgICAgICAgICAgICAgICAgIFtQYWdlIDddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg
ICAgICAgICBMSVNQLVNFQyAgICAgICAgICAgICAgICAgICAgT2N0b2JlciAyMDE2CgoKICAg
ICAgUmVzZXJ2ZWQ6IFNldCB0byAwIG9uIHRyYW5zbWlzc2lvbiBhbmQgaWdub3JlZCBvbiBy
ZWNlaXB0LgoKICAgICAgUmVxdWVzdGVkIEhNQUMgSUQ6IFRoZSBITUFDIGFsZ29yaXRobSBy
ZXF1ZXN0ZWQgYnkgdGhlIElUUi4gIFNlZQogICAgICBTZWN0aW9uIDUuNCBmb3IgZGV0YWls
cy4KCiAgICAgIE9USyBMZW5ndGg6IFRoZSBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUgT1RL
IEF1dGhlbnRpY2F0aW9uIERhdGEKICAgICAgKE9USy1BRCksIHRoYXQgY29udGFpbnMgdGhl
IE9USyBQcmVhbWJsZSBhbmQgdGhlIE9USy4KCiAgICAgIE9USyBFbmNyeXB0aW9uIElEOiBU
aGUgaWRlbnRpZmllciBvZiB0aGUga2V5IHdyYXBwaW5nIGFsZ29yaXRobQogICAgICB1c2Vk
IHRvIGVuY3J5cHQgdGhlIE9uZS1UaW1lLUtleS4gV2hlbiBhIDEyOC1iaXQgT1RLIGlzIHNl
bnQKICAgICAgdW5lbmNyeXB0ZWQgYnkgdGhlIE1hcC1SZXNvbHZlciwgdGhlIE9USyBFbmNy
eXB0aW9uIElEIGlzIHNldCB0bwogICAgICBOVUxMX0tFWV9XUkFQXzEyOC4gIFNlZSBTZWN0
aW9uIDUuNSBmb3IgbW9yZSBkZXRhaWxzLgoKICAgICAgT25lLVRpbWUtS2V5IFByZWFtYmxl
OiBzZXQgdG8gMCBpZiB0aGUgT1RLIGlzIG5vdCBlbmNyeXB0ZWQuICBXaGVuCiAgICAgIHRo
ZSBPVEsgaXMgZW5jcnlwdGVkLCB0aGlzIGZpZWxkIE1BWSBjYXJyeSBhZGRpdGlvbmFsIG1l
dGFkYXRhCiAgICAgIHJlc3VsdGluZyBmcm9tIHRoZSBrZXkgd3JhcHBpbmcgb3BlcmF0aW9u
LiAgV2hlbiBhIDEyOC1iaXQgT1RLIGlzCiAgICAgIHNlbnQgdW5lbmNyeXB0ZWQgYnkgTWFw
LVJlc29sdmVyLCB0aGUgT1RLIFByZWFtYmxlIGlzIHNldCB0bwogICAgICAweDAwMDAwMDAw
MDAwMDAwMDAgKDY0IGJpdHMpLiAgU2VlIFNlY3Rpb24gNS41IGZvciBkZXRhaWxzLgoKICAg
ICAgT25lLVRpbWUtS2V5OiB0aGUgT1RLIGVuY3J5cHRlZCAob3Igbm90KSBhcyBzcGVjaWZp
ZWQgYnkgT1RLCiAgICAgIEVuY3J5cHRpb24gSUQuICBTZWUgU2VjdGlvbiA1LjUgZm9yIGRl
dGFpbHMuCgogICAgICBFSUQtQUQgTGVuZ3RoOiBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUg
RUlEIEF1dGhlbnRpY2F0aW9uIERhdGEKICAgICAgKEVJRC1BRCkuICBUaGUgSVRSIE1VU1Qg
c2V0IEVJRC1BRCBMZW5ndGggdG8gNCBieXRlcywgYXMgaXQgb25seQogICAgICBmaWxscyB0
aGUgS0RGIElEIGZpZWxkLCBhbmQgYWxsIHRoZSByZW1haW5pbmcgZmllbGRzIHBhcnQgb2Yg
dGhlCiAgICAgIEVJRC1BRCBhcmUgbm90IHByZXNlbnQuICBBbiBFSUQtQUQgTUFZIGNvbnRh
aW4gbXVsdGlwbGUgRUlELQogICAgICByZWNvcmRzLiAgRWFjaCBFSUQtcmVjb3JkIGlzIDQt
Ynl0ZSBsb25nIHBsdXMgdGhlIGxlbmd0aCBvZiB0aGUKICAgICAgQUZJLWVuY29kZWQgRUlE
LXByZWZpeC4KCiAgICAgIEtERiBJRDogSWRlbnRpZmllciBvZiB0aGUgS2V5IERlcml2YXRp
b24gRnVuY3Rpb24gdXNlZCB0byBkZXJpdmUKICAgICAgdGhlIE1TLU9USy4gIFRoZSBJVFIg
TUFZIHVzZSB0aGlzIGZpZWxkIHRvIGluZGljYXRlIHRoZQogICAgICByZWNvbW1lbmRlZCBL
REYgYWxnb3JpdGhtLCBhY2NvcmRpbmcgdG8gbG9jYWwgcG9saWN5LiAgVGhlIE1hcC0KICAg
ICAgU2VydmVyIGNhbiBvdmVyd3JpdGUgdGhlIEtERiBJRCBpZiBpdCBkb2VzIG5vdCBzdXBw
b3J0IHRoZSBLREYgSUQKICAgICAgcmVjb21tZW5kZWQgYnkgdGhlIElUUi4gIFNlZSBTZWN0
aW9uIDUuNCBmb3IgbW9yZSBkZXRhaWxzLgoKICAgICAgUmVjb3JkIENvdW50OiBUaGUgbnVt
YmVyIG9mIHJlY29yZHMgaW4gdGhpcyBNYXAtUmVxdWVzdCBtZXNzYWdlLgogICAgICBBIHJl
Y29yZCBpcyBjb21wcmlzZWQgb2YgdGhlIHBvcnRpb24gb2YgdGhlIHBhY2tldCB0aGF0IGlz
IGxhYmVsZWQKICAgICAgJ1JlYycgYWJvdmUgYW5kIG9jY3VycyB0aGUgbnVtYmVyIG9mIHRp
bWVzIGVxdWFsIHRvIFJlY29yZCBDb3VudC4KCiAgICAgIFJlc2VydmVkOiBTZXQgdG8gMCBv
biB0cmFuc21pc3Npb24gYW5kIGlnbm9yZWQgb24gcmVjZWlwdC4KCiAgICAgIEVJRCBITUFD
IElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFsZ29yaXRobSB1c2VkIHRvIHByb3RlY3Qg
dGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgRUlELUFELiAgVGhpcyBmaWVsZCBpcyBmaWxs
ZWQgYnkgTWFwLVNlcnZlciB0aGF0CiAgICAgIGNvbXB1dGVkIHRoZSBFSUQtcHJlZml4IEhN
QUMuICBTZWUgU2VjdGlvbiA1LjQgZm9yIG1vcmUgZGV0YWlscy4KCiAgICAgIEVJRCBtYXNr
LWxlbjogTWFzayBsZW5ndGggZm9yIEVJRC1wcmVmaXguCgogICAgICBFSUQtQUZJOiBBZGRy
ZXNzIGZhbWlseSBvZiBFSUQtcHJlZml4IGFjY29yZGluZyB0byBbUkZDNTIyNl0KCgoKTWFp
bm8sIGV0IGFsLiAgICAgICAgICAgICAgRXhwaXJlcyBNYXkgNCwgMjAxNyAgICAgICAgICAg
ICAgICAgIFtQYWdlIDhdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBMSVNQ
LVNFQyAgICAgICAgICAgICAgICAgICAgT2N0b2JlciAyMDE2CgoKICAgICAgRUlELXByZWZp
eDogVGhlIE1hcC1TZXJ2ZXIgdXNlcyB0aGlzIGZpZWxkIHRvIHNwZWNpZnkgdGhlIEVJRC0K
ICAgICAgcHJlZml4IHRoYXQgdGhlIGRlc3RpbmF0aW9uIEVUUiBpcyBhdXRob3JpdGF0aXZl
IGZvciwgYW5kIGlzIHRoZQogICAgICBsb25nZXN0IG1hdGNoIGZvciB0aGUgcmVxdWVzdGVk
IEVJRC4KCiAgICAgIEVJRCBITUFDOiBITUFDIG9mIHRoZSBFSUQtQUQgY29tcHV0ZWQgYW5k
IGluc2VydGVkIGJ5IE1hcC1TZXJ2ZXIuCiAgICAgIEJlZm9yZSBjb21wdXRpbmcgdGhlIEhN
QUMgb3BlcmF0aW9uIHRoZSBFSUQgSE1BQyBmaWVsZCBNVVNUIGJlIHNldAogICAgICB0byAw
LiAgVGhlIEhNQUMgY292ZXJzIHRoZSBlbnRpcmUgRUlELUFELgoKNS4yLiAgTWFwLVJlcGx5
IExJU1AtU0VDIEV4dGVuc2lvbnMKCiAgIExJU1AtU0VDIHVzZXMgdGhlIE1hcC1SZXBseSBk
ZWZpbmVkIGluIFtSRkM2ODMwXSwgd2l0aCBUeXBlIHNldCB0byAyLAogICBhbmQgUyBiaXQg
c2V0IHRvIDEgdG8gaW5kaWNhdGUgdGhhdCB0aGUgTWFwLVJlcGx5IG1lc3NhZ2UgaW5jbHVk
ZXMKICAgQXV0aGVudGljYXRpb24gRGF0YSAoQUQpLiAgVGhlIGZvcm1hdCBvZiB0aGUgTElT
UC1TRUMgTWFwLVJlcGx5CiAgIEF1dGhlbnRpY2F0aW9uIERhdGEgaXMgZGVmaW5lZCBpbiB0
aGUgZm9sbG93aW5nIGZpZ3VyZS4gIFBLVC1BRCBpcwogICB0aGUgUGFja2V0IEF1dGhlbnRp
Y2F0aW9uIERhdGEgdGhhdCBjb3ZlcnMgdGhlIE1hcC1SZXBseSBwYXlsb2FkLgoKICAwICAg
ICAgICAgICAgICAgICAgIDEgICAgICAgICAgICAgICAgICAgMiAgICAgICAgICAgICAgICAg
ICAzCiAgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMg
NCA1IDYgNyA4IDkgMCAxCiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKwogfCAgTVIgQUQgVHlwZSAgIHwgICAgICAg
ICAgICAgICAgIFJlc2VydmVkICAgICAgICAgICAgICAgICAgICAgIHwKICstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
IDwtLS0rCiB8ICAgICAgICAgICBFSUQtQUQgTGVuZ3RoICAgICAgIHwgICAgICAgICAgIEtE
RiBJRCAgICAgICAgICAgICAgfCAgICAgfAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgICAgIHwKIHwgUmVjb3Jk
IENvdW50ICB8ICAgIFJlc2VydmVkICAgfCAgICAgICAgIEVJRCBITUFDIElEICAgICAgICAg
ICB8RUlELUFECiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstK1wgICAgfAogfCAgIFJlc2VydmVkICAgIHwgRUlEIG1h
c2stbGVuICB8ICAgICAgICAgICBFSUQtQUZJICAgICAgICAgICAgIHwgfCAgIHwKICstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rIFJlYyB8CiB+ICAgICAgICAgICAgICAgICAgICAgICAgICBFSUQtcHJlZml4IC4u
LiAgICAgICAgICAgICAgICAgICAgICAgfiB8ICAgfAogKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsvICAgIHwKIH4g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgRUlEIEhNQUMgICAgICAgICAgICAgICAgICAg
ICAgICAgICB+ICAgICB8CiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyA8LS0tKwogfCAgICAgICAgIFBLVC1BRCBM
ZW5ndGggICAgICAgICB8ICAgICAgICAgUEtUIEhNQUMgSUQgICAgICAgICAgIHxcCiArLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKyB8CiB+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBLVCBITUFDICAgICAg
ICAgICAgICAgICAgICAgICAgICAgflBLVC1BRAogKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsvCgogICAgICAgICAg
ICAgICAgICBMSVNQLVNFQyBNYXAtUmVwbHkgQXV0aGVudGljYXRpb24gRGF0YQoKICAgICAg
TVIgQUQgVHlwZTogMSAoTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YSkuICBTZWUgU2Vj
dGlvbiA3LgoKICAgICAgRUlELUFEIExlbmd0aDogbGVuZ3RoIChpbiBieXRlcykgb2YgdGhl
IEVJRC1BRC4gIEFuIEVJRC1BRCBNQVkKICAgICAgY29udGFpbiBtdWx0aXBsZSBFSUQtcmVj
b3Jkcy4gIEVhY2ggRUlELXJlY29yZCBpcyA0LWJ5dGUgbG9uZyBwbHVzCiAgICAgIHRoZSBs
ZW5ndGggb2YgdGhlIEFGSS1lbmNvZGVkIEVJRC1wcmVmaXguCgogICAgICBLREYgSUQ6IElk
ZW50aWZpZXIgb2YgdGhlIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9uIHVzZWQgdG8gZGVyaXZl
CiAgICAgIE1TLU9USy4gIFNlZSBTZWN0aW9uIDUuNyBmb3IgbW9yZSBkZXRhaWxzLgoKCgoK
Ck1haW5vLCBldCBhbC4gICAgICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAg
ICAgICAgICAgICBbUGFnZSA5XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAg
TElTUC1TRUMgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCiAgICAgIFJlY29y
ZCBDb3VudDogVGhlIG51bWJlciBvZiByZWNvcmRzIGluIHRoaXMgTWFwLVJlcGx5IG1lc3Nh
Z2UuICBBCiAgICAgIHJlY29yZCBpcyBjb21wcmlzZWQgb2YgdGhlIHBvcnRpb24gb2YgdGhl
IHBhY2tldCB0aGF0IGlzIGxhYmVsZWQKICAgICAgJ1JlYycgYWJvdmUgYW5kIG9jY3VycyB0
aGUgbnVtYmVyIG9mIHRpbWVzIGVxdWFsIHRvIFJlY29yZCBDb3VudC4KCiAgICAgIFJlc2Vy
dmVkOiBTZXQgdG8gMCBvbiB0cmFuc21pc3Npb24gYW5kIGlnbm9yZWQgb24gcmVjZWlwdC4K
CiAgICAgIEVJRCBITUFDIElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFsZ29yaXRobSB1
c2VkIHRvIHByb3RlY3QgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgRUlELUFELiAgU2Vl
IFNlY3Rpb24gNS43IGZvciBtb3JlIGRldGFpbHMuCgogICAgICBFSUQgbWFzay1sZW46IE1h
c2sgbGVuZ3RoIGZvciBFSUQtcHJlZml4LgoKICAgICAgRUlELUFGSTogQWRkcmVzcyBmYW1p
bHkgb2YgRUlELXByZWZpeCBhY2NvcmRpbmcgdG8gW1JGQzUyMjZdLgoKICAgICAgRUlELXBy
ZWZpeDogVGhpcyBmaWVsZCBjb250YWlucyBhbiBFSUQtcHJlZml4IHRoYXQgdGhlIGRlc3Rp
bmF0aW9uCiAgICAgIEVUUiBpcyBhdXRob3JpdGF0aXZlIGZvciwgYW5kIGlzIHRoZSBsb25n
ZXN0IG1hdGNoIGZvciB0aGUKICAgICAgcmVxdWVzdGVkIEVJRC4KCiAgICAgIEVJRCBITUFD
OiBITUFDIG9mIHRoZSBFSUQtQUQsIGFzIGNvbXB1dGVkIGJ5IHRoZSBNYXAtU2VydmVyLgog
ICAgICBCZWZvcmUgY29tcHV0aW5nIHRoZSBITUFDIG9wZXJhdGlvbiB0aGUgRUlEIEhNQUMg
ZmllbGQgTVVTVCBiZSBzZXQKICAgICAgdG8gMC4gIFRoZSBITUFDIGNvdmVycyB0aGUgZW50
aXJlIEVJRC1BRC4KCiAgICAgIFBLVC1BRCBMZW5ndGg6IGxlbmd0aCAoaW4gYnl0ZXMpIG9m
IHRoZSBQYWNrZXQgQXV0aGVudGljYXRpb24gRGF0YQogICAgICAoUEtULUFEKS4KCiAgICAg
IFBLVCBITUFDIElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFsZ29yaXRobSB1c2VkIHRv
IHByb3RlY3QgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgTWFwLXJlcGx5LgoKICAgICAg
UEtUIEhNQUM6IEhNQUMgb2YgdGhlIHdob2xlIE1hcC1SZXBseSBwYWNrZXQsIGluY2x1ZGlu
ZyB0aGUgTElTUC0KICAgICAgU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEuICBUaGUgc2NvcGUg
b2YgdGhlIGF1dGhlbnRpY2F0aW9uIGdvZXMKICAgICAgZnJvbSB0aGUgTWFwLVJlcGx5IFR5
cGUgZmllbGQgdG8gdGhlIFBLVCBITUFDIGZpZWxkIGluY2x1ZGVkLgogICAgICBCZWZvcmUg
Y29tcHV0aW5nIHRoZSBITUFDIG9wZXJhdGlvbiB0aGUgUEtUIEhNQUMgZmllbGQgTVVTVCBi
ZSBzZXQKICAgICAgdG8gMC4gIFNlZSBTZWN0aW9uIDUuOCBmb3IgbW9yZSBkZXRhaWxzLgoK
NS4zLiAgTWFwLVJlZ2lzdGVyIExJU1AtU0VDIEV4dGVudGlvbnMKCiAgIFRoaXMgbWVtbyBp
cyBhbGxvY2F0aW5nIG9uZSBvZiB0aGUgYml0cyBtYXJrZWQgYXMgUmVzZXJ2ZWQgaW4gdGhl
CiAgIE1hcC1SZWdpc3RlciBtZXNzYWdlIGRlZmluZWQgaW4gU2VjdGlvbiA2LjEuNiBvZiBb
UkZDNjgzMF0uICBNb3JlCiAgIHByZWNpc2VseSwgdGhlIHNlY29uZCBiaXQgYWZ0ZXIgdGhl
IFR5cGUgZmllbGQgaW4gYSBNYXAtUmVnaXN0ZXIKICAgbWVzc2FnZSBpcyBhbGxvY2F0ZWQg
YXMgdGhlIFMgYml0LiAgVGhlIFMgYml0IGluZGljYXRlcyB0byB0aGUgTWFwLQogICBTZXJ2
ZXIgdGhhdCB0aGUgcmVnaXN0ZXJpbmcgRVRSIGlzIExJU1AtU0VDIGVuYWJsZWQuICBBbiBF
VFIgdGhhdAogICBzdXBwb3J0cyBMSVNQLVNFQyBNVVNUIHNldCB0aGUgUyBiaXQgaW4gaXRz
IE1hcC1SZWdpc3RlciBtZXNzYWdlcy4KCjUuNC4gIElUUiBQcm9jZXNzaW5nCgogICBVcG9u
IGNyZWF0aW5nIGEgTWFwLVJlcXVlc3QsIHRoZSBJVFIgZ2VuZXJhdGVzIGEgcmFuZG9tIElU
Ui1PVEsgdGhhdAogICBpcyBzdG9yZWQgbG9jYWxseSwgdG9nZXRoZXIgd2l0aCB0aGUgbm9u
Y2UgZ2VuZXJhdGVkIGFzIHNwZWNpZmllZCBpbgogICBbUkZDNjgzMF0uCgoKCgpNYWlubywg
ZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAg
ICBbUGFnZSAxMF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VD
ICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICBUaGUgTWFwLVJlcXVlc3Qg
TVVTVCBiZSBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNLCB3aXRoIHRoZSBTLWJpdCBzZXQgdG8K
ICAgMSwgdG8gaW5kaWNhdGUgdGhlIHByZXNlbmNlIG9mIEF1dGhlbnRpY2F0aW9uIERhdGEu
ICBJZiB0aGUgSVRSIGFuZAogICB0aGUgTWFwLVJlc29sdmVyIGFyZSBjb25maWd1cmVkIHdp
dGggYSBzaGFyZWQga2V5LCB0aGUgSVRSLU9USwogICBjb25maWRlbnRpYWxpdHkgU0hPVUxE
IGJlIHByb3RlY3RlZCBieSB3cmFwcGluZyB0aGUgSVRSLU9USyB3aXRoIHRoZQogICBhbGdv
cml0aG0gc3BlY2lmaWVkIGJ5IHRoZSBPVEsgRW5jcnlwdGlvbiBJRCBmaWVsZC4gIFNlZSBT
ZWN0aW9uIDUuNQogICBmb3IgZnVydGhlciBkZXRhaWxzIG9uIE9USyBlbmNyeXB0aW9uLgoK
ICAgVGhlIFJlcXVlc3RlZCBITUFDIElEIGZpZWxkIGNvbnRhaW5zIHRoZSBzdWdnZXN0ZWQg
SE1BQyBhbGdvcml0aG0gdG8KICAgYmUgdXNlZCBieSB0aGUgTWFwLVNlcnZlciBhbmQgdGhl
IEVUUiB0byBwcm90ZWN0IHRoZSBpbnRlZ3JpdHkgb2YgdGhlCiAgIEVDTSBBdXRoZW50aWNh
dGlvbiBkYXRhIGFuZCBvZiB0aGUgTWFwLVJlcGx5LgoKICAgVGhlIEtERiBJRCBmaWVsZCBz
cGVjaWZpZXMgdGhlIHN1Z2dlc3RlZCBrZXkgZGVyaXZhdGlvbiBmdW5jdGlvbiB0bwogICBi
ZSB1c2VkIGJ5IHRoZSBNYXAtU2VydmVyIHRvIGRlcml2ZSB0aGUgTVMtT1RLLiAgQSBLREYg
VmFsdWUgb2YgTk9ORQogICAoMCksIE1BWSBiZSB1c2VkIHRvIHNwZWNpZnkgdGhhdCB0aGUg
SVRSIGhhcyBubyBwcmVmZXJyZWQgS0RGIElELgoKICAgVGhlIEVJRC1BRCBsZW5ndGggaXMg
c2V0IHRvIDQgYnl0ZXMsIHNpbmNlIHRoZSBBdXRoZW50aWNhdGlvbiBEYXRhCiAgIGRvZXMg
bm90IGNvbnRhaW4gRUlELXByZWZpeCBBdXRoZW50aWNhdGlvbiBEYXRhLCBhbmQgdGhlIEVJ
RC1BRAogICBjb250YWlucyBvbmx5IHRoZSBLREYgSUQgZmllbGQuCgogICBJbiByZXNwb25z
ZSB0byBhbiBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVlc3QgdGhhdCBoYXMgdGhlIFMtYml0IHNl
dCwgYW4KICAgSVRSIE1VU1QgcmVjZWl2ZSBhIE1hcC1SZXBseSB3aXRoIHRoZSBTLWJpdCBz
ZXQsIHRoYXQgaW5jbHVkZXMgYW4KICAgRUlELUFEIGFuZCBhIFBLVC1BRC4gIElmIHRoZSBN
YXAtUmVwbHkgZG9lcyBub3QgaW5jbHVkZSBib3RoIEFEcywgdGhlCiAgIElUUiBNVVNUIGRp
c2NhcmQgaXQuICBJbiByZXNwb25zZSB0byBhbiBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVlc3Qg
d2l0aAogICBTLWJpdCBzZXQgdG8gMCwgdGhlIElUUiBleHBlY3RzIGEgTWFwLVJlcGx5IHdp
dGggUy1iaXQgc2V0IHRvIDAsIGFuZAogICB0aGUgSVRSIFNIT1VMRCBkaXNjYXJkIHRoZSBN
YXAtUmVwbHkgaWYgdGhlIFMtYml0IGlzIHNldC4KCiAgIFVwb24gcmVjZWl2aW5nIGEgTWFw
LVJlcGx5LCB0aGUgSVRSIG11c3QgdmVyaWZ5IHRoZSBpbnRlZ3JpdHkgb2YgYm90aAogICB0
aGUgRUlELUFEIGFuZCB0aGUgUEtULUFELCBhbmQgTVVTVCBkaXNjYXJkIHRoZSBNYXAtUmVw
bHkgaWYgb25lIG9mCiAgIHRoZSBpbnRlZ3JpdHkgY2hlY2tzIGZhaWxzLgoKICAgVGhlIGlu
dGVncml0eSBvZiB0aGUgRUlELUFEIGlzIHZlcmlmaWVkIHVzaW5nIHRoZSBsb2NhbGx5IHN0
b3JlZCBJVFItCiAgIE9USyB0byByZS1jb21wdXRlIHRoZSBITUFDIG9mIHRoZSBFSUQtQUQg
dXNpbmcgdGhlIGFsZ29yaXRobQogICBzcGVjaWZpZWQgaW4gdGhlIEVJRCBITUFDIElEIGZp
ZWxkLiAgSWYgdGhlIEVJRCBITUFDIElEIGZpZWxkIGRvZXMKICAgbm90IG1hdGNoIHRoZSBS
ZXF1ZXN0ZWQgSE1BQyBJRCB0aGUgSVRSIFNIT1VMRCBkaXNjYXJkIHRoZSBNYXAtUmVwbHkK
ICAgYW5kIHNlbmQsIGF0IHRoZSBmaXJzdCBvcHBvcnR1bml0eSBpdCBuZWVkcyB0bywgYSBu
ZXcgTWFwLVJlcXVlc3QKICAgd2l0aCBhIGRpZmZlcmVudCBSZXF1ZXN0ZWQgSE1BQyBJRCBm
aWVsZCwgYWNjb3JkaW5nIHRvIElUUidzIGxvY2FsCiAgIHBvbGljeS4gIFRoZSBzY29wZSBv
ZiB0aGUgSE1BQyBvcGVyYXRpb24gY292ZXJzIHRoZSBlbnRpcmUgRUlELUFELAogICBmcm9t
IHRoZSBFSUQtQUQgTGVuZ3RoIGZpZWxkIHRvIHRoZSBFSUQgSE1BQyBmaWVsZCwgd2hpY2gg
bXVzdCBiZSBzZXQKICAgdG8gMCBiZWZvcmUgdGhlIGNvbXB1dGF0aW9uIG9mIHRoZSBITUFD
LgoKICAgSVRSIE1VU1Qgc2V0IHRoZSBFSUQgSE1BQyBJRCBmaWVsZCB0byAwIGJlZm9yZSBj
b21wdXRpbmcgdGhlIEhNQUMuCgogICBUbyB2ZXJpZnkgdGhlIGludGVncml0eSBvZiB0aGUg
UEtULUFELCBmaXJzdCB0aGUgTVMtT1RLIGlzIGRlcml2ZWQKICAgZnJvbSB0aGUgbG9jYWxs
eSBzdG9yZWQgSVRSLU9USyB1c2luZyB0aGUgYWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0aGUK
ICAgS0RGIElEIGZpZWxkLiAgVGhpcyBpcyBiZWNhdXNlIHRoZSBQS1QtQUQgaXMgZ2VuZXJh
dGVkIGJ5IHRoZSBFVFIKICAgdXNpbmcgdGhlIE1TLU9USy4gIElmIHRoZSBLREYgSUQgaW4g
dGhlIE1hcC1SZXBseSBkb2VzIG5vdCBtYXRjaCB0aGUKICAgS0RGIElEIHJlcXVlc3RlZCBp
biB0aGUgTWFwLVJlcXVlc3QsIHRoZSBJVFIgU0hPVUxEIGRpc2NhcmQgdGhlIE1hcC0KICAg
UmVwbHkgYW5kIHNlbmQsIGF0IHRoZSBmaXJzdCBvcHBvcnR1bml0eSBpdCBuZWVkcyB0bywg
YSBuZXcgTWFwLQoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0
LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAxMV0KDApJbnRlcm5ldC1EcmFmdCAgICAg
ICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYK
CgogICBSZXF1ZXN0IHdpdGggYSBkaWZmZXJlbnQgS0RGIElELCBhY2NvcmRpbmcgdG8gSVRS
J3MgbG9jYWwgcG9saWN5LgogICBUaGUgZGVyaXZlZCBNUy1PVEsgaXMgdGhlbiB1c2VkIHRv
IHJlLWNvbXB1dGUgdGhlIEhNQUMgb2YgdGhlIFBLVC1BRAogICB1c2luZyB0aGUgQWxnb3Jp
dGhtIHNwZWNpZmllZCBpbiB0aGUgUEtUIEhNQUMgSUQgZmllbGQuICBJZiB0aGUgUEtUCiAg
IEhNQUMgSUQgZmllbGQgZG9lcyBub3QgbWF0Y2ggdGhlIFJlcXVlc3RlZCBITUFDIElEIHRo
ZSBJVFIgU0hPVUxECiAgIGRpc2NhcmQgdGhlIE1hcC1SZXBseSBhbmQgc2VuZCwgYXQgdGhl
IGZpcnN0IG9wcG9ydHVuaXR5IGl0IG5lZWRzIHRvLAogICBhIG5ldyBNYXAtUmVxdWVzdCB3
aXRoIGEgZGlmZmVyZW50IFJlcXVlc3RlZCBITUFDIElEIGFjY29yZGluZyB0bwogICBJVFIn
cyBsb2NhbCBwb2xpY3kuCgogICBFYWNoIGluZGl2aWR1YWwgTWFwLVJlcGx5IEVJRC1yZWNv
cmQgaXMgY29uc2lkZXJlZCB2YWxpZCBvbmx5IGlmOiAoMSkKICAgYm90aCBFSUQtQUQgYW5k
IFBLVC1BRCBhcmUgdmFsaWQsIGFuZCAoMikgdGhlIGludGVyc2VjdGlvbiBvZiB0aGUKICAg
RUlELXByZWZpeCBpbiB0aGUgTWFwLVJlcGx5IEVJRC1yZWNvcmQgd2l0aCBvbmUgb2YgdGhl
IEVJRC1wcmVmaXhlcwogICBjb250YWluZWQgaW4gdGhlIEVJRC1BRCBpcyBub3QgZW1wdHku
ICBBZnRlciBpZGVudGlmeWluZyB0aGUgTWFwLQogICBSZXBseSByZWNvcmQgYXMgdmFsaWQs
IHRoZSBJVFIgc2V0cyB0aGUgRUlELXByZWZpeCBpbiB0aGUgTWFwLVJlcGx5CiAgIHJlY29y
ZCB0byB0aGUgdmFsdWUgb2YgdGhlIGludGVyc2VjdGlvbiBzZXQgY29tcHV0ZWQgYmVmb3Jl
LCBhbmQgYWRkcwogICB0aGUgTWFwLVJlcGx5IEVJRC1yZWNvcmQgdG8gaXRzIEVJRC10by1S
TE9DIGNhY2hlLCBhcyBkZXNjcmliZWQgaW4KICAgW1JGQzY4MzBdLiAgQW4gZXhhbXBsZSBv
ZiBNYXAtUmVwbHkgcmVjb3JkIHZhbGlkYXRpb24gaXMgcHJvdmlkZWQgaW4KICAgU2VjdGlv
biA1LjQuMS4KCiAgIFRoZSBJVFIgU0hPVUxEIHNlbmQgU01SIHRyaWdnZXJlZCBNYXAtUmVx
dWVzdHMgb3ZlciB0aGUgbWFwcGluZwogICBzeXN0ZW0gaW4gb3JkZXIgdG8gcmVjZWl2ZSBh
IHNlY3VyZSBNYXAtUmVwbHkuICBJZiBhbiBJVFIgYWNjZXB0cwogICBwaWdneWJhY2tlZCBN
YXAtUmVwbGllcywgaXQgU0hPVUxEIGFsc28gc2VuZCBhIE1hcC1SZXF1ZXN0IG92ZXIgdGhl
CiAgIG1hcHBpbmcgc3lzdGVtIGluIG9yZGVyIHRvIHZlcmlmeSB0aGUgcGlnZ3liYWNrZWQg
TWFwLVJlcGx5IHdpdGggYQogICBzZWN1cmUgTWFwLVJlcGx5LgoKNS40LjEuICBNYXAtUmVw
bHkgUmVjb3JkIFZhbGlkYXRpb24KCiAgIFRoZSBwYXlsb2FkIG9mIGEgTWFwLVJlcGx5IG1h
eSBjb250YWluIG11bHRpcGxlIEVJRC1yZWNvcmRzLiAgVGhlCiAgIHdob2xlIE1hcC1SZXBs
eSBpcyBzaWduZWQgYnkgdGhlIEVUUiwgd2l0aCB0aGUgUEtUIEhNQUMsIHRvIHByb3ZpZGUK
ICAgaW50ZWdyaXR5IHByb3RlY3Rpb24gYW5kIG9yaWdpbiBhdXRoZW50aWNhdGlvbiB0byB0
aGUgRUlELXByZWZpeAogICByZWNvcmRzIGNsYWltZWQgYnkgdGhlIEVUUi4gIFRoZSBBdXRo
ZW50aWNhdGlvbiBEYXRhIGZpZWxkIG9mIGEgTWFwLQogICBSZXBseSBtYXkgY29udGFpbiBt
dWx0aXBsZSBFSUQtcmVjb3JkcyBpbiB0aGUgRUlELUFELiAgVGhlIEVJRC1BRCBpcwogICBz
aWduZWQgYnkgdGhlIE1hcC1TZXJ2ZXIsIHdpdGggdGhlIEVJRCBITUFDLCB0byBwcm92aWRl
IGludGVncml0eQogICBwcm90ZWN0aW9uIGFuZCBvcmlnaW4gYXV0aGVudGljYXRpb24gdG8g
dGhlIEVJRC1wcmVmaXggcmVjb3JkcwogICBpbnNlcnRlZCBieSB0aGUgTWFwLVNlcnZlci4K
CiAgIFVwb24gcmVjZWl2aW5nIGEgTWFwLVJlcGx5IHdpdGggdGhlIFMtYml0IHNldCwgdGhl
IElUUiBmaXJzdCBjaGVja3MKICAgdGhlIHZhbGlkaXR5IG9mIGJvdGggdGhlIEVJRCBITUFD
IGFuZCBvZiB0aGUgUEtULUFEIEhNQUMuICBJZiBlaXRoZXIKICAgb25lIG9mIHRoZSBITUFD
cyBpcyBub3QgdmFsaWQsIGEgbG9nIGFjdGlvbiBNVVNUIGJlIHRha2VuIGFuZCB0aGUKICAg
TWFwLVJlcGx5IE1VU1QgTk9UIGJlIHByb2Nlc3NlZCBhbnkgZnVydGhlci4gIElmIGJvdGgg
SE1BQ3MgYXJlCiAgIHZhbGlkLCB0aGUgSVRSIHByb2NlZWRzIHdpdGggdmFsaWRhdGluZyBl
YWNoIGluZGl2aWR1YWwgRUlELXJlY29yZAogICBjbGFpbWVkIGJ5IHRoZSBFVFIgYnkgY29t
cHV0aW5nIHRoZSBpbnRlcnNlY3Rpb24gb2YgZWFjaCBvbmUgb2YgdGhlCiAgIEVJRC1wcmVm
aXggY29udGFpbmVkIGluIHRoZSBwYXlsb2FkIG9mIHRoZSBNYXAtUmVwbHkgd2l0aCBlYWNo
IG9uZSBvZgogICB0aGUgRUlELXByZWZpeGVzIGNvbnRhaW5lZCBpbiB0aGUgRUlELUFELiAg
QW4gRUlELXJlY29yZCBpcyB2YWxpZAogICBvbmx5IGlmIGF0IGxlYXN0IG9uZSBvZiB0aGUg
aW50ZXJzZWN0aW9ucyBpcyBub3QgdGhlIGVtcHR5IHNldC4KCiAgIEZvciBpbnN0YW5jZSwg
dGhlIE1hcC1SZXBseSBwYXlsb2FkIGNvbnRhaW5zIDMgbWFwcGluZyByZWNvcmQgRUlELQog
ICBwcmVmaXhlczoKCgoKCk1haW5vLCBldCBhbC4gICAgICAgICAgICAgIEV4cGlyZXMgTWF5
IDQsIDIwMTcgICAgICAgICAgICAgICAgIFtQYWdlIDEyXQoMCkludGVybmV0LURyYWZ0ICAg
ICAgICAgICAgICAgICAgTElTUC1TRUMgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMjAx
NgoKCiAgICAgIDEuMS4xLjAvMjQKCiAgICAgIDEuMS4yLjAvMjQKCiAgICAgIDEuMi4wLjAv
MTYKCiAgIFRoZSBFSUQtQUQgY29udGFpbnMgdHdvIEVJRC1wcmVmaXhlczoKCiAgICAgIDEu
MS4yLjAvMjQKCiAgICAgIDEuMi4zLjAvMjQKCiAgIFRoZSBFSUQtcmVjb3JkIHdpdGggRUlE
LXByZWZpeCAxLjEuMS4wLzI0IGlzIG5vdCBwcm9jZXNzZWQgc2luY2UgaXQKICAgaXMgbm90
IGluY2x1ZGVkIGluIGFueSBvZiB0aGUgRUlELUFEcyBzaWduZWQgYnkgdGhlIE1hcC1TZXJ2
ZXIuICBBCiAgIGxvZyBhY3Rpb24gTVVTVCBiZSB0YWtlbi4KCiAgIFRoZSBFSUQtcmVjb3Jk
IHdpdGggRUlELXByZWZpeCAxLjEuMi4wLzI0IGlzIHN0b3JlZCBpbiB0aGUgbWFwLWNhY2hl
CiAgIGJlY2F1c2UgaXQgbWF0Y2hlcyB0aGUgc2Vjb25kIEVJRC1wcmVmaXggY29udGFpbmVk
IGluIHRoZSBFSUQtQUQuCgogICBUaGUgRUlELXJlY29yZCB3aXRoIEVJRC1wcmVmaXggMS4y
LjAuMC8xNiBpcyBub3QgcHJvY2Vzc2VkIHNpbmNlIGl0CiAgIGlzIG5vdCBpbmNsdWRlZCBp
biBhbnkgb2YgdGhlIEVJRC1BRHMgc2lnbmVkIGJ5IHRoZSBNYXAtU2VydmVyLiAgQQogICBs
b2cgYWN0aW9uIE1VU1QgYmUgdGFrZW4uICBJbiB0aGlzIGxhc3QgZXhhbXBsZSB0aGUgRVRS
IGlzIHRyeWluZyB0bwogICBvdmVyIGNsYWltIHRoZSBFSUQtcHJlZml4IDEuMi4wLjAvMTYs
IGJ1dCB0aGUgTWFwLVNlcnZlciBhdXRob3JpemVkCiAgIG9ubHkgMS4yLjMuMC8yNCwgaGVu
Y2UgdGhlIEVJRC1yZWNvcmQgaXMgZGlzY2FyZGVkLgoKNS40LjIuICBQSVRSIFByb2Nlc3Np
bmcKCiAgIFRoZSBwcm9jZXNzaW5nIHBlcmZvcm1lZCBieSBhIFBJVFIgaXMgZXF1aXZhbGVu
dCB0byB0aGUgcHJvY2Vzc2luZyBvZgogICBhbiBJVFIuICBIb3dldmVyLCBpZiB0aGUgUElU
UiBpcyBkaXJlY3RseSBjb25uZWN0ZWQgdG8gYSBNYXBwaW5nCiAgIFN5c3RlbSBzdWNoIGFz
IExJU1ArQUxUIFtSRkM2ODM2XSwgdGhlIFBJVFIgcGVyZm9ybXMgdGhlIGZ1bmN0aW9ucyBv
ZgogICBib3RoIHRoZSBJVFIgYW5kIHRoZSBNYXAtUmVzb2x2ZXIgZm9yd2FyZGluZyB0aGUg
TWFwLVJlcXVlc3QKICAgZW5jYXBzdWxhdGVkIGluIGFuIEVDTSBoZWFkZXIgdGhhdCBpbmNs
dWRlcyB0aGUgQXV0aGVudGljYXRpb24gRGF0YQogICBmaWVsZHMgYXMgZGVzY3JpYmVkIGlu
IFNlY3Rpb24gNS42LgoKNS41LiAgRW5jcnlwdGluZyBhbmQgRGVjcnlwdGluZyBhbiBPVEsK
CiAgIE1TLU9USyBjb25maWRlbnRpYWxpdHkgaXMgcmVxdWlyZWQgaW4gdGhlIHBhdGggYmV0
d2VlbiB0aGUgTWFwLVNlcnZlcgogICBhbmQgdGhlIEVUUiwgdGhlIE1TLU9USyBTSE9VTEQg
YmUgZW5jcnlwdGVkIHVzaW5nIHRoZSBwcmVjb25maWd1cmVkCiAgIGtleSBzaGFyZWQgYmV0
d2VlbiB0aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVUUiBmb3IgdGhlIHB1cnBvc2Ugb2YKICAg
c2VjdXJpbmcgRVRSIHJlZ2lzdHJhdGlvbiBbUkZDNjgzM10uICBTaW1pbGFybHksIGlmIElU
Ui1PVEsKICAgY29uZmlkZW50aWFsaXR5IGlzIHJlcXVpcmVkIGluIHRoZSBwYXRoIGJldHdl
ZW4gdGhlIElUUiBhbmQgdGhlIE1hcC0KICAgUmVzb2x2ZXIsIHRoZSBJVFItT1RLIFNIT1VM
RCBiZSBlbmNyeXB0ZWQgd2l0aCBhIGtleSBzaGFyZWQgYmV0d2VlbgogICB0aGUgSVRSIGFu
ZCB0aGUgTWFwLVJlc29sdmVyLgoKICAgVGhlIE9USyBpcyBlbmNyeXB0ZWQgdXNpbmcgdGhl
IGFsZ29yaXRobSBzcGVjaWZpZWQgaW4gdGhlIE9USwogICBFbmNyeXB0aW9uIElEIGZpZWxk
LiAgV2hlbiB0aGUgQUVTIEtleSBXcmFwIGFsZ29yaXRobSBpcyB1c2VkIHRvCiAgIGVuY3J5
cHQgYSAxMjgtYml0IE9USywgYWNjb3JkaW5nIHRvIFtSRkMzMzk0XSwgdGhlIEFFUyBLZXkg
V3JhcAogICBJbml0aWFsaXphdGlvbiBWYWx1ZSBNVVNUIGJlIHNldCB0byAweEE2QTZBNkE2
QTZBNkE2QTYgKDY0IGJpdHMpLgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBp
cmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAxM10KDApJbnRlcm5ldC1E
cmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3Rv
YmVyIDIwMTYKCgogICBUaGUgb3V0cHV0IG9mIHRoZSBBRVMgS2V5IFdyYXAgb3BlcmF0aW9u
IGlzIDE5Mi1iaXQgbG9uZy4gIFRoZSBtb3N0CiAgIHNpZ25pZmljYW50IDY0LWJpdCBhcmUg
Y29waWVkIGluIHRoZSBPbmUtVGltZSBLZXkgUHJlYW1ibGUgZmllbGQsCiAgIHdoaWxlIHRo
ZSAxMjggbGVzcyBzaWduaWZpY2FudCBiaXRzIGFyZSBjb3BpZWQgaW4gdGhlIE9uZS1UaW1l
IEtleQogICBmaWVsZCBvZiB0aGUgTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YS4KCiAg
IFdoZW4gZGVjcnlwdGluZyBhbiBlbmNyeXB0ZWQgT1RLIHRoZSByZWNlaXZlciBNVVNUIHZl
cmlmeSB0aGF0IHRoZQogICBJbml0aWFsaXphdGlvbiBWYWx1ZSByZXN1bHRpbmcgZnJvbSB0
aGUgQUVTIEtleSBXcmFwIGRlY3J5cHRpb24KICAgb3BlcmF0aW9uIGlzIGVxdWFsIHRvIDB4
QTZBNkE2QTZBNkE2QTZBNi4gIElmIHRoaXMgdmVyaWZpY2F0aW9uIGZhaWxzCiAgIHRoZSBy
ZWNlaXZlciBNVVNUIGRpc2NhcmQgdGhlIGVudGlyZSBtZXNzYWdlLgoKICAgV2hlbiBhIDEy
OC1iaXQgT1RLIGlzIHNlbnQgdW5lbmNyeXB0ZWQgdGhlIE9USyBFbmNyeXB0aW9uIElEIGlz
IHNldAogICB0byBOVUxMX0tFWV9XUkFQXzEyOCwgYW5kIHRoZSBPVEsgUHJlYW1ibGUgaXMg
c2V0IHRvCiAgIDB4MDAwMDAwMDAwMDAwMDAwMCAoNjQgYml0cykuCgo1LjYuICBNYXAtUmVz
b2x2ZXIgUHJvY2Vzc2luZwoKICAgVXBvbiByZWNlaXZpbmcgYW4gZW5jYXBzdWxhdGVkIE1h
cC1SZXF1ZXN0IHdpdGggdGhlIFMtYml0IHNldCwgdGhlCiAgIE1hcC1SZXNvbHZlciBkZWNh
cHN1bGF0ZXMgdGhlIEVDTSBtZXNzYWdlLiAgVGhlIElUUi1PVEssIGlmCiAgIGVuY3J5cHRl
ZCwgaXMgZGVjcnlwdGVkIGFzIHNwZWNpZmllZCBpbiBTZWN0aW9uIDUuNS4KCiAgIFByb3Rl
Y3RpbmcgdGhlIGNvbmZpZGVudGlhbGl0eSBvZiB0aGUgSVRSLU9USyBhbmQsIGluIGdlbmVy
YWwsIHRoZQogICBzZWN1cml0eSBvZiBob3cgdGhlIE1hcC1SZXF1ZXN0IGlzIGhhbmRlZCBi
eSB0aGUgTWFwLVJlc29sdmVyIHRvIHRoZQogICBNYXAtU2VydmVyLCBpcyBzcGVjaWZpYyB0
byB0aGUgcGFydGljdWxhciBNYXBwaW5nIFN5c3RlbSB1c2VkLCBhbmQKICAgb3V0c2lkZSBv
ZiB0aGUgc2NvcGUgb2YgdGhpcyBtZW1vLgoKICAgSW4gTWFwcGluZyBTeXN0ZW1zIHdoZXJl
IHRoZSBNYXAtU2VydmVyIGlzIGNvbXBsaWFudCB3aXRoIFtSRkM2ODMzXSwKICAgdGhlIE1h
cC1SZXNvbHZlciBvcmlnaW5hdGVzIGEgbmV3IEVDTSBoZWFkZXIgd2l0aCB0aGUgUy1iaXQg
c2V0LCB0aGF0CiAgIGNvbnRhaW5zIHRoZSB1bmVuY3J5cHRlZCBJVFItT1RLLCBhcyBzcGVj
aWZpZWQgaW4gU2VjdGlvbiA1LjUsIGFuZAogICB0aGUgb3RoZXIgZGF0YSBkZXJpdmVkIGZy
b20gdGhlIEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhIG9mIHRoZQogICByZWNlaXZlZCBlbmNh
cHN1bGF0ZWQgTWFwLVJlcXVlc3QuCgogICBUaGUgTWFwLVJlc29sdmVyIHRoZW4gZm9yd2Fy
ZHMgdG8gdGhlIE1hcC1TZXJ2ZXIgdGhlIHJlY2VpdmVkIE1hcC0KICAgUmVxdWVzdCwgZW5j
YXBzdWxhdGVkIGluIHRoZSBuZXcgRUNNIGhlYWRlciB0aGF0IGluY2x1ZGVzIHRoZSBuZXds
eQogICBjb21wdXRlZCBBdXRoZW50aWNhdGlvbiBEYXRhIGZpZWxkcy4KCjUuNy4gIE1hcC1T
ZXJ2ZXIgUHJvY2Vzc2luZwoKICAgVXBvbiByZWNlaXZpbmcgYW4gRUNNIGVuY2Fwc3VsYXRl
ZCBNYXAtUmVxdWVzdCB3aXRoIHRoZSBTLWJpdCBzZXQsCiAgIHRoZSBNYXAtU2VydmVyIHBy
b2Nlc3MgdGhlIE1hcC1SZXF1ZXN0IGFjY29yZGluZyB0byB0aGUgdmFsdWUgb2YgdGhlCiAg
IFMtYml0IGNvbnRhaW5lZCBpbiB0aGUgTWFwLVJlZ2lzdGVyIHNlbnQgYnkgdGhlIEVUUiBk
dXJpbmcKICAgcmVnaXN0cmF0aW9uLgoKICAgSWYgdGhlIFMtYml0IGNvbnRhaW5lZCBpbiB0
aGUgTWFwLVJlZ2lzdGVyIHdhcyBjbGVhciB0aGUgTWFwLVNlcnZlcgogICBkZWNhcHN1bGF0
ZXMgdGhlIEVDTSBhbmQgZ2VuZXJhdGVzIGEgbmV3IEVDTSBlbmNhcHN1bGF0ZWQgTWFwLVJl
cXVlc3QKICAgdGhhdCBkb2VzIG5vdCBjb250YWluIGFuIEVDTSBBdXRoZW50aWNhdGlvbiBE
YXRhLCBhcyBzcGVjaWZpZWQgaW4KICAgW1JGQzY4MzBdLiAgVGhlIE1hcC1TZXJ2ZXIgZG9l
cyBub3QgcGVyZm9ybSBhbnkgZnVydGhlciBMSVNQLVNFQwogICBwcm9jZXNzaW5nLCBhbmQg
dGhlIE1hcC1SZXBseSB3aWxsIG5vdCBiZSBwcm90ZWN0ZWQuCgoKCgpNYWlubywgZXQgYWwu
ICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFn
ZSAxNF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAg
ICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICBJZiB0aGUgUy1iaXQgY29udGFpbmVk
IGluIHRoZSBNYXAtUmVnaXN0ZXIgd2FzIHNldCB0aGUgTWFwLVNlcnZlcgogICBkZWNhcHN1
bGF0ZXMgdGhlIEVDTSBhbmQgZ2VuZXJhdGVzIGEgbmV3IEVDTSBBdXRoZW50aWNhdGlvbiBE
YXRhLgogICBUaGUgQXV0aGVudGljYXRpb24gRGF0YSBpbmNsdWRlcyB0aGUgT1RLLUFEIGFu
ZCB0aGUgRUlELUFELCB0aGF0CiAgIGNvbnRhaW5zIEVJRC1wcmVmaXggYXV0aG9yaXphdGlv
biBpbmZvcm1hdGlvbiwgdGhhdCBhcmUgdWx0aW1hdGVseQogICBzZW50IHRvIHRoZSByZXF1
ZXN0aW5nIElUUi4KCiAgIFRoZSBNYXAtU2VydmVyIHVwZGF0ZXMgdGhlIE9USy1BRCBieSBk
ZXJpdmluZyBhIG5ldyBPVEsgKE1TLU9USykgZnJvbQogICB0aGUgSVRSLU9USyByZWNlaXZl
ZCB3aXRoIHRoZSBNYXAtUmVxdWVzdC4gIE1TLU9USyBpcyBkZXJpdmVkCiAgIGFwcGx5aW5n
IHRoZSBrZXkgZGVyaXZhdGlvbiBmdW5jdGlvbiBzcGVjaWZpZWQgaW4gdGhlIEtERiBJRCBm
aWVsZC4KICAgSWYgdGhlIGFsZ29yaXRobSBzcGVjaWZpZWQgaW4gdGhlIEtERiBJRCBmaWVs
ZCBpcyBub3Qgc3VwcG9ydGVkLCB0aGUKICAgTWFwLVNlcnZlciB1c2VzIGEgZGlmZmVyZW50
IGFsZ29yaXRobSB0byBkZXJpdmUgdGhlIGtleSBhbmQgdXBkYXRlcwogICB0aGUgS0RGIElE
IGZpZWxkIGFjY29yZGluZ2x5LgoKICAgVGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBFVFIgTVVT
VCBiZSBjb25maWd1cmVkIHdpdGggYSBzaGFyZWQga2V5IGZvcgogICBtYXBwaW5nIHJlZ2lz
dHJhdGlvbiBhY2NvcmRpbmcgdG8gW1JGQzY4MzNdLiAgSWYgTVMtT1RLCiAgIGNvbmZpZGVu
dGlhbGl0eSBpcyByZXF1aXJlZCwgdGhlbiB0aGUgTVMtT1RLIFNIT1VMRCBiZSBlbmNyeXB0
ZWQsIGJ5CiAgIHdyYXBwaW5nIHRoZSBNUy1PVEsgd2l0aCB0aGUgYWxnb3JpdGhtIHNwZWNp
ZmllZCBieSB0aGUgT1RLCiAgIEVuY3J5cHRpb24gSUQgZmllbGQgYXMgc3BlY2lmaWVkIGlu
IFNlY3Rpb24gNS41LgoKICAgVGhlIE1hcC1TZXJ2ZXIgaW5jbHVkZXMgaW4gdGhlIEVJRC1B
RCB0aGUgbG9uZ2VzdCBtYXRjaCByZWdpc3RlcmVkCiAgIEVJRC1wcmVmaXggZm9yIHRoZSBk
ZXN0aW5hdGlvbiBFSUQsIGFuZCBhbiBITUFDIG9mIHRoaXMgRUlELXByZWZpeC4KICAgVGhl
IEhNQUMgaXMga2V5ZWQgd2l0aCB0aGUgSVRSLU9USyBjb250YWluZWQgaW4gdGhlIHJlY2Vp
dmVkIEVDTQogICBBdXRoZW50aWNhdGlvbiBEYXRhLCBhbmQgdGhlIEhNQUMgYWxnb3JpdGht
IGlzIGNob3NlbiBhY2NvcmRpbmcgdG8KICAgdGhlIFJlcXVlc3RlZCBITUFDIElEIGZpZWxk
LiAgSWYgVGhlIE1hcC1TZXJ2ZXIgZG9lcyBub3Qgc3VwcG9ydCB0aGlzCiAgIGFsZ29yaXRo
bSwgdGhlIE1hcC1TZXJ2ZXIgdXNlcyBhIGRpZmZlcmVudCBhbGdvcml0aG0gYW5kIHNwZWNp
ZmllcyBpdAogICBpbiB0aGUgRUlEIEhNQUMgSUQgZmllbGQuICBUaGUgc2NvcGUgb2YgdGhl
IEhNQUMgb3BlcmF0aW9uIGNvdmVycyB0aGUKICAgZW50aXJlIEVJRC1BRCwgZnJvbSB0aGUg
RUlELUFEIExlbmd0aCBmaWVsZCB0byB0aGUgRUlEIEhNQUMgZmllbGQsCiAgIHdoaWNoIG11
c3QgYmUgc2V0IHRvIDAgYmVmb3JlIHRoZSBjb21wdXRhdGlvbi4KCiAgIFRoZSBNYXAtU2Vy
dmVyIHRoZW4gZm9yd2FyZHMgdGhlIHVwZGF0ZWQgRUNNIGVuY2Fwc3VsYXRlZCBNYXAtCiAg
IFJlcXVlc3QsIHRoYXQgY29udGFpbnMgdGhlIE9USy1BRCwgdGhlIEVJRC1BRCwgYW5kIHRo
ZSByZWNlaXZlZCBNYXAtCiAgIFJlcXVlc3QgdG8gYW4gYXV0aG9yaXRhdGl2ZSBFVFIgYXMg
c3BlY2lmaWVkIGluIFtSRkM2ODMwXS4KCjUuNy4xLiAgTWFwLVNlcnZlciBQcm9jZXNzaW5n
IGluIFByb3h5IG1vZGUKCiAgIElmIHRoZSBNYXAtU2VydmVyIGlzIGluIHByb3h5IG1vZGUs
IGl0IGdlbmVyYXRlcyBhIE1hcC1SZXBseSwgYXMKICAgc3BlY2lmaWVkIGluIFtSRkM2ODMw
XSwgd2l0aCB0aGUgUy1iaXQgc2V0IHRvIDEuICBUaGUgTWFwLVJlcGx5CiAgIGluY2x1ZGVz
IHRoZSBBdXRoZW50aWNhdGlvbiBEYXRhIHRoYXQgY29udGFpbnMgdGhlIEVJRC1BRCwgY29t
cHV0ZWQKICAgYXMgc3BlY2lmaWVkIGluIFNlY3Rpb24gNS43LCBhcyB3ZWxsIGFzIHRoZSBQ
S1QtQUQgY29tcHV0ZWQgYXMKICAgc3BlY2lmaWVkIGluIFNlY3Rpb24gNS44LgoKNS44LiAg
RVRSIFByb2Nlc3NpbmcKCiAgIFVwb24gcmVjZWl2aW5nIGFuIEVDTSBlbmNhcHN1bGF0ZWQg
TWFwLVJlcXVlc3Qgd2l0aCB0aGUgUy1iaXQgc2V0LAogICB0aGUgRVRSIGRlY2Fwc3VsYXRl
cyB0aGUgRUNNIG1lc3NhZ2UuICBUaGUgT1RLIGZpZWxkLCBpZiBlbmNyeXB0ZWQsCiAgIGlz
IGRlY3J5cHRlZCBhcyBzcGVjaWZpZWQgaW4gU2VjdGlvbiA1LjUgdG8gb2J0YWluIHRoZSB1
bmVuY3J5cHRlZAogICBNUy1PVEsuCgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBF
eHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAxNV0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBP
Y3RvYmVyIDIwMTYKCgogICBUaGUgRVRSIHRoZW4gZ2VuZXJhdGVzIGEgTWFwLVJlcGx5IGFz
IHNwZWNpZmllZCBpbiBbUkZDNjgzMF0gYW5kCiAgIGluY2x1ZGVzIHRoZSBBdXRoZW50aWNh
dGlvbiBEYXRhIHRoYXQgY29udGFpbnMgdGhlIEVJRC1BRCwgYXMKICAgcmVjZWl2ZWQgaW4g
dGhlIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCwgYXMgd2VsbCBhcyB0aGUgUEtULUFELgoK
ICAgVGhlIEVJRC1BRCBpcyBjb3BpZWQgZnJvbSB0aGUgQXV0aGVudGljYXRpb24gRGF0YSBv
ZiB0aGUgcmVjZWl2ZWQKICAgZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0LgoKICAgVGhlIFBL
VC1BRCBjb250YWlucyB0aGUgSE1BQyBvZiB0aGUgd2hvbGUgTWFwLVJlcGx5IHBhY2tldCwg
a2V5ZWQKICAgd2l0aCB0aGUgTVMtT1RLIGFuZCBjb21wdXRlZCB1c2luZyB0aGUgSE1BQyBh
bGdvcml0aG0gc3BlY2lmaWVkIGluCiAgIHRoZSBSZXF1ZXN0ZWQgSE1BQyBJRCBmaWVsZCBv
ZiB0aGUgcmVjZWl2ZWQgZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0LgogICBJZiB0aGUgRVRS
IGRvZXMgbm90IHN1cHBvcnQgdGhlIFJlcXVlc3RlZCBITUFDIElELCBpdCB1c2VzIGEKICAg
ZGlmZmVyZW50IGFsZ29yaXRobSBhbmQgdXBkYXRlcyB0aGUgUEtUIEhNQUMgSUQgZmllbGQg
YWNjb3JkaW5nbHkuCiAgIFRoZSBzY29wZSBvZiB0aGUgSE1BQyBvcGVyYXRpb24gY292ZXJz
IHRoZSBlbnRpcmUgUEtULUFELCBmcm9tIHRoZQogICBNYXAtUmVwbHkgVHlwZSBmaWVsZCB0
byB0aGUgUEtUIEhNQUMgZmllbGQsIHdoaWNoIG11c3QgYmUgc2V0IHRvIDAKICAgYmVmb3Jl
IHRoZSBjb21wdXRhdGlvbi4KCiAgIEZpbmFsbHkgdGhlIEVUUiBzZW5kcyB0aGUgTWFwLVJl
cGx5IHRvIHRoZSByZXF1ZXN0aW5nIElUUiBhcwogICBzcGVjaWZpZWQgaW4gW1JGQzY4MzBd
LgoKNi4gIFNlY3VyaXR5IENvbnNpZGVyYXRpb25zCgo2LjEuICBNYXBwaW5nIFN5c3RlbSBT
ZWN1cml0eQoKICAgVGhlIExJU1AtU0VDIHRocmVhdCBtb2RlbCBkZXNjcmliZWQgaW4gU2Vj
dGlvbiAzLCBhc3N1bWVzIHRoYXQgdGhlCiAgIExJU1AgTWFwcGluZyBTeXN0ZW0gaXMgd29y
a2luZyBwcm9wZXJseSBhbmQgZXZlbnR1YWxseSBkZWxpdmVycyBNYXAtCiAgIFJlcXVlc3Qg
bWVzc2FnZXMgdG8gYSBNYXAtU2VydmVyIHRoYXQgaXMgYXV0aG9yaXRhdGl2ZSBmb3IgdGhl
CiAgIHJlcXVlc3RlZCBFSUQuCgogICBJdCBpcyBhc3N1bWVkIHRoYXQgdGhlIE1hcHBpbmcg
U3lzdGVtIGVuc3VyZXMgdGhlIGNvbmZpZGVudGlhbGl0eSBvZgogICB0aGUgT1RLLCBhbmQg
dGhlIGludGVncml0eSBvZiB0aGUgTWFwLVJlcGx5IGRhdGEuICBIb3dldmVyLCBob3cgdGhl
CiAgIExJU1AgTWFwcGluZyBTeXN0ZW0gaXMgc2VjdXJlZCBpcyBvdXQgb2YgdGhlIHNjb3Bl
IG9mIHRoaXMgZG9jdW1lbnQuCgogICBTaW1pbGFybHksIE1hcC1SZWdpc3RlciBzZWN1cml0
eSwgaW5jbHVkaW5nIHRoZSByaWdodCBmb3IgYSBMSVNQCiAgIGVudGl0eSB0byByZWdpc3Rl
ciBhbiBFSUQtcHJlZml4IG9yIHRvIGNsYWltIHByZXNlbmNlIGF0IGFuIFJMT0MsIGlzCiAg
IG91dCBvZiB0aGUgc2NvcGUgb2YgTElTUC1TRUMuCgo2LjIuICBSYW5kb20gTnVtYmVyIEdl
bmVyYXRpb24KCiAgIFRoZSBJVFItT1RLIE1VU1QgYmUgZ2VuZXJhdGVkIGJ5IGEgcHJvcGVy
bHkgc2VlZGVkIHBzZXVkby1yYW5kb20gKG9yCiAgIHN0cm9uZyByYW5kb20pIHNvdXJjZS4g
IFNlZSBbUkZDNDA4Nl0gZm9yIGFkdmljZSBvbiBnZW5lcmF0aW5nCiAgIHNlY3VyaXR5LXNl
bnNpdGl2ZSByYW5kb20gZGF0YQoKNi4zLiAgTWFwLVNlcnZlciBhbmQgRVRSIENvbG9jYXRp
b24KCiAgIElmIHRoZSBNYXAtU2VydmVyIGFuZCB0aGUgRVRSIGFyZSBjb2xvY2F0ZWQsIExJ
U1AtU0VDIGRvZXMgbm90CiAgIHByb3ZpZGUgcHJvdGVjdGlvbiBmcm9tIG92ZXJjbGFpbWlu
ZyBhdHRhY2tzIG1vdW50ZWQgYnkgdGhlIEVUUi4KICAgSG93ZXZlciwgaW4gdGhpcyBwYXJ0
aWN1bGFyIGNhc2UsIHNpbmNlIHRoZSBFVFIgaXMgd2l0aGluIHRoZSB0cnVzdAoKCgoKTWFp
bm8sIGV0IGFsLiAgICAgICAgICAgICAgRXhwaXJlcyBNYXkgNCwgMjAxNyAgICAgICAgICAg
ICAgICAgW1BhZ2UgMTZdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBMSVNQ
LVNFQyAgICAgICAgICAgICAgICAgICAgT2N0b2JlciAyMDE2CgoKICAgYm91bmRhcmllcyBv
ZiB0aGUgTWFwLVNlcnZlciwgRVRSJ3Mgb3ZlcmNsYWltaW5nIGF0dGFja3MgYXJlIG5vdAog
ICBpbmNsdWRlZCBpbiB0aGUgdGhyZWF0IG1vZGVsLgoKNi40LiAgRGVwbG95aW5nIExJU1At
U0VDCgogICBUaGlzIG1lbW8gaXMgd3JpdHRlbiBhY2NvcmRpbmcgdG8gW1JGQzIxMTldLiAg
U3BlY2lmaWNhbGx5LCB0aGUgdXNlCiAgIG9mIHRoZSBrZXkgd29yZCBTSE9VTEQgIiBvciB0
aGUgYWRqZWN0aXZlICdSRUNPTU1FTkRFRCcsIG1lYW4gdGhhdAogICB0aGVyZSBtYXkgZXhp
c3QgdmFsaWQgcmVhc29ucyBpbiBwYXJ0aWN1bGFyIGNpcmN1bXN0YW5jZXMgdG8gaWdub3Jl
IGEKICAgcGFydGljdWxhciBpdGVtLCBidXQgdGhlIGZ1bGwgaW1wbGljYXRpb25zIG11c3Qg
YmUgdW5kZXJzdG9vZCBhbmQKICAgY2FyZWZ1bGx5IHdlaWdoZWQgYmVmb3JlIGNob29zaW5n
IGEgZGlmZmVyZW50IGNvdXJzZSIuCgogICBUaG9zZSBkZXBsb3lpbmcgTElTUC1TRUMgYWNj
b3JkaW5nIHRvIHRoaXMgbWVtbywgc2hvdWxkIGNhcmVmdWxseQogICB3ZWlnaHQgaG93IHRo
ZSBMSVNQLVNFQyB0aHJlYXQgbW9kZWwgYXBwbGllcyB0byB0aGVpciBwYXJ0aWN1bGFyIHVz
ZQogICBjYXNlIG9yIGRlcGxveW1lbnQuICBXaGVuIHRoZXkgZGVjaWRlIHRvIGlnbm9yZSBh
IHBhcnRpY3VsYXIKICAgcmVjb21tZW5kYXRpb24gdGhleSBzaG91bGQgbWFrZSBzdXJlIHRo
ZSByaXNrIGFzc29jaWF0ZWQgd2l0aCB0aGUKICAgY29ycmVzcG9uZGluZyB0aHJlYXRzIGlz
IHdlbGwgdW5kZXJzdG9vZC4KCiAgIEFzIGFuIGV4YW1wbGUsIGluIGNlcnRhaW4gY2xvc2Vk
IGFuZCBjb250cm9sbGVkIGRlcGxveW1lbnRzLCBpdCBpcwogICBwb3NzaWJsZSB0aGF0IHRo
ZSB0aHJlYXQgYXNzb2NpYXRlZCB3aXRoIGEgTWlUTSBiZXR3ZWVuIHRoZSB4VFIgYW5kCiAg
IHRoZSBNYXBwaW5nIFN5c3RlbSBpcyB2ZXJ5IGxvdywgYW5kIGFmdGVyIGNhcmZldWwgY29u
c2lkZXJhdGlvbiBpdAogICBtYXkgYmUgZGVjaWRlZCB0byBhbGxvdyBhIE5VTEwga2V5IHdy
YXBwaW5nIGFsZ29yaXRobSB3aGlsZSBjYXJyeWluZwogICB0aGUgT1RLcyBiZXR3ZWVuIHRo
ZSB4VFIgYW5kIHRoZSBNYXBwaW5nIFN5c3RlbS4KCiAgIEFzIGFuIGV4YW1wbGUgYXQgdGhl
IG90aGVyIGVuZCBvZiB0aGUgc3BlY3RydW0sIGluIGNlcnRhaW4gb3RoZXIKICAgZGVwbG95
bWVudHMsIGF0dGFja2VycyBtYXkgYmUgdmVyeSBzb3BoaXN0aWNhdGVkLCBhbmQgZm9yY2Ug
dGhlCiAgIGRlcGxveWVycyB0byBlbmZvcmNlIHZlcnkgc3RyaWN0IHBvbGljaWVzIGluIHRl
cm0gb2YgT1RLIHdyYXBwaW5nCiAgIGFsZ29yaXRobXMgYWxsb3dlZC4KCiAgIFNpbWlsYXIg
Y29uc2lkZXJhdGlvbnMgYXBwbHkgdG8gdGhlIGVudGlyZSBMSVNQLVNFQyB0aHJlYXQgbW9k
ZWwsIGFuZAogICBzaG91bGQgZ3VpZGUgdGhlIGRlcGxveWVycyBhbmQgaW1wbGVtZW50b3Jz
IHdoZW5ldmVyIHRoZXkgZW5jb3VudGVyCiAgIHRoZSBrZXkgd29yZCBTSE9VTEQgYWNyb3Nz
IHRoaXMgbWVtby4KCjcuICBJQU5BIENvbnNpZGVyYXRpb25zCgo3LjEuICBFQ00gQUQgVHlw
ZSBSZWdpc3RyeQoKICAgSUFOQSBpcyByZXF1ZXN0ZWQgdG8gY3JlYXRlIHRoZSAiRUNNIEF1
dGhlbnRpY2F0aW9uIERhdGEgVHlwZSIKICAgcmVnaXN0cnkgd2l0aCB2YWx1ZXMgMC0yNTUs
IGZvciB1c2UgaW4gdGhlIEVDTSBMSVNQLVNFQyBFeHRlbnNpb25zCiAgIFNlY3Rpb24gNS4x
LiAgVGhlIHJlZ2lzdHJ5IE1VU1QgYmUgaW5pdGlhbGx5IHBvcHVsYXRlZCB3aXRoIHRoZQog
ICBmb2xsb3dpbmcgdmFsdWVzOgoKCgoKCgoKCgoKCk1haW5vLCBldCBhbC4gICAgICAgICAg
ICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAgICAgICAgICAgIFtQYWdlIDE3XQoMCklu
dGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgTElTUC1TRUMgICAgICAgICAgICAgICAg
ICAgIE9jdG9iZXIgMjAxNgoKCiAgICAgICAgICAgICBOYW1lICAgICAgICAgICAgICAgICAg
ICAgVmFsdWUgICAgICAgIERlZmluZWQgSW4KICAgICAgICAgICAgIC0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KICAgICAgICAgICAgIFJlc2Vy
dmVkICAgICAgICAgICAgICAgICAwCiAgICAgICAgICAgICBMSVNQLVNFQy1FQ00tRVhUICAg
ICAgICAgMSAgICAgICAgICAgICBUaGlzIG1lbW8KCiAgICAgICAgICAgICB2YWx1ZXMgMi0y
NTUgYXJlIHJlc2VydmVkIHRvIElBTkEuCgogICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBITUFDIEZ1bmN0aW9ucwoKNy4yLiAgTWFwLVJlcGx5IEFEIFR5cGUgUmVnaXN0cnkKCiAg
IElBTkEgaXMgcmVxdWVzdGVkIHRvIGNyZWF0ZSB0aGUgIk1hcC1SZXBseSBBdXRoZW50aWNh
dGlvbiBEYXRhIFR5cGUiCiAgIHJlZ2lzdHJ5IHdpdGggdmFsdWVzIDAtMjU1LCBmb3IgdXNl
IGluIHRoZSBNYXAtUmVwbHkgTElTUC1TRUMKICAgRXh0ZW5zaW9ucyBTZWN0aW9uIDUuMi4g
IFRoZSByZWdpc3RyeSBNVVNUIGJlIGluaXRpYWxseSBwb3B1bGF0ZWQKICAgd2l0aCB0aGUg
Zm9sbG93aW5nIHZhbHVlczoKCiAgICAgICAgICAgICBOYW1lICAgICAgICAgICAgICAgICAg
ICAgVmFsdWUgICAgICAgIERlZmluZWQgSW4KICAgICAgICAgICAgIC0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KICAgICAgICAgICAgIFJlc2Vy
dmVkICAgICAgICAgICAgICAgICAwCiAgICAgICAgICAgICBMSVNQLVNFQy1NUi1FWFQgICAg
ICAgICAgMSAgICAgICAgICAgICBUaGlzIG1lbW8KCiAgICAgICAgICAgICB2YWx1ZXMgMi0y
NTUgYXJlIHJlc2VydmVkIHRvIElBTkEuCgogICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBITUFDIEZ1bmN0aW9ucwoKNy4zLiAgSE1BQyBGdW5jdGlvbnMKCiAgIElBTkEgaXMgcmVx
dWVzdGVkIHRvIGNyZWF0ZSB0aGUgIkxJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEgSE1B
QwogICBJRCIgcmVnaXN0cnkgd2l0aCB2YWx1ZXMgMC02NTUzNSBmb3IgdXNlIGFzIFJlcXVl
c3RlZCBITUFDIElELCBFSUQKICAgSE1BQyBJRCwgYW5kIFBLVCBITUFDIElEIGluIHRoZSBM
SVNQLVNFQyBBdXRoZW50aWNhdGlvbiBEYXRhOgoKICAgICAgICAgICAgIE5hbWUgICAgICAg
ICAgICAgICAgICAgICBOdW1iZXIgICAgICAgIERlZmluZWQgSW4KICAgICAgICAgICAgIC0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KICAgICAg
ICAgICAgIE5PTkUgICAgICAgICAgICAgICAgICAgICAwCiAgICAgICAgICAgICBBVVRILUhN
QUMtU0hBLTEtOTYgICAgICAgMSAgICAgICAgICAgICBbUkZDMjEwNF0KICAgICAgICAgICAg
IEFVVEgtSE1BQy1TSEEtMjU2LTEyOCAgICAyICAgICAgICAgICAgIFtSRkM0NjM0XQoKICAg
ICAgICAgICAgIHZhbHVlcyAzLTY1NTM1IGFyZSByZXNlcnZlZCB0byBJQU5BLgoKICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgSE1BQyBGdW5jdGlvbnMKCiAgIEFVVEgtSE1BQy1T
SEEtMS05NiBNVVNUIGJlIHN1cHBvcnRlZCwgQVVUSC1ITUFDLVNIQS0yNTYtMTI4IFNIT1VM
RCBiZQogICBzdXBwb3J0ZWQuCgoKCgoKCgoKTWFpbm8sIGV0IGFsLiAgICAgICAgICAgICAg
RXhwaXJlcyBNYXkgNCwgMjAxNyAgICAgICAgICAgICAgICAgW1BhZ2UgMThdCgwKSW50ZXJu
ZXQtRHJhZnQgICAgICAgICAgICAgICAgICBMSVNQLVNFQyAgICAgICAgICAgICAgICAgICAg
T2N0b2JlciAyMDE2CgoKNy40LiAgS2V5IFdyYXAgRnVuY3Rpb25zCgogICBJQU5BIGlzIHJl
cXVlc3RlZCB0byBjcmVhdGUgdGhlICJMSVNQLVNFQyBBdXRoZW50aWNhdGlvbiBEYXRhIEtl
eQogICBXcmFwIElEIiByZWdpc3RyeSB3aXRoIHZhbHVlcyAwLTY1NTM1IGZvciB1c2UgYXMg
T1RLIGtleSB3cmFwCiAgIGFsZ29yaXRobXMgSUQgaW4gdGhlIExJU1AtU0VDIEF1dGhlbnRp
Y2F0aW9uIERhdGE6CgogICAgICAgICAgICAgTmFtZSAgICAgICAgICAgICAgICAgICAgIE51
bWJlciAgICAgICAgRGVmaW5lZCBJbgogICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQogICAgICAgICAgICAgTlVMTC1LRVkt
V1JBUC0xMjggICAgICAgIDEgICAgICAgICAgICAgVGhpcyBtZW1vCiAgICAgICAgICAgICBB
RVMtS0VZLVdSQVAtMTI4ICAgICAgICAgMiAgICAgICAgICAgICBbUkZDMzM5NF0KCiAgICAg
ICAgICAgICB2YWx1ZXMgMCBhbmQgMy02NTUzNSBhcmUgcmVzZXJ2ZWQgdG8gSUFOQS4KCiAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBLZXkgV3JhcCBGdW5jdGlvbnMKCiAgIE5VTEwt
S0VZLVdSQVAtMTI4LCBhbmQgQUVTLUtFWS1XUkFQLTEyOCBNVVNUIGJlIHN1cHBvcnRlZC4K
CiAgIE5VTEwtS0VZLVdSQVAtMTI4IGlzIHVzZWQgdG8gY2FycnkgYW4gdW5lbmNyeXB0ZWQg
MTI4LWJpdCBPVEssIHdpdGggYQogICA2NC1iaXQgcHJlYW1ibGUgc2V0IHRvIDB4MDAwMDAw
MDAwMDAwMDAwMCAoNjQgYml0cykuCgo3LjUuICBLZXkgRGVyaXZhdGlvbiBGdW5jdGlvbnMK
CiAgIElBTkEgaXMgcmVxdWVzdGVkIHRvIGNyZWF0ZSB0aGUgIkxJU1AtU0VDIEF1dGhlbnRp
Y2F0aW9uIERhdGEgS2V5CiAgIERlcml2YXRpb24gRnVuY3Rpb24gSUQiIHJlZ2lzdHJ5IHdp
dGggdmFsdWVzIDAtNjU1MzUgZm9yIHVzZSBhcyBLREYKICAgSUQgaW4gdGhlIExJU1AtU0VD
IEF1dGhlbnRpY2F0aW9uIERhdGE6CgogICAgICAgICAgICAgTmFtZSAgICAgICAgICAgICAg
ICAgICAgIE51bWJlciAgICAgICAgRGVmaW5lZCBJbgogICAgICAgICAgICAgLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQogICAgICAgICAgICAg
Tk9ORSAgICAgICAgICAgICAgICAgICAgIDAKICAgICAgICAgICAgIEhLREYtU0hBMS0xMjgg
ICAgICAgICAgICAxICAgICAgICAgICAgIFtSRkM1ODY5XQoKICAgICAgICAgICAgIHZhbHVl
cyAyLTY1NTM1IGFyZSByZXNlcnZlZCB0byBJQU5BLgoKICAgICAgICAgICAgICAgICAgICAg
ICAgIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9ucwoKICAgSEtERi1TSEExLTEyOCBNVVNUIGJl
IHN1cHBvcnRlZAoKOC4gIEFja25vd2xlZGdlbWVudHMKCiAgIFRoZSBhdXRob3JzIHdvdWxk
IGxpa2UgdG8gYWNrbm93bGVkZ2UgUGVyZSBNb25jbHVzLCBEYXZlIE1leWVyLCBEaW5vCiAg
IEZhcmluYWNjaSwgQnJpYW4gV2VpcywgRGF2aWQgTWNHcmV3LCBEYXJyZWwgTGV3aXMgYW5k
IExhbmRvbiBDdXJ0CiAgIE5vbGwgZm9yIHRoZWlyIHZhbHVhYmxlIHN1Z2dlc3Rpb25zIHBy
b3ZpZGVkIGR1cmluZyB0aGUgcHJlcGFyYXRpb24KICAgb2YgdGhpcyBkb2N1bWVudC4KCgoK
CgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAg
ICAgICAgICAgICAgICBbUGFnZSAxOV0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg
ICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgo5LiAgTm9y
bWF0aXZlIFJlZmVyZW5jZXMKCiAgIFtSRkMyMTA0XSAgS3Jhd2N6eWssIEguLCBCZWxsYXJl
LCBNLiwgYW5kIFIuIENhbmV0dGksICJITUFDOiBLZXllZC0KICAgICAgICAgICAgICBIYXNo
aW5nIGZvciBNZXNzYWdlIEF1dGhlbnRpY2F0aW9uIiwgUkZDIDIxMDQsCiAgICAgICAgICAg
ICAgRE9JIDEwLjE3NDg3L1JGQzIxMDQsIEZlYnJ1YXJ5IDE5OTcsCiAgICAgICAgICAgICAg
PGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmMyMTA0Pi4KCiAgIFtSRkMyMTE5
XSAgQnJhZG5lciwgUy4sICJLZXkgd29yZHMgZm9yIHVzZSBpbiBSRkNzIHRvIEluZGljYXRl
CiAgICAgICAgICAgICAgUmVxdWlyZW1lbnQgTGV2ZWxzIiwgQkNQIDE0LCBSRkMgMjExOSwK
ICAgICAgICAgICAgICBET0kgMTAuMTc0ODcvUkZDMjExOSwgTWFyY2ggMTk5NywKICAgICAg
ICAgICAgICA8aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZvL3JmYzIxMTk+LgoKICAg
W1JGQzMzOTRdICBTY2hhYWQsIEouIGFuZCBSLiBIb3VzbGV5LCAiQWR2YW5jZWQgRW5jcnlw
dGlvbiBTdGFuZGFyZAogICAgICAgICAgICAgIChBRVMpIEtleSBXcmFwIEFsZ29yaXRobSIs
IFJGQyAzMzk0LCBET0kgMTAuMTc0ODcvUkZDMzM5NCwKICAgICAgICAgICAgICBTZXB0ZW1i
ZXIgMjAwMiwgPGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmMzMzk0Pi4KCiAg
IFtSRkM0MDg2XSAgRWFzdGxha2UgM3JkLCBELiwgU2NoaWxsZXIsIEouLCBhbmQgUy4gQ3Jv
Y2tlciwKICAgICAgICAgICAgICAiUmFuZG9tbmVzcyBSZXF1aXJlbWVudHMgZm9yIFNlY3Vy
aXR5IiwgQkNQIDEwNiwgUkZDIDQwODYsCiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3L1JG
QzQwODYsIEp1bmUgMjAwNSwKICAgICAgICAgICAgICA8aHR0cDovL3d3dy5yZmMtZWRpdG9y
Lm9yZy9pbmZvL3JmYzQwODY+LgoKICAgW1JGQzUyMjZdICBOYXJ0ZW4sIFQuIGFuZCBILiBB
bHZlc3RyYW5kLCAiR3VpZGVsaW5lcyBmb3IgV3JpdGluZyBhbgogICAgICAgICAgICAgIElB
TkEgQ29uc2lkZXJhdGlvbnMgU2VjdGlvbiBpbiBSRkNzIiwgQkNQIDI2LCBSRkMgNTIyNiwK
ICAgICAgICAgICAgICBET0kgMTAuMTc0ODcvUkZDNTIyNiwgTWF5IDIwMDgsCiAgICAgICAg
ICAgICAgPGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM1MjI2Pi4KCiAgIFtS
RkM1ODY5XSAgS3Jhd2N6eWssIEguIGFuZCBQLiBFcm9uZW4sICJITUFDLWJhc2VkIEV4dHJh
Y3QtYW5kLUV4cGFuZAogICAgICAgICAgICAgIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9uIChI
S0RGKSIsIFJGQyA1ODY5LAogICAgICAgICAgICAgIERPSSAxMC4xNzQ4Ny9SRkM1ODY5LCBN
YXkgMjAxMCwKICAgICAgICAgICAgICA8aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZv
L3JmYzU4Njk+LgoKICAgW1JGQzY4MzBdICBGYXJpbmFjY2ksIEQuLCBGdWxsZXIsIFYuLCBN
ZXllciwgRC4sIGFuZCBELiBMZXdpcywgIlRoZQogICAgICAgICAgICAgIExvY2F0b3IvSUQg
U2VwYXJhdGlvbiBQcm90b2NvbCAoTElTUCkiLCBSRkMgNjgzMCwKICAgICAgICAgICAgICBE
T0kgMTAuMTc0ODcvUkZDNjgzMCwgSmFudWFyeSAyMDEzLAogICAgICAgICAgICAgIDxodHRw
Oi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjNjgzMD4uCgogICBbUkZDNjgzM10gIEZ1
bGxlciwgVi4gYW5kIEQuIEZhcmluYWNjaSwgIkxvY2F0b3IvSUQgU2VwYXJhdGlvbgogICAg
ICAgICAgICAgIFByb3RvY29sIChMSVNQKSBNYXAtU2VydmVyIEludGVyZmFjZSIsIFJGQyA2
ODMzLAogICAgICAgICAgICAgIERPSSAxMC4xNzQ4Ny9SRkM2ODMzLCBKYW51YXJ5IDIwMTMs
CiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM2ODMz
Pi4KCiAgIFtSRkM2ODM2XSAgRnVsbGVyLCBWLiwgRmFyaW5hY2NpLCBELiwgTWV5ZXIsIEQu
LCBhbmQgRC4gTGV3aXMsCiAgICAgICAgICAgICAgIkxvY2F0b3IvSUQgU2VwYXJhdGlvbiBQ
cm90b2NvbCBBbHRlcm5hdGl2ZSBMb2dpY2FsCiAgICAgICAgICAgICAgVG9wb2xvZ3kgKExJ
U1ArQUxUKSIsIFJGQyA2ODM2LCBET0kgMTAuMTc0ODcvUkZDNjgzNiwKICAgICAgICAgICAg
ICBKYW51YXJ5IDIwMTMsIDxodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjNjgz
Nj4uCgoKCgoKCk1haW5vLCBldCBhbC4gICAgICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIw
MTcgICAgICAgICAgICAgICAgIFtQYWdlIDIwXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAg
ICAgICAgICAgTElTUC1TRUMgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCiAg
IFtSRkM3ODM1XSAgU2F1Y2V6LCBELiwgSWFubm9uZSwgTC4sIGFuZCBPLiBCb25hdmVudHVy
ZSwgIkxvY2F0b3IvSUQKICAgICAgICAgICAgICBTZXBhcmF0aW9uIFByb3RvY29sIChMSVNQ
KSBUaHJlYXQgQW5hbHlzaXMiLCBSRkMgNzgzNSwKICAgICAgICAgICAgICBET0kgMTAuMTc0
ODcvUkZDNzgzNSwgQXByaWwgMjAxNiwKICAgICAgICAgICAgICA8aHR0cDovL3d3dy5yZmMt
ZWRpdG9yLm9yZy9pbmZvL3JmYzc4MzU+LgoKQXV0aG9ycycgQWRkcmVzc2VzCgogICBGYWJp
byBNYWlubwogICBDaXNjbyBTeXN0ZW1zCiAgIDE3MCBUYXNtYW4gRHJpdmUKICAgU2FuIEpv
c2UsIENhbGlmb3JuaWEgIDk1MTM0CiAgIFVTQQoKICAgRW1haWw6IGZtYWlub0BjaXNjby5j
b20KCgogICBWaW5hIEVybWFnYW4KICAgQ2lzY28gU3lzdGVtcwogICAxNzAgVGFzbWFuIERy
aXZlCiAgIFNhbiBKb3NlLCBDYWxpZm9ybmlhICA5NTEzNAogICBVU0EKCiAgIEVtYWlsOiB2
ZXJtYWdhbkBjaXNjby5jb20KCgogICBBbGJlcnQgQ2FiZWxsb3MKICAgVGVjaG5pY2FsIFVu
aXZlcnNpdHkgb2YgQ2F0YWxvbmlhCiAgIGMvIEpvcmRpIEdpcm9uYSBzL24KICAgQmFyY2Vs
b25hICAwODAzNAogICBTcGFpbgoKICAgRW1haWw6IGFjYWJlbGxvQGFjLnVwYy5lZHUKCgog
ICBEYW1pZW4gU2F1Y2V6CiAgIElOUklBCiAgIDIwMDQgcm91dGUgZGVzIEx1Y2lvbGVzIC0g
QlAgOTMKICAgU29waGlhIEFudGlwb2xpcwogICBGcmFuY2UKCiAgIEVtYWlsOiBkYW1pZW4u
c2F1Y2V6QGlucmlhLmZyCgoKCgoKCgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBF
eHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAyMV0K
--------------4FAFE1DA8AE8F9CD37E340F5--


From nobody Wed Oct 26 02:13:14 2016
Return-Path: <luigi.iannone@telecom-paristech.fr>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 46E43129A5F; Wed, 26 Oct 2016 02:13:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level: 
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9,  DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telecom-paristech.fr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t74RdaFBzcB1; Wed, 26 Oct 2016 02:13:09 -0700 (PDT)
Received: from zproxy120.enst.fr (zproxy120.enst.fr [137.194.2.193]) by ietfa.amsl.com (Postfix) with ESMTP id 9C593129A49; Wed, 26 Oct 2016 02:13:09 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id 6E6C01004D4; Wed, 26 Oct 2016 11:13:08 +0200 (CEST)
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id e7SL-SHhgaw5; Wed, 26 Oct 2016 11:13:07 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id 6D9C01004BF; Wed, 26 Oct 2016 11:13:07 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 zproxy120.enst.fr 6D9C01004BF
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telecom-paristech.fr; s=A6AEC2EE-1106-11E5-B10E-D103FDDA8F2E; t=1477473187; bh=MeCC7D8vxtwkVM9PIdlI4tN6vM7eaF2RFdv9onrXFWo=; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:To; b=BUndN5bbZWDMPRi9ja6mtESvEeFAmMzd4KisWqHPcAjJSdh6QvgRC4FBHRGaUYXbx aeG9nXrvbRPNn3s+Ay2NDnTMbvQaoqyo5izqtUG6yppzDZBR+ufgiQTN9/NZMW8r2Q xTtAv9s91Ji1W8z5YwAC/CyDMsJOfoTJEMKfFBxM=
X-Virus-Scanned: amavisd-new at zproxy120.enst.fr
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id nJioZ1-_uUGu; Wed, 26 Oct 2016 11:13:07 +0200 (CEST)
Received: from [192.168.0.32] (bny92-2-81-56-19-67.fbx.proxad.net [81.56.19.67]) by zproxy120.enst.fr (Postfix) with ESMTPSA id D33041004C3; Wed, 26 Oct 2016 11:13:06 +0200 (CEST)
From: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
Message-Id: <BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AC43D95B-5000-412B-932F-8C922BB9838C"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Wed, 26 Oct 2016 11:13:04 +0200
In-Reply-To: <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com>
To: Fabio Maino <fmaino@cisco.com>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr> <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/-QWu2qcZSn6x0syjwAlc5QZxgOk>
Cc: lisp-chairs@ietf.org, Damien Saucez <damien.saucez@inria.fr>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 09:13:13 -0000

--Apple-Mail=_AC43D95B-5000-412B-932F-8C922BB9838C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hi Fabio,

Yes we are converging, very few points are left.=20

Inline are my comments, I snipped everything that we already agreed up =
on.

L.

> On 26 Oct 2016, at 02:14, Fabio Maino <fmaino@cisco.com> wrote:
>=20

[snip]

>>> "
>>> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>    from the locally stored ITR-OTK using the algorithm specified in =
the
>>>    KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match =
the
>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>    Reply and send, at the first opportunity it needs to, a new Map-
>>>    Request with a different KDF ID, according to ITR's local policy.
>>> "=20
>>>=20
>>>=20
>>> There are two typical use cases:=20
>>> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard =
map-reply with different KDF IDs. If local policy allows, another =
map-request will be sent with a different KDF ID
>>> - loose KDF ID policy: ITR specify KDF ID =3D none, and will accept =
map-reply with any KDF ID (if supported by ITR). If received KDF is not =
supported the ITR shall drop the map-reply
>>>=20
>>=20
>> The above text does not reflect the policies you are describing. That =
=E2=80=9CSHOULD=E2=80=9D should be a =E2=80=9CMAY=E2=80=9D and your =
policies spelled out.=20
> I think we need to separate the recommendations for the two actions: =
SHOULD drop and MAY resend.=20
>=20
> "
> , the ITR SHOULD discard the Map-
>    Reply. At the first opportunity it needs to, the ITR MAY send a new =
Map-
>    Request with a different KDF ID, according to ITR's local policy.
>=20
> What do you think?=20

Much better :-)

>=20
>>=20
>> Also, what is the MS stubbornly insists in using an algorithm that =
the ITR does not support?
>=20
> The MS might not have alternatives, as it might only support one =
algorithm.=20
>=20

Sure

The question is: can we have situations in which MS replies always with =
the same algorithm (because has no alternatives) and the ITR is never =
able to understand that reply (because has no alternatives).

=46rom my understanding this can happen, right?=20

LISP-SEC has no way to prevent it, right?

What is needed is a policy like =E2=80=9CITR tries using all of the =
algorithm it supports and then gives up=E2=80=9D, right?

If the answer to those questions is yes, then IMO this should be spelled =
out somewhere.


>=20
>=20
[snip]

>>=20
>>>=20
>>>>=20
>>>>>    The KDF ID field, specifies the suggested key derivation =
function to
>>>>>    be used by the Map-Server to derive the MS-OTK.
>>>>=20
>>>> What happens if the MS will choose a KDF ID not supported by the =
ITR?
>>>> Can you clarify how to solve this situation or explain why this =
will never happen?
>>>=20
>>> This is described a few paragraphs below:=20
>>> "
>>> If the KDF ID in the Map-Reply does not match the
>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>    Reply and send, at the first opportunity it needs to, a new Map-
>>>    Request with a different KDF ID, according to ITR's...=20
>>> "
>>>=20
>>=20
>> This does not guarantee that the MS will reply with something the ITR =
understands=E2=80=A6.
>=20
> For some local ITR's policy it may not be guaranteed. It's a balance =
between reachability and security that the ITR will have to choose.=20
>=20
>=20
I am not sure I understand your reply.

My point was the same as above: what if MS and ITR are not able to talk?


>=20
>=20
>=20
>=20
>>=20
>>=20
>>=20
>>>>=20
>>>>>    The EID-AD length is set to 4 bytes, since the Authentication =
Data
>>>>>    does not contain EID-prefix Authentication Data, and the EID-AD
>>>>>    contains only the KDF ID field.
>>>>>=20
>>>>>    In response to an encapsulated Map-Request that has the S-bit =
set, an
>>>>>    ITR MUST receive a Map-Reply with the S-bit set, that includes =
an
>>>>>    EID-AD and a PKT-AD.  If the Map-Reply does not include both =
ADs, the
>>>>>    ITR MUST discard it.  In response to an encapsulated =
Map-Request with
>>>>>    S-bit set to 0, the ITR expects a Map-Reply with S-bit set to =
0, and
>>>>>    the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>>> Why a =E2=80=9CSHOULD=E2=80=9D? If the Map-Request has S-bit=3D0 it =
mean that there is no AD, hence no OTK, how can the ITR decrypt the =
reply?????
>>>> It MUST discard=E2=80=A6..
>>>=20
>>> If S-bit =3D 0 there's no Authentication Data. The Map-reply is in =
clear, and can be read.
>>=20
>> I am not sure you understood my point.
>>=20
>> You send a Map-Request with S=3D0, hence unenbcrypted. How can you =
possible receive a Map-Reply with S=3D1?
>> How is it encrypted if the ITR did not provide any OTK?
>=20
> Misconfiguration, bugs? I was just trying to enumerate the behaviors =
of the ITR. There's probably something wrong, and the map-reply should =
be discarded. Still the mapping is readable, so an ITR favoring =
reachability may decide to use the mapping.=20
>=20

Oh=E2=80=A6 I may see the misunderstanding. You are saying that the bit =
is set in the Map-Reply, but actually the content is not encrypted, =
right? SO the ITR can decide whether or not to use it.

Is that right?


[snip]
>>>> I think =E2=80=9Clog message" is too much implementation specific.=20=

>>>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
>>> ok. Same as above.
>>>>=20
>>>>>    The EID-record with EID-prefix 1.1.2.0/24 is stored in the =
map-cache
>>>>>    because it matches the second EID-prefix contained in the =
EID-AD.
>>>>>=20
>>>>>    The EID-record with EID-prefix 1.2.0.0/16 is not processed =
since it
>>>>>    is not included in any of the EID-ADs signed by the Map-Server. =
 A
>>>>>    log message is issued.
>>>> I think =E2=80=9Clog message" is too much implementation specific.=20=

>>>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
>>> ok. Same as above
>>>>=20
>>>>>   In this last example the ETR is trying to
>>>>>    over claim the EID-prefix 1.2.0.0/16, but the Map-Server =
authorized
>>>>>    only 1.2.3.0/24, hence the EID-record is discarded.
>>>> Reading the example I am not sure I would follow this behaviour.
>>>> Only 1 record out of 3 is valid so why should I actually trust the =
ETR instead of throwing everything away?
>>>> Can you explain ???
>>> The other two records are validated by the MS, so there is no reason =
to throw those away.
>>=20
>> Yes, but the ETR is still trying to cheat on the third one=E2=80=A6.
>> So the ETR may be compromised, why should I send traffic to him???
>=20
> ITR has flagged the security exception with the log entry, and some =
local ITR policy will decide what to do (including stop encapsulating to =
the ETR, if that's what is specified by the policy).  At the LISP level =
LISP-SEC has done its job: verified mapping  goes into the map-cache, =
overclaimed mapping is dropped.=20
>=20

This is not what the above text states. The text states that the valid =
EID-record is stored in the map-cache.
To be consistent with your reply you should change and state that the =
EID-record is eligible to be used by the ITR.

BTW to be consistent with other LISP document you should use "LISP =
Cache=E2=80=9D instead of =E2=80=9Cmap-cache=E2=80=9D (in the whole =
document).


[snip]


--Apple-Mail=_AC43D95B-5000-412B-932F-8C922BB9838C
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">Hi Fabio,<div class=3D""><br class=3D""></div><div =
class=3D"">Yes we are converging, very few points are =
left.&nbsp;</div><div class=3D""><br class=3D""></div><div =
class=3D"">Inline are my comments, I snipped everything that we already =
agreed up on.</div><div class=3D""><br class=3D""></div><div =
class=3D"">L.</div><div class=3D""><br class=3D""><div><blockquote =
type=3D"cite" class=3D""><div class=3D"">On 26 Oct 2016, at 02:14, Fabio =
Maino &lt;<a href=3D"mailto:fmaino@cisco.com" =
class=3D"">fmaino@cisco.com</a>&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"></blockquote><div><br =
class=3D""></div><div>[snip]</div><div><br class=3D""></div><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D""><blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">"
                <pre class=3D"newpage" style=3D"font-size: 13.3333px; =
margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: =
normal; font-variant-ligatures: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: =
0px; -webkit-text-stroke-width: 0px;">To verify the integrity of the =
PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local =
policy.</pre>
                " <br class=3D"">
                <br class=3D"">
                <br class=3D"">
                There are two typical use cases: <br class=3D"">
                - strict KDF ID policy: ITR specifiy a KDF ID, and will
                discard map-reply with different KDF IDs. If local
                policy allows, another map-request will be sent with a
                different KDF ID<br class=3D"">
                - loose KDF ID policy: ITR specify KDF ID =3D none, and
                will accept map-reply with any KDF ID (if supported by
                ITR). If received KDF is not supported the ITR shall
                drop the map-reply<br class=3D"">
                <br class=3D"">
              </div>
            </div>
          </blockquote>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">The above text does not reflect the policies =
you are
            describing. That =E2=80=9CSHOULD=E2=80=9D should be a =
=E2=80=9CMAY=E2=80=9D and your
            policies spelled out. <br class=3D"">
          </div>
        </div>
      </div>
    </blockquote>
    I think we need to separate the recommendations for the two actions:
    SHOULD drop and MAY resend. <br class=3D"">
    <br class=3D"">
    "<br class=3D"">
    <pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: =
0px; margin-bottom: 0px; break-before: page; font-style: normal; =
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: 2; text-align: start; =
text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;">, the ITR SHOULD discard the Map-
   Reply. At the first opportunity it needs to, the ITR MAY send a new =
Map-
   Request with a different KDF ID, according to ITR's local policy.

What do you think?=20
</pre></div></div></blockquote><div><br class=3D""></div><div>Much =
better :-)</div><br class=3D""><blockquote type=3D"cite" class=3D""><div =
class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D"">
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">Also, what is the MS stubbornly insists in =
using an
            algorithm that the ITR does not support?</div>
        </div>
      </div>
    </blockquote>
    <br class=3D"">
    The MS might not have alternatives, as it might only support one
    algorithm. <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>Sure</div><div><br class=3D""></div><div>The =
question is: can we have situations in which MS replies always with the =
same algorithm (because has no alternatives) and the ITR is never able =
to understand that reply (because has no alternatives).</div><div><br =
class=3D""></div><div>=46rom my understanding this can happen, =
right?&nbsp;</div><div><br class=3D""></div><div>LISP-SEC has no way to =
prevent it, right?</div><div><br class=3D""></div><div>What is needed is =
a policy like =E2=80=9CITR tries using all of the algorithm it supports =
and then gives up=E2=80=9D, right?</div><div><br class=3D""></div><div>If =
the answer to those questions is yes, then IMO this should be spelled =
out somewhere.</div><div><br class=3D""></div><br class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D"">
    <br class=3D"">
    <br class=3D""></div></div></blockquote>[snip]</div><div><br =
class=3D""><blockquote type=3D"cite" class=3D""><div class=3D""><div =
bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""><blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D""><br class=3D"">
          <blockquote type=3D"cite" class=3D"">
            <div class=3D"">
              <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> <br =
class=3D"">
                <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                  <div class=3D"">
                    <div class=3D""><br class=3D"">
                    </div>
                    <blockquote type=3D"cite" class=3D"">
                      <div class=3D"">
                        <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The KDF ID field, specifies the =
suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
                      </div>
                    </blockquote>
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D"">What happens if the MS will choose a
                      KDF ID not supported by the ITR?</div>
                    <div class=3D"">Can you clarify how to solve this
                      situation or explain why this will never =
happen?</div>
                  </div>
                </blockquote>
                <br class=3D"">
                This is described a few paragraphs below: <br class=3D"">
                "
                <pre class=3D"newpage" style=3D"font-size: 13.3333px; =
margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: =
normal; font-variant-ligatures: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: =
0px; -webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply =
does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
                "<br class=3D"">
                <br class=3D"">
              </div>
            </div>
          </blockquote>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">This does not guarantee that the MS will reply =
with
            something the ITR understands=E2=80=A6.</div>
        </div>
      </div>
    </blockquote>
    <br class=3D"">
    For some local ITR's policy it may not be guaranteed. It's a balance
    between reachability and security that the ITR will have to choose.
    <br class=3D"">
    <br class=3D"">
    <br class=3D""></div></div></blockquote><div>I am not sure I =
understand your reply.</div><div><br class=3D""></div><div>My point was =
the same as above: what if MS and ITR are not able to =
talk?</div><div><br class=3D""></div><div><br =
class=3D""></div></div><div><blockquote type=3D"cite" class=3D""><div =
class=3D""><div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <br class=3D"">
    <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
      <div class=3D"">
        <div class=3D"">
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D""><br class=3D"">
          </div>
          <br class=3D"">
          <blockquote type=3D"cite" class=3D"">
            <div class=3D"">
              <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                  <div class=3D"">
                    <div class=3D""><br class=3D"">
                    </div>
                    <blockquote type=3D"cite" class=3D"">
                      <div class=3D"">
                        <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The EID-AD length is set to 4 =
bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
                      </div>
                    </blockquote>
                    <div class=3D"">Why a =E2=80=9CSHOULD=E2=80=9D? If =
the Map-Request has
                      S-bit=3D0 it mean that there is no AD, hence no =
OTK,
                      how can the ITR decrypt the reply?????</div>
                    <div class=3D"">It MUST discard=E2=80=A6..</div>
                  </div>
                </blockquote>
                <br class=3D"">
                If S-bit =3D 0 there's no Authentication Data. The
                Map-reply is in clear, and can be read.</div>
            </div>
          </blockquote>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">I am not sure you understood my point.</div>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">You send a Map-Request with S=3D0, hence =
unenbcrypted. How
            can you possible receive a Map-Reply with S=3D1?</div>
          <div class=3D"">How is it encrypted if the ITR did not provide =
any OTK?</div>
        </div>
      </div>
    </blockquote>
    <br class=3D"">
    Misconfiguration, bugs? I was just trying to enumerate the behaviors
    of the ITR. There's probably something wrong, and the map-reply
    should be discarded. Still the mapping is readable, so an ITR
    favoring reachability may decide to use the mapping. <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>Oh=E2=80=A6 I may see the misunderstanding. You =
are saying that the bit is set in the Map-Reply, but actually the =
content is not encrypted, right? SO the ITR can decide whether or not to =
use it.</div><div><br class=3D""></div><div>Is that right?</div><div><br =
class=3D""></div><div><br class=3D""></div>[snip]</div><div><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D""><blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D""><blockquote =
type=3D"cite" class=3D""><div class=3D""><div bgcolor=3D"#FFFFFF" =
text=3D"#000000" class=3D""><blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D""><div class=3D""><div class=3D"">I think =E2=80=9C=
log message" is too much
                      implementation specific.&nbsp;</div>
                    <div class=3D"">If there is a notification, and how
                      this notification is done, is implementation
                      specific IMHO.</div>
                  </div>
                </blockquote>
                ok. Same as above.
                <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                  <div class=3D"">
                    <div class=3D"">
                    </div>
                    <blockquote type=3D"cite" class=3D"">
                      <div class=3D"">
                        <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The EID-record with EID-prefix =
1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre>
                      </div>
                    </blockquote>
                    <div class=3D"">I think =E2=80=9Clog message" is too =
much
                      implementation specific.&nbsp;</div>
                    <div class=3D"">If there is a notification, and how
                      this notification is done, is implementation
                      specific IMHO.</div>
                  </div>
                </blockquote>
                ok. Same as above
                <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                  <div class=3D"">
                    <div class=3D"">
                    </div>
                    <blockquote type=3D"cite" class=3D"">
                      <div class=3D"">
                        <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">  In this last example the ETR is =
trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre>
                      </div>
                    </blockquote>
                    <div class=3D"">Reading the example I am not sure I
                      would follow this behaviour.</div>
                    <div class=3D"">Only 1 record out of 3 is valid so =
why
                      should I actually trust the ETR instead of
                      throwing everything away?</div>
                    <div class=3D"">Can you explain ???</div>
                  </div>
                </blockquote>
                The other two records are validated by the MS, so there
                is no reason to throw those away. </div>
            </div>
          </blockquote>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">Yes, but the ETR is still trying to cheat on =
the third
            one=E2=80=A6.</div>
          <div class=3D"">So the ETR may be compromised, why should I =
send traffic
            to him???</div>
        </div>
      </div>
    </blockquote>
    <br class=3D"">
    ITR has flagged the security exception with the log entry, and some
    local ITR policy will decide what to do (including stop
    encapsulating to the ETR, if that's what is specified by the
    policy).&nbsp; At the LISP level LISP-SEC has done its job: verified
    mapping&nbsp; goes into the map-cache, overclaimed mapping is =
dropped. <br class=3D"">
    <br class=3D""></div></div></blockquote><div><br =
class=3D""></div><div>This is not what the above text states. The text =
states that the valid EID-record is stored in the =
map-cache.</div><div>To be consistent with your reply you should change =
and state that the EID-record is eligible to be used by the =
ITR.</div><div><br class=3D""></div><div>BTW to be consistent with other =
LISP document you should use "LISP Cache=E2=80=9D instead of =
=E2=80=9Cmap-cache=E2=80=9D (in the whole document).</div><br =
class=3D""><br class=3D"">[snip]</div><div><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_AC43D95B-5000-412B-932F-8C922BB9838C--


From nobody Wed Oct 26 02:14:40 2016
Return-Path: <luigi.iannone@telecom-paristech.fr>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E446129A5B; Wed, 26 Oct 2016 02:14:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.714
X-Spam-Level: 
X-Spam-Status: No, score=0.714 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, THIS_AD=2.704, T_FILL_THIS_FORM_SHORT=0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=telecom-paristech.fr
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c3qGy7_Ptpfe; Wed, 26 Oct 2016 02:14:33 -0700 (PDT)
Received: from zproxy120.enst.fr (zproxy120.enst.fr [137.194.2.193]) by ietfa.amsl.com (Postfix) with ESMTP id 406E6129A58; Wed, 26 Oct 2016 02:14:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id A12431004E0; Wed, 26 Oct 2016 11:14:29 +0200 (CEST)
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id uXmurby26Syv; Wed, 26 Oct 2016 11:14:24 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zproxy120.enst.fr (Postfix) with ESMTP id F1EB71004D9; Wed, 26 Oct 2016 11:14:23 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.9.2 zproxy120.enst.fr F1EB71004D9
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telecom-paristech.fr; s=A6AEC2EE-1106-11E5-B10E-D103FDDA8F2E; t=1477473264; bh=Iiv1KDWqOy/15nv+yX3Fa3iZ5sBOx6jdh+u2Xg9YMU8=; h=From:Message-Id:Content-Type:Mime-Version:Subject:Date:To; b=sNSqDYYxtfRzEFOgf7NmFdKjBQVy8ONAONBP0rhPPD5k9iSYjYTd+NUq/w9MchsWd FDZ5v12BhfjDICrAjDObmAgEb5+CjcA1l+NTv1GUgbC1zfGmTg0su04Sya/8kFwBeM pYKz2munQcd9rpU8cekmGTo0Glj5lq5S+EGObkhw=
X-Virus-Scanned: amavisd-new at zproxy120.enst.fr
Received: from zproxy120.enst.fr ([127.0.0.1]) by localhost (zproxy120.enst.fr [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id vBHiVSk6x1hA; Wed, 26 Oct 2016 11:14:23 +0200 (CEST)
Received: from [192.168.0.32] (bny92-2-81-56-19-67.fbx.proxad.net [81.56.19.67]) by zproxy120.enst.fr (Postfix) with ESMTPSA id A6E0A1004DD; Wed, 26 Oct 2016 11:14:21 +0200 (CEST)
From: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
Message-Id: <4F3484F0-20F5-4B03-9456-0CAB8E4D3344@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail=_18803CD6-3ED4-4CAB-BF74-3F75F9A1A8AC"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Wed, 26 Oct 2016 11:14:19 +0200
In-Reply-To: <748f2c3d-16fd-03f3-988d-11a9c262a43a@cisco.com>
To: Fabio Maino <fmaino@cisco.com>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr> <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com> <748f2c3d-16fd-03f3-988d-11a9c262a43a@cisco.com>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/m3gsNWI67beeIw6USphFXvH0nPI>
Cc: lisp-chairs@ietf.org, Damien Saucez <damien.saucez@inria.fr>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 09:14:39 -0000

--Apple-Mail=_18803CD6-3ED4-4CAB-BF74-3F75F9A1A8AC
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

Hi Fabio,

thanks.

I you don=E2=80=99t mind I prefer that we converge first (see other =
reply).=20
So that I have to check only one final update.

ciao

L.


> On 26 Oct 2016, at 06:07, Fabio Maino <fmaino@cisco.com> wrote:
>=20
> Ciao Luigi,=20
> here is the updated draft and the diff from -11.=20
>=20
>=20
> Thanks,
> Fabio
>=20
>=20
> On 10/25/16 5:14 PM, Fabio Maino wrote:
>> Hi Luigi,=20
>> below are more replies skipping the ones we agreed already. Looks =
like we are converging...=20
>>=20
>>=20
>> wrt to 6830bis, I think we should not wait. I suspect the security =
review of the document will take some time, so we can do some progress =
in parallel to 6830bis.=20
>>=20
>> We will have to do a LISP-SECbis afterwards, but that should be =
simple.=20
>>=20
>> Please, see below.=20
>>=20
>>=20
>>=20
>>=20
>> On 10/24/16 3:02 AM, Luigi Iannone wrote:
>>> Hi Fabio,
>>>=20
>>> se my comment inline.=20
>>> (I do not consider the points we agree and everything related to the =
=E2=80=9CSHOULD=E2=80=9D clarification)
>>>=20
>>> Thanks for your work
>>>=20
>>> Ciao
>>>=20
>>> L.
>>>=20
>>>=20
>>>> On 22 Oct 2016, at 01:23, Fabio Maino <fmaino@cisco.com =
<mailto:fmaino@cisco.com>> wrote:
>>>>=20
>>>> Ciao Luigi,=20
>>>> below I have replied to each comment. I'm working to the updated =
text, that I will send as soon as it is ready. ideally we might be able =
to publish a new version before draft deadline.=20
>>>=20
>>> Excellent. Thanks
>>>=20
>>>>=20
>>>> Just a note on the most recurring comment: SHOULD vs. MUST.=20
>>>>=20
>>>> The use of SHOULD across the document is according to RFC 2119:=20
>>>>=20
>>>> SHOULD   This word, or the adjective "RECOMMENDED", mean that there
>>>>    may exist valid reasons in particular circumstances to ignore a
>>>>    particular item, but the full implications must be understood =
and
>>>>    carefully weighed before choosing a different course.
>>>>=20
>>>>=20
>>>> There are use cases where, carefully weighing the implications, =
some of the security services of LISP-SEC can be turned-off. We want to =
leave implementors the freedom to allow this flexibility.=20
>>>>=20
>>>> For example, in a DC deployment it may make sense to turn off OTK =
decryption between XTR and MS/MR, as MiTM is very unlikely.=20
>>>>=20
>>>> Similarly, an ITR may decide to implement a loose policy on =
accepting an AD authenticated with an algorithm different from the =
preferred authentication algorithm expressed by the ITR. Using a MUST =
would force support of a given authentication algorithm across each and =
every MS and ETR, that might not be the case when incrementally =
deploying LISP-SEC (or while upgrading routers).=20
>>>>=20
>>>> Using a MUST would prevent this flexibility, that we would like to =
leave to the implementors.=20
>>>>=20
>>>>=20
>>>>=20
>>>=20
>>> This is fixed as for the suggestion of Joel. Thanks.
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>>>>> Dear Authors of the LISP-SEC document,
>>>>>=20
>>>>> hereafter my review of the document.
>>>>> This was long overdue, sorry for being so late.
>>>>>=20
>>>>> I really like the solution and the majority of my comments are =
just clarification questions.
>>>>> Let me know if my comments are clear.
>>>>>=20
>>>>> ciao
>>>>>=20
>>>>> L.
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>> 1.  Introduction
>>>>>>=20
>>>>>>    The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>>>>    functions for routers to exchange information used to map from =
non-
>>>>>>    routable Endpoint Identifiers (EIDs) to routable Routing =
Locators
>>>>>>    (RLOCs). =20
>>>>> I find the above sentence confusing. Wouldn=E2=80=99t be better to =
specify that we are talking about IP addresses?
>>>>=20
>>>> That's how LISP is described in RFC6830, section 1. If you start =
using the term IP address then you need to qualify if you are talking =
about Identity-IP or Locator-IP, so the sentence gets complicated pretty =
quickly.=20
>>>>=20
>>>=20
>>> Not really. The very first sentence of the abstract of 6830 states:
>>>=20
>>> This document describes a network-layer-based protocol that enables
>>>    separation of IP addresses into two new numbering spaces: =
Endpoint
>>>    Identifiers (EIDs) and Routing Locators (RLOCs).=20
>>>=20
>>>=20
>>> So clearly speaks about IP address.
>>> Furthermore =E2=80=9Croutable" en =E2=80=9Cnon routable=E2=80=9D is =
true only in the inter-domain point of view, because EID are locally =
routable.
>>> Note that 6830 does not specify in the first sentence what is =
routable and what is not.
>>=20
>> ok, fixed with text from 6830.=20
>>=20
>>=20
>>>=20
>>>=20
>>>> I would leave this one unchanged.
>>>>>=20
>>>>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>>>>    messages, are transmitted without integrity protection, an =
adversary
>>>>>>    can manipulate them and hijack the communication, impersonate =
the
>>>>>>    requested EID, or mount Denial of Service or Distributed =
Denial of
>>>>>>    Service attacks.  Also, if the Map-Reply message is =
transported
>>>>>>    unauthenticated, an adversarial LISP entity can overclaim an =
EID-
>>>>>>    prefix and maliciously redirect traffic directed to a large =
number of
>>>>>>    hosts.  A detailed description of "overclaiming" attack is =
provided
>>>>>>    in [RFC7835].
>>>>>>=20
>>>>>>    This memo specifies LISP-SEC, a set of security mechanisms =
that
>>>>>>    provides origin authentication, integrity and anti-replay =
protection
>>>>>>    to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>>>>    process. =20
>>>>>=20
>>>>> I would put s forward reference to section 3 stating that the =
reader will find details about the threat model.
>>>>=20
>>>> OK. We can replace the sentence=20
>>>> A detailed description of "overclaiming" attack is provided
>>>>    in [RFC7835]
>>>>=20
>>>> with=20
>>>>=20
>>>> The LISP-SEC threat model, described in Section 3, is built on top =
of the LISP threat model defined in RFC7835, that includes a detailed =
description of "overclaiming" attack.=20
>>> OK
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>=20
>>>>>> LISP-SEC also enables verification of authorization on EID-
>>>>>>    prefix claims in Map-Reply messages, ensuring that the sender =
of a
>>>>>>    Map-Reply that provides the location for a given EID-prefix is
>>>>>>    entitled to do so according to the EID prefix registered in =
the
>>>>>>    associated Map-Server.  Map-Register security, including the =
right
>>>>>>    for a LISP entity to register an EID-prefix or to claim =
presence at
>>>>>>    an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>>>>    considerations are described in Section 6.
>>>>>>=20
>>>>>> 2.  Definition of Terms
>>>>>>=20
>>>>>>       One-Time Key (OTK): An ephemeral randomly generated key =
that must
>>>>>>       be used for a single Map-Request/Map-Reply exchange.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>          ITR-OTK: The One-Time Key generated at the ITR.
>>>>>>=20
>>>>>>          MS-OTK: The One-Time Key generated at the Map-Server.
>>>>>=20
>>>>> Why are you considering ITR-OTK and MS-OTK sub-terms?=20
>>>>> I would elevate them at full terms, hence avoiding spacing and =
indentation.
>>>>=20
>>>> Ok.=20
>>>>=20
>>>>>=20
>>>>>>       Encapsulated Control Message (ECM): A LISP control message =
that is
>>>>>>       prepended with an additional LISP header.  ECM is used by =
ITRs to
>>>>>>       send LISP control messages to a Map-Resolver, by =
Map-Resolvers to
>>>>>>       forward LISP control messages to a Map-Server, and by Map-
>>>>>>       Resolvers to forward LISP control messages to an ETR.
>>>>>>=20
>>>>> Why are you re-defining ECM?=20
>>>>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>>>>> I would drop it.
>>>>=20
>>>> It is not defined in the Definitions section of 6830. One would =
need to go through the body of 6830 to find it.=20
>>>=20
>>> I see your point. Just keep the text and add a ref to section 6.1.8 =
of 6830. This will clarify that is something coming from a specific =
section of that document.
>>=20
>> I have dropped the definition, expanded the acronym ECM and referred =
to the specific section.=20
>>=20
>> In this way we don't have to wait for 6830bis, but we refer to the =
proper definition.
>>=20
>>>=20
>>> =20
>>>=20
>>>>=20
>>>> I'll drop it, but we need to make sure that ECM gets into the =
definition section of 6830bis.=20
>>>>=20
>>>> Albert: are you looking into that document? Can you take care of =
this?=20
>>>>=20
>>>>=20
>>>>>=20
>>>>>=20
>>>>>>       Authentication Data (AD): Metadata that is included either =
in a
>>>>>>       LISP ECM header or in a Map-Reply message to support
>>>>>>       confidentiality, integrity protection, and verification of =
EID-
>>>>>>       prefix authorization.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 3]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>          OTK-AD: The portion of ECM Authentication Data that =
contains a
>>>>>>          One-Time Key.
>>>>>>=20
>>>>>>          EID-AD: The portion of ECM and Map-Reply Authentication =
Data
>>>>>>          used for verification of EID-prefix authorization.
>>>>>>=20
>>>>>>          PKT-AD: The portion of Map-Reply Authentication Data =
used to
>>>>>>          protect the integrity of the Map-Reply message.
>>>>>=20
>>>>>=20
>>>>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?=20
>>>>> I would elevate them at full terms, hence avoiding spacing and =
indentation.
>>>>>=20
>>>> ok.=20
>>>>=20
>>>>>=20
>>>>>>    For definitions of other terms, notably Map-Request, =
Map-Reply,
>>>>>>    Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), =
Map-Server
>>>>>>    (MS), and Map-Resolver (MR) please consult the LISP =
specification
>>>>>>    [RFC6830].
>>>>>>=20
>>>>>> 3.  LISP-SEC Threat Model
>>>>>>=20
>>>>>>    LISP-SEC addresses the control plane threats, described in =
[RFC7835],
>>>>>>    that target EID-to-RLOC mappings, including manipulations of =
Map-
>>>>>>    Request and Map-Reply messages, and malicious ETR EID prefix
>>>>>>    overclaiming.  LISP-SEC makes two main assumptions: (1) the =
LISP
>>>>>>    mapping system is expected to deliver a Map-Request message to =
their
>>>>>>    intended destination ETR as identified by the EID, and (2) no =
man-in-
>>>>>>    the-middle (MITM) attack can be mounted within the LISP =
Mapping
>>>>>>    System.  Furthermore, while LISP-SEC enables detection of EID =
prefix
>>>>>>    overclaiming attacks, it assumes that Map-Servers can verify =
the EID
>>>>>>    prefix authorization at time of registration.
>>>>> LISP-SEC does not require OTK confidentiality in the mapping =
system. This should be discussed here.
>>>> we could add to the above
>>>> "and (2) no man-in-
>>>>    the-middle (MITM) attack can be mounted within the LISP Mapping
>>>>    System."=20
>>>>=20
>>>> How the Mapping System is protected from MiTM attacks depends from =
the particular Mapping System used, and is out of the scope of this =
memo.=20
>>>>=20
>>>>=20
>>>=20
>>> That=E2=80=99s fine for me.
>>>=20
>>>=20
>>>>=20
>>>>>=20
>>>>>=20
>>>>>>    According to the threat model described in [RFC7835] LISP-SEC =
assumes
>>>>>>    that any kind of attack, including MITM attacks, can be =
mounted in
>>>>>>    the access network, outside of the boundaries of the LISP =
mapping
>>>>>>    system.  An on-path attacker, outside of the LISP mapping =
system can,
>>>>>>    for example, hijack Map-Request and Map-Reply messages, =
spoofing the
>>>>>>    identity of a LISP node.  Another example of on-path attack, =
called
>>>>>>    overclaiming attack, can be mounted by a malicious Egress =
Tunnel
>>>>>>    Router (ETR), by overclaiming the EID-prefixes for which it is
>>>>>>    authoritative.  In this way the ETR can maliciously redirect =
traffic
>>>>>>    directed to a large number of hosts.
>>>>>>=20
>>>>>> 4.  Protocol Operations
>>>>>>=20
>>>>>>    The goal of the security mechanisms defined in [RFC6830] is to
>>>>>>    prevent unauthorized insertion of mapping data by providing =
origin
>>>>>>    authentication and integrity protection for the =
Map-Registration, and
>>>>>>    by using the nonce to detect unsolicited Map-Reply sent by =
off-path
>>>>>>    attackers.
>>>>>>=20
>>>>>>    LISP-SEC builds on top of the security mechanisms defined in
>>>>>>    [RFC6830] to address the threats described in Section 3 by =
leveraging
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 4]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    the trust relationships existing among the LISP entities
>>>>>>    participating to the exchange of the Map-Request/Map-Reply =
messages.
>>>>>>    Those trust relationships are used to securely distribute a =
One-Time
>>>>>>    Key (OTK) that provides origin authentication, integrity and =
anti-
>>>>>>    replay protection to mapping data conveyed via the mapping =
lookup
>>>>>>    process, and that effectively prevent overclaiming attacks.  =
The
>>>>>>    processing of security parameters during the =
Map-Request/Map-Reply
>>>>>>    exchange is as follows:
>>>>>>=20
>>>>>>    o  The ITR-OTK is generated and stored at the ITR, and =
securely
>>>>>>       transported to the Map-Server.
>>>>>>=20
>>>>>>    o  The Map-Server uses the ITR-OTK to compute an HMAC that =
protects
>>>>> You did not define HMAC acronym. Please define and add a =
reference.
>>>>=20
>>>> ok.=20
>>>>=20
>>>>=20
>>>>>=20
>>>>>>       the integrity of the mapping data known to the Map-Server =
to
>>>>>>       prevent overclaiming attacks.  The Map-Server also derives =
a new
>>>>>>       OTK, the MS-OTK, that is passed to the ETR, by applying a =
Key
>>>>>>       Derivation Function (KDF) to the ITR-OTK.
>>>>>>=20
>>>>>>    o  The ETR uses the MS-OTK to compute an HMAC that protects =
the
>>>>>>       integrity of the Map-Reply sent to the ITR.
>>>>>>=20
>>>>>>    o  Finally, the ITR uses the stored ITR-OTK to verify the =
integrity
>>>>>>       of the mapping data provided by both the Map-Server and the =
ETR,
>>>>>>       and to verify that no overclaiming attacks were mounted =
along the
>>>>>>       path between the Map-Server and the ITR.
>>>>>>=20
>>>>>>    Section 5 provides the detailed description of the LISP-SEC =
control
>>>>>>    messages and their processing, while the rest of this section
>>>>>>    describes the flow of protocol operations at each entity =
involved in
>>>>>>    the Map-Request/Map-Reply exchange:
>>>>>>=20
>>>>>>    o  The ITR, upon needing to transmit a Map-Request message, =
generates
>>>>>>       and stores an OTK (ITR-OTK).  This ITR-OTK is included into =
the
>>>>>>       Encapsulated Control Message (ECM) that contains the =
Map-Request
>>>>>>       sent to the Map-Resolver.  To provide confidentiality to =
the ITR-
>>>>>>       OTK over the path between the ITR and its Map-Resolver, the =
ITR-
>>>>>>       OTK SHOULD=20
>>>>> Why not using =E2=80=9CMUST=E2=80=9D???
>>>>> Are you suggesting that a different way to provide confidentiality =
can be used (e.g. a different shared key)???
>>>>> If yes, please state so.
>>>>>=20
>>>>> Or are you suggesting that no encryption at all is used? But this =
means not providing confidentiality=E2=80=A6
>>>>> Can you clarify?
>>>>>=20
>>>>> (this very same comment will appear several time in this review)
>>>>=20
>>>> We don't want to make the use of pre-shared key *mandatory* to all =
LISP deployments. There are deployments where the risk of MiTM between =
the xTR and the MS/MR may not justify the cost of provisioning a shared =
key (data centers, for example).=20
>>>>=20
>>>>=20
>>>>>> be encrypted using a preconfigured key shared between
>>>>>>       the ITR and the Map-Resolver, similar to the key shared =
between
>>>>>>       the ETR and the Map-Server in order to secure ETR =
registration
>>>>>>       [RFC6833].
>>>>>>=20
>>>>>>    o  The Map-Resolver decapsulates the ECM message, decrypts the =
ITR-
>>>>>>       OTK, if needed, and forwards through the Mapping System the
>>>>>>       received Map-Request and the ITR-OTK, as part of a new ECM
>>>>>>       message.  As described in Section 5.6, the LISP Mapping =
System
>>>>>>       delivers the ECM to the appropriate Map-Server, as =
identified by
>>>>>>       the EID destination address of the Map-Request.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 5]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    o  The Map-Server is configured with the location mappings and =
policy
>>>>>>       information for the ETR responsible for the EID destination
>>>>>>       address.  Using this preconfigured information, the =
Map-Server,
>>>>>>       after the decapsulation of the ECM message, finds the =
longest
>>>>>>       match EID-prefix that covers the requested EID in the =
received
>>>>>>       Map-Request.  The Map-Server adds this EID-prefix, together =
with
>>>>>>       an HMAC computed using the ITR-OTK, to a new Encapsulated =
Control
>>>>>>       Message that contains the received Map-Request.
>>>>>>=20
>>>>>>    o  The Map-Server derives a new OTK, the MS-OTK, by applying a =
Key
>>>>>>       Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is =
included
>>>>>>       in the Encapsulated Control Message that the Map-Server =
uses to
>>>>>>       forward the Map-Request to the ETR.  To provide MS-OTK
>>>>>>       confidentiality over the path between the Map-Server and =
the ETR,
>>>>>>       the MS-OTK should=20
>>>>> This =E2=80=9Cshould=E2=80=9D should be a =E2=80=9CSHOULD=E2=80=9D =
 (sorry for the cacophony=E2=80=A6)
>>>>=20
>>>> Ok.=20
>>>>>=20
>>>>> Why not using =E2=80=9CMUST=E2=80=9D???
>>>>> Are you suggesting that a different way to provide confidentiality =
can be used (e.g. a different shared key)???
>>>>> If yes, please state so.
>>>>>=20
>>>>> Or are you suggesting that no encryption at all is used? But this =
means not providing confidentiality=E2=80=A6
>>>>> Can you clarify?
>>>>=20
>>>> Same as above.=20
>>>>=20
>>>>>=20
>>>>>> be encrypted using the key shared between the
>>>>>>       ETR and the Map-Server in order to secure ETR registration
>>>>>>       [RFC6833].
>>>>>>=20
>>>>>>    o  If the Map-Server is acting in proxy mode, as specified in
>>>>>>       [RFC6830], the ETR is not involved in the generation of the =
Map-
>>>>>>       Reply.  In this case the Map-Server generates the Map-Reply =
on
>>>>>>       behalf of the ETR as described below.
>>>>>>=20
>>>>>>    o  The ETR, upon receiving the ECM encapsulated Map-Request =
from the
>>>>>>       Map-Server, decrypts the MS-OTK, if needed, and originates =
a
>>>>>>       standard Map-Reply that contains the EID-to-RLOC mapping
>>>>>>       information as specified in [RFC6830].
>>>>>>=20
>>>>>>    o  The ETR computes an HMAC over this standard Map-Reply, =
keyed with
>>>>>>       MS-OTK to protect the integrity of the whole Map-Reply.  =
The ETR
>>>>>>       also copies the EID-prefix authorization data that the =
Map-Server
>>>>>>       included in the ECM encapsulated Map-Request into the =
Map-Reply
>>>>>>       message.  The ETR then sends this complete Map-Reply =
message to
>>>>>>       the requesting ITR.
>>>>>>=20
>>>>>>    o  The ITR, upon receiving the Map-Reply, uses the locally =
stored
>>>>>>       ITR-OTK to verify the integrity of the EID-prefix =
authorization
>>>>>>       data included in the Map-Reply by the Map-Server.  The ITR
>>>>>>       computes the MS-OTK by applying the same KDF used by the =
Map-
>>>>>>       Server, and verifies the integrity of the Map-Reply.  If =
the
>>>>>>       integrity checks fail, the Map-Reply MUST be discarded.  =
Also, if
>>>>>>       the EID-prefixes claimed by the ETR in the Map-Reply are =
not equal
>>>>>>       or more specific than the EID-prefix authorization data =
inserted
>>>>>>       by the Map-Server, the ITR MUST discard the Map-Reply.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 6]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>> 5.  LISP-SEC Control Messages Details
>>>>>>=20
>>>>>>    LISP-SEC metadata associated with a Map-Request is transported =
within
>>>>>>    the Encapsulated Control Message that contains the =
Map-Request.
>>>>>>=20
>>>>>>    LISP-SEC metadata associated with the Map-Reply is transported =
within
>>>>>>    the Map-Reply itself.
>>>>>>=20
>>>>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>>>>=20
>>>>>>    LISP-SEC uses the ECM (Encapsulated Control Message) defined =
in
>>>>>>    [RFC6830] with Type set to 8, and S bit set to 1 to indicate =
that the
>>>>>>    LISP header includes Authentication Data (AD).  The format of =
the
>>>>>>    LISP-SEC ECM Authentication Data is defined in the following =
figure.
>>>>>>    OTK-AD stands for One-Time Key Authentication Data and EID-AD =
stands
>>>>>>    for EID Authentication Data.
>>>>>>=20
>>>>>>  0                   1                   2                   3
>>>>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>>>>> =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>>>>> |              OTK Length       |       OTK Encryption ID       | =
|
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
|
>>>>>> |                       One-Time-Key Preamble ...               | =
|
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
OTK-AD
>>>>>> |                   ... One-Time-Key Preamble                   | =
|
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
|
>>>>>> ~                      One-Time Key (128 bits)                  =
~/
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>>>>> |           EID-AD Length       |           KDF ID              | =
    |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
    |
>>>>>> | Record Count  |    Reserved   |         EID HMAC ID           | =
    EID-AD
>>>>>> =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>>>> |   Reserved    | EID mask-len  |           EID-AFI             | =
|   |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
Rec |
>>>>>> ~                          EID-prefix ...                       ~ =
|   |
>>>>>> =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>>>> ~                            EID HMAC                           ~ =
    |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<=E2=80=94+
>>>>> I think that =E2=80=9Crec=E2=80=9D is mis-aligned and should be =
shifted one character upward.
>>>>=20
>>>> No. The row above is the portion of the header that specifies how =
many records will follow. Rec shows one Rec item, in the array of =
Records.  It is consistent with 6830.
>>>>=20
>>>>=20
>>>=20
>>> OK
>>>=20
>>>>=20
>>>>>=20
>>>>>>                      LISP-SEC ECM Authentication Data
>>>>>>=20
>>>>>>       AD Type: 1 (LISP-SEC Authentication Data)
>>>>> This is the first document starting to allocate values to the "AD =
Type=E2=80=9D value.=20
>>>>> Why not asking IANA to create a registry??
>>>>> (to be done in the IANA Considerations Section)=20
>>>>=20
>>>>=20
>>>> Ok.
>>>>=20
>>>>>=20
>>>>>=20
>>>>>=20
>>>>>>       V: Key Version bit.  This bit is toggled when the sender =
switches
>>>>>>       to a new OTK wrapping key
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 7]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>>=20
>>>>>>       Requested HMAC ID: The HMAC algorithm requested by the ITR. =
 See
>>>>>>       Section 5.4 for details.
>>>>>>=20
>>>>>>       OTK Length: The length (in bytes) of the OTK Authentication =
Data
>>>>>>       (OTK-AD), that contains the OTK Preamble and the OTK.
>>>>>>=20
>>>>>>       OTK Encryption ID: The identifier of the key wrapping =
algorithm
>>>>>>       used to encrypt the One-Time-Key. When a 128-bit OTK is =
sent
>>>>>>       unencrypted by the Map-Resolver, the OTK Encryption ID is =
set to
>>>>>>       NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>>>>=20
>>>>>>       One-Time-Key Preamble: set to 0 if the OTK is not =
encrypted.  When
>>>>>>       the OTK is encrypted, this field may carry additional =
metadata
>>>>>>       resulting from the key wrapping operation.  When a 128-bit =
OTK is
>>>>>>       sent unencrypted by Map-Resolver, the OTK Preamble is set =
to
>>>>>>       0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>>>>=20
>>>>>>       One-Time-Key: the OTK encrypted (or not) as specified by =
OTK
>>>>>>       Encryption ID.  See Section 5.5 for details.
>>>>>>=20
>>>>>>       EID-AD Length: length (in bytes) of the EID Authentication =
Data
>>>>>>       (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it =
only
>>>>>>       fills the KDF ID field, and all the remaining fields part =
of the
>>>>>>       EID-AD are not present.  An EID-AD MAY contain multiple =
EID-
>>>>>>       records.  Each EID-record is 4-byte long plus the length of =
the
>>>>>>       AFI-encoded EID-prefix.
>>>>>>=20
>>>>>>       KDF ID: Identifier of the Key Derivation Function used to =
derive
>>>>>>       the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>>>>       recommended KDF algorithm, according to local policy.=20
>>>>> I am not sure I understand the rationale of this =E2=80=9CSHOULD=E2=80=
=9D. If for any reason the ITR does not indicate the KDF ID what are the =
consequences?
>>>>=20
>>>> That should be a MAY, I believe,=20
>>>>=20
>>>> The ITR can specify "no preference" for KDF ID, using a value of 0.=20=

>>>=20
>>> I think this is the unclear information: that the ITR can state =
=E2=80=9Cno preference=E2=80=9D using value 0.
>>> Would be good if you can state it more clearly.
>>=20
>> I've added text to clarify this.=20
>>=20
>>>=20
>>>=20
>>>>=20
>>>> In the ITR processing section 5.4,  we should add to=20
>>>>=20
>>>> The KDF ID field, specifies the suggested key derivation function =
to
>>>>    be used by the Map-Server to derive the MS-OTK.
>>>>=20
>>>> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify =
that the ITR has no preferred KDF ID". =20
>>>>=20
>>>>=20
>>>>=20
>>>>> Is the MS free to choose the algorithm? This should be clarified.
>>>> This is specified in section 5.7.=20
>>>>=20
>>>> "
>>>> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) =
from
>>>>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>    applying the key derivation function specified in the KDF ID =
field.
>>>>    If the algorithm specified in the KDF ID field is not supported, =
the
>>>>    Map-Server uses a different algorithm to derive the key and =
updates
>>>>    the KDF ID field accordingly.
>>>> "
>>>>=20
>>>>=20
>>>=20
>>> Since this paragraph does not use any 2119 language it actually mean =
that an MS can choose freely the  algorithm to use.
>>> right?
>>=20
>> right. If the ITR does support that specific ID, the ITR may still =
decide to use it.=20
>>=20
>>>=20
>>>>=20
>>>>>=20
>>>>>>  The Map-
>>>>>>       Server can overwrite the KDF ID if it does not support the =
KDF ID
>>>>>>       recommended by the ITR. =20
>>>>> What happens if the MS will choose a KDF ID not supported by the =
ITR?
>>>>> Can you clarify how to solve this situation or explain why this =
will never happen?
>>>>=20
>>>> This is specified in 5.4, ITR processing.=20
>>>>=20
>>>> "
>>>> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>>    from the locally stored ITR-OTK using the algorithm specified in =
the
>>>>    KDF ID field.  This is because the PKT-AD is generated by the =
ETR
>>>>    using the MS-OTK.  If the KDF ID in the Map-Reply does not match =
the
>>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>>    Reply and send, at the first opportunity it needs to, a new Map-
>>>>    Request with a different KDF ID, according to ITR's local =
policy.
>>>> "=20
>>>>=20
>>>>=20
>>>> There are two typical use cases:=20
>>>> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard =
map-reply with different KDF IDs. If local policy allows, another =
map-request will be sent with a different KDF ID
>>>> - loose KDF ID policy: ITR specify KDF ID =3D none, and will accept =
map-reply with any KDF ID (if supported by ITR). If received KDF is not =
supported the ITR shall drop the map-reply
>>>>=20
>>>=20
>>> The above text does not reflect the policies you are describing. =
That =E2=80=9CSHOULD=E2=80=9D should be a =E2=80=9CMAY=E2=80=9D and your =
policies spelled out.=20
>> I think we need to separate the recommendations for the two actions: =
SHOULD drop and MAY resend.=20
>>=20
>> "
>> , the ITR SHOULD discard the Map-
>>    Reply. At the first opportunity it needs to, the ITR MAY send a =
new Map-
>>    Request with a different KDF ID, according to ITR's local policy.
>>=20
>> What do you think?=20
>>=20
>>>=20
>>> Also, what is the MS stubbornly insists in using an algorithm that =
the ITR does not support?
>>=20
>> The MS might not have alternatives, as it might only support one =
algorithm.=20
>>=20
>>=20
>>=20
>>>=20
>>>=20
>>>>=20
>>>>>=20
>>>>>> See Section 5.4 for more details.
>>>>>>=20
>>>>>>       Record Count: The number of records in this Map-Request =
message.
>>>>>>       A record is comprised of the portion of the packet that is =
labeled
>>>>>>       'Rec' above and occurs the number of times equal to Record =
Count.
>>>>>>=20
>>>>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>>=20
>>>>>>       EID HMAC ID: Identifier of the HMAC algorithm used to =
protect the
>>>>>>       integrity of the EID-AD.  This field is filled by =
Map-Server that
>>>>>>       computed the EID-prefix HMAC.  See Section 5.4 for more =
details.
>>>>>>=20
>>>>>>       EID mask-len: Mask length for EID-prefix.
>>>>>>=20
>>>>>>       EID-AFI: Address family of EID-prefix according to =
[RFC5226]
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 8]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>       EID-prefix: The Map-Server uses this field to specify the =
EID-
>>>>>>       prefix that the destination ETR is authoritative for, and =
is the
>>>>>>       longest match for the requested EID.
>>>>>>=20
>>>>>>       EID HMAC: HMAC of the EID-AD computed and inserted by =
Map-Server.
>>>>>>       Before computing the HMAC operation the EID HMAC field MUST =
be set
>>>>>>       to 0.  The HMAC covers the entire EID-AD.
>>>>>>=20
>>>>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>>>>=20
>>>>>>    LISP-SEC uses the Map-Reply defined in [RFC6830], with Type =
set to 2,
>>>>>>    and S bit set to 1 to indicate that the Map-Reply message =
includes
>>>>>>    Authentication Data (AD).  The format of the LISP-SEC =
Map-Reply
>>>>>>    Authentication Data is defined in the following figure.  =
PKT-AD is
>>>>>>    the Packet Authentication Data that covers the Map-Reply =
payload.
>>>>>>=20
>>>>>>  0                   1                   2                   3
>>>>>>  0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>> |    AD Type    |                 Reserved                      |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>>>>> |           EID-AD Length       |           KDF ID              | =
    |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
    |
>>>>>> | Record Count  |    Reserved   |         EID HMAC ID           | =
    EID-AD
>>>>>> =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>>>> |   Reserved    | EID mask-len  |           EID-AFI             | =
|   |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
Rec |
>>>>>> ~                          EID-prefix ...                       ~ =
|   |
>>>>>> =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>>>> ~                            EID HMAC                           ~ =
    |
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
<---+
>>>>>> |         PKT-AD Length         |         PKT HMAC ID           =
|\
>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
|
>>>>>> ~                            PKT HMAC                           ~ =
PKT-AD
>>>>>> =
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>>>>=20
>>>>>>                   LISP-SEC Map-Reply Authentication Data
>>>>>>=20
>>>>>>       AD Type: 1 (LISP-SEC Authentication Data)
>>>>> Shouldn=E2=80=99t this be a different value? This AD  format is =
different from the one described in section 5.1!
>>>>> Another reason to ask IANA for a registry=E2=80=A6.
>>>>=20
>>>> One is the LISP-SEC authentication data that applies to the ECM =
message (when S-bit =3D 1), the other is the LISP-SEC authentication =
data that applies to the Map-Reply (when S-bit =3D 1). =20
>>>>=20
>>>> Those are extensions of two different messages (ECM and map-reply), =
and they are both identified by an AD Type (that happens to be set to =
value 1 for both).=20
>>>=20
>>> This is not clear in the current text.
>>=20
>> Right. I have updated the text to clarify it. Together with the IANA =
disposition it should be clear now.=20
>>=20
>>=20
>>>=20
>>>>=20
>>>> Yes, the AD type space is different so we will need two IANA =
registries.=20
>>>>=20
>>>>=20
>>>> Question for the co-auhtors: should we change the name to 'ECM AD =
Type' and 'Map-Reply AD Type=E2=80=99?
>>>=20
>>> IMHO you have to, otherwise there will be always confusion=E2=80=A6.
>>=20
>> done.
>>=20
>>>=20
>>>>=20
>>>>=20
>>>>=20
>>>>>=20
>>>>>=20
>>>>>>       EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD =
MAY
>>>>>>       contain multiple EID-records.  Each EID-record is 4-byte =
long plus
>>>>>>       the length of the AFI-encoded EID-prefix.
>>>>>>=20
>>>>>>       KDF ID: Identifier of the Key Derivation Function used to =
derive
>>>>>>       MS-OTK.  See Section 5.7 for more details.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                 =
[Page 9]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>       Record Count: The number of records in this Map-Reply =
message.  A
>>>>>>       record is comprised of the portion of the packet that is =
labeled
>>>>>>       'Rec' above and occurs the number of times equal to Record =
Count.
>>>>>>=20
>>>>>>       Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>>=20
>>>>>>       EID HMAC ID: Identifier of the HMAC algorithm used to =
protect the
>>>>>>       integrity of the EID-AD.  See Section 5.7 for more details.
>>>>>>=20
>>>>>>       EID mask-len: Mask length for EID-prefix.
>>>>>>=20
>>>>>>       EID-AFI: Address family of EID-prefix according to =
[RFC5226].
>>>>>>=20
>>>>>>       EID-prefix: This field contains an EID-prefix that the =
destination
>>>>>>       ETR is authoritative for, and is the longest match for the
>>>>>>       requested EID.
>>>>>>=20
>>>>>>       EID HMAC: HMAC of the EID-AD, as computed by the =
Map-Server.
>>>>>>       Before computing the HMAC operation the EID HMAC field MUST =
be set
>>>>>>       to 0.  The HMAC covers the entire EID-AD.
>>>>>>=20
>>>>>>       PKT-AD Length: length (in bytes) of the Packet =
Authentication Data
>>>>>>       (PKT-AD).
>>>>>>=20
>>>>>>       PKT HMAC ID: Identifier of the HMAC algorithm used to =
protect the
>>>>>>       integrity of the Map-reply Location Data.
>>>>> =E2=80=9CLocation Data=E2=80=9D is something nowhere defined. Can =
you clarify what do you mean?
>>>>=20
>>>> we can just remove 'Location Data=E2=80=99
>>>=20
>>> OK.
>>>=20
>>>>=20
>>>>=20
>>>>>=20
>>>>>=20
>>>>>>       PKT HMAC: HMAC of the whole Map-Reply packet, including the =
LISP-
>>>>>>       SEC Authentication Data.  The scope of the authentication =
goes
>>>>>>       from the Map-Reply Type field to the PKT HMAC field =
included.
>>>>>>       Before computing the HMAC operation the PKT HMAC field MUST =
be set
>>>>>>       to 0.  See Section 5.8 for more details.
>>>>>>=20
>>>>>> 5.3.  Map-Register LISP-SEC Extentions
>>>>>>=20
>>>>>>    The second bit after the Type field in a Map-Register message =
is
>>>>>>    allocated as the S bit. =20
>>>>> I would better explain that this document is allocating a bit =
marked as reserved in 6830.
>>>>=20
>>>> Ok. We will need to reflect this in 6830bis as well.=20
>>>=20
>>> Sure
>>>=20
>>>=20
>>>>=20
>>>>> Furthermore, at the cost of being redundant, I would put the =
packet format highlighting the position of the bit so that there is no =
confusion whatsoever.
>>>>=20
>>>> We wanted to  explicitly avoid to include the format of messages =
when already defined in other documents,
>>>=20
>>> The S-bit is not defined in other documents. IMHO is important to =
have the visual aid of which exact bit your are talking about.
>>>=20
>> I've added text to clarify. I really prefer not to have the whole =
picture, but just refer to it.=20
>>=20
>> Considering that 6830 will evolve into 6830bis, eventually (with the =
next LISP-SEC) the reference will be updated in 6830bis. =20
>>=20
>>=20
>>>> so we point rather than copy. If we address this in 6830bis, the =
problem will be solved.=20
>>>=20
>>> You mentioned 6830bis several time, let me ask: Would you like to =
reference that document?
>>> In this case we have to hold this back until we have at least a =
stable version of that document.
>>> Then the RFC editor will hold this document back until that one is =
RFC, because of missing reference.
>>> Or you keep it this way and later on you make a ST version.
>>>=20
>>> Either way is fine for me.
>>=20
>> I think we should move this draft forward, without waiting for =
6830bis. Considering that this is security I expect the review process =
to last quite some time, so we can make progress without waiting for =
6830bis. Eventually even teh LISP-SEC RFC will be updated, and all will =
be good.=20
>>=20
>>>=20
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>=20
>>>>>> The S bit indicates to the Map-Server that
>>>>>>    the registering ETR is LISP-SEC enabled.  An ETR that supports =
LISP-
>>>>>>    SEC MUST set the S bit in its Map-Register messages.
>>>>>>=20
>>>>>> 5.4.  ITR Processing
>>>>>>=20
>>>>>>    Upon creating a Map-Request, the ITR generates a random =
ITR-OTK that
>>>>>>    is stored locally, together with the nonce generated as =
specified in
>>>>>>    [RFC6830].
>>>>>>=20
>>>>>>    The Map-Request MUST be encapsulated in an ECM, with the S-bit =
set to
>>>>>>    1, to indicate the presence of Authentication Data.  If the =
ITR and
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 10]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    the Map-Resolver are configured with a shared key,
>>>>> In section 4 you seem to suggest that this is not the only way to =
protect the OTK (see my comment).
>>>>> Here instead you suggest that a shared key is the only way.
>>>>=20
>>>>=20
>>>> Right. Here it says what to do IF there is a shared key, that is =
consistent with the SHOULD above.=20
>>>=20
>>> OK.
>>>=20
>>>>=20
>>>>=20
>>>>>>  the ITR-OTK
>>>>>>    confidentiality SHOULD be protected by wrapping the ITR-OTK =
with the
>>>>>>    algorithm specified by the OTK Encryption ID field.=20
>>>>> Not clear what this =E2=80=9CSHOULD=E2=80=9D refers to.
>>>>> IS the SHOULD related to the fact to encrypt the OTK? The ITR =
SHOULD encrypt.
>>>>> Or the choice of the algorithm? The ITR SHOULD use the algorithm =
specified by the OTK Encryption ID?
>>>>> The second case looks impossible since is the ITR is choosing the =
algorithm. May be the sentence can be rewritten.
>>>>=20
>>>> SHOULD refers to protecting the confidentiality of the ITR-OTK. =
Maybe the 'by' should be replaced by 'with=E2=80=99?
>>>=20
>>> Just drop the =E2=80=9Cby=E2=80=9D?
>>>=20
>>>=20
>>>>=20
>>>>>=20
>>>>> Similarly to previous comment: Why it is not a MUST?
>>>> Same as other SHOULD.=20
>>>>=20
>>>>=20
>>>>=20
>>>>>>  See Section 5.5
>>>>>>    for further details on OTK encryption.
>>>>>>=20
>>>>>>    The Requested HMAC ID field contains the suggested HMAC =
algorithm to
>>>>>>    be used by the Map-Server and the ETR to protect the integrity =
of the
>>>>>>    ECM Authentication data and of the Map-Reply.
>>>>>>=20
>>>>> What happens if the MS will choose a HMAC not supported by the ETR =
or the ITR?
>>>>> Can you clarify how to solve this situation or explain why this =
will never happen?
>>>>=20
>>>> This is described 5 paragraphs below:=20
>>>>=20
>>>> "
>>>> If the EID HMAC ID field does
>>>>    not match the Requested HMAC ID the ITR SHOULD discard the =
Map-Reply
>>>>    and send, at the first opportunity it needs to, a new =
Map-Request
>>>>    with a different Requested HMAC ID field, according to ITR's =
local
>>>>    policy. =20
>>>> "
>>>>=20
>>>=20
>>> What about the ETR?
>>=20
>> It's specified in 5.8, the ETR makes the same processing as the MS.=20=

>>=20
>> "If the ETR does not support the Requested HMAC ID, it uses a =
different algorithm and updates the PKT HMAC ID field accordingly. "=20
>>=20
>> Also the ETR doesn't process the AD computed by the MS, it just =
copies into the Map-Reply.=20
>>=20
>>=20
>>=20
>>>=20
>>>>=20
>>>>>=20
>>>>>>    The KDF ID field, specifies the suggested key derivation =
function to
>>>>>>    be used by the Map-Server to derive the MS-OTK.
>>>>>=20
>>>>> What happens if the MS will choose a KDF ID not supported by the =
ITR?
>>>>> Can you clarify how to solve this situation or explain why this =
will never happen?
>>>>=20
>>>> This is described a few paragraphs below:=20
>>>> "
>>>> If the KDF ID in the Map-Reply does not match the
>>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard the =
Map-
>>>>    Reply and send, at the first opportunity it needs to, a new Map-
>>>>    Request with a different KDF ID, according to ITR's...=20
>>>> "
>>>>=20
>>>=20
>>> This does not guarantee that the MS will reply with something the =
ITR understands=E2=80=A6.
>>=20
>> For some local ITR's policy it may not be guaranteed. It's a balance =
between reachability and security that the ITR will have to choose.=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>=20
>>>=20
>>>=20
>>>=20
>>>>>=20
>>>>>>    The EID-AD length is set to 4 bytes, since the Authentication =
Data
>>>>>>    does not contain EID-prefix Authentication Data, and the =
EID-AD
>>>>>>    contains only the KDF ID field.
>>>>>>=20
>>>>>>    In response to an encapsulated Map-Request that has the S-bit =
set, an
>>>>>>    ITR MUST receive a Map-Reply with the S-bit set, that includes =
an
>>>>>>    EID-AD and a PKT-AD.  If the Map-Reply does not include both =
ADs, the
>>>>>>    ITR MUST discard it.  In response to an encapsulated =
Map-Request with
>>>>>>    S-bit set to 0, the ITR expects a Map-Reply with S-bit set to =
0, and
>>>>>>    the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>>>> Why a =E2=80=9CSHOULD=E2=80=9D? If the Map-Request has S-bit=3D0 =
it mean that there is no AD, hence no OTK, how can the ITR decrypt the =
reply?????
>>>>> It MUST discard=E2=80=A6..
>>>>=20
>>>> If S-bit =3D 0 there's no Authentication Data. The Map-reply is in =
clear, and can be read.
>>>=20
>>> I am not sure you understood my point.
>>>=20
>>> You send a Map-Request with S=3D0, hence unenbcrypted. How can you =
possible receive a Map-Reply with S=3D1?
>>> How is it encrypted if the ITR did not provide any OTK?
>>=20
>> Misconfiguration, bugs? I was just trying to enumerate the behaviors =
of the ITR. There's probably something wrong, and the map-reply should =
be discarded. Still the mapping is readable, so an ITR favoring =
reachability may decide to use the mapping.=20
>>=20
>>>=20
>>>=20
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>> Here again the SHOULD leaves open to ITR local policy that can be =
strict (drop anything not authenticated) or loose (accept =
unauthenticated map-reply).=20
>>>>=20
>>>> There are use cases where LISP-SEC is not deployed everywhere, =
where the ITR might have to use loose policy.  =20
>>>>=20
>>>>=20
>>>>>=20
>>>>>=20
>>>>>>    Upon receiving a Map-Reply, the ITR must verify the integrity =
of both
>>>>>>    the EID-AD and the PKT-AD, and MUST discard the Map-Reply if =
one of
>>>>>>    the integrity checks fails.
>>>>>>=20
>>>>>>    The integrity of the EID-AD is verified using the locally =
stored ITR-
>>>>>>    OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>>>>    specified in the EID HMAC ID field.  If the EID HMAC ID field =
does
>>>>>>    not match the Requested HMAC ID the ITR SHOULD discard the =
Map-Reply
>>>>> Why is this a SHOULD? If it supports the HMAC Algorithm why not =
decrypt? Shouldn=E2=80=99t this be a =E2=80=9CMAY=E2=80=9D, according to =
internal policy?
>>>>=20
>>>> because this could be used by an attacker to force weaker HMACs =
(e.g. MD5).
>>>=20
>>> OK
>>>=20
>>>> The SHOULD leaves open the door to not discarding, according to =
local policy.=20
>>>>=20
>>>>=20
>>>=20
>>> OK.
>>>=20
>>>=20
>>>>=20
>>>>=20
>>>>>>    and send, at the first opportunity it needs to, a new =
Map-Request
>>>>>>    with a different Requested HMAC ID field, according to ITR's =
local
>>>>>>    policy.  The ITR MUST set the EID HMAC ID field to 0 before =
computing
>>>>>>    the HMAC.
>>>>> Shouldn=E2=80=99t the MS do the same thing? Otherwise different =
values will be obtained. This is not specified in the MS functioning =
description.
>>>>=20
>>>> good catch. Actually it's a typo here, the EID HMAC field should be =
set to 0 (that is consistent with section 5.7), not the EID HMAC ID that =
should not be touched.=20
>>>>=20
>>>=20
>>> OK
>>>>=20
>>>> The ITR MUST set the EID HMAC ID field to 0 before computing
>>>>    the HMAC.
>>>>=20
>>>> should change to=20
>>>>=20
>>>> The scope of the HMAC operation covers the
>>>>    entire EID-AD, from the EID-AD Length field to the EID HMAC =
field,
>>>>    which must be set to 0 before the computation.
>>>>>>    To verify the integrity of the PKT-AD, first the MS-OTK is =
derived
>>>>>>    from the locally stored ITR-OTK using the algorithm specified =
in the
>>>>>>    KDF ID field.  This is because the PKT-AD is generated by the =
ETR
>>>>>>    using the MS-OTK.  If the KDF ID in the Map-Reply does not =
match the
>>>>>>    KDF ID requested in the Map-Request, the ITR SHOULD discard =
the Map-
>>>>>>    Reply and send, at the first opportunity it needs to, a new =
Map-
>>>>>>    Request with a different KDF ID, according to ITR's local =
policy.
>>>>>>    The derived MS-OTK is then used to re-compute the HMAC of the =
PKT-AD
>>>>>>    using the Algorithm specified in the PKT HMAC ID field.  If =
the PKT
>>>>>>    HMAC ID field does not match the Requested HMAC ID the ITR =
SHOULD
>>>>>>    discard the Map-Reply and send, at the first opportunity it =
needs to,
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 11]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    a new Map-Request with a different Requested HMAC ID according =
to
>>>>>>    ITR's local policy.
>>>>>>=20
>>>>>>    Each individual Map-Reply EID-record is considered valid only =
if: (1)
>>>>>>    both EID-AD and PKT-AD are valid, and (2) the intersection of =
the
>>>>>>    EID-prefix in the Map-Reply EID-record with one of the =
EID-prefixes
>>>>>>    contained in the EID-AD is not empty.  After identifying the =
Map-
>>>>>>    Reply record as valid, the ITR sets the EID-prefix in the =
Map-Reply
>>>>>>    record to the value of the intersection set computed before, =
and adds
>>>>>>    the Map-Reply EID-record to its EID-to-RLOC cache, as =
described in
>>>>>>    [RFC6830].  An example of Map-Reply record validation is =
provided in
>>>>>>    Section 5.4.1.
>>>>>>=20
>>>>>>    The ITR SHOULD send SMR triggered Map-Requests over the =
mapping
>>>>>>    system in order to receive a secure Map-Reply. =20
>>>>> I do not understand this =E2=80=9CSHOULD=E2=80=9D.  This has =
consequences in the choice how to react to SMR. This is a local policy.
>>>>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than =
SMR triggered Map-Request MUST be sent through the mapping system.
>>>=20
>>>> so the _if_ is what makes that MUST a SHOULD... According to local =
policy the ITR SHOULD send the SMR.
>>>=20
>>> I read the sentence in this way:
>>>=20
>>> 	In order to received a secure Map-Reply, the ITR MUST send SMR =
triggered Map-Requests over the mapping system.
>>>=20
>>> No?
>>=20
>> I see what you are saying. I'll rephrase as:=20
>>=20
>> If an ITR accepts piggybacked Map-Replies, it SHOULD also send a =
Map-Request over the mapping system in order to verify the piggybacked =
Map-Reply with a secure Map-Reply.=20
>>=20
>>=20
>>=20
>>=20
>>>=20
>>>>>> If an ITR accepts
>>>>>>    piggybacked Map-Replies, it SHOULD also send a Map-Request =
over the
>>>>>>    mapping system in order to securely verify the piggybacked =
Map-Reply.
>>>>> Same as above.
>>>>>> 5.4.1.  Map-Reply Record Validation
>>>>>>=20
>>>>>>    The payload of a Map-Reply may contain multiple EID-records.  =
The
>>>>>>    whole Map-Reply is signed by the ETR, with the PKT HMAC, to =
provide
>>>>>>    integrity protection and origin authentication to the =
EID-prefix
>>>>>>    records claimed by the ETR.  The Authentication Data field of =
a Map-
>>>>>>    Reply may contain multiple EID-records in the EID-AD.  The =
EID-AD is
>>>>>>    signed by the Map-Server, with the EID HMAC, to provide =
integrity
>>>>>>    protection and origin authentication to the EID-prefix records
>>>>>>    inserted by the Map-Server.
>>>>>>=20
>>>>>>    Upon receiving a Map-Reply with the S-bit set, the ITR first =
checks
>>>>>>    the validity of both the EID HMAC and of the PKT-AD HMAC.  If =
either
>>>>>>    one of the HMACs is not valid, a log message is issued and the =
Map-
>>>>>>    Reply is not processed any further. =20
>>>>> I think =E2=80=9Clog message" is too much implementation specific.=20=

>>>>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
>>>> Ok. 'a log message is issued' will change to 'a log action should =
be taken'. The point is that there could be an attack behind it, and we =
want to record the event
>>>=20
>>> OK
>>>=20
>>>>>> If both HMACs are valid, the ITR
>>>>>>    proceeds with validating each individual EID-record claimed by =
the
>>>>>>    ETR by computing the intersection of each one of the =
EID-prefix
>>>>>>    contained in the payload of the Map-Reply with each one of the =
EID-
>>>>>>    prefixes contained in the EID-AD.  An EID-record is valid only =
if at
>>>>>>    least one of the intersections is not the empty set.
>>>>>>=20
>>>>>>    For instance, the Map-Reply payload contains 3 mapping record =
EID-
>>>>>>    prefixes:
>>>>>>=20
>>>>>>       1.1.1.0/24
>>>>>>=20
>>>>>>       1.1.2.0/24
>>>>>>=20
>>>>>>       1.2.0.0/16
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 12]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    The EID-AD contains two EID-prefixes:
>>>>>>=20
>>>>>>       1.1.2.0/24
>>>>>>=20
>>>>>>       1.2.3.0/24
>>>>>>=20
>>>>>>    The EID-record with EID-prefix 1.1.1.0/24 is not processed =
since it
>>>>>>    is not included in any of the EID-ADs signed by the =
Map-Server.  A
>>>>>>    log message is issued.
>>>>> I think =E2=80=9Clog message" is too much implementation specific.=20=

>>>>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
>>>> ok. Same as above.
>>>>>=20
>>>>>>    The EID-record with EID-prefix 1.1.2.0/24 is stored in the =
map-cache
>>>>>>    because it matches the second EID-prefix contained in the =
EID-AD.
>>>>>>=20
>>>>>>    The EID-record with EID-prefix 1.2.0.0/16 is not processed =
since it
>>>>>>    is not included in any of the EID-ADs signed by the =
Map-Server.  A
>>>>>>    log message is issued.
>>>>> I think =E2=80=9Clog message" is too much implementation specific.=20=

>>>>> If there is a notification, and how this notification is done, is =
implementation specific IMHO.
>>>> ok. Same as above
>>>>>=20
>>>>>>   In this last example the ETR is trying to
>>>>>>    over claim the EID-prefix 1.2.0.0/16, but the Map-Server =
authorized
>>>>>>    only 1.2.3.0/24, hence the EID-record is discarded.
>>>>> Reading the example I am not sure I would follow this behaviour.
>>>>> Only 1 record out of 3 is valid so why should I actually trust the =
ETR instead of throwing everything away?
>>>>> Can you explain ???
>>>> The other two records are validated by the MS, so there is no =
reason to throw those away.
>>>=20
>>> Yes, but the ETR is still trying to cheat on the third one=E2=80=A6.
>>> So the ETR may be compromised, why should I send traffic to him???
>>=20
>> ITR has flagged the security exception with the log entry, and some =
local ITR policy will decide what to do (including stop encapsulating to =
the ETR, if that's what is specified by the policy).  At the LISP level =
LISP-SEC has done its job: verified mapping  goes into the map-cache, =
overclaimed mapping is dropped.=20
>>=20
>>=20
>>>=20
>>>=20
>>>>>> 5.4.2.  PITR Processing
>>>>>>=20
>>>>>>    The processing performed by a PITR is equivalent to the =
processing of
>>>>>>    an ITR.  However, if the PITR is directly connected to the =
ALT,=20
>>>>> This would be LISP+ALT. Pleas add a reference to 6836.
>>>> ok.
>>>>>=20
>>>>>> the
>>>>>>    PITR performs the functions of both the ITR and the =
Map-Resolver
>>>>>>    forwarding the Map-Request encapsulated in an ECM header that
>>>>>>    includes the Authentication Data fields as described in =
Section 5.6.
>>>>>>=20
>>>>>> 5.5.  Encrypting and Decrypting an OTK
>>>>>>=20
>>>>>>    MS-OTK confidentiality is required in the path between the =
Map-Server
>>>>>>    and the ETR, the MS-OTK SHOULD
>>>>> If confidentiality is required why there is not a MUST?
>>>> Same.
>>>>>=20
>>>>>>  be encrypted using the preconfigured
>>>>>>    key shared between the Map-Server and the ETR for the purpose =
of
>>>>>>    securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>>>>    confidentiality is required in the path between the ITR and =
the Map-
>>>>>>    Resolver, the ITR-OTK SHOULD=20
>>>>> Again, if confidentiality is required why there is not a MUST?
>>>> Same.
>>>>>=20
>>>>>> be encrypted with a key shared between
>>>>>>    the ITR and the Map-Resolver.
>>>>>>=20
>>>>>>    The OTK is encrypted using the algorithm specified in the OTK
>>>>>>    Encryption ID field.  When the AES Key Wrap algorithm is used =
to
>>>>>>    encrypt a 128-bit OTK, according to [RFC3339],
>>>>> The correct RFC is 3394.
>>>> ok.
>>>>>=20
>>>>>>  the AES Key Wrap
>>>>>>    Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 =
bits).
>>>>>>    The output of the AES Key Wrap operation is 192-bit long.  The =
most
>>>>>>    significant 64-bit are copied in the One-Time Key Preamble =
field,
>>>>>>    while the 128 less significant bits are copied in the One-Time =
Key
>>>>>>    field of the LISP-SEC Authentication Data.
>>>>>>=20
>>>>>>    When decrypting an encrypted OTK the receiver MUST verify that =
the
>>>>>>    Initialization Value resulting from the AES Key Wrap =
decryption
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 13]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    operation is equal to 0xA6A6A6A6A6A6A6A6.  If this =
verification fails
>>>>>>    the receiver MUST discard the entire message.
>>>>>>=20
>>>>>>    When a 128-bit OTK is sent unencrypted the OTK Encryption ID =
is set
>>>>>>    to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>>>>    0x0000000000000000 (64 bits).
>>>>>>=20
>>>>>> 5.6.  Map-Resolver Processing
>>>>>>=20
>>>>>>    Upon receiving an encapsulated Map-Request with the S-bit set, =
the
>>>>>>    Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>>>>    encrypted, is decrypted as specified in Section 5.5.
>>>>>>=20
>>>>>>    The Map-Resolver, as specified in [RFC6833], originates a new =
ECM
>>>>>>    header with the S-bit set, that contains the unencrypted =
ITR-OTK, as
>>>>>>    specified in Section 5.5, and the other data derived from the =
ECM
>>>>>>    Authentication Data of the received encapsulated Map-Request.
>>>>> Few points on this last paragraph:
>>>>> - You assume that there is no need of confidentiality inside the =
Mapping System?
>>>>> - Why not stating that encryption inside the mapping system is =
mapping system specify and out of scope of this document?
>>>> ok. as it was pointed out above.
>>>>>=20
>>>>> - Why are you assuming that all of the Mapping system will use =
ECM? Future Mapping system may use soemthos different. The important =
point is to ship the AD along.
>>>> good point, and I agree with your suggestion to fix this below.
>>>>>=20
>>>>>>    The Map-Resolver then forwards
>>>>> to whom?
>>>> ok. add 'to the Map-Server'
>>>>>=20
>>>>>>  the received Map-Request, encapsulated
>>>>>>    in the new ECM header that includes the newly computed =
Authentication
>>>>>>    Data fields.
>>>>> As for my comment of the previous paragraph I would be more =
generic stating that the MR will hand over the request to the mapping =
system.
>>>>> You can still provide the example of DDT using ECM.
>>>> right.
>>>>>=20
>>>>>> 5.7.  Map-Server Processing
>>>>>>=20
>>>>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit =
set,
>>>>>>    the Map-Server process the Map-Request according to the value =
of the
>>>>>>    S-bit contained in the Map-Register sent by the ETR during
>>>>>>    registration.
>>>>>>=20
>>>>>>    If the S-bit contained in the Map-Register was clear the =
Map-Server
>>>>>>    decapsulates the ECM and generates a new ECM encapsulated =
Map-Request
>>>>>>    that does not contain an ECM Authentication Data, as specified =
in
>>>>>>    [RFC6830].  The Map-Server does not perform any further =
LISP-SEC
>>>>>>    processing.
>>>>> This equivalent to not using LISP-SEC. Please specify that the =
Map-Reply will be not protected.
>>>> ok.
>>>>>=20
>>>>>>    If the S-bit contained in the Map-Register was set the =
Map-Server
>>>>>>    decapsulates the ECM and generates a new ECM Authentication =
Data.
>>>>>>    The Authentication Data includes the OTK-AD and the EID-AD, =
that
>>>>>>    contains EID-prefix authorization information, that are =
ultimately
>>>>>>    sent to the requesting ITR.
>>>>>>=20
>>>>>>    The Map-Server updates the OTK-AD by deriving a new OTK =
(MS-OTK) from
>>>>>>    the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>>>    applying the key derivation function specified in the KDF ID =
field.
>>>>>>    If the algorithm specified in the KDF ID field is not =
supported, the
>>>>>>    Map-Server uses a different algorithm to derive the key and =
updates
>>>>>>    the KDF ID field accordingly.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 14]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    The Map-Server and the ETR MUST be configured with a shared =
key for
>>>>>>    mapping registration according to [RFC6833].  If MS-OTK
>>>>>>    confidentiality is required, then the MS-OTK SHOULD be =
encrypted,
>>>>> Again, if confidentiality is required why there is not a MUST?
>>>> same as above.
>>>>>=20
>>>>>>  by
>>>>>>    wrapping the MS-OTK with the algorithm specified by the OTK
>>>>>>    Encryption ID field as specified in Section 5.5.
>>>>>>=20
>>>>>>    The Map-Server includes in the EID-AD the longest match =
registered
>>>>>>    EID-prefix for the destination EID, and an HMAC of this =
EID-prefix.
>>>>>>    The HMAC is keyed with the ITR-OTK contained in the received =
ECM
>>>>>>    Authentication Data, and the HMAC algorithm is chosen =
according to
>>>>>>    the Requested HMAC ID field.  If The Map-Server does not =
support this
>>>>>>    algorithm, the Map-Server uses a different algorithm and =
specifies it
>>>>>>    in the EID HMAC ID field.  The scope of the HMAC operation =
covers the
>>>>>>    entire EID-AD, from the EID-AD Length field to the EID HMAC =
field,
>>>>>>    which must be set to 0 before the computation.
>>>>>>=20
>>>>>>    The Map-Server then forwards the updated ECM encapsulated Map-
>>>>>>    Request, that contains the OTK-AD, the EID-AD, and the =
received Map-
>>>>>>    Request to an authoritative ETR as specified in [RFC6830].
>>>>>>=20
>>>>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>>>>=20
>>>>>>    If the Map-Server is in proxy mode, it generates a Map-Reply, =
as
>>>>>>    specified in [RFC6830], with the S-bit set to 1.  The =
Map-Reply
>>>>>>    includes the Authentication Data that contains the EID-AD, =
computed
>>>>>>    as specified in Section 5.7, as well as the PKT-AD computed as
>>>>>>    specified in Section 5.8.
>>>>>>=20
>>>>>> 5.8.  ETR Processing
>>>>>>=20
>>>>>>    Upon receiving an ECM encapsulated Map-Request with the S-bit =
set,
>>>>>>    the ETR decapsulates the ECM message.  The OTK field, if =
encrypted,
>>>>>>    is decrypted as specified in Section 5.5 to obtain the =
unencrypted
>>>>>>    MS-OTK.
>>>>>>=20
>>>>>>    The ETR then generates a Map-Reply as specified in [RFC6830] =
and
>>>>>>    includes the Authentication Data that contains the EID-AD, as
>>>>>>    received in the encapsulated Map-Request, as well as the =
PKT-AD.
>>>>>>=20
>>>>>>    The EID-AD is copied from the Authentication Data of the =
received
>>>>>>    encapsulated Map-Request.
>>>>>>=20
>>>>>>    The PKT-AD contains the HMAC of the whole Map-Reply packet, =
keyed
>>>>>>    with the MS-OTK and computed using the HMAC algorithm =
specified in
>>>>>>    the Requested HMAC ID field of the received encapsulated =
Map-Request.
>>>>>>    If the ETR does not support the Requested HMAC ID, it uses a
>>>>>>    different algorithm and updates the PKT HMAC ID field =
accordingly.
>>>>>>    The scope of the HMAC operation covers the entire PKT-AD, from =
the
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 15]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    Map-Reply Type field to the PKT HMAC field, which must be set =
to 0
>>>>>>    before the computation.
>>>>>>=20
>>>>>>    Finally the ETR sends the Map-Reply to the requesting ITR as
>>>>>>    specified in [RFC6830].
>>>>>>=20
>>>>>> 6.  Security Considerations
>>>>>>=20
>>>>>> 6.1.  Mapping System Security
>>>>>>=20
>>>>>>    The LISP-SEC threat model described in Section 3, assumes that =
the
>>>>>>    LISP Mapping System is working properly and eventually =
delivers Map-
>>>>>>    Request messages to a Map-Server that is authoritative for the
>>>>>>    requested EID.
>>>>>>=20
>>>>> As for a previous comment, can you elaborate if OTK =
confidentiality is required in the mapping system and what are the =
consequences?
>>>> ok.
>>>>>=20
>>>>>>    Map-Register security, including the right for a LISP entity =
to
>>>>>>    register an EID-prefix or to claim presence at an RLOC, is out =
of the
>>>>>>    scope of LISP-SEC.
>>>>>>=20
>>>>>> 6.2.  Random Number Generation
>>>>>>=20
>>>>>>    The ITR-OTK MUST be generated by a properly seeded =
pseudo-random (or
>>>>>>    strong random) source.  See [RFC4086] for advice on generating
>>>>>>    security-sensitive random data
>>>>>>=20
>>>>>> 6.3.  Map-Server and ETR Colocation
>>>>>>=20
>>>>>>    If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>>>>    provide protection from overclaiming attacks mounted by the =
ETR.
>>>>>>    However, in this particular case, since the ETR is within the =
trust
>>>>>>    boundaries of the Map-Server, ETR's overclaiming attacks are =
not
>>>>>>    included in the threat model.
>>>>>>=20
>>>>>> 7.  IANA Considerations
>>>>> This section is not conform to RFC 5226.
>>>>> There right way to go is to ask IANA to create three new =
registries, for HMAC, Key Wrap, and Key Derivation functions.
>>>>> Define what is the allocation process (in light of the size of the =
field FCFS should not cause any problem IMHO)
>>>>> Then ask to populate the registries as already described.
>>>> Ok, so each one of the sections 7.x will say: IANA is requested to =
create a new <registry-name>  registry for use =E2=80=A6
>>>=20
>>> There is slightly more text to add.
>>=20
>> right. I have added more. I'm almost ready to send a new rev. =20
>>=20
>>>=20
>>>=20
>>>>>> 7.1.  HMAC functions
>>>>>>=20
>>>>>>    The following HMAC ID values are defined by this memo for use =
as
>>>>>>    Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the =
LISP-SEC
>>>>>>    Authentication Data:
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 16]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>              Name                     Number        Defined In
>>>>>>              -------------------------------------------------
>>>>>>              NONE                     0
>>>>>>              AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>>>>>              AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>>>>>=20
>>>>>>              values 2-65535 are reserved to IANA.
>>>>>>=20
>>>>>>                               HMAC Functions
>>>>>>=20
>>>>>>    AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 =
should be
>>>>>>    supported.
>>>>>>=20
>>>>>> 7.2.  Key Wrap Functions
>>>>>>=20
>>>>>>    The following OTK Encryption ID values are defined by this =
memo for
>>>>>>    use as OTK key wrap algorithms ID in the LISP-SEC =
Authentication
>>>>>>    Data:
>>>>>>=20
>>>>>>              Name                     Number        Defined In
>>>>>>              -------------------------------------------------
>>>>>>              NULL-KEY-WRAP-128        1
>>>>>>              AES-KEY-WRAP-128         2             [RFC3394]
>>>>>>=20
>>>>>>              values 0 and 3-65535 are reserved to IANA.
>>>>>>=20
>>>>>>                             Key Wrap Functions
>>>>>>=20
>>>>>>    NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>>>>=20
>>>>>>    NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, =
with a
>>>>>>    64-bit preamble set to 0x0000000000000000 (64 bits).
>>>>>>=20
>>>>>> 7.3.  Key Derivation Functions
>>>>>>=20
>>>>>>    The following KDF ID values are defined by this memo for use =
as KDF
>>>>>>    ID in the LISP-SEC Authentication Data:
>>>>>>=20
>>>>>>              Name                     Number        Defined In
>>>>>>              -------------------------------------------------
>>>>>>              NONE                     0
>>>>>>              HKDF-SHA1-128            1             [RFC5869]
>>>>>>=20
>>>>>>              values 2-65535 are reserved to IANA.
>>>>>>=20
>>>>>>                          Key Derivation Functions
>>>>>>=20
>>>>>>    HKDF-SHA1-128 MUST be supported
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 17]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>> 8.  Acknowledgements
>>>>>>=20
>>>>>>    The authors would like to acknowledge Pere Monclus, Dave =
Meyer, Dino
>>>>>>    Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon =
Curt
>>>>>>    Noll for their valuable suggestions provided during the =
preparation
>>>>>>    of this document.
>>>>>>=20
>>>>>> 9.  Normative References
>>>>> Please Check your reference, this is the output if the nits tool:
>>>>> Checking references for intended status: Experimental
>>>>>   =
--------------------------------------------------------------------------=
--
>>>>>   =3D=3D Missing Reference: 'RFC3339' is mentioned on line 602, =
but not defined
>>>>>   =3D=3D Missing Reference: 'RFC4634' is mentioned on line 752, =
but not defined
>>>>>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC =
6234)
>>>> ok.
>>>>>=20
>>>>>>    [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: =
Keyed-
>>>>>>               Hashing for Message Authentication", RFC 2104,
>>>>>>               DOI 10.17487/RFC2104, February 1997,
>>>>>>               <http://www.rfc-editor.org/info/rfc2104 =
<http://www.rfc-editor.org/info/rfc2104>>.
>>>>>>=20
>>>>>>    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>>>>               Requirement Levels", BCP 14, RFC 2119,
>>>>>>               DOI 10.17487/RFC2119, March 1997,
>>>>>>               <http://www.rfc-editor.org/info/rfc2119 =
<http://www.rfc-editor.org/info/rfc2119>>.
>>>>>>=20
>>>>>>    [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption =
Standard
>>>>>>               (AES) Key Wrap Algorithm", RFC 3394, DOI =
10.17487/RFC3394,
>>>>>>               September 2002, =
<http://www.rfc-editor.org/info/rfc3394 =
<http://www.rfc-editor.org/info/rfc3394>>.
>>>>>>=20
>>>>>>    [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>>>>               "Randomness Requirements for Security", BCP 106, =
RFC 4086,
>>>>>>               DOI 10.17487/RFC4086, June 2005,
>>>>>>               <http://www.rfc-editor.org/info/rfc4086 =
<http://www.rfc-editor.org/info/rfc4086>>.
>>>>>>=20
>>>>>>    [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for =
Writing an
>>>>>>               IANA Considerations Section in RFCs", BCP 26, RFC =
5226,
>>>>>>               DOI 10.17487/RFC5226, May 2008,
>>>>>>               <http://www.rfc-editor.org/info/rfc5226 =
<http://www.rfc-editor.org/info/rfc5226>>.
>>>>>>=20
>>>>>>    [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based =
Extract-and-Expand
>>>>>>               Key Derivation Function (HKDF)", RFC 5869,
>>>>>>               DOI 10.17487/RFC5869, May 2010,
>>>>>>               <http://www.rfc-editor.org/info/rfc5869 =
<http://www.rfc-editor.org/info/rfc5869>>.
>>>>>>=20
>>>>>>    [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, =
"The
>>>>>>               Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>>>>               DOI 10.17487/RFC6830, January 2013,
>>>>>>               <http://www.rfc-editor.org/info/rfc6830 =
<http://www.rfc-editor.org/info/rfc6830>>.
>>>>>>=20
>>>>>>    [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>>>>               Protocol (LISP) Map-Server Interface", RFC 6833,
>>>>>>               DOI 10.17487/RFC6833, January 2013,
>>>>>>               <http://www.rfc-editor.org/info/rfc6833 =
<http://www.rfc-editor.org/info/rfc6833>>.
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 18]
>>>>>> =0C
>>>>>> Internet-Draft                  LISP-SEC                    =
October 2016
>>>>>>=20
>>>>>>=20
>>>>>>    [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, =
"Locator/ID
>>>>>>               Separation Protocol (LISP) Threat Analysis", RFC =
7835,
>>>>>>               DOI 10.17487/RFC7835, April 2016,
>>>>>>               <http://www.rfc-editor.org/info/rfc7835 =
<http://www.rfc-editor.org/info/rfc7835>>.
>>>>>>=20
>>>>>> Authors' Addresses
>>>>>>=20
>>>>>>    Fabio Maino
>>>>>>    Cisco Systems
>>>>>>    170 Tasman Drive
>>>>>>    San Jose, California  95134
>>>>>>    USA
>>>>>>=20
>>>>>>    Email: fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>>>>=20
>>>>>>=20
>>>>>>    Vina Ermagan
>>>>>>    Cisco Systems
>>>>>>    170 Tasman Drive
>>>>>>    San Jose, California  95134
>>>>>>    USA
>>>>>>=20
>>>>>>    Email: vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>>>>=20
>>>>>>=20
>>>>>>    Albert Cabellos
>>>>>>    Technical University of Catalonia
>>>>>>    c/ Jordi Girona s/n
>>>>>>    Barcelona  08034
>>>>>>    Spain
>>>>>>=20
>>>>>>    Email: acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>>>>=20
>>>>>>=20
>>>>>>    Damien Saucez
>>>>>>    INRIA
>>>>>>    2004 route des Lucioles - BP 93
>>>>>>    Sophia Antipolis
>>>>>>    France
>>>>>>=20
>>>>>>    Email: damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>>=20
>>>>>> Maino, et al.             Expires April 6, 2017                =
[Page 19]
>>>>=20
>>>=20
>>=20
>=20
> <Diff_ draft-ietf-lisp-sec-11.txt - =
draft-ietf-lisp-sec-12a.txt.html><draft-ietf-lisp-sec-12a.txt>


--Apple-Mail=_18803CD6-3ED4-4CAB-BF74-3F75F9A1A8AC
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" =
class=3D"">Hi Fabio,<div class=3D""><br class=3D""></div><div =
class=3D"">thanks.</div><div class=3D""><br class=3D""></div><div =
class=3D"">I you don=E2=80=99t mind I prefer that we converge first (see =
other reply).&nbsp;</div><div class=3D"">So that I have to check only =
one final update.<div class=3D""><br class=3D""></div><div =
class=3D"">ciao</div><div class=3D""><br class=3D""></div><div =
class=3D"">L.</div><div class=3D""><br class=3D""></div><div =
class=3D""><br class=3D""><div><blockquote type=3D"cite" class=3D""><div =
class=3D"">On 26 Oct 2016, at 06:07, Fabio Maino &lt;<a =
href=3D"mailto:fmaino@cisco.com" class=3D"">fmaino@cisco.com</a>&gt; =
wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D"">
 =20
    <meta content=3D"text/html; charset=3Dutf-8" =
http-equiv=3D"Content-Type" class=3D"">
 =20
  <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
    <div class=3D"moz-cite-prefix">Ciao Luigi, <br class=3D"">
      here is the updated draft and the diff from -11. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      Thanks,<br class=3D"">
      Fabio<br class=3D"">
      <br class=3D"">
      <br class=3D"">
      On 10/25/16 5:14 PM, Fabio Maino wrote:<br class=3D"">
    </div>
    <blockquote =
cite=3D"mid:37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com" type=3D"cite" =
class=3D"">
      <meta content=3D"text/html; charset=3Dutf-8" =
http-equiv=3D"Content-Type" class=3D"">
      <div class=3D"moz-cite-prefix">Hi Luigi, <br class=3D"">
        below are more replies skipping the ones we agreed already.
        Looks like we are converging... <br class=3D"">
        <br class=3D"">
        <br class=3D"">
        wrt to 6830bis, I think we should not wait. I suspect the
        security review of the document will take some time, so we can
        do some progress in parallel to 6830bis. <br class=3D"">
        <br class=3D"">
        We will have to do a LISP-SECbis afterwards, but that should be
        simple. <br class=3D"">
        <br class=3D"">
        Please, see below. <br class=3D"">
        <br class=3D"">
        <br class=3D"">
        <br class=3D"">
        <br class=3D"">
        On 10/24/16 3:02 AM, Luigi Iannone wrote:<br class=3D"">
      </div>
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <meta http-equiv=3D"Content-Type" content=3D"text/html;
          charset=3Dutf-8" class=3D"">
        Hi Fabio,
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">se my comment inline.&nbsp;</div>
        <div class=3D"">(I do not consider the points we agree and
          everything related to the =E2=80=9CSHOULD=E2=80=9D =
clarification)</div>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">Thanks for your work</div>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">Ciao</div>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D"">L.</div>
        <div class=3D""><br class=3D"">
        </div>
        <div class=3D""><br class=3D"">
          <div class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">On 22 Oct 2016, at 01:23, Fabio Maino =
&lt;<a moz-do-not-send=3D"true" href=3D"mailto:fmaino@cisco.com" =
class=3D"">fmaino@cisco.com</a>&gt; wrote:</div>
              <br class=3D"Apple-interchange-newline">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <div class=3D"moz-cite-prefix">Ciao Luigi, <br =
class=3D"">
                    below I have replied to each comment. I'm working to
                    the updated text, that I will send as soon as it is
                    ready. ideally we might be able to publish a new
                    version before draft deadline. <br class=3D"">
                  </div>
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">Excellent. Thanks</div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <div class=3D"moz-cite-prefix"> <br class=3D"">
                    Just a note on the most recurring comment: SHOULD
                    vs. MUST. <br class=3D"">
                    <br class=3D"">
                    The use of SHOULD across the document is according
                    to RFC 2119: <br class=3D"">
                    <br class=3D"">
                    <pre style=3D"font-size: 13.3333px; margin-top: 0px; =
margin-bottom: 0px; font-style: normal; font-variant-ligatures: normal; =
font-variant-caps: normal; font-weight: normal; letter-spacing: normal; =
orphans: 2; text-align: start; text-indent: 0px; text-transform: none; =
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;" =
class=3D""><span class=3D"h2" style=3D"line-height: 0pt; display: =
inline; white-space: pre; font-family: monospace; font-size: 1em; =
font-weight: bold;"><h2 style=3D"line-height: 0pt; display: inline; =
white-space: pre; font-family: monospace; font-size: 1em; font-weight: =
bold;" class=3D"">SHOULD  </h2></span> This word, or the adjective =
"RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.</pre>
                    <br class=3D"">
                    <br class=3D"">
                    There are use cases where, carefully weighing the
                    implications, some of the security services of
                    LISP-SEC can be turned-off. We want to leave
                    implementors the freedom to allow this flexibility.
                    <br class=3D"">
                    <br class=3D"">
                    For example, in a DC deployment it may make sense to
                    turn off OTK decryption between XTR and MS/MR, as
                    MiTM is very unlikely. <br class=3D"">
                    <br class=3D"">
                    Similarly, an ITR may decide to implement a loose
                    policy on accepting an AD authenticated with an
                    algorithm different from the preferred
                    authentication algorithm expressed by the ITR. Using
                    a MUST would force support of a given authentication
                    algorithm across each and every MS and ETR, that
                    might not be the case when incrementally deploying
                    LISP-SEC (or while upgrading routers). <br class=3D"">=

                    <br class=3D"">
                    Using a MUST would prevent this flexibility, that we
                    would like to leave to the implementors. <br =
class=3D"">
                    <br class=3D"">
                    <br class=3D"">
                    <br class=3D"">
                  </div>
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">This is fixed as for the suggestion of Joel. =
Thanks.</div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <div class=3D"moz-cite-prefix"> <br class=3D"">
                    <br class=3D"">
                    On 10/19/16 8:06 AM, Luigi Iannone wrote:<br =
class=3D"">
                  </div>
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">Dear Authors of the LISP-SEC =
document,</div>
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D"">hereafter my review of the =
document.</div>
                    <div class=3D"">This was long overdue, sorry for =
being
                      so late.</div>
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D"">I really like the solution and the
                      majority of my comments are just clarification
                      questions.</div>
                    <div class=3D"">Let me know if my comments are =
clear.</div>
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D"">ciao</div>
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D"">L.</div>
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D""><br class=3D"">
                    </div>
                    <blockquote type=3D"cite" class=3D"">
                      <div class=3D"">
                        <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre>
                      </div>
                    </blockquote>
                    I find the above sentence confusing. Wouldn=E2=80=99t =
be
                    better to specify that we are talking about IP
                    addresses?</blockquote>
                  <br class=3D"">
                  That's how LISP is described in RFC6830, section 1. If
                  you start using the term IP address then you need to
                  qualify if you are talking about Identity-IP or
                  Locator-IP, so the sentence gets complicated pretty
                  quickly. <br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">Not really. The very first sentence of the =
abstract of
              6830 states:</div>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">
              <pre style=3D"font-size: 13.333333015441895px; margin-top: =
0px; margin-bottom: 0px;" class=3D"">This document describes a =
network-layer-based protocol that enables
   separation of IP addresses into two new numbering spaces: Endpoint
   Identifiers (EIDs) and Routing Locators (RLOCs). </pre>
              <div class=3D""><br class=3D"">
              </div>
              <div class=3D""><br class=3D"">
              </div>
              <div class=3D"">So clearly speaks about IP address.</div>
              <div class=3D"">Furthermore =E2=80=9Croutable" en =E2=80=9Cn=
on routable=E2=80=9D is
                true only in the inter-domain point of view, because EID
                are locally routable.</div>
              <div class=3D"">Note that 6830 does not specify in the =
first
                sentence what is routable and what is not.</div>
            </div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      ok, fixed with text from 6830. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D"">
              <div class=3D""><br class=3D"">
              </div>
              <div class=3D""><br class=3D"">
              </div>
            </div>
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> I =
would
                  leave this one unchanged.<br class=3D"">
                </div>
              </div>
            </blockquote>
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                    </div>
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">If these EID-to-RLOC mappings, =
carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre>
                        </div>
                      </blockquote>
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D"">I would put s forward reference to
                        section 3 stating that the reader will find
                        details about the threat model.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  OK. We can replace the sentence <br class=3D"">
                  <pre style=3D"word-wrap: break-word; white-space: =
pre-wrap;" class=3D"">A detailed description of "overclaiming" attack is =
provided
   in [RFC7835]

with=20

The LISP-SEC threat model, described in Section 3, is built on top of =
the LISP threat model defined in RFC7835, that includes a detailed =
description of "overclaiming" attack.=20
</pre>
                </div>
              </div>
            </blockquote>
            <div class=3D"">OK</div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">LISP-SEC also enables verification of =
authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D"">Why are you considering ITR-OTK =
and
                        MS-OTK sub-terms?&nbsp;</div>
                      <div class=3D"">I would elevate them at full =
terms,
                        hence avoiding spacing and indentation.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  Ok. <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">      Encapsulated Control Message =
(ECM): A LISP control message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Why are you re-defining =
ECM?&nbsp;</div>
                      <div class=3D"">You do not specify other packets,
                        e.g., Map-Reply, so why ECM?</div>
                      <div class=3D"">I would drop it.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  It is not defined in the Definitions section of 6830.
                  One would need to go through the body of 6830 to find
                  it. <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">I see your point. Just keep the text and add =
a ref to
              section 6.1.8 of 6830. This will clarify that is something
              coming from a specific section of that document.</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      I have dropped the definition, expanded the acronym ECM and
      referred to the specific section. <br class=3D"">
      <br class=3D"">
      In this way we don't have to wait for 6830bis, but we refer to the
      proper definition.<br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">&nbsp;</div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  I'll drop it, but we need to make sure that ECM gets
                  into the definition section of 6830bis. <br class=3D"">
                  <br class=3D"">
                  Albert: are you looking into that document? Can you
                  take care of this? <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">      Authentication Data (AD): =
Metadata that is included either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]
=0C
Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D"">
                        <div class=3D"">Why are you considering OTK-AD,
                          EID-AD, and PKT-AD sub-terms?&nbsp;</div>
                        <div class=3D"">I would elevate them at full
                          terms, hence avoiding spacing and =
indentation.</div>
                        <br class=3D"">
                      </div>
                    </div>
                  </blockquote>
                  ok. <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   For definitions of other terms, =
notably Map-Request, Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">LISP-SEC does not require OTK
                        confidentiality in the mapping system. This
                        should be discussed here.</div>
                    </div>
                  </blockquote>
                  we could add to the above<br class=3D"">
                  <pre style=3D"word-wrap: break-word; white-space: =
pre-wrap;" class=3D"">"and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System."=20

How the Mapping System is protected from MiTM attacks depends from the =
particular Mapping System used, and is out of the scope of this memo.=20

</pre>
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">That=E2=80=99s fine for me.</div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   According to the threat model =
described in [RFC7835] LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">You did not define HMAC acronym.
                        Please define and add a reference.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  ok. <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">      the integrity of the mapping =
data known to the Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Why not using =E2=80=9CMUST=E2=80=9D=
???</div>
                      <div class=3D"">Are you suggesting that a =
different
                        way to provide confidentiality can be used (e.g.
                        a different shared key)???</div>
                      <div class=3D"">If yes, please state so.</div>
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D"">Or are you suggesting that no
                        encryption at all is used? But this means not
                        providing confidentiality=E2=80=A6</div>
                      <div class=3D"">Can you clarify?</div>
                      <div class=3D""><br class=3D"">
                      </div>
                      (this very same comment will appear several time
                      in this review)<br class=3D"">
                    </div>
                  </blockquote>
                  <br class=3D"">
                  We don't want to make the use of pre-shared key
                  *mandatory* to all LISP deployments. There are
                  deployments where the risk of MiTM between the xTR and
                  the MS/MR may not justify the cost of provisioning a
                  shared key (data centers, for example). <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">be encrypted using a preconfigured =
key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">This =E2=80=9Cshould=E2=80=9D =
should be a =E2=80=9CSHOULD=E2=80=9D
                        &nbsp;(sorry for the cacophony=E2=80=A6)</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  Ok. <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D"">
                        <div class=3D"">Why not using =
=E2=80=9CMUST=E2=80=9D???</div>
                        <div class=3D"">Are you suggesting that a
                          different way to provide confidentiality can
                          be used (e.g. a different shared key)???</div>
                        <div class=3D"">If yes, please state so.</div>
                        <div class=3D""><br class=3D"">
                        </div>
                        <div class=3D"">Or are you suggesting that no
                          encryption at all is used? But this means not
                          providing confidentiality=E2=80=A6</div>
                        <div class=3D"">Can you clarify?</div>
                      </div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  Same as above. <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">be encrypted using the key shared =
between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]
=0C
Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;=E2=80=94+
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">I think that =E2=80=9Crec=E2=80=9D =
is mis-aligned
                        and should be shifted one character =
upward.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  No. The row above is the portion of the header that
                  specifies how many records will follow. Rec shows one
                  Rec item, in the array of Records.&nbsp; It is =
consistent
                  with 6830.<br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">OK</div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">                     LISP-SEC ECM =
Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">This is the first document =
starting
                        to allocate values to the "AD Type=E2=80=9D =
value.&nbsp;</div>
                      <div class=3D"">Why not asking IANA to create a
                        registry??</div>
                      <div class=3D"">(to be done in the IANA
                        Considerations Section) <br class=3D"">
                      </div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  <br class=3D"">
                  Ok.<br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D""><br class=3D"">
                      </div>
                      <br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">      V: Key Version bit.  This bit =
is toggled when the sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">I am not sure I understand the
                        rationale of this =E2=80=9CSHOULD=E2=80=9D. If =
for any reason
                        the ITR does not indicate the KDF ID what are
                        the consequences?</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  That should be a MAY, I believe, <br class=3D"">
                  <br class=3D"">
                  The ITR can specify "no preference" for KDF ID, using
                  a value of 0. <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">I think this is the unclear information: =
that the ITR
              can state =E2=80=9Cno preference=E2=80=9D using value =
0.</div>
            <div class=3D"">Would be good if you can state it more =
clearly.</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      I've added text to clarify this. <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  In the ITR processing section 5.4,&nbsp; we should add =
to <br class=3D"">
                  <br class=3D"">
                  <pre class=3D"newpage" style=3D"font-size: 13.3333px; =
margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: =
normal; font-variant-ligatures: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: =
0px; -webkit-text-stroke-width: 0px;">The KDF ID field, specifies the =
suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.</pre>
                  <br class=3D"">
                  a text like: "A KDF ID value of 0 (NONE), MAY be used
                  to specify that the ITR has no preferred KDF =
ID".&nbsp; <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D"">Is the MS free to choose the
                        algorithm? This should be clarified.</div>
                    </div>
                  </blockquote>
                  This is specified in section 5.7. <br class=3D"">
                  <br class=3D"">
                  "
                  <pre class=3D"newpage" style=3D"font-size: 13.3333px; =
margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: =
normal; font-variant-ligatures: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: =
0px; -webkit-text-stroke-width: 0px;">The Map-Server updates the OTK-AD =
by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.</pre>
                  "<br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">Since this paragraph does not use any 2119 =
language it
              actually mean that an MS can choose freely the =
&nbsp;algorithm
              to use.</div>
            <div class=3D"">right?</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      right. If the ITR does support that specific ID, the ITR may still
      decide to use it. <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D""><br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">What happens if the MS will choose =
a
                        KDF ID not supported by the ITR?</div>
                      <div class=3D"">Can you clarify how to solve this
                        situation or explain why this will never =
happen?</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  This is specified in 5.4, ITR processing. <br =
class=3D"">
                  <br class=3D"">
                  "
                  <pre class=3D"newpage" style=3D"font-size: 13.3333px; =
margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: =
normal; font-variant-ligatures: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: =
0px; -webkit-text-stroke-width: 0px;">To verify the integrity of the =
PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local =
policy.</pre>
                  " <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  There are two typical use cases: <br class=3D"">
                  - strict KDF ID policy: ITR specifiy a KDF ID, and
                  will discard map-reply with different KDF IDs. If
                  local policy allows, another map-request will be sent
                  with a different KDF ID<br class=3D"">
                  - loose KDF ID policy: ITR specify KDF ID =3D none, =
and
                  will accept map-reply with any KDF ID (if supported by
                  ITR). If received KDF is not supported the ITR shall
                  drop the map-reply<br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">The above text does not reflect the policies =
you are
              describing. That =E2=80=9CSHOULD=E2=80=9D should be a =
=E2=80=9CMAY=E2=80=9D and your
              policies spelled out. <br class=3D"">
            </div>
          </div>
        </div>
      </blockquote>
      I think we need to separate the recommendations for the two
      actions: SHOULD drop and MAY resend. <br class=3D"">
      <br class=3D"">
      "<br class=3D"">
      <pre class=3D"newpage" style=3D"font-size: 13.3333px; margin-top: =
0px; margin-bottom: 0px; break-before: page; font-style: normal; =
font-variant-ligatures: normal; font-variant-caps: normal; font-weight: =
normal; letter-spacing: normal; orphans: 2; text-align: start; =
text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; =
-webkit-text-stroke-width: 0px;">, the ITR SHOULD discard the Map-
   Reply. At the first opportunity it needs to, the ITR MAY send a new =
Map-
   Request with a different KDF ID, according to ITR's local policy.

What do you think?=20
</pre>
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">Also, what is the MS stubbornly insists in =
using an
              algorithm that the ITR does not support?</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      The MS might not have alternatives, as it might only support one
      algorithm. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">See Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     =
EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ =
&lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Shouldn=E2=80=99t this be a =
different value?
                        This AD &nbsp;format is different from the one
                        described in section 5.1!</div>
                      <div class=3D"">Another reason to ask IANA for a
                        registry=E2=80=A6.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  One is the LISP-SEC authentication data that applies
                  to the ECM message (when S-bit =3D 1), the other is =
the
                  LISP-SEC authentication data that applies to the
                  Map-Reply (when S-bit =3D 1).&nbsp; <br class=3D"">
                  <br class=3D"">
                  Those are extensions of two different messages (ECM
                  and map-reply), and they are both identified by an AD
                  Type (that happens to be set to value 1 for both). <br =
class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">This is not clear in the current text.</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      Right. I have updated the text to clarify it. Together with the
      IANA disposition it should be clear now. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D""><br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  Yes, the AD type space is different so we will need
                  two IANA registries.&nbsp;</div>
              </div>
            </blockquote>
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  Question for the co-auhtors: should we change the name
                  to 'ECM AD Type' and 'Map-Reply AD Type=E2=80=99?<br =
class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">IMHO you have to, otherwise there will be =
always
              confusion=E2=80=A6.</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      done.<br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D""><br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">      EID-AD Length: length (in =
bytes) of the EID-AD.  An EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]
=0C
Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">=E2=80=9CLocation Data=E2=80=9D is =
something nowhere
                        defined. Can you clarify what do you mean?</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  we can just remove 'Location Data=E2=80=99</div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">OK.</div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">      PKT HMAC: HMAC of the whole =
Map-Reply packet, including the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">I would better explain that this
                        document is allocating a bit marked as reserved
                        in 6830.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  Ok. We will need to reflect this in 6830bis as well. =
<br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">Sure</div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D"">Furthermore, at the cost of being
                        redundant, I would put the packet format
                        highlighting the position of the bit so that
                        there is no confusion whatsoever.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  We wanted to&nbsp; explicitly avoid to include the =
format
                  of messages when already defined in other documents, =
</div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            The S-bit is not defined in other documents. IMHO is
            important to have the visual aid of which exact bit your are
            talking about.</div>
          <div class=3D""><br class=3D"">
          </div>
        </div>
      </blockquote>
      I've added text to clarify. I really prefer not to have the whole
      picture, but just refer to it. <br class=3D"">
      <br class=3D"">
      Considering that 6830 will evolve into 6830bis, eventually (with
      the next LISP-SEC) the reference will be updated in 6830bis.&nbsp; =
<br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">so =
we
                  point rather than copy. If we address this in 6830bis,
                  the problem will be solved. <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            You mentioned 6830bis several time, let me ask: Would you
            like to reference that document?</div>
          <div class=3D"">In this case we have to hold this back until =
we have at
            least a stable version of that document.</div>
          <div class=3D"">Then the RFC editor will hold this document =
back until
            that one is RFC, because of missing reference.</div>
          <div class=3D"">
            <div class=3D"">Or you keep it this way and later on you =
make a ST
              version.</div>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">Either way is fine for me.</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      I think we should move this draft forward, without waiting for
      6830bis. Considering that this is security I expect the review
      process to last quite some time, so we can make progress without
      waiting for 6830bis. Eventually even teh LISP-SEC RFC will be
      updated, and all will be good. <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D""><br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">The S bit indicates to the Map-Server =
that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared key,</pre>
                        </div>
                      </blockquote>
                      In section 4 you seem to suggest that this is not
                      the only way to protect the OTK (see my =
comment).</div>
                    <div class=3D"">Here instead you suggest that a =
shared
                      key is the only way.<br class=3D"">
                    </div>
                  </blockquote>
                  <br class=3D"">
                  <br class=3D"">
                  Right. Here it says what to do IF there is a shared
                  key, that is consistent with the SHOULD above. <br =
class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">OK.</div>
            <div class=3D""><br class=3D"">
            </div>
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Not clear what this =E2=80=9CSHOULD=E2=
=80=9D refers
                        to.</div>
                      <div class=3D"">IS the SHOULD related to the fact =
to
                        encrypt the OTK? The ITR SHOULD encrypt.</div>
                      <div class=3D"">Or the choice of the algorithm? =
The
                        ITR SHOULD use the algorithm specified by the
                        OTK Encryption ID?</div>
                      <div class=3D"">The second case looks impossible
                        since is the ITR is choosing the algorithm. May
                        be the sentence can be rewritten.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  SHOULD refers to protecting the confidentiality of the
                  ITR-OTK. Maybe the 'by' should be replaced by =
'with=E2=80=99?<br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            Just drop the =E2=80=9Cby=E2=80=9D?</div>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D""><br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      Similarly to previous comment: Why it is not a
                      MUST?<br class=3D"">
                    </div>
                  </blockquote>
                  Same as other SHOULD. <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">What happens if the MS will choose =
a
                        HMAC not supported by the ETR or the ITR?</div>
                      <div class=3D"">Can you clarify how to solve this
                        situation or explain why this will never =
happen?</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  This is described 5 paragraphs below: <br class=3D"">
                  <br class=3D"">
                  "
                  <pre class=3D"newpage" style=3D"font-size: 13.3333px; =
margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: =
normal; font-variant-ligatures: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: =
0px; -webkit-text-stroke-width: 0px;">If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  </pre>
                  "<br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">What about the ETR?</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      It's specified in 5.8, the ETR makes the same processing as the
      MS. <br class=3D"">
      <br class=3D"">
      "If the ETR does not support the Requested HMAC ID, it uses a
      different algorithm and updates the PKT HMAC ID field accordingly.
      " <br class=3D"">
      <br class=3D"">
      Also the ETR doesn't process the AD computed by the MS, it just
      copies into the Map-Reply. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D""><br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The KDF ID field, specifies the =
suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D""><br class=3D"">
                      </div>
                      <div class=3D"">What happens if the MS will choose =
a
                        KDF ID not supported by the ITR?</div>
                      <div class=3D"">Can you clarify how to solve this
                        situation or explain why this will never =
happen?</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  This is described a few paragraphs below: <br =
class=3D"">
                  "
                  <pre class=3D"newpage" style=3D"font-size: 13.3333px; =
margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: =
normal; font-variant-ligatures: normal; font-variant-caps: normal; =
font-weight: normal; letter-spacing: normal; orphans: 2; text-align: =
start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: =
0px; -webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply =
does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
                  "<br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">This does not guarantee that the MS will =
reply with
              something the ITR understands=E2=80=A6.</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      For some local ITR's policy it may not be guaranteed. It's a
      balance between reachability and security that the ITR will have
      to choose. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The EID-AD length is set to 4 =
bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Why a =E2=80=9CSHOULD=E2=80=9D? If =
the Map-Request
                        has S-bit=3D0 it mean that there is no AD, hence
                        no OTK, how can the ITR decrypt the =
reply?????</div>
                      <div class=3D"">It MUST discard=E2=80=A6..</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  If S-bit =3D 0 there's no Authentication Data. The
                  Map-reply is in clear, and can be read.</div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">I am not sure you understood my point.</div>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">You send a Map-Request with S=3D0, hence =
unenbcrypted.
              How can you possible receive a Map-Reply with S=3D1?</div>
            <div class=3D"">How is it encrypted if the ITR did not =
provide any OTK?</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      Misconfiguration, bugs? I was just trying to enumerate the
      behaviors of the ITR. There's probably something wrong, and the
      map-reply should be discarded. Still the mapping is readable, so
      an ITR favoring reachability may decide to use the mapping. <br =
class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  Here again the SHOULD leaves open to ITR local policy
                  that can be strict (drop anything not authenticated)
                  or loose (accept unauthenticated map-reply). <br =
class=3D"">
                  <br class=3D"">
                  There are use cases where LISP-SEC is not deployed
                  everywhere, where the ITR might have to use loose
                  policy. &nbsp; <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""><br class=3D"">
                      </div>
                      <br class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   Upon receiving a Map-Reply, the =
ITR must verify the integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre>
                        </div>
                      </blockquote>
                      Why is this a SHOULD? If it supports the HMAC
                      Algorithm why not decrypt? Shouldn=E2=80=99t this =
be a
                      =E2=80=9CMAY=E2=80=9D, according to internal =
policy?<br class=3D"">
                    </div>
                  </blockquote>
                  <br class=3D"">
                  because this could be used by an attacker to force
                  weaker HMACs (e.g. MD5). </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            OK</div>
          <div class=3D""><br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">The
                  SHOULD leaves open the door to not discarding,
                  according to local policy. <br class=3D"">
                  <br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">OK.</div>
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <br class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   and send, at the first opportunity =
it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Shouldn=E2=80=99t the MS do the =
same thing?
                        Otherwise different values will be obtained.
                        This is not specified in the MS functioning
                        description.</div>
                    </div>
                  </blockquote>
                  <br class=3D"">
                  good catch. Actually it's a typo here, the EID HMAC
                  field should be set to 0 (that is consistent with
                  section 5.7), not the EID HMAC ID that should not be
                  touched. <br class=3D"">
                  <br class=3D"">
                </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            OK<br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> =
<br class=3D"">
                  <pre style=3D"word-wrap: break-word; white-space: =
pre-wrap;" class=3D"">The ITR MUST set the EID HMAC ID field to 0 before =
computing
   the HMAC.

should change to=20

The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.
</pre>
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""> </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   To verify the integrity of the =
PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">I do not understand this =
=E2=80=9CSHOULD=E2=80=9D.
                        &nbsp;This has consequences in the choice how to
                        react to SMR. This is a local policy.</div>
                      <div class=3D"">_If_ the ITR wants to protect
                        Map-Requests using LISP-SEC, than SMR triggered
                        Map-Request MUST be sent through the mapping
                        system.</div>
                    </div>
                  </blockquote>
                </div>
              </div>
            </blockquote>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D""> so =
the
                  _if_ is what makes that MUST a SHOULD... According to
                  local policy the ITR SHOULD send the SMR. </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">I read the sentence in this way:</div>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D""><span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span>In
              order to received a secure Map-Reply, the ITR MUST send
              SMR triggered Map-Requests over the mapping system.</div>
          </div>
          <div class=3D""><br class=3D"">
          </div>
          <div class=3D"">No?</div>
        </div>
      </blockquote>
      <br class=3D"">
      I see what you are saying. I'll rephrase as: <br class=3D"">
      <br class=3D"">
      If an ITR accepts piggybacked Map-Replies, it SHOULD also send a
      Map-Request over the mapping system in order to verify the
      piggybacked Map-Reply with a secure Map-Reply. <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D""><br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""> </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">If an ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Same as above.</div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">5.4.1.  Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre>
                        </div>
                      </blockquote>
                      <div class=3D"">I think =E2=80=9Clog message" is =
too much
                        implementation specific.&nbsp;</div>
                      <div class=3D"">If there is a notification, and =
how
                        this notification is done, is implementation
                        specific IMHO.</div>
                    </div>
                  </blockquote>
                  Ok. 'a log message is issued' will change to 'a log
                  action should be taken'. The point is that there could
                  be an attack behind it, and we want to record the
                  event </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">OK</div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">If both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">I think =E2=80=9Clog message" is =
too much
                        implementation specific.&nbsp;</div>
                      <div class=3D"">If there is a notification, and =
how
                        this notification is done, is implementation
                        specific IMHO.</div>
                    </div>
                  </blockquote>
                  ok. Same as above.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""> </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The EID-record with EID-prefix =
1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">I think =E2=80=9Clog message" is =
too much
                        implementation specific.&nbsp;</div>
                      <div class=3D"">If there is a notification, and =
how
                        this notification is done, is implementation
                        specific IMHO.</div>
                    </div>
                  </blockquote>
                  ok. Same as above
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""> </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">  In this last example the ETR is =
trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Reading the example I am not sure =
I
                        would follow this behaviour.</div>
                      <div class=3D"">Only 1 record out of 3 is valid so
                        why should I actually trust the ETR instead of
                        throwing everything away?</div>
                      <div class=3D"">Can you explain ???</div>
                    </div>
                  </blockquote>
                  The other two records are validated by the MS, so
                  there is no reason to throw those away. </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">Yes, but the ETR is still trying to cheat on =
the third
              one=E2=80=A6.</div>
            <div class=3D"">So the ETR may be compromised, why should I =
send
              traffic to him???</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      ITR has flagged the security exception with the log entry, and
      some local ITR policy will decide what to do (including stop
      encapsulating to the ETR, if that's what is specified by the
      policy).&nbsp; At the LISP level LISP-SEC has done its job: =
verified
      mapping&nbsp; goes into the map-cache, overclaimed mapping is =
dropped.
      <br class=3D"">
      <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D""><br class=3D"">
            </div>
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""> </div>
                      <div class=3D""> </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">5.4.2.  PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, =
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">This would be LISP+ALT. Pleas add =
a
                        reference to 6836.</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">If confidentiality is required why
                        there is not a MUST?</div>
                    </div>
                  </blockquote>
                  Same.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre>
                        </div>
                      </blockquote>
                      Again, if confidentiality is required why there is
                      not a MUST?</div>
                  </blockquote>
                  Same.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">be encrypted with a key shared =
between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to [RFC3339],</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">The correct RFC is 3394.</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> the AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">Few points on this last =
paragraph:</div>
                      <div class=3D"">- You assume that there is no need
                        of confidentiality inside the Mapping =
System?</div>
                      <div class=3D"">- Why not stating that encryption
                        inside the mapping system is mapping system
                        specify and out of scope of this document?</div>
                    </div>
                  </blockquote>
                  ok. as it was pointed out above.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D"">- Why are you assuming that all of
                        the Mapping system will use ECM? Future Mapping
                        system may use soemthos different. The important
                        point is to ship the AD along.</div>
                    </div>
                  </blockquote>
                  good point, and I agree with your suggestion to fix
                  this below.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   The Map-Resolver then =
forwards</pre>
                        </div>
                      </blockquote>
                      to whom? </div>
                  </blockquote>
                  ok. add 'to the Map-Server'
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> the received Map-Request, =
encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">As for my comment of the previous
                        paragraph I would be more generic stating that
                        the MR will hand over the request to the mapping
                        system.</div>
                      <div class=3D""> </div>
                      <div class=3D"">You can still provide the example =
of
                        DDT using ECM.</div>
                    </div>
                  </blockquote>
                  right.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">5.7.  Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">This equivalent to not using
                        LISP-SEC. Please specify that the Map-Reply will
                        be not protected.</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   If the S-bit contained in the =
Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be =
encrypted,</pre>
                        </div>
                      </blockquote>
                      Again, if confidentiality is required why there is
                      not a MUST? </div>
                  </blockquote>
                  same as above.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre>
                        </div>
                      </blockquote>
                      <div class=3D""> </div>
                      <div class=3D"">As for a previous comment, can you
                        elaborate if OTK confidentiality is required in
                        the mapping system and what are the
                        consequences?</div>
                      <div class=3D""> </div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   Map-Register security, including =
the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre>
                        </div>
                      </blockquote>
                      <div class=3D"">This section is not conform to RFC
                        5226.</div>
                      <div class=3D""> </div>
                      <div class=3D"">There right way to go is to ask =
IANA
                        to create three new registries, for HMAC, Key
                        Wrap, and Key Derivation functions.</div>
                      <div class=3D"">Define what is the allocation
                        process (in light of the size of the field FCFS
                        should not cause any problem IMHO)</div>
                      <div class=3D""> </div>
                      <div class=3D"">Then ask to populate the =
registries
                        as already described.</div>
                    </div>
                  </blockquote>
                  Ok, so each one of the sections 7.x will say: IANA is
                  requested to create a new &lt;registry-name&gt;&nbsp;
                  registry for use =E2=80=A6 </div>
              </div>
            </blockquote>
            <div class=3D""><br class=3D"">
            </div>
            <div class=3D"">There is slightly more text to add.</div>
          </div>
        </div>
      </blockquote>
      <br class=3D"">
      right. I have added more. I'm almost ready to send a new =
rev.&nbsp; <br class=3D"">
      <br class=3D"">
      <blockquote =
cite=3D"mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
        <div class=3D"">
          <div class=3D"">
            <div class=3D""><br class=3D"">
            </div>
            <br class=3D"">
            <blockquote type=3D"cite" class=3D"">
              <div class=3D"">
                <div bgcolor=3D"#FFFFFF" text=3D"#000000" class=3D"">
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""> </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">7.1.  HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]
=0C
Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]
=0C
Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre>
                        </div>
                      </blockquote>
                      <div class=3D""> </div>
                      <div class=3D""> </div>
                      <div class=3D"">Please Check your reference, this =
is
                        the output if the nits tool:</div>
                      <div class=3D""> </div>
                      <div class=3D""> </div>
                      <div class=3D"">Checking references for intended
                        status: Experimental</div>
                      <div class=3D"">&nbsp;
=
--------------------------------------------------------------------------=
--</div>
                      <div class=3D""> </div>
                      <div class=3D"">&nbsp; =3D=3D Missing Reference: =
'RFC3339' is
                        mentioned on line 602, but not defined</div>
                      <div class=3D""> </div>
                      <div class=3D"">&nbsp; =3D=3D Missing Reference: =
'RFC4634' is
                        mentioned on line 752, but not defined</div>
                      <div class=3D""> </div>
                      <div class=3D"">&nbsp; ** Obsolete undefined =
reference:
                        RFC 4634 (Obsoleted by RFC 6234)</div>
                    </div>
                  </blockquote>
                  ok.
                  <blockquote =
cite=3D"mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr" =
type=3D"cite" class=3D"">
                    <div class=3D"">
                      <div class=3D""> </div>
                      <blockquote type=3D"cite" class=3D"">
                        <div class=3D"">
                          <pre style=3D"word-wrap: break-word; =
white-space: pre-wrap;" class=3D"">   [RFC2104]  Krawczyk, H., Bellare, =
M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc2104" =
class=3D"">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc2119" =
class=3D"">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc3394" =
class=3D"">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc4086" =
class=3D"">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc5226" =
class=3D"">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc5869" =
class=3D"">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc6830" =
class=3D"">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc6833" =
class=3D"">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]
=0C
Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a moz-do-not-send=3D"true" =
href=3D"http://www.rfc-editor.org/info/rfc7835" =
class=3D"">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send=3D"true" href=3D"mailto:fmaino@cisco.com" =
class=3D"">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send=3D"true" href=3D"mailto:vermagan@cisco.com" =
class=3D"">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a moz-do-not-send=3D"true" href=3D"mailto:acabello@ac.upc.edu" =
class=3D"">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a moz-do-not-send=3D"true" =
href=3D"mailto:damien.saucez@inria.fr" =
class=3D"">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page =
19]</pre>
                          <div class=3D""> </div>
                        </div>
                        <div class=3D""> </div>
                        <div class=3D""> </div>
                      </blockquote>
                      <div class=3D"">
                        <div class=3D""> </div>
                        <div class=3D""> </div>
                      </div>
                    </div>
                  </blockquote>
                  <div class=3D""> <br class=3D"webkit-block-placeholder">=

                  </div>
                </div>
              </div>
            </blockquote>
          </div>
          <br class=3D"">
        </div>
      </blockquote><p class=3D""><br class=3D"">
      </p>
    </blockquote><p class=3D""><br class=3D"">
    </p>
  </div>

<span id=3D"cid:1EDDBB75-0995-4DF3-9241-6F398783066E">&lt;Diff_ =
draft-ietf-lisp-sec-11.txt - =
draft-ietf-lisp-sec-12a.txt.html&gt;</span><span =
id=3D"cid:F2144582-6C70-43D5-9213-89A8BBED6471">&lt;draft-ietf-lisp-sec-12=
a.txt&gt;</span></div></blockquote></div><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_18803CD6-3ED4-4CAB-BF74-3F75F9A1A8AC--


From nobody Wed Oct 26 07:33:05 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 007A4129493; Wed, 26 Oct 2016 07:33:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.951
X-Spam-Level: 
X-Spam-Status: No, score=-14.951 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pm3ajkoLRxLz; Wed, 26 Oct 2016 07:32:48 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7ADF41293FF; Wed, 26 Oct 2016 07:32:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=235213; q=dns/txt; s=iport; t=1477492368; x=1478701968; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=oVTS4x9zBggH9IsxVyUfu7bZnw+3XV+B7Q+Jg9SU/gY=; b=XL6aX57YwtiBXzqqPCcfg0vxUmtAaSm2D3CB8x2Odm6SAykmOuQQMd7z uZIrdK/uurl81DYKWoOO/ZrwEmwrby2YSO0HYPJTOyWC259ovEWpMvjty 6MyvU/D0TxxCO9q2QYwzmHtENKzdoavTJnpAH+YehF3Mw3upJCgYDjeLf 8=;
X-IronPort-AV: E=Sophos;i="5.31,551,1473120000";  d="scan'208,217";a="164006682"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Oct 2016 14:32:47 +0000
Received: from [10.24.86.122] ([10.24.86.122]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id u9QEWiZX030393; Wed, 26 Oct 2016 14:32:44 GMT
To: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr> <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com> <748f2c3d-16fd-03f3-988d-11a9c262a43a@cisco.com> <4F3484F0-20F5-4B03-9456-0CAB8E4D3344@telecom-paristech.fr>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <8d0f2d3a-d44d-9983-54f8-eedced0d638e@cisco.com>
Date: Wed, 26 Oct 2016 07:32:44 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <4F3484F0-20F5-4B03-9456-0CAB8E4D3344@telecom-paristech.fr>
Content-Type: multipart/alternative; boundary="------------2C17378A2F0B1C07C9AB2D2D"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/HCDMNcRIy8bdgJhmnaw7xLEzvro>
Cc: lisp-chairs@ietf.org, Damien Saucez <damien.saucez@inria.fr>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2016 14:33:03 -0000

This is a multi-part message in MIME format.
--------------2C17378A2F0B1C07C9AB2D2D
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

sounds good.

Fabio

On 10/26/16 2:14 AM, Luigi Iannone wrote:
> Hi Fabio,
>
> thanks.
>
> I you don’t mind I prefer that we converge first (see other reply).
> So that I have to check only one final update.
>
> ciao
>
> L.
>
>
>> On 26 Oct 2016, at 06:07, Fabio Maino <fmaino@cisco.com 
>> <mailto:fmaino@cisco.com>> wrote:
>>
>> Ciao Luigi,
>> here is the updated draft and the diff from -11.
>>
>>
>> Thanks,
>> Fabio
>>
>>
>> On 10/25/16 5:14 PM, Fabio Maino wrote:
>>> Hi Luigi,
>>> below are more replies skipping the ones we agreed already. Looks 
>>> like we are converging...
>>>
>>>
>>> wrt to 6830bis, I think we should not wait. I suspect the security 
>>> review of the document will take some time, so we can do some 
>>> progress in parallel to 6830bis.
>>>
>>> We will have to do a LISP-SECbis afterwards, but that should be simple.
>>>
>>> Please, see below.
>>>
>>>
>>>
>>>
>>> On 10/24/16 3:02 AM, Luigi Iannone wrote:
>>>> Hi Fabio,
>>>>
>>>> se my comment inline.
>>>> (I do not consider the points we agree and everything related to 
>>>> the “SHOULD” clarification)
>>>>
>>>> Thanks for your work
>>>>
>>>> Ciao
>>>>
>>>> L.
>>>>
>>>>
>>>>> On 22 Oct 2016, at 01:23, Fabio Maino <fmaino@cisco.com 
>>>>> <mailto:fmaino@cisco.com>> wrote:
>>>>>
>>>>> Ciao Luigi,
>>>>> below I have replied to each comment. I'm working to the updated 
>>>>> text, that I will send as soon as it is ready. ideally we might be 
>>>>> able to publish a new version before draft deadline.
>>>>
>>>> Excellent. Thanks
>>>>
>>>>>
>>>>> Just a note on the most recurring comment: SHOULD vs. MUST.
>>>>>
>>>>> The use of SHOULD across the document is according to RFC 2119:
>>>>>
>>>>>
>>>>>     SHOULD
>>>>>
>>>>>   This word, or the adjective "RECOMMENDED", mean that there
>>>>>     may exist valid reasons in particular circumstances to ignore a
>>>>>     particular item, but the full implications must be understood and
>>>>>     carefully weighed before choosing a different course.
>>>>>
>>>>>
>>>>> There are use cases where, carefully weighing the implications, 
>>>>> some of the security services of LISP-SEC can be turned-off. We 
>>>>> want to leave implementors the freedom to allow this flexibility.
>>>>>
>>>>> For example, in a DC deployment it may make sense to turn off OTK 
>>>>> decryption between XTR and MS/MR, as MiTM is very unlikely.
>>>>>
>>>>> Similarly, an ITR may decide to implement a loose policy on 
>>>>> accepting an AD authenticated with an algorithm different from the 
>>>>> preferred authentication algorithm expressed by the ITR. Using a 
>>>>> MUST would force support of a given authentication algorithm 
>>>>> across each and every MS and ETR, that might not be the case when 
>>>>> incrementally deploying LISP-SEC (or while upgrading routers).
>>>>>
>>>>> Using a MUST would prevent this flexibility, that we would like to 
>>>>> leave to the implementors.
>>>>>
>>>>>
>>>>>
>>>>
>>>> This is fixed as for the suggestion of Joel. Thanks.
>>>>
>>>>
>>>>>
>>>>>
>>>>> On 10/19/16 8:06 AM, Luigi Iannone wrote:
>>>>>> Dear Authors of the LISP-SEC document,
>>>>>>
>>>>>> hereafter my review of the document.
>>>>>> This was long overdue, sorry for being so late.
>>>>>>
>>>>>> I really like the solution and the majority of my comments are 
>>>>>> just clarification questions.
>>>>>> Let me know if my comments are clear.
>>>>>>
>>>>>> ciao
>>>>>>
>>>>>> L.
>>>>>>
>>>>>>
>>>>>>
>>>>>>> 1.  Introduction
>>>>>>>
>>>>>>>     The Locator/ID Separation Protocol [RFC6830] defines a set of
>>>>>>>     functions for routers to exchange information used to map from non-
>>>>>>>     routable Endpoint Identifiers (EIDs) to routable Routing Locators
>>>>>>>     (RLOCs).
>>>>>> I find the above sentence confusing. Wouldn’t be better to 
>>>>>> specify that we are talking about IP addresses?
>>>>>
>>>>> That's how LISP is described in RFC6830, section 1. If you start 
>>>>> using the term IP address then you need to qualify if you are 
>>>>> talking about Identity-IP or Locator-IP, so the sentence gets 
>>>>> complicated pretty quickly.
>>>>>
>>>>
>>>> Not really. The very first sentence of the abstract of 6830 states:
>>>>
>>>> This document describes a network-layer-based protocol that enables
>>>>     separation of IP addresses into two new numbering spaces: Endpoint
>>>>     Identifiers (EIDs) and Routing Locators (RLOCs).
>>>>
>>>>
>>>> So clearly speaks about IP address.
>>>> Furthermore “routable" en “non routable” is true only in the 
>>>> inter-domain point of view, because EID are locally routable.
>>>> Note that 6830 does not specify in the first sentence what is 
>>>> routable and what is not.
>>>
>>> ok, fixed with text from 6830.
>>>
>>>
>>>>
>>>>
>>>>> I would leave this one unchanged.
>>>>>>
>>>>>>> If these EID-to-RLOC mappings, carried through Map-Reply
>>>>>>>     messages, are transmitted without integrity protection, an adversary
>>>>>>>     can manipulate them and hijack the communication, impersonate the
>>>>>>>     requested EID, or mount Denial of Service or Distributed Denial of
>>>>>>>     Service attacks.  Also, if the Map-Reply message is transported
>>>>>>>     unauthenticated, an adversarial LISP entity can overclaim an EID-
>>>>>>>     prefix and maliciously redirect traffic directed to a large number of
>>>>>>>     hosts.  A detailed description of "overclaiming" attack is provided
>>>>>>>     in [RFC7835].
>>>>>>>
>>>>>>>     This memo specifies LISP-SEC, a set of security mechanisms that
>>>>>>>     provides origin authentication, integrity and anti-replay protection
>>>>>>>     to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
>>>>>>>     process.
>>>>>>
>>>>>> I would put s forward reference to section 3 stating that the 
>>>>>> reader will find details about the threat model.
>>>>>
>>>>> OK. We can replace the sentence
>>>>> A detailed description of "overclaiming" attack is provided
>>>>>     in [RFC7835]
>>>>>
>>>>> with
>>>>>
>>>>> The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack.
>>>> OK
>>>>
>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>> LISP-SEC also enables verification of authorization on EID-
>>>>>>>     prefix claims in Map-Reply messages, ensuring that the sender of a
>>>>>>>     Map-Reply that provides the location for a given EID-prefix is
>>>>>>>     entitled to do so according to the EID prefix registered in the
>>>>>>>     associated Map-Server.  Map-Register security, including the right
>>>>>>>     for a LISP entity to register an EID-prefix or to claim presence at
>>>>>>>     an RLOC, is out of the scope of LISP-SEC.  Additional security
>>>>>>>     considerations are described in Section 6.
>>>>>>>
>>>>>>> 2.  Definition of Terms
>>>>>>>
>>>>>>>        One-Time Key (OTK): An ephemeral randomly generated key that must
>>>>>>>        be used for a single Map-Request/Map-Reply exchange.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>           ITR-OTK: The One-Time Key generated at the ITR.
>>>>>>>
>>>>>>>           MS-OTK: The One-Time Key generated at the Map-Server.
>>>>>>
>>>>>> Why are you considering ITR-OTK and MS-OTK sub-terms?
>>>>>> I would elevate them at full terms, hence avoiding spacing and 
>>>>>> indentation.
>>>>>
>>>>> Ok.
>>>>>
>>>>>>
>>>>>>>        Encapsulated Control Message (ECM): A LISP control message that is
>>>>>>>        prepended with an additional LISP header.  ECM is used by ITRs to
>>>>>>>        send LISP control messages to a Map-Resolver, by Map-Resolvers to
>>>>>>>        forward LISP control messages to a Map-Server, and by Map-
>>>>>>>        Resolvers to forward LISP control messages to an ETR.
>>>>>>>
>>>>>> Why are you re-defining ECM?
>>>>>> You do not specify other packets, e.g., Map-Reply, so why ECM?
>>>>>> I would drop it.
>>>>>
>>>>> It is not defined in the Definitions section of 6830. One would 
>>>>> need to go through the body of 6830 to find it.
>>>>
>>>> I see your point. Just keep the text and add a ref to section 6.1.8 
>>>> of 6830. This will clarify that is something coming from a specific 
>>>> section of that document.
>>>
>>> I have dropped the definition, expanded the acronym ECM and referred 
>>> to the specific section.
>>>
>>> In this way we don't have to wait for 6830bis, but we refer to the 
>>> proper definition.
>>>
>>>>
>>>>
>>>>>
>>>>> I'll drop it, but we need to make sure that ECM gets into the 
>>>>> definition section of 6830bis.
>>>>>
>>>>> Albert: are you looking into that document? Can you take care of 
>>>>> this?
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>>        Authentication Data (AD): Metadata that is included either in a
>>>>>>>        LISP ECM header or in a Map-Reply message to support
>>>>>>>        confidentiality, integrity protection, and verification of EID-
>>>>>>>        prefix authorization.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                 [Page 3]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>           OTK-AD: The portion of ECM Authentication Data that contains a
>>>>>>>           One-Time Key.
>>>>>>>
>>>>>>>           EID-AD: The portion of ECM and Map-Reply Authentication Data
>>>>>>>           used for verification of EID-prefix authorization.
>>>>>>>
>>>>>>>           PKT-AD: The portion of Map-Reply Authentication Data used to
>>>>>>>           protect the integrity of the Map-Reply message.
>>>>>>
>>>>>>
>>>>>> Why are you considering OTK-AD, EID-AD, and PKT-AD sub-terms?
>>>>>> I would elevate them at full terms, hence avoiding spacing and 
>>>>>> indentation.
>>>>>>
>>>>> ok.
>>>>>
>>>>>>
>>>>>>>     For definitions of other terms, notably Map-Request, Map-Reply,
>>>>>>>     Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
>>>>>>>     (MS), and Map-Resolver (MR) please consult the LISP specification
>>>>>>>     [RFC6830].
>>>>>>>
>>>>>>> 3.  LISP-SEC Threat Model
>>>>>>>
>>>>>>>     LISP-SEC addresses the control plane threats, described in [RFC7835],
>>>>>>>     that target EID-to-RLOC mappings, including manipulations of Map-
>>>>>>>     Request and Map-Reply messages, and malicious ETR EID prefix
>>>>>>>     overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
>>>>>>>     mapping system is expected to deliver a Map-Request message to their
>>>>>>>     intended destination ETR as identified by the EID, and (2) no man-in-
>>>>>>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>>>>>>     System.  Furthermore, while LISP-SEC enables detection of EID prefix
>>>>>>>     overclaiming attacks, it assumes that Map-Servers can verify the EID
>>>>>>>     prefix authorization at time of registration.
>>>>>> LISP-SEC does not require OTK confidentiality in the mapping 
>>>>>> system. This should be discussed here.
>>>>> we could add to the above
>>>>> "and (2) no man-in-
>>>>>     the-middle (MITM) attack can be mounted within the LISP Mapping
>>>>>     System."
>>>>>
>>>>> How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo.
>>>>>
>>>>>
>>>>
>>>> That’s fine for me.
>>>>
>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>>     According to the threat model described in [RFC7835] LISP-SEC assumes
>>>>>>>     that any kind of attack, including MITM attacks, can be mounted in
>>>>>>>     the access network, outside of the boundaries of the LISP mapping
>>>>>>>     system.  An on-path attacker, outside of the LISP mapping system can,
>>>>>>>     for example, hijack Map-Request and Map-Reply messages, spoofing the
>>>>>>>     identity of a LISP node.  Another example of on-path attack, called
>>>>>>>     overclaiming attack, can be mounted by a malicious Egress Tunnel
>>>>>>>     Router (ETR), by overclaiming the EID-prefixes for which it is
>>>>>>>     authoritative.  In this way the ETR can maliciously redirect traffic
>>>>>>>     directed to a large number of hosts.
>>>>>>>
>>>>>>> 4.  Protocol Operations
>>>>>>>
>>>>>>>     The goal of the security mechanisms defined in [RFC6830] is to
>>>>>>>     prevent unauthorized insertion of mapping data by providing origin
>>>>>>>     authentication and integrity protection for the Map-Registration, and
>>>>>>>     by using the nonce to detect unsolicited Map-Reply sent by off-path
>>>>>>>     attackers.
>>>>>>>
>>>>>>>     LISP-SEC builds on top of the security mechanisms defined in
>>>>>>>     [RFC6830] to address the threats described in Section 3 by leveraging
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                 [Page 4]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     the trust relationships existing among the LISP entities
>>>>>>>     participating to the exchange of the Map-Request/Map-Reply messages.
>>>>>>>     Those trust relationships are used to securely distribute a One-Time
>>>>>>>     Key (OTK) that provides origin authentication, integrity and anti-
>>>>>>>     replay protection to mapping data conveyed via the mapping lookup
>>>>>>>     process, and that effectively prevent overclaiming attacks.  The
>>>>>>>     processing of security parameters during the Map-Request/Map-Reply
>>>>>>>     exchange is as follows:
>>>>>>>
>>>>>>>     o  The ITR-OTK is generated and stored at the ITR, and securely
>>>>>>>        transported to the Map-Server.
>>>>>>>
>>>>>>>     o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
>>>>>> You did not define HMAC acronym. Please define and add a reference.
>>>>>
>>>>> ok.
>>>>>
>>>>>
>>>>>>
>>>>>>>        the integrity of the mapping data known to the Map-Server to
>>>>>>>        prevent overclaiming attacks.  The Map-Server also derives a new
>>>>>>>        OTK, the MS-OTK, that is passed to the ETR, by applying a Key
>>>>>>>        Derivation Function (KDF) to the ITR-OTK.
>>>>>>>
>>>>>>>     o  The ETR uses the MS-OTK to compute an HMAC that protects the
>>>>>>>        integrity of the Map-Reply sent to the ITR.
>>>>>>>
>>>>>>>     o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
>>>>>>>        of the mapping data provided by both the Map-Server and the ETR,
>>>>>>>        and to verify that no overclaiming attacks were mounted along the
>>>>>>>        path between the Map-Server and the ITR.
>>>>>>>
>>>>>>>     Section 5 provides the detailed description of the LISP-SEC control
>>>>>>>     messages and their processing, while the rest of this section
>>>>>>>     describes the flow of protocol operations at each entity involved in
>>>>>>>     the Map-Request/Map-Reply exchange:
>>>>>>>
>>>>>>>     o  The ITR, upon needing to transmit a Map-Request message, generates
>>>>>>>        and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
>>>>>>>        Encapsulated Control Message (ECM) that contains the Map-Request
>>>>>>>        sent to the Map-Resolver.  To provide confidentiality to the ITR-
>>>>>>>        OTK over the path between the ITR and its Map-Resolver, the ITR-
>>>>>>>        OTK SHOULD
>>>>>> Why not using “MUST”???
>>>>>> Are you suggesting that a different way to provide 
>>>>>> confidentiality can be used (e.g. a different shared key)???
>>>>>> If yes, please state so.
>>>>>>
>>>>>> Or are you suggesting that no encryption at all is used? But this 
>>>>>> means not providing confidentiality…
>>>>>> Can you clarify?
>>>>>>
>>>>>> (this very same comment will appear several time in this review)
>>>>>
>>>>> We don't want to make the use of pre-shared key *mandatory* to all 
>>>>> LISP deployments. There are deployments where the risk of MiTM 
>>>>> between the xTR and the MS/MR may not justify the cost of 
>>>>> provisioning a shared key (data centers, for example).
>>>>>
>>>>>
>>>>>>> be encrypted using a preconfigured key shared between
>>>>>>>        the ITR and the Map-Resolver, similar to the key shared between
>>>>>>>        the ETR and the Map-Server in order to secure ETR registration
>>>>>>>        [RFC6833].
>>>>>>>
>>>>>>>     o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
>>>>>>>        OTK, if needed, and forwards through the Mapping System the
>>>>>>>        received Map-Request and the ITR-OTK, as part of a new ECM
>>>>>>>        message.  As described in Section 5.6, the LISP Mapping System
>>>>>>>        delivers the ECM to the appropriate Map-Server, as identified by
>>>>>>>        the EID destination address of the Map-Request.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                 [Page 5]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     o  The Map-Server is configured with the location mappings and policy
>>>>>>>        information for the ETR responsible for the EID destination
>>>>>>>        address.  Using this preconfigured information, the Map-Server,
>>>>>>>        after the decapsulation of the ECM message, finds the longest
>>>>>>>        match EID-prefix that covers the requested EID in the received
>>>>>>>        Map-Request.  The Map-Server adds this EID-prefix, together with
>>>>>>>        an HMAC computed using the ITR-OTK, to a new Encapsulated Control
>>>>>>>        Message that contains the received Map-Request.
>>>>>>>
>>>>>>>     o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
>>>>>>>        Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
>>>>>>>        in the Encapsulated Control Message that the Map-Server uses to
>>>>>>>        forward the Map-Request to the ETR.  To provide MS-OTK
>>>>>>>        confidentiality over the path between the Map-Server and the ETR,
>>>>>>>        the MS-OTK should
>>>>>> This “should” should be a “SHOULD”  (sorry for the cacophony…)
>>>>>
>>>>> Ok.
>>>>>>
>>>>>> Why not using “MUST”???
>>>>>> Are you suggesting that a different way to provide 
>>>>>> confidentiality can be used (e.g. a different shared key)???
>>>>>> If yes, please state so.
>>>>>>
>>>>>> Or are you suggesting that no encryption at all is used? But this 
>>>>>> means not providing confidentiality…
>>>>>> Can you clarify?
>>>>>
>>>>> Same as above.
>>>>>
>>>>>>
>>>>>>> be encrypted using the key shared between the
>>>>>>>        ETR and the Map-Server in order to secure ETR registration
>>>>>>>        [RFC6833].
>>>>>>>
>>>>>>>     o  If the Map-Server is acting in proxy mode, as specified in
>>>>>>>        [RFC6830], the ETR is not involved in the generation of the Map-
>>>>>>>        Reply.  In this case the Map-Server generates the Map-Reply on
>>>>>>>        behalf of the ETR as described below.
>>>>>>>
>>>>>>>     o  The ETR, upon receiving the ECM encapsulated Map-Request from the
>>>>>>>        Map-Server, decrypts the MS-OTK, if needed, and originates a
>>>>>>>        standard Map-Reply that contains the EID-to-RLOC mapping
>>>>>>>        information as specified in [RFC6830].
>>>>>>>
>>>>>>>     o  The ETR computes an HMAC over this standard Map-Reply, keyed with
>>>>>>>        MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
>>>>>>>        also copies the EID-prefix authorization data that the Map-Server
>>>>>>>        included in the ECM encapsulated Map-Request into the Map-Reply
>>>>>>>        message.  The ETR then sends this complete Map-Reply message to
>>>>>>>        the requesting ITR.
>>>>>>>
>>>>>>>     o  The ITR, upon receiving the Map-Reply, uses the locally stored
>>>>>>>        ITR-OTK to verify the integrity of the EID-prefix authorization
>>>>>>>        data included in the Map-Reply by the Map-Server.  The ITR
>>>>>>>        computes the MS-OTK by applying the same KDF used by the Map-
>>>>>>>        Server, and verifies the integrity of the Map-Reply.  If the
>>>>>>>        integrity checks fail, the Map-Reply MUST be discarded.  Also, if
>>>>>>>        the EID-prefixes claimed by the ETR in the Map-Reply are not equal
>>>>>>>        or more specific than the EID-prefix authorization data inserted
>>>>>>>        by the Map-Server, the ITR MUST discard the Map-Reply.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                 [Page 6]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>> 5.  LISP-SEC Control Messages Details
>>>>>>>
>>>>>>>     LISP-SEC metadata associated with a Map-Request is transported within
>>>>>>>     the Encapsulated Control Message that contains the Map-Request.
>>>>>>>
>>>>>>>     LISP-SEC metadata associated with the Map-Reply is transported within
>>>>>>>     the Map-Reply itself.
>>>>>>>
>>>>>>> 5.1.  Encapsulated Control Message LISP-SEC Extensions
>>>>>>>
>>>>>>>     LISP-SEC uses the ECM (Encapsulated Control Message) defined in
>>>>>>>     [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
>>>>>>>     LISP header includes Authentication Data (AD).  The format of the
>>>>>>>     LISP-SEC ECM Authentication Data is defined in the following figure.
>>>>>>>     OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
>>>>>>>     for EID Authentication Data.
>>>>>>>
>>>>>>>   0                   1                   2                   3
>>>>>>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>>> |     AD Type   |V|  Reserved   |        Requested HMAC ID      |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
>>>>>>> |              OTK Length       |       OTK Encryption ID       | |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>>>>> |                       One-Time-Key Preamble ...               | |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
>>>>>>> |                   ... One-Time-Key Preamble                   | |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>>>>> ~                      One-Time Key (128 bits)                  ~/
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>>>>> |           EID-AD Length       |           KDF ID              |     |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>>>>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>>>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>>>>>> ~                          EID-prefix ...                       ~ |   |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>>>>> ~                            EID HMAC                           ~     |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <—+
>>>>>> I think that “rec” is mis-aligned and should be shifted one 
>>>>>> character upward.
>>>>>
>>>>> No. The row above is the portion of the header that specifies how 
>>>>> many records will follow. Rec shows one Rec item, in the array of 
>>>>> Records.  It is consistent with 6830.
>>>>>
>>>>>
>>>>
>>>> OK
>>>>
>>>>>
>>>>>>
>>>>>>>                       LISP-SEC ECM Authentication Data
>>>>>>>
>>>>>>>        AD Type: 1 (LISP-SEC Authentication Data)
>>>>>> This is the first document starting to allocate values to the "AD 
>>>>>> Type” value.
>>>>>> Why not asking IANA to create a registry??
>>>>>> (to be done in the IANA Considerations Section)
>>>>>
>>>>>
>>>>> Ok.
>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>        V: Key Version bit.  This bit is toggled when the sender switches
>>>>>>>        to a new OTK wrapping key
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                 [Page 7]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>>>
>>>>>>>        Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
>>>>>>>        Section 5.4 for details.
>>>>>>>
>>>>>>>        OTK Length: The length (in bytes) of the OTK Authentication Data
>>>>>>>        (OTK-AD), that contains the OTK Preamble and the OTK.
>>>>>>>
>>>>>>>        OTK Encryption ID: The identifier of the key wrapping algorithm
>>>>>>>        used to encrypt the One-Time-Key. When a 128-bit OTK is sent
>>>>>>>        unencrypted by the Map-Resolver, the OTK Encryption ID is set to
>>>>>>>        NULL_KEY_WRAP_128.  See Section 5.5 for more details.
>>>>>>>
>>>>>>>        One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
>>>>>>>        the OTK is encrypted, this field may carry additional metadata
>>>>>>>        resulting from the key wrapping operation.  When a 128-bit OTK is
>>>>>>>        sent unencrypted by Map-Resolver, the OTK Preamble is set to
>>>>>>>        0x0000000000000000 (64 bits).  See Section 5.5 for details.
>>>>>>>
>>>>>>>        One-Time-Key: the OTK encrypted (or not) as specified by OTK
>>>>>>>        Encryption ID.  See Section 5.5 for details.
>>>>>>>
>>>>>>>        EID-AD Length: length (in bytes) of the EID Authentication Data
>>>>>>>        (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
>>>>>>>        fills the KDF ID field, and all the remaining fields part of the
>>>>>>>        EID-AD are not present.  An EID-AD MAY contain multiple EID-
>>>>>>>        records.  Each EID-record is 4-byte long plus the length of the
>>>>>>>        AFI-encoded EID-prefix.
>>>>>>>
>>>>>>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>>>>>>        the MS-OTK.  The ITR SHOULD use this field to indicate the
>>>>>>>        recommended KDF algorithm, according to local policy.
>>>>>> I am not sure I understand the rationale of this “SHOULD”. If for 
>>>>>> any reason the ITR does not indicate the KDF ID what are the 
>>>>>> consequences?
>>>>>
>>>>> That should be a MAY, I believe,
>>>>>
>>>>> The ITR can specify "no preference" for KDF ID, using a value of 0.
>>>>
>>>> I think this is the unclear information: that the ITR can state “no 
>>>> preference” using value 0.
>>>> Would be good if you can state it more clearly.
>>>
>>> I've added text to clarify this.
>>>
>>>>
>>>>
>>>>>
>>>>> In the ITR processing section 5.4,  we should add to
>>>>>
>>>>> The KDF ID field, specifies the suggested key derivation function to
>>>>>     be used by the Map-Server to derive the MS-OTK.
>>>>>
>>>>> a text like: "A KDF ID value of 0 (NONE), MAY be used to specify 
>>>>> that the ITR has no preferred KDF ID".
>>>>>
>>>>>
>>>>>
>>>>>> Is the MS free to choose the algorithm? This should be clarified.
>>>>> This is specified in section 5.7.
>>>>>
>>>>> "
>>>>> The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>>>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>>     applying the key derivation function specified in the KDF ID field.
>>>>>     If the algorithm specified in the KDF ID field is not supported, the
>>>>>     Map-Server uses a different algorithm to derive the key and updates
>>>>>     the KDF ID field accordingly.
>>>>> "
>>>>>
>>>>>
>>>>
>>>> Since this paragraph does not use any 2119 language it actually 
>>>> mean that an MS can choose freely the  algorithm to use.
>>>> right?
>>>
>>> right. If the ITR does support that specific ID, the ITR may still 
>>> decide to use it.
>>>
>>>>
>>>>>
>>>>>>
>>>>>>>   The Map-
>>>>>>>        Server can overwrite the KDF ID if it does not support the KDF ID
>>>>>>>        recommended by the ITR.
>>>>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>>>>> Can you clarify how to solve this situation or explain why this 
>>>>>> will never happen?
>>>>>
>>>>> This is specified in 5.4, ITR processing.
>>>>>
>>>>> "
>>>>> To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>>>     from the locally stored ITR-OTK using the algorithm specified in the
>>>>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>>>     Request with a different KDF ID, according to ITR's local policy.
>>>>> "
>>>>>
>>>>>
>>>>> There are two typical use cases:
>>>>> - strict KDF ID policy: ITR specifiy a KDF ID, and will discard 
>>>>> map-reply with different KDF IDs. If local policy allows, another 
>>>>> map-request will be sent with a different KDF ID
>>>>> - loose KDF ID policy: ITR specify KDF ID = none, and will accept 
>>>>> map-reply with any KDF ID (if supported by ITR). If received KDF 
>>>>> is not supported the ITR shall drop the map-reply
>>>>>
>>>>
>>>> The above text does not reflect the policies you are describing. 
>>>> That “SHOULD” should be a “MAY” and your policies spelled out.
>>> I think we need to separate the recommendations for the two actions: 
>>> SHOULD drop and MAY resend.
>>>
>>> "
>>> , the ITR SHOULD discard the Map-
>>>     Reply. At the first opportunity it needs to, the ITR MAY send a new Map-
>>>     Request with a different KDF ID, according to ITR's local policy.
>>>
>>> What do you think?
>>>
>>>>
>>>> Also, what is the MS stubbornly insists in using an algorithm that 
>>>> the ITR does not support?
>>>
>>> The MS might not have alternatives, as it might only support one 
>>> algorithm.
>>>
>>>
>>>
>>>>
>>>>
>>>>>
>>>>>>
>>>>>>> See Section 5.4 for more details.
>>>>>>>
>>>>>>>        Record Count: The number of records in this Map-Request message.
>>>>>>>        A record is comprised of the portion of the packet that is labeled
>>>>>>>        'Rec' above and occurs the number of times equal to Record Count.
>>>>>>>
>>>>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>>>
>>>>>>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>>>>        integrity of the EID-AD.  This field is filled by Map-Server that
>>>>>>>        computed the EID-prefix HMAC.  See Section 5.4 for more details.
>>>>>>>
>>>>>>>        EID mask-len: Mask length for EID-prefix.
>>>>>>>
>>>>>>>        EID-AFI: Address family of EID-prefix according to [RFC5226]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                 [Page 8]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>        EID-prefix: The Map-Server uses this field to specify the EID-
>>>>>>>        prefix that the destination ETR is authoritative for, and is the
>>>>>>>        longest match for the requested EID.
>>>>>>>
>>>>>>>        EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
>>>>>>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>>>>>>        to 0.  The HMAC covers the entire EID-AD.
>>>>>>>
>>>>>>> 5.2.  Map-Reply LISP-SEC Extensions
>>>>>>>
>>>>>>>     LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
>>>>>>>     and S bit set to 1 to indicate that the Map-Reply message includes
>>>>>>>     Authentication Data (AD).  The format of the LISP-SEC Map-Reply
>>>>>>>     Authentication Data is defined in the following figure.  PKT-AD is
>>>>>>>     the Packet Authentication Data that covers the Map-Reply payload.
>>>>>>>
>>>>>>>   0                   1                   2                   3
>>>>>>>   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>>>>>>> |    AD Type    |                 Reserved                      |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>>>>> |           EID-AD Length       |           KDF ID              |     |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
>>>>>>> | Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
>>>>>>> |   Reserved    | EID mask-len  |           EID-AFI             | |   |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
>>>>>>> ~                          EID-prefix ...                       ~ |   |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
>>>>>>> ~                            EID HMAC                           ~     |
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ <---+
>>>>>>> |         PKT-AD Length         |         PKT HMAC ID           |\
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
>>>>>>> ~                            PKT HMAC                           ~ PKT-AD
>>>>>>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/
>>>>>>>
>>>>>>>                    LISP-SEC Map-Reply Authentication Data
>>>>>>>
>>>>>>>        AD Type: 1 (LISP-SEC Authentication Data)
>>>>>> Shouldn’t this be a different value? This AD  format is different 
>>>>>> from the one described in section 5.1!
>>>>>> Another reason to ask IANA for a registry….
>>>>>
>>>>> One is the LISP-SEC authentication data that applies to the ECM 
>>>>> message (when S-bit = 1), the other is the LISP-SEC authentication 
>>>>> data that applies to the Map-Reply (when S-bit = 1).
>>>>>
>>>>> Those are extensions of two different messages (ECM and 
>>>>> map-reply), and they are both identified by an AD Type (that 
>>>>> happens to be set to value 1 for both).
>>>>
>>>> This is not clear in the current text.
>>>
>>> Right. I have updated the text to clarify it. Together with the IANA 
>>> disposition it should be clear now.
>>>
>>>
>>>>
>>>>>
>>>>> Yes, the AD type space is different so we will need two IANA 
>>>>> registries.
>>>>>
>>>>>
>>>>> Question for the co-auhtors: should we change the name to 'ECM AD 
>>>>> Type' and 'Map-Reply AD Type’?
>>>>
>>>> IMHO you have to, otherwise there will be always confusion….
>>>
>>> done.
>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>>        EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
>>>>>>>        contain multiple EID-records.  Each EID-record is 4-byte long plus
>>>>>>>        the length of the AFI-encoded EID-prefix.
>>>>>>>
>>>>>>>        KDF ID: Identifier of the Key Derivation Function used to derive
>>>>>>>        MS-OTK.  See Section 5.7 for more details.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                 [Page 9]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>        Record Count: The number of records in this Map-Reply message.  A
>>>>>>>        record is comprised of the portion of the packet that is labeled
>>>>>>>        'Rec' above and occurs the number of times equal to Record Count.
>>>>>>>
>>>>>>>        Reserved: Set to 0 on transmission and ignored on receipt.
>>>>>>>
>>>>>>>        EID HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>>>>        integrity of the EID-AD.  See Section 5.7 for more details.
>>>>>>>
>>>>>>>        EID mask-len: Mask length for EID-prefix.
>>>>>>>
>>>>>>>        EID-AFI: Address family of EID-prefix according to [RFC5226].
>>>>>>>
>>>>>>>        EID-prefix: This field contains an EID-prefix that the destination
>>>>>>>        ETR is authoritative for, and is the longest match for the
>>>>>>>        requested EID.
>>>>>>>
>>>>>>>        EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
>>>>>>>        Before computing the HMAC operation the EID HMAC field MUST be set
>>>>>>>        to 0.  The HMAC covers the entire EID-AD.
>>>>>>>
>>>>>>>        PKT-AD Length: length (in bytes) of the Packet Authentication Data
>>>>>>>        (PKT-AD).
>>>>>>>
>>>>>>>        PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
>>>>>>>        integrity of the Map-reply Location Data.
>>>>>> “Location Data” is something nowhere defined. Can you clarify 
>>>>>> what do you mean?
>>>>>
>>>>> we can just remove 'Location Data’
>>>>
>>>> OK.
>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>>        PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
>>>>>>>        SEC Authentication Data.  The scope of the authentication goes
>>>>>>>        from the Map-Reply Type field to the PKT HMAC field included.
>>>>>>>        Before computing the HMAC operation the PKT HMAC field MUST be set
>>>>>>>        to 0.  See Section 5.8 for more details.
>>>>>>>
>>>>>>> 5.3.  Map-Register LISP-SEC Extentions
>>>>>>>
>>>>>>>     The second bit after the Type field in a Map-Register message is
>>>>>>>     allocated as the S bit.
>>>>>> I would better explain that this document is allocating a bit 
>>>>>> marked as reserved in 6830.
>>>>>
>>>>> Ok. We will need to reflect this in 6830bis as well.
>>>>
>>>> Sure
>>>>
>>>>
>>>>>
>>>>>> Furthermore, at the cost of being redundant, I would put the 
>>>>>> packet format highlighting the position of the bit so that there 
>>>>>> is no confusion whatsoever.
>>>>>
>>>>> We wanted to  explicitly avoid to include the format of messages 
>>>>> when already defined in other documents,
>>>>
>>>> The S-bit is not defined in other documents. IMHO is important to 
>>>> have the visual aid of which exact bit your are talking about.
>>>>
>>> I've added text to clarify. I really prefer not to have the whole 
>>> picture, but just refer to it.
>>>
>>> Considering that 6830 will evolve into 6830bis, eventually (with the 
>>> next LISP-SEC) the reference will be updated in 6830bis.
>>>
>>>
>>>>> so we point rather than copy. If we address this in 6830bis, the 
>>>>> problem will be solved.
>>>>
>>>> You mentioned 6830bis several time, let me ask: Would you like to 
>>>> reference that document?
>>>> In this case we have to hold this back until we have at least a 
>>>> stable version of that document.
>>>> Then the RFC editor will hold this document back until that one is 
>>>> RFC, because of missing reference.
>>>> Or you keep it this way and later on you make a ST version.
>>>>
>>>> Either way is fine for me.
>>>
>>> I think we should move this draft forward, without waiting for 
>>> 6830bis. Considering that this is security I expect the review 
>>> process to last quite some time, so we can make progress without 
>>> waiting for 6830bis. Eventually even teh LISP-SEC RFC will be 
>>> updated, and all will be good.
>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>>
>>>>>>> The S bit indicates to the Map-Server that
>>>>>>>     the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
>>>>>>>     SEC MUST set the S bit in its Map-Register messages.
>>>>>>>
>>>>>>> 5.4.  ITR Processing
>>>>>>>
>>>>>>>     Upon creating a Map-Request, the ITR generates a random ITR-OTK that
>>>>>>>     is stored locally, together with the nonce generated as specified in
>>>>>>>     [RFC6830].
>>>>>>>
>>>>>>>     The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
>>>>>>>     1, to indicate the presence of Authentication Data.  If the ITR and
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 10]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     the Map-Resolver are configured with a shared key,
>>>>>> In section 4 you seem to suggest that this is not the only way to 
>>>>>> protect the OTK (see my comment).
>>>>>> Here instead you suggest that a shared key is the only way.
>>>>>
>>>>>
>>>>> Right. Here it says what to do IF there is a shared key, that is 
>>>>> consistent with the SHOULD above.
>>>>
>>>> OK.
>>>>
>>>>>
>>>>>
>>>>>>>   the ITR-OTK
>>>>>>>     confidentiality SHOULD be protected by wrapping the ITR-OTK with the
>>>>>>>     algorithm specified by the OTK Encryption ID field.
>>>>>> Not clear what this “SHOULD” refers to.
>>>>>> IS the SHOULD related to the fact to encrypt the OTK? The ITR 
>>>>>> SHOULD encrypt.
>>>>>> Or the choice of the algorithm? The ITR SHOULD use the algorithm 
>>>>>> specified by the OTK Encryption ID?
>>>>>> The second case looks impossible since is the ITR is choosing the 
>>>>>> algorithm. May be the sentence can be rewritten.
>>>>>
>>>>> SHOULD refers to protecting the confidentiality of the ITR-OTK. 
>>>>> Maybe the 'by' should be replaced by 'with’?
>>>>
>>>> Just drop the “by”?
>>>>
>>>>
>>>>>
>>>>>>
>>>>>> Similarly to previous comment: Why it is not a MUST?
>>>>> Same as other SHOULD.
>>>>>
>>>>>
>>>>>
>>>>>>>   See Section 5.5
>>>>>>>     for further details on OTK encryption.
>>>>>>>
>>>>>>>     The Requested HMAC ID field contains the suggested HMAC algorithm to
>>>>>>>     be used by the Map-Server and the ETR to protect the integrity of the
>>>>>>>     ECM Authentication data and of the Map-Reply.
>>>>>>>
>>>>>> What happens if the MS will choose a HMAC not supported by the 
>>>>>> ETR or the ITR?
>>>>>> Can you clarify how to solve this situation or explain why this 
>>>>>> will never happen?
>>>>>
>>>>> This is described 5 paragraphs below:
>>>>>
>>>>> "
>>>>> If the EID HMAC ID field does
>>>>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>>>>>     and send, at the first opportunity it needs to, a new Map-Request
>>>>>     with a different Requested HMAC ID field, according to ITR's local
>>>>>     policy.
>>>>> "
>>>>>
>>>>
>>>> What about the ETR?
>>>
>>> It's specified in 5.8, the ETR makes the same processing as the MS.
>>>
>>> "If the ETR does not support the Requested HMAC ID, it uses a 
>>> different algorithm and updates the PKT HMAC ID field accordingly. "
>>>
>>> Also the ETR doesn't process the AD computed by the MS, it just 
>>> copies into the Map-Reply.
>>>
>>>
>>>
>>>>
>>>>>
>>>>>>
>>>>>>>     The KDF ID field, specifies the suggested key derivation function to
>>>>>>>     be used by the Map-Server to derive the MS-OTK.
>>>>>>
>>>>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>>>>> Can you clarify how to solve this situation or explain why this 
>>>>>> will never happen?
>>>>>
>>>>> This is described a few paragraphs below:
>>>>> "
>>>>> If the KDF ID in the Map-Reply does not match the
>>>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>>>     Request with a different KDF ID, according to ITR's...
>>>>> "
>>>>>
>>>>
>>>> This does not guarantee that the MS will reply with something the 
>>>> ITR understands….
>>>
>>> For some local ITR's policy it may not be guaranteed. It's a balance 
>>> between reachability and security that the ITR will have to choose.
>>>
>>>
>>>
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>>>>
>>>>>>>     The EID-AD length is set to 4 bytes, since the Authentication Data
>>>>>>>     does not contain EID-prefix Authentication Data, and the EID-AD
>>>>>>>     contains only the KDF ID field.
>>>>>>>
>>>>>>>     In response to an encapsulated Map-Request that has the S-bit set, an
>>>>>>>     ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>>>>>>     EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
>>>>>>>     ITR MUST discard it.  In response to an encapsulated Map-Request with
>>>>>>>     S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
>>>>>>>     the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>>>>> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there 
>>>>>> is no AD, hence no OTK, how can the ITR decrypt the reply?????
>>>>>> It MUST discard…..
>>>>>
>>>>> If S-bit = 0 there's no Authentication Data. The Map-reply is in 
>>>>> clear, and can be read.
>>>>
>>>> I am not sure you understood my point.
>>>>
>>>> You send a Map-Request with S=0, hence unenbcrypted. How can you 
>>>> possible receive a Map-Reply with S=1?
>>>> How is it encrypted if the ITR did not provide any OTK?
>>>
>>> Misconfiguration, bugs? I was just trying to enumerate the behaviors 
>>> of the ITR. There's probably something wrong, and the map-reply 
>>> should be discarded. Still the mapping is readable, so an ITR 
>>> favoring reachability may decide to use the mapping.
>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>> Here again the SHOULD leaves open to ITR local policy that can be 
>>>>> strict (drop anything not authenticated) or loose (accept 
>>>>> unauthenticated map-reply).
>>>>>
>>>>> There are use cases where LISP-SEC is not deployed everywhere, 
>>>>> where the ITR might have to use loose policy.
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>>     Upon receiving a Map-Reply, the ITR must verify the integrity of both
>>>>>>>     the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
>>>>>>>     the integrity checks fails.
>>>>>>>
>>>>>>>     The integrity of the EID-AD is verified using the locally stored ITR-
>>>>>>>     OTK to re-compute the HMAC of the EID-AD using the algorithm
>>>>>>>     specified in the EID HMAC ID field.  If the EID HMAC ID field does
>>>>>>>     not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
>>>>>> Why is this a SHOULD? If it supports the HMAC Algorithm why not 
>>>>>> decrypt? Shouldn’t this be a “MAY”, according to internal policy?
>>>>>
>>>>> because this could be used by an attacker to force weaker HMACs 
>>>>> (e.g. MD5).
>>>>
>>>> OK
>>>>
>>>>> The SHOULD leaves open the door to not discarding, according to 
>>>>> local policy.
>>>>>
>>>>>
>>>>
>>>> OK.
>>>>
>>>>
>>>>>
>>>>>
>>>>>>>     and send, at the first opportunity it needs to, a new Map-Request
>>>>>>>     with a different Requested HMAC ID field, according to ITR's local
>>>>>>>     policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
>>>>>>>     the HMAC.
>>>>>> Shouldn’t the MS do the same thing? Otherwise different values 
>>>>>> will be obtained. This is not specified in the MS functioning 
>>>>>> description.
>>>>>
>>>>> good catch. Actually it's a typo here, the EID HMAC field should 
>>>>> be set to 0 (that is consistent with section 5.7), not the EID 
>>>>> HMAC ID that should not be touched.
>>>>>
>>>>
>>>> OK
>>>>>
>>>>> The ITR MUST set the EID HMAC ID field to 0 before computing
>>>>>     the HMAC.
>>>>>
>>>>> should change to
>>>>>
>>>>> The scope of the HMAC operation covers the
>>>>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>>>     which must be set to 0 before the computation.
>>>>>>>     To verify the integrity of the PKT-AD, first the MS-OTK is derived
>>>>>>>     from the locally stored ITR-OTK using the algorithm specified in the
>>>>>>>     KDF ID field.  This is because the PKT-AD is generated by the ETR
>>>>>>>     using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
>>>>>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>>>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>>>>>     Request with a different KDF ID, according to ITR's local policy.
>>>>>>>     The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
>>>>>>>     using the Algorithm specified in the PKT HMAC ID field.  If the PKT
>>>>>>>     HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
>>>>>>>     discard the Map-Reply and send, at the first opportunity it needs to,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 11]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     a new Map-Request with a different Requested HMAC ID according to
>>>>>>>     ITR's local policy.
>>>>>>>
>>>>>>>     Each individual Map-Reply EID-record is considered valid only if: (1)
>>>>>>>     both EID-AD and PKT-AD are valid, and (2) the intersection of the
>>>>>>>     EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
>>>>>>>     contained in the EID-AD is not empty.  After identifying the Map-
>>>>>>>     Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
>>>>>>>     record to the value of the intersection set computed before, and adds
>>>>>>>     the Map-Reply EID-record to its EID-to-RLOC cache, as described in
>>>>>>>     [RFC6830].  An example of Map-Reply record validation is provided in
>>>>>>>     Section 5.4.1.
>>>>>>>
>>>>>>>     The ITR SHOULD send SMR triggered Map-Requests over the mapping
>>>>>>>     system in order to receive a secure Map-Reply.
>>>>>> I do not understand this “SHOULD”.  This has consequences in the 
>>>>>> choice how to react to SMR. This is a local policy.
>>>>>> _If_ the ITR wants to protect Map-Requests using LISP-SEC, than 
>>>>>> SMR triggered Map-Request MUST be sent through the mapping system.
>>>>
>>>>> so the _if_ is what makes that MUST a SHOULD... According to local 
>>>>> policy the ITR SHOULD send the SMR.
>>>>
>>>> I read the sentence in this way:
>>>>
>>>> In order to received a secure Map-Reply, the ITR MUST send SMR 
>>>> triggered Map-Requests over the mapping system.
>>>>
>>>> No?
>>>
>>> I see what you are saying. I'll rephrase as:
>>>
>>> If an ITR accepts piggybacked Map-Replies, it SHOULD also send a 
>>> Map-Request over the mapping system in order to verify the 
>>> piggybacked Map-Reply with a secure Map-Reply.
>>>
>>>
>>>
>>>
>>>>
>>>>>>> If an ITR accepts
>>>>>>>     piggybacked Map-Replies, it SHOULD also send a Map-Request over the
>>>>>>>     mapping system in order to securely verify the piggybacked Map-Reply.
>>>>>> Same as above.
>>>>>>> 5.4.1.  Map-Reply Record Validation
>>>>>>>
>>>>>>>     The payload of a Map-Reply may contain multiple EID-records.  The
>>>>>>>     whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
>>>>>>>     integrity protection and origin authentication to the EID-prefix
>>>>>>>     records claimed by the ETR.  The Authentication Data field of a Map-
>>>>>>>     Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
>>>>>>>     signed by the Map-Server, with the EID HMAC, to provide integrity
>>>>>>>     protection and origin authentication to the EID-prefix records
>>>>>>>     inserted by the Map-Server.
>>>>>>>
>>>>>>>     Upon receiving a Map-Reply with the S-bit set, the ITR first checks
>>>>>>>     the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
>>>>>>>     one of the HMACs is not valid, a log message is issued and the Map-
>>>>>>>     Reply is not processed any further.
>>>>>> I think “log message" is too much implementation specific.
>>>>>> If there is a notification, and how this notification is done, is 
>>>>>> implementation specific IMHO.
>>>>> Ok. 'a log message is issued' will change to 'a log action should 
>>>>> be taken'. The point is that there could be an attack behind it, 
>>>>> and we want to record the event
>>>>
>>>> OK
>>>>
>>>>>>> If both HMACs are valid, the ITR
>>>>>>>     proceeds with validating each individual EID-record claimed by the
>>>>>>>     ETR by computing the intersection of each one of the EID-prefix
>>>>>>>     contained in the payload of the Map-Reply with each one of the EID-
>>>>>>>     prefixes contained in the EID-AD.  An EID-record is valid only if at
>>>>>>>     least one of the intersections is not the empty set.
>>>>>>>
>>>>>>>     For instance, the Map-Reply payload contains 3 mapping record EID-
>>>>>>>     prefixes:
>>>>>>>
>>>>>>>        1.1.1.0/24
>>>>>>>
>>>>>>>        1.1.2.0/24
>>>>>>>
>>>>>>>        1.2.0.0/16
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 12]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     The EID-AD contains two EID-prefixes:
>>>>>>>
>>>>>>>        1.1.2.0/24
>>>>>>>
>>>>>>>        1.2.3.0/24
>>>>>>>
>>>>>>>     The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
>>>>>>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>>>>     log message is issued.
>>>>>> I think “log message" is too much implementation specific.
>>>>>> If there is a notification, and how this notification is done, is 
>>>>>> implementation specific IMHO.
>>>>> ok. Same as above.
>>>>>>>     The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
>>>>>>>     because it matches the second EID-prefix contained in the EID-AD.
>>>>>>>
>>>>>>>     The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>>>>>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>>>>     log message is issued.
>>>>>> I think “log message" is too much implementation specific.
>>>>>> If there is a notification, and how this notification is done, is 
>>>>>> implementation specific IMHO.
>>>>> ok. Same as above
>>>>>>>    In this last example the ETR is trying to
>>>>>>>     over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>>>>>>     only 1.2.3.0/24, hence the EID-record is discarded.
>>>>>> Reading the example I am not sure I would follow this behaviour.
>>>>>> Only 1 record out of 3 is valid so why should I actually trust 
>>>>>> the ETR instead of throwing everything away?
>>>>>> Can you explain ???
>>>>> The other two records are validated by the MS, so there is no 
>>>>> reason to throw those away.
>>>>
>>>> Yes, but the ETR is still trying to cheat on the third one….
>>>> So the ETR may be compromised, why should I send traffic to him???
>>>
>>> ITR has flagged the security exception with the log entry, and some 
>>> local ITR policy will decide what to do (including stop 
>>> encapsulating to the ETR, if that's what is specified by the 
>>> policy).  At the LISP level LISP-SEC has done its job: verified 
>>> mapping  goes into the map-cache, overclaimed mapping is dropped.
>>>
>>>
>>>>
>>>>
>>>>>>> 5.4.2.  PITR Processing
>>>>>>>
>>>>>>>     The processing performed by a PITR is equivalent to the processing of
>>>>>>>     an ITR.  However, if the PITR is directly connected to the ALT,
>>>>>> This would be LISP+ALT. Pleas add a reference to 6836.
>>>>> ok.
>>>>>>> the
>>>>>>>     PITR performs the functions of both the ITR and the Map-Resolver
>>>>>>>     forwarding the Map-Request encapsulated in an ECM header that
>>>>>>>     includes the Authentication Data fields as described in Section 5.6.
>>>>>>>
>>>>>>> 5.5.  Encrypting and Decrypting an OTK
>>>>>>>
>>>>>>>     MS-OTK confidentiality is required in the path between the Map-Server
>>>>>>>     and the ETR, the MS-OTK SHOULD
>>>>>> If confidentiality is required why there is not a MUST?
>>>>> Same.
>>>>>>>   be encrypted using the preconfigured
>>>>>>>     key shared between the Map-Server and the ETR for the purpose of
>>>>>>>     securing ETR registration [RFC6833].  Similarly, if ITR-OTK
>>>>>>>     confidentiality is required in the path between the ITR and the Map-
>>>>>>>     Resolver, the ITR-OTK SHOULD
>>>>>> Again, if confidentiality is required why there is not a MUST?
>>>>> Same.
>>>>>>> be encrypted with a key shared between
>>>>>>>     the ITR and the Map-Resolver.
>>>>>>>
>>>>>>>     The OTK is encrypted using the algorithm specified in the OTK
>>>>>>>     Encryption ID field.  When the AES Key Wrap algorithm is used to
>>>>>>>     encrypt a 128-bit OTK, according to [RFC3339],
>>>>>> The correct RFC is 3394.
>>>>> ok.
>>>>>>>   the AES Key Wrap
>>>>>>>     Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
>>>>>>>     The output of the AES Key Wrap operation is 192-bit long.  The most
>>>>>>>     significant 64-bit are copied in the One-Time Key Preamble field,
>>>>>>>     while the 128 less significant bits are copied in the One-Time Key
>>>>>>>     field of the LISP-SEC Authentication Data.
>>>>>>>
>>>>>>>     When decrypting an encrypted OTK the receiver MUST verify that the
>>>>>>>     Initialization Value resulting from the AES Key Wrap decryption
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 13]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
>>>>>>>     the receiver MUST discard the entire message.
>>>>>>>
>>>>>>>     When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
>>>>>>>     to NULL_KEY_WRAP_128, and the OTK Preamble is set to
>>>>>>>     0x0000000000000000 (64 bits).
>>>>>>>
>>>>>>> 5.6.  Map-Resolver Processing
>>>>>>>
>>>>>>>     Upon receiving an encapsulated Map-Request with the S-bit set, the
>>>>>>>     Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
>>>>>>>     encrypted, is decrypted as specified in Section 5.5.
>>>>>>>
>>>>>>>     The Map-Resolver, as specified in [RFC6833], originates a new ECM
>>>>>>>     header with the S-bit set, that contains the unencrypted ITR-OTK, as
>>>>>>>     specified in Section 5.5, and the other data derived from the ECM
>>>>>>>     Authentication Data of the received encapsulated Map-Request.
>>>>>> Few points on this last paragraph:
>>>>>> - You assume that there is no need of confidentiality inside the 
>>>>>> Mapping System?
>>>>>> - Why not stating that encryption inside the mapping system is 
>>>>>> mapping system specify and out of scope of this document?
>>>>> ok. as it was pointed out above.
>>>>>> - Why are you assuming that all of the Mapping system will use 
>>>>>> ECM? Future Mapping system may use soemthos different. The 
>>>>>> important point is to ship the AD along.
>>>>> good point, and I agree with your suggestion to fix this below.
>>>>>>>     The Map-Resolver then forwards
>>>>>> to whom?
>>>>> ok. add 'to the Map-Server'
>>>>>>>   the received Map-Request, encapsulated
>>>>>>>     in the new ECM header that includes the newly computed Authentication
>>>>>>>     Data fields.
>>>>>> As for my comment of the previous paragraph I would be more 
>>>>>> generic stating that the MR will hand over the request to the 
>>>>>> mapping system.
>>>>>> You can still provide the example of DDT using ECM.
>>>>> right.
>>>>>>> 5.7.  Map-Server Processing
>>>>>>>
>>>>>>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>>>>     the Map-Server process the Map-Request according to the value of the
>>>>>>>     S-bit contained in the Map-Register sent by the ETR during
>>>>>>>     registration.
>>>>>>>
>>>>>>>     If the S-bit contained in the Map-Register was clear the Map-Server
>>>>>>>     decapsulates the ECM and generates a new ECM encapsulated Map-Request
>>>>>>>     that does not contain an ECM Authentication Data, as specified in
>>>>>>>     [RFC6830].  The Map-Server does not perform any further LISP-SEC
>>>>>>>     processing.
>>>>>> This equivalent to not using LISP-SEC. Please specify that the 
>>>>>> Map-Reply will be not protected.
>>>>> ok.
>>>>>>>     If the S-bit contained in the Map-Register was set the Map-Server
>>>>>>>     decapsulates the ECM and generates a new ECM Authentication Data.
>>>>>>>     The Authentication Data includes the OTK-AD and the EID-AD, that
>>>>>>>     contains EID-prefix authorization information, that are ultimately
>>>>>>>     sent to the requesting ITR.
>>>>>>>
>>>>>>>     The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
>>>>>>>     the ITR-OTK received with the Map-Request.  MS-OTK is derived
>>>>>>>     applying the key derivation function specified in the KDF ID field.
>>>>>>>     If the algorithm specified in the KDF ID field is not supported, the
>>>>>>>     Map-Server uses a different algorithm to derive the key and updates
>>>>>>>     the KDF ID field accordingly.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 14]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     The Map-Server and the ETR MUST be configured with a shared key for
>>>>>>>     mapping registration according to [RFC6833].  If MS-OTK
>>>>>>>     confidentiality is required, then the MS-OTK SHOULD be encrypted,
>>>>>> Again, if confidentiality is required why there is not a MUST?
>>>>> same as above.
>>>>>>>   by
>>>>>>>     wrapping the MS-OTK with the algorithm specified by the OTK
>>>>>>>     Encryption ID field as specified in Section 5.5.
>>>>>>>
>>>>>>>     The Map-Server includes in the EID-AD the longest match registered
>>>>>>>     EID-prefix for the destination EID, and an HMAC of this EID-prefix.
>>>>>>>     The HMAC is keyed with the ITR-OTK contained in the received ECM
>>>>>>>     Authentication Data, and the HMAC algorithm is chosen according to
>>>>>>>     the Requested HMAC ID field.  If The Map-Server does not support this
>>>>>>>     algorithm, the Map-Server uses a different algorithm and specifies it
>>>>>>>     in the EID HMAC ID field.  The scope of the HMAC operation covers the
>>>>>>>     entire EID-AD, from the EID-AD Length field to the EID HMAC field,
>>>>>>>     which must be set to 0 before the computation.
>>>>>>>
>>>>>>>     The Map-Server then forwards the updated ECM encapsulated Map-
>>>>>>>     Request, that contains the OTK-AD, the EID-AD, and the received Map-
>>>>>>>     Request to an authoritative ETR as specified in [RFC6830].
>>>>>>>
>>>>>>> 5.7.1.  Map-Server Processing in Proxy mode
>>>>>>>
>>>>>>>     If the Map-Server is in proxy mode, it generates a Map-Reply, as
>>>>>>>     specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
>>>>>>>     includes the Authentication Data that contains the EID-AD, computed
>>>>>>>     as specified in Section 5.7, as well as the PKT-AD computed as
>>>>>>>     specified in Section 5.8.
>>>>>>>
>>>>>>> 5.8.  ETR Processing
>>>>>>>
>>>>>>>     Upon receiving an ECM encapsulated Map-Request with the S-bit set,
>>>>>>>     the ETR decapsulates the ECM message.  The OTK field, if encrypted,
>>>>>>>     is decrypted as specified in Section 5.5 to obtain the unencrypted
>>>>>>>     MS-OTK.
>>>>>>>
>>>>>>>     The ETR then generates a Map-Reply as specified in [RFC6830] and
>>>>>>>     includes the Authentication Data that contains the EID-AD, as
>>>>>>>     received in the encapsulated Map-Request, as well as the PKT-AD.
>>>>>>>
>>>>>>>     The EID-AD is copied from the Authentication Data of the received
>>>>>>>     encapsulated Map-Request.
>>>>>>>
>>>>>>>     The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
>>>>>>>     with the MS-OTK and computed using the HMAC algorithm specified in
>>>>>>>     the Requested HMAC ID field of the received encapsulated Map-Request.
>>>>>>>     If the ETR does not support the Requested HMAC ID, it uses a
>>>>>>>     different algorithm and updates the PKT HMAC ID field accordingly.
>>>>>>>     The scope of the HMAC operation covers the entire PKT-AD, from the
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 15]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     Map-Reply Type field to the PKT HMAC field, which must be set to 0
>>>>>>>     before the computation.
>>>>>>>
>>>>>>>     Finally the ETR sends the Map-Reply to the requesting ITR as
>>>>>>>     specified in [RFC6830].
>>>>>>>
>>>>>>> 6.  Security Considerations
>>>>>>>
>>>>>>> 6.1.  Mapping System Security
>>>>>>>
>>>>>>>     The LISP-SEC threat model described in Section 3, assumes that the
>>>>>>>     LISP Mapping System is working properly and eventually delivers Map-
>>>>>>>     Request messages to a Map-Server that is authoritative for the
>>>>>>>     requested EID.
>>>>>>>
>>>>>> As for a previous comment, can you elaborate if OTK 
>>>>>> confidentiality is required in the mapping system and what are 
>>>>>> the consequences?
>>>>> ok.
>>>>>>>     Map-Register security, including the right for a LISP entity to
>>>>>>>     register an EID-prefix or to claim presence at an RLOC, is out of the
>>>>>>>     scope of LISP-SEC.
>>>>>>>
>>>>>>> 6.2.  Random Number Generation
>>>>>>>
>>>>>>>     The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
>>>>>>>     strong random) source.  See [RFC4086] for advice on generating
>>>>>>>     security-sensitive random data
>>>>>>>
>>>>>>> 6.3.  Map-Server and ETR Colocation
>>>>>>>
>>>>>>>     If the Map-Server and the ETR are colocated, LISP-SEC does not
>>>>>>>     provide protection from overclaiming attacks mounted by the ETR.
>>>>>>>     However, in this particular case, since the ETR is within the trust
>>>>>>>     boundaries of the Map-Server, ETR's overclaiming attacks are not
>>>>>>>     included in the threat model.
>>>>>>>
>>>>>>> 7.  IANA Considerations
>>>>>> This section is not conform to RFC 5226.
>>>>>> There right way to go is to ask IANA to create three new 
>>>>>> registries, for HMAC, Key Wrap, and Key Derivation functions.
>>>>>> Define what is the allocation process (in light of the size of 
>>>>>> the field FCFS should not cause any problem IMHO)
>>>>>> Then ask to populate the registries as already described.
>>>>> Ok, so each one of the sections 7.x will say: IANA is requested to 
>>>>> create a new <registry-name>  registry for use …
>>>>
>>>> There is slightly more text to add.
>>>
>>> right. I have added more. I'm almost ready to send a new rev.
>>>
>>>>
>>>>
>>>>>>> 7.1.  HMAC functions
>>>>>>>
>>>>>>>     The following HMAC ID values are defined by this memo for use as
>>>>>>>     Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
>>>>>>>     Authentication Data:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 16]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>               Name                     Number        Defined In
>>>>>>>               -------------------------------------------------
>>>>>>>               NONE                     0
>>>>>>>               AUTH-HMAC-SHA-1-96       1             [RFC2104]
>>>>>>>               AUTH-HMAC-SHA-256-128    2             [RFC4634]
>>>>>>>
>>>>>>>               values 2-65535 are reserved to IANA.
>>>>>>>
>>>>>>>                                HMAC Functions
>>>>>>>
>>>>>>>     AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
>>>>>>>     supported.
>>>>>>>
>>>>>>> 7.2.  Key Wrap Functions
>>>>>>>
>>>>>>>     The following OTK Encryption ID values are defined by this memo for
>>>>>>>     use as OTK key wrap algorithms ID in the LISP-SEC Authentication
>>>>>>>     Data:
>>>>>>>
>>>>>>>               Name                     Number        Defined In
>>>>>>>               -------------------------------------------------
>>>>>>>               NULL-KEY-WRAP-128        1
>>>>>>>               AES-KEY-WRAP-128         2             [RFC3394]
>>>>>>>
>>>>>>>               values 0 and 3-65535 are reserved to IANA.
>>>>>>>
>>>>>>>                              Key Wrap Functions
>>>>>>>
>>>>>>>     NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.
>>>>>>>
>>>>>>>     NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
>>>>>>>     64-bit preamble set to 0x0000000000000000 (64 bits).
>>>>>>>
>>>>>>> 7.3.  Key Derivation Functions
>>>>>>>
>>>>>>>     The following KDF ID values are defined by this memo for use as KDF
>>>>>>>     ID in the LISP-SEC Authentication Data:
>>>>>>>
>>>>>>>               Name                     Number        Defined In
>>>>>>>               -------------------------------------------------
>>>>>>>               NONE                     0
>>>>>>>               HKDF-SHA1-128            1             [RFC5869]
>>>>>>>
>>>>>>>               values 2-65535 are reserved to IANA.
>>>>>>>
>>>>>>>                           Key Derivation Functions
>>>>>>>
>>>>>>>     HKDF-SHA1-128 MUST be supported
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 17]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>> 8.  Acknowledgements
>>>>>>>
>>>>>>>     The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
>>>>>>>     Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
>>>>>>>     Noll for their valuable suggestions provided during the preparation
>>>>>>>     of this document.
>>>>>>>
>>>>>>> 9.  Normative References
>>>>>> Please Check your reference, this is the output if the nits tool:
>>>>>> Checking references for intended status: Experimental
>>>>>> ----------------------------------------------------------------------------
>>>>>>   == Missing Reference: 'RFC3339' is mentioned on line 602, but 
>>>>>> not defined
>>>>>>   == Missing Reference: 'RFC4634' is mentioned on line 752, but 
>>>>>> not defined
>>>>>>   ** Obsolete undefined reference: RFC 4634 (Obsoleted by RFC 6234)
>>>>> ok.
>>>>>>>     [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
>>>>>>>                Hashing for Message Authentication", RFC 2104,
>>>>>>>                DOI 10.17487/RFC2104, February 1997,
>>>>>>>                <http://www.rfc-editor.org/info/rfc2104>.
>>>>>>>
>>>>>>>     [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
>>>>>>>                Requirement Levels", BCP 14, RFC 2119,
>>>>>>>                DOI 10.17487/RFC2119, March 1997,
>>>>>>>                <http://www.rfc-editor.org/info/rfc2119>.
>>>>>>>
>>>>>>>     [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
>>>>>>>                (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
>>>>>>>                September 2002, <http://www.rfc-editor.org/info/rfc3394>.
>>>>>>>
>>>>>>>     [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
>>>>>>>                "Randomness Requirements for Security", BCP 106, RFC 4086,
>>>>>>>                DOI 10.17487/RFC4086, June 2005,
>>>>>>>                <http://www.rfc-editor.org/info/rfc4086>.
>>>>>>>
>>>>>>>     [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
>>>>>>>                IANA Considerations Section in RFCs", BCP 26, RFC 5226,
>>>>>>>                DOI 10.17487/RFC5226, May 2008,
>>>>>>>                <http://www.rfc-editor.org/info/rfc5226>.
>>>>>>>
>>>>>>>     [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
>>>>>>>                Key Derivation Function (HKDF)", RFC 5869,
>>>>>>>                DOI 10.17487/RFC5869, May 2010,
>>>>>>>                <http://www.rfc-editor.org/info/rfc5869>.
>>>>>>>
>>>>>>>     [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
>>>>>>>                Locator/ID Separation Protocol (LISP)", RFC 6830,
>>>>>>>                DOI 10.17487/RFC6830, January 2013,
>>>>>>>                <http://www.rfc-editor.org/info/rfc6830>.
>>>>>>>
>>>>>>>     [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
>>>>>>>                Protocol (LISP) Map-Server Interface", RFC 6833,
>>>>>>>                DOI 10.17487/RFC6833, January 2013,
>>>>>>>                <http://www.rfc-editor.org/info/rfc6833>.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 18]
>>>>>>> 
>>>>>>> Internet-Draft                  LISP-SEC                    October 2016
>>>>>>>
>>>>>>>
>>>>>>>     [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
>>>>>>>                Separation Protocol (LISP) Threat Analysis", RFC 7835,
>>>>>>>                DOI 10.17487/RFC7835, April 2016,
>>>>>>>                <http://www.rfc-editor.org/info/rfc7835>.
>>>>>>>
>>>>>>> Authors' Addresses
>>>>>>>
>>>>>>>     Fabio Maino
>>>>>>>     Cisco Systems
>>>>>>>     170 Tasman Drive
>>>>>>>     San Jose, California  95134
>>>>>>>     USA
>>>>>>>
>>>>>>>     Email:fmaino@cisco.com <mailto:fmaino@cisco.com>
>>>>>>>
>>>>>>>
>>>>>>>     Vina Ermagan
>>>>>>>     Cisco Systems
>>>>>>>     170 Tasman Drive
>>>>>>>     San Jose, California  95134
>>>>>>>     USA
>>>>>>>
>>>>>>>     Email:vermagan@cisco.com <mailto:vermagan@cisco.com>
>>>>>>>
>>>>>>>
>>>>>>>     Albert Cabellos
>>>>>>>     Technical University of Catalonia
>>>>>>>     c/ Jordi Girona s/n
>>>>>>>     Barcelona  08034
>>>>>>>     Spain
>>>>>>>
>>>>>>>     Email:acabello@ac.upc.edu <mailto:acabello@ac.upc.edu>
>>>>>>>
>>>>>>>
>>>>>>>     Damien Saucez
>>>>>>>     INRIA
>>>>>>>     2004 route des Lucioles - BP 93
>>>>>>>     Sophia Antipolis
>>>>>>>     France
>>>>>>>
>>>>>>>     Email:damien.saucez@inria.fr <mailto:damien.saucez@inria.fr>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Maino, et al.             Expires April 6, 2017                [Page 19]
>>>>>
>>>>
>>>
>>
>> <Diff_ draft-ietf-lisp-sec-11.txt - 
>> draft-ietf-lisp-sec-12a.txt.html><draft-ietf-lisp-sec-12a.txt>
>


--------------2C17378A2F0B1C07C9AB2D2D
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">sounds good. <br>
      <br>
      Fabio<br>
      <br>
      On 10/26/16 2:14 AM, Luigi Iannone wrote:<br>
    </div>
    <blockquote
      cite="mid:4F3484F0-20F5-4B03-9456-0CAB8E4D3344@telecom-paristech.fr"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      Hi Fabio,
      <div class=""><br class="">
      </div>
      <div class="">thanks.</div>
      <div class=""><br class="">
      </div>
      <div class="">I you don’t mind I prefer that we converge first
        (see other reply). </div>
      <div class="">So that I have to check only one final update.
        <div class=""><br class="">
        </div>
        <div class="">ciao</div>
        <div class=""><br class="">
        </div>
        <div class="">L.</div>
        <div class=""><br class="">
        </div>
        <div class=""><br class="">
          <div>
            <blockquote type="cite" class="">
              <div class="">On 26 Oct 2016, at 06:07, Fabio Maino &lt;<a
                  moz-do-not-send="true" href="mailto:fmaino@cisco.com"
                  class="">fmaino@cisco.com</a>&gt; wrote:</div>
              <br class="Apple-interchange-newline">
              <div class="">
                <div bgcolor="#FFFFFF" text="#000000" class="">
                  <div class="moz-cite-prefix">Ciao Luigi, <br class="">
                    here is the updated draft and the diff from -11. <br
                      class="">
                    <br class="">
                    <br class="">
                    Thanks,<br class="">
                    Fabio<br class="">
                    <br class="">
                    <br class="">
                    On 10/25/16 5:14 PM, Fabio Maino wrote:<br class="">
                  </div>
                  <blockquote
                    cite="mid:37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com"
                    type="cite" class="">
                    <div class="moz-cite-prefix">Hi Luigi, <br class="">
                      below are more replies skipping the ones we agreed
                      already. Looks like we are converging... <br
                        class="">
                      <br class="">
                      <br class="">
                      wrt to 6830bis, I think we should not wait. I
                      suspect the security review of the document will
                      take some time, so we can do some progress in
                      parallel to 6830bis. <br class="">
                      <br class="">
                      We will have to do a LISP-SECbis afterwards, but
                      that should be simple. <br class="">
                      <br class="">
                      Please, see below. <br class="">
                      <br class="">
                      <br class="">
                      <br class="">
                      <br class="">
                      On 10/24/16 3:02 AM, Luigi Iannone wrote:<br
                        class="">
                    </div>
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class=""> Hi Fabio,
                      <div class=""><br class="">
                      </div>
                      <div class="">se my comment inline. </div>
                      <div class="">(I do not consider the points we
                        agree and everything related to the “SHOULD”
                        clarification)</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">Thanks for your work</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">Ciao</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">L.</div>
                      <div class=""><br class="">
                      </div>
                      <div class=""><br class="">
                        <div class="">
                          <blockquote type="cite" class="">
                            <div class="">On 22 Oct 2016, at 01:23,
                              Fabio Maino &lt;<a moz-do-not-send="true"
                                href="mailto:fmaino@cisco.com" class="">fmaino@cisco.com</a>&gt;
                              wrote:</div>
                            <br class="Apple-interchange-newline">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <div class="moz-cite-prefix">Ciao Luigi,
                                  <br class="">
                                  below I have replied to each comment.
                                  I'm working to the updated text, that
                                  I will send as soon as it is ready.
                                  ideally we might be able to publish a
                                  new version before draft deadline. <br
                                    class="">
                                </div>
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">Excellent. Thanks</div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <div class="moz-cite-prefix"> <br
                                    class="">
                                  Just a note on the most recurring
                                  comment: SHOULD vs. MUST. <br
                                    class="">
                                  <br class="">
                                  The use of SHOULD across the document
                                  is according to RFC 2119: <br
                                    class="">
                                  <br class="">
                                  <pre style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span class="h2" style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;"><h2 style="line-height: 0pt; display: inline; white-space: pre; font-family: monospace; font-size: 1em; font-weight: bold;" class="">SHOULD  </h2></span> This word, or the adjective "RECOMMENDED", mean that there
   may exist valid reasons in particular circumstances to ignore a
   particular item, but the full implications must be understood and
   carefully weighed before choosing a different course.</pre>
                                  <br class="">
                                  <br class="">
                                  There are use cases where, carefully
                                  weighing the implications, some of the
                                  security services of LISP-SEC can be
                                  turned-off. We want to leave
                                  implementors the freedom to allow this
                                  flexibility. <br class="">
                                  <br class="">
                                  For example, in a DC deployment it may
                                  make sense to turn off OTK decryption
                                  between XTR and MS/MR, as MiTM is very
                                  unlikely. <br class="">
                                  <br class="">
                                  Similarly, an ITR may decide to
                                  implement a loose policy on accepting
                                  an AD authenticated with an algorithm
                                  different from the preferred
                                  authentication algorithm expressed by
                                  the ITR. Using a MUST would force
                                  support of a given authentication
                                  algorithm across each and every MS and
                                  ETR, that might not be the case when
                                  incrementally deploying LISP-SEC (or
                                  while upgrading routers). <br
                                    class="">
                                  <br class="">
                                  Using a MUST would prevent this
                                  flexibility, that we would like to
                                  leave to the implementors. <br
                                    class="">
                                  <br class="">
                                  <br class="">
                                  <br class="">
                                </div>
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">This is fixed as for the
                            suggestion of Joel. Thanks.</div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <div class="moz-cite-prefix"> <br
                                    class="">
                                  <br class="">
                                  On 10/19/16 8:06 AM, Luigi Iannone
                                  wrote:<br class="">
                                </div>
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">Dear Authors of the
                                    LISP-SEC document,</div>
                                  <div class=""><br class="">
                                  </div>
                                  <div class="">hereafter my review of
                                    the document.</div>
                                  <div class="">This was long overdue,
                                    sorry for being so late.</div>
                                  <div class=""><br class="">
                                  </div>
                                  <div class="">I really like the
                                    solution and the majority of my
                                    comments are just clarification
                                    questions.</div>
                                  <div class="">Let me know if my
                                    comments are clear.</div>
                                  <div class=""><br class="">
                                  </div>
                                  <div class="">ciao</div>
                                  <div class=""><br class="">
                                  </div>
                                  <div class="">L.</div>
                                  <div class=""><br class="">
                                  </div>
                                  <div class=""><br class="">
                                  </div>
                                  <div class=""><br class="">
                                  </div>
                                  <blockquote type="cite" class="">
                                    <div class="">
                                      <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">1.  Introduction

   The Locator/ID Separation Protocol [RFC6830] defines a set of
   functions for routers to exchange information used to map from non-
   routable Endpoint Identifiers (EIDs) to routable Routing Locators
   (RLOCs).  </pre>
                                    </div>
                                  </blockquote>
                                  I find the above sentence confusing.
                                  Wouldn’t be better to specify that we
                                  are talking about IP addresses?</blockquote>
                                <br class="">
                                That's how LISP is described in RFC6830,
                                section 1. If you start using the term
                                IP address then you need to qualify if
                                you are talking about Identity-IP or
                                Locator-IP, so the sentence gets
                                complicated pretty quickly. <br
                                  class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">Not really. The very first
                            sentence of the abstract of 6830 states:</div>
                          <div class=""><br class="">
                          </div>
                          <div class="">
                            <pre style="font-size: 13.333333015441895px; margin-top: 0px; margin-bottom: 0px;" class="">This document describes a network-layer-based protocol that enables
   separation of IP addresses into two new numbering spaces: Endpoint
   Identifiers (EIDs) and Routing Locators (RLOCs). </pre>
                            <div class=""><br class="">
                            </div>
                            <div class=""><br class="">
                            </div>
                            <div class="">So clearly speaks about IP
                              address.</div>
                            <div class="">Furthermore “routable" en “non
                              routable” is true only in the inter-domain
                              point of view, because EID are locally
                              routable.</div>
                            <div class="">Note that 6830 does not
                              specify in the first sentence what is
                              routable and what is not.</div>
                          </div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    ok, fixed with text from 6830. <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class="">
                            <div class=""><br class="">
                            </div>
                            <div class=""><br class="">
                            </div>
                          </div>
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> I would leave this one
                                unchanged.<br class="">
                              </div>
                            </div>
                          </blockquote>
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                  </div>
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If these EID-to-RLOC mappings, carried through Map-Reply
   messages, are transmitted without integrity protection, an adversary
   can manipulate them and hijack the communication, impersonate the
   requested EID, or mount Denial of Service or Distributed Denial of
   Service attacks.  Also, if the Map-Reply message is transported
   unauthenticated, an adversarial LISP entity can overclaim an EID-
   prefix and maliciously redirect traffic directed to a large number of
   hosts.  A detailed description of "overclaiming" attack is provided
   in [RFC7835].

   This memo specifies LISP-SEC, a set of security mechanisms that
   provides origin authentication, integrity and anti-replay protection
   to LISP's EID-to-RLOC mapping data conveyed via mapping lookup
   process.  </pre>
                                      </div>
                                    </blockquote>
                                    <div class=""><br class="">
                                    </div>
                                    <div class="">I would put s forward
                                      reference to section 3 stating
                                      that the reader will find details
                                      about the threat model.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                OK. We can replace the sentence <br
                                  class="">
                                <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">A detailed description of "overclaiming" attack is provided
   in [RFC7835]

with 

The LISP-SEC threat model, described in Section 3, is built on top of the LISP threat model defined in RFC7835, that includes a detailed description of "overclaiming" attack. 
</pre>
                              </div>
                            </div>
                          </blockquote>
                          <div class="">OK</div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">LISP-SEC also enables verification of authorization on EID-
   prefix claims in Map-Reply messages, ensuring that the sender of a
   Map-Reply that provides the location for a given EID-prefix is
   entitled to do so according to the EID prefix registered in the
   associated Map-Server.  Map-Register security, including the right
   for a LISP entity to register an EID-prefix or to claim presence at
   an RLOC, is out of the scope of LISP-SEC.  Additional security
   considerations are described in Section 6.

2.  Definition of Terms

      One-Time Key (OTK): An ephemeral randomly generated key that must
      be used for a single Map-Request/Map-Reply exchange.



         ITR-OTK: The One-Time Key generated at the ITR.

         MS-OTK: The One-Time Key generated at the Map-Server.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class=""><br class="">
                                    </div>
                                    <div class="">Why are you
                                      considering ITR-OTK and MS-OTK
                                      sub-terms? </div>
                                    <div class="">I would elevate them
                                      at full terms, hence avoiding
                                      spacing and indentation.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                Ok. <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Encapsulated Control Message (ECM): A LISP control message that is
      prepended with an additional LISP header.  ECM is used by ITRs to
      send LISP control messages to a Map-Resolver, by Map-Resolvers to
      forward LISP control messages to a Map-Server, and by Map-
      Resolvers to forward LISP control messages to an ETR.

</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Why are you
                                      re-defining ECM? </div>
                                    <div class="">You do not specify
                                      other packets, e.g., Map-Reply, so
                                      why ECM?</div>
                                    <div class="">I would drop it.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                It is not defined in the Definitions
                                section of 6830. One would need to go
                                through the body of 6830 to find it. <br
                                  class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">I see your point. Just keep the
                            text and add a ref to section 6.1.8 of 6830.
                            This will clarify that is something coming
                            from a specific section of that document.</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    I have dropped the definition, expanded the acronym
                    ECM and referred to the specific section. <br
                      class="">
                    <br class="">
                    In this way we don't have to wait for 6830bis, but
                    we refer to the proper definition.<br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <div class=""> </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                I'll drop it, but we need to make sure
                                that ECM gets into the definition
                                section of 6830bis. <br class="">
                                <br class="">
                                Albert: are you looking into that
                                document? Can you take care of this? <br
                                  class="">
                                <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      Authentication Data (AD): Metadata that is included either in a
      LISP ECM header or in a Map-Reply message to support
      confidentiality, integrity protection, and verification of EID-
      prefix authorization.



Maino, et al.             Expires April 6, 2017                 [Page 3]

Internet-Draft                  LISP-SEC                    October 2016


         OTK-AD: The portion of ECM Authentication Data that contains a
         One-Time Key.

         EID-AD: The portion of ECM and Map-Reply Authentication Data
         used for verification of EID-prefix authorization.

         PKT-AD: The portion of Map-Reply Authentication Data used to
         protect the integrity of the Map-Reply message.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class=""><br class="">
                                    </div>
                                    <div class=""><br class="">
                                    </div>
                                    <div class="">
                                      <div class="">Why are you
                                        considering OTK-AD, EID-AD, and
                                        PKT-AD sub-terms? </div>
                                      <div class="">I would elevate them
                                        at full terms, hence avoiding
                                        spacing and indentation.</div>
                                      <br class="">
                                    </div>
                                  </div>
                                </blockquote>
                                ok. <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   For definitions of other terms, notably Map-Request, Map-Reply,
   Ingress Tunnel Router (ITR), Egress Tunnel Router (ETR), Map-Server
   (MS), and Map-Resolver (MR) please consult the LISP specification
   [RFC6830].

3.  LISP-SEC Threat Model

   LISP-SEC addresses the control plane threats, described in [RFC7835],
   that target EID-to-RLOC mappings, including manipulations of Map-
   Request and Map-Reply messages, and malicious ETR EID prefix
   overclaiming.  LISP-SEC makes two main assumptions: (1) the LISP
   mapping system is expected to deliver a Map-Request message to their
   intended destination ETR as identified by the EID, and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System.  Furthermore, while LISP-SEC enables detection of EID prefix
   overclaiming attacks, it assumes that Map-Servers can verify the EID
   prefix authorization at time of registration.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">LISP-SEC does not
                                      require OTK confidentiality in the
                                      mapping system. This should be
                                      discussed here.</div>
                                  </div>
                                </blockquote>
                                we could add to the above<br class="">
                                <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">"and (2) no man-in-
   the-middle (MITM) attack can be mounted within the LISP Mapping
   System." 

How the Mapping System is protected from MiTM attacks depends from the particular Mapping System used, and is out of the scope of this memo. 

</pre>
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">That’s fine for me.</div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   According to the threat model described in [RFC7835] LISP-SEC assumes
   that any kind of attack, including MITM attacks, can be mounted in
   the access network, outside of the boundaries of the LISP mapping
   system.  An on-path attacker, outside of the LISP mapping system can,
   for example, hijack Map-Request and Map-Reply messages, spoofing the
   identity of a LISP node.  Another example of on-path attack, called
   overclaiming attack, can be mounted by a malicious Egress Tunnel
   Router (ETR), by overclaiming the EID-prefixes for which it is
   authoritative.  In this way the ETR can maliciously redirect traffic
   directed to a large number of hosts.

4.  Protocol Operations

   The goal of the security mechanisms defined in [RFC6830] is to
   prevent unauthorized insertion of mapping data by providing origin
   authentication and integrity protection for the Map-Registration, and
   by using the nonce to detect unsolicited Map-Reply sent by off-path
   attackers.

   LISP-SEC builds on top of the security mechanisms defined in
   [RFC6830] to address the threats described in Section 3 by leveraging



Maino, et al.             Expires April 6, 2017                 [Page 4]

Internet-Draft                  LISP-SEC                    October 2016


   the trust relationships existing among the LISP entities
   participating to the exchange of the Map-Request/Map-Reply messages.
   Those trust relationships are used to securely distribute a One-Time
   Key (OTK) that provides origin authentication, integrity and anti-
   replay protection to mapping data conveyed via the mapping lookup
   process, and that effectively prevent overclaiming attacks.  The
   processing of security parameters during the Map-Request/Map-Reply
   exchange is as follows:

   o  The ITR-OTK is generated and stored at the ITR, and securely
      transported to the Map-Server.

   o  The Map-Server uses the ITR-OTK to compute an HMAC that protects
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">You did not define
                                      HMAC acronym. Please define and
                                      add a reference.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                ok. <br class="">
                                <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      the integrity of the mapping data known to the Map-Server to
      prevent overclaiming attacks.  The Map-Server also derives a new
      OTK, the MS-OTK, that is passed to the ETR, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.

   o  The ETR uses the MS-OTK to compute an HMAC that protects the
      integrity of the Map-Reply sent to the ITR.

   o  Finally, the ITR uses the stored ITR-OTK to verify the integrity
      of the mapping data provided by both the Map-Server and the ETR,
      and to verify that no overclaiming attacks were mounted along the
      path between the Map-Server and the ITR.

   Section 5 provides the detailed description of the LISP-SEC control
   messages and their processing, while the rest of this section
   describes the flow of protocol operations at each entity involved in
   the Map-Request/Map-Reply exchange:

   o  The ITR, upon needing to transmit a Map-Request message, generates
      and stores an OTK (ITR-OTK).  This ITR-OTK is included into the
      Encapsulated Control Message (ECM) that contains the Map-Request
      sent to the Map-Resolver.  To provide confidentiality to the ITR-
      OTK over the path between the ITR and its Map-Resolver, the ITR-
      OTK SHOULD </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Why not using
                                      “MUST”???</div>
                                    <div class="">Are you suggesting
                                      that a different way to provide
                                      confidentiality can be used (e.g.
                                      a different shared key)???</div>
                                    <div class="">If yes, please state
                                      so.</div>
                                    <div class=""><br class="">
                                    </div>
                                    <div class="">Or are you suggesting
                                      that no encryption at all is used?
                                      But this means not providing
                                      confidentiality…</div>
                                    <div class="">Can you clarify?</div>
                                    <div class=""><br class="">
                                    </div>
                                    (this very same comment will appear
                                    several time in this review)<br
                                      class="">
                                  </div>
                                </blockquote>
                                <br class="">
                                We don't want to make the use of
                                pre-shared key *mandatory* to all LISP
                                deployments. There are deployments where
                                the risk of MiTM between the xTR and the
                                MS/MR may not justify the cost of
                                provisioning a shared key (data centers,
                                for example). <br class="">
                                <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using a preconfigured key shared between
      the ITR and the Map-Resolver, similar to the key shared between
      the ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  The Map-Resolver decapsulates the ECM message, decrypts the ITR-
      OTK, if needed, and forwards through the Mapping System the
      received Map-Request and the ITR-OTK, as part of a new ECM
      message.  As described in Section 5.6, the LISP Mapping System
      delivers the ECM to the appropriate Map-Server, as identified by
      the EID destination address of the Map-Request.




Maino, et al.             Expires April 6, 2017                 [Page 5]

Internet-Draft                  LISP-SEC                    October 2016


   o  The Map-Server is configured with the location mappings and policy
      information for the ETR responsible for the EID destination
      address.  Using this preconfigured information, the Map-Server,
      after the decapsulation of the ECM message, finds the longest
      match EID-prefix that covers the requested EID in the received
      Map-Request.  The Map-Server adds this EID-prefix, together with
      an HMAC computed using the ITR-OTK, to a new Encapsulated Control
      Message that contains the received Map-Request.

   o  The Map-Server derives a new OTK, the MS-OTK, by applying a Key
      Derivation Function (KDF) to the ITR-OTK.  This MS-OTK is included
      in the Encapsulated Control Message that the Map-Server uses to
      forward the Map-Request to the ETR.  To provide MS-OTK
      confidentiality over the path between the Map-Server and the ETR,
      the MS-OTK should </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">This “should” should
                                      be a “SHOULD”  (sorry for the
                                      cacophony…)</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                Ok. <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <div class="">
                                      <div class="">Why not using
                                        “MUST”???</div>
                                      <div class="">Are you suggesting
                                        that a different way to provide
                                        confidentiality can be used
                                        (e.g. a different shared key)???</div>
                                      <div class="">If yes, please state
                                        so.</div>
                                      <div class=""><br class="">
                                      </div>
                                      <div class="">Or are you
                                        suggesting that no encryption at
                                        all is used? But this means not
                                        providing confidentiality…</div>
                                      <div class="">Can you clarify?</div>
                                    </div>
                                  </div>
                                </blockquote>
                                <br class="">
                                Same as above. <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted using the key shared between the
      ETR and the Map-Server in order to secure ETR registration
      [RFC6833].

   o  If the Map-Server is acting in proxy mode, as specified in
      [RFC6830], the ETR is not involved in the generation of the Map-
      Reply.  In this case the Map-Server generates the Map-Reply on
      behalf of the ETR as described below.

   o  The ETR, upon receiving the ECM encapsulated Map-Request from the
      Map-Server, decrypts the MS-OTK, if needed, and originates a
      standard Map-Reply that contains the EID-to-RLOC mapping
      information as specified in [RFC6830].

   o  The ETR computes an HMAC over this standard Map-Reply, keyed with
      MS-OTK to protect the integrity of the whole Map-Reply.  The ETR
      also copies the EID-prefix authorization data that the Map-Server
      included in the ECM encapsulated Map-Request into the Map-Reply
      message.  The ETR then sends this complete Map-Reply message to
      the requesting ITR.

   o  The ITR, upon receiving the Map-Reply, uses the locally stored
      ITR-OTK to verify the integrity of the EID-prefix authorization
      data included in the Map-Reply by the Map-Server.  The ITR
      computes the MS-OTK by applying the same KDF used by the Map-
      Server, and verifies the integrity of the Map-Reply.  If the
      integrity checks fail, the Map-Reply MUST be discarded.  Also, if
      the EID-prefixes claimed by the ETR in the Map-Reply are not equal
      or more specific than the EID-prefix authorization data inserted
      by the Map-Server, the ITR MUST discard the Map-Reply.







Maino, et al.             Expires April 6, 2017                 [Page 6]

Internet-Draft                  LISP-SEC                    October 2016


5.  LISP-SEC Control Messages Details

   LISP-SEC metadata associated with a Map-Request is transported within
   the Encapsulated Control Message that contains the Map-Request.

   LISP-SEC metadata associated with the Map-Reply is transported within
   the Map-Reply itself.

5.1.  Encapsulated Control Message LISP-SEC Extensions

   LISP-SEC uses the ECM (Encapsulated Control Message) defined in
   [RFC6830] with Type set to 8, and S bit set to 1 to indicate that the
   LISP header includes Authentication Data (AD).  The format of the
   LISP-SEC ECM Authentication Data is defined in the following figure.
   OTK-AD stands for One-Time Key Authentication Data and EID-AD stands
   for EID Authentication Data.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     AD Type   |V|  Reserved   |        Requested HMAC ID      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\
|              OTK Length       |       OTK Encryption ID       | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
|                       One-Time-Key Preamble ...               | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ OTK-AD
|                   ... One-Time-Key Preamble                   | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                      One-Time Key (128 bits)                  ~/
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;—+
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">I think that “rec” is
                                      mis-aligned and should be shifted
                                      one character upward.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                No. The row above is the portion of the
                                header that specifies how many records
                                will follow. Rec shows one Rec item, in
                                the array of Records.  It is consistent
                                with 6830.<br class="">
                                <br class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">OK</div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">                     LISP-SEC ECM Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">This is the first
                                      document starting to allocate
                                      values to the "AD Type” value. </div>
                                    <div class="">Why not asking IANA to
                                      create a registry??</div>
                                    <div class="">(to be done in the
                                      IANA Considerations Section) <br
                                        class="">
                                    </div>
                                  </div>
                                </blockquote>
                                <br class="">
                                <br class="">
                                Ok.<br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <div class=""><br class="">
                                    </div>
                                    <br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      V: Key Version bit.  This bit is toggled when the sender switches
      to a new OTK wrapping key




Maino, et al.             Expires April 6, 2017                 [Page 7]

Internet-Draft                  LISP-SEC                    October 2016


      Reserved: Set to 0 on transmission and ignored on receipt.

      Requested HMAC ID: The HMAC algorithm requested by the ITR.  See
      Section 5.4 for details.

      OTK Length: The length (in bytes) of the OTK Authentication Data
      (OTK-AD), that contains the OTK Preamble and the OTK.

      OTK Encryption ID: The identifier of the key wrapping algorithm
      used to encrypt the One-Time-Key. When a 128-bit OTK is sent
      unencrypted by the Map-Resolver, the OTK Encryption ID is set to
      NULL_KEY_WRAP_128.  See Section 5.5 for more details.

      One-Time-Key Preamble: set to 0 if the OTK is not encrypted.  When
      the OTK is encrypted, this field may carry additional metadata
      resulting from the key wrapping operation.  When a 128-bit OTK is
      sent unencrypted by Map-Resolver, the OTK Preamble is set to
      0x0000000000000000 (64 bits).  See Section 5.5 for details.

      One-Time-Key: the OTK encrypted (or not) as specified by OTK
      Encryption ID.  See Section 5.5 for details.

      EID-AD Length: length (in bytes) of the EID Authentication Data
      (EID-AD).  The ITR MUST set EID-AD Length to 4 bytes, as it only
      fills the KDF ID field, and all the remaining fields part of the
      EID-AD are not present.  An EID-AD MAY contain multiple EID-
      records.  Each EID-record is 4-byte long plus the length of the
      AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      the MS-OTK.  The ITR SHOULD use this field to indicate the
      recommended KDF algorithm, according to local policy. </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">I am not sure I
                                      understand the rationale of this
                                      “SHOULD”. If for any reason the
                                      ITR does not indicate the KDF ID
                                      what are the consequences?</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                That should be a MAY, I believe, <br
                                  class="">
                                <br class="">
                                The ITR can specify "no preference" for
                                KDF ID, using a value of 0. <br
                                  class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">I think this is the unclear
                            information: that the ITR can state “no
                            preference” using value 0.</div>
                          <div class="">Would be good if you can state
                            it more clearly.</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    I've added text to clarify this. <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                In the ITR processing section 5.4,  we
                                should add to <br class="">
                                <br class="">
                                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.</pre>
                                <br class="">
                                a text like: "A KDF ID value of 0
                                (NONE), MAY be used to specify that the
                                ITR has no preferred KDF ID".  <br
                                  class="">
                                <br class="">
                                <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class="">Is the MS free to
                                      choose the algorithm? This should
                                      be clarified.</div>
                                  </div>
                                </blockquote>
                                This is specified in section 5.7. <br
                                  class="">
                                <br class="">
                                "
                                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.</pre>
                                "<br class="">
                                <br class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">Since this paragraph does not
                            use any 2119 language it actually mean that
                            an MS can choose freely the  algorithm to
                            use.</div>
                          <div class="">right?</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    right. If the ITR does support that specific ID, the
                    ITR may still decide to use it. <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class=""><br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> The Map-
      Server can overwrite the KDF ID if it does not support the KDF ID
      recommended by the ITR.  </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">What happens if the MS
                                      will choose a KDF ID not supported
                                      by the ITR?</div>
                                    <div class="">Can you clarify how to
                                      solve this situation or explain
                                      why this will never happen?</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                This is specified in 5.4, ITR
                                processing. <br class="">
                                <br class="">
                                "
                                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.</pre>
                                " <br class="">
                                <br class="">
                                <br class="">
                                There are two typical use cases: <br
                                  class="">
                                - strict KDF ID policy: ITR specifiy a
                                KDF ID, and will discard map-reply with
                                different KDF IDs. If local policy
                                allows, another map-request will be sent
                                with a different KDF ID<br class="">
                                - loose KDF ID policy: ITR specify KDF
                                ID = none, and will accept map-reply
                                with any KDF ID (if supported by ITR).
                                If received KDF is not supported the ITR
                                shall drop the map-reply<br class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">The above text does not reflect
                            the policies you are describing. That
                            “SHOULD” should be a “MAY” and your policies
                            spelled out. <br class="">
                          </div>
                        </div>
                      </div>
                    </blockquote>
                    I think we need to separate the recommendations for
                    the two actions: SHOULD drop and MAY resend. <br
                      class="">
                    <br class="">
                    "<br class="">
                    <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">, the ITR SHOULD discard the Map-
   Reply. At the first opportunity it needs to, the ITR MAY send a new Map-
   Request with a different KDF ID, according to ITR's local policy.

What do you think? 
</pre>
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <div class="">Also, what is the MS stubbornly
                            insists in using an algorithm that the ITR
                            does not support?</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    The MS might not have alternatives, as it might only
                    support one algorithm. <br class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">See Section 5.4 for more details.

      Record Count: The number of records in this Map-Request message.
      A record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  This field is filled by Map-Server that
      computed the EID-prefix HMAC.  See Section 5.4 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226]



Maino, et al.             Expires April 6, 2017                 [Page 8]

Internet-Draft                  LISP-SEC                    October 2016


      EID-prefix: The Map-Server uses this field to specify the EID-
      prefix that the destination ETR is authoritative for, and is the
      longest match for the requested EID.

      EID HMAC: HMAC of the EID-AD computed and inserted by Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

5.2.  Map-Reply LISP-SEC Extensions

   LISP-SEC uses the Map-Reply defined in [RFC6830], with Type set to 2,
   and S bit set to 1 to indicate that the Map-Reply message includes
   Authentication Data (AD).  The format of the LISP-SEC Map-Reply
   Authentication Data is defined in the following figure.  PKT-AD is
   the Packet Authentication Data that covers the Map-Reply payload.

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    AD Type    |                 Reserved                      |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|           EID-AD Length       |           KDF ID              |     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+     |
| Record Count  |    Reserved   |         EID HMAC ID           |     EID-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\    |
|   Reserved    | EID mask-len  |           EID-AFI             | |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Rec |
~                          EID-prefix ...                       ~ |   |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/    |
~                            EID HMAC                           ~     |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ &lt;---+
|         PKT-AD Length         |         PKT HMAC ID           |\
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
~                            PKT HMAC                           ~ PKT-AD
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+/

                  LISP-SEC Map-Reply Authentication Data

      AD Type: 1 (LISP-SEC Authentication Data)
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Shouldn’t this be a
                                      different value? This AD  format
                                      is different from the one
                                      described in section 5.1!</div>
                                    <div class="">Another reason to ask
                                      IANA for a registry….</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                One is the LISP-SEC authentication data
                                that applies to the ECM message (when
                                S-bit = 1), the other is the LISP-SEC
                                authentication data that applies to the
                                Map-Reply (when S-bit = 1).  <br
                                  class="">
                                <br class="">
                                Those are extensions of two different
                                messages (ECM and map-reply), and they
                                are both identified by an AD Type (that
                                happens to be set to value 1 for both).
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">This is not clear in the current
                            text.</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    Right. I have updated the text to clarify it.
                    Together with the IANA disposition it should be
                    clear now. <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class=""><br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                Yes, the AD type space is different so
                                we will need two IANA registries. </div>
                            </div>
                          </blockquote>
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                Question for the co-auhtors: should we
                                change the name to 'ECM AD Type' and
                                'Map-Reply AD Type’?<br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">IMHO you have to, otherwise
                            there will be always confusion….</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    done.<br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class=""><br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      EID-AD Length: length (in bytes) of the EID-AD.  An EID-AD MAY
      contain multiple EID-records.  Each EID-record is 4-byte long plus
      the length of the AFI-encoded EID-prefix.

      KDF ID: Identifier of the Key Derivation Function used to derive
      MS-OTK.  See Section 5.7 for more details.





Maino, et al.             Expires April 6, 2017                 [Page 9]

Internet-Draft                  LISP-SEC                    October 2016


      Record Count: The number of records in this Map-Reply message.  A
      record is comprised of the portion of the packet that is labeled
      'Rec' above and occurs the number of times equal to Record Count.

      Reserved: Set to 0 on transmission and ignored on receipt.

      EID HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the EID-AD.  See Section 5.7 for more details.

      EID mask-len: Mask length for EID-prefix.

      EID-AFI: Address family of EID-prefix according to [RFC5226].

      EID-prefix: This field contains an EID-prefix that the destination
      ETR is authoritative for, and is the longest match for the
      requested EID.

      EID HMAC: HMAC of the EID-AD, as computed by the Map-Server.
      Before computing the HMAC operation the EID HMAC field MUST be set
      to 0.  The HMAC covers the entire EID-AD.

      PKT-AD Length: length (in bytes) of the Packet Authentication Data
      (PKT-AD).

      PKT HMAC ID: Identifier of the HMAC algorithm used to protect the
      integrity of the Map-reply Location Data.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">“Location Data” is
                                      something nowhere defined. Can you
                                      clarify what do you mean?</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                we can just remove 'Location Data’</div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">OK.</div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">      PKT HMAC: HMAC of the whole Map-Reply packet, including the LISP-
      SEC Authentication Data.  The scope of the authentication goes
      from the Map-Reply Type field to the PKT HMAC field included.
      Before computing the HMAC operation the PKT HMAC field MUST be set
      to 0.  See Section 5.8 for more details.

5.3.  Map-Register LISP-SEC Extentions

   The second bit after the Type field in a Map-Register message is
   allocated as the S bit.  </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">I would better explain
                                      that this document is allocating a
                                      bit marked as reserved in 6830.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                Ok. We will need to reflect this in
                                6830bis as well. <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">Sure</div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class="">Furthermore, at the
                                      cost of being redundant, I would
                                      put the packet format highlighting
                                      the position of the bit so that
                                      there is no confusion whatsoever.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                We wanted to  explicitly avoid to
                                include the format of messages when
                                already defined in other documents, </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          The S-bit is not defined in other documents.
                          IMHO is important to have the visual aid of
                          which exact bit your are talking about.</div>
                        <div class=""><br class="">
                        </div>
                      </div>
                    </blockquote>
                    I've added text to clarify. I really prefer not to
                    have the whole picture, but just refer to it. <br
                      class="">
                    <br class="">
                    Considering that 6830 will evolve into 6830bis,
                    eventually (with the next LISP-SEC) the reference
                    will be updated in 6830bis.  <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">so we point rather than copy.
                                If we address this in 6830bis, the
                                problem will be solved. <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          You mentioned 6830bis several time, let me
                          ask: Would you like to reference that
                          document?</div>
                        <div class="">In this case we have to hold this
                          back until we have at least a stable version
                          of that document.</div>
                        <div class="">Then the RFC editor will hold this
                          document back until that one is RFC, because
                          of missing reference.</div>
                        <div class="">
                          <div class="">Or you keep it this way and
                            later on you make a ST version.</div>
                          <div class=""><br class="">
                          </div>
                          <div class="">Either way is fine for me.</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    I think we should move this draft forward, without
                    waiting for 6830bis. Considering that this is
                    security I expect the review process to last quite
                    some time, so we can make progress without waiting
                    for 6830bis. Eventually even teh LISP-SEC RFC will
                    be updated, and all will be good. <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class=""><br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The S bit indicates to the Map-Server that
   the registering ETR is LISP-SEC enabled.  An ETR that supports LISP-
   SEC MUST set the S bit in its Map-Register messages.

5.4.  ITR Processing

   Upon creating a Map-Request, the ITR generates a random ITR-OTK that
   is stored locally, together with the nonce generated as specified in
   [RFC6830].

   The Map-Request MUST be encapsulated in an ECM, with the S-bit set to
   1, to indicate the presence of Authentication Data.  If the ITR and



Maino, et al.             Expires April 6, 2017                [Page 10]

Internet-Draft                  LISP-SEC                    October 2016


   the Map-Resolver are configured with a shared key,</pre>
                                      </div>
                                    </blockquote>
                                    In section 4 you seem to suggest
                                    that this is not the only way to
                                    protect the OTK (see my comment).</div>
                                  <div class="">Here instead you suggest
                                    that a shared key is the only way.<br
                                      class="">
                                  </div>
                                </blockquote>
                                <br class="">
                                <br class="">
                                Right. Here it says what to do IF there
                                is a shared key, that is consistent with
                                the SHOULD above. <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">OK.</div>
                          <div class=""><br class="">
                          </div>
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the ITR-OTK
   confidentiality SHOULD be protected by wrapping the ITR-OTK with the
   algorithm specified by the OTK Encryption ID field. </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Not clear what this
                                      “SHOULD” refers to.</div>
                                    <div class="">IS the SHOULD related
                                      to the fact to encrypt the OTK?
                                      The ITR SHOULD encrypt.</div>
                                    <div class="">Or the choice of the
                                      algorithm? The ITR SHOULD use the
                                      algorithm specified by the OTK
                                      Encryption ID?</div>
                                    <div class="">The second case looks
                                      impossible since is the ITR is
                                      choosing the algorithm. May be the
                                      sentence can be rewritten.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                SHOULD refers to protecting the
                                confidentiality of the ITR-OTK. Maybe
                                the 'by' should be replaced by 'with’?<br
                                  class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          Just drop the “by”?</div>
                        <div class=""><br class="">
                        </div>
                        <div class=""><br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    Similarly to previous comment: Why
                                    it is not a MUST?<br class="">
                                  </div>
                                </blockquote>
                                Same as other SHOULD. <br class="">
                                <br class="">
                                <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> See Section 5.5
   for further details on OTK encryption.

   The Requested HMAC ID field contains the suggested HMAC algorithm to
   be used by the Map-Server and the ETR to protect the integrity of the
   ECM Authentication data and of the Map-Reply.

</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">What happens if the MS
                                      will choose a HMAC not supported
                                      by the ETR or the ITR?</div>
                                    <div class="">Can you clarify how to
                                      solve this situation or explain
                                      why this will never happen?</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                This is described 5 paragraphs below: <br
                                  class="">
                                <br class="">
                                "
                                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  </pre>
                                "<br class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">What about the ETR?</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    It's specified in 5.8, the ETR makes the same
                    processing as the MS. <br class="">
                    <br class="">
                    "If the ETR does not support the Requested HMAC ID,
                    it uses a different algorithm and updates the PKT
                    HMAC ID field accordingly. " <br class="">
                    <br class="">
                    Also the ETR doesn't process the AD computed by the
                    MS, it just copies into the Map-Reply. <br class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class=""><br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class=""><br class="">
                                    </div>
                                    <div class="">What happens if the MS
                                      will choose a KDF ID not supported
                                      by the ITR?</div>
                                    <div class="">Can you clarify how to
                                      solve this situation or explain
                                      why this will never happen?</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                This is described a few paragraphs
                                below: <br class="">
                                "
                                <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
                                "<br class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">This does not guarantee that the
                            MS will reply with something the ITR
                            understands….</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    For some local ITR's policy it may not be
                    guaranteed. It's a balance between reachability and
                    security that the ITR will have to choose. <br
                      class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-AD length is set to 4 bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Why a “SHOULD”? If the
                                      Map-Request has S-bit=0 it mean
                                      that there is no AD, hence no OTK,
                                      how can the ITR decrypt the
                                      reply?????</div>
                                    <div class="">It MUST discard…..</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                If S-bit = 0 there's no Authentication
                                Data. The Map-reply is in clear, and can
                                be read.</div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">I am not sure you understood my
                            point.</div>
                          <div class=""><br class="">
                          </div>
                          <div class="">You send a Map-Request with S=0,
                            hence unenbcrypted. How can you possible
                            receive a Map-Reply with S=1?</div>
                          <div class="">How is it encrypted if the ITR
                            did not provide any OTK?</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    Misconfiguration, bugs? I was just trying to
                    enumerate the behaviors of the ITR. There's probably
                    something wrong, and the map-reply should be
                    discarded. Still the mapping is readable, so an ITR
                    favoring reachability may decide to use the mapping.
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <div class=""><br class="">
                          </div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                Here again the SHOULD leaves open to ITR
                                local policy that can be strict (drop
                                anything not authenticated) or loose
                                (accept unauthenticated map-reply). <br
                                  class="">
                                <br class="">
                                There are use cases where LISP-SEC is
                                not deployed everywhere, where the ITR
                                might have to use loose policy.   <br
                                  class="">
                                <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""><br class="">
                                    </div>
                                    <br class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Upon receiving a Map-Reply, the ITR must verify the integrity of both
   the EID-AD and the PKT-AD, and MUST discard the Map-Reply if one of
   the integrity checks fails.

   The integrity of the EID-AD is verified using the locally stored ITR-
   OTK to re-compute the HMAC of the EID-AD using the algorithm
   specified in the EID HMAC ID field.  If the EID HMAC ID field does
   not match the Requested HMAC ID the ITR SHOULD discard the Map-Reply
</pre>
                                      </div>
                                    </blockquote>
                                    Why is this a SHOULD? If it supports
                                    the HMAC Algorithm why not decrypt?
                                    Shouldn’t this be a “MAY”, according
                                    to internal policy?<br class="">
                                  </div>
                                </blockquote>
                                <br class="">
                                because this could be used by an
                                attacker to force weaker HMACs (e.g.
                                MD5). </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          OK</div>
                        <div class=""><br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">The SHOULD leaves open the door
                                to not discarding, according to local
                                policy. <br class="">
                                <br class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">OK.</div>
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <br class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   and send, at the first opportunity it needs to, a new Map-Request
   with a different Requested HMAC ID field, according to ITR's local
   policy.  The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Shouldn’t the MS do
                                      the same thing? Otherwise
                                      different values will be obtained.
                                      This is not specified in the MS
                                      functioning description.</div>
                                  </div>
                                </blockquote>
                                <br class="">
                                good catch. Actually it's a typo here,
                                the EID HMAC field should be set to 0
                                (that is consistent with section 5.7),
                                not the EID HMAC ID that should not be
                                touched. <br class="">
                                <br class="">
                              </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          OK<br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> <br class="">
                                <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">The ITR MUST set the EID HMAC ID field to 0 before computing
   the HMAC.

should change to 

The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.
</pre>
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""> </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   To verify the integrity of the PKT-AD, first the MS-OTK is derived
   from the locally stored ITR-OTK using the algorithm specified in the
   KDF ID field.  This is because the PKT-AD is generated by the ETR
   using the MS-OTK.  If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's local policy.
   The derived MS-OTK is then used to re-compute the HMAC of the PKT-AD
   using the Algorithm specified in the PKT HMAC ID field.  If the PKT
   HMAC ID field does not match the Requested HMAC ID the ITR SHOULD
   discard the Map-Reply and send, at the first opportunity it needs to,




Maino, et al.             Expires April 6, 2017                [Page 11]

Internet-Draft                  LISP-SEC                    October 2016


   a new Map-Request with a different Requested HMAC ID according to
   ITR's local policy.

   Each individual Map-Reply EID-record is considered valid only if: (1)
   both EID-AD and PKT-AD are valid, and (2) the intersection of the
   EID-prefix in the Map-Reply EID-record with one of the EID-prefixes
   contained in the EID-AD is not empty.  After identifying the Map-
   Reply record as valid, the ITR sets the EID-prefix in the Map-Reply
   record to the value of the intersection set computed before, and adds
   the Map-Reply EID-record to its EID-to-RLOC cache, as described in
   [RFC6830].  An example of Map-Reply record validation is provided in
   Section 5.4.1.

   The ITR SHOULD send SMR triggered Map-Requests over the mapping
   system in order to receive a secure Map-Reply.  </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">I do not understand
                                      this “SHOULD”.  This has
                                      consequences in the choice how to
                                      react to SMR. This is a local
                                      policy.</div>
                                    <div class="">_If_ the ITR wants to
                                      protect Map-Requests using
                                      LISP-SEC, than SMR triggered
                                      Map-Request MUST be sent through
                                      the mapping system.</div>
                                  </div>
                                </blockquote>
                              </div>
                            </div>
                          </blockquote>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class=""> so the _if_ is what makes that
                                MUST a SHOULD... According to local
                                policy the ITR SHOULD send the SMR. </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">I read the sentence in this way:</div>
                          <div class=""><br class="">
                          </div>
                          <div class=""><span class="Apple-tab-span" style="white-space:pre">	</span>In
                            order to received a secure Map-Reply, the
                            ITR MUST send SMR triggered Map-Requests
                            over the mapping system.</div>
                        </div>
                        <div class=""><br class="">
                        </div>
                        <div class="">No?</div>
                      </div>
                    </blockquote>
                    <br class="">
                    I see what you are saying. I'll rephrase as: <br
                      class="">
                    <br class="">
                    If an ITR accepts piggybacked Map-Replies, it SHOULD
                    also send a Map-Request over the mapping system in
                    order to verify the piggybacked Map-Reply with a
                    secure Map-Reply. <br class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class=""><br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""> </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If an ITR accepts
   piggybacked Map-Replies, it SHOULD also send a Map-Request over the
   mapping system in order to securely verify the piggybacked Map-Reply.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Same as above.</div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.1.  Map-Reply Record Validation

   The payload of a Map-Reply may contain multiple EID-records.  The
   whole Map-Reply is signed by the ETR, with the PKT HMAC, to provide
   integrity protection and origin authentication to the EID-prefix
   records claimed by the ETR.  The Authentication Data field of a Map-
   Reply may contain multiple EID-records in the EID-AD.  The EID-AD is
   signed by the Map-Server, with the EID HMAC, to provide integrity
   protection and origin authentication to the EID-prefix records
   inserted by the Map-Server.

   Upon receiving a Map-Reply with the S-bit set, the ITR first checks
   the validity of both the EID HMAC and of the PKT-AD HMAC.  If either
   one of the HMACs is not valid, a log message is issued and the Map-
   Reply is not processed any further.  </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">I think “log message"
                                      is too much implementation
                                      specific. </div>
                                    <div class="">If there is a
                                      notification, and how this
                                      notification is done, is
                                      implementation specific IMHO.</div>
                                  </div>
                                </blockquote>
                                Ok. 'a log message is issued' will
                                change to 'a log action should be
                                taken'. The point is that there could be
                                an attack behind it, and we want to
                                record the event </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">OK</div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">If both HMACs are valid, the ITR
   proceeds with validating each individual EID-record claimed by the
   ETR by computing the intersection of each one of the EID-prefix
   contained in the payload of the Map-Reply with each one of the EID-
   prefixes contained in the EID-AD.  An EID-record is valid only if at
   least one of the intersections is not the empty set.

   For instance, the Map-Reply payload contains 3 mapping record EID-
   prefixes:

      1.1.1.0/24

      1.1.2.0/24

      1.2.0.0/16




Maino, et al.             Expires April 6, 2017                [Page 12]

Internet-Draft                  LISP-SEC                    October 2016


   The EID-AD contains two EID-prefixes:

      1.1.2.0/24

      1.2.3.0/24

   The EID-record with EID-prefix 1.1.1.0/24 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">I think “log message"
                                      is too much implementation
                                      specific. </div>
                                    <div class="">If there is a
                                      notification, and how this
                                      notification is done, is
                                      implementation specific IMHO.</div>
                                  </div>
                                </blockquote>
                                ok. Same as above.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""> </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">I think “log message"
                                      is too much implementation
                                      specific. </div>
                                    <div class="">If there is a
                                      notification, and how this
                                      notification is done, is
                                      implementation specific IMHO.</div>
                                  </div>
                                </blockquote>
                                ok. Same as above
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""> </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">  In this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Reading the example I
                                      am not sure I would follow this
                                      behaviour.</div>
                                    <div class="">Only 1 record out of 3
                                      is valid so why should I actually
                                      trust the ETR instead of throwing
                                      everything away?</div>
                                    <div class="">Can you explain ???</div>
                                  </div>
                                </blockquote>
                                The other two records are validated by
                                the MS, so there is no reason to throw
                                those away. </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">Yes, but the ETR is still trying
                            to cheat on the third one….</div>
                          <div class="">So the ETR may be compromised,
                            why should I send traffic to him???</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    ITR has flagged the security exception with the log
                    entry, and some local ITR policy will decide what to
                    do (including stop encapsulating to the ETR, if
                    that's what is specified by the policy).  At the
                    LISP level LISP-SEC has done its job: verified
                    mapping  goes into the map-cache, overclaimed
                    mapping is dropped. <br class="">
                    <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <div class=""><br class="">
                          </div>
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""> </div>
                                    <div class=""> </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.4.2.  PITR Processing

   The processing performed by a PITR is equivalent to the processing of
   an ITR.  However, if the PITR is directly connected to the ALT, </pre>
                                      </div>
                                    </blockquote>
                                    <div class="">This would be
                                      LISP+ALT. Pleas add a reference to
                                      6836.</div>
                                  </div>
                                </blockquote>
                                ok.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">the
   PITR performs the functions of both the ITR and the Map-Resolver
   forwarding the Map-Request encapsulated in an ECM header that
   includes the Authentication Data fields as described in Section 5.6.

5.5.  Encrypting and Decrypting an OTK

   MS-OTK confidentiality is required in the path between the Map-Server
   and the ETR, the MS-OTK SHOULD</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">If confidentiality is
                                      required why there is not a MUST?</div>
                                  </div>
                                </blockquote>
                                Same.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> be encrypted using the preconfigured
   key shared between the Map-Server and the ETR for the purpose of
   securing ETR registration [RFC6833].  Similarly, if ITR-OTK
   confidentiality is required in the path between the ITR and the Map-
   Resolver, the ITR-OTK SHOULD </pre>
                                      </div>
                                    </blockquote>
                                    Again, if confidentiality is
                                    required why there is not a MUST?</div>
                                </blockquote>
                                Same.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">be encrypted with a key shared between
   the ITR and the Map-Resolver.

   The OTK is encrypted using the algorithm specified in the OTK
   Encryption ID field.  When the AES Key Wrap algorithm is used to
   encrypt a 128-bit OTK, according to [RFC3339],</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">The correct RFC is
                                      3394.</div>
                                  </div>
                                </blockquote>
                                ok.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the AES Key Wrap
   Initialization Value MUST be set to 0xA6A6A6A6A6A6A6A6 (64 bits).
   The output of the AES Key Wrap operation is 192-bit long.  The most
   significant 64-bit are copied in the One-Time Key Preamble field,
   while the 128 less significant bits are copied in the One-Time Key
   field of the LISP-SEC Authentication Data.

   When decrypting an encrypted OTK the receiver MUST verify that the
   Initialization Value resulting from the AES Key Wrap decryption



Maino, et al.             Expires April 6, 2017                [Page 13]

Internet-Draft                  LISP-SEC                    October 2016


   operation is equal to 0xA6A6A6A6A6A6A6A6.  If this verification fails
   the receiver MUST discard the entire message.

   When a 128-bit OTK is sent unencrypted the OTK Encryption ID is set
   to NULL_KEY_WRAP_128, and the OTK Preamble is set to
   0x0000000000000000 (64 bits).

5.6.  Map-Resolver Processing

   Upon receiving an encapsulated Map-Request with the S-bit set, the
   Map-Resolver decapsulates the ECM message.  The ITR-OTK, if
   encrypted, is decrypted as specified in Section 5.5.

   The Map-Resolver, as specified in [RFC6833], originates a new ECM
   header with the S-bit set, that contains the unencrypted ITR-OTK, as
   specified in Section 5.5, and the other data derived from the ECM
   Authentication Data of the received encapsulated Map-Request.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">Few points on this
                                      last paragraph:</div>
                                    <div class="">- You assume that
                                      there is no need of
                                      confidentiality inside the Mapping
                                      System?</div>
                                    <div class="">- Why not stating that
                                      encryption inside the mapping
                                      system is mapping system specify
                                      and out of scope of this document?</div>
                                  </div>
                                </blockquote>
                                ok. as it was pointed out above.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class="">- Why are you assuming
                                      that all of the Mapping system
                                      will use ECM? Future Mapping
                                      system may use soemthos different.
                                      The important point is to ship the
                                      AD along.</div>
                                  </div>
                                </blockquote>
                                good point, and I agree with your
                                suggestion to fix this below.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The Map-Resolver then forwards</pre>
                                      </div>
                                    </blockquote>
                                    to whom? </div>
                                </blockquote>
                                ok. add 'to the Map-Server'
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> the received Map-Request, encapsulated
   in the new ECM header that includes the newly computed Authentication
   Data fields.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">As for my comment of
                                      the previous paragraph I would be
                                      more generic stating that the MR
                                      will hand over the request to the
                                      mapping system.</div>
                                    <div class=""> </div>
                                    <div class="">You can still provide
                                      the example of DDT using ECM.</div>
                                  </div>
                                </blockquote>
                                right.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">5.7.  Map-Server Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the Map-Server process the Map-Request according to the value of the
   S-bit contained in the Map-Register sent by the ETR during
   registration.

   If the S-bit contained in the Map-Register was clear the Map-Server
   decapsulates the ECM and generates a new ECM encapsulated Map-Request
   that does not contain an ECM Authentication Data, as specified in
   [RFC6830].  The Map-Server does not perform any further LISP-SEC
   processing.
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">This equivalent to not
                                      using LISP-SEC. Please specify
                                      that the Map-Reply will be not
                                      protected.</div>
                                  </div>
                                </blockquote>
                                ok.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   If the S-bit contained in the Map-Register was set the Map-Server
   decapsulates the ECM and generates a new ECM Authentication Data.
   The Authentication Data includes the OTK-AD and the EID-AD, that
   contains EID-prefix authorization information, that are ultimately
   sent to the requesting ITR.

   The Map-Server updates the OTK-AD by deriving a new OTK (MS-OTK) from
   the ITR-OTK received with the Map-Request.  MS-OTK is derived
   applying the key derivation function specified in the KDF ID field.
   If the algorithm specified in the KDF ID field is not supported, the
   Map-Server uses a different algorithm to derive the key and updates
   the KDF ID field accordingly.




Maino, et al.             Expires April 6, 2017                [Page 14]

Internet-Draft                  LISP-SEC                    October 2016


   The Map-Server and the ETR MUST be configured with a shared key for
   mapping registration according to [RFC6833].  If MS-OTK
   confidentiality is required, then the MS-OTK SHOULD be encrypted,</pre>
                                      </div>
                                    </blockquote>
                                    Again, if confidentiality is
                                    required why there is not a MUST? </div>
                                </blockquote>
                                same as above.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class=""> by
   wrapping the MS-OTK with the algorithm specified by the OTK
   Encryption ID field as specified in Section 5.5.

   The Map-Server includes in the EID-AD the longest match registered
   EID-prefix for the destination EID, and an HMAC of this EID-prefix.
   The HMAC is keyed with the ITR-OTK contained in the received ECM
   Authentication Data, and the HMAC algorithm is chosen according to
   the Requested HMAC ID field.  If The Map-Server does not support this
   algorithm, the Map-Server uses a different algorithm and specifies it
   in the EID HMAC ID field.  The scope of the HMAC operation covers the
   entire EID-AD, from the EID-AD Length field to the EID HMAC field,
   which must be set to 0 before the computation.

   The Map-Server then forwards the updated ECM encapsulated Map-
   Request, that contains the OTK-AD, the EID-AD, and the received Map-
   Request to an authoritative ETR as specified in [RFC6830].

5.7.1.  Map-Server Processing in Proxy mode

   If the Map-Server is in proxy mode, it generates a Map-Reply, as
   specified in [RFC6830], with the S-bit set to 1.  The Map-Reply
   includes the Authentication Data that contains the EID-AD, computed
   as specified in Section 5.7, as well as the PKT-AD computed as
   specified in Section 5.8.

5.8.  ETR Processing

   Upon receiving an ECM encapsulated Map-Request with the S-bit set,
   the ETR decapsulates the ECM message.  The OTK field, if encrypted,
   is decrypted as specified in Section 5.5 to obtain the unencrypted
   MS-OTK.

   The ETR then generates a Map-Reply as specified in [RFC6830] and
   includes the Authentication Data that contains the EID-AD, as
   received in the encapsulated Map-Request, as well as the PKT-AD.

   The EID-AD is copied from the Authentication Data of the received
   encapsulated Map-Request.

   The PKT-AD contains the HMAC of the whole Map-Reply packet, keyed
   with the MS-OTK and computed using the HMAC algorithm specified in
   the Requested HMAC ID field of the received encapsulated Map-Request.
   If the ETR does not support the Requested HMAC ID, it uses a
   different algorithm and updates the PKT HMAC ID field accordingly.
   The scope of the HMAC operation covers the entire PKT-AD, from the



Maino, et al.             Expires April 6, 2017                [Page 15]

Internet-Draft                  LISP-SEC                    October 2016


   Map-Reply Type field to the PKT HMAC field, which must be set to 0
   before the computation.

   Finally the ETR sends the Map-Reply to the requesting ITR as
   specified in [RFC6830].

6.  Security Considerations

6.1.  Mapping System Security

   The LISP-SEC threat model described in Section 3, assumes that the
   LISP Mapping System is working properly and eventually delivers Map-
   Request messages to a Map-Server that is authoritative for the
   requested EID.

</pre>
                                      </div>
                                    </blockquote>
                                    <div class=""> </div>
                                    <div class="">As for a previous
                                      comment, can you elaborate if OTK
                                      confidentiality is required in the
                                      mapping system and what are the
                                      consequences?</div>
                                    <div class=""> </div>
                                  </div>
                                </blockquote>
                                ok.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   Map-Register security, including the right for a LISP entity to
   register an EID-prefix or to claim presence at an RLOC, is out of the
   scope of LISP-SEC.

6.2.  Random Number Generation

   The ITR-OTK MUST be generated by a properly seeded pseudo-random (or
   strong random) source.  See [RFC4086] for advice on generating
   security-sensitive random data

6.3.  Map-Server and ETR Colocation

   If the Map-Server and the ETR are colocated, LISP-SEC does not
   provide protection from overclaiming attacks mounted by the ETR.
   However, in this particular case, since the ETR is within the trust
   boundaries of the Map-Server, ETR's overclaiming attacks are not
   included in the threat model.

7.  IANA Considerations
</pre>
                                      </div>
                                    </blockquote>
                                    <div class="">This section is not
                                      conform to RFC 5226.</div>
                                    <div class=""> </div>
                                    <div class="">There right way to go
                                      is to ask IANA to create three new
                                      registries, for HMAC, Key Wrap,
                                      and Key Derivation functions.</div>
                                    <div class="">Define what is the
                                      allocation process (in light of
                                      the size of the field FCFS should
                                      not cause any problem IMHO)</div>
                                    <div class=""> </div>
                                    <div class="">Then ask to populate
                                      the registries as already
                                      described.</div>
                                  </div>
                                </blockquote>
                                Ok, so each one of the sections 7.x will
                                say: IANA is requested to create a new
                                &lt;registry-name&gt;  registry for use
                                … </div>
                            </div>
                          </blockquote>
                          <div class=""><br class="">
                          </div>
                          <div class="">There is slightly more text to
                            add.</div>
                        </div>
                      </div>
                    </blockquote>
                    <br class="">
                    right. I have added more. I'm almost ready to send a
                    new rev.  <br class="">
                    <br class="">
                    <blockquote
                      cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                      type="cite" class="">
                      <div class="">
                        <div class="">
                          <div class=""><br class="">
                          </div>
                          <br class="">
                          <blockquote type="cite" class="">
                            <div class="">
                              <div bgcolor="#FFFFFF" text="#000000"
                                class="">
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""> </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">7.1.  HMAC functions

   The following HMAC ID values are defined by this memo for use as
   Requested HMAC ID, EID HMAC ID, and PKT HMAC ID in the LISP-SEC
   Authentication Data:











Maino, et al.             Expires April 6, 2017                [Page 16]

Internet-Draft                  LISP-SEC                    October 2016


             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             AUTH-HMAC-SHA-1-96       1             [RFC2104]
             AUTH-HMAC-SHA-256-128    2             [RFC4634]

             values 2-65535 are reserved to IANA.

                              HMAC Functions

   AUTH-HMAC-SHA-1-96 MUST be supported, AUTH-HMAC-SHA-256-128 should be
   supported.

7.2.  Key Wrap Functions

   The following OTK Encryption ID values are defined by this memo for
   use as OTK key wrap algorithms ID in the LISP-SEC Authentication
   Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NULL-KEY-WRAP-128        1
             AES-KEY-WRAP-128         2             [RFC3394]

             values 0 and 3-65535 are reserved to IANA.

                            Key Wrap Functions

   NULL-KEY-WRAP-128, and AES-KEY-WRAP-128 MUST be supported.

   NULL-KEY-WRAP-128 is used to carry an unencrypted 128-bit OTK, with a
   64-bit preamble set to 0x0000000000000000 (64 bits).

7.3.  Key Derivation Functions

   The following KDF ID values are defined by this memo for use as KDF
   ID in the LISP-SEC Authentication Data:

             Name                     Number        Defined In
             -------------------------------------------------
             NONE                     0
             HKDF-SHA1-128            1             [RFC5869]

             values 2-65535 are reserved to IANA.

                         Key Derivation Functions

   HKDF-SHA1-128 MUST be supported



Maino, et al.             Expires April 6, 2017                [Page 17]

Internet-Draft                  LISP-SEC                    October 2016


8.  Acknowledgements

   The authors would like to acknowledge Pere Monclus, Dave Meyer, Dino
   Farinacci, Brian Weis, David McGrew, Darrel Lewis and Landon Curt
   Noll for their valuable suggestions provided during the preparation
   of this document.

9.  Normative References
</pre>
                                      </div>
                                    </blockquote>
                                    <div class=""> </div>
                                    <div class=""> </div>
                                    <div class="">Please Check your
                                      reference, this is the output if
                                      the nits tool:</div>
                                    <div class=""> </div>
                                    <div class=""> </div>
                                    <div class="">Checking references
                                      for intended status: Experimental</div>
                                    <div class=""> 
----------------------------------------------------------------------------</div>
                                    <div class=""> </div>
                                    <div class="">  == Missing
                                      Reference: 'RFC3339' is mentioned
                                      on line 602, but not defined</div>
                                    <div class=""> </div>
                                    <div class="">  == Missing
                                      Reference: 'RFC4634' is mentioned
                                      on line 752, but not defined</div>
                                    <div class=""> </div>
                                    <div class="">  ** Obsolete
                                      undefined reference: RFC 4634
                                      (Obsoleted by RFC 6234)</div>
                                  </div>
                                </blockquote>
                                ok.
                                <blockquote
                                  cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                                  type="cite" class="">
                                  <div class="">
                                    <div class=""> </div>
                                    <blockquote type="cite" class="">
                                      <div class="">
                                        <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   [RFC2104]  Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
              Hashing for Message Authentication", RFC 2104,
              DOI 10.17487/RFC2104, February 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2104" class="">http://www.rfc-editor.org/info/rfc2104</a>&gt;.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc2119" class="">http://www.rfc-editor.org/info/rfc2119</a>&gt;.

   [RFC3394]  Schaad, J. and R. Housley, "Advanced Encryption Standard
              (AES) Key Wrap Algorithm", RFC 3394, DOI 10.17487/RFC3394,
              September 2002, &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc3394" class="">http://www.rfc-editor.org/info/rfc3394</a>&gt;.

   [RFC4086]  Eastlake 3rd, D., Schiller, J., and S. Crocker,
              "Randomness Requirements for Security", BCP 106, RFC 4086,
              DOI 10.17487/RFC4086, June 2005,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc4086" class="">http://www.rfc-editor.org/info/rfc4086</a>&gt;.

   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
              DOI 10.17487/RFC5226, May 2008,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5226" class="">http://www.rfc-editor.org/info/rfc5226</a>&gt;.

   [RFC5869]  Krawczyk, H. and P. Eronen, "HMAC-based Extract-and-Expand
              Key Derivation Function (HKDF)", RFC 5869,
              DOI 10.17487/RFC5869, May 2010,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc5869" class="">http://www.rfc-editor.org/info/rfc5869</a>&gt;.

   [RFC6830]  Farinacci, D., Fuller, V., Meyer, D., and D. Lewis, "The
              Locator/ID Separation Protocol (LISP)", RFC 6830,
              DOI 10.17487/RFC6830, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6830" class="">http://www.rfc-editor.org/info/rfc6830</a>&gt;.

   [RFC6833]  Fuller, V. and D. Farinacci, "Locator/ID Separation
              Protocol (LISP) Map-Server Interface", RFC 6833,
              DOI 10.17487/RFC6833, January 2013,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc6833" class="">http://www.rfc-editor.org/info/rfc6833</a>&gt;.




Maino, et al.             Expires April 6, 2017                [Page 18]

Internet-Draft                  LISP-SEC                    October 2016


   [RFC7835]  Saucez, D., Iannone, L., and O. Bonaventure, "Locator/ID
              Separation Protocol (LISP) Threat Analysis", RFC 7835,
              DOI 10.17487/RFC7835, April 2016,
              &lt;<a moz-do-not-send="true" href="http://www.rfc-editor.org/info/rfc7835" class="">http://www.rfc-editor.org/info/rfc7835</a>&gt;.

Authors' Addresses

   Fabio Maino
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:fmaino@cisco.com" class="">fmaino@cisco.com</a>


   Vina Ermagan
   Cisco Systems
   170 Tasman Drive
   San Jose, California  95134
   USA

   Email: <a moz-do-not-send="true" href="mailto:vermagan@cisco.com" class="">vermagan@cisco.com</a>


   Albert Cabellos
   Technical University of Catalonia
   c/ Jordi Girona s/n
   Barcelona  08034
   Spain

   Email: <a moz-do-not-send="true" href="mailto:acabello@ac.upc.edu" class="">acabello@ac.upc.edu</a>


   Damien Saucez
   INRIA
   2004 route des Lucioles - BP 93
   Sophia Antipolis
   France

   Email: <a moz-do-not-send="true" href="mailto:damien.saucez@inria.fr" class="">damien.saucez@inria.fr</a>










Maino, et al.             Expires April 6, 2017                [Page 19]</pre>
                                        <div class=""> </div>
                                      </div>
                                      <div class=""> </div>
                                      <div class=""> </div>
                                    </blockquote>
                                    <div class="">
                                      <div class=""> </div>
                                      <div class=""> </div>
                                    </div>
                                  </div>
                                </blockquote>
                                <div class=""> <br
                                    class="webkit-block-placeholder">
                                </div>
                              </div>
                            </div>
                          </blockquote>
                        </div>
                        <br class="">
                      </div>
                    </blockquote>
                    <p class=""><br class="">
                    </p>
                  </blockquote>
                  <p class=""><br class="">
                  </p>
                </div>
                <span id="cid:1EDDBB75-0995-4DF3-9241-6F398783066E">&lt;Diff_
                  draft-ietf-lisp-sec-11.txt -
                  draft-ietf-lisp-sec-12a.txt.html&gt;</span><span
                  id="cid:F2144582-6C70-43D5-9213-89A8BBED6471">&lt;draft-ietf-lisp-sec-12a.txt&gt;</span></div>
            </blockquote>
          </div>
          <br class="">
        </div>
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>

--------------2C17378A2F0B1C07C9AB2D2D--


From nobody Thu Oct 27 03:06:40 2016
Return-Path: <ietf@kuehlewind.net>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AE7EF129410; Thu, 27 Oct 2016 03:06:38 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "Mirja Kuehlewind" <ietf@kuehlewind.net>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147756279870.18880.16779109803016660833.idtracker@ietfa.amsl.com>
Date: Thu, 27 Oct 2016 03:06:38 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/ZqLAokdVEdf3Ejw85e7KreykOYk>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-ddt@ietf.org, lisp@ietf.org
Subject: [lisp] =?utf-8?q?Mirja_K=C3=BChlewind=27s_No_Objection_on_draft-i?= =?utf-8?q?etf-lisp-ddt-08=3A_=28with_COMMENT=29?=
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 10:06:39 -0000

Mirja Kühlewind has entered the following ballot position for
draft-ietf-lisp-ddt-08: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Would it be worth it to potentially think about/document potential
attacks against this system? I didn't think myself about how such an
attack could look like but given that location and identity are potential
sensitive data it might be worth it...



From nobody Thu Oct 27 05:17:44 2016
Return-Path: <jari.arkko@piuha.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 314601293DC for <lisp@ietfa.amsl.com>; Thu, 27 Oct 2016 05:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.331
X-Spam-Level: 
X-Spam-Status: No, score=-2.331 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.431] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5L8z2DbElnw for <lisp@ietfa.amsl.com>; Thu, 27 Oct 2016 05:17:42 -0700 (PDT)
Received: from p130.piuha.net (p130.piuha.net [IPv6:2a00:1d50:2::130]) by ietfa.amsl.com (Postfix) with ESMTP id C6F0A129519 for <lisp@ietf.org>; Thu, 27 Oct 2016 05:17:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by p130.piuha.net (Postfix) with ESMTP id 29B342CC9A; Thu, 27 Oct 2016 15:17:35 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
X-Virus-Scanned: amavisd-new at piuha.net
Received: from p130.piuha.net ([127.0.0.1]) by localhost (p130.piuha.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99LiNqmffvEP; Thu, 27 Oct 2016 15:17:34 +0300 (EEST)
Received: from [127.0.0.1] (p130.piuha.net [IPv6:2a00:1d50:2::130]) by p130.piuha.net (Postfix) with ESMTP id AAE8B2CED1; Thu, 27 Oct 2016 15:17:33 +0300 (EEST) (envelope-from jari.arkko@piuha.net)
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
Content-Type: multipart/signed; boundary="Apple-Mail=_8A9D8B83-C57B-4F41-A0C0-281F37139DAA"; protocol="application/pgp-signature"; micalg=pgp-sha512
X-Pgp-Agent: GPGMail
From: Jari Arkko <jari.arkko@piuha.net>
In-Reply-To: <50795FAC-6560-4F02-937B-F6343F1E6CF7@gmail.com>
Date: Thu, 27 Oct 2016 14:17:23 +0200
Message-Id: <06D30248-1820-4082-8769-63D7A466310B@piuha.net>
References: <87bmym4cyp.fsf@hobgoblin.ariadne.com> <50795FAC-6560-4F02-937B-F6343F1E6CF7@gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/V-a4pOz3y4IE5gz6dZx11z0IQkk>
Cc: "Dale R. Worley" <worley@ariadne.com>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Gen-ART IETF Last Call review of draft-ietf-lisp-ddt-08
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 12:17:43 -0000

--Apple-Mail=_8A9D8B83-C57B-4F41-A0C0-281F37139DAA
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Many thanks Dale for this extensive and high quality review. Much =
appreciated.

And thank you Dino and others for working on answers and edits.

Jari


--Apple-Mail=_8A9D8B83-C57B-4F41-A0C0-281F37139DAA
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJYEfBUAAoJEM80gCTQU46qpDAP/1DftoyR8zW6dZupqhXGi8Vd
K0TM+FO5Zy8sW314+7atGq2t2g8GN7iEYlkE4lCmd2NlvtYJUv+nOqf+pqcMHpdX
Dy8eE2W7EHR4lxFIZbL37nEzR3Scga131yZ0++b6gOM8IrTjZZWh1+xDrbfsY+OB
2CFKUDpyKwoU+eh5ewZDnaHGpUO7MQ6Q9WzrpYqMZaJ189n04qktgfX5jp+zWC2l
6rmETQRzqXFWsplBH8dBqt/kmhW3fqQ2nLUiqhztPPApLN4u6qrSzaGHGo1HTtmu
hFY8hvR0iLo+qPYoZEYL3KVlTi0gDWn/FJCmw0hq4ug777t4Bp2hb8j3gWR8UHVB
N4UXFPb2V2i41XhQ9EiSQV8MDj9lUtpqgswMTJ5doV4WrimgGIi2F28WgTHGDRjb
NjqkWbJbET3BIZ5/und772FhKD8y4vcVEKcD9dvMAiCL0stAWndLjxE9jNwQY4q9
9CrKogqydmf43YlOUEmQ3WIQPaixiO9ZkzxM7oZWtJQGS9xofrTr9OeYKB1OU7RF
IP7lhTCjDpMuaEaGtJqT7K8RkdvYkxxJr0bFKdnJEXbkl/qEgrQeNHUqKV3H8a/2
DOgnfELk/+6jJT8RNGJratrQ5gLrbF49huAuBPOIFouYSoz6jYuS1QvKHJNqAkRe
xZEAIsIrsATKPcnaBL2g
=qVEF
-----END PGP SIGNATURE-----

--Apple-Mail=_8A9D8B83-C57B-4F41-A0C0-281F37139DAA--


From nobody Thu Oct 27 05:44:29 2016
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 61C6512960C; Thu, 27 Oct 2016 05:44:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147757226834.24715.16366455756541086706.idtracker@ietfa.amsl.com>
Date: Thu, 27 Oct 2016 05:44:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/i_cnu-q2BHpEvLDApC-sRoOCp-o>
Cc: lisp-chairs@ietf.org, draft-ietf-lisp-ddt@ietf.org, lisp@ietf.org
Subject: [lisp] Stephen Farrell's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS and COMMENT)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 12:44:28 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-lisp-ddt-08: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


6.4.1: RSA-SHA1 is not the right choice today, shouldn't
this be RSA-SHA256?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------


- 6.4.1: Can you clarify what bits are signed? I'm not
quite sure from the description given - you can have
more than one signature but you say the the "entire
record" is covered.

- Section 8: Where's signature validation in the
pseudo-code?



From nobody Thu Oct 27 06:53:13 2016
Return-Path: <jari.arkko@piuha.net>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 17917129655; Thu, 27 Oct 2016 06:53:12 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: "Jari Arkko" <jari.arkko@piuha.net>
To: "The IESG" <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147757639208.24578.6861441364742553634.idtracker@ietfa.amsl.com>
Date: Thu, 27 Oct 2016 06:53:12 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/B_5ZeH0Te0R3FWVElFazGgwVWOA>
Cc: lisp-chairs@ietf.org, worley@ariadne.com, draft-ietf-lisp-ddt@ietf.org, lisp@ietf.org
Subject: [lisp] Jari Arkko's Discuss on draft-ietf-lisp-ddt-08: (with DISCUSS)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 13:53:12 -0000

Jari Arkko has entered the following ballot position for
draft-ietf-lisp-ddt-08: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-lisp-ddt/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

Thank you for this draft.

I plan to recommend its approval, but first I would like to ensure that
the issues raised by Dale Worley in his Gen-ART review are addressed
satisfactorily and in consultation with the working group, to ensure that
the document is as clear as possible. Specifically, the questions about
XEIDs and the definition of a peer and a DDT node at least need to be
worked through. (I’m not necessarily asking for text changes, but looking
for convergence in the discussion so that we are on the same page about
what is meant. And I see the discussion is already ongoing -- thanks for
that.)





From nobody Thu Oct 27 14:48:46 2016
Return-Path: <fmaino@cisco.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8430E12997D; Thu, 27 Oct 2016 14:48:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.55
X-Spam-Level: 
X-Spam-Status: No, score=-13.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_COMMENT_SAVED_URL=1.391, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001, T_HTML_ATTACH=0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15nUUJt_8vwc; Thu, 27 Oct 2016 14:48:38 -0700 (PDT)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 410C812997E; Thu, 27 Oct 2016 14:48:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=335259; q=dns/txt; s=iport; t=1477604918; x=1478814518; h=subject:to:references:cc:from:message-id:date: mime-version:in-reply-to; bh=tUEQvWxhFhDY/oCy2GlWzAkhC504g8OAl7CKiJfMTvo=; b=OSHXnuhLlxYI71lJ0P6TsYU6ugmPEBEe9hIf4dDOE3kLSX3Nh4zknXrT sko4Hs8C5d56LtWISwcVKGWgFmDJoqgIKReSg4I9NGyEm/fJt2dwjxsH2 8W+JDlI5lsDdkPMQj+/rcf+LouhOY/Iis8UjPeKdZrzmy30pl286g0+QN o=;
X-Files: Diff_ draft-ietf-lisp-sec-11.txt - draft-ietf-lisp-sec-12b.txt.html,  draft-ietf-lisp-sec-12b.txt : 174265, 49681
X-IronPort-AV: E=Sophos;i="5.31,406,1473120000";  d="txt'?html'217?scan'217,208,217";a="339686437"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 27 Oct 2016 21:48:37 +0000
Received: from [10.154.248.166] ([10.154.248.166]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u9RLma1s029418; Thu, 27 Oct 2016 21:48:36 GMT
To: Luigi Iannone <luigi.iannone@telecom-paristech.fr>
References: <FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr> <8204baa6-8cbd-83b3-aa88-dc3ba16c5a33@cisco.com> <38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr> <37a920e9-b1aa-33c1-6321-e24937bc6c8d@cisco.com> <BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr>
From: Fabio Maino <fmaino@cisco.com>
Message-ID: <d7151186-f918-096b-ac78-6891e3dce316@cisco.com>
Date: Thu, 27 Oct 2016 14:48:36 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr>
Content-Type: multipart/mixed; boundary="------------783419FA16F85F446D9AC88D"
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/sLqf0IVlKG31ws_RjgKlL3kZu9w>
Cc: lisp-chairs@ietf.org, Damien Saucez <damien.saucez@inria.fr>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] LISP-SEC review (finally)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 21:48:44 -0000

This is a multi-part message in MIME format.
--------------783419FA16F85F446D9AC88D
Content-Type: multipart/alternative;
 boundary="------------EAC3951AB15325567E097EA9"


--------------EAC3951AB15325567E097EA9
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Luigi,
I agree with all the comments.

The document attached should reflect all your suggestions.

A few notes below, just to explicitly ack the changes you suggested.


On 10/26/16 2:13 AM, Luigi Iannone wrote:
> Hi Fabio,
>
> Yes we are converging, very few points are left.
>
> Inline are my comments, I snipped everything that we already agreed up on.
>
> L.
>
>> On 26 Oct 2016, at 02:14, Fabio Maino <fmaino@cisco.com 
>> <mailto:fmaino@cisco.com>> wrote:
>>
>
> [snip]
>
>
>>
>>>
>>> Also, what is the MS stubbornly insists in using an algorithm that 
>>> the ITR does not support?
>>
>> The MS might not have alternatives, as it might only support one 
>> algorithm.
>>
>
> Sure
>
> The question is: can we have situations in which MS replies always 
> with the same algorithm (because has no alternatives) and the ITR is 
> never able to understand that reply (because has no alternatives).
>
> From my understanding this can happen, right?
>
> LISP-SEC has no way to prevent it, right?
>
> What is needed is a policy like “ITR tries using all of the algorithm 
> it supports and then gives up”, right?
>
> If the answer to those questions is yes, then IMO this should be 
> spelled out somewhere.
>
>

got it. Agreed.


>>
>>
> [snip]
>
>>>
>>>>
>>>>>
>>>>>>     The KDF ID field, specifies the suggested key derivation function to
>>>>>>     be used by the Map-Server to derive the MS-OTK.
>>>>>
>>>>> What happens if the MS will choose a KDF ID not supported by the ITR?
>>>>> Can you clarify how to solve this situation or explain why this 
>>>>> will never happen?
>>>>
>>>> This is described a few paragraphs below:
>>>> "
>>>> If the KDF ID in the Map-Reply does not match the
>>>>     KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
>>>>     Reply and send, at the first opportunity it needs to, a new Map-
>>>>     Request with a different KDF ID, according to ITR's...
>>>> "
>>>>
>>>
>>> This does not guarantee that the MS will reply with something the 
>>> ITR understands….
>>
>> For some local ITR's policy it may not be guaranteed. It's a balance 
>> between reachability and security that the ITR will have to choose.
>>
>>
> I am not sure I understand your reply.
>
> My point was the same as above: what if MS and ITR are not able to talk?

ok. So this is addressed by the same fix used for the previous comment. 
I'll specify that the ITR will stop re-sending map-requests once all 
HMAC IDs supported by the ITR have been attempted.

>
>
>>
>>
>>
>>
>>>
>>>
>>>
>>>>>
>>>>>>     The EID-AD length is set to 4 bytes, since the Authentication Data
>>>>>>     does not contain EID-prefix Authentication Data, and the EID-AD
>>>>>>     contains only the KDF ID field.
>>>>>>
>>>>>>     In response to an encapsulated Map-Request that has the S-bit set, an
>>>>>>     ITR MUST receive a Map-Reply with the S-bit set, that includes an
>>>>>>     EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
>>>>>>     ITR MUST discard it.  In response to an encapsulated Map-Request with
>>>>>>     S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
>>>>>>     the ITR SHOULD discard the Map-Reply if the S-bit is set.
>>>>> Why a “SHOULD”? If the Map-Request has S-bit=0 it mean that there 
>>>>> is no AD, hence no OTK, how can the ITR decrypt the reply?????
>>>>> It MUST discard…..
>>>>
>>>> If S-bit = 0 there's no Authentication Data. The Map-reply is in 
>>>> clear, and can be read.
>>>
>>> I am not sure you understood my point.
>>>
>>> You send a Map-Request with S=0, hence unenbcrypted. How can you 
>>> possible receive a Map-Reply with S=1?
>>> How is it encrypted if the ITR did not provide any OTK?
>>
>> Misconfiguration, bugs? I was just trying to enumerate the behaviors 
>> of the ITR. There's probably something wrong, and the map-reply 
>> should be discarded. Still the mapping is readable, so an ITR 
>> favoring reachability may decide to use the mapping.
>>
>
> Oh… I may see the misunderstanding. You are saying that the bit is set 
> in the Map-Reply, but actually the content is not encrypted, right? SO 
> the ITR can decide whether or not to use it.
>
> Is that right?

right.

>
>
> [snip]
>>>>> I think “log message" is too much implementation specific.
>>>>> If there is a notification, and how this notification is done, is 
>>>>> implementation specific IMHO.
>>>> ok. Same as above.
>>>>>>     The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
>>>>>>     because it matches the second EID-prefix contained in the EID-AD.
>>>>>>
>>>>>>     The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
>>>>>>     is not included in any of the EID-ADs signed by the Map-Server.  A
>>>>>>     log message is issued.
>>>>> I think “log message" is too much implementation specific.
>>>>> If there is a notification, and how this notification is done, is 
>>>>> implementation specific IMHO.
>>>> ok. Same as above
>>>>>>    In this last example the ETR is trying to
>>>>>>     over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
>>>>>>     only 1.2.3.0/24, hence the EID-record is discarded.
>>>>> Reading the example I am not sure I would follow this behaviour.
>>>>> Only 1 record out of 3 is valid so why should I actually trust the 
>>>>> ETR instead of throwing everything away?
>>>>> Can you explain ???
>>>> The other two records are validated by the MS, so there is no 
>>>> reason to throw those away.
>>>
>>> Yes, but the ETR is still trying to cheat on the third one….
>>> So the ETR may be compromised, why should I send traffic to him???
>>
>> ITR has flagged the security exception with the log entry, and some 
>> local ITR policy will decide what to do (including stop encapsulating 
>> to the ETR, if that's what is specified by the policy).  At the LISP 
>> level LISP-SEC has done its job: verified mapping  goes into the 
>> map-cache, overclaimed mapping is dropped.
>>
>
> This is not what the above text states. The text states that the valid 
> EID-record is stored in the map-cache.
> To be consistent with your reply you should change and state that the 
> EID-record is eligible to be used by the ITR.


got it. I changed 'stored into the map-cache' with 'eligible to be used 
by the ITR'. For consistency I have used similar language for the other 
two cases (rather than not processed).

>
> BTW to be consistent with other LISP document you should use "LISP 
> Cache” instead of “map-cache” (in the whole document).
>
>
ok. With the change above we don't use the word map-cache anymore in the 
document. So this is addresses as well.

Thanks!
Fabio



> [snip]
>


--------------EAC3951AB15325567E097EA9
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Luigi, <br>
      I agree with all the comments. <br>
      <br>
      The document attached should reflect all your suggestions. <br>
      <br>
      A few notes below, just to explicitly ack the changes you
      suggested. <br>
      <br>
      <br>
      On 10/26/16 2:13 AM, Luigi Iannone wrote:<br>
    </div>
    <blockquote
      cite="mid:BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      Hi Fabio,
      <div class=""><br class="">
      </div>
      <div class="">Yes we are converging, very few points are left. </div>
      <div class=""><br class="">
      </div>
      <div class="">Inline are my comments, I snipped everything that we
        already agreed up on.</div>
      <div class=""><br class="">
      </div>
      <div class="">L.</div>
      <div class=""><br class="">
        <div>
          <blockquote type="cite" class="">
            <div class="">On 26 Oct 2016, at 02:14, Fabio Maino &lt;<a
                moz-do-not-send="true" href="mailto:fmaino@cisco.com"
                class="">fmaino@cisco.com</a>&gt; wrote:</div>
            <br class="Apple-interchange-newline">
          </blockquote>
          <div><br class="">
          </div>
          <div>[snip]</div>
          <div><br class="">
          </div>
          <br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <blockquote
                  cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <div class="">Also, what is the MS stubbornly
                        insists in using an algorithm that the ITR does
                        not support?</div>
                    </div>
                  </div>
                </blockquote>
                <br class="">
                The MS might not have alternatives, as it might only
                support one algorithm. <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>Sure</div>
          <div><br class="">
          </div>
          <div>The question is: can we have situations in which MS
            replies always with the same algorithm (because has no
            alternatives) and the ITR is never able to understand that
            reply (because has no alternatives).</div>
          <div><br class="">
          </div>
          <div>From my understanding this can happen, right? </div>
          <div><br class="">
          </div>
          <div>LISP-SEC has no way to prevent it, right?</div>
          <div><br class="">
          </div>
          <div>What is needed is a policy like “ITR tries using all of
            the algorithm it supports and then gives up”, right?</div>
          <div><br class="">
          </div>
          <div>If the answer to those questions is yes, then IMO this
            should be spelled out somewhere.</div>
          <div><br class="">
          </div>
          <br class="">
        </div>
      </div>
    </blockquote>
    <br>
    got it. Agreed. <br>
    <br>
    <br>
    <blockquote
      cite="mid:BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          [snip]</div>
        <div><br class="">
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class=""><br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <div bgcolor="#FFFFFF" text="#000000" class="">
                            <br class="">
                            <blockquote
                              cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                              type="cite" class="">
                              <div class="">
                                <div class=""><br class="">
                                </div>
                                <blockquote type="cite" class="">
                                  <div class="">
                                    <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The KDF ID field, specifies the suggested key derivation function to
   be used by the Map-Server to derive the MS-OTK.
</pre>
                                  </div>
                                </blockquote>
                                <div class=""><br class="">
                                </div>
                                <div class="">What happens if the MS
                                  will choose a KDF ID not supported by
                                  the ITR?</div>
                                <div class="">Can you clarify how to
                                  solve this situation or explain why
                                  this will never happen?</div>
                              </div>
                            </blockquote>
                            <br class="">
                            This is described a few paragraphs below: <br
                              class="">
                            "
                            <pre class="newpage" style="font-size: 13.3333px; margin-top: 0px; margin-bottom: 0px; break-before: page; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;">If the KDF ID in the Map-Reply does not match the
   KDF ID requested in the Map-Request, the ITR SHOULD discard the Map-
   Reply and send, at the first opportunity it needs to, a new Map-
   Request with a different KDF ID, according to ITR's... </pre>
                            "<br class="">
                            <br class="">
                          </div>
                        </div>
                      </blockquote>
                      <div class=""><br class="">
                      </div>
                      <div class="">This does not guarantee that the MS
                        will reply with something the ITR understands….</div>
                    </div>
                  </div>
                </blockquote>
                <br class="">
                For some local ITR's policy it may not be guaranteed.
                It's a balance between reachability and security that
                the ITR will have to choose. <br class="">
                <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div>I am not sure I understand your reply.</div>
          <div><br class="">
          </div>
          <div>My point was the same as above: what if MS and ITR are
            not able to talk?</div>
        </div>
      </div>
    </blockquote>
    <br>
    ok. So this is addressed by the same fix used for the previous
    comment. I'll specify that the ITR will stop re-sending map-requests
    once all HMAC IDs supported by the ITR have been attempted. <br>
     <br>
    <blockquote
      cite="mid:BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div><br class="">
          </div>
        </div>
        <div>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class=""> <br
                  class="">
                <br class="">
                <br class="">
                <br class="">
                <blockquote
                  cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                      <div class=""><br class="">
                      </div>
                      <div class=""><br class="">
                      </div>
                      <br class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <div bgcolor="#FFFFFF" text="#000000" class="">
                            <blockquote
                              cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                              type="cite" class="">
                              <div class="">
                                <div class=""><br class="">
                                </div>
                                <blockquote type="cite" class="">
                                  <div class="">
                                    <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-AD length is set to 4 bytes, since the Authentication Data
   does not contain EID-prefix Authentication Data, and the EID-AD
   contains only the KDF ID field.

   In response to an encapsulated Map-Request that has the S-bit set, an
   ITR MUST receive a Map-Reply with the S-bit set, that includes an
   EID-AD and a PKT-AD.  If the Map-Reply does not include both ADs, the
   ITR MUST discard it.  In response to an encapsulated Map-Request with
   S-bit set to 0, the ITR expects a Map-Reply with S-bit set to 0, and
   the ITR SHOULD discard the Map-Reply if the S-bit is set.
</pre>
                                  </div>
                                </blockquote>
                                <div class="">Why a “SHOULD”? If the
                                  Map-Request has S-bit=0 it mean that
                                  there is no AD, hence no OTK, how can
                                  the ITR decrypt the reply?????</div>
                                <div class="">It MUST discard…..</div>
                              </div>
                            </blockquote>
                            <br class="">
                            If S-bit = 0 there's no Authentication Data.
                            The Map-reply is in clear, and can be read.</div>
                        </div>
                      </blockquote>
                      <div class=""><br class="">
                      </div>
                      <div class="">I am not sure you understood my
                        point.</div>
                      <div class=""><br class="">
                      </div>
                      <div class="">You send a Map-Request with S=0,
                        hence unenbcrypted. How can you possible receive
                        a Map-Reply with S=1?</div>
                      <div class="">How is it encrypted if the ITR did
                        not provide any OTK?</div>
                    </div>
                  </div>
                </blockquote>
                <br class="">
                Misconfiguration, bugs? I was just trying to enumerate
                the behaviors of the ITR. There's probably something
                wrong, and the map-reply should be discarded. Still the
                mapping is readable, so an ITR favoring reachability may
                decide to use the mapping. <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>Oh… I may see the misunderstanding. You are saying that
            the bit is set in the Map-Reply, but actually the content is
            not encrypted, right? SO the ITR can decide whether or not
            to use it.</div>
          <div><br class="">
          </div>
          <div>Is that right?</div>
        </div>
      </div>
    </blockquote>
    <br>
    right. <br>
    <br>
    <blockquote
      cite="mid:BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div><br class="">
          </div>
          [snip]</div>
        <div>
          <blockquote type="cite" class="">
            <div class="">
              <div bgcolor="#FFFFFF" text="#000000" class="">
                <blockquote
                  cite="mid:38FE74C1-A8F3-4A92-B575-CC5CF4E249D8@telecom-paristech.fr"
                  type="cite" class="">
                  <div class="">
                    <div class="">
                      <blockquote type="cite" class="">
                        <div class="">
                          <div bgcolor="#FFFFFF" text="#000000" class="">
                            <blockquote
                              cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                              type="cite" class="">
                              <div class="">
                                <div class="">I think “log message" is
                                  too much implementation specific. </div>
                                <div class="">If there is a
                                  notification, and how this
                                  notification is done, is
                                  implementation specific IMHO.</div>
                              </div>
                            </blockquote>
                            ok. Same as above.
                            <blockquote
                              cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                              type="cite" class="">
                              <div class="">
                                <div class=""> </div>
                                <blockquote type="cite" class="">
                                  <div class="">
                                    <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">   The EID-record with EID-prefix 1.1.2.0/24 is stored in the map-cache
   because it matches the second EID-prefix contained in the EID-AD.

   The EID-record with EID-prefix 1.2.0.0/16 is not processed since it
   is not included in any of the EID-ADs signed by the Map-Server.  A
   log message is issued.</pre>
                                  </div>
                                </blockquote>
                                <div class="">I think “log message" is
                                  too much implementation specific. </div>
                                <div class="">If there is a
                                  notification, and how this
                                  notification is done, is
                                  implementation specific IMHO.</div>
                              </div>
                            </blockquote>
                            ok. Same as above
                            <blockquote
                              cite="mid:FC4677DB-855C-4273-8B52-161039B900A8@telecom-paristech.fr"
                              type="cite" class="">
                              <div class="">
                                <div class=""> </div>
                                <blockquote type="cite" class="">
                                  <div class="">
                                    <pre style="word-wrap: break-word; white-space: pre-wrap;" class="">  In this last example the ETR is trying to
   over claim the EID-prefix 1.2.0.0/16, but the Map-Server authorized
   only 1.2.3.0/24, hence the EID-record is discarded.
</pre>
                                  </div>
                                </blockquote>
                                <div class="">Reading the example I am
                                  not sure I would follow this
                                  behaviour.</div>
                                <div class="">Only 1 record out of 3 is
                                  valid so why should I actually trust
                                  the ETR instead of throwing everything
                                  away?</div>
                                <div class="">Can you explain ???</div>
                              </div>
                            </blockquote>
                            The other two records are validated by the
                            MS, so there is no reason to throw those
                            away. </div>
                        </div>
                      </blockquote>
                      <div class=""><br class="">
                      </div>
                      <div class="">Yes, but the ETR is still trying to
                        cheat on the third one….</div>
                      <div class="">So the ETR may be compromised, why
                        should I send traffic to him???</div>
                    </div>
                  </div>
                </blockquote>
                <br class="">
                ITR has flagged the security exception with the log
                entry, and some local ITR policy will decide what to do
                (including stop encapsulating to the ETR, if that's what
                is specified by the policy).  At the LISP level LISP-SEC
                has done its job: verified mapping  goes into the
                map-cache, overclaimed mapping is dropped. <br class="">
                <br class="">
              </div>
            </div>
          </blockquote>
          <div><br class="">
          </div>
          <div>This is not what the above text states. The text states
            that the valid EID-record is stored in the map-cache.</div>
          <div>To be consistent with your reply you should change and
            state that the EID-record is eligible to be used by the ITR.</div>
        </div>
      </div>
    </blockquote>
    <br>
    <br>
    got it. I changed 'stored into the map-cache' with 'eligible to be
    used by the ITR'. For consistency I have used similar language for
    the other two cases (rather than not processed).  <br>
    <br>
    <blockquote
      cite="mid:BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>
          <div><br class="">
          </div>
          <div>BTW to be consistent with other LISP document you should
            use "LISP Cache” instead of “map-cache” (in the whole
            document).</div>
          <br class="">
          <br class="">
        </div>
      </div>
    </blockquote>
    ok. With the change above we don't use the word map-cache anymore in
    the document. So this is addresses as well.<br>
    <br>
    Thanks!<br>
    Fabio<br>
    <br>
    <br>
    <br>
    <blockquote
      cite="mid:BB7D47C9-A6C3-4DF5-A408-689256084709@telecom-paristech.fr"
      type="cite">
      <div class="">
        <div>[snip]</div>
        <div><br class="">
        </div>
      </div>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>

--------------EAC3951AB15325567E097EA9--

--------------783419FA16F85F446D9AC88D
Content-Type: text/html; charset=UTF-8;
 name="Diff_ draft-ietf-lisp-sec-11.txt - draft-ietf-lisp-sec-12b.txt.html"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename*0="Diff_ draft-ietf-lisp-sec-11.txt - draft-ietf-lisp-sec-12b.t";
 filename*1="xt.html"

PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlv
bmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5z
aXRpb25hbC5kdGQiPgo8IS0tIHNhdmVkIGZyb20gdXJsPSgwMDQ5KWh0dHBzOi8vdG9vbHMu
aWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQgLS0+CjxodG1sIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48c2NyaXB0IHR5cGU9InRleHQvamF2YXNj
cmlwdCI+d2luZG93WyJfZ2FVc2VyUHJlZnMiXSA9IHsgaW9vIDogZnVuY3Rpb24oKSB7IHJl
dHVybiB0cnVlOyB9IH08L3NjcmlwdD48aGVhZD48bWV0YSBodHRwLWVxdWl2PSJDb250ZW50
LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCI+IAogICAKICA8bWV0
YSBodHRwLWVxdWl2PSJDb250ZW50LVN0eWxlLVR5cGUiIGNvbnRlbnQ9InRleHQvY3NzIj4g
CiAgPHRpdGxlPkRpZmY6IGRyYWZ0LWlldGYtbGlzcC1zZWMtMTEudHh0IC0gZHJhZnQtaWV0
Zi1saXNwLXNlYy0xMmIudHh0PC90aXRsZT4gCiAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4g
CiAgICBib2R5ICAgIHsgbWFyZ2luOiAwLjRleDsgbWFyZ2luLXJpZ2h0OiBhdXRvOyB9IAog
ICAgdHIgICAgICB7IH0gCiAgICB0ZCAgICAgIHsgd2hpdGUtc3BhY2U6IHByZTsgZm9udC1m
YW1pbHk6IG1vbm9zcGFjZTsgdmVydGljYWwtYWxpZ246IHRvcDsgZm9udC1zaXplOiAwLjg2
ZW07fSAKICAgIHRoICAgICAgeyBmb250LXNpemU6IDAuODZlbTsgfSAKICAgIC5zbWFsbCAg
eyBmb250LXNpemU6IDAuNmVtOyBmb250LXN0eWxlOiBpdGFsaWM7IGZvbnQtZmFtaWx5OiBW
ZXJkYW5hLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7IH0gCiAgICAubGVmdCAgIHsgYmFja2dy
b3VuZC1jb2xvcjogI0VFRTsgfSAKICAgIC5yaWdodCAgeyBiYWNrZ3JvdW5kLWNvbG9yOiAj
RkZGOyB9IAogICAgLmRpZmYgICB7IGJhY2tncm91bmQtY29sb3I6ICNDQ0Y7IH0gCiAgICAu
bGJsb2NrIHsgYmFja2dyb3VuZC1jb2xvcjogI0JGQjsgfSAKICAgIC5yYmxvY2sgeyBiYWNr
Z3JvdW5kLWNvbG9yOiAjRkY4OyB9IAogICAgLmluc2VydCB7IGJhY2tncm91bmQtY29sb3I6
ICM4RkY7IH0gCiAgICAuZGVsZXRlIHsgYmFja2dyb3VuZC1jb2xvcjogI0FDRjsgfSAKICAg
IC52b2lkICAgeyBiYWNrZ3JvdW5kLWNvbG9yOiAjRkZCOyB9IAogICAgLmNvbnQgICB7IGJh
Y2tncm91bmQtY29sb3I6ICNFRUU7IH0gCiAgICAubGluZWJyIHsgYmFja2dyb3VuZC1jb2xv
cjogI0FBQTsgfSAKICAgIC5saW5lbm8geyBjb2xvcjogcmVkOyBiYWNrZ3JvdW5kLWNvbG9y
OiAjRkZGOyBmb250LXNpemU6IDAuN2VtOyB0ZXh0LWFsaWduOiByaWdodDsgcGFkZGluZzog
MCAycHg7IH0gCiAgICAuZWxpcHNpc3sgYmFja2dyb3VuZC1jb2xvcjogI0FBQTsgfSAKICAg
IC5sZWZ0IC5jb250IHsgYmFja2dyb3VuZC1jb2xvcjogI0RERDsgfSAKICAgIC5yaWdodCAu
Y29udCB7IGJhY2tncm91bmQtY29sb3I6ICNFRUU7IH0gCiAgICAubGJsb2NrIC5jb250IHsg
YmFja2dyb3VuZC1jb2xvcjogIzlEOTsgfSAKICAgIC5yYmxvY2sgLmNvbnQgeyBiYWNrZ3Jv
dW5kLWNvbG9yOiAjREQ2OyB9IAogICAgLmluc2VydCAuY29udCB7IGJhY2tncm91bmQtY29s
b3I6ICMwREQ7IH0gCiAgICAuZGVsZXRlIC5jb250IHsgYmFja2dyb3VuZC1jb2xvcjogIzhB
RDsgfSAKICAgIC5zdGF0cywgLnN0YXRzIHRkLCAuc3RhdHMgdGggeyBiYWNrZ3JvdW5kLWNv
bG9yOiAjRUVFOyBwYWRkaW5nOiAycHggMDsgfSAKICAgIHNwYW4uaGlkZSB7IGRpc3BsYXk6
IG5vbmU7IGNvbG9yOiAjYWFhO30gICAgYTpob3ZlciBzcGFuIHsgZGlzcGxheTogaW5saW5l
OyB9ICAgIHRyLmNoYW5nZSB7IGJhY2tncm91bmQtY29sb3I6IGdyYXk7IH0gCiAgICB0ci5j
aGFuZ2UgYSB7IHRleHQtZGVjb3JhdGlvbjogbm9uZTsgY29sb3I6IGJsYWNrIH0gCiAgPC9z
dHlsZT4gCiAgICAgPHNjcmlwdD4KdmFyIGNodW5rX2luZGV4ID0gMDsKdmFyIG9sZF9jaHVu
ayA9IG51bGw7CgpmdW5jdGlvbiBmb3JtYXRfY2h1bmsoaW5kZXgpIHsKICAgIHZhciBwcmVm
aXggPSAiZGlmZiI7CiAgICB2YXIgc3RyID0gaW5kZXgudG9TdHJpbmcoKTsKICAgIGZvciAo
eD0wOyB4PCg0LXN0ci5sZW5ndGgpOyArK3gpIHsKICAgICAgICBwcmVmaXgrPScwJzsKICAg
IH0KICAgIHJldHVybiBwcmVmaXggKyBzdHI7Cn0KCmZ1bmN0aW9uIGZpbmRfY2h1bmsobil7
CiAgICByZXR1cm4gZG9jdW1lbnQucXVlcnlTZWxlY3RvcigndHJbaWQkPSInICsgbiArICci
XScpOwp9CgpmdW5jdGlvbiBjaGFuZ2VfY2h1bmsob2Zmc2V0KSB7CiAgICB2YXIgaW5kZXgg
PSBjaHVua19pbmRleCArIG9mZnNldDsKICAgIHZhciBuZXdfc3RyOwogICAgdmFyIG5ld19j
aHVuazsKCiAgICBuZXdfc3RyID0gZm9ybWF0X2NodW5rKGluZGV4KTsKICAgIG5ld19jaHVu
ayA9IGZpbmRfY2h1bmsobmV3X3N0cik7CiAgICBpZiAoIW5ld19jaHVuaykgewogICAgICAg
IHJldHVybjsKICAgIH0KICAgIGlmIChvbGRfY2h1bmspIHsKICAgICAgICBvbGRfY2h1bmsu
c3R5bGUub3V0bGluZSA9ICIiOwogICAgfQogICAgb2xkX2NodW5rID0gbmV3X2NodW5rOwog
ICAgb2xkX2NodW5rLnN0eWxlLm91dGxpbmUgPSAiMXB4IHNvbGlkIHJlZCI7CiAgICB3aW5k
b3cubG9jYXRpb24uaGFzaCA9ICIjIiArIG5ld19zdHI7CiAgICB3aW5kb3cuc2Nyb2xsQnko
MCwtMTAwKTsKICAgIGNodW5rX2luZGV4ID0gaW5kZXg7Cn0KCmRvY3VtZW50Lm9ua2V5ZG93
biA9IGZ1bmN0aW9uKGUpIHsKICAgIHN3aXRjaCAoZS5rZXlDb2RlKSB7CiAgICBjYXNlIDc4
OgogICAgICAgIGNoYW5nZV9jaHVuaygxKTsKICAgICAgICBicmVhazsKICAgIGNhc2UgODA6
CiAgICAgICAgY2hhbmdlX2NodW5rKC0xKTsKICAgICAgICBicmVhazsKICAgIH0KfTsKICAg
PC9zY3JpcHQ+IAo8L2hlYWQ+IAo8Ym9keT4gCiAgPHRhYmxlIGJvcmRlcj0iMCIgY2VsbHBh
ZGRpbmc9IjAiIGNlbGxzcGFjaW5nPSIwIj4gCiAgPHRib2R5Pjx0ciBpZD0icGFydC0xIiBi
Z2NvbG9yPSJvcmFuZ2UiPjx0aD48L3RoPjx0aD48YSBocmVmPSJodHRwczovL3Rvb2xzLmll
dGYub3JnL3JmY2RpZmY/dXJsMj1kcmFmdC1pZXRmLWxpc3Atc2VjLTExLnR4dCIgc3R5bGU9
ImNvbG9yOiMwMDg7IHRleHQtZGVjb3JhdGlvbjpub25lOyI+Jmx0OzwvYT4mbmJzcDs8YSBo
cmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvZHJhZnQtaWV0Zi1saXNwLXNlYy0x
MS50eHQiIHN0eWxlPSJjb2xvcjojMDA4Ij5kcmFmdC1pZXRmLWxpc3Atc2VjLTExLnR4dDwv
YT4mbmJzcDs8L3RoPjx0aD4gPC90aD48dGg+Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly90b29s
cy5pZXRmLm9yZy9odG1sL2RyYWZ0LWlldGYtbGlzcC1zZWMtMTJiLnR4dCIgc3R5bGU9ImNv
bG9yOiMwMDgiPmRyYWZ0LWlldGYtbGlzcC1zZWMtMTJiLnR4dDwvYT4mbmJzcDs8YSBocmVm
PSJodHRwczovL3Rvb2xzLmlldGYub3JnL3JmY2RpZmY/dXJsMT1kcmFmdC1pZXRmLWxpc3At
c2VjLTEyYi50eHQiIHN0eWxlPSJjb2xvcjojMDA4OyB0ZXh0LWRlY29yYXRpb246bm9uZTsi
PiZndDs8L2E+PC90aD48dGg+PC90aD48L3RyPiAKICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5OZXR3b3JrIFdvcmtpbmcg
R3JvdXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRi4gTWFp
bm88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij5OZXR3b3JrIFdvcmtpbmcgR3Jv
dXAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRi4gTWFpbm88
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPkludGVybmV0LURyYWZ0ICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVi4gRXJtYWdhbjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPkludGVybmV0LURyYWZ0ICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVi4gRXJtYWdhbjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+SW50ZW5kZWQgc3RhdHVzOiBFeHBlcmltZW50YWwg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaXNjbyBTeXN0ZW1zPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+SW50ZW5kZWQgc3RhdHVzOiBFeHBlcmltZW50YWwgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICBDaXNjbyBTeXN0ZW1zPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDAxIj48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPkV4cGlyZXM6IDxzcGFuIGNsYXNzPSJkZWxldGUiPkFwcmlsIDYsIDIwMTc8L3NwYW4+
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQS4gQ2FiZWxsb3M8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+RXhwaXJlczogPHNwYW4gY2xhc3M9Imlu
c2VydCI+TWF5IDQsIDIwMTcgIDwvc3Bhbj4gICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBBLiBDYWJlbGxvczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGVjaG5pY2FsIFVuaXZl
cnNpdHkgb2YgQ2F0YWxvbmlhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgVGVjaG5pY2FsIFVuaXZlcnNp
dHkgb2YgQ2F0YWxvbmlhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICBELiBTYXVjZXo8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBE
LiBTYXVjZXo8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJ
TlJJQTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBJTlJJ
QTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZm
MDAwMiI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPiBPY3RvYmVyIDM8
L3NwYW4+LCAyMDE2PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPHNwYW4g
Y2xhc3M9Imluc2VydCI+T2N0b2JlciAzMTwvc3Bhbj4sIDIwMTY8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICAgICAgICAgICAgTElT
UC1TZWN1cml0eSAoTElTUC1TRUMpPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgICAgICAgICAgICAgICAgICAgTElTUC1TZWN1cml0eSAoTElTUC1TRUMpPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDAzIj48
dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgICAgICAgICAgICAgICAgICAgICAgICBkcmFmdC1pZXRmLWxpc3At
c2VjLTE8c3BhbiBjbGFzcz0iZGVsZXRlIj4xPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gICAgICAgICAgICAgICAgICAgICAgICAgZHJhZnQtaWV0Zi1saXNw
LXNlYy0xPHNwYW4gY2xhc3M9Imluc2VydCI+Mjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+QWJzdHJhY3Q8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij5BYnN0cmFjdDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij4gICBUaGlzIG1lbW8gc3BlY2lmaWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1
cml0eSBtZWNoYW5pc21zIHRoYXQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICBUaGlzIG1lbW8gc3BlY2lmaWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1cml0eSBtZWNo
YW5pc21zIHRoYXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHByb3ZpZGVz
IG9yaWdpbiBhdXRoZW50aWNhdGlvbiwgaW50ZWdyaXR5IGFuZCBhbnRpLXJlcGxheSBwcm90
ZWN0aW9uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJvdmlkZXMgb3Jp
Z2luIGF1dGhlbnRpY2F0aW9uLCBpbnRlZ3JpdHkgYW5kIGFudGktcmVwbGF5IHByb3RlY3Rp
b248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRvIExJU1AncyBFSUQtdG8t
UkxPQyBtYXBwaW5nIGRhdGEgY29udmV5ZWQgdmlhIG1hcHBpbmcgbG9va3VwPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdG8gTElTUCdzIEVJRC10by1STE9DIG1hcHBp
bmcgZGF0YSBjb252ZXllZCB2aWEgbWFwcGluZyBsb29rdXA8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIHByb2Nlc3MuICBMSVNQLVNFQyBhbHNvIGVuYWJsZXMgdmVyaWZp
Y2F0aW9uIG9mIGF1dGhvcml6YXRpb24gb24gRUlELTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIHByb2Nlc3MuICBMSVNQLVNFQyBhbHNvIGVuYWJsZXMgdmVyaWZpY2F0
aW9uIG9mIGF1dGhvcml6YXRpb24gb24gRUlELTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgcHJlZml4IGNsYWltcyBpbiBNYXAtUmVwbHkgbWVzc2FnZXMuPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJlZml4IGNsYWltcyBpbiBNYXAtUmVwbHkg
bWVzc2FnZXMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPlJl
cXVpcmVtZW50cyBMYW5ndWFnZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPlJl
cXVpcmVtZW50cyBMYW5ndWFnZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHIgaWQ9InBhcnQtMiIgY2xhc3M9ImNoYW5nZSI+PHRkPjwv
dGQ+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0
dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC0y
Ij48ZW0+IHBhZ2UgMSwgbGluZSA0NDxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3NwYW4+PC9l
bT48L2E+PC90aD48dGg+IDwvdGg+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8
L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9y
ZmNkaWZmLnB5aHQjcGFydC0yIj48ZW0+IHBhZ2UgMSwgbGluZSA0NDxzcGFuIGNsYXNzPSJo
aWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJbnRlcm5ldC1E
cmFmdHMgYXJlIHdvcmtpbmcgZG9jdW1lbnRzIG9mIHRoZSBJbnRlcm5ldCBFbmdpbmVlcmlu
ZzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEludGVybmV0LURyYWZ0cyBh
cmUgd29ya2luZyBkb2N1bWVudHMgb2YgdGhlIEludGVybmV0IEVuZ2luZWVyaW5nPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUYXNrIEZvcmNlIChJRVRGKS4gIE5vdGUg
dGhhdCBvdGhlciBncm91cHMgbWF5IGFsc28gZGlzdHJpYnV0ZTwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIFRhc2sgRm9yY2UgKElFVEYpLiAgTm90ZSB0aGF0IG90aGVy
IGdyb3VwcyBtYXkgYWxzbyBkaXN0cmlidXRlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICB3b3JraW5nIGRvY3VtZW50cyBhcyBJbnRlcm5ldC1EcmFmdHMuICBUaGUgbGlz
dCBvZiBjdXJyZW50IEludGVybmV0LTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIHdvcmtpbmcgZG9jdW1lbnRzIGFzIEludGVybmV0LURyYWZ0cy4gIFRoZSBsaXN0IG9m
IGN1cnJlbnQgSW50ZXJuZXQtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBE
cmFmdHMgaXMgYXQgaHR0cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RyYWZ0cy9jdXJyZW50
Ly48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBEcmFmdHMgaXMgYXQgaHR0
cDovL2RhdGF0cmFja2VyLmlldGYub3JnL2RyYWZ0cy9jdXJyZW50Ly48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBk
cmFmdCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggbW9udGhzPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgSW50ZXJuZXQtRHJhZnRzIGFyZSBkcmFm
dCBkb2N1bWVudHMgdmFsaWQgZm9yIGEgbWF4aW11bSBvZiBzaXggbW9udGhzPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhbmQgbWF5IGJlIHVwZGF0ZWQsIHJlcGxhY2Vk
LCBvciBvYnNvbGV0ZWQgYnkgb3RoZXIgZG9jdW1lbnRzIGF0IGFueTwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFuZCBtYXkgYmUgdXBkYXRlZCwgcmVwbGFjZWQsIG9y
IG9ic29sZXRlZCBieSBvdGhlciBkb2N1bWVudHMgYXQgYW55PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICB0aW1lLiAgSXQgaXMgaW5hcHByb3ByaWF0ZSB0byB1c2UgSW50
ZXJuZXQtRHJhZnRzIGFzIHJlZmVyZW5jZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIHRpbWUuICBJdCBpcyBpbmFwcHJvcHJpYXRlIHRvIHVzZSBJbnRlcm5ldC1EcmFm
dHMgYXMgcmVmZXJlbmNlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBtYXRl
cmlhbCBvciB0byBjaXRlIHRoZW0gb3RoZXIgdGhhbiBhcyAid29yayBpbiBwcm9ncmVzcy4i
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgbWF0ZXJpYWwgb3IgdG8gY2l0
ZSB0aGVtIG90aGVyIHRoYW4gYXMgIndvcmsgaW4gcHJvZ3Jlc3MuIjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDA0
Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsYmxvY2siPiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBpcmUgb24g
PHNwYW4gY2xhc3M9ImRlbGV0ZSI+QXByaWwgNjwvc3Bhbj4sIDIwMTcuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFRoaXMgSW50ZXJuZXQtRHJhZnQgd2lsbCBleHBp
cmUgb24gPHNwYW4gY2xhc3M9Imluc2VydCI+TWF5IDQ8L3NwYW4+LCAyMDE3LjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5Db3B5cmlnaHQgTm90aWNlPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+Q29weXJpZ2h0IE5vdGljZTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBDb3B5cmlnaHQgKGMpIDIw
MTYgSUVURiBUcnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGU8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBDb3B5cmlnaHQgKGMpIDIwMTYgSUVURiBU
cnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIGRvY3VtZW50IGF1dGhvcnMuICBBbGwgcmlnaHRzIHJlc2Vy
dmVkLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGRvY3VtZW50IGF1dGhv
cnMuICBBbGwgcmlnaHRzIHJlc2VydmVkLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBUaGlzIGRvY3VtZW50IGlzIHN1YmplY3QgdG8gQkNQIDc4IGFu
ZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgVGhpcyBkb2N1bWVudCBpcyBzdWJqZWN0IHRvIEJDUCA3OCBhbmQgdGhlIElFVEYg
VHJ1c3QncyBMZWdhbDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUHJvdmlz
aW9ucyBSZWxhdGluZyB0byBJRVRGIERvY3VtZW50czwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFByb3Zpc2lvbnMgUmVsYXRpbmcgdG8gSUVURiBEb2N1bWVudHM8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIChodHRwOi8vdHJ1c3RlZS5pZXRmLm9y
Zy9saWNlbnNlLWluZm8pIGluIGVmZmVjdCBvbiB0aGUgZGF0ZSBvZjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIChodHRwOi8vdHJ1c3RlZS5pZXRmLm9yZy9saWNlbnNl
LWluZm8pIGluIGVmZmVjdCBvbiB0aGUgZGF0ZSBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgcHVibGljYXRpb24gb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSByZXZp
ZXcgdGhlc2UgZG9jdW1lbnRzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
cHVibGljYXRpb24gb2YgdGhpcyBkb2N1bWVudC4gIFBsZWFzZSByZXZpZXcgdGhlc2UgZG9j
dW1lbnRzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0icGFydC0zIiBjbGFzcz0iY2hhbmdlIj48dGQ+PC90ZD48dGg+PHNtYWxs
PnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5p
ZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTMiPjxlbT4gcGFnZSAy
LCBsaW5lIDM3PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0
aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJl
Zj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNw
YXJ0LTMiPjxlbT4gcGFnZSAyLCBsaW5lIDM3PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bh
bj48L2VtPjwvYT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgNS4xLiAgRW5jYXBzdWxhdGVkIENv
bnRyb2wgTWVzc2FnZSBMSVNQLVNFQyBFeHRlbnNpb25zICAuIC4gLiAuICAgNzwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgNS4xLiAgRW5jYXBzdWxhdGVkIENvbnRy
b2wgTWVzc2FnZSBMSVNQLVNFQyBFeHRlbnNpb25zICAuIC4gLiAuICAgNzwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA1LjIuICBNYXAtUmVwbHkgTElTUC1TRUMgRXh0
ZW5zaW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICA5PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICA1LjIuICBNYXAtUmVwbHkgTElTUC1TRUMgRXh0ZW5z
aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICA5PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgIDUuMy4gIE1hcC1SZWdpc3RlciBMSVNQLVNFQyBFeHRlbnRp
b25zICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTA8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAgIDUuMy4gIE1hcC1SZWdpc3RlciBMSVNQLVNFQyBFeHRlbnRpb25z
ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTA8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgNS40LiAgSVRSIFByb2Nlc3NpbmcgIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxMDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgNS40LiAgSVRSIFByb2Nlc3NpbmcgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuICAxMDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgICAgIDUuNC4xLiAgTWFwLVJlcGx5IFJlY29yZCBWYWxpZGF0aW9uIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gIDEyPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ICAgIDUuNC4xLiAgTWFwLVJlcGx5IFJlY29yZCBWYWxpZGF0aW9uIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gIDEyPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAg
NS40LjIuICBQSVRSIFByb2Nlc3NpbmcgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAgMTM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgNS40
LjIuICBQSVRSIFByb2Nlc3NpbmcgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAgMTM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgNS41LiAgRW5j
cnlwdGluZyBhbmQgRGVjcnlwdGluZyBhbiBPVEsgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
ICAxMzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgNS41LiAgRW5jcnlw
dGluZyBhbmQgRGVjcnlwdGluZyBhbiBPVEsgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAx
MzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA1LjYuICBNYXAtUmVzb2x2
ZXIgUHJvY2Vzc2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE0PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICA1LjYuICBNYXAtUmVzb2x2ZXIg
UHJvY2Vzc2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE0PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDUuNy4gIE1hcC1TZXJ2ZXIgUHJvY2Vz
c2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTQ8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDUuNy4gIE1hcC1TZXJ2ZXIgUHJvY2Vzc2lu
ZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTQ8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICA1LjcuMS4gIE1hcC1TZXJ2ZXIgUHJvY2Vzc2lu
ZyBpbiBQcm94eSBtb2RlIC4gLiAuIC4gLiAuIC4gLiAuICAxNTwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgICAgICA1LjcuMS4gIE1hcC1TZXJ2ZXIgUHJvY2Vzc2luZyBp
biBQcm94eSBtb2RlIC4gLiAuIC4gLiAuIC4gLiAuICAxNTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAwNSI+PHRkPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4g
ICAgIDUuOC4gIEVUUiBQcm9jZXNzaW5nICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAgMTxzcGFuIGNsYXNzPSJkZWxldGUiPjU8L3NwYW4+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgNS44LiAgRVRSIFByb2Nlc3NpbmcgIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxPHNwYW4gY2xhc3M9
Imluc2VydCI+Njwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDYu
ICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuICAxNjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIDYuICBT
ZWN1cml0eSBDb25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuICAxNjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICA2LjEuICBN
YXBwaW5nIFN5c3RlbSBTZWN1cml0eSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gIDE2PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICA2LjEuICBNYXBw
aW5nIFN5c3RlbSBTZWN1cml0eSAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
IDE2PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgIDYuMi4gIFJhbmRvbSBO
dW1iZXIgR2VuZXJhdGlvbiAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTY8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgIDYuMi4gIFJhbmRvbSBOdW1i
ZXIgR2VuZXJhdGlvbiAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTY8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMDYi
Pjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+ICAgICA2LjMuICBNYXAtU2VydmVyIGFuZCBFVFIgQ29sb2NhdGlv
biAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJkZWxldGUiPjE2
PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgIDYuMy4gIE1h
cC1TZXJ2ZXIgYW5kIEVUUiBDb2xvY2F0aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAgPHNwYW4gY2xhc3M9Imluc2VydCI+MTc8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgIDcuICBJQU5BIENvbnNpZGVyYXRpb25zIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8c3BhbiBjbGFzcz0iZGVsZXRlIj4xNjwv
c3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imlu
c2VydCI+ICAgICA2LjQuICBEZXBsb3lpbmcgTElTUC1TRUMgIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE3PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj4gICAgIDcuMS4gIEhNQUMgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+ZnVuY3Rp
b25zPC9zcGFuPiAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
IDxzcGFuIGNsYXNzPSJkZWxldGUiPjE2PC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gICA3LiAgSUFOQSBDb25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNwYW4gY2xhc3M9Imluc2VydCI+MTc8L3Nw
YW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNsYXNzPSJkZWxl
dGUiPiAgICAgNy4yLjwvc3Bhbj4gIEtleSBXcmFwIEZ1bmN0aW9ucyAgLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+MTc8L3Nw
YW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgNy4xLiAgPHNwYW4g
Y2xhc3M9Imluc2VydCI+RUNNIEFEIFR5cGUgUmVnaXN0cnkgIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuICAxNzwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+PHNwYW4gY2xhc3M9ImRlbGV0ZSI+ICAgICA3LjMuPC9zcGFuPiAgS2V5IERl
cml2YXRpb24gRnVuY3Rpb25zICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8
c3BhbiBjbGFzcz0iZGVsZXRlIj4xNzwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgICA3LjIuICBNYXAtUmVwbHkgQUQg
VHlwZSBSZWdpc3RyeSAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE4PC9zcGFu
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA4LiAgQWNrbm93bGVkZ2Vt
ZW50cyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+MTg8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgNy4zLjwvc3Bhbj4gIEhNQUMgPHNw
YW4gY2xhc3M9Imluc2VydCI+RnVuY3Rpb25zPC9zcGFuPiAgLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjE4PC9zcGFu
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA5LiAgTm9ybWF0aXZlIFJl
ZmVyZW5jZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+MTg8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgNy40Ljwvc3Bhbj4gIEtleSBXcmFw
IEZ1bmN0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgPHNw
YW4gY2xhc3M9Imluc2VydCI+MTk8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
YmxvY2siPiAgIEF1dGhvcnMnIEFkZHJlc3NlcyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8c3BhbiBjbGFzcz0iZGVsZXRlIj4xOTwvc3Bhbj48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+
ICAgICA3LjUuPC9zcGFuPiAgS2V5IERlcml2YXRpb24gRnVuY3Rpb25zICAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4xOTwvc3Bhbj48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPiAgIDguICBBY2tub3dsZWRnZW1lbnRzICAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4xOTwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPiAgIDkuICBOb3JtYXRpdmUgUmVmZXJlbmNlcyAgLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8c3BhbiBjbGFzcz0iaW5zZXJ0
Ij4yMDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIEF1dGhvcnMnIEFkZHJlc3NlcyAgLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICA8c3BhbiBjbGFzcz0i
aW5zZXJ0Ij4yMTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+MS4gIEludHJvZHVjdGlvbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PjEuICBJbnRyb2R1Y3Rpb248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAwNyI+PHRkPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBUaGUg
TG9jYXRvci9JRCBTZXBhcmF0aW9uIFByb3RvY29sIFtSRkM2ODMwXSA8c3BhbiBjbGFzcz0i
ZGVsZXRlIj5kZWZpbmVzPC9zcGFuPiBhIDxzcGFuIGNsYXNzPSJkZWxldGUiPnNldDwvc3Bh
bj4gb2Y8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgVGhlIExvY2F0b3Iv
SUQgU2VwYXJhdGlvbiBQcm90b2NvbCBbUkZDNjgzMF0gPHNwYW4gY2xhc3M9Imluc2VydCI+
aXM8L3NwYW4+IGEgPHNwYW4gY2xhc3M9Imluc2VydCI+bmV0d29yay1sYXllci1iYXNlZDwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNwYW4gY2xhc3M9
ImRlbGV0ZSI+ZnVuY3Rpb25zIGZvciByb3V0ZXJzIHRvIGV4Y2hhbmdlIGluZm9ybWF0aW9u
IHVzZWQgdG8gbWFwIGZyb20gbm9uLTwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgcHJvdG9jb2wgdGhhdCBlbmFibGVz
IHNlcGFyYXRpb248L3NwYW4+IG9mIDxzcGFuIGNsYXNzPSJpbnNlcnQiPklQIGFkZHJlc3Nl
cyBpbnRvIHR3byBuZXc8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PjxzcGFuIGNsYXNzPSJkZWxldGUiPiAgIHJvdXRhYmxlPC9zcGFuPiBFbmRwb2ludCBJZGVu
dGlmaWVycyAoRUlEcykgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+dG8gcm91dGFibGU8L3NwYW4+
IFJvdXRpbmcgTG9jYXRvcnM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNw
YW4gY2xhc3M9Imluc2VydCI+ICAgbnVtYmVyaW5nIHNwYWNlczo8L3NwYW4+IEVuZHBvaW50
IElkZW50aWZpZXJzIChFSURzKSA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5hbmQ8L3NwYW4+IFJv
dXRpbmcgTG9jYXRvcnM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIChSTE9D
cykuICBJZiB0aGVzZSBFSUQtdG8tUkxPQyBtYXBwaW5ncywgY2FycmllZCB0aHJvdWdoIE1h
cC1SZXBseTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIChSTE9DcykuICBJ
ZiB0aGVzZSBFSUQtdG8tUkxPQyBtYXBwaW5ncywgY2FycmllZCB0aHJvdWdoIE1hcC1SZXBs
eTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbWVzc2FnZXMsIGFyZSB0cmFu
c21pdHRlZCB3aXRob3V0IGludGVncml0eSBwcm90ZWN0aW9uLCBhbiBhZHZlcnNhcnk8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBtZXNzYWdlcywgYXJlIHRyYW5zbWl0
dGVkIHdpdGhvdXQgaW50ZWdyaXR5IHByb3RlY3Rpb24sIGFuIGFkdmVyc2FyeTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgY2FuIG1hbmlwdWxhdGUgdGhlbSBhbmQgaGlq
YWNrIHRoZSBjb21tdW5pY2F0aW9uLCBpbXBlcnNvbmF0ZSB0aGU8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBjYW4gbWFuaXB1bGF0ZSB0aGVtIGFuZCBoaWphY2sgdGhl
IGNvbW11bmljYXRpb24sIGltcGVyc29uYXRlIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgcmVxdWVzdGVkIEVJRCwgb3IgbW91bnQgRGVuaWFsIG9mIFNlcnZpY2Ug
b3IgRGlzdHJpYnV0ZWQgRGVuaWFsIG9mPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgcmVxdWVzdGVkIEVJRCwgb3IgbW91bnQgRGVuaWFsIG9mIFNlcnZpY2Ugb3IgRGlz
dHJpYnV0ZWQgRGVuaWFsIG9mPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBT
ZXJ2aWNlIGF0dGFja3MuICBBbHNvLCBpZiB0aGUgTWFwLVJlcGx5IG1lc3NhZ2UgaXMgdHJh
bnNwb3J0ZWQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBTZXJ2aWNlIGF0
dGFja3MuICBBbHNvLCBpZiB0aGUgTWFwLVJlcGx5IG1lc3NhZ2UgaXMgdHJhbnNwb3J0ZWQ8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHVuYXV0aGVudGljYXRlZCwgYW4g
YWR2ZXJzYXJpYWwgTElTUCBlbnRpdHkgY2FuIG92ZXJjbGFpbSBhbiBFSUQtPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdW5hdXRoZW50aWNhdGVkLCBhbiBhZHZlcnNh
cmlhbCBMSVNQIGVudGl0eSBjYW4gb3ZlcmNsYWltIGFuIEVJRC08L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIHByZWZpeCBhbmQgbWFsaWNpb3VzbHkgcmVkaXJlY3QgdHJh
ZmZpYyBkaXJlY3RlZCB0byBhIGxhcmdlIG51bWJlciBvZjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIHByZWZpeCBhbmQgbWFsaWNpb3VzbHkgcmVkaXJlY3QgdHJhZmZp
YyBkaXJlY3RlZCB0byBhIGxhcmdlIG51bWJlciBvZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAwOCI+PHRkPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBo
b3N0cy4gIDxzcGFuIGNsYXNzPSJkZWxldGUiPkE8L3NwYW4+IGRldGFpbGVkIGRlc2NyaXB0
aW9uIG9mICJvdmVyY2xhaW1pbmciIDxzcGFuIGNsYXNzPSJkZWxldGUiPmF0dGFjayBpcyBw
cm92aWRlZDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgaG9z
dHMuICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5UaGUgTElTUC1TRUMgdGhyZWF0IG1vZGVsLCBk
ZXNjcmliZWQgaW4gU2VjdGlvbiAzLCBpcyBidWlsdDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRlbGV0ZSI+ICAgaW4gW1JGQzc4MzVd
Ljwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9
Imluc2VydCI+ICAgb24gdG9wIG9mIHRoZSBMSVNQIHRocmVhdCBtb2RlbCBkZWZpbmVkIGlu
IFtSRkM3ODM1XSwgdGhhdCBpbmNsdWRlczwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGRldGFp
bGVkIGRlc2NyaXB0aW9uIG9mICJvdmVyY2xhaW1pbmciIDxzcGFuIGNsYXNzPSJpbnNlcnQi
PmF0dGFjay48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgIFRoaXMgbWVtbyBzcGVjaWZpZXMgTElTUC1TRUMsIGEgc2V0IG9mIHNlY3VyaXR5
IG1lY2hhbmlzbXMgdGhhdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRo
aXMgbWVtbyBzcGVjaWZpZXMgTElTUC1TRUMsIGEgc2V0IG9mIHNlY3VyaXR5IG1lY2hhbmlz
bXMgdGhhdDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcHJvdmlkZXMgb3Jp
Z2luIGF1dGhlbnRpY2F0aW9uLCBpbnRlZ3JpdHkgYW5kIGFudGktcmVwbGF5IHByb3RlY3Rp
b248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBwcm92aWRlcyBvcmlnaW4g
YXV0aGVudGljYXRpb24sIGludGVncml0eSBhbmQgYW50aS1yZXBsYXkgcHJvdGVjdGlvbjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdG8gTElTUCdzIEVJRC10by1STE9D
IG1hcHBpbmcgZGF0YSBjb252ZXllZCB2aWEgbWFwcGluZyBsb29rdXA8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0byBMSVNQJ3MgRUlELXRvLVJMT0MgbWFwcGluZyBk
YXRhIGNvbnZleWVkIHZpYSBtYXBwaW5nIGxvb2t1cDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgcHJvY2Vzcy4gIExJU1AtU0VDIGFsc28gZW5hYmxlcyB2ZXJpZmljYXRp
b24gb2YgYXV0aG9yaXphdGlvbiBvbiBFSUQtPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgcHJvY2Vzcy4gIExJU1AtU0VDIGFsc28gZW5hYmxlcyB2ZXJpZmljYXRpb24g
b2YgYXV0aG9yaXphdGlvbiBvbiBFSUQtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBwcmVmaXggY2xhaW1zIGluIE1hcC1SZXBseSBtZXNzYWdlcywgZW5zdXJpbmcgdGhh
dCB0aGUgc2VuZGVyIG9mIGE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBw
cmVmaXggY2xhaW1zIGluIE1hcC1SZXBseSBtZXNzYWdlcywgZW5zdXJpbmcgdGhhdCB0aGUg
c2VuZGVyIG9mIGE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIE1hcC1SZXBs
eSB0aGF0IHByb3ZpZGVzIHRoZSBsb2NhdGlvbiBmb3IgYSBnaXZlbiBFSUQtcHJlZml4IGlz
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgTWFwLVJlcGx5IHRoYXQgcHJv
dmlkZXMgdGhlIGxvY2F0aW9uIGZvciBhIGdpdmVuIEVJRC1wcmVmaXggaXM8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGVudGl0bGVkIHRvIGRvIHNvIGFjY29yZGluZyB0
byB0aGUgRUlEIHByZWZpeCByZWdpc3RlcmVkIGluIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIGVudGl0bGVkIHRvIGRvIHNvIGFjY29yZGluZyB0byB0aGUgRUlE
IHByZWZpeCByZWdpc3RlcmVkIGluIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgYXNzb2NpYXRlZCBNYXAtU2VydmVyLiAgTWFwLVJlZ2lzdGVyIHNlY3VyaXR5LCBp
bmNsdWRpbmcgdGhlIHJpZ2h0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
YXNzb2NpYXRlZCBNYXAtU2VydmVyLiAgTWFwLVJlZ2lzdGVyIHNlY3VyaXR5LCBpbmNsdWRp
bmcgdGhlIHJpZ2h0PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBmb3IgYSBM
SVNQIGVudGl0eSB0byByZWdpc3RlciBhbiBFSUQtcHJlZml4IG9yIHRvIGNsYWltIHByZXNl
bmNlIGF0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZm9yIGEgTElTUCBl
bnRpdHkgdG8gcmVnaXN0ZXIgYW4gRUlELXByZWZpeCBvciB0byBjbGFpbSBwcmVzZW5jZSBh
dDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYW4gUkxPQywgaXMgb3V0IG9m
IHRoZSBzY29wZSBvZiBMSVNQLVNFQy4gIEFkZGl0aW9uYWwgc2VjdXJpdHk8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBhbiBSTE9DLCBpcyBvdXQgb2YgdGhlIHNjb3Bl
IG9mIExJU1AtU0VDLiAgQWRkaXRpb25hbCBzZWN1cml0eTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgY29uc2lkZXJhdGlvbnMgYXJlIGRlc2NyaWJlZCBpbiBTZWN0aW9u
IDYuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgY29uc2lkZXJhdGlvbnMg
YXJlIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDYuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjIuICBEZWZpbml0aW9uIG9mIFRlcm1zPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+Mi4gIERlZmluaXRpb24gb2YgVGVybXM8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgT25lLVRpbWUgS2V5IChPVEsp
OiBBbiBlcGhlbWVyYWwgcmFuZG9tbHkgZ2VuZXJhdGVkIGtleSB0aGF0IG11c3Q8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBPbmUtVGltZSBLZXkgKE9USyk6IEFu
IGVwaGVtZXJhbCByYW5kb21seSBnZW5lcmF0ZWQga2V5IHRoYXQgbXVzdDwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgYmUgdXNlZCBmb3IgYSBzaW5nbGUgTWFwLVJl
cXVlc3QvTWFwLVJlcGx5IGV4Y2hhbmdlLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgIGJlIHVzZWQgZm9yIGEgc2luZ2xlIE1hcC1SZXF1ZXN0L01hcC1SZXBseSBl
eGNoYW5nZS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyIGlkPSJkaWZmMDAwOSI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICAgICA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5JVFItT1RLOiBUaGU8L3NwYW4+IE9uZS1UaW1lIEtleSA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5nZW5lcmF0ZWQgYXQgdGhlIElUUi48L3NwYW4+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPklUUjwv
c3Bhbj4gT25lLVRpbWUgS2V5IDxzcGFuIGNsYXNzPSJpbnNlcnQiPihJVFItT1RLKTo8L3Nw
YW4+IFRoZSBPbmUtVGltZSBLZXkgZ2VuZXJhdGVkIGF0IHRoZSA8c3BhbiBjbGFzcz0iaW5z
ZXJ0Ij5JVFIuPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3Bh
biBjbGFzcz0iZGVsZXRlIj48L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxv
Y2siPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0iZGVs
ZXRlIj4gICAgICAgICBNUy1PVEs6PC9zcGFuPiBUaGUgT25lLVRpbWUgS2V5IGdlbmVyYXRl
ZCBhdCB0aGUgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+TWFwLVNlcnZlci48L3NwYW4+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDEwIj48dGQ+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPiAgICAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPkVuY2Fwc3VsYXRlZCBDb250cm9sIE1l
c3NhZ2UgKEVDTSk6IEEgTElTUCBjb250cm9sIG1lc3NhZ2UgdGhhdCBpczwvc3Bhbj48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgPHNwYW4gY2xhc3M9Imluc2Vy
dCI+TVMgT25lLVRpbWUgS2V5IChNUy1PVEspOiBUaGUgT25lLVRpbWUgS2V5IGdlbmVyYXRl
ZCBhdCB0aGU8L3NwYW4+IE1hcC08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
PHNwYW4gY2xhc3M9ImRlbGV0ZSI+ICAgICAgcHJlcGVuZGVkIHdpdGggYW4gYWRkaXRpb25h
bCBMSVNQIGhlYWRlci4gIEVDTSBpcyB1c2VkIGJ5IElUUnMgdG88L3NwYW4+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPlNl
cnZlci48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNs
YXNzPSJkZWxldGUiPiAgICAgIHNlbmQgTElTUCBjb250cm9sIG1lc3NhZ2VzIHRvIGEgTWFw
LVJlc29sdmVyLCBieSBNYXAtUmVzb2x2ZXJzIHRvPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNw
YW4gY2xhc3M9ImRlbGV0ZSI+ICAgICAgZm9yd2FyZCBMSVNQIGNvbnRyb2wgbWVzc2FnZXMg
dG8gYSBNYXAtU2VydmVyLCBhbmQgYnk8L3NwYW4+IE1hcC08L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAg
IDxzcGFuIGNsYXNzPSJkZWxldGUiPlJlc29sdmVycyB0byBmb3J3YXJkIExJU1AgY29udHJv
bCBtZXNzYWdlcyB0byBhbiBFVFIuPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
ICAgQXV0aGVudGljYXRpb24gRGF0YSAoQUQpOiBNZXRhZGF0YSB0aGF0IGlzIGluY2x1ZGVk
IGVpdGhlciBpbiBhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgQXV0
aGVudGljYXRpb24gRGF0YSAoQUQpOiBNZXRhZGF0YSB0aGF0IGlzIGluY2x1ZGVkIGVpdGhl
ciBpbiBhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9
ImRpZmYwMDExIj48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAgIExJU1AgPHNwYW4gY2xhc3M9ImRlbGV0
ZSI+RUNNIGhlYWRlcjwvc3Bhbj4gb3IgaW4gYSBNYXAtUmVwbHkgbWVzc2FnZSB0byBzdXBw
b3J0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIExJU1AgPHNwYW4g
Y2xhc3M9Imluc2VydCI+RW5jYXBzdWxhdGVkIENvbnRyb2wgTWVzc2FnZSAoRUNNKSBoZWFk
ZXIsIGFzIGRlZmluZWQgaW48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxv
Y2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5z
ZXJ0Ij4gICAgICBTZWN0aW9uIDYuMS44IG9mIFtSRkM2ODMwXSw8L3NwYW4+IG9yIGluIGEg
TWFwLVJlcGx5IG1lc3NhZ2UgdG8gc3VwcG9ydDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgICAgY29uZmlkZW50aWFsaXR5LCBpbnRlZ3JpdHkgcHJvdGVjdGlvbiwgYW5k
IHZlcmlmaWNhdGlvbiBvZiBFSUQtPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgY29uZmlkZW50aWFsaXR5LCBpbnRlZ3JpdHkgcHJvdGVjdGlvbiwgYW5kIHZlcmlm
aWNhdGlvbiBvZiBFSUQtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBw
cmVmaXggYXV0aG9yaXphdGlvbi48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBwcmVmaXggYXV0aG9yaXphdGlvbi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAxMiI+PHRkPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2Nr
Ij4gICAgICAgICA8c3BhbiBjbGFzcz0iZGVsZXRlIj5PVEstQUQ6PC9zcGFuPiBUaGUgcG9y
dGlvbiBvZiBFQ00gQXV0aGVudGljYXRpb24gRGF0YSB0aGF0IGNvbnRhaW5zIGE8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+
T1RLIEF1dGhlbnRpY2F0aW9uIERhdGEgKE9USy1BRCk6PC9zcGFuPiBUaGUgcG9ydGlvbiBv
ZiBFQ008L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAgT25lLVRp
bWUgS2V5LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICBBdXRoZW50
aWNhdGlvbiBEYXRhIHRoYXQgY29udGFpbnMgYSBPbmUtVGltZSBLZXkuPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAw
MTMiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+RUlELUFE
Ojwvc3Bhbj4gVGhlIHBvcnRpb24gb2YgRUNNIGFuZCBNYXAtUmVwbHkgQXV0aGVudGljYXRp
b24gRGF0YTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICA8c3BhbiBj
bGFzcz0iaW5zZXJ0Ij5FSUQgQXV0aGVudGljYXRpb24gRGF0YSAoRUlELUFEKTo8L3NwYW4+
IFRoZSBwb3J0aW9uIG9mIEVDTSBhbmQgTWFwLVJlcGx5PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgICAgICAgIHVzZWQgZm9yIHZlcmlmaWNhdGlvbiBvZiBFSUQtcHJl
Zml4IGF1dGhvcml6YXRpb24uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAg
ICAgIEF1dGhlbnRpY2F0aW9uIERhdGEgdXNlZCBmb3IgdmVyaWZpY2F0aW9uIG9mIEVJRC1w
cmVmaXg8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIGF1dGhvcml6YXRpb24uPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMTQi
Pjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+ICAgICAgICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+UEtULUFEOjwv
c3Bhbj4gVGhlIHBvcnRpb24gb2YgTWFwLVJlcGx5IEF1dGhlbnRpY2F0aW9uIERhdGEgdXNl
ZCB0bzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICA8c3BhbiBjbGFz
cz0iaW5zZXJ0Ij5QYWNrZXQgQXV0aGVudGljYXRpb24gRGF0YSAoUEtULUFEKTo8L3NwYW4+
IFRoZSBwb3J0aW9uIG9mIE1hcC1SZXBseTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj4gICAgICAgICBwcm90ZWN0IHRoZSBpbnRlZ3JpdHkgb2YgdGhlIE1hcC1SZXBseSBt
ZXNzYWdlLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICBBdXRoZW50
aWNhdGlvbiBEYXRhIHVzZWQgdG8gcHJvdGVjdCB0aGUgaW50ZWdyaXR5IG9mIHRoZSBNYXAt
UmVwbHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIG1lc3NhZ2UuPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIEZvciBkZWZpbml0aW9ucyBvZiBvdGhlciB0ZXJt
cywgbm90YWJseSBNYXAtUmVxdWVzdCwgTWFwLVJlcGx5LDwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIEZvciBkZWZpbml0aW9ucyBvZiBvdGhlciB0ZXJtcywgbm90YWJs
eSBNYXAtUmVxdWVzdCwgTWFwLVJlcGx5LDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgSW5ncmVzcyBUdW5uZWwgUm91dGVyIChJVFIpLCBFZ3Jlc3MgVHVubmVsIFJvdXRl
ciAoRVRSKSwgTWFwLVNlcnZlcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
IEluZ3Jlc3MgVHVubmVsIFJvdXRlciAoSVRSKSwgRWdyZXNzIFR1bm5lbCBSb3V0ZXIgKEVU
UiksIE1hcC1TZXJ2ZXI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIChNUyks
IGFuZCBNYXAtUmVzb2x2ZXIgKE1SKSBwbGVhc2UgY29uc3VsdCB0aGUgTElTUCBzcGVjaWZp
Y2F0aW9uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgKE1TKSwgYW5kIE1h
cC1SZXNvbHZlciAoTVIpIHBsZWFzZSBjb25zdWx0IHRoZSBMSVNQIHNwZWNpZmljYXRpb248
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkM2ODMwXS48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZDNjgzMF0uPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjMuICBMSVNQLVNFQyBUaHJlYXQgTW9kZWw8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4zLiAgTElTUC1TRUMgVGhyZWF0IE1vZGVs
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIExJU1AtU0VD
IGFkZHJlc3NlcyB0aGUgY29udHJvbCBwbGFuZSB0aHJlYXRzLCBkZXNjcmliZWQgaW4gW1JG
Qzc4MzVdLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIExJU1AtU0VDIGFk
ZHJlc3NlcyB0aGUgY29udHJvbCBwbGFuZSB0aHJlYXRzLCBkZXNjcmliZWQgaW4gW1JGQzc4
MzVdLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhhdCB0YXJnZXQgRUlE
LXRvLVJMT0MgbWFwcGluZ3MsIGluY2x1ZGluZyBtYW5pcHVsYXRpb25zIG9mIE1hcC08L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGF0IHRhcmdldCBFSUQtdG8tUkxP
QyBtYXBwaW5ncywgaW5jbHVkaW5nIG1hbmlwdWxhdGlvbnMgb2YgTWFwLTwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUmVxdWVzdCBhbmQgTWFwLVJlcGx5IG1lc3NhZ2Vz
LCBhbmQgbWFsaWNpb3VzIEVUUiBFSUQgcHJlZml4PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgUmVxdWVzdCBhbmQgTWFwLVJlcGx5IG1lc3NhZ2VzLCBhbmQgbWFsaWNp
b3VzIEVUUiBFSUQgcHJlZml4PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBv
dmVyY2xhaW1pbmcuICBMSVNQLVNFQyBtYWtlcyB0d28gbWFpbiBhc3N1bXB0aW9uczogKDEp
IHRoZSBMSVNQPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgb3ZlcmNsYWlt
aW5nLiAgTElTUC1TRUMgbWFrZXMgdHdvIG1haW4gYXNzdW1wdGlvbnM6ICgxKSB0aGUgTElT
UDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbWFwcGluZyBzeXN0ZW0gaXMg
ZXhwZWN0ZWQgdG8gZGVsaXZlciBhIE1hcC1SZXF1ZXN0IG1lc3NhZ2UgdG8gdGhlaXI8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBtYXBwaW5nIHN5c3RlbSBpcyBleHBl
Y3RlZCB0byBkZWxpdmVyIGEgTWFwLVJlcXVlc3QgbWVzc2FnZSB0byB0aGVpcjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgaW50ZW5kZWQgZGVzdGluYXRpb24gRVRSIGFz
IGlkZW50aWZpZWQgYnkgdGhlIEVJRCwgYW5kICgyKSBubyBtYW4taW4tPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgaW50ZW5kZWQgZGVzdGluYXRpb24gRVRSIGFzIGlk
ZW50aWZpZWQgYnkgdGhlIEVJRCwgYW5kICgyKSBubyBtYW4taW4tPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUtbWlkZGxlIChNSVRNKSBhdHRhY2sgY2FuIGJlIG1v
dW50ZWQgd2l0aGluIHRoZSBMSVNQIE1hcHBpbmc8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICB0aGUtbWlkZGxlIChNSVRNKSBhdHRhY2sgY2FuIGJlIG1vdW50ZWQgd2l0
aGluIHRoZSBMSVNQIE1hcHBpbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0ciBpZD0iZGlmZjAwMTUiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgU3lzdGVtLiAgRnVy
dGhlcm1vcmUsIHdoaWxlIExJU1AtU0VDIGVuYWJsZXMgZGV0ZWN0aW9uIG9mIEVJRCBwcmVm
aXg8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgU3lzdGVtLiAgPHNwYW4g
Y2xhc3M9Imluc2VydCI+SG93IHRoZSBNYXBwaW5nIFN5c3RlbSBpcyBwcm90ZWN0ZWQgZnJv
bSBNSVRNIGF0dGFja3M8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PiAgIG92ZXJjbGFpbWluZyBhdHRhY2tzLCBpdCBhc3N1bWVzIHRoYXQgTWFwLVNlcnZlcnMg
Y2FuIHZlcmlmeSB0aGUgRUlEPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxz
cGFuIGNsYXNzPSJpbnNlcnQiPiAgIGRlcGVuZHMgZnJvbSB0aGUgcGFydGljdWxhciBNYXBw
aW5nIFN5c3RlbXMgdXNlZCwgYW5kIGlzIG91dCBvZiB0aGU8L3NwYW4+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIHByZWZpeCBhdXRob3JpemF0aW9uIGF0IHRpbWUg
b2YgcmVnaXN0cmF0aW9uLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3Bh
biBjbGFzcz0iaW5zZXJ0Ij4gICBzY29wZSBvZiB0aGlzIG1lbW8uPC9zcGFuPiAgRnVydGhl
cm1vcmUsIHdoaWxlIExJU1AtU0VDIGVuYWJsZXMgZGV0ZWN0aW9uIG9mPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij4gICBFSUQgcHJlZml4IG92ZXJjbGFpbWluZyBhdHRhY2tzLCBpdCBhc3N1bWVzIHRoYXQg
TWFwLVNlcnZlcnMgY2FuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICB2ZXJpZnkgdGhlIEVJRCBwcmVmaXgg
YXV0aG9yaXphdGlvbiBhdCB0aW1lIG9mIHJlZ2lzdHJhdGlvbi48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgQWNjb3JkaW5nIHRvIHRoZSB0aHJlYXQg
bW9kZWwgZGVzY3JpYmVkIGluIFtSRkM3ODM1XSBMSVNQLVNFQyBhc3N1bWVzPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgQWNjb3JkaW5nIHRvIHRoZSB0aHJlYXQgbW9k
ZWwgZGVzY3JpYmVkIGluIFtSRkM3ODM1XSBMSVNQLVNFQyBhc3N1bWVzPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGF0IGFueSBraW5kIG9mIGF0dGFjaywgaW5jbHVk
aW5nIE1JVE0gYXR0YWNrcywgY2FuIGJlIG1vdW50ZWQgaW48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICB0aGF0IGFueSBraW5kIG9mIGF0dGFjaywgaW5jbHVkaW5nIE1J
VE0gYXR0YWNrcywgY2FuIGJlIG1vdW50ZWQgaW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIHRoZSBhY2Nlc3MgbmV0d29yaywgb3V0c2lkZSBvZiB0aGUgYm91bmRhcmll
cyBvZiB0aGUgTElTUCBtYXBwaW5nPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgdGhlIGFjY2VzcyBuZXR3b3JrLCBvdXRzaWRlIG9mIHRoZSBib3VuZGFyaWVzIG9mIHRo
ZSBMSVNQIG1hcHBpbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHN5c3Rl
bS4gIEFuIG9uLXBhdGggYXR0YWNrZXIsIG91dHNpZGUgb2YgdGhlIExJU1AgbWFwcGluZyBz
eXN0ZW0gY2FuLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHN5c3RlbS4g
IEFuIG9uLXBhdGggYXR0YWNrZXIsIG91dHNpZGUgb2YgdGhlIExJU1AgbWFwcGluZyBzeXN0
ZW0gY2FuLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZm9yIGV4YW1wbGUs
IGhpamFjayBNYXAtUmVxdWVzdCBhbmQgTWFwLVJlcGx5IG1lc3NhZ2VzLCBzcG9vZmluZyB0
aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBmb3IgZXhhbXBsZSwgaGlq
YWNrIE1hcC1SZXF1ZXN0IGFuZCBNYXAtUmVwbHkgbWVzc2FnZXMsIHNwb29maW5nIHRoZTwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgaWRlbnRpdHkgb2YgYSBMSVNQIG5v
ZGUuICBBbm90aGVyIGV4YW1wbGUgb2Ygb24tcGF0aCBhdHRhY2ssIGNhbGxlZDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGlkZW50aXR5IG9mIGEgTElTUCBub2RlLiAg
QW5vdGhlciBleGFtcGxlIG9mIG9uLXBhdGggYXR0YWNrLCBjYWxsZWQ8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG92ZXJjbGFpbWluZyBhdHRhY2ssIGNhbiBiZSBtb3Vu
dGVkIGJ5IGEgbWFsaWNpb3VzIEVncmVzcyBUdW5uZWw8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBvdmVyY2xhaW1pbmcgYXR0YWNrLCBjYW4gYmUgbW91bnRlZCBieSBh
IG1hbGljaW91cyBFZ3Jlc3MgVHVubmVsPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBSb3V0ZXIgKEVUUiksIGJ5IG92ZXJjbGFpbWluZyB0aGUgRUlELXByZWZpeGVzIGZv
ciB3aGljaCBpdCBpczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFJvdXRl
ciAoRVRSKSwgYnkgb3ZlcmNsYWltaW5nIHRoZSBFSUQtcHJlZml4ZXMgZm9yIHdoaWNoIGl0
IGlzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBhdXRob3JpdGF0aXZlLiAg
SW4gdGhpcyB3YXkgdGhlIEVUUiBjYW4gbWFsaWNpb3VzbHkgcmVkaXJlY3QgdHJhZmZpYzwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGF1dGhvcml0YXRpdmUuICBJbiB0
aGlzIHdheSB0aGUgRVRSIGNhbiBtYWxpY2lvdXNseSByZWRpcmVjdCB0cmFmZmljPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0i
cGFydC00IiBjbGFzcz0iY2hhbmdlIj48dGQ+PC90ZD48dGg+PHNtYWxsPnNraXBwaW5nIHRv
IGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29s
cy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTQiPjxlbT4gcGFnZSA1LCBsaW5lIDE2PHNw
YW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0aD4gPC90aD48dGg+
PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90
b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTQiPjxlbT4g
cGFnZSA1LCBsaW5lIDE5PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48
L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIFRob3NlIHRydXN0IHJlbGF0aW9uc2hpcHMgYXJlIHVzZWQg
dG8gc2VjdXJlbHkgZGlzdHJpYnV0ZSBhIE9uZS1UaW1lPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgVGhvc2UgdHJ1c3QgcmVsYXRpb25zaGlwcyBhcmUgdXNlZCB0byBz
ZWN1cmVseSBkaXN0cmlidXRlIGEgT25lLVRpbWU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIEtleSAoT1RLKSB0aGF0IHByb3ZpZGVzIG9yaWdpbiBhdXRoZW50aWNhdGlv
biwgaW50ZWdyaXR5IGFuZCBhbnRpLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIEtleSAoT1RLKSB0aGF0IHByb3ZpZGVzIG9yaWdpbiBhdXRoZW50aWNhdGlvbiwgaW50
ZWdyaXR5IGFuZCBhbnRpLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcmVw
bGF5IHByb3RlY3Rpb24gdG8gbWFwcGluZyBkYXRhIGNvbnZleWVkIHZpYSB0aGUgbWFwcGlu
ZyBsb29rdXA8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICByZXBsYXkgcHJv
dGVjdGlvbiB0byBtYXBwaW5nIGRhdGEgY29udmV5ZWQgdmlhIHRoZSBtYXBwaW5nIGxvb2t1
cDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcHJvY2VzcywgYW5kIHRoYXQg
ZWZmZWN0aXZlbHkgcHJldmVudCBvdmVyY2xhaW1pbmcgYXR0YWNrcy4gIFRoZTwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHByb2Nlc3MsIGFuZCB0aGF0IGVmZmVjdGl2
ZWx5IHByZXZlbnQgb3ZlcmNsYWltaW5nIGF0dGFja3MuICBUaGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIHByb2Nlc3Npbmcgb2Ygc2VjdXJpdHkgcGFyYW1ldGVycyBk
dXJpbmcgdGhlIE1hcC1SZXF1ZXN0L01hcC1SZXBseTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIHByb2Nlc3Npbmcgb2Ygc2VjdXJpdHkgcGFyYW1ldGVycyBkdXJpbmcg
dGhlIE1hcC1SZXF1ZXN0L01hcC1SZXBseTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgZXhjaGFuZ2UgaXMgYXMgZm9sbG93czo8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBleGNoYW5nZSBpcyBhcyBmb2xsb3dzOjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBvICBUaGUgSVRSLU9USyBpcyBnZW5lcmF0ZWQg
YW5kIHN0b3JlZCBhdCB0aGUgSVRSLCBhbmQgc2VjdXJlbHk8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij4gICBvICBUaGUgSVRSLU9USyBpcyBnZW5lcmF0ZWQgYW5kIHN0b3Jl
ZCBhdCB0aGUgSVRSLCBhbmQgc2VjdXJlbHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgIHRyYW5zcG9ydGVkIHRvIHRoZSBNYXAtU2VydmVyLjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHRyYW5zcG9ydGVkIHRvIHRoZSBNYXAtU2VydmVy
LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHIgaWQ9ImRpZmYwMDE2Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIG8gIFRoZSBNYXAtU2VydmVyIHVz
ZXMgdGhlIElUUi1PVEsgdG8gY29tcHV0ZSA8c3BhbiBjbGFzcz0iZGVsZXRlIj5hbiBITUFD
PC9zcGFuPiB0aGF0IHByb3RlY3RzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PiAgIG8gIFRoZSBNYXAtU2VydmVyIHVzZXMgdGhlIElUUi1PVEsgdG8gY29tcHV0ZSA8c3Bh
biBjbGFzcz0iaW5zZXJ0Ij5hIEtleWVkLUhhc2hpbmcgZm9yPC9zcGFuPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICB0aGUgaW50ZWdyaXR5IG9mIHRoZSBtYXBw
aW5nIGRhdGEga25vd24gdG8gdGhlIE1hcC1TZXJ2ZXIgdG88L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgICAgTWVzc2FnZSBBdXRo
ZW50aWNhdGlvbiAoSE1BQykgW1JGQzIxMDRdPC9zcGFuPiB0aGF0IHByb3RlY3RzIHRoZTwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICBwcmV2ZW50IG92ZXJjbGFp
bWluZyBhdHRhY2tzLiAgVGhlIE1hcC1TZXJ2ZXIgYWxzbyBkZXJpdmVzIGEgbmV3PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIGludGVncml0eSBvZiB0aGUgbWFw
cGluZyBkYXRhIGtub3duIHRvIHRoZSBNYXAtU2VydmVyIHRvIHByZXZlbnQ8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgT1RLLCB0aGUgTVMtT1RLLCB0aGF0IGlz
IHBhc3NlZCB0byB0aGUgRVRSLCBieSBhcHBseWluZyBhIEtleTwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj4gICAgICBvdmVyY2xhaW1pbmcgYXR0YWNrcy4gIFRoZSBNYXAt
U2VydmVyIGFsc28gZGVyaXZlcyBhIG5ldyBPVEssIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj4gICAgICBEZXJpdmF0aW9uIEZ1bmN0aW9uIChLREYpIHRvIHRoZSBJ
VFItT1RLLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICBNUy1PVEss
IHRoYXQgaXMgcGFzc2VkIHRvIHRoZSBFVFIsIGJ5IGFwcGx5aW5nIGEgS2V5IERlcml2YXRp
b248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiAgICAgIEZ1bmN0aW9uIChLREYpIHRvIHRoZSBJVFItT1RLLjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBvICBUaGUgRVRS
IHVzZXMgdGhlIE1TLU9USyB0byBjb21wdXRlIGFuIEhNQUMgdGhhdCBwcm90ZWN0cyB0aGU8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBvICBUaGUgRVRSIHVzZXMgdGhl
IE1TLU9USyB0byBjb21wdXRlIGFuIEhNQUMgdGhhdCBwcm90ZWN0cyB0aGU8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIGludGVncml0eSBvZiB0aGUgTWFwLVJlcGx5
IHNlbnQgdG8gdGhlIElUUi48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAg
ICBpbnRlZ3JpdHkgb2YgdGhlIE1hcC1SZXBseSBzZW50IHRvIHRoZSBJVFIuPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIG8gIEZpbmFsbHksIHRoZSBJ
VFIgdXNlcyB0aGUgc3RvcmVkIElUUi1PVEsgdG8gdmVyaWZ5IHRoZSBpbnRlZ3JpdHk8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBvICBGaW5hbGx5LCB0aGUgSVRSIHVz
ZXMgdGhlIHN0b3JlZCBJVFItT1RLIHRvIHZlcmlmeSB0aGUgaW50ZWdyaXR5PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBvZiB0aGUgbWFwcGluZyBkYXRhIHByb3Zp
ZGVkIGJ5IGJvdGggdGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBFVFIsPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgb2YgdGhlIG1hcHBpbmcgZGF0YSBwcm92aWRlZCBi
eSBib3RoIHRoZSBNYXAtU2VydmVyIGFuZCB0aGUgRVRSLDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgYW5kIHRvIHZlcmlmeSB0aGF0IG5vIG92ZXJjbGFpbWluZyBh
dHRhY2tzIHdlcmUgbW91bnRlZCBhbG9uZyB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICBhbmQgdG8gdmVyaWZ5IHRoYXQgbm8gb3ZlcmNsYWltaW5nIGF0dGFj
a3Mgd2VyZSBtb3VudGVkIGFsb25nIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgcGF0aCBiZXR3ZWVuIHRoZSBNYXAtU2VydmVyIGFuZCB0aGUgSVRSLjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHBhdGggYmV0d2VlbiB0aGUgTWFw
LVNlcnZlciBhbmQgdGhlIElUUi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgU2VjdGlvbiA1IHByb3ZpZGVzIHRoZSBkZXRhaWxlZCBkZXNjcmlwdGlv
biBvZiB0aGUgTElTUC1TRUMgY29udHJvbDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIFNlY3Rpb24gNSBwcm92aWRlcyB0aGUgZGV0YWlsZWQgZGVzY3JpcHRpb24gb2Yg
dGhlIExJU1AtU0VDIGNvbnRyb2w8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJwYXJ0LTUiIGNsYXNzPSJjaGFuZ2UiPjx0ZD48
L3RkPjx0aD48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJo
dHRwczovL3Rvb2xzLmlldGYub3JnL3Rvb2xzL3JmY2RpZmYvcmZjZGlmZi5weWh0I3BhcnQt
NSI+PGVtPiBwYWdlIDYsIGxpbmUgMTk8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9zcGFuPjwv
ZW0+PC9hPjwvdGg+PHRoPiA8L3RoPjx0aD48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0
PC9zbWFsbD48YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL3Rvb2xzL3JmY2RpZmYv
cmZjZGlmZi5weWh0I3BhcnQtNSI+PGVtPiBwYWdlIDYsIGxpbmUgMjE8c3BhbiBjbGFzcz0i
aGlkZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgbWF0Y2gg
RUlELXByZWZpeCB0aGF0IGNvdmVycyB0aGUgcmVxdWVzdGVkIEVJRCBpbiB0aGUgcmVjZWl2
ZWQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBtYXRjaCBFSUQtcHJl
Zml4IHRoYXQgY292ZXJzIHRoZSByZXF1ZXN0ZWQgRUlEIGluIHRoZSByZWNlaXZlZDwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgTWFwLVJlcXVlc3QuICBUaGUgTWFw
LVNlcnZlciBhZGRzIHRoaXMgRUlELXByZWZpeCwgdG9nZXRoZXIgd2l0aDwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIE1hcC1SZXF1ZXN0LiAgVGhlIE1hcC1TZXJ2
ZXIgYWRkcyB0aGlzIEVJRC1wcmVmaXgsIHRvZ2V0aGVyIHdpdGg8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgIGFuIEhNQUMgY29tcHV0ZWQgdXNpbmcgdGhlIElUUi1P
VEssIHRvIGEgbmV3IEVuY2Fwc3VsYXRlZCBDb250cm9sPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgICAgYW4gSE1BQyBjb21wdXRlZCB1c2luZyB0aGUgSVRSLU9USywg
dG8gYSBuZXcgRW5jYXBzdWxhdGVkIENvbnRyb2w8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIE1lc3NhZ2UgdGhhdCBjb250YWlucyB0aGUgcmVjZWl2ZWQgTWFwLVJl
cXVlc3QuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgTWVzc2FnZSB0
aGF0IGNvbnRhaW5zIHRoZSByZWNlaXZlZCBNYXAtUmVxdWVzdC48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbyAgVGhlIE1hcC1TZXJ2ZXIgZGVyaXZl
cyBhIG5ldyBPVEssIHRoZSBNUy1PVEssIGJ5IGFwcGx5aW5nIGEgS2V5PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgbyAgVGhlIE1hcC1TZXJ2ZXIgZGVyaXZlcyBhIG5l
dyBPVEssIHRoZSBNUy1PVEssIGJ5IGFwcGx5aW5nIGEgS2V5PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgICBEZXJpdmF0aW9uIEZ1bmN0aW9uIChLREYpIHRvIHRoZSBJ
VFItT1RLLiAgVGhpcyBNUy1PVEsgaXMgaW5jbHVkZWQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAgICBEZXJpdmF0aW9uIEZ1bmN0aW9uIChLREYpIHRvIHRoZSBJVFIt
T1RLLiAgVGhpcyBNUy1PVEsgaXMgaW5jbHVkZWQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIGluIHRoZSBFbmNhcHN1bGF0ZWQgQ29udHJvbCBNZXNzYWdlIHRoYXQg
dGhlIE1hcC1TZXJ2ZXIgdXNlcyB0bzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgICAgIGluIHRoZSBFbmNhcHN1bGF0ZWQgQ29udHJvbCBNZXNzYWdlIHRoYXQgdGhlIE1h
cC1TZXJ2ZXIgdXNlcyB0bzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAg
Zm9yd2FyZCB0aGUgTWFwLVJlcXVlc3QgdG8gdGhlIEVUUi4gIFRvIHByb3ZpZGUgTVMtT1RL
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgZm9yd2FyZCB0aGUgTWFw
LVJlcXVlc3QgdG8gdGhlIEVUUi4gIFRvIHByb3ZpZGUgTVMtT1RLPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBjb25maWRlbnRpYWxpdHkgb3ZlciB0aGUgcGF0aCBi
ZXR3ZWVuIHRoZSBNYXAtU2VydmVyIGFuZCB0aGUgRVRSLDwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgICAgIGNvbmZpZGVudGlhbGl0eSBvdmVyIHRoZSBwYXRoIGJldHdl
ZW4gdGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBFVFIsPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDE3Ij48dGQ+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAg
IHRoZSBNUy1PVEsgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+c2hvdWxkPC9zcGFuPiBiZSBlbmNy
eXB0ZWQgdXNpbmcgdGhlIGtleSBzaGFyZWQgYmV0d2VlbiB0aGU8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJibG9jayI+ICAgICAgdGhlIE1TLU9USyA8c3BhbiBjbGFzcz0iaW5zZXJ0
Ij5TSE9VTEQ8L3NwYW4+IGJlIGVuY3J5cHRlZCB1c2luZyB0aGUga2V5IHNoYXJlZCBiZXR3
ZWVuIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgRVRSIGFuZCB0
aGUgTWFwLVNlcnZlciBpbiBvcmRlciB0byBzZWN1cmUgRVRSIHJlZ2lzdHJhdGlvbjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIEVUUiBhbmQgdGhlIE1hcC1TZXJ2
ZXIgaW4gb3JkZXIgdG8gc2VjdXJlIEVUUiByZWdpc3RyYXRpb248L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgIFtSRkM2ODMzXS48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAgICBbUkZDNjgzM10uPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIG8gIElmIHRoZSBNYXAtU2VydmVyIGlzIGFjdGluZyBpbiBw
cm94eSBtb2RlLCBhcyBzcGVjaWZpZWQgaW48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICBvICBJZiB0aGUgTWFwLVNlcnZlciBpcyBhY3RpbmcgaW4gcHJveHkgbW9kZSwg
YXMgc3BlY2lmaWVkIGluPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBb
UkZDNjgzMF0sIHRoZSBFVFIgaXMgbm90IGludm9sdmVkIGluIHRoZSBnZW5lcmF0aW9uIG9m
IHRoZSBNYXAtPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgW1JGQzY4
MzBdLCB0aGUgRVRSIGlzIG5vdCBpbnZvbHZlZCBpbiB0aGUgZ2VuZXJhdGlvbiBvZiB0aGUg
TWFwLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgUmVwbHkuICBJbiB0
aGlzIGNhc2UgdGhlIE1hcC1TZXJ2ZXIgZ2VuZXJhdGVzIHRoZSBNYXAtUmVwbHkgb248L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBSZXBseS4gIEluIHRoaXMgY2Fz
ZSB0aGUgTWFwLVNlcnZlciBnZW5lcmF0ZXMgdGhlIE1hcC1SZXBseSBvbjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgYmVoYWxmIG9mIHRoZSBFVFIgYXMgZGVzY3Jp
YmVkIGJlbG93LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIGJlaGFs
ZiBvZiB0aGUgRVRSIGFzIGRlc2NyaWJlZCBiZWxvdy48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgbyAgVGhlIEVUUiwgdXBvbiByZWNlaXZpbmcgdGhl
IEVDTSBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVlc3QgZnJvbSB0aGU8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBvICBUaGUgRVRSLCB1cG9uIHJlY2VpdmluZyB0aGUgRUNN
IGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCBmcm9tIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgTWFwLVNlcnZlciwgZGVjcnlwdHMgdGhlIE1TLU9USywgaWYg
bmVlZGVkLCBhbmQgb3JpZ2luYXRlcyBhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgICAgTWFwLVNlcnZlciwgZGVjcnlwdHMgdGhlIE1TLU9USywgaWYgbmVlZGVkLCBh
bmQgb3JpZ2luYXRlcyBhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0ciBpZD0icGFydC02IiBjbGFzcz0iY2hhbmdlIj48dGQ+PC90ZD48
dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6
Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTYiPjxl
bT4gcGFnZSA3LCBsaW5lIDIyPHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwv
YT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21h
bGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2Rp
ZmYucHlodCNwYXJ0LTYiPjxlbT4gcGFnZSA3LCBsaW5lIDIyPHNwYW4gY2xhc3M9ImhpZGUi
PiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+NS4xLiAg
RW5jYXBzdWxhdGVkIENvbnRyb2wgTWVzc2FnZSBMSVNQLVNFQyBFeHRlbnNpb25zPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+NS4xLiAgRW5jYXBzdWxhdGVkIENvbnRyb2wg
TWVzc2FnZSBMSVNQLVNFQyBFeHRlbnNpb25zPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIExJU1AtU0VDIHVzZXMgdGhlIEVDTSAoRW5jYXBzdWxhdGVk
IENvbnRyb2wgTWVzc2FnZSkgZGVmaW5lZCBpbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIExJU1AtU0VDIHVzZXMgdGhlIEVDTSAoRW5jYXBzdWxhdGVkIENvbnRyb2wg
TWVzc2FnZSkgZGVmaW5lZCBpbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
W1JGQzY4MzBdIHdpdGggVHlwZSBzZXQgdG8gOCwgYW5kIFMgYml0IHNldCB0byAxIHRvIGlu
ZGljYXRlIHRoYXQgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgW1JG
QzY4MzBdIHdpdGggVHlwZSBzZXQgdG8gOCwgYW5kIFMgYml0IHNldCB0byAxIHRvIGluZGlj
YXRlIHRoYXQgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBMSVNQIGhl
YWRlciBpbmNsdWRlcyBBdXRoZW50aWNhdGlvbiBEYXRhIChBRCkuICBUaGUgZm9ybWF0IG9m
IHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIExJU1AgaGVhZGVyIGlu
Y2x1ZGVzIEF1dGhlbnRpY2F0aW9uIERhdGEgKEFEKS4gIFRoZSBmb3JtYXQgb2YgdGhlPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBMSVNQLVNFQyBFQ00gQXV0aGVudGlj
YXRpb24gRGF0YSBpcyBkZWZpbmVkIGluIHRoZSBmb2xsb3dpbmcgZmlndXJlLjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIExJU1AtU0VDIEVDTSBBdXRoZW50aWNhdGlv
biBEYXRhIGlzIGRlZmluZWQgaW4gdGhlIGZvbGxvd2luZyBmaWd1cmUuPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBPVEstQUQgc3RhbmRzIGZvciBPbmUtVGltZSBLZXkg
QXV0aGVudGljYXRpb24gRGF0YSBhbmQgRUlELUFEIHN0YW5kczwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIE9USy1BRCBzdGFuZHMgZm9yIE9uZS1UaW1lIEtleSBBdXRo
ZW50aWNhdGlvbiBEYXRhIGFuZCBFSUQtQUQgc3RhbmRzPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICBmb3IgRUlEIEF1dGhlbnRpY2F0aW9uIERhdGEuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZm9yIEVJRCBBdXRoZW50aWNhdGlvbiBEYXRhLjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIg
aWQ9ImRpZmYwMDE4Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAwICAgICAgICAgICAgICAgICAgIDEgICAg
ICAgICAgICAgICAgICAgMiAgICAgICAgICAgICAgICAgICAzPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiAgMCAgICAgICAgICAgICAgICAgICAxICAgICAgICAgICAgICAg
ICAgIDIgICAgICAgICAgICAgICAgICAgMzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj4gMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMg
NCA1IDYgNyA4IDkgMCAxPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgMCAx
IDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMgNCA1IDYgNyA4
IDkgMCAxPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKzwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAgICBBRCBUeXBlICAgfFZ8ICBSZXNlcnZlZCAg
IHwgICAgICAgIFJlcXVlc3RlZCBITUFDIElEICAgICAgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gfCAgPHNwYW4gY2xhc3M9Imluc2VydCI+RUNNPC9zcGFuPiBBRCBU
eXBlICB8VnwgIFJlc2VydmVkICAgfCAgICAgICAgUmVxdWVzdGVkIEhNQUMgSUQgICAgICB8
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rXDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPnwgICAgICAgICAgICAgIE9USyBMZW5ndGggICAgICAgfCAg
ICAgICBPVEsgRW5jcnlwdGlvbiBJRCAgICAgICB8IHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+IHwgICAgICAgICAgICAgIE9USyBMZW5ndGggICAgICAgfCAgICAgICBP
VEsgRW5jcnlwdGlvbiBJRCAgICAgICB8IHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSsgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSsgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAgICAg
ICAgICAgICAgICAgICAgICBPbmUtVGltZS1LZXkgUHJlYW1ibGUgLi4uICAgICAgICAgICAg
ICAgfCB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiB8ICAgICAgICAgICAg
ICAgICAgICAgICBPbmUtVGltZS1LZXkgUHJlYW1ibGUgLi4uICAgICAgICAgICAgICAgfCB8
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNsYXNzPSJkZWxldGUi
PistKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rIE9USy1BRDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi
bG9jayI+IDxzcGFuIGNsYXNzPSJpbnNlcnQiPistKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rT1RLLUFEPC9zcGFuPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAgICAgICAgICAgICAgICAgIC4u
LiBPbmUtVGltZS1LZXkgUHJlYW1ibGUgICAgICAgICAgICAgICAgICAgfCB8PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiB8ICAgICAgICAgICAgICAgICAgIC4uLiBPbmUt
VGltZS1LZXkgUHJlYW1ibGUgICAgICAgICAgICAgICAgICAgfCB8PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rIHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+fiAgICAgICAgICAgICAgICAgICAgICBPbmUtVGltZSBLZXkgKDEyOCBiaXRzKSAg
ICAgICAgICAgICAgICAgIH4vPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiB+
ICAgICAgICAgICAgICAgICAgICAgIE9uZS1UaW1lIEtleSAoMTI4IGJpdHMpICAgICAgICAg
ICAgICAgICAgfi88L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ky0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSsgJmx0Oy0tLSs8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rICZsdDstLS0rPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPnwgICAgICAg
ICAgIEVJRC1BRCBMZW5ndGggICAgICAgfCAgICAgICAgICAgS0RGIElEICAgICAgICAgICAg
ICB8ICAgICB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiB8ICAgICAgICAg
ICBFSUQtQUQgTGVuZ3RoICAgICAgIHwgICAgICAgICAgIEtERiBJRCAgICAgICAgICAgICAg
fCAgICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyAg
ICAgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgICAg
IHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+fCBSZWNvcmQgQ291bnQgIHwg
ICAgUmVzZXJ2ZWQgICB8ICAgICAgICAgRUlEIEhNQUMgSUQgICAgICAgICAgIDxzcGFuIGNs
YXNzPSJkZWxldGUiPnwgICAgIEVJRC1BRDwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJibG9jayI+IHwgUmVjb3JkIENvdW50ICB8ICAgIFJlc2VydmVkICAgfCAgICAgICAg
IEVJRCBITUFDIElEICAgICAgICAgICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij58RUlELUFEPC9z
cGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstK1wgICAg
fDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcICAgIHw8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+fCAgIFJlc2VydmVkICAgIHwgRUlE
IG1hc2stbGVuICB8ICAgICAgICAgICBFSUQtQUZJICAgICAgICAgICAgIHwgfCAgIHw8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+IHwgICBSZXNlcnZlZCAgICB8IEVJRCBt
YXNrLWxlbiAgfCAgICAgICAgICAgRUlELUFGSSAgICAgICAgICAgICB8IHwgICB8PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rIFJlYyB8PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyBSZWMgfDwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj5+ICAgICAgICAgICAgICAgICAgICAgICAgICBFSUQt
cHJlZml4IC4uLiAgICAgICAgICAgICAgICAgICAgICAgfiB8ICAgfDwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj4gfiAgICAgICAgICAgICAgICAgICAgICAgICAgRUlELXBy
ZWZpeCAuLi4gICAgICAgICAgICAgICAgICAgICAgIH4gfCAgIHw8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsvICAgIHw8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLyAgICB8PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPn4gICAgICAgICAgICAgICAgICAgICAgICAgICAgRUlEIEhNQUMgICAg
ICAgICAgICAgICAgICAgICAgICAgICB+ICAgICB8PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPiB+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEVJRCBITUFDICAgICAg
ICAgICAgICAgICAgICAgICAgICAgfiAgICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKyAmbHQ7LS0tKzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSsgJmx0Oy0tLSs8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICAgICAgICAgTElTUC1TRUMgRUNNIEF1
dGhlbnRpY2F0aW9uIERhdGE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAg
ICAgICAgICAgICAgICAgICBMSVNQLVNFQyBFQ00gQXV0aGVudGljYXRpb24gRGF0YTwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9
ImRpZmYwMDE5Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgICAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPkFE
IFR5cGU6IDEgKExJU1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEpPC9zcGFuPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5F
Q00gQUQgVHlwZTogMSAoTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YSkuICBTZWUgU2Vj
dGlvbiA3Ljwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgVjogS2V5IFZlcnNpb24gYml0LiAgVGhpcyBiaXQgaXMgdG9nZ2xlZCB3aGVu
IHRoZSBzZW5kZXIgc3dpdGNoZXM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBWOiBLZXkgVmVyc2lvbiBiaXQuICBUaGlzIGJpdCBpcyB0b2dnbGVkIHdoZW4gdGhl
IHNlbmRlciBzd2l0Y2hlczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAg
dG8gYSBuZXcgT1RLIHdyYXBwaW5nIGtleTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgIHRvIGEgbmV3IE9USyB3cmFwcGluZyBrZXk8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgIFJlc2VydmVkOiBTZXQgdG8gMCBvbiB0cmFuc21pc3Npb24g
YW5kIGlnbm9yZWQgb24gcmVjZWlwdC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgICBSZXNlcnZlZDogU2V0IHRvIDAgb24gdHJhbnNtaXNzaW9uIGFuZCBpZ25vcmVk
IG9uIHJlY2VpcHQuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgICAgIFJlcXVlc3RlZCBITUFDIElEOiBUaGUgSE1BQyBhbGdvcml0aG0gcmVxdWVzdGVk
IGJ5IHRoZSBJVFIuICBTZWU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAg
ICBSZXF1ZXN0ZWQgSE1BQyBJRDogVGhlIEhNQUMgYWxnb3JpdGhtIHJlcXVlc3RlZCBieSB0
aGUgSVRSLiAgU2VlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBTZWN0
aW9uIDUuNCBmb3IgZGV0YWlscy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBTZWN0aW9uIDUuNCBmb3IgZGV0YWlscy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgT1RLIExlbmd0aDogVGhlIGxlbmd0aCAoaW4gYnl0
ZXMpIG9mIHRoZSBPVEsgQXV0aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgICAgIE9USyBMZW5ndGg6IFRoZSBsZW5ndGggKGluIGJ5dGVzKSBv
ZiB0aGUgT1RLIEF1dGhlbnRpY2F0aW9uIERhdGE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIChPVEstQUQpLCB0aGF0IGNvbnRhaW5zIHRoZSBPVEsgUHJlYW1ibGUg
YW5kIHRoZSBPVEsuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgKE9U
Sy1BRCksIHRoYXQgY29udGFpbnMgdGhlIE9USyBQcmVhbWJsZSBhbmQgdGhlIE9USy48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgT1RLIEVuY3J5
cHRpb24gSUQ6IFRoZSBpZGVudGlmaWVyIG9mIHRoZSBrZXkgd3JhcHBpbmcgYWxnb3JpdGht
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgT1RLIEVuY3J5cHRpb24g
SUQ6IFRoZSBpZGVudGlmaWVyIG9mIHRoZSBrZXkgd3JhcHBpbmcgYWxnb3JpdGhtPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICB1c2VkIHRvIGVuY3J5cHQgdGhlIE9u
ZS1UaW1lLUtleS4gV2hlbiBhIDEyOC1iaXQgT1RLIGlzIHNlbnQ8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICAgICB1c2VkIHRvIGVuY3J5cHQgdGhlIE9uZS1UaW1lLUtl
eS4gV2hlbiBhIDEyOC1iaXQgT1RLIGlzIHNlbnQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIHVuZW5jcnlwdGVkIGJ5IHRoZSBNYXAtUmVzb2x2ZXIsIHRoZSBPVEsg
RW5jcnlwdGlvbiBJRCBpcyBzZXQgdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgICB1bmVuY3J5cHRlZCBieSB0aGUgTWFwLVJlc29sdmVyLCB0aGUgT1RLIEVuY3J5
cHRpb24gSUQgaXMgc2V0IHRvPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAg
ICBOVUxMX0tFWV9XUkFQXzEyOC4gIFNlZSBTZWN0aW9uIDUuNSBmb3IgbW9yZSBkZXRhaWxz
LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIE5VTExfS0VZX1dSQVBf
MTI4LiAgU2VlIFNlY3Rpb24gNS41IGZvciBtb3JlIGRldGFpbHMuPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIE9uZS1UaW1lLUtleSBQcmVhbWJs
ZTogc2V0IHRvIDAgaWYgdGhlIE9USyBpcyBub3QgZW5jcnlwdGVkLiAgV2hlbjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIE9uZS1UaW1lLUtleSBQcmVhbWJsZTog
c2V0IHRvIDAgaWYgdGhlIE9USyBpcyBub3QgZW5jcnlwdGVkLiAgV2hlbjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAyMCI+PHRkPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj4gICAgICB0aGUgT1RLIGlzIGVuY3J5cHRlZCwgdGhpcyBmaWVsZCA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5tYXk8L3NwYW4+IGNhcnJ5IGFkZGl0aW9uYWwgbWV0YWRhdGE8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgdGhlIE9USyBpcyBlbmNyeXB0
ZWQsIHRoaXMgZmllbGQgPHNwYW4gY2xhc3M9Imluc2VydCI+TUFZPC9zcGFuPiBjYXJyeSBh
ZGRpdGlvbmFsIG1ldGFkYXRhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAg
ICByZXN1bHRpbmcgZnJvbSB0aGUga2V5IHdyYXBwaW5nIG9wZXJhdGlvbi4gIFdoZW4gYSAx
MjgtYml0IE9USyBpczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHJl
c3VsdGluZyBmcm9tIHRoZSBrZXkgd3JhcHBpbmcgb3BlcmF0aW9uLiAgV2hlbiBhIDEyOC1i
aXQgT1RLIGlzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBzZW50IHVu
ZW5jcnlwdGVkIGJ5IE1hcC1SZXNvbHZlciwgdGhlIE9USyBQcmVhbWJsZSBpcyBzZXQgdG88
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBzZW50IHVuZW5jcnlwdGVk
IGJ5IE1hcC1SZXNvbHZlciwgdGhlIE9USyBQcmVhbWJsZSBpcyBzZXQgdG88L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIDB4MDAwMDAwMDAwMDAwMDAwMCAoNjQgYml0
cykuICBTZWUgU2VjdGlvbiA1LjUgZm9yIGRldGFpbHMuPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgICAgMHgwMDAwMDAwMDAwMDAwMDAwICg2NCBiaXRzKS4gIFNlZSBT
ZWN0aW9uIDUuNSBmb3IgZGV0YWlscy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgT25lLVRpbWUtS2V5OiB0aGUgT1RLIGVuY3J5cHRlZCAob3Ig
bm90KSBhcyBzcGVjaWZpZWQgYnkgT1RLPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgICAgT25lLVRpbWUtS2V5OiB0aGUgT1RLIGVuY3J5cHRlZCAob3Igbm90KSBhcyBz
cGVjaWZpZWQgYnkgT1RLPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBF
bmNyeXB0aW9uIElELiAgU2VlIFNlY3Rpb24gNS41IGZvciBkZXRhaWxzLjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIEVuY3J5cHRpb24gSUQuICBTZWUgU2VjdGlv
biA1LjUgZm9yIGRldGFpbHMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIEVJRC1BRCBMZW5ndGg6IGxlbmd0aCAoaW4gYnl0ZXMpIG9mIHRoZSBF
SUQgQXV0aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgICAgIEVJRC1BRCBMZW5ndGg6IGxlbmd0aCAoaW4gYnl0ZXMpIG9mIHRoZSBFSUQgQXV0
aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAg
KEVJRC1BRCkuICBUaGUgSVRSIE1VU1Qgc2V0IEVJRC1BRCBMZW5ndGggdG8gNCBieXRlcywg
YXMgaXQgb25seTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIChFSUQt
QUQpLiAgVGhlIElUUiBNVVNUIHNldCBFSUQtQUQgTGVuZ3RoIHRvIDQgYnl0ZXMsIGFzIGl0
IG9ubHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIGZpbGxzIHRoZSBL
REYgSUQgZmllbGQsIGFuZCBhbGwgdGhlIHJlbWFpbmluZyBmaWVsZHMgcGFydCBvZiB0aGU8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBmaWxscyB0aGUgS0RGIElE
IGZpZWxkLCBhbmQgYWxsIHRoZSByZW1haW5pbmcgZmllbGRzIHBhcnQgb2YgdGhlPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBFSUQtQUQgYXJlIG5vdCBwcmVzZW50
LiAgQW4gRUlELUFEIE1BWSBjb250YWluIG11bHRpcGxlIEVJRC08L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBFSUQtQUQgYXJlIG5vdCBwcmVzZW50LiAgQW4gRUlE
LUFEIE1BWSBjb250YWluIG11bHRpcGxlIEVJRC08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgICAgIHJlY29yZHMuICBFYWNoIEVJRC1yZWNvcmQgaXMgNC1ieXRlIGxvbmcg
cGx1cyB0aGUgbGVuZ3RoIG9mIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgICAgIHJlY29yZHMuICBFYWNoIEVJRC1yZWNvcmQgaXMgNC1ieXRlIGxvbmcgcGx1cyB0
aGUgbGVuZ3RoIG9mIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAg
QUZJLWVuY29kZWQgRUlELXByZWZpeC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgICBBRkktZW5jb2RlZCBFSUQtcHJlZml4LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBLREYgSUQ6IElkZW50aWZpZXIgb2YgdGhlIEtl
eSBEZXJpdmF0aW9uIEZ1bmN0aW9uIHVzZWQgdG8gZGVyaXZlPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgICAgS0RGIElEOiBJZGVudGlmaWVyIG9mIHRoZSBLZXkgRGVy
aXZhdGlvbiBGdW5jdGlvbiB1c2VkIHRvIGRlcml2ZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAyMSI+PHRkPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAg
ICB0aGUgTVMtT1RLLiAgVGhlIElUUiA8c3BhbiBjbGFzcz0iZGVsZXRlIj5TSE9VTEQ8L3Nw
YW4+IHVzZSB0aGlzIGZpZWxkIHRvIGluZGljYXRlIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj4gICAgICB0aGUgTVMtT1RLLiAgVGhlIElUUiA8c3BhbiBjbGFzcz0i
aW5zZXJ0Ij5NQVk8L3NwYW4+IHVzZSB0aGlzIGZpZWxkIHRvIGluZGljYXRlIHRoZTwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgcmVjb21tZW5kZWQgS0RGIGFsZ29y
aXRobSwgYWNjb3JkaW5nIHRvIGxvY2FsIHBvbGljeS4gIFRoZSBNYXAtPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgcmVjb21tZW5kZWQgS0RGIGFsZ29yaXRobSwg
YWNjb3JkaW5nIHRvIGxvY2FsIHBvbGljeS4gIFRoZSBNYXAtPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgICBTZXJ2ZXIgY2FuIG92ZXJ3cml0ZSB0aGUgS0RGIElEIGlm
IGl0IGRvZXMgbm90IHN1cHBvcnQgdGhlIEtERiBJRDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgICAgIFNlcnZlciBjYW4gb3ZlcndyaXRlIHRoZSBLREYgSUQgaWYgaXQg
ZG9lcyBub3Qgc3VwcG9ydCB0aGUgS0RGIElEPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICAgICByZWNvbW1lbmRlZCBieSB0aGUgSVRSLiAgU2VlIFNlY3Rpb24gNS40IGZv
ciBtb3JlIGRldGFpbHMuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAg
cmVjb21tZW5kZWQgYnkgdGhlIElUUi4gIFNlZSBTZWN0aW9uIDUuNCBmb3IgbW9yZSBkZXRh
aWxzLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBS
ZWNvcmQgQ291bnQ6IFRoZSBudW1iZXIgb2YgcmVjb3JkcyBpbiB0aGlzIE1hcC1SZXF1ZXN0
IG1lc3NhZ2UuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgUmVjb3Jk
IENvdW50OiBUaGUgbnVtYmVyIG9mIHJlY29yZHMgaW4gdGhpcyBNYXAtUmVxdWVzdCBtZXNz
YWdlLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgQSByZWNvcmQgaXMg
Y29tcHJpc2VkIG9mIHRoZSBwb3J0aW9uIG9mIHRoZSBwYWNrZXQgdGhhdCBpcyBsYWJlbGVk
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgQSByZWNvcmQgaXMgY29t
cHJpc2VkIG9mIHRoZSBwb3J0aW9uIG9mIHRoZSBwYWNrZXQgdGhhdCBpcyBsYWJlbGVkPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAnUmVjJyBhYm92ZSBhbmQgb2Nj
dXJzIHRoZSBudW1iZXIgb2YgdGltZXMgZXF1YWwgdG8gUmVjb3JkIENvdW50LjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICdSZWMnIGFib3ZlIGFuZCBvY2N1cnMg
dGhlIG51bWJlciBvZiB0aW1lcyBlcXVhbCB0byBSZWNvcmQgQ291bnQuPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIFJlc2VydmVkOiBTZXQgdG8g
MCBvbiB0cmFuc21pc3Npb24gYW5kIGlnbm9yZWQgb24gcmVjZWlwdC48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBSZXNlcnZlZDogU2V0IHRvIDAgb24gdHJhbnNt
aXNzaW9uIGFuZCBpZ25vcmVkIG9uIHJlY2VpcHQuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJwYXJ0LTci
IGNsYXNzPSJjaGFuZ2UiPjx0ZD48L3RkPjx0aD48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdl
IGF0PC9zbWFsbD48YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL3Rvb2xzL3JmY2Rp
ZmYvcmZjZGlmZi5weWh0I3BhcnQtNyI+PGVtPiBwYWdlIDksIGxpbmUgMjA8c3BhbiBjbGFz
cz0iaGlkZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwvdGg+PHRoPiA8L3RoPjx0aD48c21hbGw+
c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJodHRwczovL3Rvb2xzLmll
dGYub3JnL3Rvb2xzL3JmY2RpZmYvcmZjZGlmZi5weWh0I3BhcnQtNyI+PGVtPiBwYWdlIDks
IGxpbmUgMjA8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwvdGg+PHRk
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgICAgdG8gMC4gIFRoZSBITUFDIGNvdmVycyB0aGUgZW50aXJlIEVJRC1B
RC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICB0byAwLiAgVGhlIEhN
QUMgY292ZXJzIHRoZSBlbnRpcmUgRUlELUFELjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij41LjIuICBNYXAtUmVwbHkgTElTUC1TRUMgRXh0ZW5zaW9uczwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjUuMi4gIE1hcC1SZXBseSBMSVNQLVNF
QyBFeHRlbnNpb25zPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIExJU1AtU0VDIHVzZXMgdGhlIE1hcC1SZXBseSBkZWZpbmVkIGluIFtSRkM2ODMwXSwg
d2l0aCBUeXBlIHNldCB0byAyLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
IExJU1AtU0VDIHVzZXMgdGhlIE1hcC1SZXBseSBkZWZpbmVkIGluIFtSRkM2ODMwXSwgd2l0
aCBUeXBlIHNldCB0byAyLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYW5k
IFMgYml0IHNldCB0byAxIHRvIGluZGljYXRlIHRoYXQgdGhlIE1hcC1SZXBseSBtZXNzYWdl
IGluY2x1ZGVzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgYW5kIFMgYml0
IHNldCB0byAxIHRvIGluZGljYXRlIHRoYXQgdGhlIE1hcC1SZXBseSBtZXNzYWdlIGluY2x1
ZGVzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBBdXRoZW50aWNhdGlvbiBE
YXRhIChBRCkuICBUaGUgZm9ybWF0IG9mIHRoZSBMSVNQLVNFQyBNYXAtUmVwbHk8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBBdXRoZW50aWNhdGlvbiBEYXRhIChBRCku
ICBUaGUgZm9ybWF0IG9mIHRoZSBMSVNQLVNFQyBNYXAtUmVwbHk8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIEF1dGhlbnRpY2F0aW9uIERhdGEgaXMgZGVmaW5lZCBpbiB0
aGUgZm9sbG93aW5nIGZpZ3VyZS4gIFBLVC1BRCBpczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIEF1dGhlbnRpY2F0aW9uIERhdGEgaXMgZGVmaW5lZCBpbiB0aGUgZm9s
bG93aW5nIGZpZ3VyZS4gIFBLVC1BRCBpczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgdGhlIFBhY2tldCBBdXRoZW50aWNhdGlvbiBEYXRhIHRoYXQgY292ZXJzIHRoZSBN
YXAtUmVwbHkgcGF5bG9hZC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0
aGUgUGFja2V0IEF1dGhlbnRpY2F0aW9uIERhdGEgdGhhdCBjb3ZlcnMgdGhlIE1hcC1SZXBs
eSBwYXlsb2FkLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHIgaWQ9ImRpZmYwMDIyIj48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAwICAgICAgICAgICAg
ICAgICAgIDEgICAgICAgICAgICAgICAgICAgMiAgICAgICAgICAgICAgICAgICAzPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgMCAgICAgICAgICAgICAgICAgICAxICAg
ICAgICAgICAgICAgICAgIDIgICAgICAgICAgICAgICAgICAgMzwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGJsb2NrIj4gMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcg
OCA5IDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAxPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPiAgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAy
IDMgNCA1IDYgNyA4IDkgMCAxPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPist
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
KzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAgIEFEIFR5cGUgICAgfCAg
ICAgICAgICAgICAgICAgUmVzZXJ2ZWQgICAgICAgICAgICAgICAgICAgICAgfDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gfCAgPHNwYW4gY2xhc3M9Imluc2VydCI+TVI8
L3NwYW4+IEFEIFR5cGUgICB8ICAgICAgICAgICAgICAgICBSZXNlcnZlZCAgICAgICAgICAg
ICAgICAgICAgICB8PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rICZsdDstLS0rPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiArLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKyAmbHQ7LS0tKzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj58ICAgICAg
ICAgICBFSUQtQUQgTGVuZ3RoICAgICAgIHwgICAgICAgICAgIEtERiBJRCAgICAgICAgICAg
ICAgfCAgICAgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gfCAgICAgICAg
ICAgRUlELUFEIExlbmd0aCAgICAgICB8ICAgICAgICAgICBLREYgSUQgICAgICAgICAgICAg
IHwgICAgIHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ky0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsg
ICAgIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rICAg
ICB8PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPnwgUmVjb3JkIENvdW50ICB8
ICAgIFJlc2VydmVkICAgfCAgICAgICAgIEVJRCBITUFDIElEICAgICAgICAgICA8c3BhbiBj
bGFzcz0iZGVsZXRlIj58ICAgICBFSUQtQUQ8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPiB8IFJlY29yZCBDb3VudCAgfCAgICBSZXNlcnZlZCAgIHwgICAgICAg
ICBFSUQgSE1BQyBJRCAgICAgICAgICAgPHNwYW4gY2xhc3M9Imluc2VydCI+fEVJRC1BRDwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ky0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcICAg
IHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rXCAgICB8
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPnwgICBSZXNlcnZlZCAgICB8IEVJ
RCBtYXNrLWxlbiAgfCAgICAgICAgICAgRUlELUFGSSAgICAgICAgICAgICB8IHwgICB8PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiB8ICAgUmVzZXJ2ZWQgICAgfCBFSUQg
bWFzay1sZW4gIHwgICAgICAgICAgIEVJRC1BRkkgICAgICAgICAgICAgfCB8ICAgfDwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyBSZWMgfDwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgUmVjIHw8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+fiAgICAgICAgICAgICAgICAgICAgICAgICAgRUlE
LXByZWZpeCAuLi4gICAgICAgICAgICAgICAgICAgICAgIH4gfCAgIHw8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+IH4gICAgICAgICAgICAgICAgICAgICAgICAgIEVJRC1w
cmVmaXggLi4uICAgICAgICAgICAgICAgICAgICAgICB+IHwgICB8PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLyAgICB8PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy8gICAgfDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj5+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEVJRCBITUFDICAg
ICAgICAgICAgICAgICAgICAgICAgICAgfiAgICAgfDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gfiAgICAgICAgICAgICAgICAgICAgICAgICAgICBFSUQgSE1BQyAgICAg
ICAgICAgICAgICAgICAgICAgICAgIH4gICAgIHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxibG9jayI+Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSsgJmx0Oy0tLSs8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+ICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rICZsdDstLS0rPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPnwgICAgICAgICBQS1QtQUQgTGVuZ3RoICAgICAgICAgfCAgICAgICAgIFBL
VCBITUFDIElEICAgICAgICAgICB8XDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij4gfCAgICAgICAgIFBLVC1BRCBMZW5ndGggICAgICAgICB8ICAgICAgICAgUEtUIEhNQUMg
SUQgICAgICAgICAgIHxcPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rIHw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
IHw8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+fiAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBQS1QgSE1BQyAgICAgICAgICAgICAgICAgICAgICAgICAgIDxzcGFuIGNs
YXNzPSJkZWxldGUiPn4gUEtULUFEPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj4gfiAgICAgICAgICAgICAgICAgICAgICAgICAgICBQS1QgSE1BQyAgICAgICAg
ICAgICAgICAgICAgICAgICAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPn5QS1QtQUQ8L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPistKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLzwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsvPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgICAgIExJU1AtU0VD
IE1hcC1SZXBseSBBdXRoZW50aWNhdGlvbiBEYXRhPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgICAgICAgICAgICAgICAgTElTUC1TRUMgTWFwLVJlcGx5IEF1dGhlbnRp
Y2F0aW9uIERhdGE8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyIGlkPSJkaWZmMDAyMyI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICAgICA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5BRCBUeXBlOiAxIChMSVNQLVNFQyBBdXRoZW50aWNhdGlvbiBEYXRh
KTwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAgPHNwYW4g
Y2xhc3M9Imluc2VydCI+TVIgQUQgVHlwZTogMSAoTElTUC1TRUMgQXV0aGVudGljYXRpb24g
RGF0YSkuICBTZWUgU2VjdGlvbiA3Ljwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgRUlELUFEIExlbmd0aDogbGVuZ3RoIChpbiBieXRl
cykgb2YgdGhlIEVJRC1BRC4gIEFuIEVJRC1BRCBNQVk8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAgICBFSUQtQUQgTGVuZ3RoOiBsZW5ndGggKGluIGJ5dGVzKSBvZiB0
aGUgRUlELUFELiAgQW4gRUlELUFEIE1BWTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgY29udGFpbiBtdWx0aXBsZSBFSUQtcmVjb3Jkcy4gIEVhY2ggRUlELXJlY29y
ZCBpcyA0LWJ5dGUgbG9uZyBwbHVzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgY29udGFpbiBtdWx0aXBsZSBFSUQtcmVjb3Jkcy4gIEVhY2ggRUlELXJlY29yZCBp
cyA0LWJ5dGUgbG9uZyBwbHVzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAg
ICB0aGUgbGVuZ3RoIG9mIHRoZSBBRkktZW5jb2RlZCBFSUQtcHJlZml4LjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHRoZSBsZW5ndGggb2YgdGhlIEFGSS1lbmNv
ZGVkIEVJRC1wcmVmaXguPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgICAgIEtERiBJRDogSWRlbnRpZmllciBvZiB0aGUgS2V5IERlcml2YXRpb24gRnVu
Y3Rpb24gdXNlZCB0byBkZXJpdmU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBLREYgSUQ6IElkZW50aWZpZXIgb2YgdGhlIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9u
IHVzZWQgdG8gZGVyaXZlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBN
Uy1PVEsuICBTZWUgU2VjdGlvbiA1LjcgZm9yIG1vcmUgZGV0YWlscy48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICBNUy1PVEsuICBTZWUgU2VjdGlvbiA1LjcgZm9y
IG1vcmUgZGV0YWlscy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgICAgUmVjb3JkIENvdW50OiBUaGUgbnVtYmVyIG9mIHJlY29yZHMgaW4gdGhpcyBN
YXAtUmVwbHkgbWVzc2FnZS4gIEE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICAgICBSZWNvcmQgQ291bnQ6IFRoZSBudW1iZXIgb2YgcmVjb3JkcyBpbiB0aGlzIE1hcC1S
ZXBseSBtZXNzYWdlLiAgQTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAg
cmVjb3JkIGlzIGNvbXByaXNlZCBvZiB0aGUgcG9ydGlvbiBvZiB0aGUgcGFja2V0IHRoYXQg
aXMgbGFiZWxlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHJlY29y
ZCBpcyBjb21wcmlzZWQgb2YgdGhlIHBvcnRpb24gb2YgdGhlIHBhY2tldCB0aGF0IGlzIGxh
YmVsZWQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyIGlkPSJwYXJ0LTgiIGNsYXNzPSJjaGFuZ2UiPjx0ZD48L3RkPjx0aD48c21hbGw+
c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJodHRwczovL3Rvb2xzLmll
dGYub3JnL3Rvb2xzL3JmY2RpZmYvcmZjZGlmZi5weWh0I3BhcnQtOCI+PGVtPiBwYWdlIDEw
LCBsaW5lIDMwPHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0
aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJl
Zj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNw
YXJ0LTgiPjxlbT4gcGFnZSAxMCwgbGluZSAzMDxzcGFuIGNsYXNzPSJoaWRlIj4gwrY8L3Nw
YW4+PC9lbT48L2E+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICByZXF1ZXN0ZWQgRUlELjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHJlcXVlc3RlZCBFSUQuPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIEVJRCBITUFDOiBI
TUFDIG9mIHRoZSBFSUQtQUQsIGFzIGNvbXB1dGVkIGJ5IHRoZSBNYXAtU2VydmVyLjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIEVJRCBITUFDOiBITUFDIG9mIHRo
ZSBFSUQtQUQsIGFzIGNvbXB1dGVkIGJ5IHRoZSBNYXAtU2VydmVyLjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgQmVmb3JlIGNvbXB1dGluZyB0aGUgSE1BQyBvcGVy
YXRpb24gdGhlIEVJRCBITUFDIGZpZWxkIE1VU1QgYmUgc2V0PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgICAgQmVmb3JlIGNvbXB1dGluZyB0aGUgSE1BQyBvcGVyYXRp
b24gdGhlIEVJRCBITUFDIGZpZWxkIE1VU1QgYmUgc2V0PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICAgICB0byAwLiAgVGhlIEhNQUMgY292ZXJzIHRoZSBlbnRpcmUgRUlE
LUFELjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgIHRvIDAuICBUaGUg
SE1BQyBjb3ZlcnMgdGhlIGVudGlyZSBFSUQtQUQuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIFBLVC1BRCBMZW5ndGg6IGxlbmd0aCAoaW4gYnl0
ZXMpIG9mIHRoZSBQYWNrZXQgQXV0aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgICAgIFBLVC1BRCBMZW5ndGg6IGxlbmd0aCAoaW4gYnl0ZXMp
IG9mIHRoZSBQYWNrZXQgQXV0aGVudGljYXRpb24gRGF0YTwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgICAgKFBLVC1BRCkuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgKFBLVC1BRCkuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgICAgIFBLVCBITUFDIElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFs
Z29yaXRobSB1c2VkIHRvIHByb3RlY3QgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgUEtUIEhNQUMgSUQ6IElkZW50aWZpZXIgb2YgdGhlIEhNQUMgYWxnb3Jp
dGhtIHVzZWQgdG8gcHJvdGVjdCB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMjQiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgaW50ZWdy
aXR5IG9mIHRoZSBNYXAtcmVwbHk8c3BhbiBjbGFzcz0iZGVsZXRlIj4gTG9jYXRpb24gRGF0
YTwvc3Bhbj4uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgIGludGVn
cml0eSBvZiB0aGUgTWFwLXJlcGx5LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICAgICBQS1QgSE1BQzogSE1BQyBvZiB0aGUgd2hvbGUgTWFwLVJlcGx5
IHBhY2tldCwgaW5jbHVkaW5nIHRoZSBMSVNQLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgICAgIFBLVCBITUFDOiBITUFDIG9mIHRoZSB3aG9sZSBNYXAtUmVwbHkgcGFj
a2V0LCBpbmNsdWRpbmcgdGhlIExJU1AtPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICAgICBTRUMgQXV0aGVudGljYXRpb24gRGF0YS4gIFRoZSBzY29wZSBvZiB0aGUgYXV0
aGVudGljYXRpb24gZ29lczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAg
IFNFQyBBdXRoZW50aWNhdGlvbiBEYXRhLiAgVGhlIHNjb3BlIG9mIHRoZSBhdXRoZW50aWNh
dGlvbiBnb2VzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICBmcm9tIHRo
ZSBNYXAtUmVwbHkgVHlwZSBmaWVsZCB0byB0aGUgUEtUIEhNQUMgZmllbGQgaW5jbHVkZWQu
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgZnJvbSB0aGUgTWFwLVJl
cGx5IFR5cGUgZmllbGQgdG8gdGhlIFBLVCBITUFDIGZpZWxkIGluY2x1ZGVkLjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgQmVmb3JlIGNvbXB1dGluZyB0aGUgSE1B
QyBvcGVyYXRpb24gdGhlIFBLVCBITUFDIGZpZWxkIE1VU1QgYmUgc2V0PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgQmVmb3JlIGNvbXB1dGluZyB0aGUgSE1BQyBv
cGVyYXRpb24gdGhlIFBLVCBITUFDIGZpZWxkIE1VU1QgYmUgc2V0PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICB0byAwLiAgU2VlIFNlY3Rpb24gNS44IGZvciBtb3Jl
IGRldGFpbHMuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgdG8gMC4g
IFNlZSBTZWN0aW9uIDUuOCBmb3IgbW9yZSBkZXRhaWxzLjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij41LjMuICBNYXAtUmVnaXN0ZXIgTElTUC1TRUMgRXh0
ZW50aW9uczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjUuMy4gIE1hcC1SZWdp
c3RlciBMSVNQLVNFQyBFeHRlbnRpb25zPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMjUiPjx0ZD48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
ICAgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+VGhlPC9zcGFuPiBzZWNvbmQgYml0IGFmdGVyIHRo
ZSBUeXBlIGZpZWxkIGluIGEgTWFwLVJlZ2lzdGVyIG1lc3NhZ2UgaXM8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+VGhpcyBtZW1v
IGlzIGFsbG9jYXRpbmcgb25lIG9mIHRoZSBiaXRzIG1hcmtlZCBhcyBSZXNlcnZlZCBpbiB0
aGU8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIGFsbG9jYXRl
ZCBhcyB0aGUgUyBiaXQuICBUaGUgUyBiaXQgaW5kaWNhdGVzIHRvIHRoZSA8c3BhbiBjbGFz
cz0iZGVsZXRlIj5NYXAtU2VydmVyPC9zcGFuPiB0aGF0PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIE1hcC1SZWdpc3RlciBtZXNz
YWdlIGRlZmluZWQgaW4gU2VjdGlvbiA2LjEuNiBvZiBbUkZDNjgzMF0uICBNb3JlPC9zcGFu
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICB0aGUgcmVnaXN0ZXJpbmcg
RVRSIGlzIExJU1AtU0VDIGVuYWJsZWQuICBBbiBFVFIgdGhhdCBzdXBwb3J0cyA8c3BhbiBj
bGFzcz0iZGVsZXRlIj5MSVNQLTwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi
bG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgcHJlY2lzZWx5LCB0aGU8L3NwYW4+IHNl
Y29uZCBiaXQgYWZ0ZXIgdGhlIFR5cGUgZmllbGQgaW4gYSBNYXAtUmVnaXN0ZXI8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRlbGV0ZSI+ICAgU0VD
PC9zcGFuPiBNVVNUIHNldCB0aGUgUyBiaXQgaW4gaXRzIE1hcC1SZWdpc3RlciBtZXNzYWdl
cy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgbWVzc2FnZSBpcyBhbGxv
Y2F0ZWQgYXMgdGhlIFMgYml0LiAgVGhlIFMgYml0IGluZGljYXRlcyB0byB0aGUgPHNwYW4g
Y2xhc3M9Imluc2VydCI+TWFwLTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJp
bnNlcnQiPiAgIFNlcnZlcjwvc3Bhbj4gdGhhdCB0aGUgcmVnaXN0ZXJpbmcgRVRSIGlzIExJ
U1AtU0VDIGVuYWJsZWQuICBBbiBFVFIgdGhhdDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgc3VwcG9ydHMg
PHNwYW4gY2xhc3M9Imluc2VydCI+TElTUC1TRUM8L3NwYW4+IE1VU1Qgc2V0IHRoZSBTIGJp
dCBpbiBpdHMgTWFwLVJlZ2lzdGVyIG1lc3NhZ2VzLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij41LjQuICBJVFIgUHJvY2Vzc2luZzwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPjUuNC4gIElUUiBQcm9jZXNzaW5nPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFVwb24gY3JlYXRpbmcgYSBNYXAtUmVx
dWVzdCwgdGhlIElUUiBnZW5lcmF0ZXMgYSByYW5kb20gSVRSLU9USyB0aGF0PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVXBvbiBjcmVhdGluZyBhIE1hcC1SZXF1ZXN0
LCB0aGUgSVRSIGdlbmVyYXRlcyBhIHJhbmRvbSBJVFItT1RLIHRoYXQ8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGlzIHN0b3JlZCBsb2NhbGx5LCB0b2dldGhlciB3aXRo
IHRoZSBub25jZSBnZW5lcmF0ZWQgYXMgc3BlY2lmaWVkIGluPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgaXMgc3RvcmVkIGxvY2FsbHksIHRvZ2V0aGVyIHdpdGggdGhl
IG5vbmNlIGdlbmVyYXRlZCBhcyBzcGVjaWZpZWQgaW48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIFtSRkM2ODMwXS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICBbUkZDNjgzMF0uPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxl
ZnQiPiAgIFRoZSBNYXAtUmVxdWVzdCBNVVNUIGJlIGVuY2Fwc3VsYXRlZCBpbiBhbiBFQ00s
IHdpdGggdGhlIFMtYml0IHNldCB0bzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIFRoZSBNYXAtUmVxdWVzdCBNVVNUIGJlIGVuY2Fwc3VsYXRlZCBpbiBhbiBFQ00sIHdp
dGggdGhlIFMtYml0IHNldCB0bzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
MSwgdG8gaW5kaWNhdGUgdGhlIHByZXNlbmNlIG9mIEF1dGhlbnRpY2F0aW9uIERhdGEuICBJ
ZiB0aGUgSVRSIGFuZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIDEsIHRv
IGluZGljYXRlIHRoZSBwcmVzZW5jZSBvZiBBdXRoZW50aWNhdGlvbiBEYXRhLiAgSWYgdGhl
IElUUiBhbmQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSBNYXAtUmVz
b2x2ZXIgYXJlIGNvbmZpZ3VyZWQgd2l0aCBhIHNoYXJlZCBrZXksIHRoZSBJVFItT1RLPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIE1hcC1SZXNvbHZlciBhcmUg
Y29uZmlndXJlZCB3aXRoIGEgc2hhcmVkIGtleSwgdGhlIElUUi1PVEs8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGNvbmZpZGVudGlhbGl0eSBTSE9VTEQgYmUgcHJvdGVj
dGVkIGJ5IHdyYXBwaW5nIHRoZSBJVFItT1RLIHdpdGggdGhlPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgY29uZmlkZW50aWFsaXR5IFNIT1VMRCBiZSBwcm90ZWN0ZWQg
Ynkgd3JhcHBpbmcgdGhlIElUUi1PVEsgd2l0aCB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIGFsZ29yaXRobSBzcGVjaWZpZWQgYnkgdGhlIE9USyBFbmNyeXB0aW9u
IElEIGZpZWxkLiAgU2VlIFNlY3Rpb24gNS41PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgYWxnb3JpdGhtIHNwZWNpZmllZCBieSB0aGUgT1RLIEVuY3J5cHRpb24gSUQg
ZmllbGQuICBTZWUgU2VjdGlvbiA1LjU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIGZvciBmdXJ0aGVyIGRldGFpbHMgb24gT1RLIGVuY3J5cHRpb24uPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZm9yIGZ1cnRoZXIgZGV0YWlscyBvbiBPVEsgZW5j
cnlwdGlvbi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
VGhlIFJlcXVlc3RlZCBITUFDIElEIGZpZWxkIGNvbnRhaW5zIHRoZSBzdWdnZXN0ZWQgSE1B
QyBhbGdvcml0aG0gdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGUg
UmVxdWVzdGVkIEhNQUMgSUQgZmllbGQgY29udGFpbnMgdGhlIHN1Z2dlc3RlZCBITUFDIGFs
Z29yaXRobSB0bzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYmUgdXNlZCBi
eSB0aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVUUiB0byBwcm90ZWN0IHRoZSBpbnRlZ3JpdHkg
b2YgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgYmUgdXNlZCBieSB0
aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVUUiB0byBwcm90ZWN0IHRoZSBpbnRlZ3JpdHkgb2Yg
dGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBFQ00gQXV0aGVudGljYXRp
b24gZGF0YSBhbmQgb2YgdGhlIE1hcC1SZXBseS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBFQ00gQXV0aGVudGljYXRpb24gZGF0YSBhbmQgb2YgdGhlIE1hcC1SZXBs
eS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyIGlkPSJkaWZmMDAyNiI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBUaGUgS0RGIElEIDxzcGFuIGNs
YXNzPSJkZWxldGUiPmZpZWxkLDwvc3Bhbj4gc3BlY2lmaWVzIHRoZSBzdWdnZXN0ZWQga2V5
IGRlcml2YXRpb24gZnVuY3Rpb24gdG88L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+ICAgVGhlIEtERiBJRCA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5maWVsZDwvc3Bhbj4gc3Bl
Y2lmaWVzIHRoZSBzdWdnZXN0ZWQga2V5IGRlcml2YXRpb24gZnVuY3Rpb24gdG88L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgYmUgdXNlZCBieSB0aGUgTWFwLVNlcnZl
ciB0byBkZXJpdmUgdGhlIE1TLU9USy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+ICAgYmUgdXNlZCBieSB0aGUgTWFwLVNlcnZlciB0byBkZXJpdmUgdGhlIE1TLU9USy4g
IDxzcGFuIGNsYXNzPSJpbnNlcnQiPkEgS0RGIFZhbHVlIG9mIE5PTkU8L3NwYW4+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAoMCksIE1BWSBiZSB1c2VkIHRvIHNw
ZWNpZnkgdGhhdCB0aGUgSVRSIGhhcyBubyBwcmVmZXJyZWQgS0RGIElELjwvc3Bhbj48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIEVJRC1BRCBs
ZW5ndGggaXMgc2V0IHRvIDQgYnl0ZXMsIHNpbmNlIHRoZSBBdXRoZW50aWNhdGlvbiBEYXRh
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIEVJRC1BRCBsZW5ndGgg
aXMgc2V0IHRvIDQgYnl0ZXMsIHNpbmNlIHRoZSBBdXRoZW50aWNhdGlvbiBEYXRhPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBkb2VzIG5vdCBjb250YWluIEVJRC1wcmVm
aXggQXV0aGVudGljYXRpb24gRGF0YSwgYW5kIHRoZSBFSUQtQUQ8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBkb2VzIG5vdCBjb250YWluIEVJRC1wcmVmaXggQXV0aGVu
dGljYXRpb24gRGF0YSwgYW5kIHRoZSBFSUQtQUQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIGNvbnRhaW5zIG9ubHkgdGhlIEtERiBJRCBmaWVsZC48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBjb250YWlucyBvbmx5IHRoZSBLREYgSUQgZmllbGQu
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIEluIHJlc3Bv
bnNlIHRvIGFuIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCB0aGF0IGhhcyB0aGUgUy1iaXQg
c2V0LCBhbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEluIHJlc3BvbnNl
IHRvIGFuIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCB0aGF0IGhhcyB0aGUgUy1iaXQgc2V0
LCBhbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSVRSIE1VU1QgcmVjZWl2
ZSBhIE1hcC1SZXBseSB3aXRoIHRoZSBTLWJpdCBzZXQsIHRoYXQgaW5jbHVkZXMgYW48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJVFIgTVVTVCByZWNlaXZlIGEgTWFw
LVJlcGx5IHdpdGggdGhlIFMtYml0IHNldCwgdGhhdCBpbmNsdWRlcyBhbjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgRUlELUFEIGFuZCBhIFBLVC1BRC4gIElmIHRoZSBN
YXAtUmVwbHkgZG9lcyBub3QgaW5jbHVkZSBib3RoIEFEcywgdGhlPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgRUlELUFEIGFuZCBhIFBLVC1BRC4gIElmIHRoZSBNYXAt
UmVwbHkgZG9lcyBub3QgaW5jbHVkZSBib3RoIEFEcywgdGhlPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBJVFIgTVVTVCBkaXNjYXJkIGl0LiAgSW4gcmVzcG9uc2UgdG8g
YW4gZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0IHdpdGg8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBJVFIgTVVTVCBkaXNjYXJkIGl0LiAgSW4gcmVzcG9uc2UgdG8gYW4g
ZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0IHdpdGg8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIFMtYml0IHNldCB0byAwLCB0aGUgSVRSIGV4cGVjdHMgYSBNYXAtUmVwbHkg
d2l0aCBTLWJpdCBzZXQgdG8gMCwgYW5kPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgUy1iaXQgc2V0IHRvIDAsIHRoZSBJVFIgZXhwZWN0cyBhIE1hcC1SZXBseSB3aXRo
IFMtYml0IHNldCB0byAwLCBhbmQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJwYXJ0LTkiIGNsYXNzPSJjaGFuZ2UiPjx0ZD48
L3RkPjx0aD48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdlIGF0PC9zbWFsbD48YSBocmVmPSJo
dHRwczovL3Rvb2xzLmlldGYub3JnL3Rvb2xzL3JmY2RpZmYvcmZjZGlmZi5weWh0I3BhcnQt
OSI+PGVtPiBwYWdlIDExLCBsaW5lIDM3PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48
L2VtPjwvYT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBh
dDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZm
L3JmY2RpZmYucHlodCNwYXJ0LTkiPjxlbT4gcGFnZSAxMSwgbGluZSA0MTxzcGFuIGNsYXNz
PSJoaWRlIj4gwrY8L3NwYW4+PC9lbT48L2E+PC90aD48dGQ+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBVcG9uIHJl
Y2VpdmluZyBhIE1hcC1SZXBseSwgdGhlIElUUiBtdXN0IHZlcmlmeSB0aGUgaW50ZWdyaXR5
IG9mIGJvdGg8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBVcG9uIHJlY2Vp
dmluZyBhIE1hcC1SZXBseSwgdGhlIElUUiBtdXN0IHZlcmlmeSB0aGUgaW50ZWdyaXR5IG9m
IGJvdGg8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRoZSBFSUQtQUQgYW5k
IHRoZSBQS1QtQUQsIGFuZCBNVVNUIGRpc2NhcmQgdGhlIE1hcC1SZXBseSBpZiBvbmUgb2Y8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGUgRUlELUFEIGFuZCB0aGUg
UEtULUFELCBhbmQgTVVTVCBkaXNjYXJkIHRoZSBNYXAtUmVwbHkgaWYgb25lIG9mPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgaW50ZWdyaXR5IGNoZWNrcyBmYWls
cy48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGUgaW50ZWdyaXR5IGNo
ZWNrcyBmYWlscy48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgVGhlIGludGVncml0eSBvZiB0aGUgRUlELUFEIGlzIHZlcmlmaWVkIHVzaW5nIHRoZSBs
b2NhbGx5IHN0b3JlZCBJVFItPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
VGhlIGludGVncml0eSBvZiB0aGUgRUlELUFEIGlzIHZlcmlmaWVkIHVzaW5nIHRoZSBsb2Nh
bGx5IHN0b3JlZCBJVFItPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBPVEsg
dG8gcmUtY29tcHV0ZSB0aGUgSE1BQyBvZiB0aGUgRUlELUFEIHVzaW5nIHRoZSBhbGdvcml0
aG08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBPVEsgdG8gcmUtY29tcHV0
ZSB0aGUgSE1BQyBvZiB0aGUgRUlELUFEIHVzaW5nIHRoZSBhbGdvcml0aG08L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHNwZWNpZmllZCBpbiB0aGUgRUlEIEhNQUMgSUQg
ZmllbGQuICBJZiB0aGUgRUlEIEhNQUMgSUQgZmllbGQgZG9lczwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIHNwZWNpZmllZCBpbiB0aGUgRUlEIEhNQUMgSUQgZmllbGQu
ICBJZiB0aGUgRUlEIEhNQUMgSUQgZmllbGQgZG9lczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgbm90IG1hdGNoIHRoZSBSZXF1ZXN0ZWQgSE1BQyBJRCB0aGUgSVRSIFNI
T1VMRCBkaXNjYXJkIHRoZSBNYXAtUmVwbHk8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICBub3QgbWF0Y2ggdGhlIFJlcXVlc3RlZCBITUFDIElEIHRoZSBJVFIgU0hPVUxE
IGRpc2NhcmQgdGhlIE1hcC1SZXBseTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgYW5kIHNlbmQsIGF0IHRoZSBmaXJzdCBvcHBvcnR1bml0eSBpdCBuZWVkcyB0bywgYSBu
ZXcgTWFwLVJlcXVlc3Q8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBhbmQg
c2VuZCwgYXQgdGhlIGZpcnN0IG9wcG9ydHVuaXR5IGl0IG5lZWRzIHRvLCBhIG5ldyBNYXAt
UmVxdWVzdDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgd2l0aCBhIGRpZmZl
cmVudCBSZXF1ZXN0ZWQgSE1BQyBJRCBmaWVsZCwgYWNjb3JkaW5nIHRvIElUUidzIGxvY2Fs
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgd2l0aCBhIGRpZmZlcmVudCBS
ZXF1ZXN0ZWQgSE1BQyBJRCBmaWVsZCwgYWNjb3JkaW5nIHRvIElUUidzIGxvY2FsPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDI3Ij48
dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgIHBvbGljeS4gIFRoZSBJVFIgTVVTVCBzZXQgdGhlIEVJRCBITUFD
IElEIGZpZWxkIHRvIDAgYmVmb3JlIGNvbXB1dGluZzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gICBwb2xpY3kuICBUaGUgPHNwYW4gY2xhc3M9Imluc2VydCI+c2NvcGUg
b2YgdGhlIEhNQUMgb3BlcmF0aW9uIGNvdmVycyB0aGUgZW50aXJlIEVJRC1BRCw8L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIHRoZSBITUFDLjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBmcm9t
IHRoZSBFSUQtQUQgTGVuZ3RoIGZpZWxkIHRvIHRoZSBFSUQgSE1BQyBmaWVsZCwgd2hpY2gg
bXVzdCBiZSBzZXQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4g
ICB0byAwIGJlZm9yZSB0aGUgY29tcHV0YXRpb24gb2YgdGhlIEhNQUMuPC9zcGFuPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgSVRSIE1VU1Qg
c2V0IHRoZSBFSUQgSE1BQyBJRCBmaWVsZCB0byAwIGJlZm9yZSBjb21wdXRpbmcgdGhlIEhN
QUMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRvIHZl
cmlmeSB0aGUgaW50ZWdyaXR5IG9mIHRoZSBQS1QtQUQsIGZpcnN0IHRoZSBNUy1PVEsgaXMg
ZGVyaXZlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRvIHZlcmlmeSB0
aGUgaW50ZWdyaXR5IG9mIHRoZSBQS1QtQUQsIGZpcnN0IHRoZSBNUy1PVEsgaXMgZGVyaXZl
ZDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZnJvbSB0aGUgbG9jYWxseSBz
dG9yZWQgSVRSLU9USyB1c2luZyB0aGUgYWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0aGU8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBmcm9tIHRoZSBsb2NhbGx5IHN0b3Jl
ZCBJVFItT1RLIHVzaW5nIHRoZSBhbGdvcml0aG0gc3BlY2lmaWVkIGluIHRoZTwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgS0RGIElEIGZpZWxkLiAgVGhpcyBpcyBiZWNh
dXNlIHRoZSBQS1QtQUQgaXMgZ2VuZXJhdGVkIGJ5IHRoZSBFVFI8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBLREYgSUQgZmllbGQuICBUaGlzIGlzIGJlY2F1c2UgdGhl
IFBLVC1BRCBpcyBnZW5lcmF0ZWQgYnkgdGhlIEVUUjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgdXNpbmcgdGhlIE1TLU9USy4gIElmIHRoZSBLREYgSUQgaW4gdGhlIE1h
cC1SZXBseSBkb2VzIG5vdCBtYXRjaCB0aGU8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICB1c2luZyB0aGUgTVMtT1RLLiAgSWYgdGhlIEtERiBJRCBpbiB0aGUgTWFwLVJl
cGx5IGRvZXMgbm90IG1hdGNoIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
ICAgS0RGIElEIHJlcXVlc3RlZCBpbiB0aGUgTWFwLVJlcXVlc3QsIHRoZSBJVFIgU0hPVUxE
IGRpc2NhcmQgdGhlIE1hcC08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBL
REYgSUQgcmVxdWVzdGVkIGluIHRoZSBNYXAtUmVxdWVzdCwgdGhlIElUUiBTSE9VTEQgZGlz
Y2FyZCB0aGUgTWFwLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgUmVwbHkg
YW5kIHNlbmQsIGF0IHRoZSBmaXJzdCBvcHBvcnR1bml0eSBpdCBuZWVkcyB0bywgYSBuZXcg
TWFwLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFJlcGx5IGFuZCBzZW5k
LCBhdCB0aGUgZmlyc3Qgb3Bwb3J0dW5pdHkgaXQgbmVlZHMgdG8sIGEgbmV3IE1hcC08L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFJlcXVlc3Qgd2l0aCBhIGRpZmZlcmVu
dCBLREYgSUQsIGFjY29yZGluZyB0byBJVFIncyBsb2NhbCBwb2xpY3kuPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgUmVxdWVzdCB3aXRoIGEgZGlmZmVyZW50IEtERiBJ
RCwgYWNjb3JkaW5nIHRvIElUUidzIGxvY2FsIHBvbGljeS48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMjgiPjx0ZD48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQi
PiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICA8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBUaGUgZGVyaXZlZCBNUy1PVEsgaXMgdGhlbiB1c2VkIHRvIHJlLWNvbXB1dGUg
dGhlIEhNQUMgb2YgdGhlIFBLVC1BRDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIFRoZSBkZXJpdmVkIE1TLU9USyBpcyB0aGVuIHVzZWQgdG8gcmUtY29tcHV0ZSB0aGUg
SE1BQyBvZiB0aGUgUEtULUFEPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB1
c2luZyB0aGUgQWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0aGUgUEtUIEhNQUMgSUQgZmllbGQu
ICBJZiB0aGUgUEtUPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdXNpbmcg
dGhlIEFsZ29yaXRobSBzcGVjaWZpZWQgaW4gdGhlIFBLVCBITUFDIElEIGZpZWxkLiAgSWYg
dGhlIFBLVDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSE1BQyBJRCBmaWVs
ZCBkb2VzIG5vdCBtYXRjaCB0aGUgUmVxdWVzdGVkIEhNQUMgSUQgdGhlIElUUiBTSE9VTEQ8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBITUFDIElEIGZpZWxkIGRvZXMg
bm90IG1hdGNoIHRoZSBSZXF1ZXN0ZWQgSE1BQyBJRCB0aGUgSVRSIFNIT1VMRDwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZGlzY2FyZCB0aGUgTWFwLVJlcGx5IGFuZCBz
ZW5kLCBhdCB0aGUgZmlyc3Qgb3Bwb3J0dW5pdHkgaXQgbmVlZHMgdG8sPC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgZGlzY2FyZCB0aGUgTWFwLVJlcGx5IGFuZCBzZW5k
LCBhdCB0aGUgZmlyc3Qgb3Bwb3J0dW5pdHkgaXQgbmVlZHMgdG8sPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICBhIG5ldyBNYXAtUmVxdWVzdCB3aXRoIGEgZGlmZmVyZW50
IFJlcXVlc3RlZCBITUFDIElEIGFjY29yZGluZyB0bzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIGEgbmV3IE1hcC1SZXF1ZXN0IHdpdGggYSBkaWZmZXJlbnQgUmVxdWVz
dGVkIEhNQUMgSUQgYWNjb3JkaW5nIHRvPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDI5Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIElUUidzIGxv
Y2FsIDxzcGFuIGNsYXNzPSJkZWxldGUiPnBvbGljeS48L3NwYW4+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPiAgIElUUidzIGxvY2FsIDxzcGFuIGNsYXNzPSJpbnNlcnQi
PnBvbGljeSBvciB1bnRpbCBhbGwgSE1BQyBJRHMgc3VwcG9ydGVkIGJ5IHRoZSBJVFIgaGF2
ZTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGJlZW4gYXR0
ZW1wdGVkLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgRWFjaCBpbmRpdmlkdWFsIE1hcC1SZXBseSBFSUQtcmVjb3JkIGlzIGNvbnNpZGVy
ZWQgdmFsaWQgb25seSBpZjogKDEpPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgRWFjaCBpbmRpdmlkdWFsIE1hcC1SZXBseSBFSUQtcmVjb3JkIGlzIGNvbnNpZGVyZWQg
dmFsaWQgb25seSBpZjogKDEpPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBi
b3RoIEVJRC1BRCBhbmQgUEtULUFEIGFyZSB2YWxpZCwgYW5kICgyKSB0aGUgaW50ZXJzZWN0
aW9uIG9mIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGJvdGggRUlE
LUFEIGFuZCBQS1QtQUQgYXJlIHZhbGlkLCBhbmQgKDIpIHRoZSBpbnRlcnNlY3Rpb24gb2Yg
dGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBFSUQtcHJlZml4IGluIHRo
ZSBNYXAtUmVwbHkgRUlELXJlY29yZCB3aXRoIG9uZSBvZiB0aGUgRUlELXByZWZpeGVzPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgRUlELXByZWZpeCBpbiB0aGUgTWFw
LVJlcGx5IEVJRC1yZWNvcmQgd2l0aCBvbmUgb2YgdGhlIEVJRC1wcmVmaXhlczwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgY29udGFpbmVkIGluIHRoZSBFSUQtQUQgaXMg
bm90IGVtcHR5LiAgQWZ0ZXIgaWRlbnRpZnlpbmcgdGhlIE1hcC08L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBjb250YWluZWQgaW4gdGhlIEVJRC1BRCBpcyBub3QgZW1w
dHkuICBBZnRlciBpZGVudGlmeWluZyB0aGUgTWFwLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgUmVwbHkgcmVjb3JkIGFzIHZhbGlkLCB0aGUgSVRSIHNldHMgdGhlIEVJ
RC1wcmVmaXggaW4gdGhlIE1hcC1SZXBseTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIFJlcGx5IHJlY29yZCBhcyB2YWxpZCwgdGhlIElUUiBzZXRzIHRoZSBFSUQtcHJl
Zml4IGluIHRoZSBNYXAtUmVwbHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAg
IHJlY29yZCB0byB0aGUgdmFsdWUgb2YgdGhlIGludGVyc2VjdGlvbiBzZXQgY29tcHV0ZWQg
YmVmb3JlLCBhbmQgYWRkczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHJl
Y29yZCB0byB0aGUgdmFsdWUgb2YgdGhlIGludGVyc2VjdGlvbiBzZXQgY29tcHV0ZWQgYmVm
b3JlLCBhbmQgYWRkczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhlIE1h
cC1SZXBseSBFSUQtcmVjb3JkIHRvIGl0cyBFSUQtdG8tUkxPQyBjYWNoZSwgYXMgZGVzY3Jp
YmVkIGluPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIE1hcC1SZXBs
eSBFSUQtcmVjb3JkIHRvIGl0cyBFSUQtdG8tUkxPQyBjYWNoZSwgYXMgZGVzY3JpYmVkIGlu
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBbUkZDNjgzMF0uICBBbiBleGFt
cGxlIG9mIE1hcC1SZXBseSByZWNvcmQgdmFsaWRhdGlvbiBpcyBwcm92aWRlZCBpbjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFtSRkM2ODMwXS4gIEFuIGV4YW1wbGUg
b2YgTWFwLVJlcGx5IHJlY29yZCB2YWxpZGF0aW9uIGlzIHByb3ZpZGVkIGluPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBTZWN0aW9uIDUuNC4xLjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIFNlY3Rpb24gNS40LjEuPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBJVFIgU0hPVUxEIHNlbmQgU01SIHRy
aWdnZXJlZCBNYXAtUmVxdWVzdHMgb3ZlciB0aGUgbWFwcGluZzwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBJVFIgU0hPVUxEIHNlbmQgU01SIHRyaWdnZXJlZCBN
YXAtUmVxdWVzdHMgb3ZlciB0aGUgbWFwcGluZzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgc3lzdGVtIGluIG9yZGVyIHRvIHJlY2VpdmUgYSBzZWN1cmUgTWFwLVJlcGx5
LiAgSWYgYW4gSVRSIGFjY2VwdHM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICBzeXN0ZW0gaW4gb3JkZXIgdG8gcmVjZWl2ZSBhIHNlY3VyZSBNYXAtUmVwbHkuICBJZiBh
biBJVFIgYWNjZXB0czwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcGlnZ3li
YWNrZWQgTWFwLVJlcGxpZXMsIGl0IFNIT1VMRCBhbHNvIHNlbmQgYSBNYXAtUmVxdWVzdCBv
dmVyIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHBpZ2d5YmFja2Vk
IE1hcC1SZXBsaWVzLCBpdCBTSE9VTEQgYWxzbyBzZW5kIGEgTWFwLVJlcXVlc3Qgb3ZlciB0
aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlm
ZjAwMzAiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgbWFwcGluZyBzeXN0ZW0gaW4gb3JkZXIgdG8gPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+c2VjdXJlbHk8L3NwYW4+IHZlcmlmeSB0aGUgcGlnZ3liYWNr
ZWQgTWFwLVJlcGx5LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBtYXBw
aW5nIHN5c3RlbSBpbiBvcmRlciB0byB2ZXJpZnkgdGhlIHBpZ2d5YmFja2VkIDxzcGFuIGNs
YXNzPSJpbnNlcnQiPk1hcC1SZXBseSB3aXRoIGE8L3NwYW4+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3Bh
biBjbGFzcz0iaW5zZXJ0Ij4gICBzZWN1cmU8L3NwYW4+IE1hcC1SZXBseS48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+NS40LjEuICBNYXAtUmVwbHkgUmVj
b3JkIFZhbGlkYXRpb248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij41LjQuMS4g
IE1hcC1SZXBseSBSZWNvcmQgVmFsaWRhdGlvbjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgcGF5bG9hZCBvZiBhIE1hcC1SZXBseSBtYXkgY29u
dGFpbiBtdWx0aXBsZSBFSUQtcmVjb3Jkcy4gIFRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFRoZSBwYXlsb2FkIG9mIGEgTWFwLVJlcGx5IG1heSBjb250YWluIG11
bHRpcGxlIEVJRC1yZWNvcmRzLiAgVGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICB3aG9sZSBNYXAtUmVwbHkgaXMgc2lnbmVkIGJ5IHRoZSBFVFIsIHdpdGggdGhlIFBL
VCBITUFDLCB0byBwcm92aWRlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
d2hvbGUgTWFwLVJlcGx5IGlzIHNpZ25lZCBieSB0aGUgRVRSLCB3aXRoIHRoZSBQS1QgSE1B
QywgdG8gcHJvdmlkZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgaW50ZWdy
aXR5IHByb3RlY3Rpb24gYW5kIG9yaWdpbiBhdXRoZW50aWNhdGlvbiB0byB0aGUgRUlELXBy
ZWZpeDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGludGVncml0eSBwcm90
ZWN0aW9uIGFuZCBvcmlnaW4gYXV0aGVudGljYXRpb24gdG8gdGhlIEVJRC1wcmVmaXg8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHJlY29yZHMgY2xhaW1lZCBieSB0aGUg
RVRSLiAgVGhlIEF1dGhlbnRpY2F0aW9uIERhdGEgZmllbGQgb2YgYSBNYXAtPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcmVjb3JkcyBjbGFpbWVkIGJ5IHRoZSBFVFIu
ICBUaGUgQXV0aGVudGljYXRpb24gRGF0YSBmaWVsZCBvZiBhIE1hcC08L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFJlcGx5IG1heSBjb250YWluIG11bHRpcGxlIEVJRC1y
ZWNvcmRzIGluIHRoZSBFSUQtQUQuICBUaGUgRUlELUFEIGlzPC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyaWdodCI+ICAgUmVwbHkgbWF5IGNvbnRhaW4gbXVsdGlwbGUgRUlELXJlY29y
ZHMgaW4gdGhlIEVJRC1BRC4gIFRoZSBFSUQtQUQgaXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIHNpZ25lZCBieSB0aGUgTWFwLVNlcnZlciwgd2l0aCB0aGUgRUlEIEhN
QUMsIHRvIHByb3ZpZGUgaW50ZWdyaXR5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgc2lnbmVkIGJ5IHRoZSBNYXAtU2VydmVyLCB3aXRoIHRoZSBFSUQgSE1BQywgdG8g
cHJvdmlkZSBpbnRlZ3JpdHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHBy
b3RlY3Rpb24gYW5kIG9yaWdpbiBhdXRoZW50aWNhdGlvbiB0byB0aGUgRUlELXByZWZpeCBy
ZWNvcmRzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJvdGVjdGlvbiBh
bmQgb3JpZ2luIGF1dGhlbnRpY2F0aW9uIHRvIHRoZSBFSUQtcHJlZml4IHJlY29yZHM8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGluc2VydGVkIGJ5IHRoZSBNYXAtU2Vy
dmVyLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGluc2VydGVkIGJ5IHRo
ZSBNYXAtU2VydmVyLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBVcG9uIHJlY2VpdmluZyBhIE1hcC1SZXBseSB3aXRoIHRoZSBTLWJpdCBzZXQsIHRo
ZSBJVFIgZmlyc3QgY2hlY2tzPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
VXBvbiByZWNlaXZpbmcgYSBNYXAtUmVwbHkgd2l0aCB0aGUgUy1iaXQgc2V0LCB0aGUgSVRS
IGZpcnN0IGNoZWNrczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhlIHZh
bGlkaXR5IG9mIGJvdGggdGhlIEVJRCBITUFDIGFuZCBvZiB0aGUgUEtULUFEIEhNQUMuICBJ
ZiBlaXRoZXI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGUgdmFsaWRp
dHkgb2YgYm90aCB0aGUgRUlEIEhNQUMgYW5kIG9mIHRoZSBQS1QtQUQgSE1BQy4gIElmIGVp
dGhlcjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJk
aWZmMDAzMSI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBvbmUgb2YgdGhlIEhNQUNzIGlzIG5vdCB2YWxp
ZCwgYSBsb2cgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+bWVzc2FnZSBpcyBpc3N1ZWQ8L3NwYW4+
IGFuZCB0aGUgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+TWFwLTwvc3Bhbj48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+ICAgb25lIG9mIHRoZSBITUFDcyBpcyBub3QgdmFsaWQs
IGEgbG9nIDxzcGFuIGNsYXNzPSJpbnNlcnQiPmFjdGlvbiBNVVNUIGJlIHRha2VuPC9zcGFu
PiBhbmQgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNsYXNz
PSJkZWxldGUiPiAgIFJlcGx5IGlzIG5vdDwvc3Bhbj4gcHJvY2Vzc2VkIGFueSBmdXJ0aGVy
LiAgSWYgYm90aCBITUFDcyBhcmUgdmFsaWQsIHRoZSBJVFI8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+TWFwLVJlcGx5IE1VU1Qg
Tk9UIGJlPC9zcGFuPiBwcm9jZXNzZWQgYW55IGZ1cnRoZXIuICBJZiBib3RoIEhNQUNzIGFy
ZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBwcm9jZWVkcyB3aXRoIHZh
bGlkYXRpbmcgZWFjaCBpbmRpdmlkdWFsIEVJRC1yZWNvcmQgY2xhaW1lZCBieSB0aGU8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgdmFsaWQsIHRoZSBJVFIgcHJvY2Vl
ZHMgd2l0aCB2YWxpZGF0aW5nIGVhY2ggaW5kaXZpZHVhbCBFSUQtcmVjb3JkPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIEVUUiBieSBjb21wdXRpbmcgdGhlIGludGVy
c2VjdGlvbiBvZiBlYWNoIG9uZSBvZiB0aGUgRUlELXByZWZpeDwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj4gICBjbGFpbWVkIGJ5IHRoZSBFVFIgYnkgY29tcHV0aW5nIHRo
ZSBpbnRlcnNlY3Rpb24gb2YgZWFjaCBvbmUgb2YgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPiAgIGNvbnRhaW5lZCBpbiB0aGUgcGF5bG9hZCBvZiB0aGUgTWFwLVJl
cGx5IHdpdGggZWFjaCBvbmUgb2YgdGhlIDxzcGFuIGNsYXNzPSJkZWxldGUiPkVJRC08L3Nw
YW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIEVJRC1wcmVmaXggY29u
dGFpbmVkIGluIHRoZSBwYXlsb2FkIG9mIHRoZSBNYXAtUmVwbHkgd2l0aCBlYWNoIG9uZSBv
ZjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBjbGFzcz0iZGVsZXRl
Ij4gICBwcmVmaXhlczwvc3Bhbj4gY29udGFpbmVkIGluIHRoZSBFSUQtQUQuICBBbiBFSUQt
cmVjb3JkIGlzIHZhbGlkIG9ubHkgaWYgYXQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi
bG9jayI+ICAgdGhlIDxzcGFuIGNsYXNzPSJpbnNlcnQiPkVJRC1wcmVmaXhlczwvc3Bhbj4g
Y29udGFpbmVkIGluIHRoZSBFSUQtQUQuICBBbiBFSUQtcmVjb3JkIGlzIHZhbGlkPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIGxlYXN0IG9uZSBvZiB0aGUgaW50ZXJz
ZWN0aW9ucyBpcyBub3QgdGhlIGVtcHR5IHNldC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+ICAgb25seSBpZiBhdCBsZWFzdCBvbmUgb2YgdGhlIGludGVyc2VjdGlvbnMg
aXMgbm90IHRoZSBlbXB0eSBzZXQuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIEZvciBpbnN0YW5jZSwgdGhlIE1hcC1SZXBseSBwYXlsb2FkIGNvbnRh
aW5zIDMgbWFwcGluZyByZWNvcmQgRUlELTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIEZvciBpbnN0YW5jZSwgdGhlIE1hcC1SZXBseSBwYXlsb2FkIGNvbnRhaW5zIDMg
bWFwcGluZyByZWNvcmQgRUlELTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
cHJlZml4ZXM6PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJlZml4ZXM6
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIDEuMS4x
LjAvMjQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAxLjEuMS4wLzI0
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIDEuMS4y
LjAvMjQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAxLjEuMi4wLzI0
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIDEuMi4w
LjAvMTY8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAxLjIuMC4wLzE2
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBFSUQt
QUQgY29udGFpbnMgdHdvIEVJRC1wcmVmaXhlczo8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBUaGUgRUlELUFEIGNvbnRhaW5zIHR3byBFSUQtcHJlZml4ZXM6PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIDEuMS4yLjAvMjQ8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAxLjEuMi4wLzI0PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgIDEuMi4zLjAvMjQ8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAxLjIuMy4wLzI0PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0i
ZGlmZjAwMzIiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgVGhlIEVJRC1yZWNvcmQgd2l0aCBFSUQtcHJl
Zml4IDEuMS4xLjAvMjQgaXMgbm90IDxzcGFuIGNsYXNzPSJkZWxldGUiPnByb2Nlc3NlZDwv
c3Bhbj4gc2luY2UgaXQ8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgVGhl
IEVJRC1yZWNvcmQgd2l0aCBFSUQtcHJlZml4IDEuMS4xLjAvMjQgaXMgbm90IDxzcGFuIGNs
YXNzPSJpbnNlcnQiPmVsaWdpYmxlIHRvIGJlIHVzZWQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPiAgIGlzIG5vdCBpbmNsdWRlZCBpbiBhbnkgb2YgdGhlIEVJ
RC1BRHMgc2lnbmVkIGJ5IHRoZSBNYXAtU2VydmVyLiAgQTwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBieSB0aGUgSVRSPC9zcGFu
PiBzaW5jZSBpdCBpcyBub3QgaW5jbHVkZWQgaW4gYW55IG9mIHRoZSBFSUQtQURzIHNpZ25l
ZCBieTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBsb2cgPHNwYW4gY2xh
c3M9ImRlbGV0ZSI+bWVzc2FnZSBpcyBpc3N1ZWQuPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj4gICB0aGUgTWFwLVNlcnZlci4gIEEgbG9nIDxzcGFuIGNsYXNz
PSJpbnNlcnQiPmFjdGlvbiBNVVNUIGJlIHRha2VuLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDAzMyI+
PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj4gICBUaGUgRUlELXJlY29yZCB3aXRoIEVJRC1wcmVmaXggMS4xLjIu
MC8yNCBpcyA8c3BhbiBjbGFzcz0iZGVsZXRlIj5zdG9yZWQgaW48L3NwYW4+IHRoZSA8c3Bh
biBjbGFzcz0iZGVsZXRlIj5tYXAtY2FjaGU8L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPiAgIFRoZSBFSUQtcmVjb3JkIHdpdGggRUlELXByZWZpeCAxLjEuMi4w
LzI0IGlzIDxzcGFuIGNsYXNzPSJpbnNlcnQiPmVsaWdpYmxlIHRvIGJlIHVzZWQgYnk8L3Nw
YW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIGJlY2F1c2UgaXQgbWF0
Y2hlcyB0aGUgc2Vjb25kIEVJRC1wcmVmaXggY29udGFpbmVkIGluIHRoZSBFSUQtQUQuPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIHRoZSA8c3BhbiBjbGFzcz0iaW5z
ZXJ0Ij5JVFI8L3NwYW4+IGJlY2F1c2UgaXQgbWF0Y2hlcyB0aGUgc2Vjb25kIEVJRC1wcmVm
aXggY29udGFpbmVkIGluIHRoZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgRUlELUFELjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYw
MDM0Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPiAgIFRoZSBFSUQtcmVjb3JkIHdpdGggRUlELXByZWZpeCAx
LjIuMC4wLzE2IGlzIG5vdCA8c3BhbiBjbGFzcz0iZGVsZXRlIj5wcm9jZXNzZWQ8L3NwYW4+
IHNpbmNlIGl0PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIFRoZSBFSUQt
cmVjb3JkIHdpdGggRUlELXByZWZpeCAxLjIuMC4wLzE2IGlzIG5vdCA8c3BhbiBjbGFzcz0i
aW5zZXJ0Ij5lbGlnaWJsZSB0byBiZSB1c2VkPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj4gICBpcyBub3QgaW5jbHVkZWQgaW4gYW55IG9mIHRoZSBFSUQtQURz
IHNpZ25lZCBieSB0aGUgTWFwLVNlcnZlci4gIEE8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgYnkgdGhlIElUUjwvc3Bhbj4gc2lu
Y2UgaXQgaXMgbm90IGluY2x1ZGVkIGluIGFueSBvZiB0aGUgRUlELUFEcyBzaWduZWQgYnk8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgbG9nIDxzcGFuIGNsYXNzPSJk
ZWxldGUiPm1lc3NhZ2UgaXMgaXNzdWVkLjwvc3Bhbj4gIEluIHRoaXMgbGFzdCBleGFtcGxl
IHRoZSBFVFIgaXMgdHJ5aW5nIHRvPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2si
PiAgIHRoZSBNYXAtU2VydmVyLiAgQSBsb2cgPHNwYW4gY2xhc3M9Imluc2VydCI+YWN0aW9u
IE1VU1QgYmUgdGFrZW4uPC9zcGFuPiAgSW4gdGhpcyBsYXN0IGV4YW1wbGU8L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgb3ZlciBjbGFpbSB0aGUgRUlELXByZWZpeCAx
LjIuMC4wLzE2LCBidXQgdGhlIE1hcC1TZXJ2ZXIgYXV0aG9yaXplZDwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj4gICB0aGUgRVRSIGlzIHRyeWluZyB0byBvdmVyIGNsYWlt
IHRoZSBFSUQtcHJlZml4IDEuMi4wLjAvMTYsIGJ1dCB0aGU8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+ICAgb25seSAxLjIuMy4wLzI0LCBoZW5jZSB0aGUgRUlELXJlY29y
ZCBpcyBkaXNjYXJkZWQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIE1h
cC1TZXJ2ZXIgYXV0aG9yaXplZCBvbmx5IDEuMi4zLjAvMjQsIGhlbmNlIHRoZSBFSUQtcmVj
b3JkIGlzPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj4gICBkaXNjYXJkZWQuPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPjUuNC4yLiAgUElUUiBQcm9jZXNzaW5nPC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+NS40LjIuICBQSVRSIFByb2Nlc3Npbmc8L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIHByb2Nlc3Npbmcg
cGVyZm9ybWVkIGJ5IGEgUElUUiBpcyBlcXVpdmFsZW50IHRvIHRoZSBwcm9jZXNzaW5nIG9m
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIHByb2Nlc3NpbmcgcGVy
Zm9ybWVkIGJ5IGEgUElUUiBpcyBlcXVpdmFsZW50IHRvIHRoZSBwcm9jZXNzaW5nIG9mPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDM1
Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsYmxvY2siPiAgIGFuIElUUi4gIEhvd2V2ZXIsIGlmIHRoZSBQSVRSIGlzIGRp
cmVjdGx5IGNvbm5lY3RlZCB0byA8c3BhbiBjbGFzcz0iZGVsZXRlIj50aGUgQUxULDwvc3Bh
bj4gdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGFuIElUUi4gIEhv
d2V2ZXIsIGlmIHRoZSBQSVRSIGlzIGRpcmVjdGx5IGNvbm5lY3RlZCB0byA8c3BhbiBjbGFz
cz0iaW5zZXJ0Ij5hIE1hcHBpbmc8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
YmxvY2siPiAgIFBJVFIgcGVyZm9ybXMgdGhlIGZ1bmN0aW9ucyBvZiBib3RoIHRoZSBJVFIg
YW5kIHRoZSBNYXAtUmVzb2x2ZXI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgU3lzdGVtIHN1Y2ggYXMgTElTUCtBTFQgW1JGQzY4
MzZdLDwvc3Bhbj4gdGhlIFBJVFIgcGVyZm9ybXMgdGhlIGZ1bmN0aW9ucyBvZjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBmb3J3YXJkaW5nIHRoZSBNYXAtUmVxdWVz
dCBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNIGhlYWRlciB0aGF0PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPiAgIGJvdGggdGhlIElUUiBhbmQgdGhlIE1hcC1SZXNvbHZlciBm
b3J3YXJkaW5nIHRoZSBNYXAtUmVxdWVzdDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj4gICBpbmNsdWRlcyB0aGUgQXV0aGVudGljYXRpb24gRGF0YSBmaWVsZHMgYXMgZGVz
Y3JpYmVkIGluIFNlY3Rpb24gNS42LjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij4gICBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNIGhlYWRlciB0aGF0IGluY2x1ZGVzIHRoZSBB
dXRoZW50aWNhdGlvbiBEYXRhPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICBmaWVsZHMgYXMgZGVzY3JpYmVk
IGluIFNlY3Rpb24gNS42LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij41LjUuICBFbmNyeXB0aW5nIGFuZCBEZWNyeXB0aW5nIGFuIE9USzwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjUuNS4gIEVuY3J5cHRpbmcgYW5kIERlY3J5cHRpbmcg
YW4gT1RLPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIE1T
LU9USyBjb25maWRlbnRpYWxpdHkgaXMgcmVxdWlyZWQgaW4gdGhlIHBhdGggYmV0d2VlbiB0
aGUgTWFwLVNlcnZlcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIE1TLU9U
SyBjb25maWRlbnRpYWxpdHkgaXMgcmVxdWlyZWQgaW4gdGhlIHBhdGggYmV0d2VlbiB0aGUg
TWFwLVNlcnZlcjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgYW5kIHRoZSBF
VFIsIHRoZSBNUy1PVEsgU0hPVUxEIGJlIGVuY3J5cHRlZCB1c2luZyB0aGUgcHJlY29uZmln
dXJlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGFuZCB0aGUgRVRSLCB0
aGUgTVMtT1RLIFNIT1VMRCBiZSBlbmNyeXB0ZWQgdXNpbmcgdGhlIHByZWNvbmZpZ3VyZWQ8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGtleSBzaGFyZWQgYmV0d2VlbiB0
aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVUUiBmb3IgdGhlIHB1cnBvc2Ugb2Y8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBrZXkgc2hhcmVkIGJldHdlZW4gdGhlIE1hcC1T
ZXJ2ZXIgYW5kIHRoZSBFVFIgZm9yIHRoZSBwdXJwb3NlIG9mPC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICBzZWN1cmluZyBFVFIgcmVnaXN0cmF0aW9uIFtSRkM2ODMzXS4g
IFNpbWlsYXJseSwgaWYgSVRSLU9USzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQi
PiAgIHNlY3VyaW5nIEVUUiByZWdpc3RyYXRpb24gW1JGQzY4MzNdLiAgU2ltaWxhcmx5LCBp
ZiBJVFItT1RLPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBjb25maWRlbnRp
YWxpdHkgaXMgcmVxdWlyZWQgaW4gdGhlIHBhdGggYmV0d2VlbiB0aGUgSVRSIGFuZCB0aGUg
TWFwLTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGNvbmZpZGVudGlhbGl0
eSBpcyByZXF1aXJlZCBpbiB0aGUgcGF0aCBiZXR3ZWVuIHRoZSBJVFIgYW5kIHRoZSBNYXAt
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBSZXNvbHZlciwgdGhlIElUUi1P
VEsgU0hPVUxEIGJlIGVuY3J5cHRlZCB3aXRoIGEga2V5IHNoYXJlZCBiZXR3ZWVuPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgUmVzb2x2ZXIsIHRoZSBJVFItT1RLIFNI
T1VMRCBiZSBlbmNyeXB0ZWQgd2l0aCBhIGtleSBzaGFyZWQgYmV0d2VlbjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhlIElUUiBhbmQgdGhlIE1hcC1SZXNvbHZlci48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGUgSVRSIGFuZCB0aGUgTWFw
LVJlc29sdmVyLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICBUaGUgT1RLIGlzIGVuY3J5cHRlZCB1c2luZyB0aGUgYWxnb3JpdGhtIHNwZWNpZmllZCBp
biB0aGUgT1RLPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIE9USyBp
cyBlbmNyeXB0ZWQgdXNpbmcgdGhlIGFsZ29yaXRobSBzcGVjaWZpZWQgaW4gdGhlIE9USzwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgRW5jcnlwdGlvbiBJRCBmaWVsZC4g
IFdoZW4gdGhlIEFFUyBLZXkgV3JhcCBhbGdvcml0aG0gaXMgdXNlZCB0bzwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEVuY3J5cHRpb24gSUQgZmllbGQuICBXaGVuIHRo
ZSBBRVMgS2V5IFdyYXAgYWxnb3JpdGhtIGlzIHVzZWQgdG88L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwMzYiPjx0ZD48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
ICAgZW5jcnlwdCBhIDEyOC1iaXQgT1RLLCBhY2NvcmRpbmcgdG8gW1JGQzMzPHNwYW4gY2xh
c3M9ImRlbGV0ZSI+Mzk8L3NwYW4+XSwgdGhlIEFFUyBLZXkgV3JhcDwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj4gICBlbmNyeXB0IGEgMTI4LWJpdCBPVEssIGFjY29yZGlu
ZyB0byBbUkZDMzM8c3BhbiBjbGFzcz0iaW5zZXJ0Ij45NDwvc3Bhbj5dLCB0aGUgQUVTIEtl
eSBXcmFwPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJbml0aWFsaXphdGlv
biBWYWx1ZSBNVVNUIGJlIHNldCB0byAweEE2QTZBNkE2QTZBNkE2QTYgKDY0IGJpdHMpLjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEluaXRpYWxpemF0aW9uIFZhbHVl
IE1VU1QgYmUgc2V0IHRvIDB4QTZBNkE2QTZBNkE2QTZBNiAoNjQgYml0cykuPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgb3V0cHV0IG9mIHRoZSBBRVMgS2V5IFdy
YXAgb3BlcmF0aW9uIGlzIDE5Mi1iaXQgbG9uZy4gIFRoZSBtb3N0PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgVGhlIG91dHB1dCBvZiB0aGUgQUVTIEtleSBXcmFwIG9w
ZXJhdGlvbiBpcyAxOTItYml0IGxvbmcuICBUaGUgbW9zdDwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgc2lnbmlmaWNhbnQgNjQtYml0IGFyZSBjb3BpZWQgaW4gdGhlIE9u
ZS1UaW1lIEtleSBQcmVhbWJsZSBmaWVsZCw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJp
Z2h0Ij4gICBzaWduaWZpY2FudCA2NC1iaXQgYXJlIGNvcGllZCBpbiB0aGUgT25lLVRpbWUg
S2V5IFByZWFtYmxlIGZpZWxkLDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
d2hpbGUgdGhlIDEyOCBsZXNzIHNpZ25pZmljYW50IGJpdHMgYXJlIGNvcGllZCBpbiB0aGUg
T25lLVRpbWUgS2V5PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgd2hpbGUg
dGhlIDEyOCBsZXNzIHNpZ25pZmljYW50IGJpdHMgYXJlIGNvcGllZCBpbiB0aGUgT25lLVRp
bWUgS2V5PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBmaWVsZCBvZiB0aGUg
TElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICBmaWVsZCBvZiB0aGUgTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YS48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgV2hlbiBkZWNy
eXB0aW5nIGFuIGVuY3J5cHRlZCBPVEsgdGhlIHJlY2VpdmVyIE1VU1QgdmVyaWZ5IHRoYXQg
dGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgV2hlbiBkZWNyeXB0aW5n
IGFuIGVuY3J5cHRlZCBPVEsgdGhlIHJlY2VpdmVyIE1VU1QgdmVyaWZ5IHRoYXQgdGhlPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJbml0aWFsaXphdGlvbiBWYWx1ZSBy
ZXN1bHRpbmcgZnJvbSB0aGUgQUVTIEtleSBXcmFwIGRlY3J5cHRpb248L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJbml0aWFsaXphdGlvbiBWYWx1ZSByZXN1bHRpbmcg
ZnJvbSB0aGUgQUVTIEtleSBXcmFwIGRlY3J5cHRpb248L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxlZnQiPiAgIG9wZXJhdGlvbiBpcyBlcXVhbCB0byAweEE2QTZBNkE2QTZBNkE2QTYu
ICBJZiB0aGlzIHZlcmlmaWNhdGlvbiBmYWlsczwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIG9wZXJhdGlvbiBpcyBlcXVhbCB0byAweEE2QTZBNkE2QTZBNkE2QTYuICBJ
ZiB0aGlzIHZlcmlmaWNhdGlvbiBmYWlsczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgdGhlIHJlY2VpdmVyIE1VU1QgZGlzY2FyZCB0aGUgZW50aXJlIG1lc3NhZ2UuPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgdGhlIHJlY2VpdmVyIE1VU1QgZGlz
Y2FyZCB0aGUgZW50aXJlIG1lc3NhZ2UuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0icGFydC0xMCIgY2xhc3M9ImNoYW5nZSI+
PHRkPjwvdGQ+PHRoPjxzbWFsbD5za2lwcGluZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhy
ZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvdG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQj
cGFydC0xMCI+PGVtPiBwYWdlIDE0LCBsaW5lIDE3PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwv
c3Bhbj48L2VtPjwvYT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNo
YW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9y
ZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTEwIj48ZW0+IHBhZ2UgMTQsIGxpbmUgMjk8c3Bh
biBjbGFzcz0iaGlkZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwvdGg+PHRkPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
V2hlbiBhIDEyOC1iaXQgT1RLIGlzIHNlbnQgdW5lbmNyeXB0ZWQgdGhlIE9USyBFbmNyeXB0
aW9uIElEIGlzIHNldDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFdoZW4g
YSAxMjgtYml0IE9USyBpcyBzZW50IHVuZW5jcnlwdGVkIHRoZSBPVEsgRW5jcnlwdGlvbiBJ
RCBpcyBzZXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHRvIE5VTExfS0VZ
X1dSQVBfMTI4LCBhbmQgdGhlIE9USyBQcmVhbWJsZSBpcyBzZXQgdG88L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0byBOVUxMX0tFWV9XUkFQXzEyOCwgYW5kIHRoZSBP
VEsgUHJlYW1ibGUgaXMgc2V0IHRvPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICAweDAwMDAwMDAwMDAwMDAwMDAgKDY0IGJpdHMpLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIDB4MDAwMDAwMDAwMDAwMDAwMCAoNjQgYml0cykuPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjUuNi4gIE1hcC1SZXNvbHZlciBQcm9j
ZXNzaW5nPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+NS42LiAgTWFwLVJlc29s
dmVyIFByb2Nlc3Npbmc8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+ICAgVXBvbiByZWNlaXZpbmcgYW4gZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0IHdpdGgg
dGhlIFMtYml0IHNldCwgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
VXBvbiByZWNlaXZpbmcgYW4gZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0IHdpdGggdGhlIFMt
Yml0IHNldCwgdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBNYXAtUmVz
b2x2ZXIgZGVjYXBzdWxhdGVzIHRoZSBFQ00gbWVzc2FnZS4gIFRoZSBJVFItT1RLLCBpZjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIE1hcC1SZXNvbHZlciBkZWNhcHN1
bGF0ZXMgdGhlIEVDTSBtZXNzYWdlLiAgVGhlIElUUi1PVEssIGlmPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICBlbmNyeXB0ZWQsIGlzIGRlY3J5cHRlZCBhcyBzcGVjaWZp
ZWQgaW4gU2VjdGlvbiA1LjUuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
ZW5jcnlwdGVkLCBpcyBkZWNyeXB0ZWQgYXMgc3BlY2lmaWVkIGluIFNlY3Rpb24gNS41Ljwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIg
aWQ9ImRpZmYwMDM3Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJkZWxldGUiPlRo
ZSBNYXAtUmVzb2x2ZXIsIGFzIHNwZWNpZmllZCBpbiBbUkZDNjgzM10sIG9yaWdpbmF0ZXMg
YSBuZXcgRUNNPC9zcGFuPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICA8
c3BhbiBjbGFzcz0iaW5zZXJ0Ij5Qcm90ZWN0aW5nIHRoZSBjb25maWRlbnRpYWxpdHkgb2Yg
dGhlIElUUi1PVEsgYW5kLDwvc3Bhbj4gaW4gPHNwYW4gY2xhc3M9Imluc2VydCI+Z2VuZXJh
bCwgdGhlPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48c3BhbiBj
bGFzcz0iZGVsZXRlIj4gICBoZWFkZXIgd2l0aCB0aGUgUy1iaXQgc2V0LCB0aGF0IGNvbnRh
aW5zIHRoZSB1bmVuY3J5cHRlZCBJVFItT1RLLCBhczwvc3Bhbj48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgc2VjdXJpdHkgb2Yg
aG93IHRoZSBNYXAtUmVxdWVzdCBpcyBoYW5kZWQgYnkgdGhlIE1hcC1SZXNvbHZlciB0bzwv
c3Bhbj4gdGhlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjxzcGFuIGNsYXNz
PSJkZWxldGUiPiAgIHNwZWNpZmllZDwvc3Bhbj4gaW4gPHNwYW4gY2xhc3M9ImRlbGV0ZSI+
U2VjdGlvbiA1LjUsIGFuZDwvc3Bhbj4gdGhlIDxzcGFuIGNsYXNzPSJkZWxldGUiPm90aGVy
IGRhdGEgZGVyaXZlZCBmcm9tIHRoZSBFQ008L3NwYW4+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyYmxvY2siPiAgIDxzcGFuIGNsYXNzPSJpbnNlcnQiPk1hcC1TZXJ2ZXIsIGlzIHNw
ZWNpZmljIHRvIHRoZSBwYXJ0aWN1bGFyIE1hcHBpbmcgU3lzdGVtIHVzZWQsIGFuZDwvc3Bh
bj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PHNwYW4gY2xhc3M9ImRlbGV0
ZSI+ICAgQXV0aGVudGljYXRpb24gRGF0YTwvc3Bhbj4gb2YgdGhlIDxzcGFuIGNsYXNzPSJk
ZWxldGUiPnJlY2VpdmVkIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdC48L3NwYW4+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIG91
dHNpZGU8L3NwYW4+IG9mIHRoZSA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5zY29wZSBvZiB0aGlz
IG1lbW8uPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDM4Ij48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIFRoZSBNYXAt
UmVzb2x2ZXIgdGhlbiBmb3J3YXJkcyB0aGUgcmVjZWl2ZWQgPHNwYW4gY2xhc3M9ImRlbGV0
ZSI+TWFwLVJlcXVlc3QsPC9zcGFuPiBlbmNhcHN1bGF0ZWQ8L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+SW4gTWFwcGluZyBTeXN0
ZW1zIHdoZXJlIHRoZSBNYXAtU2VydmVyIGlzIGNvbXBsaWFudCB3aXRoIFtSRkM2ODMzXSw8
L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIGluIHRoZSBuZXcg
RUNNIGhlYWRlciB0aGF0IGluY2x1ZGVzIHRoZSBuZXdseSBjb21wdXRlZCBBdXRoZW50aWNh
dGlvbjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5z
ZXJ0Ij4gICB0aGUgTWFwLVJlc29sdmVyIG9yaWdpbmF0ZXMgYSBuZXcgRUNNIGhlYWRlciB3
aXRoIHRoZSBTLWJpdCBzZXQsIHRoYXQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNz
PSJsYmxvY2siPiAgIERhdGEgZmllbGRzLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJs
b2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBjb250YWlucyB0aGUgdW5lbmNyeXB0ZWQg
SVRSLU9USywgYXMgc3BlY2lmaWVkIGluIFNlY3Rpb24gNS41LCBhbmQ8L3NwYW4+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB0aGUgb3RoZXIgZGF0YSBkZXJpdmVk
IGZyb20gdGhlIEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhIG9mIHRoZTwvc3Bhbj48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIHJlY2VpdmVkIGVuY2Fwc3VsYXRlZCBN
YXAtUmVxdWVzdC48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gICBUaGUgTWFwLVJlc29sdmVyIHRoZW4gZm9yd2FyZHMgPHNwYW4gY2xh
c3M9Imluc2VydCI+dG8gdGhlIE1hcC1TZXJ2ZXI8L3NwYW4+IHRoZSByZWNlaXZlZCA8c3Bh
biBjbGFzcz0iaW5zZXJ0Ij5NYXAtPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9
Imluc2VydCI+ICAgUmVxdWVzdCw8L3NwYW4+IGVuY2Fwc3VsYXRlZCBpbiB0aGUgbmV3IEVD
TSBoZWFkZXIgdGhhdCBpbmNsdWRlcyB0aGUgbmV3bHk8L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGNvbXB1
dGVkIEF1dGhlbnRpY2F0aW9uIERhdGEgZmllbGRzLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij41LjcuICBNYXAtU2VydmVyIFByb2Nlc3Npbmc8L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij41LjcuICBNYXAtU2VydmVyIFByb2Nlc3Npbmc8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgVXBvbiByZWNl
aXZpbmcgYW4gRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCB3aXRoIHRoZSBTLWJpdCBz
ZXQsPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgVXBvbiByZWNlaXZpbmcg
YW4gRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCB3aXRoIHRoZSBTLWJpdCBzZXQsPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICB0aGUgTWFwLVNlcnZlciBwcm9jZXNz
IHRoZSBNYXAtUmVxdWVzdCBhY2NvcmRpbmcgdG8gdGhlIHZhbHVlIG9mIHRoZTwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHRoZSBNYXAtU2VydmVyIHByb2Nlc3MgdGhl
IE1hcC1SZXF1ZXN0IGFjY29yZGluZyB0byB0aGUgdmFsdWUgb2YgdGhlPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBTLWJpdCBjb250YWluZWQgaW4gdGhlIE1hcC1SZWdp
c3RlciBzZW50IGJ5IHRoZSBFVFIgZHVyaW5nPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgUy1iaXQgY29udGFpbmVkIGluIHRoZSBNYXAtUmVnaXN0ZXIgc2VudCBieSB0
aGUgRVRSIGR1cmluZzwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgcmVnaXN0
cmF0aW9uLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHJlZ2lzdHJhdGlv
bi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSWYgdGhl
IFMtYml0IGNvbnRhaW5lZCBpbiB0aGUgTWFwLVJlZ2lzdGVyIHdhcyBjbGVhciB0aGUgTWFw
LVNlcnZlcjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIElmIHRoZSBTLWJp
dCBjb250YWluZWQgaW4gdGhlIE1hcC1SZWdpc3RlciB3YXMgY2xlYXIgdGhlIE1hcC1TZXJ2
ZXI8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGRlY2Fwc3VsYXRlcyB0aGUg
RUNNIGFuZCBnZW5lcmF0ZXMgYSBuZXcgRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdDwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGRlY2Fwc3VsYXRlcyB0aGUgRUNN
IGFuZCBnZW5lcmF0ZXMgYSBuZXcgRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdDwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgdGhhdCBkb2VzIG5vdCBjb250YWluIGFu
IEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhLCBhcyBzcGVjaWZpZWQgaW48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICB0aGF0IGRvZXMgbm90IGNvbnRhaW4gYW4gRUNNIEF1
dGhlbnRpY2F0aW9uIERhdGEsIGFzIHNwZWNpZmllZCBpbjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgW1JGQzY4MzBdLiAgVGhlIE1hcC1TZXJ2ZXIgZG9lcyBub3QgcGVy
Zm9ybSBhbnkgZnVydGhlciBMSVNQLVNFQzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgIFtSRkM2ODMwXS4gIFRoZSBNYXAtU2VydmVyIGRvZXMgbm90IHBlcmZvcm0gYW55
IGZ1cnRoZXIgTElTUC1TRUM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0ciBpZD0iZGlmZjAwMzkiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgcHJvY2Vzc2luZy48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgcHJvY2Vzc2luZzxzcGFuIGNsYXNz
PSJpbnNlcnQiPiwgYW5kIHRoZSBNYXAtUmVwbHkgd2lsbCBub3QgYmUgcHJvdGVjdGVkPC9z
cGFuPi48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSWYg
dGhlIFMtYml0IGNvbnRhaW5lZCBpbiB0aGUgTWFwLVJlZ2lzdGVyIHdhcyBzZXQgdGhlIE1h
cC1TZXJ2ZXI8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBJZiB0aGUgUy1i
aXQgY29udGFpbmVkIGluIHRoZSBNYXAtUmVnaXN0ZXIgd2FzIHNldCB0aGUgTWFwLVNlcnZl
cjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgZGVjYXBzdWxhdGVzIHRoZSBF
Q00gYW5kIGdlbmVyYXRlcyBhIG5ldyBFQ00gQXV0aGVudGljYXRpb24gRGF0YS48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBkZWNhcHN1bGF0ZXMgdGhlIEVDTSBhbmQg
Z2VuZXJhdGVzIGEgbmV3IEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhLjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+ICAgVGhlIEF1dGhlbnRpY2F0aW9uIERhdGEgaW5jbHVkZXMg
dGhlIE9USy1BRCBhbmQgdGhlIEVJRC1BRCwgdGhhdDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgIFRoZSBBdXRoZW50aWNhdGlvbiBEYXRhIGluY2x1ZGVzIHRoZSBPVEst
QUQgYW5kIHRoZSBFSUQtQUQsIHRoYXQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgIGNvbnRhaW5zIEVJRC1wcmVmaXggYXV0aG9yaXphdGlvbiBpbmZvcm1hdGlvbiwgdGhh
dCBhcmUgdWx0aW1hdGVseTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGNv
bnRhaW5zIEVJRC1wcmVmaXggYXV0aG9yaXphdGlvbiBpbmZvcm1hdGlvbiwgdGhhdCBhcmUg
dWx0aW1hdGVseTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc2VudCB0byB0
aGUgcmVxdWVzdGluZyBJVFIuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
c2VudCB0byB0aGUgcmVxdWVzdGluZyBJVFIuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIFRoZSBNYXAtU2VydmVyIHVwZGF0ZXMgdGhlIE9USy1BRCBi
eSBkZXJpdmluZyBhIG5ldyBPVEsgKE1TLU9USykgZnJvbTwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIFRoZSBNYXAtU2VydmVyIHVwZGF0ZXMgdGhlIE9USy1BRCBieSBk
ZXJpdmluZyBhIG5ldyBPVEsgKE1TLU9USykgZnJvbTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGVmdCI+ICAgdGhlIElUUi1PVEsgcmVjZWl2ZWQgd2l0aCB0aGUgTWFwLVJlcXVlc3Qu
ICBNUy1PVEsgaXMgZGVyaXZlZDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAg
IHRoZSBJVFItT1RLIHJlY2VpdmVkIHdpdGggdGhlIE1hcC1SZXF1ZXN0LiAgTVMtT1RLIGlz
IGRlcml2ZWQ8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGFwcGx5aW5nIHRo
ZSBrZXkgZGVyaXZhdGlvbiBmdW5jdGlvbiBzcGVjaWZpZWQgaW4gdGhlIEtERiBJRCBmaWVs
ZC48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBhcHBseWluZyB0aGUga2V5
IGRlcml2YXRpb24gZnVuY3Rpb24gc3BlY2lmaWVkIGluIHRoZSBLREYgSUQgZmllbGQuPC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBp
ZD0icGFydC0xMSIgY2xhc3M9ImNoYW5nZSI+PHRkPjwvdGQ+PHRoPjxzbWFsbD5za2lwcGlu
ZyB0byBjaGFuZ2UgYXQ8L3NtYWxsPjxhIGhyZWY9Imh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcv
dG9vbHMvcmZjZGlmZi9yZmNkaWZmLnB5aHQjcGFydC0xMSI+PGVtPiBwYWdlIDE2LCBsaW5l
IDE5PHNwYW4gY2xhc3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0aD4gPC90
aD48dGg+PHNtYWxsPnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0
cHM6Ly90b29scy5pZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTEx
Ij48ZW0+IHBhZ2UgMTYsIGxpbmUgNDA8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9zcGFuPjwv
ZW0+PC9hPjwvdGg+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij42LiAgU2VjdXJpdHkgQ29uc2lk
ZXJhdGlvbnM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij42LiAgU2VjdXJpdHkg
Q29uc2lkZXJhdGlvbnM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+Ni4xLiAgTWFwcGluZyBTeXN0ZW0gU2VjdXJpdHk8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij42LjEuICBNYXBwaW5nIFN5c3RlbSBTZWN1cml0eTwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgTElTUC1TRUMgdGhyZWF0IG1v
ZGVsIGRlc2NyaWJlZCBpbiBTZWN0aW9uIDMsIGFzc3VtZXMgdGhhdCB0aGU8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBUaGUgTElTUC1TRUMgdGhyZWF0IG1vZGVsIGRl
c2NyaWJlZCBpbiBTZWN0aW9uIDMsIGFzc3VtZXMgdGhhdCB0aGU8L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgIExJU1AgTWFwcGluZyBTeXN0ZW0gaXMgd29ya2luZyBwcm9w
ZXJseSBhbmQgZXZlbnR1YWxseSBkZWxpdmVycyBNYXAtPC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+ICAgTElTUCBNYXBwaW5nIFN5c3RlbSBpcyB3b3JraW5nIHByb3Blcmx5
IGFuZCBldmVudHVhbGx5IGRlbGl2ZXJzIE1hcC08L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPiAgIFJlcXVlc3QgbWVzc2FnZXMgdG8gYSBNYXAtU2VydmVyIHRoYXQgaXMgYXV0
aG9yaXRhdGl2ZSBmb3IgdGhlPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAg
UmVxdWVzdCBtZXNzYWdlcyB0byBhIE1hcC1TZXJ2ZXIgdGhhdCBpcyBhdXRob3JpdGF0aXZl
IGZvciB0aGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIHJlcXVlc3RlZCBF
SUQuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcmVxdWVzdGVkIEVJRC48
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
IGlkPSJkaWZmMDA0MCI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICBNYXAtUmVnaXN0ZXIgc2VjdXJpdHks
IGluY2x1ZGluZyB0aGUgcmlnaHQgZm9yIGEgTElTUCBlbnRpdHkgdG88L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+SXQgaXMgYXNz
dW1lZCB0aGF0IHRoZSBNYXBwaW5nIFN5c3RlbSBlbnN1cmVzIHRoZSBjb25maWRlbnRpYWxp
dHkgb2Y8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIHJlZ2lz
dGVyIGFuIEVJRC1wcmVmaXggb3IgdG8gY2xhaW0gcHJlc2VuY2UgYXQgYW4gUkxPQywgaXMg
b3V0IG9mIHRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFz
cz0iaW5zZXJ0Ij4gICB0aGUgT1RLLCBhbmQgdGhlIGludGVncml0eSBvZiB0aGUgTWFwLVJl
cGx5IGRhdGEuICBIb3dldmVyLCBob3cgdGhlPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj4gICBzY29wZSBvZiBMSVNQLVNFQy48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgTElTUCBNYXBwaW5nIFN5
c3RlbSBpcyBzZWN1cmVkIGlzIG91dCBvZiB0aGUgc2NvcGUgb2YgdGhpcyBkb2N1bWVudC48
L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij48L3NwYW4+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBTaW1pbGFybHksPC9zcGFuPiBNYXAt
UmVnaXN0ZXIgc2VjdXJpdHksIGluY2x1ZGluZyB0aGUgcmlnaHQgZm9yIGEgTElTUDwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJibG9jayI+ICAgZW50aXR5IHRvIHJlZ2lzdGVyIGFuIEVJRC1wcmVmaXggb3IgdG8gY2xh
aW0gcHJlc2VuY2UgYXQgYW4gUkxPQywgaXM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIG91dCBvZiB0aGUg
c2NvcGUgb2YgTElTUC1TRUMuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjYuMi4gIFJhbmRvbSBOdW1iZXIgR2VuZXJhdGlvbjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPjYuMi4gIFJhbmRvbSBOdW1iZXIgR2VuZXJhdGlvbjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBUaGUgSVRSLU9USyBNVVNU
IGJlIGdlbmVyYXRlZCBieSBhIHByb3Blcmx5IHNlZWRlZCBwc2V1ZG8tcmFuZG9tIChvcjwv
dGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIFRoZSBJVFItT1RLIE1VU1QgYmUg
Z2VuZXJhdGVkIGJ5IGEgcHJvcGVybHkgc2VlZGVkIHBzZXVkby1yYW5kb20gKG9yPC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBzdHJvbmcgcmFuZG9tKSBzb3VyY2UuICBT
ZWUgW1JGQzQwODZdIGZvciBhZHZpY2Ugb24gZ2VuZXJhdGluZzwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmlnaHQiPiAgIHN0cm9uZyByYW5kb20pIHNvdXJjZS4gIFNlZSBbUkZDNDA4
Nl0gZm9yIGFkdmljZSBvbiBnZW5lcmF0aW5nPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICBzZWN1cml0eS1zZW5zaXRpdmUgcmFuZG9tIGRhdGE8L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICBzZWN1cml0eS1zZW5zaXRpdmUgcmFuZG9tIGRhdGE8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+Ni4zLiAgTWFwLVNlcnZl
ciBhbmQgRVRSIENvbG9jYXRpb248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij42
LjMuICBNYXAtU2VydmVyIGFuZCBFVFIgQ29sb2NhdGlvbjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJZiB0aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVU
UiBhcmUgY29sb2NhdGVkLCBMSVNQLVNFQyBkb2VzIG5vdDwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPiAgIElmIHRoZSBNYXAtU2VydmVyIGFuZCB0aGUgRVRSIGFyZSBjb2xv
Y2F0ZWQsIExJU1AtU0VDIGRvZXMgbm90PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICBwcm92aWRlIHByb3RlY3Rpb24gZnJvbSBvdmVyY2xhaW1pbmcgYXR0YWNrcyBtb3Vu
dGVkIGJ5IHRoZSBFVFIuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgcHJv
dmlkZSBwcm90ZWN0aW9uIGZyb20gb3ZlcmNsYWltaW5nIGF0dGFja3MgbW91bnRlZCBieSB0
aGUgRVRSLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgSG93ZXZlciwgaW4g
dGhpcyBwYXJ0aWN1bGFyIGNhc2UsIHNpbmNlIHRoZSBFVFIgaXMgd2l0aGluIHRoZSB0cnVz
dDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIEhvd2V2ZXIsIGluIHRoaXMg
cGFydGljdWxhciBjYXNlLCBzaW5jZSB0aGUgRVRSIGlzIHdpdGhpbiB0aGUgdHJ1c3Q8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIGJvdW5kYXJpZXMgb2YgdGhlIE1hcC1T
ZXJ2ZXIsIEVUUidzIG92ZXJjbGFpbWluZyBhdHRhY2tzIGFyZSBub3Q8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBib3VuZGFyaWVzIG9mIHRoZSBNYXAtU2VydmVyLCBF
VFIncyBvdmVyY2xhaW1pbmcgYXR0YWNrcyBhcmUgbm90PC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsZWZ0Ij4gICBpbmNsdWRlZCBpbiB0aGUgdGhyZWF0IG1vZGVsLjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIGluY2x1ZGVkIGluIHRoZSB0aHJlYXQgbW9kZWwu
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
ciBpZD0iZGlmZjAwNDEiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjYuNC4gIERlcGxveWluZyBMSVNQLVNF
Qzwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIFRoaXMgbWVtbyBpcyB3cml0dGVu
IGFjY29yZGluZyB0byBbUkZDMjExOV0uICBTcGVjaWZpY2FsbHksIHRoZSB1c2U8L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBvZiB0aGUga2V5IHdvcmQg
U0hPVUxEICIgb3IgdGhlIGFkamVjdGl2ZSAnUkVDT01NRU5ERUQnLCBtZWFuIHRoYXQ8L3Nw
YW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB0aGVyZSBtYXkgZXhp
c3QgdmFsaWQgcmVhc29ucyBpbiBwYXJ0aWN1bGFyIGNpcmN1bXN0YW5jZXMgdG8gaWdub3Jl
IGE8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBwYXJ0aWN1
bGFyIGl0ZW0sIGJ1dCB0aGUgZnVsbCBpbXBsaWNhdGlvbnMgbXVzdCBiZSB1bmRlcnN0b29k
IGFuZDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGNhcmVm
dWxseSB3ZWlnaGVkIGJlZm9yZSBjaG9vc2luZyBhIGRpZmZlcmVudCBjb3Vyc2UiLjwvc3Bh
bj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxv
Y2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIFRob3NlIGRlcGxveWluZyBMSVNQLVNFQyBh
Y2NvcmRpbmcgdG8gdGhpcyBtZW1vLCBzaG91bGQgY2FyZWZ1bGx5PC9zcGFuPjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJi
bG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgd2VpZ2h0IGhvdyB0aGUgTElTUC1TRUMg
dGhyZWF0IG1vZGVsIGFwcGxpZXMgdG8gdGhlaXIgcGFydGljdWxhciB1c2U8L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBjYXNlIG9yIGRlcGxveW1lbnQu
ICBXaGVuIHRoZXkgZGVjaWRlIHRvIGlnbm9yZSBhIHBhcnRpY3VsYXI8L3NwYW4+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICByZWNvbW1lbmRhdGlvbiB0aGV5IHNo
b3VsZCBtYWtlIHN1cmUgdGhlIHJpc2sgYXNzb2NpYXRlZCB3aXRoIHRoZTwvc3Bhbj48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGNvcnJlc3BvbmRpbmcgdGhyZWF0
cyBpcyB3ZWxsIHVuZGVyc3Rvb2QuPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9
Imluc2VydCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAg
QXMgYW4gZXhhbXBsZSwgaW4gY2VydGFpbiBjbG9zZWQgYW5kIGNvbnRyb2xsZWQgZGVwbG95
bWVudHMsIGl0IGlzPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+
ICAgcG9zc2libGUgdGhhdCB0aGUgdGhyZWF0IGFzc29jaWF0ZWQgd2l0aCBhIE1pVE0gYmV0
d2VlbiB0aGUgeFRSIGFuZDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9j
ayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNl
cnQiPiAgIHRoZSBNYXBwaW5nIFN5c3RlbSBpcyB2ZXJ5IGxvdywgYW5kIGFmdGVyIGNhcmZl
dWwgY29uc2lkZXJhdGlvbiBpdDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9Imxi
bG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJp
bnNlcnQiPiAgIG1heSBiZSBkZWNpZGVkIHRvIGFsbG93IGEgTlVMTCBrZXkgd3JhcHBpbmcg
YWxnb3JpdGhtIHdoaWxlIGNhcnJ5aW5nPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFz
cz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xh
c3M9Imluc2VydCI+ICAgdGhlIE9US3MgYmV0d2VlbiB0aGUgeFRSIGFuZCB0aGUgTWFwcGlu
ZyBTeXN0ZW0uPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+PC9z
cGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgQXMgYW4gZXhhbXBs
ZSBhdCB0aGUgb3RoZXIgZW5kIG9mIHRoZSBzcGVjdHJ1bSwgaW4gY2VydGFpbiBvdGhlcjwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGRlcGxveW1lbnRz
LCBhdHRhY2tlcnMgbWF5IGJlIHZlcnkgc29waGlzdGljYXRlZCwgYW5kIGZvcmNlIHRoZTwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIGRlcGxveWVycyB0
byBlbmZvcmNlIHZlcnkgc3RyaWN0IHBvbGljaWVzIGluIHRlcm0gb2YgT1RLIHdyYXBwaW5n
PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgYWxnb3JpdGht
cyBhbGxvd2VkLjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIFNpbWlsYXIgY29u
c2lkZXJhdGlvbnMgYXBwbHkgdG8gdGhlIGVudGlyZSBMSVNQLVNFQyB0aHJlYXQgbW9kZWws
IGFuZDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgIHNob3Vs
ZCBndWlkZSB0aGUgZGVwbG95ZXJzIGFuZCBpbXBsZW1lbnRvcnMgd2hlbmV2ZXIgdGhleSBl
bmNvdW50ZXI8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB0
aGUga2V5IHdvcmQgU0hPVUxEIGFjcm9zcyB0aGlzIG1lbW8uPC9zcGFuPjwvdGQ+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9j
ayI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgIDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+
Ny4gIElBTkEgQ29uc2lkZXJhdGlvbnM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij43LiAgSUFOQSBDb25zaWRlcmF0aW9uczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDQyIj48dGQ+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2si
PjcuMS4gIDxzcGFuIGNsYXNzPSJkZWxldGUiPkhNQUMgZnVuY3Rpb25zPC9zcGFuPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj43LjEuICA8c3BhbiBjbGFzcz0iaW5zZXJ0
Ij5FQ00gQUQgVHlwZSBSZWdpc3RyeTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9
ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlkPSJkaWZmMDA0MyI+PHRkPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJs
b2NrIj4gICBUaGUgZm9sbG93aW5nIDxzcGFuIGNsYXNzPSJkZWxldGUiPkhNQUMgSUQ8L3Nw
YW4+IHZhbHVlcyBhcmUgPHNwYW4gY2xhc3M9ImRlbGV0ZSI+ZGVmaW5lZCBieSB0aGlzPC9z
cGFuPiBtZW1vIGZvciB1c2UgYXM8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+
ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+SUFOQSBpcyByZXF1ZXN0ZWQgdG8gY3JlYXRlIHRo
ZSAiRUNNIEF1dGhlbnRpY2F0aW9uIERhdGEgVHlwZSI8L3NwYW4+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPiAgIFJlcXVlc3RlZCBITUFDIElELCBFSUQgSE1BQyBJRCwg
YW5kIFBLVCBITUFDIElEIGluIHRoZSBMSVNQLVNFQzwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICByZWdpc3RyeSB3aXRoIHZhbHVl
cyAwLTI1NSwgZm9yIHVzZSBpbiB0aGUgRUNNIExJU1AtU0VDIEV4dGVuc2lvbnM8L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIEF1dGhlbnRpY2F0aW9uIERh
dGE6PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNl
cnQiPiAgIFNlY3Rpb24gNS4xLjwvc3Bhbj4gIFRoZSA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5y
ZWdpc3RyeSBNVVNUIGJlIGluaXRpYWxseSBwb3B1bGF0ZWQgd2l0aCB0aGU8L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj4gICBmb2xsb3dpbmcgPHNwYW4gY2xhc3M9Imluc2VydCI+dmFsdWVzOjwv
c3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBOYW1lICAgICAgICAg
ICAgICAgICAgICAgVmFsdWUgICAgICAgIERlZmluZWQgSW48L3NwYW4+PC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2Nr
Ij48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxz
cGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBSZXNlcnZlZCAgICAgICAgICAgICAg
ICAgMDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAg
ICAgICBMSVNQLVNFQy1FQ00tRVhUICAgICAgICAgMSAgICAgICAgICAgICBUaGlzIG1lbW88
L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4g
ICAgICAgICAgICAgdmFsdWVzIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjItMjU1PC9zcGFuPiBh
cmUgPHNwYW4gY2xhc3M9Imluc2VydCI+cmVzZXJ2ZWQgdG8gSUFOQS48L3NwYW4+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij48L3NwYW4+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3Bh
biBjbGFzcz0iaW5zZXJ0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICBITUFDIEZ1
bmN0aW9uczwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bh
bj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRk
IGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjcuMi4gIE1hcC1SZXBseSBB
RCBUeXBlIFJlZ2lzdHJ5PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90
cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2Nr
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2Vy
dCI+PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgSUFOQSBp
cyByZXF1ZXN0ZWQgdG8gY3JlYXRlIHRoZSAiTWFwLVJlcGx5IEF1dGhlbnRpY2F0aW9uIERh
dGEgVHlwZSI8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBy
ZWdpc3RyeSB3aXRoIHZhbHVlcyAwLTI1NSwgZm9yIHVzZSBpbiB0aGUgTWFwLVJlcGx5IExJ
U1AtU0VDPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgRXh0
ZW5zaW9ucyBTZWN0aW9uIDUuMi4gIFRoZSByZWdpc3RyeSBNVVNUIGJlIGluaXRpYWxseSBw
b3B1bGF0ZWQ8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICB3
aXRoIHRoZSBmb2xsb3dpbmcgdmFsdWVzOjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xh
c3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNs
YXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQi
PiAgICAgICAgICAgICBOYW1lICAgICAgICAgICAgICAgICAgICAgVmFsdWUgICAgICAgIERl
ZmluZWQgSW48L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICAg
ICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLTwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAg
ICAgICBSZXNlcnZlZCAgICAgICAgICAgICAgICAgMDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxz
cGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBMSVNQLVNFQy1NUi1FWFQgICAgICAg
ICAgMSAgICAgICAgICAgICBUaGlzPC9zcGFuPiBtZW1vPC90ZD48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNs
YXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRk
PiA8L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICAgICAgICAgICAgPHNwYW4gY2xhc3M9Imlu
c2VydCI+dmFsdWVzIDItMjU1IGFyZSByZXNlcnZlZCB0byBJQU5BLjwvc3Bhbj48L3RkPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVu
byI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
YmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPjwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFu
IGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEhNQUMgRnVu
Y3Rpb25zPC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+PC9zcGFu
PjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQg
Y2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+Ny4zLiAgSE1BQyBGdW5jdGlv
bnM8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij48L3NwYW4+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBJQU5BIGlzIHJlcXVlc3RlZCB0
byBjcmVhdGUgdGhlICJMSVNQLVNFQyBBdXRoZW50aWNhdGlvbiBEYXRhIEhNQUM8L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj48c3BhbiBjbGFzcz0iaW5zZXJ0Ij4gICBJRCIgcmVnaXN0cnkgd2l0
aCB2YWx1ZXMgMC02NTUzNTwvc3Bhbj4gZm9yIHVzZSBhcyBSZXF1ZXN0ZWQgSE1BQyBJRCwg
RUlEPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8L3RkPjx0
ZCBjbGFzcz0icmJsb2NrIj4gICBITUFDIElELCBhbmQgUEtUIEhNQUMgSUQgaW4gdGhlIExJ
U1AtU0VDIEF1dGhlbnRpY2F0aW9uIERhdGE6PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBOYW1lICAgICAgICAgICAgICAgICAgICAg
TnVtYmVyICAgICAgICBEZWZpbmVkIEluPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgICAgICAgICAgIE5hbWUgICAgICAgICAgICAgICAgICAgICBOdW1iZXIgICAgICAg
IERlZmluZWQgSW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAg
ICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIC0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L3RkPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBOT05FICAgICAgICAgICAgICAgICAgICAg
MDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICBOT05FICAg
ICAgICAgICAgICAgICAgICAgMDwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAg
ICAgICAgICAgIEFVVEgtSE1BQy1TSEEtMS05NiAgICAgICAxICAgICAgICAgICAgIFtSRkMy
MTA0XTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICBBVVRI
LUhNQUMtU0hBLTEtOTYgICAgICAgMSAgICAgICAgICAgICBbUkZDMjEwNF08L3RkPjx0ZCBj
bGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBBVVRILUhNQUMtU0hBLTI1Ni0x
MjggICAgMiAgICAgICAgICAgICBbUkZDNDYzNF08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9
InJpZ2h0Ij4gICAgICAgICAgICAgQVVUSC1ITUFDLVNIQS0yNTYtMTI4ICAgIDIgICAgICAg
ICAgICAgW1JGQzQ2MzRdPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
PjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwNDQiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0
cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgICAgICAg
ICAgIHZhbHVlcyA8c3BhbiBjbGFzcz0iZGVsZXRlIj4yPC9zcGFuPi02NTUzNSBhcmUgcmVz
ZXJ2ZWQgdG8gSUFOQS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgICAg
ICAgICAgIHZhbHVlcyA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij4zPC9zcGFuPi02NTUzNSBhcmUg
cmVzZXJ2ZWQgdG8gSUFOQS48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSE1BQyBGdW5jdGlvbnM8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICBITUFDIEZ1bmN0aW9uczwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4K
ICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDQ1Ij48dGQ+PC90ZD48L3RyPgogICAg
ICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIEFV
VEgtSE1BQy1TSEEtMS05NiBNVVNUIGJlIHN1cHBvcnRlZCwgQVVUSC1ITUFDLVNIQS0yNTYt
MTI4IDxzcGFuIGNsYXNzPSJkZWxldGUiPnNob3VsZDwvc3Bhbj4gYmU8L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+ICAgQVVUSC1ITUFDLVNIQS0xLTk2IE1VU1QgYmUgc3Vw
cG9ydGVkLCBBVVRILUhNQUMtU0hBLTI1Ni0xMjggPHNwYW4gY2xhc3M9Imluc2VydCI+U0hP
VUxEPC9zcGFuPiBiZTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgc3VwcG9y
dGVkLjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgIHN1cHBvcnRlZC48L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyIGlk
PSJkaWZmMDA0NiI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj43LjxzcGFuIGNsYXNzPSJkZWxldGUiPjI8L3Nw
YW4+LiAgS2V5IFdyYXAgRnVuY3Rpb25zPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxv
Y2siPjcuPHNwYW4gY2xhc3M9Imluc2VydCI+NDwvc3Bhbj4uICBLZXkgV3JhcCBGdW5jdGlv
bnM8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyIGlkPSJkaWZmMDA0NyI+PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj4gICA8c3BhbiBjbGFzcz0iZGVsZXRl
Ij5UaGUgZm9sbG93aW5nIE9USyBFbmNyeXB0aW9uIElEPC9zcGFuPiB2YWx1ZXMgPHNwYW4g
Y2xhc3M9ImRlbGV0ZSI+YXJlIGRlZmluZWQgYnkgdGhpcyBtZW1vPC9zcGFuPiBmb3I8L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+ICAgPHNwYW4gY2xhc3M9Imluc2VydCI+
SUFOQSBpcyByZXF1ZXN0ZWQgdG8gY3JlYXRlIHRoZSAiTElTUC1TRUMgQXV0aGVudGljYXRp
b24gRGF0YSBLZXk8L3NwYW4+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAg
IHVzZSBhcyBPVEsga2V5IHdyYXAgYWxnb3JpdGhtcyBJRCBpbiB0aGUgTElTUC1TRUMgQXV0
aGVudGljYXRpb248L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xh
c3M9Imluc2VydCI+ICAgV3JhcCBJRCIgcmVnaXN0cnkgd2l0aDwvc3Bhbj4gdmFsdWVzIDxz
cGFuIGNsYXNzPSJpbnNlcnQiPjAtNjU1MzU8L3NwYW4+IGZvciB1c2UgYXMgT1RLIGtleSB3
cmFwPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPiAgIERhdGE6PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIGFsZ29yaXRobXMgSUQgaW4gdGhlIExJU1At
U0VDIEF1dGhlbnRpY2F0aW9uIERhdGE6PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgICAgICAgICAgICBOYW1lICAgICAgICAgICAgICAgICAgICAgTnVt
YmVyICAgICAgICBEZWZpbmVkIEluPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+
ICAgICAgICAgICAgIE5hbWUgICAgICAgICAgICAgICAgICAgICBOdW1iZXIgICAgICAgIERl
ZmluZWQgSW48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAt
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIC0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwNDgiPjx0ZD48L3RkPjwvdHI+
CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+
ICAgICAgICAgICAgIE5VTEwtS0VZLVdSQVAtMTI4ICAgICAgICAxPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAgICAgICBOVUxMLUtFWS1XUkFQLTEyOCAgICAg
ICAgMTxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAgICBUaGlzIG1lbW88L3NwYW4+
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgQUVTLUtFWS1X
UkFQLTEyOCAgICAgICAgIDIgICAgICAgICAgICAgW1JGQzMzOTRdPC90ZD48dGQ+IDwvdGQ+
PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIEFFUy1LRVktV1JBUC0xMjggICAgICAg
ICAyICAgICAgICAgICAgIFtSRkMzMzk0XTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVm
dCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRk
IGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgdmFsdWVzIDAgYW5kIDMtNjU1MzUgYXJlIHJl
c2VydmVkIHRvIElBTkEuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAg
ICAgICAgIHZhbHVlcyAwIGFuZCAzLTY1NTM1IGFyZSByZXNlcnZlZCB0byBJQU5BLjwvdGQ+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAg
ICAgICAgICAgICAgS2V5IFdyYXAgRnVuY3Rpb25zPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtleSBXcmFwIEZ1bmN0aW9u
czwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNs
YXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBOVUxMLUtF
WS1XUkFQLTEyOCwgYW5kIEFFUy1LRVktV1JBUC0xMjggTVVTVCBiZSBzdXBwb3J0ZWQuPC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgTlVMTC1LRVktV1JBUC0xMjgsIGFu
ZCBBRVMtS0VZLVdSQVAtMTI4IE1VU1QgYmUgc3VwcG9ydGVkLjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBOVUxMLUtFWS1XUkFQLTEyOCBpcyB1c2Vk
IHRvIGNhcnJ5IGFuIHVuZW5jcnlwdGVkIDEyOC1iaXQgT1RLLCB3aXRoIGE8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBOVUxMLUtFWS1XUkFQLTEyOCBpcyB1c2VkIHRv
IGNhcnJ5IGFuIHVuZW5jcnlwdGVkIDEyOC1iaXQgT1RLLCB3aXRoIGE8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgIDY0LWJpdCBwcmVhbWJsZSBzZXQgdG8gMHgwMDAwMDAw
MDAwMDAwMDAwICg2NCBiaXRzKS48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4g
ICA2NC1iaXQgcHJlYW1ibGUgc2V0IHRvIDB4MDAwMDAwMDAwMDAwMDAwMCAoNjQgYml0cyku
PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0
ciBpZD0iZGlmZjAwNDkiPjx0ZD48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+Ny48c3BhbiBjbGFzcz0iZGVsZXRlIj4z
PC9zcGFuPi4gIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9uczwvdGQ+PHRkPiA8L3RkPjx0ZCBj
bGFzcz0icmJsb2NrIj43LjxzcGFuIGNsYXNzPSJpbnNlcnQiPjU8L3NwYW4+LiAgS2V5IERl
cml2YXRpb24gRnVuY3Rpb25zPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgog
ICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48
L3RkPjwvdHI+CiAgICAgIDx0ciBpZD0iZGlmZjAwNTAiPjx0ZD48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+ICAgPHNw
YW4gY2xhc3M9ImRlbGV0ZSI+VGhlIGZvbGxvd2luZyBLREYgSUQ8L3NwYW4+IHZhbHVlcyA8
c3BhbiBjbGFzcz0iZGVsZXRlIj5hcmUgZGVmaW5lZCBieSB0aGlzIG1lbW88L3NwYW4+IGZv
ciB1c2UgYXMgS0RGPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgIDxzcGFu
IGNsYXNzPSJpbnNlcnQiPklBTkEgaXMgcmVxdWVzdGVkIHRvIGNyZWF0ZSB0aGUgIkxJU1At
U0VDIEF1dGhlbnRpY2F0aW9uIERhdGEgS2V5PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5l
bm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4g
Y2xhc3M9Imluc2VydCI+ICAgRGVyaXZhdGlvbiBGdW5jdGlvbiBJRCIgcmVnaXN0cnkgd2l0
aDwvc3Bhbj4gdmFsdWVzIDxzcGFuIGNsYXNzPSJpbnNlcnQiPjAtNjU1MzU8L3NwYW4+IGZv
ciB1c2UgYXMgS0RGPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8
dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICBJRCBpbiB0
aGUgTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YTo8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICBJRCBpbiB0aGUgTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YTo8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAg
IE5hbWUgICAgICAgICAgICAgICAgICAgICBOdW1iZXIgICAgICAgIERlZmluZWQgSW48L3Rk
Pjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgTmFtZSAgICAgICAg
ICAgICAgICAgICAgIE51bWJlciAgICAgICAgRGVmaW5lZCBJbjwvdGQ+PHRkIGNsYXNzPSJs
aW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0
ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0
Ij4gICAgICAgICAgICAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRy
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAg
IE5PTkUgICAgICAgICAgICAgICAgICAgICAwPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgICAgICAgIE5PTkUgICAgICAgICAgICAgICAgICAgICAwPC90ZD48dGQg
Y2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8i
PjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgSEtERi1TSEExLTEyOCAgICAg
ICAgICAgIDEgICAgICAgICAgICAgW1JGQzU4NjldPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNz
PSJyaWdodCI+ICAgICAgICAgICAgIEhLREYtU0hBMS0xMjggICAgICAgICAgICAxICAgICAg
ICAgICAgIFtSRkM1ODY5XTwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAg
ICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48
dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJs
ZWZ0Ij4gICAgICAgICAgICAgdmFsdWVzIDItNjU1MzUgYXJlIHJlc2VydmVkIHRvIElBTkEu
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgIHZhbHVlcyAy
LTY1NTM1IGFyZSByZXNlcnZlZCB0byBJQU5BLjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0i
bGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICAgICAgICAgICAgS2V5IERlcml2YXRp
b24gRnVuY3Rpb25zPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAg
ICAgICAgICAgICAgICAgIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9uczwvdGQ+PHRkIGNsYXNz
PSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3Rk
Pjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90
ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHIgaWQ9InBhcnQtMTIi
IGNsYXNzPSJjaGFuZ2UiPjx0ZD48L3RkPjx0aD48c21hbGw+c2tpcHBpbmcgdG8gY2hhbmdl
IGF0PC9zbWFsbD48YSBocmVmPSJodHRwczovL3Rvb2xzLmlldGYub3JnL3Rvb2xzL3JmY2Rp
ZmYvcmZjZGlmZi5weWh0I3BhcnQtMTIiPjxlbT4gcGFnZSAxOSwgbGluZSA1PHNwYW4gY2xh
c3M9ImhpZGUiPiDCtjwvc3Bhbj48L2VtPjwvYT48L3RoPjx0aD4gPC90aD48dGg+PHNtYWxs
PnNraXBwaW5nIHRvIGNoYW5nZSBhdDwvc21hbGw+PGEgaHJlZj0iaHR0cHM6Ly90b29scy5p
ZXRmLm9yZy90b29scy9yZmNkaWZmL3JmY2RpZmYucHlodCNwYXJ0LTEyIj48ZW0+IHBhZ2Ug
MjAsIGxpbmUgNDY8c3BhbiBjbGFzcz0iaGlkZSI+IMK2PC9zcGFuPjwvZW0+PC9hPjwvdGg+
PHRkPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBj
bGFzcz0ibGVmdCI+ICAgW1JGQzY4MzBdICBGYXJpbmFjY2ksIEQuLCBGdWxsZXIsIFYuLCBN
ZXllciwgRC4sIGFuZCBELiBMZXdpcywgIlRoZTwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPiAgIFtSRkM2ODMwXSAgRmFyaW5hY2NpLCBELiwgRnVsbGVyLCBWLiwgTWV5ZXIs
IEQuLCBhbmQgRC4gTGV3aXMsICJUaGU8L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwv
dHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQi
PiAgICAgICAgICAgICAgTG9jYXRvci9JRCBTZXBhcmF0aW9uIFByb3RvY29sIChMSVNQKSIs
IFJGQyA2ODMwLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAg
ICAgTG9jYXRvci9JRCBTZXBhcmF0aW9uIFByb3RvY29sIChMSVNQKSIsIFJGQyA2ODMwLDwv
dGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0i
bGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgICAgICAgICAgICBET0kgMTAuMTc0
ODcvUkZDNjgzMCwgSmFudWFyeSAyMDEzLDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmln
aHQiPiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3L1JGQzY4MzAsIEphbnVhcnkgMjAxMyw8
L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgJmx0O2h0dHA6
Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM2ODMwJmd0Oy48L3RkPjx0ZD4gPC90ZD48
dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAgICAgICAgICZsdDtodHRwOi8vd3d3LnJmYy1lZGl0
b3Iub3JnL2luZm8vcmZjNjgzMCZndDsuPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij48L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIFtSRkM2ODMzXSAgRnVsbGVyLCBWLiBhbmQgRC4gRmFyaW5hY2Np
LCAiTG9jYXRvci9JRCBTZXBhcmF0aW9uPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+ICAgW1JGQzY4MzNdICBGdWxsZXIsIFYuIGFuZCBELiBGYXJpbmFjY2ksICJMb2NhdG9y
L0lEIFNlcGFyYXRpb248L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAg
IDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAg
ICAgICAgUHJvdG9jb2wgKExJU1ApIE1hcC1TZXJ2ZXIgSW50ZXJmYWNlIiwgUkZDIDY4MzMs
PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICBQcm90b2Nv
bCAoTElTUCkgTWFwLVNlcnZlciBJbnRlcmZhY2UiLCBSRkMgNjgzMyw8L3RkPjx0ZCBjbGFz
cz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90
ZD48dGQgY2xhc3M9ImxlZnQiPiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3L1JGQzY4MzMs
IEphbnVhcnkgMjAxMyw8L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICAgICAg
ICAgICAgIERPSSAxMC4xNzQ4Ny9SRkM2ODMzLCBKYW51YXJ5IDIwMTMsPC90ZD48dGQgY2xh
c3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwv
dGQ+PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgICZsdDtodHRwOi8vd3d3LnJmYy1l
ZGl0b3Iub3JnL2luZm8vcmZjNjgzMyZndDsuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJy
aWdodCI+ICAgICAgICAgICAgICAmbHQ7aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZv
L3JmYzY4MzMmZ3Q7LjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAg
PHRyPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+
IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHIgaWQ9ImRpZmYwMDUxIj48dGQ+PC90ZD48L3RyPgogICAgICA8dHI+
PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsYmxvY2siPjwvdGQ+PHRkPiA8
L3RkPjx0ZCBjbGFzcz0icmJsb2NrIj4gICA8c3BhbiBjbGFzcz0iaW5zZXJ0Ij5bUkZDNjgz
Nl0gIEZ1bGxlciwgVi4sIEZhcmluYWNjaSwgRC4sIE1leWVyLCBELiwgYW5kIEQuIExld2lz
LDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAg
ICAgIkxvY2F0b3IvSUQgU2VwYXJhdGlvbiBQcm90b2NvbCBBbHRlcm5hdGl2ZSBMb2dpY2Fs
PC9zcGFuPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGJsb2NrIj48L3RkPjx0ZD4gPC90
ZD48dGQgY2xhc3M9InJibG9jayI+PHNwYW4gY2xhc3M9Imluc2VydCI+ICAgICAgICAgICAg
ICBUb3BvbG9neSAoTElTUCtBTFQpIiwgUkZDIDY4MzYsIERPSSAxMC4xNzQ4Ny9SRkM2ODM2
LDwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48
dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90ZD48dGQ+IDwv
dGQ+PHRkIGNsYXNzPSJyYmxvY2siPjxzcGFuIGNsYXNzPSJpbnNlcnQiPiAgICAgICAgICAg
ICAgSmFudWFyeSAyMDEzLCAmbHQ7aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZvL3Jm
YzY4MzYmZ3Q7Ljwvc3Bhbj48L3RkPjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAg
ICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQgY2xhc3M9ImxibG9jayI+PC90
ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyYmxvY2siPiAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPiAgIFtSRkM3ODM1XSAgU2F1Y2V6LCBELiwg
SWFubm9uZSwgTC4sIGFuZCBPLiBCb25hdmVudHVyZSwgIkxvY2F0b3IvSUQ8L3RkPjx0ZD4g
PC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBbUkZDNzgzNV0gIFNhdWNleiwgRC4sIElhbm5v
bmUsIEwuLCBhbmQgTy4gQm9uYXZlbnR1cmUsICJMb2NhdG9yL0lEPC90ZD48dGQgY2xhc3M9
ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+
PHRkIGNsYXNzPSJsZWZ0Ij4gICAgICAgICAgICAgIFNlcGFyYXRpb24gUHJvdG9jb2wgKExJ
U1ApIFRocmVhdCBBbmFseXNpcyIsIFJGQyA3ODM1LDwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFz
cz0icmlnaHQiPiAgICAgICAgICAgICAgU2VwYXJhdGlvbiBQcm90b2NvbCAoTElTUCkgVGhy
ZWF0IEFuYWx5c2lzIiwgUkZDIDc4MzUsPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48
L3RyPgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0
Ij4gICAgICAgICAgICAgIERPSSAxMC4xNzQ4Ny9SRkM3ODM1LCBBcHJpbCAyMDE2LDwvdGQ+
PHRkPiA8L3RkPjx0ZCBjbGFzcz0icmlnaHQiPiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3
L1JGQzc4MzUsIEFwcmlsIDIwMTYsPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3Ry
PgogICAgICA8dHI+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij4g
ICAgICAgICAgICAgICZsdDtodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjNzgz
NSZndDsuPC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdodCI+ICAgICAgICAgICAgICAm
bHQ7aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZvL3JmYzc4MzUmZ3Q7LjwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+PC90ZD48dGQ+IDwvdGQ+PHRkIGNsYXNzPSJyaWdo
dCI+PC90ZD48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48L3RyPgogICAgICA8dHI+PHRkIGNs
YXNzPSJsaW5lbm8iPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij5BdXRob3JzJyBBZGRyZXNzZXM8
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij5BdXRob3JzJyBBZGRyZXNzZXM8L3Rk
Pjx0ZCBjbGFzcz0ibGluZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9Imxp
bmVubyI+PC90ZD48dGQgY2xhc3M9ImxlZnQiPjwvdGQ+PHRkPiA8L3RkPjx0ZCBjbGFzcz0i
cmlnaHQiPjwvdGQ+PHRkIGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0
ZCBjbGFzcz0ibGluZW5vIj48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgRmFiaW8gTWFpbm88
L3RkPjx0ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij4gICBGYWJpbyBNYWlubzwvdGQ+PHRk
IGNsYXNzPSJsaW5lbm8iPjwvdGQ+PC90cj4KICAgICAgPHRyPjx0ZCBjbGFzcz0ibGluZW5v
Ij48L3RkPjx0ZCBjbGFzcz0ibGVmdCI+ICAgQ2lzY28gU3lzdGVtczwvdGQ+PHRkPiA8L3Rk
Pjx0ZCBjbGFzcz0icmlnaHQiPiAgIENpc2NvIFN5c3RlbXM8L3RkPjx0ZCBjbGFzcz0ibGlu
ZW5vIj48L3RkPjwvdHI+CiAgICAgIDx0cj48dGQgY2xhc3M9ImxpbmVubyI+PC90ZD48dGQg
Y2xhc3M9ImxlZnQiPiAgIDE3MCBUYXNtYW4gRHJpdmU8L3RkPjx0ZD4gPC90ZD48dGQgY2xh
c3M9InJpZ2h0Ij4gICAxNzAgVGFzbWFuIERyaXZlPC90ZD48dGQgY2xhc3M9ImxpbmVubyI+
PC90ZD48L3RyPgoKICAgICA8dHI+PHRkPjwvdGQ+PHRkIGNsYXNzPSJsZWZ0Ij48L3RkPjx0
ZD4gPC90ZD48dGQgY2xhc3M9InJpZ2h0Ij48L3RkPjx0ZD48L3RkPjwvdHI+CiAgICAgPHRy
IGlkPSJlbmQiIGJnY29sb3I9ImdyYXkiPjx0aCBjb2xzcGFuPSI1IiBhbGlnbj0iY2VudGVy
Ij4mbmJzcDtFbmQgb2YgY2hhbmdlcy4gNTEgY2hhbmdlIGJsb2Nrcy4mbmJzcDs8L3RoPjwv
dHI+CiAgICAgPHRyIGNsYXNzPSJzdGF0cyI+PHRkPjwvdGQ+PHRoPjxpPjE0NSBsaW5lcyBj
aGFuZ2VkIG9yIGRlbGV0ZWQ8L2k+PC90aD48dGg+PGk+IDwvaT48L3RoPjx0aD48aT4yMzkg
bGluZXMgY2hhbmdlZCBvciBhZGRlZDwvaT48L3RoPjx0ZD48L3RkPjwvdHI+CiAgICAgPHRy
Pjx0ZCBjb2xzcGFuPSI1IiBhbGlnbj0iY2VudGVyIiBjbGFzcz0ic21hbGwiPjxicj5UaGlz
IGh0bWwgZGlmZiB3YXMgcHJvZHVjZWQgYnkgcmZjZGlmZiAxLjQ1LiBUaGUgbGF0ZXN0IHZl
cnNpb24gaXMgYXZhaWxhYmxlIGZyb20gPGEgaHJlZj0iaHR0cDovL3d3dy50b29scy5pZXRm
Lm9yZy90b29scy9yZmNkaWZmLyI+aHR0cDovL3Rvb2xzLmlldGYub3JnL3Rvb2xzL3JmY2Rp
ZmYvPC9hPiA8L3RkPjwvdHI+CiAgIDwvdGJvZHk+PC90YWJsZT4KICAgCiAgIAo8L2JvZHk+
PC9odG1sPg==
--------------783419FA16F85F446D9AC88D
Content-Type: text/plain; charset=UTF-8;
 name="draft-ietf-lisp-sec-12b.txt"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="draft-ietf-lisp-sec-12b.txt"

CgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBGLiBNYWlubwpJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFYuIEVybWFnYW4KSW50ZW5kZWQgc3Rh
dHVzOiBFeHBlcmltZW50YWwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaXNjbyBT
eXN0ZW1zCkV4cGlyZXM6IE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICBBLiBDYWJlbGxvcwogICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICBUZWNobmljYWwgVW5pdmVyc2l0eSBvZiBDYXRhbG9uaWEKICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
RC4gU2F1Y2V6CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICBJTlJJQQogICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMzEsIDIwMTYKCgogICAg
ICAgICAgICAgICAgICAgICAgICBMSVNQLVNlY3VyaXR5IChMSVNQLVNFQykKICAgICAgICAg
ICAgICAgICAgICAgICAgIGRyYWZ0LWlldGYtbGlzcC1zZWMtMTIKCkFic3RyYWN0CgogICBU
aGlzIG1lbW8gc3BlY2lmaWVzIExJU1AtU0VDLCBhIHNldCBvZiBzZWN1cml0eSBtZWNoYW5p
c21zIHRoYXQKICAgcHJvdmlkZXMgb3JpZ2luIGF1dGhlbnRpY2F0aW9uLCBpbnRlZ3JpdHkg
YW5kIGFudGktcmVwbGF5IHByb3RlY3Rpb24KICAgdG8gTElTUCdzIEVJRC10by1STE9DIG1h
cHBpbmcgZGF0YSBjb252ZXllZCB2aWEgbWFwcGluZyBsb29rdXAKICAgcHJvY2Vzcy4gIExJ
U1AtU0VDIGFsc28gZW5hYmxlcyB2ZXJpZmljYXRpb24gb2YgYXV0aG9yaXphdGlvbiBvbiBF
SUQtCiAgIHByZWZpeCBjbGFpbXMgaW4gTWFwLVJlcGx5IG1lc3NhZ2VzLgoKUmVxdWlyZW1l
bnRzIExhbmd1YWdlCgogICBUaGUga2V5IHdvcmRzICJNVVNUIiwgIk1VU1QgTk9UIiwgIlJF
UVVJUkVEIiwgIlNIQUxMIiwgIlNIQUxMIE5PVCIsCiAgICJTSE9VTEQiLCAiU0hPVUxEIE5P
VCIsICJSRUNPTU1FTkRFRCIsICJNQVkiLCBhbmQgIk9QVElPTkFMIiBpbiB0aGlzCiAgIGRv
Y3VtZW50IGFyZSB0byBiZSBpbnRlcnByZXRlZCBhcyBkZXNjcmliZWQgaW4gW1JGQzIxMTld
LgoKU3RhdHVzIG9mIFRoaXMgTWVtbwoKICAgVGhpcyBJbnRlcm5ldC1EcmFmdCBpcyBzdWJt
aXR0ZWQgaW4gZnVsbCBjb25mb3JtYW5jZSB3aXRoIHRoZQogICBwcm92aXNpb25zIG9mIEJD
UCA3OCBhbmQgQkNQIDc5LgoKICAgSW50ZXJuZXQtRHJhZnRzIGFyZSB3b3JraW5nIGRvY3Vt
ZW50cyBvZiB0aGUgSW50ZXJuZXQgRW5naW5lZXJpbmcKICAgVGFzayBGb3JjZSAoSUVURiku
ICBOb3RlIHRoYXQgb3RoZXIgZ3JvdXBzIG1heSBhbHNvIGRpc3RyaWJ1dGUKICAgd29ya2lu
ZyBkb2N1bWVudHMgYXMgSW50ZXJuZXQtRHJhZnRzLiAgVGhlIGxpc3Qgb2YgY3VycmVudCBJ
bnRlcm5ldC0KICAgRHJhZnRzIGlzIGF0IGh0dHA6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy9k
cmFmdHMvY3VycmVudC8uCgogICBJbnRlcm5ldC1EcmFmdHMgYXJlIGRyYWZ0IGRvY3VtZW50
cyB2YWxpZCBmb3IgYSBtYXhpbXVtIG9mIHNpeCBtb250aHMKICAgYW5kIG1heSBiZSB1cGRh
dGVkLCByZXBsYWNlZCwgb3Igb2Jzb2xldGVkIGJ5IG90aGVyIGRvY3VtZW50cyBhdCBhbnkK
ICAgdGltZS4gIEl0IGlzIGluYXBwcm9wcmlhdGUgdG8gdXNlIEludGVybmV0LURyYWZ0cyBh
cyByZWZlcmVuY2UKICAgbWF0ZXJpYWwgb3IgdG8gY2l0ZSB0aGVtIG90aGVyIHRoYW4gYXMg
IndvcmsgaW4gcHJvZ3Jlc3MuIgoKICAgVGhpcyBJbnRlcm5ldC1EcmFmdCB3aWxsIGV4cGly
ZSBvbiBNYXkgNCwgMjAxNy4KCgoKCgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBF
eHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICAgW1BhZ2UgMV0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBP
Y3RvYmVyIDIwMTYKCgpDb3B5cmlnaHQgTm90aWNlCgogICBDb3B5cmlnaHQgKGMpIDIwMTYg
SUVURiBUcnVzdCBhbmQgdGhlIHBlcnNvbnMgaWRlbnRpZmllZCBhcyB0aGUKICAgZG9jdW1l
bnQgYXV0aG9ycy4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuCgogICBUaGlzIGRvY3VtZW50IGlz
IHN1YmplY3QgdG8gQkNQIDc4IGFuZCB0aGUgSUVURiBUcnVzdCdzIExlZ2FsCiAgIFByb3Zp
c2lvbnMgUmVsYXRpbmcgdG8gSUVURiBEb2N1bWVudHMKICAgKGh0dHA6Ly90cnVzdGVlLmll
dGYub3JnL2xpY2Vuc2UtaW5mbykgaW4gZWZmZWN0IG9uIHRoZSBkYXRlIG9mCiAgIHB1Ymxp
Y2F0aW9uIG9mIHRoaXMgZG9jdW1lbnQuICBQbGVhc2UgcmV2aWV3IHRoZXNlIGRvY3VtZW50
cwogICBjYXJlZnVsbHksIGFzIHRoZXkgZGVzY3JpYmUgeW91ciByaWdodHMgYW5kIHJlc3Ry
aWN0aW9ucyB3aXRoIHJlc3BlY3QKICAgdG8gdGhpcyBkb2N1bWVudC4gIENvZGUgQ29tcG9u
ZW50cyBleHRyYWN0ZWQgZnJvbSB0aGlzIGRvY3VtZW50IG11c3QKICAgaW5jbHVkZSBTaW1w
bGlmaWVkIEJTRCBMaWNlbnNlIHRleHQgYXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNC5lIG9m
CiAgIHRoZSBUcnVzdCBMZWdhbCBQcm92aXNpb25zIGFuZCBhcmUgcHJvdmlkZWQgd2l0aG91
dCB3YXJyYW50eSBhcwogICBkZXNjcmliZWQgaW4gdGhlIFNpbXBsaWZpZWQgQlNEIExpY2Vu
c2UuCgpUYWJsZSBvZiBDb250ZW50cwoKICAgMS4gIEludHJvZHVjdGlvbiAgLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICAzCiAgIDIuICBEZWZp
bml0aW9uIG9mIFRlcm1zIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuICAgMwogICAzLiAgTElTUC1TRUMgVGhyZWF0IE1vZGVsIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgIDQKICAgNC4gIFByb3RvY29sIE9wZXJhdGlvbnMg
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICA0CiAgIDUuICBM
SVNQLVNFQyBDb250cm9sIE1lc3NhZ2VzIERldGFpbHMgLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuICAgNwogICAgIDUuMS4gIEVuY2Fwc3VsYXRlZCBDb250cm9sIE1lc3NhZ2UgTElT
UC1TRUMgRXh0ZW5zaW9ucyAgLiAuIC4gLiAgIDcKICAgICA1LjIuICBNYXAtUmVwbHkgTElT
UC1TRUMgRXh0ZW5zaW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gICA5CiAgICAg
NS4zLiAgTWFwLVJlZ2lzdGVyIExJU1AtU0VDIEV4dGVudGlvbnMgIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuICAxMAogICAgIDUuNC4gIElUUiBQcm9jZXNzaW5nICAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTAKICAgICAgIDUuNC4xLiAgTWFwLVJl
cGx5IFJlY29yZCBWYWxpZGF0aW9uIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDEyCiAg
ICAgICA1LjQuMi4gIFBJVFIgUHJvY2Vzc2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuICAxMwogICAgIDUuNS4gIEVuY3J5cHRpbmcgYW5kIERlY3J5cHRpbmcg
YW4gT1RLICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTMKICAgICA1LjYuICBNYXAtUmVz
b2x2ZXIgUHJvY2Vzc2luZyAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gIDE0
CiAgICAgNS43LiAgTWFwLVNlcnZlciBQcm9jZXNzaW5nIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuICAxNAogICAgICAgNS43LjEuICBNYXAtU2VydmVyIFByb2Nlc3Np
bmcgaW4gUHJveHkgbW9kZSAuIC4gLiAuIC4gLiAuIC4gLiAgMTUKICAgICA1LjguICBFVFIg
UHJvY2Vzc2luZyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
IDE2CiAgIDYuICBTZWN1cml0eSBDb25zaWRlcmF0aW9ucyAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuICAxNgogICAgIDYuMS4gIE1hcHBpbmcgU3lzdGVtIFNlY3Vy
aXR5IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTYKICAgICA2LjIuICBS
YW5kb20gTnVtYmVyIEdlbmVyYXRpb24gIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gIDE2CiAgICAgNi4zLiAgTWFwLVNlcnZlciBhbmQgRVRSIENvbG9jYXRpb24gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNwogICAgIDYuNC4gIERlcGxveWluZyBMSVNQLVNF
QyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTcKICAgNy4gIElB
TkEgQ29uc2lkZXJhdGlvbnMgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gIDE3CiAgICAgNy4xLiAgRUNNIEFEIFR5cGUgUmVnaXN0cnkgIC4gLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxNwogICAgIDcuMi4gIE1hcC1SZXBseSBBRCBU
eXBlIFJlZ2lzdHJ5ICAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTgKICAgICA3
LjMuICBITUFDIEZ1bmN0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAu
IC4gLiAuIC4gIDE4CiAgICAgNy40LiAgS2V5IFdyYXAgRnVuY3Rpb25zICAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAxOQogICAgIDcuNS4gIEtleSBEZXJpdmF0
aW9uIEZ1bmN0aW9ucyAgLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMTkKICAg
OC4gIEFja25vd2xlZGdlbWVudHMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4g
LiAuIC4gLiAuIC4gIDE5CiAgIDkuICBOb3JtYXRpdmUgUmVmZXJlbmNlcyAgLiAuIC4gLiAu
IC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuICAyMAogICBBdXRob3JzJyBBZGRyZXNz
ZXMgIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAuIC4gLiAgMjEK
CgoKCk1haW5vLCBldCBhbC4gICAgICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAg
ICAgICAgICAgICAgICBbUGFnZSAyXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAg
ICAgTElTUC1TRUMgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCjEuICBJbnRy
b2R1Y3Rpb24KCiAgIFRoZSBMb2NhdG9yL0lEIFNlcGFyYXRpb24gUHJvdG9jb2wgW1JGQzY4
MzBdIGlzIGEgbmV0d29yay1sYXllci1iYXNlZAogICBwcm90b2NvbCB0aGF0IGVuYWJsZXMg
c2VwYXJhdGlvbiBvZiBJUCBhZGRyZXNzZXMgaW50byB0d28gbmV3CiAgIG51bWJlcmluZyBz
cGFjZXM6IEVuZHBvaW50IElkZW50aWZpZXJzIChFSURzKSBhbmQgUm91dGluZyBMb2NhdG9y
cwogICAoUkxPQ3MpLiAgSWYgdGhlc2UgRUlELXRvLVJMT0MgbWFwcGluZ3MsIGNhcnJpZWQg
dGhyb3VnaCBNYXAtUmVwbHkKICAgbWVzc2FnZXMsIGFyZSB0cmFuc21pdHRlZCB3aXRob3V0
IGludGVncml0eSBwcm90ZWN0aW9uLCBhbiBhZHZlcnNhcnkKICAgY2FuIG1hbmlwdWxhdGUg
dGhlbSBhbmQgaGlqYWNrIHRoZSBjb21tdW5pY2F0aW9uLCBpbXBlcnNvbmF0ZSB0aGUKICAg
cmVxdWVzdGVkIEVJRCwgb3IgbW91bnQgRGVuaWFsIG9mIFNlcnZpY2Ugb3IgRGlzdHJpYnV0
ZWQgRGVuaWFsIG9mCiAgIFNlcnZpY2UgYXR0YWNrcy4gIEFsc28sIGlmIHRoZSBNYXAtUmVw
bHkgbWVzc2FnZSBpcyB0cmFuc3BvcnRlZAogICB1bmF1dGhlbnRpY2F0ZWQsIGFuIGFkdmVy
c2FyaWFsIExJU1AgZW50aXR5IGNhbiBvdmVyY2xhaW0gYW4gRUlELQogICBwcmVmaXggYW5k
IG1hbGljaW91c2x5IHJlZGlyZWN0IHRyYWZmaWMgZGlyZWN0ZWQgdG8gYSBsYXJnZSBudW1i
ZXIgb2YKICAgaG9zdHMuICBUaGUgTElTUC1TRUMgdGhyZWF0IG1vZGVsLCBkZXNjcmliZWQg
aW4gU2VjdGlvbiAzLCBpcyBidWlsdAogICBvbiB0b3Agb2YgdGhlIExJU1AgdGhyZWF0IG1v
ZGVsIGRlZmluZWQgaW4gW1JGQzc4MzVdLCB0aGF0IGluY2x1ZGVzCiAgIGRldGFpbGVkIGRl
c2NyaXB0aW9uIG9mICJvdmVyY2xhaW1pbmciIGF0dGFjay4KCiAgIFRoaXMgbWVtbyBzcGVj
aWZpZXMgTElTUC1TRUMsIGEgc2V0IG9mIHNlY3VyaXR5IG1lY2hhbmlzbXMgdGhhdAogICBw
cm92aWRlcyBvcmlnaW4gYXV0aGVudGljYXRpb24sIGludGVncml0eSBhbmQgYW50aS1yZXBs
YXkgcHJvdGVjdGlvbgogICB0byBMSVNQJ3MgRUlELXRvLVJMT0MgbWFwcGluZyBkYXRhIGNv
bnZleWVkIHZpYSBtYXBwaW5nIGxvb2t1cAogICBwcm9jZXNzLiAgTElTUC1TRUMgYWxzbyBl
bmFibGVzIHZlcmlmaWNhdGlvbiBvZiBhdXRob3JpemF0aW9uIG9uIEVJRC0KICAgcHJlZml4
IGNsYWltcyBpbiBNYXAtUmVwbHkgbWVzc2FnZXMsIGVuc3VyaW5nIHRoYXQgdGhlIHNlbmRl
ciBvZiBhCiAgIE1hcC1SZXBseSB0aGF0IHByb3ZpZGVzIHRoZSBsb2NhdGlvbiBmb3IgYSBn
aXZlbiBFSUQtcHJlZml4IGlzCiAgIGVudGl0bGVkIHRvIGRvIHNvIGFjY29yZGluZyB0byB0
aGUgRUlEIHByZWZpeCByZWdpc3RlcmVkIGluIHRoZQogICBhc3NvY2lhdGVkIE1hcC1TZXJ2
ZXIuICBNYXAtUmVnaXN0ZXIgc2VjdXJpdHksIGluY2x1ZGluZyB0aGUgcmlnaHQKICAgZm9y
IGEgTElTUCBlbnRpdHkgdG8gcmVnaXN0ZXIgYW4gRUlELXByZWZpeCBvciB0byBjbGFpbSBw
cmVzZW5jZSBhdAogICBhbiBSTE9DLCBpcyBvdXQgb2YgdGhlIHNjb3BlIG9mIExJU1AtU0VD
LiAgQWRkaXRpb25hbCBzZWN1cml0eQogICBjb25zaWRlcmF0aW9ucyBhcmUgZGVzY3JpYmVk
IGluIFNlY3Rpb24gNi4KCjIuICBEZWZpbml0aW9uIG9mIFRlcm1zCgogICAgICBPbmUtVGlt
ZSBLZXkgKE9USyk6IEFuIGVwaGVtZXJhbCByYW5kb21seSBnZW5lcmF0ZWQga2V5IHRoYXQg
bXVzdAogICAgICBiZSB1c2VkIGZvciBhIHNpbmdsZSBNYXAtUmVxdWVzdC9NYXAtUmVwbHkg
ZXhjaGFuZ2UuCgogICAgICBJVFIgT25lLVRpbWUgS2V5IChJVFItT1RLKTogVGhlIE9uZS1U
aW1lIEtleSBnZW5lcmF0ZWQgYXQgdGhlIElUUi4KCiAgICAgIE1TIE9uZS1UaW1lIEtleSAo
TVMtT1RLKTogVGhlIE9uZS1UaW1lIEtleSBnZW5lcmF0ZWQgYXQgdGhlIE1hcC0KICAgICAg
U2VydmVyLgoKICAgICAgQXV0aGVudGljYXRpb24gRGF0YSAoQUQpOiBNZXRhZGF0YSB0aGF0
IGlzIGluY2x1ZGVkIGVpdGhlciBpbiBhCiAgICAgIExJU1AgRW5jYXBzdWxhdGVkIENvbnRy
b2wgTWVzc2FnZSAoRUNNKSBoZWFkZXIsIGFzIGRlZmluZWQgaW4KICAgICAgU2VjdGlvbiA2
LjEuOCBvZiBbUkZDNjgzMF0sIG9yIGluIGEgTWFwLVJlcGx5IG1lc3NhZ2UgdG8gc3VwcG9y
dAogICAgICBjb25maWRlbnRpYWxpdHksIGludGVncml0eSBwcm90ZWN0aW9uLCBhbmQgdmVy
aWZpY2F0aW9uIG9mIEVJRC0KICAgICAgcHJlZml4IGF1dGhvcml6YXRpb24uCgogICAgICBP
VEsgQXV0aGVudGljYXRpb24gRGF0YSAoT1RLLUFEKTogVGhlIHBvcnRpb24gb2YgRUNNCiAg
ICAgIEF1dGhlbnRpY2F0aW9uIERhdGEgdGhhdCBjb250YWlucyBhIE9uZS1UaW1lIEtleS4K
CgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAg
ICAgICAgICAgICAgICAgW1BhZ2UgM10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAg
ICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICAgICBF
SUQgQXV0aGVudGljYXRpb24gRGF0YSAoRUlELUFEKTogVGhlIHBvcnRpb24gb2YgRUNNIGFu
ZCBNYXAtUmVwbHkKICAgICAgQXV0aGVudGljYXRpb24gRGF0YSB1c2VkIGZvciB2ZXJpZmlj
YXRpb24gb2YgRUlELXByZWZpeAogICAgICBhdXRob3JpemF0aW9uLgoKICAgICAgUGFja2V0
IEF1dGhlbnRpY2F0aW9uIERhdGEgKFBLVC1BRCk6IFRoZSBwb3J0aW9uIG9mIE1hcC1SZXBs
eQogICAgICBBdXRoZW50aWNhdGlvbiBEYXRhIHVzZWQgdG8gcHJvdGVjdCB0aGUgaW50ZWdy
aXR5IG9mIHRoZSBNYXAtUmVwbHkKICAgICAgbWVzc2FnZS4KCgoKICAgRm9yIGRlZmluaXRp
b25zIG9mIG90aGVyIHRlcm1zLCBub3RhYmx5IE1hcC1SZXF1ZXN0LCBNYXAtUmVwbHksCiAg
IEluZ3Jlc3MgVHVubmVsIFJvdXRlciAoSVRSKSwgRWdyZXNzIFR1bm5lbCBSb3V0ZXIgKEVU
UiksIE1hcC1TZXJ2ZXIKICAgKE1TKSwgYW5kIE1hcC1SZXNvbHZlciAoTVIpIHBsZWFzZSBj
b25zdWx0IHRoZSBMSVNQIHNwZWNpZmljYXRpb24KICAgW1JGQzY4MzBdLgoKMy4gIExJU1At
U0VDIFRocmVhdCBNb2RlbAoKICAgTElTUC1TRUMgYWRkcmVzc2VzIHRoZSBjb250cm9sIHBs
YW5lIHRocmVhdHMsIGRlc2NyaWJlZCBpbiBbUkZDNzgzNV0sCiAgIHRoYXQgdGFyZ2V0IEVJ
RC10by1STE9DIG1hcHBpbmdzLCBpbmNsdWRpbmcgbWFuaXB1bGF0aW9ucyBvZiBNYXAtCiAg
IFJlcXVlc3QgYW5kIE1hcC1SZXBseSBtZXNzYWdlcywgYW5kIG1hbGljaW91cyBFVFIgRUlE
IHByZWZpeAogICBvdmVyY2xhaW1pbmcuICBMSVNQLVNFQyBtYWtlcyB0d28gbWFpbiBhc3N1
bXB0aW9uczogKDEpIHRoZSBMSVNQCiAgIG1hcHBpbmcgc3lzdGVtIGlzIGV4cGVjdGVkIHRv
IGRlbGl2ZXIgYSBNYXAtUmVxdWVzdCBtZXNzYWdlIHRvIHRoZWlyCiAgIGludGVuZGVkIGRl
c3RpbmF0aW9uIEVUUiBhcyBpZGVudGlmaWVkIGJ5IHRoZSBFSUQsIGFuZCAoMikgbm8gbWFu
LWluLQogICB0aGUtbWlkZGxlIChNSVRNKSBhdHRhY2sgY2FuIGJlIG1vdW50ZWQgd2l0aGlu
IHRoZSBMSVNQIE1hcHBpbmcKICAgU3lzdGVtLiAgSG93IHRoZSBNYXBwaW5nIFN5c3RlbSBp
cyBwcm90ZWN0ZWQgZnJvbSBNSVRNIGF0dGFja3MKICAgZGVwZW5kcyBmcm9tIHRoZSBwYXJ0
aWN1bGFyIE1hcHBpbmcgU3lzdGVtcyB1c2VkLCBhbmQgaXMgb3V0IG9mIHRoZQogICBzY29w
ZSBvZiB0aGlzIG1lbW8uICBGdXJ0aGVybW9yZSwgd2hpbGUgTElTUC1TRUMgZW5hYmxlcyBk
ZXRlY3Rpb24gb2YKICAgRUlEIHByZWZpeCBvdmVyY2xhaW1pbmcgYXR0YWNrcywgaXQgYXNz
dW1lcyB0aGF0IE1hcC1TZXJ2ZXJzIGNhbgogICB2ZXJpZnkgdGhlIEVJRCBwcmVmaXggYXV0
aG9yaXphdGlvbiBhdCB0aW1lIG9mIHJlZ2lzdHJhdGlvbi4KCiAgIEFjY29yZGluZyB0byB0
aGUgdGhyZWF0IG1vZGVsIGRlc2NyaWJlZCBpbiBbUkZDNzgzNV0gTElTUC1TRUMgYXNzdW1l
cwogICB0aGF0IGFueSBraW5kIG9mIGF0dGFjaywgaW5jbHVkaW5nIE1JVE0gYXR0YWNrcywg
Y2FuIGJlIG1vdW50ZWQgaW4KICAgdGhlIGFjY2VzcyBuZXR3b3JrLCBvdXRzaWRlIG9mIHRo
ZSBib3VuZGFyaWVzIG9mIHRoZSBMSVNQIG1hcHBpbmcKICAgc3lzdGVtLiAgQW4gb24tcGF0
aCBhdHRhY2tlciwgb3V0c2lkZSBvZiB0aGUgTElTUCBtYXBwaW5nIHN5c3RlbSBjYW4sCiAg
IGZvciBleGFtcGxlLCBoaWphY2sgTWFwLVJlcXVlc3QgYW5kIE1hcC1SZXBseSBtZXNzYWdl
cywgc3Bvb2ZpbmcgdGhlCiAgIGlkZW50aXR5IG9mIGEgTElTUCBub2RlLiAgQW5vdGhlciBl
eGFtcGxlIG9mIG9uLXBhdGggYXR0YWNrLCBjYWxsZWQKICAgb3ZlcmNsYWltaW5nIGF0dGFj
aywgY2FuIGJlIG1vdW50ZWQgYnkgYSBtYWxpY2lvdXMgRWdyZXNzIFR1bm5lbAogICBSb3V0
ZXIgKEVUUiksIGJ5IG92ZXJjbGFpbWluZyB0aGUgRUlELXByZWZpeGVzIGZvciB3aGljaCBp
dCBpcwogICBhdXRob3JpdGF0aXZlLiAgSW4gdGhpcyB3YXkgdGhlIEVUUiBjYW4gbWFsaWNp
b3VzbHkgcmVkaXJlY3QgdHJhZmZpYwogICBkaXJlY3RlZCB0byBhIGxhcmdlIG51bWJlciBv
ZiBob3N0cy4KCjQuICBQcm90b2NvbCBPcGVyYXRpb25zCgogICBUaGUgZ29hbCBvZiB0aGUg
c2VjdXJpdHkgbWVjaGFuaXNtcyBkZWZpbmVkIGluIFtSRkM2ODMwXSBpcyB0bwogICBwcmV2
ZW50IHVuYXV0aG9yaXplZCBpbnNlcnRpb24gb2YgbWFwcGluZyBkYXRhIGJ5IHByb3ZpZGlu
ZyBvcmlnaW4KICAgYXV0aGVudGljYXRpb24gYW5kIGludGVncml0eSBwcm90ZWN0aW9uIGZv
ciB0aGUgTWFwLVJlZ2lzdHJhdGlvbiwgYW5kCiAgIGJ5IHVzaW5nIHRoZSBub25jZSB0byBk
ZXRlY3QgdW5zb2xpY2l0ZWQgTWFwLVJlcGx5IHNlbnQgYnkgb2ZmLXBhdGgKICAgYXR0YWNr
ZXJzLgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3
ICAgICAgICAgICAgICAgICAgW1BhZ2UgNF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAg
ICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICBM
SVNQLVNFQyBidWlsZHMgb24gdG9wIG9mIHRoZSBzZWN1cml0eSBtZWNoYW5pc21zIGRlZmlu
ZWQgaW4KICAgW1JGQzY4MzBdIHRvIGFkZHJlc3MgdGhlIHRocmVhdHMgZGVzY3JpYmVkIGlu
IFNlY3Rpb24gMyBieSBsZXZlcmFnaW5nCiAgIHRoZSB0cnVzdCByZWxhdGlvbnNoaXBzIGV4
aXN0aW5nIGFtb25nIHRoZSBMSVNQIGVudGl0aWVzCiAgIHBhcnRpY2lwYXRpbmcgdG8gdGhl
IGV4Y2hhbmdlIG9mIHRoZSBNYXAtUmVxdWVzdC9NYXAtUmVwbHkgbWVzc2FnZXMuCiAgIFRo
b3NlIHRydXN0IHJlbGF0aW9uc2hpcHMgYXJlIHVzZWQgdG8gc2VjdXJlbHkgZGlzdHJpYnV0
ZSBhIE9uZS1UaW1lCiAgIEtleSAoT1RLKSB0aGF0IHByb3ZpZGVzIG9yaWdpbiBhdXRoZW50
aWNhdGlvbiwgaW50ZWdyaXR5IGFuZCBhbnRpLQogICByZXBsYXkgcHJvdGVjdGlvbiB0byBt
YXBwaW5nIGRhdGEgY29udmV5ZWQgdmlhIHRoZSBtYXBwaW5nIGxvb2t1cAogICBwcm9jZXNz
LCBhbmQgdGhhdCBlZmZlY3RpdmVseSBwcmV2ZW50IG92ZXJjbGFpbWluZyBhdHRhY2tzLiAg
VGhlCiAgIHByb2Nlc3Npbmcgb2Ygc2VjdXJpdHkgcGFyYW1ldGVycyBkdXJpbmcgdGhlIE1h
cC1SZXF1ZXN0L01hcC1SZXBseQogICBleGNoYW5nZSBpcyBhcyBmb2xsb3dzOgoKICAgbyAg
VGhlIElUUi1PVEsgaXMgZ2VuZXJhdGVkIGFuZCBzdG9yZWQgYXQgdGhlIElUUiwgYW5kIHNl
Y3VyZWx5CiAgICAgIHRyYW5zcG9ydGVkIHRvIHRoZSBNYXAtU2VydmVyLgoKICAgbyAgVGhl
IE1hcC1TZXJ2ZXIgdXNlcyB0aGUgSVRSLU9USyB0byBjb21wdXRlIGEgS2V5ZWQtSGFzaGlu
ZyBmb3IKICAgICAgTWVzc2FnZSBBdXRoZW50aWNhdGlvbiAoSE1BQykgW1JGQzIxMDRdIHRo
YXQgcHJvdGVjdHMgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgbWFwcGluZyBkYXRhIGtu
b3duIHRvIHRoZSBNYXAtU2VydmVyIHRvIHByZXZlbnQKICAgICAgb3ZlcmNsYWltaW5nIGF0
dGFja3MuICBUaGUgTWFwLVNlcnZlciBhbHNvIGRlcml2ZXMgYSBuZXcgT1RLLCB0aGUKICAg
ICAgTVMtT1RLLCB0aGF0IGlzIHBhc3NlZCB0byB0aGUgRVRSLCBieSBhcHBseWluZyBhIEtl
eSBEZXJpdmF0aW9uCiAgICAgIEZ1bmN0aW9uIChLREYpIHRvIHRoZSBJVFItT1RLLgoKICAg
byAgVGhlIEVUUiB1c2VzIHRoZSBNUy1PVEsgdG8gY29tcHV0ZSBhbiBITUFDIHRoYXQgcHJv
dGVjdHMgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgTWFwLVJlcGx5IHNlbnQgdG8gdGhl
IElUUi4KCiAgIG8gIEZpbmFsbHksIHRoZSBJVFIgdXNlcyB0aGUgc3RvcmVkIElUUi1PVEsg
dG8gdmVyaWZ5IHRoZSBpbnRlZ3JpdHkKICAgICAgb2YgdGhlIG1hcHBpbmcgZGF0YSBwcm92
aWRlZCBieSBib3RoIHRoZSBNYXAtU2VydmVyIGFuZCB0aGUgRVRSLAogICAgICBhbmQgdG8g
dmVyaWZ5IHRoYXQgbm8gb3ZlcmNsYWltaW5nIGF0dGFja3Mgd2VyZSBtb3VudGVkIGFsb25n
IHRoZQogICAgICBwYXRoIGJldHdlZW4gdGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBJVFIuCgog
ICBTZWN0aW9uIDUgcHJvdmlkZXMgdGhlIGRldGFpbGVkIGRlc2NyaXB0aW9uIG9mIHRoZSBM
SVNQLVNFQyBjb250cm9sCiAgIG1lc3NhZ2VzIGFuZCB0aGVpciBwcm9jZXNzaW5nLCB3aGls
ZSB0aGUgcmVzdCBvZiB0aGlzIHNlY3Rpb24KICAgZGVzY3JpYmVzIHRoZSBmbG93IG9mIHBy
b3RvY29sIG9wZXJhdGlvbnMgYXQgZWFjaCBlbnRpdHkgaW52b2x2ZWQgaW4KICAgdGhlIE1h
cC1SZXF1ZXN0L01hcC1SZXBseSBleGNoYW5nZToKCiAgIG8gIFRoZSBJVFIsIHVwb24gbmVl
ZGluZyB0byB0cmFuc21pdCBhIE1hcC1SZXF1ZXN0IG1lc3NhZ2UsIGdlbmVyYXRlcwogICAg
ICBhbmQgc3RvcmVzIGFuIE9USyAoSVRSLU9USykuICBUaGlzIElUUi1PVEsgaXMgaW5jbHVk
ZWQgaW50byB0aGUKICAgICAgRW5jYXBzdWxhdGVkIENvbnRyb2wgTWVzc2FnZSAoRUNNKSB0
aGF0IGNvbnRhaW5zIHRoZSBNYXAtUmVxdWVzdAogICAgICBzZW50IHRvIHRoZSBNYXAtUmVz
b2x2ZXIuICBUbyBwcm92aWRlIGNvbmZpZGVudGlhbGl0eSB0byB0aGUgSVRSLQogICAgICBP
VEsgb3ZlciB0aGUgcGF0aCBiZXR3ZWVuIHRoZSBJVFIgYW5kIGl0cyBNYXAtUmVzb2x2ZXIs
IHRoZSBJVFItCiAgICAgIE9USyBTSE9VTEQgYmUgZW5jcnlwdGVkIHVzaW5nIGEgcHJlY29u
ZmlndXJlZCBrZXkgc2hhcmVkIGJldHdlZW4KICAgICAgdGhlIElUUiBhbmQgdGhlIE1hcC1S
ZXNvbHZlciwgc2ltaWxhciB0byB0aGUga2V5IHNoYXJlZCBiZXR3ZWVuCiAgICAgIHRoZSBF
VFIgYW5kIHRoZSBNYXAtU2VydmVyIGluIG9yZGVyIHRvIHNlY3VyZSBFVFIgcmVnaXN0cmF0
aW9uCiAgICAgIFtSRkM2ODMzXS4KCiAgIG8gIFRoZSBNYXAtUmVzb2x2ZXIgZGVjYXBzdWxh
dGVzIHRoZSBFQ00gbWVzc2FnZSwgZGVjcnlwdHMgdGhlIElUUi0KICAgICAgT1RLLCBpZiBu
ZWVkZWQsIGFuZCBmb3J3YXJkcyB0aHJvdWdoIHRoZSBNYXBwaW5nIFN5c3RlbSB0aGUKICAg
ICAgcmVjZWl2ZWQgTWFwLVJlcXVlc3QgYW5kIHRoZSBJVFItT1RLLCBhcyBwYXJ0IG9mIGEg
bmV3IEVDTQogICAgICBtZXNzYWdlLiAgQXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS42LCB0
aGUgTElTUCBNYXBwaW5nIFN5c3RlbQoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBF
eHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICAgW1BhZ2UgNV0KDApJbnRlcm5l
dC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBP
Y3RvYmVyIDIwMTYKCgogICAgICBkZWxpdmVycyB0aGUgRUNNIHRvIHRoZSBhcHByb3ByaWF0
ZSBNYXAtU2VydmVyLCBhcyBpZGVudGlmaWVkIGJ5CiAgICAgIHRoZSBFSUQgZGVzdGluYXRp
b24gYWRkcmVzcyBvZiB0aGUgTWFwLVJlcXVlc3QuCgogICBvICBUaGUgTWFwLVNlcnZlciBp
cyBjb25maWd1cmVkIHdpdGggdGhlIGxvY2F0aW9uIG1hcHBpbmdzIGFuZCBwb2xpY3kKICAg
ICAgaW5mb3JtYXRpb24gZm9yIHRoZSBFVFIgcmVzcG9uc2libGUgZm9yIHRoZSBFSUQgZGVz
dGluYXRpb24KICAgICAgYWRkcmVzcy4gIFVzaW5nIHRoaXMgcHJlY29uZmlndXJlZCBpbmZv
cm1hdGlvbiwgdGhlIE1hcC1TZXJ2ZXIsCiAgICAgIGFmdGVyIHRoZSBkZWNhcHN1bGF0aW9u
IG9mIHRoZSBFQ00gbWVzc2FnZSwgZmluZHMgdGhlIGxvbmdlc3QKICAgICAgbWF0Y2ggRUlE
LXByZWZpeCB0aGF0IGNvdmVycyB0aGUgcmVxdWVzdGVkIEVJRCBpbiB0aGUgcmVjZWl2ZWQK
ICAgICAgTWFwLVJlcXVlc3QuICBUaGUgTWFwLVNlcnZlciBhZGRzIHRoaXMgRUlELXByZWZp
eCwgdG9nZXRoZXIgd2l0aAogICAgICBhbiBITUFDIGNvbXB1dGVkIHVzaW5nIHRoZSBJVFIt
T1RLLCB0byBhIG5ldyBFbmNhcHN1bGF0ZWQgQ29udHJvbAogICAgICBNZXNzYWdlIHRoYXQg
Y29udGFpbnMgdGhlIHJlY2VpdmVkIE1hcC1SZXF1ZXN0LgoKICAgbyAgVGhlIE1hcC1TZXJ2
ZXIgZGVyaXZlcyBhIG5ldyBPVEssIHRoZSBNUy1PVEssIGJ5IGFwcGx5aW5nIGEgS2V5CiAg
ICAgIERlcml2YXRpb24gRnVuY3Rpb24gKEtERikgdG8gdGhlIElUUi1PVEsuICBUaGlzIE1T
LU9USyBpcyBpbmNsdWRlZAogICAgICBpbiB0aGUgRW5jYXBzdWxhdGVkIENvbnRyb2wgTWVz
c2FnZSB0aGF0IHRoZSBNYXAtU2VydmVyIHVzZXMgdG8KICAgICAgZm9yd2FyZCB0aGUgTWFw
LVJlcXVlc3QgdG8gdGhlIEVUUi4gIFRvIHByb3ZpZGUgTVMtT1RLCiAgICAgIGNvbmZpZGVu
dGlhbGl0eSBvdmVyIHRoZSBwYXRoIGJldHdlZW4gdGhlIE1hcC1TZXJ2ZXIgYW5kIHRoZSBF
VFIsCiAgICAgIHRoZSBNUy1PVEsgU0hPVUxEIGJlIGVuY3J5cHRlZCB1c2luZyB0aGUga2V5
IHNoYXJlZCBiZXR3ZWVuIHRoZQogICAgICBFVFIgYW5kIHRoZSBNYXAtU2VydmVyIGluIG9y
ZGVyIHRvIHNlY3VyZSBFVFIgcmVnaXN0cmF0aW9uCiAgICAgIFtSRkM2ODMzXS4KCiAgIG8g
IElmIHRoZSBNYXAtU2VydmVyIGlzIGFjdGluZyBpbiBwcm94eSBtb2RlLCBhcyBzcGVjaWZp
ZWQgaW4KICAgICAgW1JGQzY4MzBdLCB0aGUgRVRSIGlzIG5vdCBpbnZvbHZlZCBpbiB0aGUg
Z2VuZXJhdGlvbiBvZiB0aGUgTWFwLQogICAgICBSZXBseS4gIEluIHRoaXMgY2FzZSB0aGUg
TWFwLVNlcnZlciBnZW5lcmF0ZXMgdGhlIE1hcC1SZXBseSBvbgogICAgICBiZWhhbGYgb2Yg
dGhlIEVUUiBhcyBkZXNjcmliZWQgYmVsb3cuCgogICBvICBUaGUgRVRSLCB1cG9uIHJlY2Vp
dmluZyB0aGUgRUNNIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdCBmcm9tIHRoZQogICAgICBN
YXAtU2VydmVyLCBkZWNyeXB0cyB0aGUgTVMtT1RLLCBpZiBuZWVkZWQsIGFuZCBvcmlnaW5h
dGVzIGEKICAgICAgc3RhbmRhcmQgTWFwLVJlcGx5IHRoYXQgY29udGFpbnMgdGhlIEVJRC10
by1STE9DIG1hcHBpbmcKICAgICAgaW5mb3JtYXRpb24gYXMgc3BlY2lmaWVkIGluIFtSRkM2
ODMwXS4KCiAgIG8gIFRoZSBFVFIgY29tcHV0ZXMgYW4gSE1BQyBvdmVyIHRoaXMgc3RhbmRh
cmQgTWFwLVJlcGx5LCBrZXllZCB3aXRoCiAgICAgIE1TLU9USyB0byBwcm90ZWN0IHRoZSBp
bnRlZ3JpdHkgb2YgdGhlIHdob2xlIE1hcC1SZXBseS4gIFRoZSBFVFIKICAgICAgYWxzbyBj
b3BpZXMgdGhlIEVJRC1wcmVmaXggYXV0aG9yaXphdGlvbiBkYXRhIHRoYXQgdGhlIE1hcC1T
ZXJ2ZXIKICAgICAgaW5jbHVkZWQgaW4gdGhlIEVDTSBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVl
c3QgaW50byB0aGUgTWFwLVJlcGx5CiAgICAgIG1lc3NhZ2UuICBUaGUgRVRSIHRoZW4gc2Vu
ZHMgdGhpcyBjb21wbGV0ZSBNYXAtUmVwbHkgbWVzc2FnZSB0bwogICAgICB0aGUgcmVxdWVz
dGluZyBJVFIuCgogICBvICBUaGUgSVRSLCB1cG9uIHJlY2VpdmluZyB0aGUgTWFwLVJlcGx5
LCB1c2VzIHRoZSBsb2NhbGx5IHN0b3JlZAogICAgICBJVFItT1RLIHRvIHZlcmlmeSB0aGUg
aW50ZWdyaXR5IG9mIHRoZSBFSUQtcHJlZml4IGF1dGhvcml6YXRpb24KICAgICAgZGF0YSBp
bmNsdWRlZCBpbiB0aGUgTWFwLVJlcGx5IGJ5IHRoZSBNYXAtU2VydmVyLiAgVGhlIElUUgog
ICAgICBjb21wdXRlcyB0aGUgTVMtT1RLIGJ5IGFwcGx5aW5nIHRoZSBzYW1lIEtERiB1c2Vk
IGJ5IHRoZSBNYXAtCiAgICAgIFNlcnZlciwgYW5kIHZlcmlmaWVzIHRoZSBpbnRlZ3JpdHkg
b2YgdGhlIE1hcC1SZXBseS4gIElmIHRoZQogICAgICBpbnRlZ3JpdHkgY2hlY2tzIGZhaWws
IHRoZSBNYXAtUmVwbHkgTVVTVCBiZSBkaXNjYXJkZWQuICBBbHNvLCBpZgogICAgICB0aGUg
RUlELXByZWZpeGVzIGNsYWltZWQgYnkgdGhlIEVUUiBpbiB0aGUgTWFwLVJlcGx5IGFyZSBu
b3QgZXF1YWwKICAgICAgb3IgbW9yZSBzcGVjaWZpYyB0aGFuIHRoZSBFSUQtcHJlZml4IGF1
dGhvcml6YXRpb24gZGF0YSBpbnNlcnRlZAogICAgICBieSB0aGUgTWFwLVNlcnZlciwgdGhl
IElUUiBNVVNUIGRpc2NhcmQgdGhlIE1hcC1SZXBseS4KCgoKCk1haW5vLCBldCBhbC4gICAg
ICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAgICAgICAgICAgICBbUGFnZSA2
XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgTElTUC1TRUMgICAgICAgICAg
ICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCjUuICBMSVNQLVNFQyBDb250cm9sIE1lc3NhZ2Vz
IERldGFpbHMKCiAgIExJU1AtU0VDIG1ldGFkYXRhIGFzc29jaWF0ZWQgd2l0aCBhIE1hcC1S
ZXF1ZXN0IGlzIHRyYW5zcG9ydGVkIHdpdGhpbgogICB0aGUgRW5jYXBzdWxhdGVkIENvbnRy
b2wgTWVzc2FnZSB0aGF0IGNvbnRhaW5zIHRoZSBNYXAtUmVxdWVzdC4KCiAgIExJU1AtU0VD
IG1ldGFkYXRhIGFzc29jaWF0ZWQgd2l0aCB0aGUgTWFwLVJlcGx5IGlzIHRyYW5zcG9ydGVk
IHdpdGhpbgogICB0aGUgTWFwLVJlcGx5IGl0c2VsZi4KCjUuMS4gIEVuY2Fwc3VsYXRlZCBD
b250cm9sIE1lc3NhZ2UgTElTUC1TRUMgRXh0ZW5zaW9ucwoKICAgTElTUC1TRUMgdXNlcyB0
aGUgRUNNIChFbmNhcHN1bGF0ZWQgQ29udHJvbCBNZXNzYWdlKSBkZWZpbmVkIGluCiAgIFtS
RkM2ODMwXSB3aXRoIFR5cGUgc2V0IHRvIDgsIGFuZCBTIGJpdCBzZXQgdG8gMSB0byBpbmRp
Y2F0ZSB0aGF0IHRoZQogICBMSVNQIGhlYWRlciBpbmNsdWRlcyBBdXRoZW50aWNhdGlvbiBE
YXRhIChBRCkuICBUaGUgZm9ybWF0IG9mIHRoZQogICBMSVNQLVNFQyBFQ00gQXV0aGVudGlj
YXRpb24gRGF0YSBpcyBkZWZpbmVkIGluIHRoZSBmb2xsb3dpbmcgZmlndXJlLgogICBPVEst
QUQgc3RhbmRzIGZvciBPbmUtVGltZSBLZXkgQXV0aGVudGljYXRpb24gRGF0YSBhbmQgRUlE
LUFEIHN0YW5kcwogICBmb3IgRUlEIEF1dGhlbnRpY2F0aW9uIERhdGEuCgogIDAgICAgICAg
ICAgICAgICAgICAgMSAgICAgICAgICAgICAgICAgICAyICAgICAgICAgICAgICAgICAgIDMK
ICAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMgNCA1IDYgNyA4IDkgMCAxIDIgMyA0IDUg
NiA3IDggOSAwIDEKICstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rCiB8ICBFQ00gQUQgVHlwZSAgfFZ8ICBSZXNlcnZl
ZCAgIHwgICAgICAgIFJlcXVlc3RlZCBITUFDIElEICAgICAgfAogKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcCiB8
ICAgICAgICAgICAgICBPVEsgTGVuZ3RoICAgICAgIHwgICAgICAgT1RLIEVuY3J5cHRpb24g
SUQgICAgICAgfCB8CiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKyB8CiB8ICAgICAgICAgICAgICAgICAgICAgICBP
bmUtVGltZS1LZXkgUHJlYW1ibGUgLi4uICAgICAgICAgICAgICAgfCB8CiArLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
K09USy1BRAogfCAgICAgICAgICAgICAgICAgICAuLi4gT25lLVRpbWUtS2V5IFByZWFtYmxl
ICAgICAgICAgICAgICAgICAgIHwgfAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgfAogfiAgICAgICAgICAgICAg
ICAgICAgICBPbmUtVGltZSBLZXkgKDEyOCBiaXRzKSAgICAgICAgICAgICAgICAgIH4vCiAr
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKyA8LS0tKwogfCAgICAgICAgICAgRUlELUFEIExlbmd0aCAgICAgICB8ICAg
ICAgICAgICBLREYgSUQgICAgICAgICAgICAgIHwgICAgIHwKICstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rICAgICB8
CiB8IFJlY29yZCBDb3VudCAgfCAgICBSZXNlcnZlZCAgIHwgICAgICAgICBFSUQgSE1BQyBJ
RCAgICAgICAgICAgfEVJRC1BRAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLStcICAgIHwKIHwgICBSZXNlcnZlZCAg
ICB8IEVJRCBtYXNrLWxlbiAgfCAgICAgICAgICAgRUlELUFGSSAgICAgICAgICAgICB8IHwg
ICB8CiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKyBSZWMgfAogfiAgICAgICAgICAgICAgICAgICAgICAgICAgRUlE
LXByZWZpeCAuLi4gICAgICAgICAgICAgICAgICAgICAgIH4gfCAgIHwKICstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LyAgICB8CiB+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIEVJRCBITUFDICAgICAgICAg
ICAgICAgICAgICAgICAgICAgfiAgICAgfAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgPC0tLSsKCiAgICAgICAg
ICAgICAgICAgICAgIExJU1AtU0VDIEVDTSBBdXRoZW50aWNhdGlvbiBEYXRhCgogICAgICBF
Q00gQUQgVHlwZTogMSAoTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YSkuICBTZWUgU2Vj
dGlvbiA3LgoKICAgICAgVjogS2V5IFZlcnNpb24gYml0LiAgVGhpcyBiaXQgaXMgdG9nZ2xl
ZCB3aGVuIHRoZSBzZW5kZXIgc3dpdGNoZXMKICAgICAgdG8gYSBuZXcgT1RLIHdyYXBwaW5n
IGtleQoKCgoKTWFpbm8sIGV0IGFsLiAgICAgICAgICAgICAgRXhwaXJlcyBNYXkgNCwgMjAx
NyAgICAgICAgICAgICAgICAgIFtQYWdlIDddCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAg
ICAgICAgICBMSVNQLVNFQyAgICAgICAgICAgICAgICAgICAgT2N0b2JlciAyMDE2CgoKICAg
ICAgUmVzZXJ2ZWQ6IFNldCB0byAwIG9uIHRyYW5zbWlzc2lvbiBhbmQgaWdub3JlZCBvbiBy
ZWNlaXB0LgoKICAgICAgUmVxdWVzdGVkIEhNQUMgSUQ6IFRoZSBITUFDIGFsZ29yaXRobSBy
ZXF1ZXN0ZWQgYnkgdGhlIElUUi4gIFNlZQogICAgICBTZWN0aW9uIDUuNCBmb3IgZGV0YWls
cy4KCiAgICAgIE9USyBMZW5ndGg6IFRoZSBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUgT1RL
IEF1dGhlbnRpY2F0aW9uIERhdGEKICAgICAgKE9USy1BRCksIHRoYXQgY29udGFpbnMgdGhl
IE9USyBQcmVhbWJsZSBhbmQgdGhlIE9USy4KCiAgICAgIE9USyBFbmNyeXB0aW9uIElEOiBU
aGUgaWRlbnRpZmllciBvZiB0aGUga2V5IHdyYXBwaW5nIGFsZ29yaXRobQogICAgICB1c2Vk
IHRvIGVuY3J5cHQgdGhlIE9uZS1UaW1lLUtleS4gV2hlbiBhIDEyOC1iaXQgT1RLIGlzIHNl
bnQKICAgICAgdW5lbmNyeXB0ZWQgYnkgdGhlIE1hcC1SZXNvbHZlciwgdGhlIE9USyBFbmNy
eXB0aW9uIElEIGlzIHNldCB0bwogICAgICBOVUxMX0tFWV9XUkFQXzEyOC4gIFNlZSBTZWN0
aW9uIDUuNSBmb3IgbW9yZSBkZXRhaWxzLgoKICAgICAgT25lLVRpbWUtS2V5IFByZWFtYmxl
OiBzZXQgdG8gMCBpZiB0aGUgT1RLIGlzIG5vdCBlbmNyeXB0ZWQuICBXaGVuCiAgICAgIHRo
ZSBPVEsgaXMgZW5jcnlwdGVkLCB0aGlzIGZpZWxkIE1BWSBjYXJyeSBhZGRpdGlvbmFsIG1l
dGFkYXRhCiAgICAgIHJlc3VsdGluZyBmcm9tIHRoZSBrZXkgd3JhcHBpbmcgb3BlcmF0aW9u
LiAgV2hlbiBhIDEyOC1iaXQgT1RLIGlzCiAgICAgIHNlbnQgdW5lbmNyeXB0ZWQgYnkgTWFw
LVJlc29sdmVyLCB0aGUgT1RLIFByZWFtYmxlIGlzIHNldCB0bwogICAgICAweDAwMDAwMDAw
MDAwMDAwMDAgKDY0IGJpdHMpLiAgU2VlIFNlY3Rpb24gNS41IGZvciBkZXRhaWxzLgoKICAg
ICAgT25lLVRpbWUtS2V5OiB0aGUgT1RLIGVuY3J5cHRlZCAob3Igbm90KSBhcyBzcGVjaWZp
ZWQgYnkgT1RLCiAgICAgIEVuY3J5cHRpb24gSUQuICBTZWUgU2VjdGlvbiA1LjUgZm9yIGRl
dGFpbHMuCgogICAgICBFSUQtQUQgTGVuZ3RoOiBsZW5ndGggKGluIGJ5dGVzKSBvZiB0aGUg
RUlEIEF1dGhlbnRpY2F0aW9uIERhdGEKICAgICAgKEVJRC1BRCkuICBUaGUgSVRSIE1VU1Qg
c2V0IEVJRC1BRCBMZW5ndGggdG8gNCBieXRlcywgYXMgaXQgb25seQogICAgICBmaWxscyB0
aGUgS0RGIElEIGZpZWxkLCBhbmQgYWxsIHRoZSByZW1haW5pbmcgZmllbGRzIHBhcnQgb2Yg
dGhlCiAgICAgIEVJRC1BRCBhcmUgbm90IHByZXNlbnQuICBBbiBFSUQtQUQgTUFZIGNvbnRh
aW4gbXVsdGlwbGUgRUlELQogICAgICByZWNvcmRzLiAgRWFjaCBFSUQtcmVjb3JkIGlzIDQt
Ynl0ZSBsb25nIHBsdXMgdGhlIGxlbmd0aCBvZiB0aGUKICAgICAgQUZJLWVuY29kZWQgRUlE
LXByZWZpeC4KCiAgICAgIEtERiBJRDogSWRlbnRpZmllciBvZiB0aGUgS2V5IERlcml2YXRp
b24gRnVuY3Rpb24gdXNlZCB0byBkZXJpdmUKICAgICAgdGhlIE1TLU9USy4gIFRoZSBJVFIg
TUFZIHVzZSB0aGlzIGZpZWxkIHRvIGluZGljYXRlIHRoZQogICAgICByZWNvbW1lbmRlZCBL
REYgYWxnb3JpdGhtLCBhY2NvcmRpbmcgdG8gbG9jYWwgcG9saWN5LiAgVGhlIE1hcC0KICAg
ICAgU2VydmVyIGNhbiBvdmVyd3JpdGUgdGhlIEtERiBJRCBpZiBpdCBkb2VzIG5vdCBzdXBw
b3J0IHRoZSBLREYgSUQKICAgICAgcmVjb21tZW5kZWQgYnkgdGhlIElUUi4gIFNlZSBTZWN0
aW9uIDUuNCBmb3IgbW9yZSBkZXRhaWxzLgoKICAgICAgUmVjb3JkIENvdW50OiBUaGUgbnVt
YmVyIG9mIHJlY29yZHMgaW4gdGhpcyBNYXAtUmVxdWVzdCBtZXNzYWdlLgogICAgICBBIHJl
Y29yZCBpcyBjb21wcmlzZWQgb2YgdGhlIHBvcnRpb24gb2YgdGhlIHBhY2tldCB0aGF0IGlz
IGxhYmVsZWQKICAgICAgJ1JlYycgYWJvdmUgYW5kIG9jY3VycyB0aGUgbnVtYmVyIG9mIHRp
bWVzIGVxdWFsIHRvIFJlY29yZCBDb3VudC4KCiAgICAgIFJlc2VydmVkOiBTZXQgdG8gMCBv
biB0cmFuc21pc3Npb24gYW5kIGlnbm9yZWQgb24gcmVjZWlwdC4KCiAgICAgIEVJRCBITUFD
IElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFsZ29yaXRobSB1c2VkIHRvIHByb3RlY3Qg
dGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgRUlELUFELiAgVGhpcyBmaWVsZCBpcyBmaWxs
ZWQgYnkgTWFwLVNlcnZlciB0aGF0CiAgICAgIGNvbXB1dGVkIHRoZSBFSUQtcHJlZml4IEhN
QUMuICBTZWUgU2VjdGlvbiA1LjQgZm9yIG1vcmUgZGV0YWlscy4KCiAgICAgIEVJRCBtYXNr
LWxlbjogTWFzayBsZW5ndGggZm9yIEVJRC1wcmVmaXguCgogICAgICBFSUQtQUZJOiBBZGRy
ZXNzIGZhbWlseSBvZiBFSUQtcHJlZml4IGFjY29yZGluZyB0byBbUkZDNTIyNl0KCgoKTWFp
bm8sIGV0IGFsLiAgICAgICAgICAgICAgRXhwaXJlcyBNYXkgNCwgMjAxNyAgICAgICAgICAg
ICAgICAgIFtQYWdlIDhdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBMSVNQ
LVNFQyAgICAgICAgICAgICAgICAgICAgT2N0b2JlciAyMDE2CgoKICAgICAgRUlELXByZWZp
eDogVGhlIE1hcC1TZXJ2ZXIgdXNlcyB0aGlzIGZpZWxkIHRvIHNwZWNpZnkgdGhlIEVJRC0K
ICAgICAgcHJlZml4IHRoYXQgdGhlIGRlc3RpbmF0aW9uIEVUUiBpcyBhdXRob3JpdGF0aXZl
IGZvciwgYW5kIGlzIHRoZQogICAgICBsb25nZXN0IG1hdGNoIGZvciB0aGUgcmVxdWVzdGVk
IEVJRC4KCiAgICAgIEVJRCBITUFDOiBITUFDIG9mIHRoZSBFSUQtQUQgY29tcHV0ZWQgYW5k
IGluc2VydGVkIGJ5IE1hcC1TZXJ2ZXIuCiAgICAgIEJlZm9yZSBjb21wdXRpbmcgdGhlIEhN
QUMgb3BlcmF0aW9uIHRoZSBFSUQgSE1BQyBmaWVsZCBNVVNUIGJlIHNldAogICAgICB0byAw
LiAgVGhlIEhNQUMgY292ZXJzIHRoZSBlbnRpcmUgRUlELUFELgoKNS4yLiAgTWFwLVJlcGx5
IExJU1AtU0VDIEV4dGVuc2lvbnMKCiAgIExJU1AtU0VDIHVzZXMgdGhlIE1hcC1SZXBseSBk
ZWZpbmVkIGluIFtSRkM2ODMwXSwgd2l0aCBUeXBlIHNldCB0byAyLAogICBhbmQgUyBiaXQg
c2V0IHRvIDEgdG8gaW5kaWNhdGUgdGhhdCB0aGUgTWFwLVJlcGx5IG1lc3NhZ2UgaW5jbHVk
ZXMKICAgQXV0aGVudGljYXRpb24gRGF0YSAoQUQpLiAgVGhlIGZvcm1hdCBvZiB0aGUgTElT
UC1TRUMgTWFwLVJlcGx5CiAgIEF1dGhlbnRpY2F0aW9uIERhdGEgaXMgZGVmaW5lZCBpbiB0
aGUgZm9sbG93aW5nIGZpZ3VyZS4gIFBLVC1BRCBpcwogICB0aGUgUGFja2V0IEF1dGhlbnRp
Y2F0aW9uIERhdGEgdGhhdCBjb3ZlcnMgdGhlIE1hcC1SZXBseSBwYXlsb2FkLgoKICAwICAg
ICAgICAgICAgICAgICAgIDEgICAgICAgICAgICAgICAgICAgMiAgICAgICAgICAgICAgICAg
ICAzCiAgMCAxIDIgMyA0IDUgNiA3IDggOSAwIDEgMiAzIDQgNSA2IDcgOCA5IDAgMSAyIDMg
NCA1IDYgNyA4IDkgMCAxCiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKwogfCAgTVIgQUQgVHlwZSAgIHwgICAgICAg
ICAgICAgICAgIFJlc2VydmVkICAgICAgICAgICAgICAgICAgICAgIHwKICstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
IDwtLS0rCiB8ICAgICAgICAgICBFSUQtQUQgTGVuZ3RoICAgICAgIHwgICAgICAgICAgIEtE
RiBJRCAgICAgICAgICAgICAgfCAgICAgfAogKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsgICAgIHwKIHwgUmVjb3Jk
IENvdW50ICB8ICAgIFJlc2VydmVkICAgfCAgICAgICAgIEVJRCBITUFDIElEICAgICAgICAg
ICB8RUlELUFECiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstK1wgICAgfAogfCAgIFJlc2VydmVkICAgIHwgRUlEIG1h
c2stbGVuICB8ICAgICAgICAgICBFSUQtQUZJICAgICAgICAgICAgIHwgfCAgIHwKICstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rIFJlYyB8CiB+ICAgICAgICAgICAgICAgICAgICAgICAgICBFSUQtcHJlZml4IC4u
LiAgICAgICAgICAgICAgICAgICAgICAgfiB8ICAgfAogKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsvICAgIHwKIH4g
ICAgICAgICAgICAgICAgICAgICAgICAgICAgRUlEIEhNQUMgICAgICAgICAgICAgICAgICAg
ICAgICAgICB+ICAgICB8CiArLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0r
LSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKyA8LS0tKwogfCAgICAgICAgIFBLVC1BRCBM
ZW5ndGggICAgICAgICB8ICAgICAgICAgUEtUIEhNQUMgSUQgICAgICAgICAgIHxcCiArLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKyB8CiB+ICAgICAgICAgICAgICAgICAgICAgICAgICAgIFBLVCBITUFDICAgICAg
ICAgICAgICAgICAgICAgICAgICAgflBLVC1BRAogKy0rLSstKy0rLSstKy0rLSstKy0rLSst
Ky0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSstKy0rLSsvCgogICAgICAgICAg
ICAgICAgICBMSVNQLVNFQyBNYXAtUmVwbHkgQXV0aGVudGljYXRpb24gRGF0YQoKICAgICAg
TVIgQUQgVHlwZTogMSAoTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YSkuICBTZWUgU2Vj
dGlvbiA3LgoKICAgICAgRUlELUFEIExlbmd0aDogbGVuZ3RoIChpbiBieXRlcykgb2YgdGhl
IEVJRC1BRC4gIEFuIEVJRC1BRCBNQVkKICAgICAgY29udGFpbiBtdWx0aXBsZSBFSUQtcmVj
b3Jkcy4gIEVhY2ggRUlELXJlY29yZCBpcyA0LWJ5dGUgbG9uZyBwbHVzCiAgICAgIHRoZSBs
ZW5ndGggb2YgdGhlIEFGSS1lbmNvZGVkIEVJRC1wcmVmaXguCgogICAgICBLREYgSUQ6IElk
ZW50aWZpZXIgb2YgdGhlIEtleSBEZXJpdmF0aW9uIEZ1bmN0aW9uIHVzZWQgdG8gZGVyaXZl
CiAgICAgIE1TLU9USy4gIFNlZSBTZWN0aW9uIDUuNyBmb3IgbW9yZSBkZXRhaWxzLgoKCgoK
Ck1haW5vLCBldCBhbC4gICAgICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAg
ICAgICAgICAgICBbUGFnZSA5XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAg
TElTUC1TRUMgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCiAgICAgIFJlY29y
ZCBDb3VudDogVGhlIG51bWJlciBvZiByZWNvcmRzIGluIHRoaXMgTWFwLVJlcGx5IG1lc3Nh
Z2UuICBBCiAgICAgIHJlY29yZCBpcyBjb21wcmlzZWQgb2YgdGhlIHBvcnRpb24gb2YgdGhl
IHBhY2tldCB0aGF0IGlzIGxhYmVsZWQKICAgICAgJ1JlYycgYWJvdmUgYW5kIG9jY3VycyB0
aGUgbnVtYmVyIG9mIHRpbWVzIGVxdWFsIHRvIFJlY29yZCBDb3VudC4KCiAgICAgIFJlc2Vy
dmVkOiBTZXQgdG8gMCBvbiB0cmFuc21pc3Npb24gYW5kIGlnbm9yZWQgb24gcmVjZWlwdC4K
CiAgICAgIEVJRCBITUFDIElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFsZ29yaXRobSB1
c2VkIHRvIHByb3RlY3QgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgRUlELUFELiAgU2Vl
IFNlY3Rpb24gNS43IGZvciBtb3JlIGRldGFpbHMuCgogICAgICBFSUQgbWFzay1sZW46IE1h
c2sgbGVuZ3RoIGZvciBFSUQtcHJlZml4LgoKICAgICAgRUlELUFGSTogQWRkcmVzcyBmYW1p
bHkgb2YgRUlELXByZWZpeCBhY2NvcmRpbmcgdG8gW1JGQzUyMjZdLgoKICAgICAgRUlELXBy
ZWZpeDogVGhpcyBmaWVsZCBjb250YWlucyBhbiBFSUQtcHJlZml4IHRoYXQgdGhlIGRlc3Rp
bmF0aW9uCiAgICAgIEVUUiBpcyBhdXRob3JpdGF0aXZlIGZvciwgYW5kIGlzIHRoZSBsb25n
ZXN0IG1hdGNoIGZvciB0aGUKICAgICAgcmVxdWVzdGVkIEVJRC4KCiAgICAgIEVJRCBITUFD
OiBITUFDIG9mIHRoZSBFSUQtQUQsIGFzIGNvbXB1dGVkIGJ5IHRoZSBNYXAtU2VydmVyLgog
ICAgICBCZWZvcmUgY29tcHV0aW5nIHRoZSBITUFDIG9wZXJhdGlvbiB0aGUgRUlEIEhNQUMg
ZmllbGQgTVVTVCBiZSBzZXQKICAgICAgdG8gMC4gIFRoZSBITUFDIGNvdmVycyB0aGUgZW50
aXJlIEVJRC1BRC4KCiAgICAgIFBLVC1BRCBMZW5ndGg6IGxlbmd0aCAoaW4gYnl0ZXMpIG9m
IHRoZSBQYWNrZXQgQXV0aGVudGljYXRpb24gRGF0YQogICAgICAoUEtULUFEKS4KCiAgICAg
IFBLVCBITUFDIElEOiBJZGVudGlmaWVyIG9mIHRoZSBITUFDIGFsZ29yaXRobSB1c2VkIHRv
IHByb3RlY3QgdGhlCiAgICAgIGludGVncml0eSBvZiB0aGUgTWFwLXJlcGx5LgoKICAgICAg
UEtUIEhNQUM6IEhNQUMgb2YgdGhlIHdob2xlIE1hcC1SZXBseSBwYWNrZXQsIGluY2x1ZGlu
ZyB0aGUgTElTUC0KICAgICAgU0VDIEF1dGhlbnRpY2F0aW9uIERhdGEuICBUaGUgc2NvcGUg
b2YgdGhlIGF1dGhlbnRpY2F0aW9uIGdvZXMKICAgICAgZnJvbSB0aGUgTWFwLVJlcGx5IFR5
cGUgZmllbGQgdG8gdGhlIFBLVCBITUFDIGZpZWxkIGluY2x1ZGVkLgogICAgICBCZWZvcmUg
Y29tcHV0aW5nIHRoZSBITUFDIG9wZXJhdGlvbiB0aGUgUEtUIEhNQUMgZmllbGQgTVVTVCBi
ZSBzZXQKICAgICAgdG8gMC4gIFNlZSBTZWN0aW9uIDUuOCBmb3IgbW9yZSBkZXRhaWxzLgoK
NS4zLiAgTWFwLVJlZ2lzdGVyIExJU1AtU0VDIEV4dGVudGlvbnMKCiAgIFRoaXMgbWVtbyBp
cyBhbGxvY2F0aW5nIG9uZSBvZiB0aGUgYml0cyBtYXJrZWQgYXMgUmVzZXJ2ZWQgaW4gdGhl
CiAgIE1hcC1SZWdpc3RlciBtZXNzYWdlIGRlZmluZWQgaW4gU2VjdGlvbiA2LjEuNiBvZiBb
UkZDNjgzMF0uICBNb3JlCiAgIHByZWNpc2VseSwgdGhlIHNlY29uZCBiaXQgYWZ0ZXIgdGhl
IFR5cGUgZmllbGQgaW4gYSBNYXAtUmVnaXN0ZXIKICAgbWVzc2FnZSBpcyBhbGxvY2F0ZWQg
YXMgdGhlIFMgYml0LiAgVGhlIFMgYml0IGluZGljYXRlcyB0byB0aGUgTWFwLQogICBTZXJ2
ZXIgdGhhdCB0aGUgcmVnaXN0ZXJpbmcgRVRSIGlzIExJU1AtU0VDIGVuYWJsZWQuICBBbiBF
VFIgdGhhdAogICBzdXBwb3J0cyBMSVNQLVNFQyBNVVNUIHNldCB0aGUgUyBiaXQgaW4gaXRz
IE1hcC1SZWdpc3RlciBtZXNzYWdlcy4KCjUuNC4gIElUUiBQcm9jZXNzaW5nCgogICBVcG9u
IGNyZWF0aW5nIGEgTWFwLVJlcXVlc3QsIHRoZSBJVFIgZ2VuZXJhdGVzIGEgcmFuZG9tIElU
Ui1PVEsgdGhhdAogICBpcyBzdG9yZWQgbG9jYWxseSwgdG9nZXRoZXIgd2l0aCB0aGUgbm9u
Y2UgZ2VuZXJhdGVkIGFzIHNwZWNpZmllZCBpbgogICBbUkZDNjgzMF0uCgoKCgpNYWlubywg
ZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAg
ICBbUGFnZSAxMF0KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VD
ICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICBUaGUgTWFwLVJlcXVlc3Qg
TVVTVCBiZSBlbmNhcHN1bGF0ZWQgaW4gYW4gRUNNLCB3aXRoIHRoZSBTLWJpdCBzZXQgdG8K
ICAgMSwgdG8gaW5kaWNhdGUgdGhlIHByZXNlbmNlIG9mIEF1dGhlbnRpY2F0aW9uIERhdGEu
ICBJZiB0aGUgSVRSIGFuZAogICB0aGUgTWFwLVJlc29sdmVyIGFyZSBjb25maWd1cmVkIHdp
dGggYSBzaGFyZWQga2V5LCB0aGUgSVRSLU9USwogICBjb25maWRlbnRpYWxpdHkgU0hPVUxE
IGJlIHByb3RlY3RlZCBieSB3cmFwcGluZyB0aGUgSVRSLU9USyB3aXRoIHRoZQogICBhbGdv
cml0aG0gc3BlY2lmaWVkIGJ5IHRoZSBPVEsgRW5jcnlwdGlvbiBJRCBmaWVsZC4gIFNlZSBT
ZWN0aW9uIDUuNQogICBmb3IgZnVydGhlciBkZXRhaWxzIG9uIE9USyBlbmNyeXB0aW9uLgoK
ICAgVGhlIFJlcXVlc3RlZCBITUFDIElEIGZpZWxkIGNvbnRhaW5zIHRoZSBzdWdnZXN0ZWQg
SE1BQyBhbGdvcml0aG0gdG8KICAgYmUgdXNlZCBieSB0aGUgTWFwLVNlcnZlciBhbmQgdGhl
IEVUUiB0byBwcm90ZWN0IHRoZSBpbnRlZ3JpdHkgb2YgdGhlCiAgIEVDTSBBdXRoZW50aWNh
dGlvbiBkYXRhIGFuZCBvZiB0aGUgTWFwLVJlcGx5LgoKICAgVGhlIEtERiBJRCBmaWVsZCBz
cGVjaWZpZXMgdGhlIHN1Z2dlc3RlZCBrZXkgZGVyaXZhdGlvbiBmdW5jdGlvbiB0bwogICBi
ZSB1c2VkIGJ5IHRoZSBNYXAtU2VydmVyIHRvIGRlcml2ZSB0aGUgTVMtT1RLLiAgQSBLREYg
VmFsdWUgb2YgTk9ORQogICAoMCksIE1BWSBiZSB1c2VkIHRvIHNwZWNpZnkgdGhhdCB0aGUg
SVRSIGhhcyBubyBwcmVmZXJyZWQgS0RGIElELgoKICAgVGhlIEVJRC1BRCBsZW5ndGggaXMg
c2V0IHRvIDQgYnl0ZXMsIHNpbmNlIHRoZSBBdXRoZW50aWNhdGlvbiBEYXRhCiAgIGRvZXMg
bm90IGNvbnRhaW4gRUlELXByZWZpeCBBdXRoZW50aWNhdGlvbiBEYXRhLCBhbmQgdGhlIEVJ
RC1BRAogICBjb250YWlucyBvbmx5IHRoZSBLREYgSUQgZmllbGQuCgogICBJbiByZXNwb25z
ZSB0byBhbiBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVlc3QgdGhhdCBoYXMgdGhlIFMtYml0IHNl
dCwgYW4KICAgSVRSIE1VU1QgcmVjZWl2ZSBhIE1hcC1SZXBseSB3aXRoIHRoZSBTLWJpdCBz
ZXQsIHRoYXQgaW5jbHVkZXMgYW4KICAgRUlELUFEIGFuZCBhIFBLVC1BRC4gIElmIHRoZSBN
YXAtUmVwbHkgZG9lcyBub3QgaW5jbHVkZSBib3RoIEFEcywgdGhlCiAgIElUUiBNVVNUIGRp
c2NhcmQgaXQuICBJbiByZXNwb25zZSB0byBhbiBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVlc3Qg
d2l0aAogICBTLWJpdCBzZXQgdG8gMCwgdGhlIElUUiBleHBlY3RzIGEgTWFwLVJlcGx5IHdp
dGggUy1iaXQgc2V0IHRvIDAsIGFuZAogICB0aGUgSVRSIFNIT1VMRCBkaXNjYXJkIHRoZSBN
YXAtUmVwbHkgaWYgdGhlIFMtYml0IGlzIHNldC4KCiAgIFVwb24gcmVjZWl2aW5nIGEgTWFw
LVJlcGx5LCB0aGUgSVRSIG11c3QgdmVyaWZ5IHRoZSBpbnRlZ3JpdHkgb2YgYm90aAogICB0
aGUgRUlELUFEIGFuZCB0aGUgUEtULUFELCBhbmQgTVVTVCBkaXNjYXJkIHRoZSBNYXAtUmVw
bHkgaWYgb25lIG9mCiAgIHRoZSBpbnRlZ3JpdHkgY2hlY2tzIGZhaWxzLgoKICAgVGhlIGlu
dGVncml0eSBvZiB0aGUgRUlELUFEIGlzIHZlcmlmaWVkIHVzaW5nIHRoZSBsb2NhbGx5IHN0
b3JlZCBJVFItCiAgIE9USyB0byByZS1jb21wdXRlIHRoZSBITUFDIG9mIHRoZSBFSUQtQUQg
dXNpbmcgdGhlIGFsZ29yaXRobQogICBzcGVjaWZpZWQgaW4gdGhlIEVJRCBITUFDIElEIGZp
ZWxkLiAgSWYgdGhlIEVJRCBITUFDIElEIGZpZWxkIGRvZXMKICAgbm90IG1hdGNoIHRoZSBS
ZXF1ZXN0ZWQgSE1BQyBJRCB0aGUgSVRSIFNIT1VMRCBkaXNjYXJkIHRoZSBNYXAtUmVwbHkK
ICAgYW5kIHNlbmQsIGF0IHRoZSBmaXJzdCBvcHBvcnR1bml0eSBpdCBuZWVkcyB0bywgYSBu
ZXcgTWFwLVJlcXVlc3QKICAgd2l0aCBhIGRpZmZlcmVudCBSZXF1ZXN0ZWQgSE1BQyBJRCBm
aWVsZCwgYWNjb3JkaW5nIHRvIElUUidzIGxvY2FsCiAgIHBvbGljeS4gIFRoZSBzY29wZSBv
ZiB0aGUgSE1BQyBvcGVyYXRpb24gY292ZXJzIHRoZSBlbnRpcmUgRUlELUFELAogICBmcm9t
IHRoZSBFSUQtQUQgTGVuZ3RoIGZpZWxkIHRvIHRoZSBFSUQgSE1BQyBmaWVsZCwgd2hpY2gg
bXVzdCBiZSBzZXQKICAgdG8gMCBiZWZvcmUgdGhlIGNvbXB1dGF0aW9uIG9mIHRoZSBITUFD
LgoKICAgSVRSIE1VU1Qgc2V0IHRoZSBFSUQgSE1BQyBJRCBmaWVsZCB0byAwIGJlZm9yZSBj
b21wdXRpbmcgdGhlIEhNQUMuCgogICBUbyB2ZXJpZnkgdGhlIGludGVncml0eSBvZiB0aGUg
UEtULUFELCBmaXJzdCB0aGUgTVMtT1RLIGlzIGRlcml2ZWQKICAgZnJvbSB0aGUgbG9jYWxs
eSBzdG9yZWQgSVRSLU9USyB1c2luZyB0aGUgYWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0aGUK
ICAgS0RGIElEIGZpZWxkLiAgVGhpcyBpcyBiZWNhdXNlIHRoZSBQS1QtQUQgaXMgZ2VuZXJh
dGVkIGJ5IHRoZSBFVFIKICAgdXNpbmcgdGhlIE1TLU9USy4gIElmIHRoZSBLREYgSUQgaW4g
dGhlIE1hcC1SZXBseSBkb2VzIG5vdCBtYXRjaCB0aGUKICAgS0RGIElEIHJlcXVlc3RlZCBp
biB0aGUgTWFwLVJlcXVlc3QsIHRoZSBJVFIgU0hPVUxEIGRpc2NhcmQgdGhlIE1hcC0KCgoK
Ck1haW5vLCBldCBhbC4gICAgICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAg
ICAgICAgICAgIFtQYWdlIDExXQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAg
TElTUC1TRUMgICAgICAgICAgICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCiAgIFJlcGx5IGFu
ZCBzZW5kLCBhdCB0aGUgZmlyc3Qgb3Bwb3J0dW5pdHkgaXQgbmVlZHMgdG8sIGEgbmV3IE1h
cC0KICAgUmVxdWVzdCB3aXRoIGEgZGlmZmVyZW50IEtERiBJRCwgYWNjb3JkaW5nIHRvIElU
UidzIGxvY2FsIHBvbGljeS4KCiAgIFRoZSBkZXJpdmVkIE1TLU9USyBpcyB0aGVuIHVzZWQg
dG8gcmUtY29tcHV0ZSB0aGUgSE1BQyBvZiB0aGUgUEtULUFECiAgIHVzaW5nIHRoZSBBbGdv
cml0aG0gc3BlY2lmaWVkIGluIHRoZSBQS1QgSE1BQyBJRCBmaWVsZC4gIElmIHRoZSBQS1QK
ICAgSE1BQyBJRCBmaWVsZCBkb2VzIG5vdCBtYXRjaCB0aGUgUmVxdWVzdGVkIEhNQUMgSUQg
dGhlIElUUiBTSE9VTEQKICAgZGlzY2FyZCB0aGUgTWFwLVJlcGx5IGFuZCBzZW5kLCBhdCB0
aGUgZmlyc3Qgb3Bwb3J0dW5pdHkgaXQgbmVlZHMgdG8sCiAgIGEgbmV3IE1hcC1SZXF1ZXN0
IHdpdGggYSBkaWZmZXJlbnQgUmVxdWVzdGVkIEhNQUMgSUQgYWNjb3JkaW5nIHRvCiAgIElU
UidzIGxvY2FsIHBvbGljeSBvciB1bnRpbCBhbGwgSE1BQyBJRHMgc3VwcG9ydGVkIGJ5IHRo
ZSBJVFIgaGF2ZQogICBiZWVuIGF0dGVtcHRlZC4KCiAgIEVhY2ggaW5kaXZpZHVhbCBNYXAt
UmVwbHkgRUlELXJlY29yZCBpcyBjb25zaWRlcmVkIHZhbGlkIG9ubHkgaWY6ICgxKQogICBi
b3RoIEVJRC1BRCBhbmQgUEtULUFEIGFyZSB2YWxpZCwgYW5kICgyKSB0aGUgaW50ZXJzZWN0
aW9uIG9mIHRoZQogICBFSUQtcHJlZml4IGluIHRoZSBNYXAtUmVwbHkgRUlELXJlY29yZCB3
aXRoIG9uZSBvZiB0aGUgRUlELXByZWZpeGVzCiAgIGNvbnRhaW5lZCBpbiB0aGUgRUlELUFE
IGlzIG5vdCBlbXB0eS4gIEFmdGVyIGlkZW50aWZ5aW5nIHRoZSBNYXAtCiAgIFJlcGx5IHJl
Y29yZCBhcyB2YWxpZCwgdGhlIElUUiBzZXRzIHRoZSBFSUQtcHJlZml4IGluIHRoZSBNYXAt
UmVwbHkKICAgcmVjb3JkIHRvIHRoZSB2YWx1ZSBvZiB0aGUgaW50ZXJzZWN0aW9uIHNldCBj
b21wdXRlZCBiZWZvcmUsIGFuZCBhZGRzCiAgIHRoZSBNYXAtUmVwbHkgRUlELXJlY29yZCB0
byBpdHMgRUlELXRvLVJMT0MgY2FjaGUsIGFzIGRlc2NyaWJlZCBpbgogICBbUkZDNjgzMF0u
ICBBbiBleGFtcGxlIG9mIE1hcC1SZXBseSByZWNvcmQgdmFsaWRhdGlvbiBpcyBwcm92aWRl
ZCBpbgogICBTZWN0aW9uIDUuNC4xLgoKICAgVGhlIElUUiBTSE9VTEQgc2VuZCBTTVIgdHJp
Z2dlcmVkIE1hcC1SZXF1ZXN0cyBvdmVyIHRoZSBtYXBwaW5nCiAgIHN5c3RlbSBpbiBvcmRl
ciB0byByZWNlaXZlIGEgc2VjdXJlIE1hcC1SZXBseS4gIElmIGFuIElUUiBhY2NlcHRzCiAg
IHBpZ2d5YmFja2VkIE1hcC1SZXBsaWVzLCBpdCBTSE9VTEQgYWxzbyBzZW5kIGEgTWFwLVJl
cXVlc3Qgb3ZlciB0aGUKICAgbWFwcGluZyBzeXN0ZW0gaW4gb3JkZXIgdG8gdmVyaWZ5IHRo
ZSBwaWdneWJhY2tlZCBNYXAtUmVwbHkgd2l0aCBhCiAgIHNlY3VyZSBNYXAtUmVwbHkuCgo1
LjQuMS4gIE1hcC1SZXBseSBSZWNvcmQgVmFsaWRhdGlvbgoKICAgVGhlIHBheWxvYWQgb2Yg
YSBNYXAtUmVwbHkgbWF5IGNvbnRhaW4gbXVsdGlwbGUgRUlELXJlY29yZHMuICBUaGUKICAg
d2hvbGUgTWFwLVJlcGx5IGlzIHNpZ25lZCBieSB0aGUgRVRSLCB3aXRoIHRoZSBQS1QgSE1B
QywgdG8gcHJvdmlkZQogICBpbnRlZ3JpdHkgcHJvdGVjdGlvbiBhbmQgb3JpZ2luIGF1dGhl
bnRpY2F0aW9uIHRvIHRoZSBFSUQtcHJlZml4CiAgIHJlY29yZHMgY2xhaW1lZCBieSB0aGUg
RVRSLiAgVGhlIEF1dGhlbnRpY2F0aW9uIERhdGEgZmllbGQgb2YgYSBNYXAtCiAgIFJlcGx5
IG1heSBjb250YWluIG11bHRpcGxlIEVJRC1yZWNvcmRzIGluIHRoZSBFSUQtQUQuICBUaGUg
RUlELUFEIGlzCiAgIHNpZ25lZCBieSB0aGUgTWFwLVNlcnZlciwgd2l0aCB0aGUgRUlEIEhN
QUMsIHRvIHByb3ZpZGUgaW50ZWdyaXR5CiAgIHByb3RlY3Rpb24gYW5kIG9yaWdpbiBhdXRo
ZW50aWNhdGlvbiB0byB0aGUgRUlELXByZWZpeCByZWNvcmRzCiAgIGluc2VydGVkIGJ5IHRo
ZSBNYXAtU2VydmVyLgoKICAgVXBvbiByZWNlaXZpbmcgYSBNYXAtUmVwbHkgd2l0aCB0aGUg
Uy1iaXQgc2V0LCB0aGUgSVRSIGZpcnN0IGNoZWNrcwogICB0aGUgdmFsaWRpdHkgb2YgYm90
aCB0aGUgRUlEIEhNQUMgYW5kIG9mIHRoZSBQS1QtQUQgSE1BQy4gIElmIGVpdGhlcgogICBv
bmUgb2YgdGhlIEhNQUNzIGlzIG5vdCB2YWxpZCwgYSBsb2cgYWN0aW9uIE1VU1QgYmUgdGFr
ZW4gYW5kIHRoZQogICBNYXAtUmVwbHkgTVVTVCBOT1QgYmUgcHJvY2Vzc2VkIGFueSBmdXJ0
aGVyLiAgSWYgYm90aCBITUFDcyBhcmUKICAgdmFsaWQsIHRoZSBJVFIgcHJvY2VlZHMgd2l0
aCB2YWxpZGF0aW5nIGVhY2ggaW5kaXZpZHVhbCBFSUQtcmVjb3JkCiAgIGNsYWltZWQgYnkg
dGhlIEVUUiBieSBjb21wdXRpbmcgdGhlIGludGVyc2VjdGlvbiBvZiBlYWNoIG9uZSBvZiB0
aGUKICAgRUlELXByZWZpeCBjb250YWluZWQgaW4gdGhlIHBheWxvYWQgb2YgdGhlIE1hcC1S
ZXBseSB3aXRoIGVhY2ggb25lIG9mCiAgIHRoZSBFSUQtcHJlZml4ZXMgY29udGFpbmVkIGlu
IHRoZSBFSUQtQUQuICBBbiBFSUQtcmVjb3JkIGlzIHZhbGlkCiAgIG9ubHkgaWYgYXQgbGVh
c3Qgb25lIG9mIHRoZSBpbnRlcnNlY3Rpb25zIGlzIG5vdCB0aGUgZW1wdHkgc2V0LgoKCgoK
TWFpbm8sIGV0IGFsLiAgICAgICAgICAgICAgRXhwaXJlcyBNYXkgNCwgMjAxNyAgICAgICAg
ICAgICAgICAgW1BhZ2UgMTJdCgwKSW50ZXJuZXQtRHJhZnQgICAgICAgICAgICAgICAgICBM
SVNQLVNFQyAgICAgICAgICAgICAgICAgICAgT2N0b2JlciAyMDE2CgoKICAgRm9yIGluc3Rh
bmNlLCB0aGUgTWFwLVJlcGx5IHBheWxvYWQgY29udGFpbnMgMyBtYXBwaW5nIHJlY29yZCBF
SUQtCiAgIHByZWZpeGVzOgoKICAgICAgMS4xLjEuMC8yNAoKICAgICAgMS4xLjIuMC8yNAoK
ICAgICAgMS4yLjAuMC8xNgoKICAgVGhlIEVJRC1BRCBjb250YWlucyB0d28gRUlELXByZWZp
eGVzOgoKICAgICAgMS4xLjIuMC8yNAoKICAgICAgMS4yLjMuMC8yNAoKICAgVGhlIEVJRC1y
ZWNvcmQgd2l0aCBFSUQtcHJlZml4IDEuMS4xLjAvMjQgaXMgbm90IGVsaWdpYmxlIHRvIGJl
IHVzZWQKICAgYnkgdGhlIElUUiBzaW5jZSBpdCBpcyBub3QgaW5jbHVkZWQgaW4gYW55IG9m
IHRoZSBFSUQtQURzIHNpZ25lZCBieQogICB0aGUgTWFwLVNlcnZlci4gIEEgbG9nIGFjdGlv
biBNVVNUIGJlIHRha2VuLgoKICAgVGhlIEVJRC1yZWNvcmQgd2l0aCBFSUQtcHJlZml4IDEu
MS4yLjAvMjQgaXMgZWxpZ2libGUgdG8gYmUgdXNlZCBieQogICB0aGUgSVRSIGJlY2F1c2Ug
aXQgbWF0Y2hlcyB0aGUgc2Vjb25kIEVJRC1wcmVmaXggY29udGFpbmVkIGluIHRoZQogICBF
SUQtQUQuCgogICBUaGUgRUlELXJlY29yZCB3aXRoIEVJRC1wcmVmaXggMS4yLjAuMC8xNiBp
cyBub3QgZWxpZ2libGUgdG8gYmUgdXNlZAogICBieSB0aGUgSVRSIHNpbmNlIGl0IGlzIG5v
dCBpbmNsdWRlZCBpbiBhbnkgb2YgdGhlIEVJRC1BRHMgc2lnbmVkIGJ5CiAgIHRoZSBNYXAt
U2VydmVyLiAgQSBsb2cgYWN0aW9uIE1VU1QgYmUgdGFrZW4uICBJbiB0aGlzIGxhc3QgZXhh
bXBsZQogICB0aGUgRVRSIGlzIHRyeWluZyB0byBvdmVyIGNsYWltIHRoZSBFSUQtcHJlZml4
IDEuMi4wLjAvMTYsIGJ1dCB0aGUKICAgTWFwLVNlcnZlciBhdXRob3JpemVkIG9ubHkgMS4y
LjMuMC8yNCwgaGVuY2UgdGhlIEVJRC1yZWNvcmQgaXMKICAgZGlzY2FyZGVkLgoKNS40LjIu
ICBQSVRSIFByb2Nlc3NpbmcKCiAgIFRoZSBwcm9jZXNzaW5nIHBlcmZvcm1lZCBieSBhIFBJ
VFIgaXMgZXF1aXZhbGVudCB0byB0aGUgcHJvY2Vzc2luZyBvZgogICBhbiBJVFIuICBIb3dl
dmVyLCBpZiB0aGUgUElUUiBpcyBkaXJlY3RseSBjb25uZWN0ZWQgdG8gYSBNYXBwaW5nCiAg
IFN5c3RlbSBzdWNoIGFzIExJU1ArQUxUIFtSRkM2ODM2XSwgdGhlIFBJVFIgcGVyZm9ybXMg
dGhlIGZ1bmN0aW9ucyBvZgogICBib3RoIHRoZSBJVFIgYW5kIHRoZSBNYXAtUmVzb2x2ZXIg
Zm9yd2FyZGluZyB0aGUgTWFwLVJlcXVlc3QKICAgZW5jYXBzdWxhdGVkIGluIGFuIEVDTSBo
ZWFkZXIgdGhhdCBpbmNsdWRlcyB0aGUgQXV0aGVudGljYXRpb24gRGF0YQogICBmaWVsZHMg
YXMgZGVzY3JpYmVkIGluIFNlY3Rpb24gNS42LgoKNS41LiAgRW5jcnlwdGluZyBhbmQgRGVj
cnlwdGluZyBhbiBPVEsKCiAgIE1TLU9USyBjb25maWRlbnRpYWxpdHkgaXMgcmVxdWlyZWQg
aW4gdGhlIHBhdGggYmV0d2VlbiB0aGUgTWFwLVNlcnZlcgogICBhbmQgdGhlIEVUUiwgdGhl
IE1TLU9USyBTSE9VTEQgYmUgZW5jcnlwdGVkIHVzaW5nIHRoZSBwcmVjb25maWd1cmVkCiAg
IGtleSBzaGFyZWQgYmV0d2VlbiB0aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVUUiBmb3IgdGhl
IHB1cnBvc2Ugb2YKICAgc2VjdXJpbmcgRVRSIHJlZ2lzdHJhdGlvbiBbUkZDNjgzM10uICBT
aW1pbGFybHksIGlmIElUUi1PVEsKICAgY29uZmlkZW50aWFsaXR5IGlzIHJlcXVpcmVkIGlu
IHRoZSBwYXRoIGJldHdlZW4gdGhlIElUUiBhbmQgdGhlIE1hcC0KICAgUmVzb2x2ZXIsIHRo
ZSBJVFItT1RLIFNIT1VMRCBiZSBlbmNyeXB0ZWQgd2l0aCBhIGtleSBzaGFyZWQgYmV0d2Vl
bgogICB0aGUgSVRSIGFuZCB0aGUgTWFwLVJlc29sdmVyLgoKCgpNYWlubywgZXQgYWwuICAg
ICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAx
M10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAg
ICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICBUaGUgT1RLIGlzIGVuY3J5cHRlZCB1c2lu
ZyB0aGUgYWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0aGUgT1RLCiAgIEVuY3J5cHRpb24gSUQg
ZmllbGQuICBXaGVuIHRoZSBBRVMgS2V5IFdyYXAgYWxnb3JpdGhtIGlzIHVzZWQgdG8KICAg
ZW5jcnlwdCBhIDEyOC1iaXQgT1RLLCBhY2NvcmRpbmcgdG8gW1JGQzMzOTRdLCB0aGUgQUVT
IEtleSBXcmFwCiAgIEluaXRpYWxpemF0aW9uIFZhbHVlIE1VU1QgYmUgc2V0IHRvIDB4QTZB
NkE2QTZBNkE2QTZBNiAoNjQgYml0cykuCiAgIFRoZSBvdXRwdXQgb2YgdGhlIEFFUyBLZXkg
V3JhcCBvcGVyYXRpb24gaXMgMTkyLWJpdCBsb25nLiAgVGhlIG1vc3QKICAgc2lnbmlmaWNh
bnQgNjQtYml0IGFyZSBjb3BpZWQgaW4gdGhlIE9uZS1UaW1lIEtleSBQcmVhbWJsZSBmaWVs
ZCwKICAgd2hpbGUgdGhlIDEyOCBsZXNzIHNpZ25pZmljYW50IGJpdHMgYXJlIGNvcGllZCBp
biB0aGUgT25lLVRpbWUgS2V5CiAgIGZpZWxkIG9mIHRoZSBMSVNQLVNFQyBBdXRoZW50aWNh
dGlvbiBEYXRhLgoKICAgV2hlbiBkZWNyeXB0aW5nIGFuIGVuY3J5cHRlZCBPVEsgdGhlIHJl
Y2VpdmVyIE1VU1QgdmVyaWZ5IHRoYXQgdGhlCiAgIEluaXRpYWxpemF0aW9uIFZhbHVlIHJl
c3VsdGluZyBmcm9tIHRoZSBBRVMgS2V5IFdyYXAgZGVjcnlwdGlvbgogICBvcGVyYXRpb24g
aXMgZXF1YWwgdG8gMHhBNkE2QTZBNkE2QTZBNkE2LiAgSWYgdGhpcyB2ZXJpZmljYXRpb24g
ZmFpbHMKICAgdGhlIHJlY2VpdmVyIE1VU1QgZGlzY2FyZCB0aGUgZW50aXJlIG1lc3NhZ2Uu
CgogICBXaGVuIGEgMTI4LWJpdCBPVEsgaXMgc2VudCB1bmVuY3J5cHRlZCB0aGUgT1RLIEVu
Y3J5cHRpb24gSUQgaXMgc2V0CiAgIHRvIE5VTExfS0VZX1dSQVBfMTI4LCBhbmQgdGhlIE9U
SyBQcmVhbWJsZSBpcyBzZXQgdG8KICAgMHgwMDAwMDAwMDAwMDAwMDAwICg2NCBiaXRzKS4K
CjUuNi4gIE1hcC1SZXNvbHZlciBQcm9jZXNzaW5nCgogICBVcG9uIHJlY2VpdmluZyBhbiBl
bmNhcHN1bGF0ZWQgTWFwLVJlcXVlc3Qgd2l0aCB0aGUgUy1iaXQgc2V0LCB0aGUKICAgTWFw
LVJlc29sdmVyIGRlY2Fwc3VsYXRlcyB0aGUgRUNNIG1lc3NhZ2UuICBUaGUgSVRSLU9USywg
aWYKICAgZW5jcnlwdGVkLCBpcyBkZWNyeXB0ZWQgYXMgc3BlY2lmaWVkIGluIFNlY3Rpb24g
NS41LgoKICAgUHJvdGVjdGluZyB0aGUgY29uZmlkZW50aWFsaXR5IG9mIHRoZSBJVFItT1RL
IGFuZCwgaW4gZ2VuZXJhbCwgdGhlCiAgIHNlY3VyaXR5IG9mIGhvdyB0aGUgTWFwLVJlcXVl
c3QgaXMgaGFuZGVkIGJ5IHRoZSBNYXAtUmVzb2x2ZXIgdG8gdGhlCiAgIE1hcC1TZXJ2ZXIs
IGlzIHNwZWNpZmljIHRvIHRoZSBwYXJ0aWN1bGFyIE1hcHBpbmcgU3lzdGVtIHVzZWQsIGFu
ZAogICBvdXRzaWRlIG9mIHRoZSBzY29wZSBvZiB0aGlzIG1lbW8uCgogICBJbiBNYXBwaW5n
IFN5c3RlbXMgd2hlcmUgdGhlIE1hcC1TZXJ2ZXIgaXMgY29tcGxpYW50IHdpdGggW1JGQzY4
MzNdLAogICB0aGUgTWFwLVJlc29sdmVyIG9yaWdpbmF0ZXMgYSBuZXcgRUNNIGhlYWRlciB3
aXRoIHRoZSBTLWJpdCBzZXQsIHRoYXQKICAgY29udGFpbnMgdGhlIHVuZW5jcnlwdGVkIElU
Ui1PVEssIGFzIHNwZWNpZmllZCBpbiBTZWN0aW9uIDUuNSwgYW5kCiAgIHRoZSBvdGhlciBk
YXRhIGRlcml2ZWQgZnJvbSB0aGUgRUNNIEF1dGhlbnRpY2F0aW9uIERhdGEgb2YgdGhlCiAg
IHJlY2VpdmVkIGVuY2Fwc3VsYXRlZCBNYXAtUmVxdWVzdC4KCiAgIFRoZSBNYXAtUmVzb2x2
ZXIgdGhlbiBmb3J3YXJkcyB0byB0aGUgTWFwLVNlcnZlciB0aGUgcmVjZWl2ZWQgTWFwLQog
ICBSZXF1ZXN0LCBlbmNhcHN1bGF0ZWQgaW4gdGhlIG5ldyBFQ00gaGVhZGVyIHRoYXQgaW5j
bHVkZXMgdGhlIG5ld2x5CiAgIGNvbXB1dGVkIEF1dGhlbnRpY2F0aW9uIERhdGEgZmllbGRz
LgoKNS43LiAgTWFwLVNlcnZlciBQcm9jZXNzaW5nCgogICBVcG9uIHJlY2VpdmluZyBhbiBF
Q00gZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0IHdpdGggdGhlIFMtYml0IHNldCwKICAgdGhl
IE1hcC1TZXJ2ZXIgcHJvY2VzcyB0aGUgTWFwLVJlcXVlc3QgYWNjb3JkaW5nIHRvIHRoZSB2
YWx1ZSBvZiB0aGUKICAgUy1iaXQgY29udGFpbmVkIGluIHRoZSBNYXAtUmVnaXN0ZXIgc2Vu
dCBieSB0aGUgRVRSIGR1cmluZwogICByZWdpc3RyYXRpb24uCgogICBJZiB0aGUgUy1iaXQg
Y29udGFpbmVkIGluIHRoZSBNYXAtUmVnaXN0ZXIgd2FzIGNsZWFyIHRoZSBNYXAtU2VydmVy
CiAgIGRlY2Fwc3VsYXRlcyB0aGUgRUNNIGFuZCBnZW5lcmF0ZXMgYSBuZXcgRUNNIGVuY2Fw
c3VsYXRlZCBNYXAtUmVxdWVzdAoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBp
cmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAxNF0KDApJbnRlcm5ldC1E
cmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3Rv
YmVyIDIwMTYKCgogICB0aGF0IGRvZXMgbm90IGNvbnRhaW4gYW4gRUNNIEF1dGhlbnRpY2F0
aW9uIERhdGEsIGFzIHNwZWNpZmllZCBpbgogICBbUkZDNjgzMF0uICBUaGUgTWFwLVNlcnZl
ciBkb2VzIG5vdCBwZXJmb3JtIGFueSBmdXJ0aGVyIExJU1AtU0VDCiAgIHByb2Nlc3Npbmcs
IGFuZCB0aGUgTWFwLVJlcGx5IHdpbGwgbm90IGJlIHByb3RlY3RlZC4KCiAgIElmIHRoZSBT
LWJpdCBjb250YWluZWQgaW4gdGhlIE1hcC1SZWdpc3RlciB3YXMgc2V0IHRoZSBNYXAtU2Vy
dmVyCiAgIGRlY2Fwc3VsYXRlcyB0aGUgRUNNIGFuZCBnZW5lcmF0ZXMgYSBuZXcgRUNNIEF1
dGhlbnRpY2F0aW9uIERhdGEuCiAgIFRoZSBBdXRoZW50aWNhdGlvbiBEYXRhIGluY2x1ZGVz
IHRoZSBPVEstQUQgYW5kIHRoZSBFSUQtQUQsIHRoYXQKICAgY29udGFpbnMgRUlELXByZWZp
eCBhdXRob3JpemF0aW9uIGluZm9ybWF0aW9uLCB0aGF0IGFyZSB1bHRpbWF0ZWx5CiAgIHNl
bnQgdG8gdGhlIHJlcXVlc3RpbmcgSVRSLgoKICAgVGhlIE1hcC1TZXJ2ZXIgdXBkYXRlcyB0
aGUgT1RLLUFEIGJ5IGRlcml2aW5nIGEgbmV3IE9USyAoTVMtT1RLKSBmcm9tCiAgIHRoZSBJ
VFItT1RLIHJlY2VpdmVkIHdpdGggdGhlIE1hcC1SZXF1ZXN0LiAgTVMtT1RLIGlzIGRlcml2
ZWQKICAgYXBwbHlpbmcgdGhlIGtleSBkZXJpdmF0aW9uIGZ1bmN0aW9uIHNwZWNpZmllZCBp
biB0aGUgS0RGIElEIGZpZWxkLgogICBJZiB0aGUgYWxnb3JpdGhtIHNwZWNpZmllZCBpbiB0
aGUgS0RGIElEIGZpZWxkIGlzIG5vdCBzdXBwb3J0ZWQsIHRoZQogICBNYXAtU2VydmVyIHVz
ZXMgYSBkaWZmZXJlbnQgYWxnb3JpdGhtIHRvIGRlcml2ZSB0aGUga2V5IGFuZCB1cGRhdGVz
CiAgIHRoZSBLREYgSUQgZmllbGQgYWNjb3JkaW5nbHkuCgogICBUaGUgTWFwLVNlcnZlciBh
bmQgdGhlIEVUUiBNVVNUIGJlIGNvbmZpZ3VyZWQgd2l0aCBhIHNoYXJlZCBrZXkgZm9yCiAg
IG1hcHBpbmcgcmVnaXN0cmF0aW9uIGFjY29yZGluZyB0byBbUkZDNjgzM10uICBJZiBNUy1P
VEsKICAgY29uZmlkZW50aWFsaXR5IGlzIHJlcXVpcmVkLCB0aGVuIHRoZSBNUy1PVEsgU0hP
VUxEIGJlIGVuY3J5cHRlZCwgYnkKICAgd3JhcHBpbmcgdGhlIE1TLU9USyB3aXRoIHRoZSBh
bGdvcml0aG0gc3BlY2lmaWVkIGJ5IHRoZSBPVEsKICAgRW5jcnlwdGlvbiBJRCBmaWVsZCBh
cyBzcGVjaWZpZWQgaW4gU2VjdGlvbiA1LjUuCgogICBUaGUgTWFwLVNlcnZlciBpbmNsdWRl
cyBpbiB0aGUgRUlELUFEIHRoZSBsb25nZXN0IG1hdGNoIHJlZ2lzdGVyZWQKICAgRUlELXBy
ZWZpeCBmb3IgdGhlIGRlc3RpbmF0aW9uIEVJRCwgYW5kIGFuIEhNQUMgb2YgdGhpcyBFSUQt
cHJlZml4LgogICBUaGUgSE1BQyBpcyBrZXllZCB3aXRoIHRoZSBJVFItT1RLIGNvbnRhaW5l
ZCBpbiB0aGUgcmVjZWl2ZWQgRUNNCiAgIEF1dGhlbnRpY2F0aW9uIERhdGEsIGFuZCB0aGUg
SE1BQyBhbGdvcml0aG0gaXMgY2hvc2VuIGFjY29yZGluZyB0bwogICB0aGUgUmVxdWVzdGVk
IEhNQUMgSUQgZmllbGQuICBJZiBUaGUgTWFwLVNlcnZlciBkb2VzIG5vdCBzdXBwb3J0IHRo
aXMKICAgYWxnb3JpdGhtLCB0aGUgTWFwLVNlcnZlciB1c2VzIGEgZGlmZmVyZW50IGFsZ29y
aXRobSBhbmQgc3BlY2lmaWVzIGl0CiAgIGluIHRoZSBFSUQgSE1BQyBJRCBmaWVsZC4gIFRo
ZSBzY29wZSBvZiB0aGUgSE1BQyBvcGVyYXRpb24gY292ZXJzIHRoZQogICBlbnRpcmUgRUlE
LUFELCBmcm9tIHRoZSBFSUQtQUQgTGVuZ3RoIGZpZWxkIHRvIHRoZSBFSUQgSE1BQyBmaWVs
ZCwKICAgd2hpY2ggbXVzdCBiZSBzZXQgdG8gMCBiZWZvcmUgdGhlIGNvbXB1dGF0aW9uLgoK
ICAgVGhlIE1hcC1TZXJ2ZXIgdGhlbiBmb3J3YXJkcyB0aGUgdXBkYXRlZCBFQ00gZW5jYXBz
dWxhdGVkIE1hcC0KICAgUmVxdWVzdCwgdGhhdCBjb250YWlucyB0aGUgT1RLLUFELCB0aGUg
RUlELUFELCBhbmQgdGhlIHJlY2VpdmVkIE1hcC0KICAgUmVxdWVzdCB0byBhbiBhdXRob3Jp
dGF0aXZlIEVUUiBhcyBzcGVjaWZpZWQgaW4gW1JGQzY4MzBdLgoKNS43LjEuICBNYXAtU2Vy
dmVyIFByb2Nlc3NpbmcgaW4gUHJveHkgbW9kZQoKICAgSWYgdGhlIE1hcC1TZXJ2ZXIgaXMg
aW4gcHJveHkgbW9kZSwgaXQgZ2VuZXJhdGVzIGEgTWFwLVJlcGx5LCBhcwogICBzcGVjaWZp
ZWQgaW4gW1JGQzY4MzBdLCB3aXRoIHRoZSBTLWJpdCBzZXQgdG8gMS4gIFRoZSBNYXAtUmVw
bHkKICAgaW5jbHVkZXMgdGhlIEF1dGhlbnRpY2F0aW9uIERhdGEgdGhhdCBjb250YWlucyB0
aGUgRUlELUFELCBjb21wdXRlZAogICBhcyBzcGVjaWZpZWQgaW4gU2VjdGlvbiA1LjcsIGFz
IHdlbGwgYXMgdGhlIFBLVC1BRCBjb21wdXRlZCBhcwogICBzcGVjaWZpZWQgaW4gU2VjdGlv
biA1LjguCgoKCgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0
LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAxNV0KDApJbnRlcm5ldC1EcmFmdCAgICAg
ICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYK
Cgo1LjguICBFVFIgUHJvY2Vzc2luZwoKICAgVXBvbiByZWNlaXZpbmcgYW4gRUNNIGVuY2Fw
c3VsYXRlZCBNYXAtUmVxdWVzdCB3aXRoIHRoZSBTLWJpdCBzZXQsCiAgIHRoZSBFVFIgZGVj
YXBzdWxhdGVzIHRoZSBFQ00gbWVzc2FnZS4gIFRoZSBPVEsgZmllbGQsIGlmIGVuY3J5cHRl
ZCwKICAgaXMgZGVjcnlwdGVkIGFzIHNwZWNpZmllZCBpbiBTZWN0aW9uIDUuNSB0byBvYnRh
aW4gdGhlIHVuZW5jcnlwdGVkCiAgIE1TLU9USy4KCiAgIFRoZSBFVFIgdGhlbiBnZW5lcmF0
ZXMgYSBNYXAtUmVwbHkgYXMgc3BlY2lmaWVkIGluIFtSRkM2ODMwXSBhbmQKICAgaW5jbHVk
ZXMgdGhlIEF1dGhlbnRpY2F0aW9uIERhdGEgdGhhdCBjb250YWlucyB0aGUgRUlELUFELCBh
cwogICByZWNlaXZlZCBpbiB0aGUgZW5jYXBzdWxhdGVkIE1hcC1SZXF1ZXN0LCBhcyB3ZWxs
IGFzIHRoZSBQS1QtQUQuCgogICBUaGUgRUlELUFEIGlzIGNvcGllZCBmcm9tIHRoZSBBdXRo
ZW50aWNhdGlvbiBEYXRhIG9mIHRoZSByZWNlaXZlZAogICBlbmNhcHN1bGF0ZWQgTWFwLVJl
cXVlc3QuCgogICBUaGUgUEtULUFEIGNvbnRhaW5zIHRoZSBITUFDIG9mIHRoZSB3aG9sZSBN
YXAtUmVwbHkgcGFja2V0LCBrZXllZAogICB3aXRoIHRoZSBNUy1PVEsgYW5kIGNvbXB1dGVk
IHVzaW5nIHRoZSBITUFDIGFsZ29yaXRobSBzcGVjaWZpZWQgaW4KICAgdGhlIFJlcXVlc3Rl
ZCBITUFDIElEIGZpZWxkIG9mIHRoZSByZWNlaXZlZCBlbmNhcHN1bGF0ZWQgTWFwLVJlcXVl
c3QuCiAgIElmIHRoZSBFVFIgZG9lcyBub3Qgc3VwcG9ydCB0aGUgUmVxdWVzdGVkIEhNQUMg
SUQsIGl0IHVzZXMgYQogICBkaWZmZXJlbnQgYWxnb3JpdGhtIGFuZCB1cGRhdGVzIHRoZSBQ
S1QgSE1BQyBJRCBmaWVsZCBhY2NvcmRpbmdseS4KICAgVGhlIHNjb3BlIG9mIHRoZSBITUFD
IG9wZXJhdGlvbiBjb3ZlcnMgdGhlIGVudGlyZSBQS1QtQUQsIGZyb20gdGhlCiAgIE1hcC1S
ZXBseSBUeXBlIGZpZWxkIHRvIHRoZSBQS1QgSE1BQyBmaWVsZCwgd2hpY2ggbXVzdCBiZSBz
ZXQgdG8gMAogICBiZWZvcmUgdGhlIGNvbXB1dGF0aW9uLgoKICAgRmluYWxseSB0aGUgRVRS
IHNlbmRzIHRoZSBNYXAtUmVwbHkgdG8gdGhlIHJlcXVlc3RpbmcgSVRSIGFzCiAgIHNwZWNp
ZmllZCBpbiBbUkZDNjgzMF0uCgo2LiAgU2VjdXJpdHkgQ29uc2lkZXJhdGlvbnMKCjYuMS4g
IE1hcHBpbmcgU3lzdGVtIFNlY3VyaXR5CgogICBUaGUgTElTUC1TRUMgdGhyZWF0IG1vZGVs
IGRlc2NyaWJlZCBpbiBTZWN0aW9uIDMsIGFzc3VtZXMgdGhhdCB0aGUKICAgTElTUCBNYXBw
aW5nIFN5c3RlbSBpcyB3b3JraW5nIHByb3Blcmx5IGFuZCBldmVudHVhbGx5IGRlbGl2ZXJz
IE1hcC0KICAgUmVxdWVzdCBtZXNzYWdlcyB0byBhIE1hcC1TZXJ2ZXIgdGhhdCBpcyBhdXRo
b3JpdGF0aXZlIGZvciB0aGUKICAgcmVxdWVzdGVkIEVJRC4KCiAgIEl0IGlzIGFzc3VtZWQg
dGhhdCB0aGUgTWFwcGluZyBTeXN0ZW0gZW5zdXJlcyB0aGUgY29uZmlkZW50aWFsaXR5IG9m
CiAgIHRoZSBPVEssIGFuZCB0aGUgaW50ZWdyaXR5IG9mIHRoZSBNYXAtUmVwbHkgZGF0YS4g
IEhvd2V2ZXIsIGhvdyB0aGUKICAgTElTUCBNYXBwaW5nIFN5c3RlbSBpcyBzZWN1cmVkIGlz
IG91dCBvZiB0aGUgc2NvcGUgb2YgdGhpcyBkb2N1bWVudC4KCiAgIFNpbWlsYXJseSwgTWFw
LVJlZ2lzdGVyIHNlY3VyaXR5LCBpbmNsdWRpbmcgdGhlIHJpZ2h0IGZvciBhIExJU1AKICAg
ZW50aXR5IHRvIHJlZ2lzdGVyIGFuIEVJRC1wcmVmaXggb3IgdG8gY2xhaW0gcHJlc2VuY2Ug
YXQgYW4gUkxPQywgaXMKICAgb3V0IG9mIHRoZSBzY29wZSBvZiBMSVNQLVNFQy4KCjYuMi4g
IFJhbmRvbSBOdW1iZXIgR2VuZXJhdGlvbgoKICAgVGhlIElUUi1PVEsgTVVTVCBiZSBnZW5l
cmF0ZWQgYnkgYSBwcm9wZXJseSBzZWVkZWQgcHNldWRvLXJhbmRvbSAob3IKICAgc3Ryb25n
IHJhbmRvbSkgc291cmNlLiAgU2VlIFtSRkM0MDg2XSBmb3IgYWR2aWNlIG9uIGdlbmVyYXRp
bmcKICAgc2VjdXJpdHktc2Vuc2l0aXZlIHJhbmRvbSBkYXRhCgoKCk1haW5vLCBldCBhbC4g
ICAgICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAgICAgICAgICAgIFtQYWdl
IDE2XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgTElTUC1TRUMgICAgICAg
ICAgICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCjYuMy4gIE1hcC1TZXJ2ZXIgYW5kIEVUUiBD
b2xvY2F0aW9uCgogICBJZiB0aGUgTWFwLVNlcnZlciBhbmQgdGhlIEVUUiBhcmUgY29sb2Nh
dGVkLCBMSVNQLVNFQyBkb2VzIG5vdAogICBwcm92aWRlIHByb3RlY3Rpb24gZnJvbSBvdmVy
Y2xhaW1pbmcgYXR0YWNrcyBtb3VudGVkIGJ5IHRoZSBFVFIuCiAgIEhvd2V2ZXIsIGluIHRo
aXMgcGFydGljdWxhciBjYXNlLCBzaW5jZSB0aGUgRVRSIGlzIHdpdGhpbiB0aGUgdHJ1c3QK
ICAgYm91bmRhcmllcyBvZiB0aGUgTWFwLVNlcnZlciwgRVRSJ3Mgb3ZlcmNsYWltaW5nIGF0
dGFja3MgYXJlIG5vdAogICBpbmNsdWRlZCBpbiB0aGUgdGhyZWF0IG1vZGVsLgoKNi40LiAg
RGVwbG95aW5nIExJU1AtU0VDCgogICBUaGlzIG1lbW8gaXMgd3JpdHRlbiBhY2NvcmRpbmcg
dG8gW1JGQzIxMTldLiAgU3BlY2lmaWNhbGx5LCB0aGUgdXNlCiAgIG9mIHRoZSBrZXkgd29y
ZCBTSE9VTEQgIiBvciB0aGUgYWRqZWN0aXZlICdSRUNPTU1FTkRFRCcsIG1lYW4gdGhhdAog
ICB0aGVyZSBtYXkgZXhpc3QgdmFsaWQgcmVhc29ucyBpbiBwYXJ0aWN1bGFyIGNpcmN1bXN0
YW5jZXMgdG8gaWdub3JlIGEKICAgcGFydGljdWxhciBpdGVtLCBidXQgdGhlIGZ1bGwgaW1w
bGljYXRpb25zIG11c3QgYmUgdW5kZXJzdG9vZCBhbmQKICAgY2FyZWZ1bGx5IHdlaWdoZWQg
YmVmb3JlIGNob29zaW5nIGEgZGlmZmVyZW50IGNvdXJzZSIuCgogICBUaG9zZSBkZXBsb3lp
bmcgTElTUC1TRUMgYWNjb3JkaW5nIHRvIHRoaXMgbWVtbywgc2hvdWxkIGNhcmVmdWxseQog
ICB3ZWlnaHQgaG93IHRoZSBMSVNQLVNFQyB0aHJlYXQgbW9kZWwgYXBwbGllcyB0byB0aGVp
ciBwYXJ0aWN1bGFyIHVzZQogICBjYXNlIG9yIGRlcGxveW1lbnQuICBXaGVuIHRoZXkgZGVj
aWRlIHRvIGlnbm9yZSBhIHBhcnRpY3VsYXIKICAgcmVjb21tZW5kYXRpb24gdGhleSBzaG91
bGQgbWFrZSBzdXJlIHRoZSByaXNrIGFzc29jaWF0ZWQgd2l0aCB0aGUKICAgY29ycmVzcG9u
ZGluZyB0aHJlYXRzIGlzIHdlbGwgdW5kZXJzdG9vZC4KCiAgIEFzIGFuIGV4YW1wbGUsIGlu
IGNlcnRhaW4gY2xvc2VkIGFuZCBjb250cm9sbGVkIGRlcGxveW1lbnRzLCBpdCBpcwogICBw
b3NzaWJsZSB0aGF0IHRoZSB0aHJlYXQgYXNzb2NpYXRlZCB3aXRoIGEgTWlUTSBiZXR3ZWVu
IHRoZSB4VFIgYW5kCiAgIHRoZSBNYXBwaW5nIFN5c3RlbSBpcyB2ZXJ5IGxvdywgYW5kIGFm
dGVyIGNhcmZldWwgY29uc2lkZXJhdGlvbiBpdAogICBtYXkgYmUgZGVjaWRlZCB0byBhbGxv
dyBhIE5VTEwga2V5IHdyYXBwaW5nIGFsZ29yaXRobSB3aGlsZSBjYXJyeWluZwogICB0aGUg
T1RLcyBiZXR3ZWVuIHRoZSB4VFIgYW5kIHRoZSBNYXBwaW5nIFN5c3RlbS4KCiAgIEFzIGFu
IGV4YW1wbGUgYXQgdGhlIG90aGVyIGVuZCBvZiB0aGUgc3BlY3RydW0sIGluIGNlcnRhaW4g
b3RoZXIKICAgZGVwbG95bWVudHMsIGF0dGFja2VycyBtYXkgYmUgdmVyeSBzb3BoaXN0aWNh
dGVkLCBhbmQgZm9yY2UgdGhlCiAgIGRlcGxveWVycyB0byBlbmZvcmNlIHZlcnkgc3RyaWN0
IHBvbGljaWVzIGluIHRlcm0gb2YgT1RLIHdyYXBwaW5nCiAgIGFsZ29yaXRobXMgYWxsb3dl
ZC4KCiAgIFNpbWlsYXIgY29uc2lkZXJhdGlvbnMgYXBwbHkgdG8gdGhlIGVudGlyZSBMSVNQ
LVNFQyB0aHJlYXQgbW9kZWwsIGFuZAogICBzaG91bGQgZ3VpZGUgdGhlIGRlcGxveWVycyBh
bmQgaW1wbGVtZW50b3JzIHdoZW5ldmVyIHRoZXkgZW5jb3VudGVyCiAgIHRoZSBrZXkgd29y
ZCBTSE9VTEQgYWNyb3NzIHRoaXMgbWVtby4KCjcuICBJQU5BIENvbnNpZGVyYXRpb25zCgo3
LjEuICBFQ00gQUQgVHlwZSBSZWdpc3RyeQoKICAgSUFOQSBpcyByZXF1ZXN0ZWQgdG8gY3Jl
YXRlIHRoZSAiRUNNIEF1dGhlbnRpY2F0aW9uIERhdGEgVHlwZSIKICAgcmVnaXN0cnkgd2l0
aCB2YWx1ZXMgMC0yNTUsIGZvciB1c2UgaW4gdGhlIEVDTSBMSVNQLVNFQyBFeHRlbnNpb25z
CiAgIFNlY3Rpb24gNS4xLiAgVGhlIHJlZ2lzdHJ5IE1VU1QgYmUgaW5pdGlhbGx5IHBvcHVs
YXRlZCB3aXRoIHRoZQogICBmb2xsb3dpbmcgdmFsdWVzOgoKCgoKCgpNYWlubywgZXQgYWwu
ICAgICAgICAgICAgICBFeHBpcmVzIE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFn
ZSAxN10KDApJbnRlcm5ldC1EcmFmdCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAg
ICAgICAgICAgICAgICBPY3RvYmVyIDIwMTYKCgogICAgICAgICAgICAgTmFtZSAgICAgICAg
ICAgICAgICAgICAgIFZhbHVlICAgICAgICBEZWZpbmVkIEluCiAgICAgICAgICAgICAtLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAgICAgICAg
ICAgICBSZXNlcnZlZCAgICAgICAgICAgICAgICAgMAogICAgICAgICAgICAgTElTUC1TRUMt
RUNNLUVYVCAgICAgICAgIDEgICAgICAgICAgICAgVGhpcyBtZW1vCgogICAgICAgICAgICAg
dmFsdWVzIDItMjU1IGFyZSByZXNlcnZlZCB0byBJQU5BLgoKICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgSE1BQyBGdW5jdGlvbnMKCjcuMi4gIE1hcC1SZXBseSBBRCBUeXBlIFJl
Z2lzdHJ5CgogICBJQU5BIGlzIHJlcXVlc3RlZCB0byBjcmVhdGUgdGhlICJNYXAtUmVwbHkg
QXV0aGVudGljYXRpb24gRGF0YSBUeXBlIgogICByZWdpc3RyeSB3aXRoIHZhbHVlcyAwLTI1
NSwgZm9yIHVzZSBpbiB0aGUgTWFwLVJlcGx5IExJU1AtU0VDCiAgIEV4dGVuc2lvbnMgU2Vj
dGlvbiA1LjIuICBUaGUgcmVnaXN0cnkgTVVTVCBiZSBpbml0aWFsbHkgcG9wdWxhdGVkCiAg
IHdpdGggdGhlIGZvbGxvd2luZyB2YWx1ZXM6CgogICAgICAgICAgICAgTmFtZSAgICAgICAg
ICAgICAgICAgICAgIFZhbHVlICAgICAgICBEZWZpbmVkIEluCiAgICAgICAgICAgICAtLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiAgICAgICAg
ICAgICBSZXNlcnZlZCAgICAgICAgICAgICAgICAgMAogICAgICAgICAgICAgTElTUC1TRUMt
TVItRVhUICAgICAgICAgIDEgICAgICAgICAgICAgVGhpcyBtZW1vCgogICAgICAgICAgICAg
dmFsdWVzIDItMjU1IGFyZSByZXNlcnZlZCB0byBJQU5BLgoKICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgSE1BQyBGdW5jdGlvbnMKCjcuMy4gIEhNQUMgRnVuY3Rpb25zCgogICBJ
QU5BIGlzIHJlcXVlc3RlZCB0byBjcmVhdGUgdGhlICJMSVNQLVNFQyBBdXRoZW50aWNhdGlv
biBEYXRhIEhNQUMKICAgSUQiIHJlZ2lzdHJ5IHdpdGggdmFsdWVzIDAtNjU1MzUgZm9yIHVz
ZSBhcyBSZXF1ZXN0ZWQgSE1BQyBJRCwgRUlECiAgIEhNQUMgSUQsIGFuZCBQS1QgSE1BQyBJ
RCBpbiB0aGUgTElTUC1TRUMgQXV0aGVudGljYXRpb24gRGF0YToKCiAgICAgICAgICAgICBO
YW1lICAgICAgICAgICAgICAgICAgICAgTnVtYmVyICAgICAgICBEZWZpbmVkIEluCiAgICAg
ICAgICAgICAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tCiAgICAgICAgICAgICBOT05FICAgICAgICAgICAgICAgICAgICAgMAogICAgICAgICAg
ICAgQVVUSC1ITUFDLVNIQS0xLTk2ICAgICAgIDEgICAgICAgICAgICAgW1JGQzIxMDRdCiAg
ICAgICAgICAgICBBVVRILUhNQUMtU0hBLTI1Ni0xMjggICAgMiAgICAgICAgICAgICBbUkZD
NDYzNF0KCiAgICAgICAgICAgICB2YWx1ZXMgMy02NTUzNSBhcmUgcmVzZXJ2ZWQgdG8gSUFO
QS4KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEhNQUMgRnVuY3Rpb25zCgogICBB
VVRILUhNQUMtU0hBLTEtOTYgTVVTVCBiZSBzdXBwb3J0ZWQsIEFVVEgtSE1BQy1TSEEtMjU2
LTEyOCBTSE9VTEQgYmUKICAgc3VwcG9ydGVkLgoKCgoKCgoKCk1haW5vLCBldCBhbC4gICAg
ICAgICAgICAgIEV4cGlyZXMgTWF5IDQsIDIwMTcgICAgICAgICAgICAgICAgIFtQYWdlIDE4
XQoMCkludGVybmV0LURyYWZ0ICAgICAgICAgICAgICAgICAgTElTUC1TRUMgICAgICAgICAg
ICAgICAgICAgIE9jdG9iZXIgMjAxNgoKCjcuNC4gIEtleSBXcmFwIEZ1bmN0aW9ucwoKICAg
SUFOQSBpcyByZXF1ZXN0ZWQgdG8gY3JlYXRlIHRoZSAiTElTUC1TRUMgQXV0aGVudGljYXRp
b24gRGF0YSBLZXkKICAgV3JhcCBJRCIgcmVnaXN0cnkgd2l0aCB2YWx1ZXMgMC02NTUzNSBm
b3IgdXNlIGFzIE9USyBrZXkgd3JhcAogICBhbGdvcml0aG1zIElEIGluIHRoZSBMSVNQLVNF
QyBBdXRoZW50aWNhdGlvbiBEYXRhOgoKICAgICAgICAgICAgIE5hbWUgICAgICAgICAgICAg
ICAgICAgICBOdW1iZXIgICAgICAgIERlZmluZWQgSW4KICAgICAgICAgICAgIC0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KICAgICAgICAgICAg
IE5VTEwtS0VZLVdSQVAtMTI4ICAgICAgICAxICAgICAgICAgICAgIFRoaXMgbWVtbwogICAg
ICAgICAgICAgQUVTLUtFWS1XUkFQLTEyOCAgICAgICAgIDIgICAgICAgICAgICAgW1JGQzMz
OTRdCgogICAgICAgICAgICAgdmFsdWVzIDAgYW5kIDMtNjU1MzUgYXJlIHJlc2VydmVkIHRv
IElBTkEuCgogICAgICAgICAgICAgICAgICAgICAgICAgICAgS2V5IFdyYXAgRnVuY3Rpb25z
CgogICBOVUxMLUtFWS1XUkFQLTEyOCwgYW5kIEFFUy1LRVktV1JBUC0xMjggTVVTVCBiZSBz
dXBwb3J0ZWQuCgogICBOVUxMLUtFWS1XUkFQLTEyOCBpcyB1c2VkIHRvIGNhcnJ5IGFuIHVu
ZW5jcnlwdGVkIDEyOC1iaXQgT1RLLCB3aXRoIGEKICAgNjQtYml0IHByZWFtYmxlIHNldCB0
byAweDAwMDAwMDAwMDAwMDAwMDAgKDY0IGJpdHMpLgoKNy41LiAgS2V5IERlcml2YXRpb24g
RnVuY3Rpb25zCgogICBJQU5BIGlzIHJlcXVlc3RlZCB0byBjcmVhdGUgdGhlICJMSVNQLVNF
QyBBdXRoZW50aWNhdGlvbiBEYXRhIEtleQogICBEZXJpdmF0aW9uIEZ1bmN0aW9uIElEIiBy
ZWdpc3RyeSB3aXRoIHZhbHVlcyAwLTY1NTM1IGZvciB1c2UgYXMgS0RGCiAgIElEIGluIHRo
ZSBMSVNQLVNFQyBBdXRoZW50aWNhdGlvbiBEYXRhOgoKICAgICAgICAgICAgIE5hbWUgICAg
ICAgICAgICAgICAgICAgICBOdW1iZXIgICAgICAgIERlZmluZWQgSW4KICAgICAgICAgICAg
IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KICAg
ICAgICAgICAgIE5PTkUgICAgICAgICAgICAgICAgICAgICAwCiAgICAgICAgICAgICBIS0RG
LVNIQTEtMTI4ICAgICAgICAgICAgMSAgICAgICAgICAgICBbUkZDNTg2OV0KCiAgICAgICAg
ICAgICB2YWx1ZXMgMi02NTUzNSBhcmUgcmVzZXJ2ZWQgdG8gSUFOQS4KCiAgICAgICAgICAg
ICAgICAgICAgICAgICBLZXkgRGVyaXZhdGlvbiBGdW5jdGlvbnMKCiAgIEhLREYtU0hBMS0x
MjggTVVTVCBiZSBzdXBwb3J0ZWQKCjguICBBY2tub3dsZWRnZW1lbnRzCgogICBUaGUgYXV0
aG9ycyB3b3VsZCBsaWtlIHRvIGFja25vd2xlZGdlIFBlcmUgTW9uY2x1cywgRGF2ZSBNZXll
ciwgRGlubwogICBGYXJpbmFjY2ksIEJyaWFuIFdlaXMsIERhdmlkIE1jR3JldywgRGFycmVs
IExld2lzIGFuZCBMYW5kb24gQ3VydAogICBOb2xsIGZvciB0aGVpciB2YWx1YWJsZSBzdWdn
ZXN0aW9ucyBwcm92aWRlZCBkdXJpbmcgdGhlIHByZXBhcmF0aW9uCiAgIG9mIHRoaXMgZG9j
dW1lbnQuCgoKCgoKCgoKTWFpbm8sIGV0IGFsLiAgICAgICAgICAgICAgRXhwaXJlcyBNYXkg
NCwgMjAxNyAgICAgICAgICAgICAgICAgW1BhZ2UgMTldCgwKSW50ZXJuZXQtRHJhZnQgICAg
ICAgICAgICAgICAgICBMSVNQLVNFQyAgICAgICAgICAgICAgICAgICAgT2N0b2JlciAyMDE2
CgoKOS4gIE5vcm1hdGl2ZSBSZWZlcmVuY2VzCgogICBbUkZDMjEwNF0gIEtyYXdjenlrLCBI
LiwgQmVsbGFyZSwgTS4sIGFuZCBSLiBDYW5ldHRpLCAiSE1BQzogS2V5ZWQtCiAgICAgICAg
ICAgICAgSGFzaGluZyBmb3IgTWVzc2FnZSBBdXRoZW50aWNhdGlvbiIsIFJGQyAyMTA0LAog
ICAgICAgICAgICAgIERPSSAxMC4xNzQ4Ny9SRkMyMTA0LCBGZWJydWFyeSAxOTk3LAogICAg
ICAgICAgICAgIDxodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjMjEwND4uCgog
ICBbUkZDMjExOV0gIEJyYWRuZXIsIFMuLCAiS2V5IHdvcmRzIGZvciB1c2UgaW4gUkZDcyB0
byBJbmRpY2F0ZQogICAgICAgICAgICAgIFJlcXVpcmVtZW50IExldmVscyIsIEJDUCAxNCwg
UkZDIDIxMTksCiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3L1JGQzIxMTksIE1hcmNoIDE5
OTcsCiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmMy
MTE5Pi4KCiAgIFtSRkMzMzk0XSAgU2NoYWFkLCBKLiBhbmQgUi4gSG91c2xleSwgIkFkdmFu
Y2VkIEVuY3J5cHRpb24gU3RhbmRhcmQKICAgICAgICAgICAgICAoQUVTKSBLZXkgV3JhcCBB
bGdvcml0aG0iLCBSRkMgMzM5NCwgRE9JIDEwLjE3NDg3L1JGQzMzOTQsCiAgICAgICAgICAg
ICAgU2VwdGVtYmVyIDIwMDIsIDxodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZj
MzM5ND4uCgogICBbUkZDNDA4Nl0gIEVhc3RsYWtlIDNyZCwgRC4sIFNjaGlsbGVyLCBKLiwg
YW5kIFMuIENyb2NrZXIsCiAgICAgICAgICAgICAgIlJhbmRvbW5lc3MgUmVxdWlyZW1lbnRz
IGZvciBTZWN1cml0eSIsIEJDUCAxMDYsIFJGQyA0MDg2LAogICAgICAgICAgICAgIERPSSAx
MC4xNzQ4Ny9SRkM0MDg2LCBKdW5lIDIwMDUsCiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cu
cmZjLWVkaXRvci5vcmcvaW5mby9yZmM0MDg2Pi4KCiAgIFtSRkM1MjI2XSAgTmFydGVuLCBU
LiBhbmQgSC4gQWx2ZXN0cmFuZCwgIkd1aWRlbGluZXMgZm9yIFdyaXRpbmcgYW4KICAgICAg
ICAgICAgICBJQU5BIENvbnNpZGVyYXRpb25zIFNlY3Rpb24gaW4gUkZDcyIsIEJDUCAyNiwg
UkZDIDUyMjYsCiAgICAgICAgICAgICAgRE9JIDEwLjE3NDg3L1JGQzUyMjYsIE1heSAyMDA4
LAogICAgICAgICAgICAgIDxodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2luZm8vcmZjNTIy
Nj4uCgogICBbUkZDNTg2OV0gIEtyYXdjenlrLCBILiBhbmQgUC4gRXJvbmVuLCAiSE1BQy1i
YXNlZCBFeHRyYWN0LWFuZC1FeHBhbmQKICAgICAgICAgICAgICBLZXkgRGVyaXZhdGlvbiBG
dW5jdGlvbiAoSEtERikiLCBSRkMgNTg2OSwKICAgICAgICAgICAgICBET0kgMTAuMTc0ODcv
UkZDNTg2OSwgTWF5IDIwMTAsCiAgICAgICAgICAgICAgPGh0dHA6Ly93d3cucmZjLWVkaXRv
ci5vcmcvaW5mby9yZmM1ODY5Pi4KCiAgIFtSRkM2ODMwXSAgRmFyaW5hY2NpLCBELiwgRnVs
bGVyLCBWLiwgTWV5ZXIsIEQuLCBhbmQgRC4gTGV3aXMsICJUaGUKICAgICAgICAgICAgICBM
b2NhdG9yL0lEIFNlcGFyYXRpb24gUHJvdG9jb2wgKExJU1ApIiwgUkZDIDY4MzAsCiAgICAg
ICAgICAgICAgRE9JIDEwLjE3NDg3L1JGQzY4MzAsIEphbnVhcnkgMjAxMywKICAgICAgICAg
ICAgICA8aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9pbmZvL3JmYzY4MzA+LgoKICAgW1JG
QzY4MzNdICBGdWxsZXIsIFYuIGFuZCBELiBGYXJpbmFjY2ksICJMb2NhdG9yL0lEIFNlcGFy
YXRpb24KICAgICAgICAgICAgICBQcm90b2NvbCAoTElTUCkgTWFwLVNlcnZlciBJbnRlcmZh
Y2UiLCBSRkMgNjgzMywKICAgICAgICAgICAgICBET0kgMTAuMTc0ODcvUkZDNjgzMywgSmFu
dWFyeSAyMDEzLAogICAgICAgICAgICAgIDxodHRwOi8vd3d3LnJmYy1lZGl0b3Iub3JnL2lu
Zm8vcmZjNjgzMz4uCgogICBbUkZDNjgzNl0gIEZ1bGxlciwgVi4sIEZhcmluYWNjaSwgRC4s
IE1leWVyLCBELiwgYW5kIEQuIExld2lzLAogICAgICAgICAgICAgICJMb2NhdG9yL0lEIFNl
cGFyYXRpb24gUHJvdG9jb2wgQWx0ZXJuYXRpdmUgTG9naWNhbAogICAgICAgICAgICAgIFRv
cG9sb2d5IChMSVNQK0FMVCkiLCBSRkMgNjgzNiwgRE9JIDEwLjE3NDg3L1JGQzY4MzYsCiAg
ICAgICAgICAgICAgSmFudWFyeSAyMDEzLCA8aHR0cDovL3d3dy5yZmMtZWRpdG9yLm9yZy9p
bmZvL3JmYzY4MzY+LgoKCgoKCgpNYWlubywgZXQgYWwuICAgICAgICAgICAgICBFeHBpcmVz
IE1heSA0LCAyMDE3ICAgICAgICAgICAgICAgICBbUGFnZSAyMF0KDApJbnRlcm5ldC1EcmFm
dCAgICAgICAgICAgICAgICAgIExJU1AtU0VDICAgICAgICAgICAgICAgICAgICBPY3RvYmVy
IDIwMTYKCgogICBbUkZDNzgzNV0gIFNhdWNleiwgRC4sIElhbm5vbmUsIEwuLCBhbmQgTy4g
Qm9uYXZlbnR1cmUsICJMb2NhdG9yL0lECiAgICAgICAgICAgICAgU2VwYXJhdGlvbiBQcm90
b2NvbCAoTElTUCkgVGhyZWF0IEFuYWx5c2lzIiwgUkZDIDc4MzUsCiAgICAgICAgICAgICAg
RE9JIDEwLjE3NDg3L1JGQzc4MzUsIEFwcmlsIDIwMTYsCiAgICAgICAgICAgICAgPGh0dHA6
Ly93d3cucmZjLWVkaXRvci5vcmcvaW5mby9yZmM3ODM1Pi4KCkF1dGhvcnMnIEFkZHJlc3Nl
cwoKICAgRmFiaW8gTWFpbm8KICAgQ2lzY28gU3lzdGVtcwogICAxNzAgVGFzbWFuIERyaXZl
CiAgIFNhbiBKb3NlLCBDYWxpZm9ybmlhICA5NTEzNAogICBVU0EKCiAgIEVtYWlsOiBmbWFp
bm9AY2lzY28uY29tCgoKICAgVmluYSBFcm1hZ2FuCiAgIENpc2NvIFN5c3RlbXMKICAgMTcw
IFRhc21hbiBEcml2ZQogICBTYW4gSm9zZSwgQ2FsaWZvcm5pYSAgOTUxMzQKICAgVVNBCgog
ICBFbWFpbDogdmVybWFnYW5AY2lzY28uY29tCgoKICAgQWxiZXJ0IENhYmVsbG9zCiAgIFRl
Y2huaWNhbCBVbml2ZXJzaXR5IG9mIENhdGFsb25pYQogICBjLyBKb3JkaSBHaXJvbmEgcy9u
CiAgIEJhcmNlbG9uYSAgMDgwMzQKICAgU3BhaW4KCiAgIEVtYWlsOiBhY2FiZWxsb0BhYy51
cGMuZWR1CgoKICAgRGFtaWVuIFNhdWNlegogICBJTlJJQQogICAyMDA0IHJvdXRlIGRlcyBM
dWNpb2xlcyAtIEJQIDkzCiAgIFNvcGhpYSBBbnRpcG9saXMKICAgRnJhbmNlCgogICBFbWFp
bDogZGFtaWVuLnNhdWNlekBpbnJpYS5mcgoKCgoKCgoKCgoKTWFpbm8sIGV0IGFsLiAgICAg
ICAgICAgICAgRXhwaXJlcyBNYXkgNCwgMjAxNyAgICAgICAgICAgICAgICAgW1BhZ2UgMjFd
Cg==
--------------783419FA16F85F446D9AC88D--


From nobody Thu Oct 27 15:53:27 2016
Return-Path: <tom@herbertland.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92E9C12969D for <lisp@ietfa.amsl.com>; Thu, 27 Oct 2016 15:53:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q4SxCO2_-pOe for <lisp@ietfa.amsl.com>; Thu, 27 Oct 2016 15:53:23 -0700 (PDT)
Received: from mail-qt0-x231.google.com (mail-qt0-x231.google.com [IPv6:2607:f8b0:400d:c0d::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4126D129435 for <lisp@ietf.org>; Thu, 27 Oct 2016 15:53:22 -0700 (PDT)
Received: by mail-qt0-x231.google.com with SMTP id p16so26110015qta.0 for <lisp@ietf.org>; Thu, 27 Oct 2016 15:53:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bOD+BOT3rAdWPXRBxFLAnbMvjvdJpJ3b8iBGlHAhcgA=; b=heV8N17WM13SsfBk4fobGTV30TOTMi5nslUp25jMv99arVpMV63Njc317my3YrhyEg +o2JeC8J+7BnHO0sZBfXrxDAGvQHUZTFTsMuv2r0A+ac8hMOJ9jyy1h7qBpV/JkRZeyZ 2tLsXabYvaFAVW/vg/PrGHEzZ02+kGP3tz/FjjtxxOqgMjcPxUX7/IVn0KBndcfl7VAW G9aimKmHrO4L+ePPS0wM9a+ETVRH2RHqTO0EF53bhJKnfV17eZUh/izyeGEFhVkip5Wc Nh9BLEQZE3Y1TrVIylXV0+4Kpy2IuAiGD/W2kG/8se/FzXJztiCjk4tfvE9opFPQnyXL HRvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bOD+BOT3rAdWPXRBxFLAnbMvjvdJpJ3b8iBGlHAhcgA=; b=FWN7E/KS3S3MJ1D2QewdvTr+4OGt8mDzakGReVD+OAoLJdosac8oMfkwCrSIxDw1AT tQmPeIXmLzICNudrkq/fcdeXb+T8mC6ZPuaaYBZ7rb4kcUiBzTiMdh8rpRYW6I4kGBRB +VNAPRYpa0n0wKzTnPPTTiXbe97IoKfYYvnyY3lz4BCKLhOOeuQhERC1F38YFdVCY2du nebjwiCjx7c6oot60NHm4sbwfCZClh4NQ9RizGSaj4IVZqj3Kjq7xg1VOUd6ffYKL5BK VXo4k/KFU8uJRi5SzEC5GYrWIu4jf8hgYquUNCiGtrso99cO6RoE8GuoSXz13eq79zdO 6Mvg==
X-Gm-Message-State: ABUngvdYJ3NzKWO3k8mNbUkuy6WsyZt3Wp5LYh3W1SFLVMTyV1BeTBIikGg39LKsLhpNU+fnBdtDyV1SajfTpg==
X-Received: by 10.200.56.118 with SMTP id r51mr8386706qtb.120.1477608801370; Thu, 27 Oct 2016 15:53:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.44.71 with HTTP; Thu, 27 Oct 2016 15:53:20 -0700 (PDT)
In-Reply-To: <147760701595.24654.9061600670227862705.idtracker@ietfa.amsl.com>
References: <147760701595.24654.9061600670227862705.idtracker@ietfa.amsl.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 27 Oct 2016 15:53:20 -0700
Message-ID: <CALx6S34m9merPE55s6qr5NizhE4mAZyJawdj_LCbzuQBqhKWPg@mail.gmail.com>
To: "int-area@ietf.org" <int-area@ietf.org>, 5gangip@ietf.org, lisp@ietf.org
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/TmK0VuJcieXOJSqbNJFcM0ZdJnI>
Cc: JULIUS <jm169k@att.com>, "Pierre Pfister \(ppfister\)" <ppfister@cisco.com>, Petr Lapukhov <petr@fb.com>, Behcet Sarikaya <sarikaya@ieee.org>, Dirk.von-Hugo@telekom.de, Satendra Gera <sgera@fb.com>
Subject: [lisp] Fwd: New Version Notification for draft-herbert-nvo3-ila-03.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2016 22:53:25 -0000

Hello,

I've posted an update to the ILA draft.

I would like to request that this draft be taken up as a WG item in
inet-area. In Berlin we chatted with the int-area ADs and the
conclusion for ILA (this draft) seemed to be that it should be worked
in int-area WG. There will be a routing or control plane component
that may be appropriate for routing area.

Changes from previous version:

- Restructured to make the draft more normative.
- Addressed several comments from Pierre Pfister and others
- Tried to make the description more generic and less datacenter
virtualization specific (eliminated references to nvo3 specific terms)
- Supporting material has been moving to
- Added more detail in addressing diagrams and description

Cross posting to LISP since there is some overlap of principles that
we might benefit from, and also 5gangip as a possible solution to IP
mobility. We are also updating the ILA mobility draft for that effort.

Comments on this draft are greatly appreciated.

Thanks,
Tom



---------- Forwarded message ----------
From:  <internet-drafts@ietf.org>
Date: Thu, Oct 27, 2016 at 3:23 PM
Subject: New Version Notification for draft-herbert-nvo3-ila-03.txt
To: Tom Herbert <tom@herbertland.com>



A new version of I-D, draft-herbert-nvo3-ila-03.txt
has been successfully submitted by Tom Herbert and posted to the
IETF repository.

Name:           draft-herbert-nvo3-ila
Revision:       03
Title:          Identifier-locator addressing for IPv6
Document date:  2016-10-27
Group:          Individual Submission
Pages:          38
URL:
https://www.ietf.org/internet-drafts/draft-herbert-nvo3-ila-03.txt
Status:         https://datatracker.ietf.org/doc/draft-herbert-nvo3-ila/
Htmlized:       https://tools.ietf.org/html/draft-herbert-nvo3-ila-03
Diff:           https://www.ietf.org/rfcdiff?url2=draft-herbert-nvo3-ila-03

Abstract:
   This specification describes identifier-locator addressing (ILA) for
   IPv6. Identifier-locator addressing differentiates between location
   and identity of a network node. Part of an address expresses the
   immutable identity of the node, and another part indicates the
   location of the node which can be dynamic. Identifier-locator
   addressing can be used to efficiently implement overlay networks for
   network virtualization as well as solutions for use cases in
   mobility.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat


From nobody Thu Oct 27 17:21:55 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C80012987B; Thu, 27 Oct 2016 17:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VsMn3vK4sTYQ; Thu, 27 Oct 2016 17:21:52 -0700 (PDT)
Received: from mail-pf0-x235.google.com (mail-pf0-x235.google.com [IPv6:2607:f8b0:400e:c00::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71832129645; Thu, 27 Oct 2016 17:21:52 -0700 (PDT)
Received: by mail-pf0-x235.google.com with SMTP id n85so26413120pfi.1; Thu, 27 Oct 2016 17:21:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Lk4Yml0akG4lMDPSyj9FHSVJxYMG46TifM/J4qXhats=; b=WYHJ1UsKkoYkONja9JmDZ1Nt/73MdhOvh8DrrXcB7jKEiCz9efYAF+/vNYEHLK3C0G ah/UDsYJeb5TkDjDGB0scpJ5wmeHcINOp3GSMfuWpNzELnK8OTB6nVumlx0hVHJ32NWQ /zJ1YP1Iy+/iOufxMedeGFGfxJpzoaPDyMhvBtNoGraD5qVQqworW/CRpWw383Dt4xAR VYeasoIlvMYyO8UWBjY/jFsIZXZQjP8CAEv+zaGgoM2aiHiV/+OQqM2zNhVsg9fAAhMX b+MLO6ff57KPi0hK26APiKguvqeBwDSUwvYr/I+8Eik+yCitFTEZNeJvV+RAdWQUdCH/ RnFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Lk4Yml0akG4lMDPSyj9FHSVJxYMG46TifM/J4qXhats=; b=Y75ZD/krphUR92fKtT7HDo6jdesLKwucn70zHUKQzyHxFNAgRvfT9x3JnP7w61zehF pY6sb/CUaXW8kLL9pINNLm7f2J2r2hcI/af2kDKjzmYNp87VMglyqlhf/fS5/8dNDwMI Q5GdgW8YBo4AyTdjFe7E+InWNJDYPZxFLl9So7BNqKDYLhE7rXdYn1JtjTNA2+ML63mN JMN4vw+3CABsDGS58t9662Ac07QSFDsPRdAffs9S9iwZ2dONoS1Lz9T8mLwRZgrWKlm6 ANmmSZ70PBltPoV38iKuck7KvyBNvhXt1k3Q7caJawOvC4lFrNTuzD+/eU58FL0gASws oyNA==
X-Gm-Message-State: ABUngvf6ab2H8sMgOJ4tHGHcOPRZqqR/vYRZmWefUwNSngSgmzTx7kCKjfr+d89fbF5sCQ==
X-Received: by 10.98.219.196 with SMTP id f187mr16781159pfg.139.1477614112068;  Thu, 27 Oct 2016 17:21:52 -0700 (PDT)
Received: from ?IPv6:2603:3024:151c:55f0:7411:ad4c:8de7:c6f8? ([2603:3024:151c:55f0:7411:ad4c:8de7:c6f8]) by smtp.gmail.com with ESMTPSA id dj3sm14286100pad.1.2016.10.27.17.21.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Oct 2016 17:21:51 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CALx6S34m9merPE55s6qr5NizhE4mAZyJawdj_LCbzuQBqhKWPg@mail.gmail.com>
Date: Thu, 27 Oct 2016 17:21:50 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <61DCF2FD-47CC-41AE-9EB3-06FBC415476B@gmail.com>
References: <147760701595.24654.9061600670227862705.idtracker@ietfa.amsl.com> <CALx6S34m9merPE55s6qr5NizhE4mAZyJawdj_LCbzuQBqhKWPg@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/p-LjSi0vkTGbgxZBu9K9RO-chnk>
Cc: "int-area@ietf.org" <int-area@ietf.org>, lisp@ietf.org, JULIUS <jm169k@att.com>, "Pierre Pfister \(ppfister\)" <ppfister@cisco.com>, Petr Lapukhov <petr@fb.com>, Behcet Sarikaya <sarikaya@ieee.org>, Satendra Gera <sgera@fb.com>, Dirk.von-Hugo@telekom.de, 5gangip@ietf.org
Subject: Re: [lisp] New Version Notification for draft-herbert-nvo3-ila-03.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2016 00:21:53 -0000

> - Restructured to make the draft more normative.
> - Addressed several comments from Pierre Pfister and others
> - Tried to make the description more generic and less datacenter
> virtualization specific (eliminated references to nvo3 specific terms)
> - Supporting material has been moving to
> - Added more detail in addressing diagrams and description

Can you complete the bullet "Supporting material has been moving to =
=E2=80=A6=E2=80=9D above?

Thanks,
Dino



From nobody Thu Oct 27 19:00:04 2016
Return-Path: <tom@herbertland.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44FA6129440 for <lisp@ietfa.amsl.com>; Thu, 27 Oct 2016 19:00:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZjZmr7YsHx_u for <lisp@ietfa.amsl.com>; Thu, 27 Oct 2016 19:00:02 -0700 (PDT)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE30112950E for <lisp@ietf.org>; Thu, 27 Oct 2016 19:00:00 -0700 (PDT)
Received: by mail-qk0-x22a.google.com with SMTP id z190so69896672qkc.2 for <lisp@ietf.org>; Thu, 27 Oct 2016 19:00:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=iOCCNYOpr8JWPQ0OBuesMkPKmKgHHnEbazakIPsV4m0=; b=LNSuQ90jlPFnTUaYySeV1yWx9oPA8XmgJAawKN/qChwoF+/SkKl5srTrD2+eTRr2+H VSY4hpH5x6xElC4iTTJJcCyUMUJJf/hbizm1LsSSSa5pl7Ov4k9wflAF319atTILyK90 4vVRYQ/vgc28cFwL/Jb/L0tRgJ7SjfM86zf88uZuHojwua8FUfYa+/NaOBFAjs1g15zc 21lHWMQ3ClJjVLFJsDHP+w/OdGZWI2amNJAxDJqh1amb/6caJGOqhRLIwpUH8+/LHhRS ffzsyoXAfo1+z+AQNtkiJoo6ni5fTQWJDSHmNC7gLRN4vQrkpIz9kH53qb9Udkq1iOnd +alA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=iOCCNYOpr8JWPQ0OBuesMkPKmKgHHnEbazakIPsV4m0=; b=Hp9/evhpCl2daa5cr+dyTieD95UP7UfkRLdESNKmtHkrhh+FTkBLn9AxHJSP1OvShV p0RhdiFflmrZpJayxADfFyEztxI9QLWG2cyuugqmXMEoO+E31ZDQMGfABtVgk+IH1V0c YThgKly7Z6eM2zw9FP6xw14D6uHC37YkfXChSPGxNJjOxH3wZBDzCxjUEptyHd0BjELS anFx5cKZNfoobr2aQvywMiRjKFi/T1J6nSR4TIu+gFOvnGiG0nrRUpu6zOgZTM0rFsto jfWsa8Hi3UrUVCQtybf+7Q5JPYy3I4ojm/5ehnFWsLxZYOehZUR2MBszs8fJgggbOFQv Yj0A==
X-Gm-Message-State: ABUngvfcs5JZ2juy+dKjvOLP437wSU4XHB3xsT8O9Pg96xPl0EaTj94CJpRu2zEFzZA+w2Hhd1M8hF7FlCG5fA==
X-Received: by 10.55.21.81 with SMTP id f78mr9525345qkh.210.1477619999864; Thu, 27 Oct 2016 18:59:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.44.71 with HTTP; Thu, 27 Oct 2016 18:59:59 -0700 (PDT)
In-Reply-To: <61DCF2FD-47CC-41AE-9EB3-06FBC415476B@gmail.com>
References: <147760701595.24654.9061600670227862705.idtracker@ietfa.amsl.com> <CALx6S34m9merPE55s6qr5NizhE4mAZyJawdj_LCbzuQBqhKWPg@mail.gmail.com> <61DCF2FD-47CC-41AE-9EB3-06FBC415476B@gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 27 Oct 2016 18:59:59 -0700
Message-ID: <CALx6S343=ChkEjZGCCYpv4SrENOjoNhRvtRm4Q=BKduJ-MfK=g@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/O0zD0Zr1FKaiuU6oVncSERIAf80>
Cc: "int-area@ietf.org" <int-area@ietf.org>, lisp@ietf.org, JULIUS <jm169k@att.com>, "Pierre Pfister \(ppfister\)" <ppfister@cisco.com>, Petr Lapukhov <petr@fb.com>, Behcet Sarikaya <sarikaya@ieee.org>, Satendra Gera <sgera@fb.com>, Dirk.von-Hugo@telekom.de, 5gangip@ietf.org
Subject: Re: [lisp] New Version Notification for draft-herbert-nvo3-ila-03.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2016 02:00:03 -0000

On Thu, Oct 27, 2016 at 5:21 PM, Dino Farinacci <farinacci@gmail.com> wrote=
:
>> - Restructured to make the draft more normative.
>> - Addressed several comments from Pierre Pfister and others
>> - Tried to make the description more generic and less datacenter
>> virtualization specific (eliminated references to nvo3 specific terms)
>> - Supporting material has been moving to
>> - Added more detail in addressing diagrams and description
>
> Can you complete the bullet "Supporting material has been moving to =E2=
=80=A6=E2=80=9D above?
>
"moved to appendix" :-)

> Thanks,
> Dino
>
>


From nobody Fri Oct 28 13:58:27 2016
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 62271129693; Fri, 28 Oct 2016 13:58:23 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147768830339.24851.16355206156261059132.idtracker@ietfa.amsl.com>
Date: Fri, 28 Oct 2016 13:58:23 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/c-e8bR2z15Uf-6LN121w-jylvBs>
Cc: lisp-chairs@ietf.org, lisp@ietf.org, draft-ietf-lisp-crypto@ietf.org, The IESG <iesg@ietf.org>, rfc-editor@rfc-editor.org
Subject: [lisp] Document Action: 'LISP Data-Plane Confidentiality' to Experimental RFC (draft-ietf-lisp-crypto-10.txt)
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2016 20:58:23 -0000

The IESG has approved the following document:
- 'LISP Data-Plane Confidentiality'
  (draft-ietf-lisp-crypto-10.txt) as Experimental RFC

This document is the product of the Locator/ID Separation Protocol
Working Group.

The IESG contact persons are Alvaro Retana, Alia Atlas and Deborah
Brungard.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-crypto/





Technical Summary

This document describes a mechanism for encrypting LISP encapsulated
traffic.  The design describes how key exchange is achieved using
existing LISP control-plane mechanisms as well as how to secure the
LISP data-plane from third-party surveillance attacks.

   
Working Group Summary

The document filled a gap that the working group felt was
important to address, namely confidentiality in the LISP data
plane. Since the document was created on explicit request of
the working group, it has received strong support during
its evolution.   

Document Quality

On explicit request of the chairs, the authors have requested
and obtained review and feedback from the Security Area Advisory
Group (SAAG). There is at least one implementation of the proposed
mechanism.
   
Personnel

Who is the Document Shepherd for this document?  Luigi Iannone
Who is the Responsible Area Director?  Deborah Brungard


From nobody Fri Oct 28 16:40:10 2016
Return-Path: <padma@huawei.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02E9C129638; Fri, 28 Oct 2016 16:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.652
X-Spam-Level: 
X-Spam-Status: No, score=-4.652 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.431, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3xDk55AsZmx; Fri, 28 Oct 2016 16:40:07 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65924129429; Fri, 28 Oct 2016 16:40:06 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml703-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CZG08931; Fri, 28 Oct 2016 23:40:04 +0000 (GMT)
Received: from DFWEML701-CAH.china.huawei.com (10.193.5.175) by lhreml703-cah.china.huawei.com (10.201.5.104) with Microsoft SMTP Server (TLS) id 14.3.235.1; Sat, 29 Oct 2016 00:40:03 +0100
Received: from DFWEML501-MBB.china.huawei.com ([10.193.5.179]) by dfweml701-cah.china.huawei.com ([10.193.5.175]) with mapi id 14.03.0235.001; Fri, 28 Oct 2016 16:39:53 -0700
From: Padmadevi Pillay Esnault <padma@huawei.com>
To: "ideas@ietf.org" <ideas@ietf.org>
Thread-Topic: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
Thread-Index: AQHSMTdVE6o3cYrLi025ADZM5w7QIaC+f2AA
Date: Fri, 28 Oct 2016 23:39:52 +0000
Message-ID: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.213.48.218]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090206.5813E1D4.011B, ss=1, re=0.000, recu=0.000, reip=0.000,  cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: a923a50355e87759d9a3cbaa3b166bd1
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/ow8BtJoTWJbDjVkgYawXKgAQleU>
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Oct 2016 23:40:09 -0000

VGhlIHJlY2VudCBEZW5pYWwtb2Ytc2VydmljZSBhdHRhY2tzIGlzIGEgc2NlbmFyaW8gd2Ugc2hv
dWxkIGhhdmUgaW4gbWluZCB3aGVuIGJ1aWxkaW5nIHJvYnVzdG5lc3MgaW4gdGhlIG5ldHdvcmsg
bWFwcGluZyBzeXN0ZW0uDQpJbiBkcmFmdC1wYWRtYS1pZGVhcy1wcm9ibGVtLXN0YXRlbWVudC0w
MC50eHQsIHRoZXJlIGlzIGEgc2VjdGlvbiBvbiBtYXBwaW5nIHN5c3RlbSBzZWN1cml0eSByZXF1
aXJlbWVudHMgdGhhdCBzcGVjaWZpY2FsbHkgY292ZXIgDQp0aGlzIGNhc2UuDQoNCk9uZSBvZiB0
aGUgcXVlc3Rpb25zIHRoYXQgY29tZXMgdG8gbWluZCBpcyB3aGV0aGVyIHRoZSByb2J1c3RuZXNz
IG9mIHN1Y2ggYSBtYXBwaW5nIHN5c3RlbSBzaG91bGQgZHJvcC90aHJvdHRsZSByZXNwb25zZXMg
d2hlbiBpdCBpcyANCk92ZXJsb2FkZWQgb3Igc2hvdWxkIHdlIGV4cGVjdCBpdCBhbHdheXMgdG8g
aGFuZGxlIHRoZSBsb2FkIG5vIG1hdHRlciB3aGF0Pw0KV2hpbGUgd2UgZG8gcHJvcG9zZSB0byBy
YXRlLWxpbWl0IHRoZSBtZXNzYWdlcyBpbiB0aGUgcHJvYmxlbSBzdGF0ZW1lbnQsIGlzbid0IHRo
aXMgcGxheWluZyBpbnRvIHRoZSBoYW5kcyBvZiB0aGUgYXR0YWNrZXJzPw0KDQpSZXF1ZXN0aW5n
IGZlZWRiYWNrIGZyb20gdGhlIGxpc3QgYW5kIGNjaW5nIHdnIHdpdGggZXhwZXJ0aXNlIGluIHRo
ZSBhcmVhIG9yIGludGVyZXN0IGluIG1hcHBpbmcgc3lzdGVtIHRlY2hub2xvZ3kuDQoNClRoYW5r
cyBpbiBhZHZhbmNlDQpQYWRtYQ0KDQpCZWxvdyBhbiBleGNlcnB0IGZyb20gdGhlIGRyYWZ0DQo2
LjQuICBNYXBwaW5nIFN5c3RlbSBTZWN1cml0eQ0KDQogICBUaGUgc2VjdXJlIG1hcHBpbmcgc3lz
dGVtIG11c3QgaGF2ZSB0aGUgZm9sbG93aW5nIHJlcXVpcmVtZW50czoNCg0KICAgMS4gIFRoZSBj
b21wb25lbnRzIG9mIHRoZSBtYXBwaW5nIHN5c3RlbSBuZWVkIHRvIGJlIHJvYnVzdCBhZ2FpbnN0
DQogICAgICAgZGlyZWN0IGFuZCBpbmRpcmVjdCBhdHRhY2tzLiAgSWYgYW55IGNvbXBvbmVudCBp
cyBhdHRhY2tlZCwgdGhlDQogICAgICAgcmVzdCBvZiB0aGUgc3lzdGVtIHNob3VsZCBhY3Qgd2l0
aCBpbnRlZ3JpdHkgYW5kIHNjYWxlIGFuZCBvbmx5DQogICAgICAgdGhlIGluZm9ybWF0aW9uIGFz
c29jaWF0ZWQgd2l0aCB0aGUgY29tcHJvbWlzZWQgY29tcG9uZW50IGlzIG1hZGUNCiAgICAgICB1
bmF2YWlsYWJsZS4NCg0KICAgMi4gIFRoZSBhZGRpdGlvbiBhbmQgcmVtb3ZhbCBvZiBjb21wb25l
bnRzIG9mIHRoZSBtYXBwaW5nIHN5c3RlbSBtdXN0DQogICAgICAgYmUgcGVyZm9ybWVkIGluIGEg
c2VjdXJlIG1hdHRlciBzbyBhcyB0byBub3QgdmlvbGF0ZSB0aGUNCiAgICAgICBpbnRlZ3JpdHkg
YW5kIG9wZXJhdGlvbiBvZiB0aGUgc3lzdGVtIGFuZCBzZXJ2aWNlIGl0IHByb3ZpZGVzLg0KDQog
ICAzLiAgVGhlIGluZm9ybWF0aW9uIHJldHVybmVkIGJ5IGNvbXBvbmVudHMgb2YgdGhlIG1hcHBp
bmcgc3lzdGVtDQogICAgICAgbmVlZHMgdG8gYmUgYXV0aGVudGljYXRlZCBhcyB0byBkZXRlY3Qg
c3Bvb2ZpbmcgZnJvbQ0KICAgICAgIG1hc3F1ZXJhZGVycy4NCg0KICAgNC4gIEluZm9ybWF0aW9u
IHJlZ2lzdGVyZWQgKGJ5IHB1Ymxpc2hlcnMpIHRvIHRoZSBtYXBwaW5nIHN5c3RlbSBtdXN0DQog
ICAgICAgYmUgYXV0aGVudGljYXRlZCBzbyB0aGUgcmVnaXN0ZXJpbmcgZW50aXR5IG9yIHRoZSBp
bmZvcm1hdGlvbiBpcw0KICAgICAgIG5vdCBzcG9vZmVkLg0KDQogICA1LiAgVGhlIG1hcHBpbmcg
c3lzdGVtIG11c3QgYWxsb3cgcmVxdWVzdCBhY2Nlc3MgKGZvciBzdWJzY3JpYmVycykgdG8NCiAg
ICAgICBiZSBvcGVuIGFuZCBwdWJsaWMuICBIb3dldmVyLCBpdCBpcyBvcHRpb25hbCB0byBwcm92
aWRlDQogICAgICAgY29uZmlkZW50aWFsaXR5IGFuZCBhdXRoZW50aWNhdGlvbiBvZiB0aGUgcmVx
dWVzdGVycyBhbmQgdGhlDQogICAgICAgaW5mb3JtYXRpb24gdGhleSBhcmUgcmVxdWVzdGluZy4N
Cg0KICAgNi4gIEFueSBpbmZvcm1hdGlvbiBwcm92aWRlZCBieSBjb21wb25lbnRzIG9mIHRoZSBt
YXBwaW5nIHN5c3RlbSBtdXN0DQogICAgICAgYmUgY3J5cHRvZ3JhcGhpY2FsbHkgc2lnbmVkIGJ5
IHRoZSBwcm92aWRlciBhbmQgdmVyaWZpZWQgYnkgdGhlDQogICAgICAgY29uc3VtZXIuDQoNCiAg
IDcuICBNZXNzYWdlIHJhdGUtbGltaXRpbmcgYW5kIG90aGVyIGhldXJpc3RpY3MgbXVzdCBiZSBw
YXJ0IG9mIHRoZQ0KICAgICAgIGZvdW5kYXRpb25hbCBzdXBwb3J0IG9mIHRoZSBtYXBwaW5nIHN5
c3RlbSB0byBwcm90ZWN0IHRoZSBzeXN0ZW0NCiAgICAgICBmcm9tIGludmFsaWQgb3ZlcmxvYWRl
ZCBjb25kaXRpb25zLg0KDQogICA4LiAgVGhlIG1hcHBpbmcgc3lzdGVtIHNob3VsZCBzdXBwb3J0
IHNvbWUgZm9ybSBvZiBwcm92aXNpb25lZA0KICAgICAgIHBvbGljeS4gIEVpdGhlciBpbnRlcm5h
bCB0byB0aGUgc3lzdGVtIG9yIHZpYSBtZWNoYW5pc21zIGZvcg0KICAgICAgIHVzZXJzIG9mIHRo
ZSBzeXN0ZW0gdG8gZGVzY3JpYmUgcG9saWN5IHJ1bGVzLiAgQWNjZXNzIGNvbnRyb2wNCiAgICAg
ICBzaG91bGQgbm90IHVzZSB0cmFkaXRpb25hbCBncmFudWxhci1iYXNlZCBhY2Nlc3MgbGlzdHMg
c2luY2UgdGhleQ0KICAgICAgIGRvIG5vdCBzY2FsZSBhbmQgYXJlIGhhcmQgdG8gbWFuYWdlLiAg
QnkgdGhlIHVzZSBvZiB0b2tlbi0gb3INCiAgICAgICBrZXktIGJhc2VkIGF1dGhlbnRpY2F0aW9u
IG1ldGhvZHMgYXMgd2VsbCBhcyBkZXBsb3lpbmcgbXVsdGlwbGUNCiAgICAgICBpbnN0YW5jZXMg
b2YgdGhlIG1hcHBpbmcgc3lzdGVtIHdpbGwgYWxsb3cgYWNjZXB0YWJsZSBwb2xpY3kNCiAgICAg
ICBwcm9maWxlcy4gIE1hY2hpbmUgbGVhcm5pbmcgdGVjaG5pcXVlcyBjb3VsZCBhdXRvbWF0ZSB0
aGVzZQ0KICAgICAgIG1lY2hhbmlzbXMuDQoNCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0N
CkZyb206IElFVEYtQW5ub3VuY2UgW21haWx0bzppZXRmLWFubm91bmNlLWJvdW5jZXNAaWV0Zi5v
cmddIE9uIEJlaGFsZiBPZiBJRVRGIENoYWlyDQpTZW50OiBGcmlkYXksIE9jdG9iZXIgMjgsIDIw
MTYgOToyMSBBTQ0KVG86IElFVEYgQW5ub3VuY2VtZW50IExpc3QNCkNjOiBpZXRmQGlldGYub3Jn
DQpTdWJqZWN0OiBUZWNobmljYWwgcGxlbmFyeTogQXR0YWNrcyBhZ2FpbnN0IHRoZSBhcmNoaXRl
Y3R1cmUNCg0KVGhlIHRlY2huaWNhbCBwbGVuYXJ5IGluIFNlb3VsIHdpbGwgYmUgYWJvdXQgdGhl
IHJlY2VudCBEZW5pYWwtb2YtU2VydmljZQ0KYXR0YWNrcyBpbnZvbHZpbmcgdGhlIHVzZSBvZiBj
b21wcm9taXNlZCBvciBtaXNjb25maWd1cmVkIG5vZGVzIG9yIA0K4oCcdGhpbmdz4oCdLCBhbmQg
dGhlIGFyY2hpdGVjdHVyYWwgaXNzdWVzIGFzc29jaWF0ZWQgd2l0aCB0aGUgbmV0d29yaw0KYmVp
bmcgdnVsbmVyYWJsZSB0byB0aGVzZSBhdHRhY2tzLg0KDQpTZWUNCg0KICBodHRwczovL3d3dy5p
ZXRmLm9yZy9ibG9nLzIwMTYvMTAvYXR0YWNrLWFnYWluc3QtdGhlLWFyY2hpdGVjdHVyZS8NCg0K
YW5kIGpvaW4gdXMgZm9yIHRoZSBkaXNjdXNzaW9uIG9uIFdlZG5lc2RheSAxNjo0MC0xOToxMCwg
Tm92ZW1iZXIgMTYsDQoyMDE2IGVpdGhlciBpbiBwZXJzb24gb3IgcmVtb3RlbHkuIFlvdSBjYW4g
cmVnaXN0ZXIgZm9yIHRoZSBtZWV0aW5nIGhlcmU6IA0KDQogIGh0dHBzOi8vd3d3LmlldGYub3Jn
L21lZXRpbmcvOTcvaW5kZXguaHRtbA0KDQpKYXJpIEFya2tvLCBJRVRGIENoYWlyDQoNCg==


From nobody Fri Oct 28 20:15:10 2016
Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 149DD129482; Fri, 28 Oct 2016 20:15:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level: 
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yxXB5D4m4eBO; Fri, 28 Oct 2016 20:15:04 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BBC2B129424; Fri, 28 Oct 2016 20:15:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id ABE0F240F6F; Fri, 28 Oct 2016 20:15:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1477710903; bh=oxlNDvudICIglGfbR/oc+0SsXKYFkKIQ/JbU9EBxnuo=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=YamAHn3j4zXvno7HCQCbr6blqrZMmjb06F3o4rMJX+W8uAkK7hvPlMV6plJinKOVM y1WzkopghOhcKWHcDTG4oW7Z8S+ntd3NRcgHVgy9w02g/g3WBXASA4YsisZeacr2c+ DWcq2varePWEB6LM2jB4hU7N6NOxajlHz1Jrjb9Q=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id 1A900240828; Fri, 28 Oct 2016 20:15:03 -0700 (PDT)
To: Padmadevi Pillay Esnault <padma@huawei.com>, "ideas@ietf.org" <ideas@ietf.org>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com>
Date: Fri, 28 Oct 2016 23:15:28 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/w4eeZo55kfyWiune1zfSLgf6eWU>
Cc: "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 03:15:06 -0000

There are some preliminary thoughts on overload issues in the security 
considerations of draft-ietf-lisp-introduction.

I will also be curious to see what the presentations at the technical 
plenary in Seoul have to suggest on the issue, if anything.

There probably is more with considering.

Yours,
Joel

On 10/28/16 7:39 PM, Padmadevi Pillay Esnault wrote:
> The recent Denial-of-service attacks is a scenario we should have in mind when building robustness in the network mapping system.
> In draft-padma-ideas-problem-statement-00.txt, there is a section on mapping system security requirements that specifically cover
> this case.
>
> One of the questions that comes to mind is whether the robustness of such a mapping system should drop/throttle responses when it is
> Overloaded or should we expect it always to handle the load no matter what?
> While we do propose to rate-limit the messages in the problem statement, isn't this playing into the hands of the attackers?
>
> Requesting feedback from the list and ccing wg with expertise in the area or interest in mapping system technology.
>
> Thanks in advance
> Padma
>
> Below an excerpt from the draft
> 6.4.  Mapping System Security
>
>    The secure mapping system must have the following requirements:
>
>    1.  The components of the mapping system need to be robust against
>        direct and indirect attacks.  If any component is attacked, the
>        rest of the system should act with integrity and scale and only
>        the information associated with the compromised component is made
>        unavailable.
>
>    2.  The addition and removal of components of the mapping system must
>        be performed in a secure matter so as to not violate the
>        integrity and operation of the system and service it provides.
>
>    3.  The information returned by components of the mapping system
>        needs to be authenticated as to detect spoofing from
>        masqueraders.
>
>    4.  Information registered (by publishers) to the mapping system must
>        be authenticated so the registering entity or the information is
>        not spoofed.
>
>    5.  The mapping system must allow request access (for subscribers) to
>        be open and public.  However, it is optional to provide
>        confidentiality and authentication of the requesters and the
>        information they are requesting.
>
>    6.  Any information provided by components of the mapping system must
>        be cryptographically signed by the provider and verified by the
>        consumer.
>
>    7.  Message rate-limiting and other heuristics must be part of the
>        foundational support of the mapping system to protect the system
>        from invalid overloaded conditions.
>
>    8.  The mapping system should support some form of provisioned
>        policy.  Either internal to the system or via mechanisms for
>        users of the system to describe policy rules.  Access control
>        should not use traditional granular-based access lists since they
>        do not scale and are hard to manage.  By the use of token- or
>        key- based authentication methods as well as deploying multiple
>        instances of the mapping system will allow acceptable policy
>        profiles.  Machine learning techniques could automate these
>        mechanisms.
>
>
> -----Original Message-----
> From: IETF-Announce [mailto:ietf-announce-bounces@ietf.org] On Behalf Of IETF Chair
> Sent: Friday, October 28, 2016 9:21 AM
> To: IETF Announcement List
> Cc: ietf@ietf.org
> Subject: Technical plenary: Attacks against the architecture
>
> The technical plenary in Seoul will be about the recent Denial-of-Service
> attacks involving the use of compromised or misconfigured nodes or
> “things”, and the architectural issues associated with the network
> being vulnerable to these attacks.
>
> See
>
>   https://www.ietf.org/blog/2016/10/attack-against-the-architecture/
>
> and join us for the discussion on Wednesday 16:40-19:10, November 16,
> 2016 either in person or remotely. You can register for the meeting here:
>
>   https://www.ietf.org/meeting/97/index.html
>
> Jari Arkko, IETF Chair
>
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
>


From nobody Sat Oct 29 08:40:41 2016
Return-Path: <padma.ietf@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58DF31293D9; Sat, 29 Oct 2016 08:40:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HZT1fv0yVvDm; Sat, 29 Oct 2016 08:40:37 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 893FD1293EE; Sat, 29 Oct 2016 08:40:37 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id o68so119844428qkf.3; Sat, 29 Oct 2016 08:40:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=qn2qR/N/SoaLCLcUFzo5tt+QT3j+GsYK9/vq7zri1mw=; b=If34HL2ALt+1z6ulgG8bnUNm4UernphmJsiW0xX915Mv8d9SDGShl+ZmjFMHQdfqfM dbuBtJFCeVkDDIX16fL5wENLi+jxWrsYB8qfd2S1q4+Y+YaRpyZoT0+0YyIj/EaQ6aiG fWAHakEzP8tLz+12saadpU6TDS+6G/HdXqn37zjDluxCQt1v2Ojbj5F9R7OXDhKTpAC6 KPwl2yKe1ktYDTOK4HV9MImKD+kKyvy0AwevnmMuqIMEnP9oUqH5SMl+BcJPTq0byG85 ZQL/t2A4PsJq48G2kyj4To+5PNykpP3NfPCcWPjrQ7ZNJhE7wlW0FDrwqjaNWhWxiBtS tTyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=qn2qR/N/SoaLCLcUFzo5tt+QT3j+GsYK9/vq7zri1mw=; b=YCvGiMk/y0uoyeHDYxaoIGVKzDXu0SJWk8iMvJtVs4nHLnuPqhe1c6ZvRheuIySV1n 807bOOuxAAdjf6ciW7SfIX27Jq8sAljrH3eB+YGe6zblcXntmANKDOQuc3K0Q+QIJ/1u HHhLFE5kRFa7J76Iwjkwd5VkawkMnQ+1uTM+4DcP+NJ/ZJ7jUKPJUQcRviKs2xmn5Emj PhSL1jzXPJ+X9NXYhM3vp6ZbZ8xjiWZu4aDpo5WN0qnWrVI9tqfaK+7oifDVmJ9ekbse A9pXtvMX2zRzDs0UpvNIoYsJVGNT8OYy5M/rIfitgd9rGMMy18fmpB1X+ox5egZaoF+n mskQ==
X-Gm-Message-State: ABUngveIksmkMYa2IfYu8lAQlFlWD+xcsSw0+8c594n9R+/7IxHVdL2Op/HlgRMugxsRkHYR9hLjbg/zzGNyiA==
X-Received: by 10.55.188.193 with SMTP id m184mr15517791qkf.129.1477755636530;  Sat, 29 Oct 2016 08:40:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.38.15 with HTTP; Sat, 29 Oct 2016 08:40:36 -0700 (PDT)
In-Reply-To: <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com>
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
Date: Sat, 29 Oct 2016 08:40:36 -0700
Message-ID: <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Content-Type: multipart/alternative; boundary=94eb2c0430a6c7c167054002cb6d
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/VsPVxRZXULL-xvEppnrVHTCodpc>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 15:40:40 -0000

--94eb2c0430a6c7c167054002cb6d
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Joel

The security section has the following recommendations for overload issues
1. Rate limit the sending of messages to the mapping system.
2.To improve resiliency and reduce the overall number of messages
exchanged, LISP offers the possibility to leak information, such as reachab=
ilty
of locators, directly into data plane packets
3. Using trustable Map-Servers that strictly respect [RFC6833] and the
lightweight authentication mechanism proposed byLISP-Sec
[I-D.ietf-lisp-sec] reduces the risk of attacks

Here are the potential problems I see with these
1. Rate limiting messages has the same result the DDOS attack was aiming at=
.
2. Leaking the information may have consequences for the privacy unless we
are using ephemeral EIDs
3. We can trick the system to legitimately make a lot of updates. For
example a large number of IDs distributed that keep on registering that
they have changed locations frequently and an equally large number of
devices trying to access them.

There has been a lot of digital ink about IoT devices being vulnerable to
be compromised and that the sheer number of devices (several billions) to
be the easy target for bonnets.  Discussions about use of rfc2728 or how
ISP could handle these attacks. It is a difficult problem to solve and in
the end we are pushing the responsibility to other entities to do the right
thing ...

In section 5 of draft-padma-ideas-problem-statement, there is a section in
the table which specifically discuss about the structure of IDs and whether
we should used them for specific classes or as the Network Mapping system
is proposing to attach metadata to ID.

I am inclined to think if we can give ID some inherent class which can
restrict what these devices can do. Why would a fridge ever try to access a
bank account unless something is seriously wrong? In the case of IoT, it
would have been possible to drop request from a camera or sensor requesting
to map netflix or twitter.

With IP addresses, it is difficult to differentiate who is what.
Structured IDs allocations or metadata in the NMS may be an opportunity to
simplify some of this operational complexity.

Thoughts?
Padma



On Fri, Oct 28, 2016 at 8:15 PM, Joel M. Halpern <jmh@joelhalpern.com>
wrote:

> There are some preliminary thoughts on overload issues in the security
> considerations of draft-ietf-lisp-introduction.
>
> I will also be curious to see what the presentations at the technical
> plenary in Seoul have to suggest on the issue, if anything.
>
> There probably is more with considering.
>
> Yours,
> Joel
>
>
> On 10/28/16 7:39 PM, Padmadevi Pillay Esnault wrote:
>
>> The recent Denial-of-service attacks is a scenario we should have in min=
d
>> when building robustness in the network mapping system.
>> In draft-padma-ideas-problem-statement-00.txt, there is a section on
>> mapping system security requirements that specifically cover
>> this case.
>>
>> One of the questions that comes to mind is whether the robustness of suc=
h
>> a mapping system should drop/throttle responses when it is
>> Overloaded or should we expect it always to handle the load no matter
>> what?
>> While we do propose to rate-limit the messages in the problem statement,
>> isn't this playing into the hands of the attackers?
>>
>> Requesting feedback from the list and ccing wg with expertise in the are=
a
>> or interest in mapping system technology.
>>
>> Thanks in advance
>> Padma
>>
>> Below an excerpt from the draft
>> 6.4.  Mapping System Security
>>
>>    The secure mapping system must have the following requirements:
>>
>>    1.  The components of the mapping system need to be robust against
>>        direct and indirect attacks.  If any component is attacked, the
>>        rest of the system should act with integrity and scale and only
>>        the information associated with the compromised component is made
>>        unavailable.
>>
>>    2.  The addition and removal of components of the mapping system must
>>        be performed in a secure matter so as to not violate the
>>        integrity and operation of the system and service it provides.
>>
>>    3.  The information returned by components of the mapping system
>>        needs to be authenticated as to detect spoofing from
>>        masqueraders.
>>
>>    4.  Information registered (by publishers) to the mapping system must
>>        be authenticated so the registering entity or the information is
>>        not spoofed.
>>
>>    5.  The mapping system must allow request access (for subscribers) to
>>        be open and public.  However, it is optional to provide
>>        confidentiality and authentication of the requesters and the
>>        information they are requesting.
>>
>>    6.  Any information provided by components of the mapping system must
>>        be cryptographically signed by the provider and verified by the
>>        consumer.
>>
>>    7.  Message rate-limiting and other heuristics must be part of the
>>        foundational support of the mapping system to protect the system
>>        from invalid overloaded conditions.
>>
>>    8.  The mapping system should support some form of provisioned
>>        policy.  Either internal to the system or via mechanisms for
>>        users of the system to describe policy rules.  Access control
>>        should not use traditional granular-based access lists since they
>>        do not scale and are hard to manage.  By the use of token- or
>>        key- based authentication methods as well as deploying multiple
>>        instances of the mapping system will allow acceptable policy
>>        profiles.  Machine learning techniques could automate these
>>        mechanisms.
>>
>>
>> -----Original Message-----
>> From: IETF-Announce [mailto:ietf-announce-bounces@ietf.org] On Behalf Of
>> IETF Chair
>> Sent: Friday, October 28, 2016 9:21 AM
>> To: IETF Announcement List
>> Cc: ietf@ietf.org
>> Subject: Technical plenary: Attacks against the architecture
>>
>> The technical plenary in Seoul will be about the recent Denial-of-Servic=
e
>> attacks involving the use of compromised or misconfigured nodes or
>> =E2=80=9Cthings=E2=80=9D, and the architectural issues associated with t=
he network
>> being vulnerable to these attacks.
>>
>> See
>>
>>   https://www.ietf.org/blog/2016/10/attack-against-the-architecture/
>>
>> and join us for the discussion on Wednesday 16:40-19:10, November 16,
>> 2016 either in person or remotely. You can register for the meeting here=
:
>>
>>   https://www.ietf.org/meeting/97/index.html
>>
>> Jari Arkko, IETF Chair
>>
>> _______________________________________________
>> lisp mailing list
>> lisp@ietf.org
>> https://www.ietf.org/mailman/listinfo/lisp
>>
>>
> _______________________________________________
> Ideas mailing list
> Ideas@ietf.org
> https://www.ietf.org/mailman/listinfo/ideas
>

--94eb2c0430a6c7c167054002cb6d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Joel<div><br></div><div>The security section has the fo=
llowing recommendations for overload issues</div><div>1. R<span style=3D"co=
lor:rgb(0,0,0);white-space:pre-wrap">ate limit the sending </span><span sty=
le=3D"color:rgb(0,0,0);white-space:pre-wrap">of messages to the mapping sys=
tem.</span></div><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap"=
>2.</span><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">To improve =
resiliency and reduce the overall number of messages</span><span style=3D"c=
olor:rgb(0,0,0);white-space:pre-wrap"> exchanged, LISP offers the possibili=
ty to leak information, such as </span><span style=3D"color:rgb(0,0,0);whit=
e-space:pre-wrap">reachabilty of locators, directly into data plane packets=
</span></div><div><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">3. =
</span><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">Using trustabl=
e Map-Servers that strictly respect </span><span style=3D"color:rgb(0,0,0);=
white-space:pre-wrap">[RFC6833] and the lightweight authentication mechanis=
m proposed by</span><span style=3D"color:rgb(0,0,0);white-space:pre-wrap">L=
ISP-Sec [I-D.ietf-lisp-sec] reduces the risk of attacks</span></div><div><b=
r></div><div><font color=3D"#000000"><span style=3D"white-space:pre-wrap">H=
ere are the potential problems I see with these</span></font></div><div><fo=
nt color=3D"#000000"><span style=3D"white-space:pre-wrap">1. Rate limiting =
messages has the same result the DDOS attack was aiming at.</span></font></=
div><div><font color=3D"#000000"><span style=3D"white-space:pre-wrap">2. Le=
aking the information may have consequences for the privacy unless we are u=
sing ephemeral EIDs</span></font></div><div><font color=3D"#000000"><span s=
tyle=3D"white-space:pre-wrap">3. We can trick the system to legitimately ma=
ke a lot of updates. For example a large number of IDs distributed that kee=
p on registering that they have changed locations frequently and an equally=
 large number of devices trying to access them.</span></font></div><div><br=
></div><div>There has been a lot of digital ink about IoT devices being vul=
nerable to be compromised and that the sheer number of devices (several bil=
lions) to be the easy target for bonnets.=C2=A0 Discussions about use of rf=
c2728 or how ISP could handle these attacks. It is a difficult problem to s=
olve and in the end we are pushing the responsibility to other entities to =
do the right thing ... =C2=A0</div><div><br></div><div><div>I<span style=3D=
"white-space:pre-wrap;color:rgb(0,0,0)">n section 5 of draft-padma-ideas-pr=
oblem-statement, there is a section in the table which specifically discuss=
 about the structure of IDs and whether we should used them for specific cl=
asses or as the Network Mapping system is proposing to attach metadata to I=
D.</span></div></div><div><font color=3D"#000000"><span style=3D"white-spac=
e:pre-wrap"><br></span></font></div><div>I am inclined to think if we can g=
ive ID some inherent class which can restrict what these devices can do. Wh=
y would a fridge ever try to access a bank account unless something is seri=
ously wrong? In the case of IoT, it would have been possible to drop reques=
t from a camera or sensor requesting to map netflix or twitter.=C2=A0</div>=
<div><br></div><div>With IP addresses, it is difficult to differentiate who=
 is what.</div><div>Structured IDs allocations or metadata in the NMS may b=
e an opportunity to simplify some of this operational complexity.</div><div=
><br></div><div>Thoughts?</div><div>Padma</div><div><br></div><div><br></di=
v></div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Fri, O=
ct 28, 2016 at 8:15 PM, Joel M. Halpern <span dir=3D"ltr">&lt;<a href=3D"ma=
ilto:jmh@joelhalpern.com" target=3D"_blank">jmh@joelhalpern.com</a>&gt;</sp=
an> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;=
border-left:1px #ccc solid;padding-left:1ex">There are some preliminary tho=
ughts on overload issues in the security considerations of draft-ietf-lisp-=
introduction.<br>
<br>
I will also be curious to see what the presentations at the technical plena=
ry in Seoul have to suggest on the issue, if anything.<br>
<br>
There probably is more with considering.<br>
<br>
Yours,<br>
Joel<div><div class=3D"h5"><br>
<br>
On 10/28/16 7:39 PM, Padmadevi Pillay Esnault wrote:<br>
</div></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><div><div class=3D"h5">
The recent Denial-of-service attacks is a scenario we should have in mind w=
hen building robustness in the network mapping system.<br>
In draft-padma-ideas-problem-stat<wbr>ement-00.txt, there is a section on m=
apping system security requirements that specifically cover<br>
this case.<br>
<br>
One of the questions that comes to mind is whether the robustness of such a=
 mapping system should drop/throttle responses when it is<br>
Overloaded or should we expect it always to handle the load no matter what?=
<br>
While we do propose to rate-limit the messages in the problem statement, is=
n&#39;t this playing into the hands of the attackers?<br>
<br>
Requesting feedback from the list and ccing wg with expertise in the area o=
r interest in mapping system technology.<br>
<br>
Thanks in advance<br>
Padma<br>
<br>
Below an excerpt from the draft<br>
6.4.=C2=A0 Mapping System Security<br>
<br>
=C2=A0 =C2=A0The secure mapping system must have the following requirements=
:<br>
<br>
=C2=A0 =C2=A01.=C2=A0 The components of the mapping system need to be robus=
t against<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0direct and indirect attacks.=C2=A0 If any compon=
ent is attacked, the<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0rest of the system should act with integrity and=
 scale and only<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0the information associated with the compromised =
component is made<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0unavailable.<br>
<br>
=C2=A0 =C2=A02.=C2=A0 The addition and removal of components of the mapping=
 system must<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0be performed in a secure matter so as to not vio=
late the<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0integrity and operation of the system and servic=
e it provides.<br>
<br>
=C2=A0 =C2=A03.=C2=A0 The information returned by components of the mapping=
 system<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0needs to be authenticated as to detect spoofing =
from<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0masqueraders.<br>
<br>
=C2=A0 =C2=A04.=C2=A0 Information registered (by publishers) to the mapping=
 system must<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0be authenticated so the registering entity or th=
e information is<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0not spoofed.<br>
<br>
=C2=A0 =C2=A05.=C2=A0 The mapping system must allow request access (for sub=
scribers) to<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0be open and public.=C2=A0 However, it is optiona=
l to provide<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0confidentiality and authentication of the reques=
ters and the<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0information they are requesting.<br>
<br>
=C2=A0 =C2=A06.=C2=A0 Any information provided by components of the mapping=
 system must<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0be cryptographically signed by the provider and =
verified by the<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0consumer.<br>
<br>
=C2=A0 =C2=A07.=C2=A0 Message rate-limiting and other heuristics must be pa=
rt of the<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0foundational support of the mapping system to pr=
otect the system<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0from invalid overloaded conditions.<br>
<br>
=C2=A0 =C2=A08.=C2=A0 The mapping system should support some form of provis=
ioned<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0policy.=C2=A0 Either internal to the system or v=
ia mechanisms for<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0users of the system to describe policy rules.=C2=
=A0 Access control<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0should not use traditional granular-based access=
 lists since they<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0do not scale and are hard to manage.=C2=A0 By th=
e use of token- or<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0key- based authentication methods as well as dep=
loying multiple<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0instances of the mapping system will allow accep=
table policy<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0profiles.=C2=A0 Machine learning techniques coul=
d automate these<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0mechanisms.<br>
<br>
<br>
-----Original Message-----<br>
From: IETF-Announce [mailto:<a href=3D"mailto:ietf-announce-bounces@ietf.or=
g" target=3D"_blank">ietf-announce-bounces@<wbr>ietf.org</a>] On Behalf Of =
IETF Chair<br>
Sent: Friday, October 28, 2016 9:21 AM<br>
To: IETF Announcement List<br>
Cc: <a href=3D"mailto:ietf@ietf.org" target=3D"_blank">ietf@ietf.org</a><br=
>
Subject: Technical plenary: Attacks against the architecture<br>
<br>
The technical plenary in Seoul will be about the recent Denial-of-Service<b=
r>
attacks involving the use of compromised or misconfigured nodes or<br>
=E2=80=9Cthings=E2=80=9D, and the architectural issues associated with the =
network<br>
being vulnerable to these attacks.<br>
<br>
See<br>
<br>
=C2=A0 <a href=3D"https://www.ietf.org/blog/2016/10/attack-against-the-arch=
itecture/" rel=3D"noreferrer" target=3D"_blank">https://www.ietf.org/blog/2=
016<wbr>/10/attack-against-the-archite<wbr>cture/</a><br>
<br>
and join us for the discussion on Wednesday 16:40-19:10, November 16,<br>
2016 either in person or remotely. You can register for the meeting here:<b=
r>
<br>
=C2=A0 <a href=3D"https://www.ietf.org/meeting/97/index.html" rel=3D"norefe=
rrer" target=3D"_blank">https://www.ietf.org/meeting/9<wbr>7/index.html</a>=
<br>
<br>
Jari Arkko, IETF Chair<br>
<br>
______________________________<wbr>_________________<br></div></div>
lisp mailing list<br>
<a href=3D"mailto:lisp@ietf.org" target=3D"_blank">lisp@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/lisp" rel=3D"noreferrer" t=
arget=3D"_blank">https://www.ietf.org/mailman/l<wbr>istinfo/lisp</a><br>
<br>
</blockquote><div class=3D"HOEnZb"><div class=3D"h5">
<br>
______________________________<wbr>_________________<br>
Ideas mailing list<br>
<a href=3D"mailto:Ideas@ietf.org" target=3D"_blank">Ideas@ietf.org</a><br>
<a href=3D"https://www.ietf.org/mailman/listinfo/ideas" rel=3D"noreferrer" =
target=3D"_blank">https://www.ietf.org/mailman/l<wbr>istinfo/ideas</a><br>
</div></div></blockquote></div><br></div>

--94eb2c0430a6c7c167054002cb6d--


From nobody Sat Oct 29 09:02:46 2016
Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C62541295C5; Sat, 29 Oct 2016 09:02:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level: 
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=joelhalpern.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIVOySnB4gsS; Sat, 29 Oct 2016 09:02:42 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C69B6129536; Sat, 29 Oct 2016 09:02:42 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id AE3A624261A; Sat, 29 Oct 2016 09:02:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelhalpern.com; s=1.tigertech; t=1477756962; bh=xuv/Z1tRrNCqH3or3+O3L+Tzou5w021N7XJEdRNXiRU=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=HBiOwE77BquAN9RoYDlXKnI8ryhMMyfJ1tVtWWgyAQ54ExXZzu9ki3BrJgT+VrQi7 BDWFYIsptcI10cO8Jfy+SaprQbtIWADjqI5vA4hmH/L7E0+oAHz0wbBG0rj/9TcvhE 3CobZvPOODCZp8hE+ynrtLswJ7Wl3LzN6jSf65fY=
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (209-255-163-147.ip.mcleodusa.net [209.255.163.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id ECE92241298; Sat, 29 Oct 2016 09:02:41 -0700 (PDT)
To: Padma Pillay-Esnault <padma.ietf@gmail.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com>
From: "Joel M. Halpern" <jmh@joelhalpern.com>
Message-ID: <9147701f-8395-7b2e-d370-111200ce2656@joelhalpern.com>
Date: Sat, 29 Oct 2016 12:03:13 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/wqoXb73mrUCwyD-lPMHsGhR0nKI>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 16:02:45 -0000

Remember that with LISP, the mapping system is somewhat insulated due to 
the fact that queries are only accepted from MR, not directly from 
anything claiming to be an ITR.  And it is normally expected that the 
association between mapping system internals and MR/MS is authenticated 
(otherwise there are lots of other issues.)

This does not provide complete protection, as there are many situations 
where the MR does not have  an authentication relationship with the 
querying ITR.  Having said that, it can be noted that in many cases 
there is such a relationship.  Such a relationship prevents a random 
outside attack.

Even when there is no such relationship, and even if the MR does not 
rate limit, an effective DoS attack would have to target multiple MR to 
cause significant difficulty.

Also, it seems to me that if all you want to do is break a single MR, 
then rate limiting is irrelevant.  In the absence of limits on who can 
query a specific MR, you can bombard it with more queries than it can 
handle and you will take it out of service.  So a rate limit helps the 
system while harming the MR capability only slightly.

Trying to infer whether an entity is allowed to undertake specific 
operations without authentication, using information such as the IP 
address, seems fraught with failure.  Trying to classify all entities 
into types (onotology?) seems unlikely to produce correct results, as 
classes are not cleanly defined.

As I said, I look forward to the technical presentation at the IETF 
meeting to see if they have any ideas that can help.  Yes, there is work 
to be done.  Putting authorization into the identity seems to be asking 
for trouble.

Yours,
Joel

On 10/29/16 11:40 AM, Padma Pillay-Esnault wrote:
> Hi Joel
>
> The security section has the following recommendations for overload issues
> 1. Rate limit the sending of messages to the mapping system.
> 2.To improve resiliency and reduce the overall number of
> messagesexchanged, LISP offers the possibility to leak information, such
> as reachabilty of locators, directly into data plane packets
> 3. Using trustable Map-Servers that strictly respect [RFC6833] and the
> lightweight authentication mechanism proposed byLISP-Sec
> [I-D.ietf-lisp-sec] reduces the risk of attacks
>
> Here are the potential problems I see with these
> 1. Rate limiting messages has the same result the DDOS attack was aiming at.
> 2. Leaking the information may have consequences for the privacy unless
> we are using ephemeral EIDs
> 3. We can trick the system to legitimately make a lot of updates. For
> example a large number of IDs distributed that keep on registering that
> they have changed locations frequently and an equally large number of
> devices trying to access them.
>
> There has been a lot of digital ink about IoT devices being vulnerable
> to be compromised and that the sheer number of devices (several
> billions) to be the easy target for bonnets.  Discussions about use of
> rfc2728 or how ISP could handle these attacks. It is a difficult problem
> to solve and in the end we are pushing the responsibility to other
> entities to do the right thing ...
>
> In section 5 of draft-padma-ideas-problem-statement, there is a section
> in the table which specifically discuss about the structure of IDs and
> whether we should used them for specific classes or as the Network
> Mapping system is proposing to attach metadata to ID.
>
> I am inclined to think if we can give ID some inherent class which can
> restrict what these devices can do. Why would a fridge ever try to
> access a bank account unless something is seriously wrong? In the case
> of IoT, it would have been possible to drop request from a camera or
> sensor requesting to map netflix or twitter.
>
> With IP addresses, it is difficult to differentiate who is what.
> Structured IDs allocations or metadata in the NMS may be an opportunity
> to simplify some of this operational complexity.
>
> Thoughts?
> Padma
>
>
>
> On Fri, Oct 28, 2016 at 8:15 PM, Joel M. Halpern <jmh@joelhalpern.com
> <mailto:jmh@joelhalpern.com>> wrote:
>
>     There are some preliminary thoughts on overload issues in the
>     security considerations of draft-ietf-lisp-introduction.
>
>     I will also be curious to see what the presentations at the
>     technical plenary in Seoul have to suggest on the issue, if anything.
>
>     There probably is more with considering.
>
>     Yours,
>     Joel
>
>
>     On 10/28/16 7:39 PM, Padmadevi Pillay Esnault wrote:
>
>         The recent Denial-of-service attacks is a scenario we should
>         have in mind when building robustness in the network mapping system.
>         In draft-padma-ideas-problem-statement-00.txt, there is a
>         section on mapping system security requirements that
>         specifically cover
>         this case.
>
>         One of the questions that comes to mind is whether the
>         robustness of such a mapping system should drop/throttle
>         responses when it is
>         Overloaded or should we expect it always to handle the load no
>         matter what?
>         While we do propose to rate-limit the messages in the problem
>         statement, isn't this playing into the hands of the attackers?
>
>         Requesting feedback from the list and ccing wg with expertise in
>         the area or interest in mapping system technology.
>
>         Thanks in advance
>         Padma
>
>         Below an excerpt from the draft
>         6.4.  Mapping System Security
>
>            The secure mapping system must have the following requirements:
>
>            1.  The components of the mapping system need to be robust
>         against
>                direct and indirect attacks.  If any component is
>         attacked, the
>                rest of the system should act with integrity and scale
>         and only
>                the information associated with the compromised component
>         is made
>                unavailable.
>
>            2.  The addition and removal of components of the mapping
>         system must
>                be performed in a secure matter so as to not violate the
>                integrity and operation of the system and service it
>         provides.
>
>            3.  The information returned by components of the mapping system
>                needs to be authenticated as to detect spoofing from
>                masqueraders.
>
>            4.  Information registered (by publishers) to the mapping
>         system must
>                be authenticated so the registering entity or the
>         information is
>                not spoofed.
>
>            5.  The mapping system must allow request access (for
>         subscribers) to
>                be open and public.  However, it is optional to provide
>                confidentiality and authentication of the requesters and the
>                information they are requesting.
>
>            6.  Any information provided by components of the mapping
>         system must
>                be cryptographically signed by the provider and verified
>         by the
>                consumer.
>
>            7.  Message rate-limiting and other heuristics must be part
>         of the
>                foundational support of the mapping system to protect the
>         system
>                from invalid overloaded conditions.
>
>            8.  The mapping system should support some form of provisioned
>                policy.  Either internal to the system or via mechanisms for
>                users of the system to describe policy rules.  Access control
>                should not use traditional granular-based access lists
>         since they
>                do not scale and are hard to manage.  By the use of token- or
>                key- based authentication methods as well as deploying
>         multiple
>                instances of the mapping system will allow acceptable policy
>                profiles.  Machine learning techniques could automate these
>                mechanisms.
>
>
>         -----Original Message-----
>         From: IETF-Announce [mailto:ietf-announce-bounces@ietf.org
>         <mailto:ietf-announce-bounces@ietf.org>] On Behalf Of IETF Chair
>         Sent: Friday, October 28, 2016 9:21 AM
>         To: IETF Announcement List
>         Cc: ietf@ietf.org <mailto:ietf@ietf.org>
>         Subject: Technical plenary: Attacks against the architecture
>
>         The technical plenary in Seoul will be about the recent
>         Denial-of-Service
>         attacks involving the use of compromised or misconfigured nodes or
>         “things”, and the architectural issues associated with the network
>         being vulnerable to these attacks.
>
>         See
>
>
>         https://www.ietf.org/blog/2016/10/attack-against-the-architecture/
>         <https://www.ietf.org/blog/2016/10/attack-against-the-architecture/>
>
>         and join us for the discussion on Wednesday 16:40-19:10,
>         November 16,
>         2016 either in person or remotely. You can register for the
>         meeting here:
>
>           https://www.ietf.org/meeting/97/index.html
>         <https://www.ietf.org/meeting/97/index.html>
>
>         Jari Arkko, IETF Chair
>
>         _______________________________________________
>         lisp mailing list
>         lisp@ietf.org <mailto:lisp@ietf.org>
>         https://www.ietf.org/mailman/listinfo/lisp
>         <https://www.ietf.org/mailman/listinfo/lisp>
>
>
>     _______________________________________________
>     Ideas mailing list
>     Ideas@ietf.org <mailto:Ideas@ietf.org>
>     https://www.ietf.org/mailman/listinfo/ideas
>     <https://www.ietf.org/mailman/listinfo/ideas>
>
>


From nobody Sat Oct 29 10:20:17 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B196312953A; Sat, 29 Oct 2016 10:20:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JW4xoJwkNic3; Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
Received: from mail-pf0-x22a.google.com (mail-pf0-x22a.google.com [IPv6:2607:f8b0:400e:c00::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 972921293E1; Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
Received: by mail-pf0-x22a.google.com with SMTP id 197so54078165pfu.0; Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wwX3VhLDoyjL6lddO7keAUr6+n13WPK7PeIM7jXrL4c=; b=Tgw3ogzIY0LLcSTRspDnMPCGH/LtRysjprNyIdonPCl+W81tFqSKzoqwijpNmy52hO 1XwDhjEJGvjhuysVAyQuJvnvajmUzQcVyEnpFJv0qaoZUgYNdEROI+k8qcQvv/Gmd7xu C6eTm+QAIdV3LyhA7+LBysxtExSBbsIruDcPli+lkEzi4HFZ/uxFdGii5HKxnZaGRjqC B5weEkPkiyWBPha39o3hKuOomAdGJPup4HSKUeO4vity8ZT425WL8pYl2n+juMdrNHo+ alUgR+d+gffgP/eL9tF2bmPBQlNZgr7snEKfavELyC6tiR8IGXOxOyHiB6FtXHK4LGn3 IJ4Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=wwX3VhLDoyjL6lddO7keAUr6+n13WPK7PeIM7jXrL4c=; b=a1yR1CKb3TgEDn0w+bxRzGSe6KLkX/JP0CJB8WzwpKqUnVQVYO6KkxtV0XZYkEfhuE dz1o2HcY+QMKB6B9yLC9Sp0WTSh/X+Vr07rglP0KpNt1tLdwZ6YhOImJGbebgp/WOLZX GMed5DOwm5wG7j78AzDw8pfaR3JFq4EMBzb+sBFvWu7EDOltFv//fw2FEgeiYoDNtmqC bc4oRfKlkzrgMtnBo8pjrQeqPXbBLSNoikpl849L7bfJs0nnqNtwAM77rGN6m5OwGf8F S6KfL2jncMT4kaegTUMC+Fsav0PDvViytZrDxy5JWdmlSdDlaEAwcb/8pyrhQmZrdCl7 Su3Q==
X-Gm-Message-State: ABUngvczgfxnwo6MYutd7fhkNsfjQPWz3bayNPnxZjNL2ADUeOsu69asoy5TFErV4lkPRQ==
X-Received: by 10.98.43.136 with SMTP id r130mr34841607pfr.171.1477761615239;  Sat, 29 Oct 2016 10:20:15 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id u17sm26271289pfa.83.2016.10.29.10.20.12 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Oct 2016 10:20:14 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com>
Date: Sat, 29 Oct 2016 10:20:10 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com>
To: Padma Pillay-Esnault <padma.ietf@gmail.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/XhiEooG_fUG1tBMFITv3xNdKUHQ>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 17:20:17 -0000

> In section 5 of draft-padma-ideas-problem-statement, there is a =
section in the table which specifically discuss about the structure of =
IDs and whether we should used them for specific classes or as the =
Network Mapping system is proposing to attach metadata to ID.

Maybe we can experiment with the EID-prefix block 2001:5::/32 from RFC =
7954/7955 to allocate sub-blocks from large regions of the world. Yes, =
geographical allocations without the issue of the past, since EIDs are =
not injected into the underlay routing and are not based on Internet =
topology.

Do this first and then decide which, say continent block is registered =
to a regional mapping system. And if an ID needs to register to multiple =
mapping systems. The mapping systems should considered to be relatively =
local in scope and may overlap.

This could help mitigate DoS attacks to a smaller (but still scalable) =
part of the infrastructure.

Dino


From nobody Sat Oct 29 10:27:57 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 358951294F3; Sat, 29 Oct 2016 10:27:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TXSPjIfR-CW2; Sat, 29 Oct 2016 10:27:54 -0700 (PDT)
Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09608129421; Sat, 29 Oct 2016 10:27:54 -0700 (PDT)
Received: by mail-pf0-x233.google.com with SMTP id s8so53850215pfj.2; Sat, 29 Oct 2016 10:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=iEoGu2hJ5HqOBkFV+MXCD2x/hmfQdTOgZ57wH8ctYJg=; b=bvDc/irTnAMFZLgOYnewKhUCSi1pB5E67yTJBfLTqMjDZ7A/bqSj1VF0oOCzzPEBVZ M+LK9soksrP9X78e+kJOytMbNIanq6RbYsutg9Yo9yZ7YeztG+xRYv8YVxbytJO6IeAF Rolax+q2ajDXm5QvqGIIgbeQM9kHKm+0ZqDPP8DLbqZ1gpUj+uPZdz/cS6wzRmmClQXU 614ytXG/Gl5v3qAH6eUY0D25UsvcpfvoLMcOxQ7kymyv5RdIEuVhHjtJ1XBgqs4ociBk Wz2Dj185Yein3chvCvJYRFkz1d28r1gMX3WZ5Sea96fBB1qSZxQOjmHzGAkQ0zZGszww cpPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=iEoGu2hJ5HqOBkFV+MXCD2x/hmfQdTOgZ57wH8ctYJg=; b=eNJwWvSZPz1vg3p0lHMpy9ttxsj3dBVj682m4CsErDl3Bc2H6XfEIsmxcuiM0sTc7v IP0f34yx8xcihuZKOQjAXSTZVqz6qZVJ9P+BC8Hr4tR0sdTnMJdLEDaYVJo1lUSjvrJc Q8CVoB9ISr+31jS3oUTgwIZ9567wwVz9SGAQq7CZPHUYL+c9PYSLw5Tc7VoWwdcxXT6Q 8dIkCZFp397fVL5fD4WQQMvM4s/TawunQrlZxTheFlKYNG6MsoUYXfzmve4n2l774I5/ Vi6HFRnULJRVc2p4i5WQrh2nO7LrAox11VZ4OyEktwZMKks/sWH7+d0YyW4HLr/qqE3h JpxA==
X-Gm-Message-State: ABUngvehxWvfENfFyRb+DsajhlQYLwgzvah26A2QK7G0AQMTbySAX/yjGw7OaHJqQwMa7Q==
X-Received: by 10.99.55.66 with SMTP id g2mr28703074pgn.65.1477762073594; Sat, 29 Oct 2016 10:27:53 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id ak3sm26412641pad.19.2016.10.29.10.27.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Oct 2016 10:27:52 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <9147701f-8395-7b2e-d370-111200ce2656@joelhalpern.com>
Date: Sat, 29 Oct 2016 10:27:48 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <EEDC8239-3906-4879-9BF0-69B5A0C5C7F8@gmail.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com> <9147701f-8395-7b2e-d370-111200ce2656@joelhalpern.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/u6aKRQPMcHTZ-0f4M-ERfWVHZZQ>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 17:27:55 -0000

> Also, it seems to me that if all you want to do is break a single MR, =
then rate limiting is irrelevant.  In the absence of limits on who can =
query a specific MR, you can bombard it with more queries than it can =
handle and you will take it out of service.  So a rate limit helps the =
system while harming the MR capability only slightly.

This is why it is important to anycast most of the MRs that will be =
deployed. So the attack sources are naturally sending, in spread out =
fashion, to a very large cluster-set of MRs. Only with a concentration =
of sources in the relatively same topoglical area with lots of bandwidth =
can be successful at a many-to-1 attack.

> Trying to infer whether an entity is allowed to undertake specific =
operations without authentication, using information such as the IP =
address, seems fraught with failure.  Trying to classify all entities =
into types (onotology?) seems unlikely to produce correct results, as =
classes are not cleanly defined.

And remember by doing signature verification or decryption, the problem =
gets worse for the MR. Because it has to use more resources when most of =
the packets are from unauthorized sources.

And white-listing 1 billion users to provide a public service minus the =
1,000,000 attackers is a white-list management nightmare/challenge.

> As I said, I look forward to the technical presentation at the IETF =
meeting to see if they have any ideas that can help.  Yes, there is work =
to be done.  Putting authorization into the identity seems to be asking =
for trouble.

Definitely.

Dino



From nobody Sat Oct 29 10:38:39 2016
Return-Path: <padma.ietf@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9431A12950B; Sat, 29 Oct 2016 10:38:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level: 
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PlVQJWYGvtjZ; Sat, 29 Oct 2016 10:38:36 -0700 (PDT)
Received: from mail-qt0-x22c.google.com (mail-qt0-x22c.google.com [IPv6:2607:f8b0:400d:c0d::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFC71129407; Sat, 29 Oct 2016 10:38:35 -0700 (PDT)
Received: by mail-qt0-x22c.google.com with SMTP id c47so6631904qtc.2; Sat, 29 Oct 2016 10:38:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/Ut+0lmGwTKn9tqgszZBLSAZeyPJM2sxQjevgWmbb/c=; b=Us+tFRkD6A7ftC+LFbxTqn0RJJdWVpCGbmvuop4hfd2ubFQG93njkAdSqIeZ9JUbOt AEGVSMYGnq8Nabx5aoQXVrUWsAjQrvPKF5UC9AZPX5rq+TBDveFvm/GgFhGLTzmgAAUc C5l9VHQZTTpwdpzsFrYr07YuxGWPxAWCGYhqOdvhB2BDEw6ZSx0FmskvUTKAdrFrWcol NgdKlfae4R4hqLGaRHKE4NSt0RxtOXE3UHHASwl5A9fsCskcGCgRR80qOkp+Cl34AgE1 4aF6YkZWojvV9pqOyqoSmKE+l2IZZHEvvFFZbKL1yDT2gE6R5ZnkNs3uR1jjK0MFei7s 9pPw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/Ut+0lmGwTKn9tqgszZBLSAZeyPJM2sxQjevgWmbb/c=; b=VgGk5bHWlplzUiqYmIKCnExtTQK92DF1oM//ylKrELvOPSco/7huhDUifMsTy5cnkx 2js4N1rZVeJd44wIDf6GlqhBl0Wx3H/3QPi9zjmWqR8W9OnIBE4sAMNeGADBq1k/ExG8 lXqnKYxKV8ROdNS+ZIwW+uhhe6+NUBCKep6DgKGJZAws1I9/Q6qFbeBAJ3ONCb0Hb8md L7tskvupUnpFDYYi0aPF3PgvRygsq2hyi4VB+0amdNfy9/Zg1ldNoxhDUQOJPJboie1N bM3rjtIbSbkf3ouXJfVs3vZSOQtazDCwH5iFXLuEtTRv79LGyuPmT6ukdyDsKs1KUP3t Bdhw==
X-Gm-Message-State: ABUngvdZSipKSjAcUUWh1Atf2YrqEylCSgA27FmFtPduvrIPE52cON5ND3+sInqrVaPXi+jW4Ey7zd0cWVzgnw==
X-Received: by 10.200.51.251 with SMTP id d56mr3214646qtb.89.1477762714897; Sat, 29 Oct 2016 10:38:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.38.15 with HTTP; Sat, 29 Oct 2016 10:38:34 -0700 (PDT)
In-Reply-To: <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com> <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com>
From: Padma Pillay-Esnault <padma.ietf@gmail.com>
Date: Sat, 29 Oct 2016 10:38:34 -0700
Message-ID: <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com>
To: Dino Farinacci <farinacci@gmail.com>
Content-Type: multipart/alternative; boundary=001a1134f2ecaf1b070540047151
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/dz8S10iu9eRItagrOnNoiHW4DtE>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 17:38:37 -0000

--001a1134f2ecaf1b070540047151
Content-Type: text/plain; charset=UTF-8

On Sat, Oct 29, 2016 at 10:20 AM, Dino Farinacci <farinacci@gmail.com>
wrote:

> > In section 5 of draft-padma-ideas-problem-statement, there is a section
> in the table which specifically discuss about the structure of IDs and
> whether we should used them for specific classes or as the Network Mapping
> system is proposing to attach metadata to ID.
>
> Maybe we can experiment with the EID-prefix block 2001:5::/32 from RFC
> 7954/7955 to allocate sub-blocks from large regions of the world. Yes,
> geographical allocations without the issue of the past, since EIDs are not
> injected into the underlay routing and are not based on Internet topology.
>


> Do this first and then decide which, say continent block is registered to
> a regional mapping system. And if an ID needs to register to multiple
> mapping systems. The mapping systems should considered to be relatively
> local in scope and may overlap.
>
> This could help mitigate DoS attacks to a smaller (but still scalable)
> part of the infrastructure.
>

 <Padma> Agree.

Thanks
Padma

>
> Dino
>
>

--001a1134f2ecaf1b070540047151
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Sat, Oct 29, 2016 at 10:20 AM, Dino Farinacci <span dir=3D"ltr">&lt;=
<a href=3D"mailto:farinacci@gmail.com" target=3D"_blank">farinacci@gmail.co=
m</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204=
);border-left-style:solid;padding-left:1ex"><span class=3D"gmail-">&gt; In =
section 5 of draft-padma-ideas-problem-<wbr>statement, there is a section i=
n the table which specifically discuss about the structure of IDs and wheth=
er we should used them for specific classes or as the Network Mapping syste=
m is proposing to attach metadata to ID.<br>
<br>
</span>Maybe we can experiment with the EID-prefix block 2001:5::/32 from R=
FC 7954/7955 to allocate sub-blocks from large regions of the world. Yes, g=
eographical allocations without the issue of the past, since EIDs are not i=
njected into the underlay routing and are not based on Internet topology.<b=
r></blockquote><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"=
margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,20=
4,204);border-left-style:solid;padding-left:1ex">
Do this first and then decide which, say continent block is registered to a=
 regional mapping system. And if an ID needs to register to multiple mappin=
g systems. The mapping systems should considered to be relatively local in =
scope and may overlap.<br>
<br>
This could help mitigate DoS attacks to a smaller (but still scalable) part=
 of the infrastructure.<br></blockquote><div><br></div><div>=C2=A0&lt;Padma=
&gt; Agree.</div><div><br></div><div>Thanks</div><div>Padma</div><blockquot=
e class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width=
:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-lef=
t:1ex">
<span class=3D"gmail-HOEnZb"><font color=3D"#888888"><br>
Dino<br>
<br>
</font></span></blockquote></div><br></div></div>

--001a1134f2ecaf1b070540047151--


From nobody Sat Oct 29 10:43:29 2016
Return-Path: <internet-drafts@ietf.org>
X-Original-To: lisp@ietf.org
Delivered-To: lisp@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BD8BA1293FF; Sat, 29 Oct 2016 10:43:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.36.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147776300877.30625.114657730845689678.idtracker@ietfa.amsl.com>
Date: Sat, 29 Oct 2016 10:43:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/zWJLe8P5zknh_69VkEoGXhfnko4>
Cc: lisp@ietf.org
Subject: [lisp] I-D Action: draft-ietf-lisp-lcaf-20.txt
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Oct 2016 17:43:29 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Locator/ID Separation Protocol of the IETF.

        Title           : LISP Canonical Address Format (LCAF)
        Authors         : Dino Farinacci
                          Dave Meyer
                          Job Snijders
	Filename        : draft-ietf-lisp-lcaf-20.txt
	Pages           : 44
	Date            : 2016-10-29

Abstract:
   This draft defines a canonical address format encoding used in LISP
   control messages and in the encoding of lookup keys for the LISP
   Mapping Database System.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lisp-lcaf/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-lisp-lcaf-20

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lisp-lcaf-20


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


From nobody Mon Oct 31 09:31:19 2016
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00393128B44; Mon, 31 Oct 2016 09:31:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level: 
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amJXxWZqLdN9; Mon, 31 Oct 2016 09:31:16 -0700 (PDT)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E7A91298B9; Mon, 31 Oct 2016 09:31:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u9VGVFKB048562; Mon, 31 Oct 2016 09:31:15 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (xch15-06-11.nw.nos.boeing.com [137.136.239.220]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u9VGVB53048540 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Mon, 31 Oct 2016 09:31:11 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (137.136.238.222) by XCH15-06-11.nw.nos.boeing.com (137.136.239.220) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 31 Oct 2016 09:31:10 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Mon, 31 Oct 2016 09:31:10 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Padma Pillay-Esnault <padma.ietf@gmail.com>, Dino Farinacci <farinacci@gmail.com>
Thread-Topic: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
Thread-Index: AQHSMfrdtNRXbsmgRk6cjS2L0R6v+aDAIsoAgAAFJACAApt/8A==
Date: Mon, 31 Oct 2016 16:31:10 +0000
Message-ID: <1fb6fb630dd345cf8bed1d8164b04dd2@XCH15-06-08.nw.nos.boeing.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com> <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com> <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com>
In-Reply-To: <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: multipart/alternative; boundary="_000_1fb6fb630dd345cf8bed1d8164b04dd2XCH150608nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/TLz0ffLdM1-HS5PVzLdNvCrb9HE>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 16:31:18 -0000

--_000_1fb6fb630dd345cf8bed1d8164b04dd2XCH150608nwnosboeingcom_
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

SGksIG9uZSBvYnNlcnZhdGlvbiBhbmQgb25lIHF1ZXN0aW9uLiBUaGUgb2JzZXJ2YXRpb24gaXMg
dGhhdCBhbnl0aGluZyBvbiB0aGUgb3Blbg0KSW50ZXJuZXQgdGhhdCBwcm92aWRlcyBhIHNlcnZp
Y2UgY2FuIGJlIHN1YmplY3QgdG8gRGVuaWFsIG9mIFNlcnZpY2Ug4oCTIGFuZCwgSSBhbSBub3QN
Cmp1c3QgdGFsa2luZyBhYm91dCB0aGUgTElTUCBtYXBwaW5nIHN5c3RlbS4gVGhlIHF1ZXN0aW9u
IGlzIGhvdyBpcyBpdCB0aGF0IHdlIGhhdmUNCm5vdCB5ZXQgc2VlbiBEb1MgYXR0YWNrcyB0YWtl
IGRvd24gY3JpdGljYWwgSW50ZXJuZXQgc2VydmljZXMgc3VjaCBhcyBvbmxpbmUgYmFua2luZzsN
CmhhdmUgd2UganVzdCBiZWVuIGx1Y2t5IHVwIHRvIG5vdz8NCg0KVGhhbmtzIC0gRnJlZA0KDQpG
cm9tOiBsaXNwIFttYWlsdG86bGlzcC1ib3VuY2VzQGlldGYub3JnXSBPbiBCZWhhbGYgT2YgUGFk
bWEgUGlsbGF5LUVzbmF1bHQNClNlbnQ6IFNhdHVyZGF5LCBPY3RvYmVyIDI5LCAyMDE2IDEwOjM5
IEFNDQpUbzogRGlubyBGYXJpbmFjY2kgPGZhcmluYWNjaUBnbWFpbC5jb20+DQpDYzogaWRlYXNA
aWV0Zi5vcmc7IGxpc3BAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbbGlzcF0gW0lkZWFzXSBGVzog
VGVjaG5pY2FsIHBsZW5hcnk6IEF0dGFja3MgYWdhaW5zdCB0aGUgYXJjaGl0ZWN0dXJlIC0gaW1w
bGljYXRpb25zIGZvciB0aGUgTmV0d29yayBNYXBwaW5nIFN5c3RlbQ0KDQoNCg0KT24gU2F0LCBP
Y3QgMjksIDIwMTYgYXQgMTA6MjAgQU0sIERpbm8gRmFyaW5hY2NpIDxmYXJpbmFjY2lAZ21haWwu
Y29tPG1haWx0bzpmYXJpbmFjY2lAZ21haWwuY29tPj4gd3JvdGU6DQo+IEluIHNlY3Rpb24gNSBv
ZiBkcmFmdC1wYWRtYS1pZGVhcy1wcm9ibGVtLXN0YXRlbWVudCwgdGhlcmUgaXMgYSBzZWN0aW9u
IGluIHRoZSB0YWJsZSB3aGljaCBzcGVjaWZpY2FsbHkgZGlzY3VzcyBhYm91dCB0aGUgc3RydWN0
dXJlIG9mIElEcyBhbmQgd2hldGhlciB3ZSBzaG91bGQgdXNlZCB0aGVtIGZvciBzcGVjaWZpYyBj
bGFzc2VzIG9yIGFzIHRoZSBOZXR3b3JrIE1hcHBpbmcgc3lzdGVtIGlzIHByb3Bvc2luZyB0byBh
dHRhY2ggbWV0YWRhdGEgdG8gSUQuDQoNCk1heWJlIHdlIGNhbiBleHBlcmltZW50IHdpdGggdGhl
IEVJRC1wcmVmaXggYmxvY2sgMjAwMTo1OjovMzIgZnJvbSBSRkMgNzk1NC83OTU1IHRvIGFsbG9j
YXRlIHN1Yi1ibG9ja3MgZnJvbSBsYXJnZSByZWdpb25zIG9mIHRoZSB3b3JsZC4gWWVzLCBnZW9n
cmFwaGljYWwgYWxsb2NhdGlvbnMgd2l0aG91dCB0aGUgaXNzdWUgb2YgdGhlIHBhc3QsIHNpbmNl
IEVJRHMgYXJlIG5vdCBpbmplY3RlZCBpbnRvIHRoZSB1bmRlcmxheSByb3V0aW5nIGFuZCBhcmUg
bm90IGJhc2VkIG9uIEludGVybmV0IHRvcG9sb2d5Lg0KDQpEbyB0aGlzIGZpcnN0IGFuZCB0aGVu
IGRlY2lkZSB3aGljaCwgc2F5IGNvbnRpbmVudCBibG9jayBpcyByZWdpc3RlcmVkIHRvIGEgcmVn
aW9uYWwgbWFwcGluZyBzeXN0ZW0uIEFuZCBpZiBhbiBJRCBuZWVkcyB0byByZWdpc3RlciB0byBt
dWx0aXBsZSBtYXBwaW5nIHN5c3RlbXMuIFRoZSBtYXBwaW5nIHN5c3RlbXMgc2hvdWxkIGNvbnNp
ZGVyZWQgdG8gYmUgcmVsYXRpdmVseSBsb2NhbCBpbiBzY29wZSBhbmQgbWF5IG92ZXJsYXAuDQoN
ClRoaXMgY291bGQgaGVscCBtaXRpZ2F0ZSBEb1MgYXR0YWNrcyB0byBhIHNtYWxsZXIgKGJ1dCBz
dGlsbCBzY2FsYWJsZSkgcGFydCBvZiB0aGUgaW5mcmFzdHJ1Y3R1cmUuDQoNCiA8UGFkbWE+IEFn
cmVlLg0KDQpUaGFua3MNClBhZG1hDQoNCkRpbm8NCg0K

--_000_1fb6fb630dd345cf8bed1d8164b04dd2XCH150608nwnosboeingcom_
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiIHhtbG5zOm89InVy
bjpzY2hlbWFzLW1pY3Jvc29mdC1jb206b2ZmaWNlOm9mZmljZSIgeG1sbnM6dz0idXJuOnNjaGVt
YXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6d29yZCIgeG1sbnM6bT0iaHR0cDovL3NjaGVtYXMubWlj
cm9zb2Z0LmNvbS9vZmZpY2UvMjAwNC8xMi9vbW1sIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv
VFIvUkVDLWh0bWw0MCI+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIg
Y29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjxtZXRhIG5hbWU9IkdlbmVyYXRv
ciIgY29udGVudD0iTWljcm9zb2Z0IFdvcmQgMTUgKGZpbHRlcmVkIG1lZGl1bSkiPg0KPHN0eWxl
PjwhLS0NCi8qIEZvbnQgRGVmaW5pdGlvbnMgKi8NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6
IkNhbWJyaWEgTWF0aCI7DQoJcGFub3NlLTE6MiA0IDUgMyA1IDQgNiAzIDIgNDt9DQpAZm9udC1m
YWNlDQoJe2ZvbnQtZmFtaWx5OkNhbGlicmk7DQoJcGFub3NlLTE6MiAxNSA1IDIgMiAyIDQgMyAy
IDQ7fQ0KLyogU3R5bGUgRGVmaW5pdGlvbnMgKi8NCnAuTXNvTm9ybWFsLCBsaS5Nc29Ob3JtYWws
IGRpdi5Nc29Ob3JtYWwNCgl7bWFyZ2luOjBpbjsNCgltYXJnaW4tYm90dG9tOi4wMDAxcHQ7DQoJ
Zm9udC1zaXplOjEyLjBwdDsNCglmb250LWZhbWlseToiVGltZXMgTmV3IFJvbWFuIixzZXJpZjt9
DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCglj
b2xvcjpibHVlOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KYTp2aXNpdGVkLCBzcGFu
Lk1zb0h5cGVybGlua0ZvbGxvd2VkDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjpw
dXJwbGU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpzcGFuLmdtYWlsLQ0KCXttc28t
c3R5bGUtbmFtZTpnbWFpbC07fQ0Kc3Bhbi5nbWFpbC1ob2VuemINCgl7bXNvLXN0eWxlLW5hbWU6
Z21haWwtaG9lbnpiO30NCnNwYW4uRW1haWxTdHlsZTE5DQoJe21zby1zdHlsZS10eXBlOnBlcnNv
bmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOiMx
RjQ5N0Q7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJ
Zm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJ
e3NpemU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpk
aXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+PCEtLVtp
ZiBndGUgbXNvIDldPjx4bWw+DQo8bzpzaGFwZWRlZmF1bHRzIHY6ZXh0PSJlZGl0IiBzcGlkbWF4
PSIxMDI2IiAvPg0KPC94bWw+PCFbZW5kaWZdLS0+PCEtLVtpZiBndGUgbXNvIDldPjx4bWw+DQo8
bzpzaGFwZWxheW91dCB2OmV4dD0iZWRpdCI+DQo8bzppZG1hcCB2OmV4dD0iZWRpdCIgZGF0YT0i
MSIgLz4NCjwvbzpzaGFwZWxheW91dD48L3htbD48IVtlbmRpZl0tLT4NCjwvaGVhZD4NCjxib2R5
IGxhbmc9IkVOLVVTIiBsaW5rPSJibHVlIiB2bGluaz0icHVycGxlIj4NCjxkaXYgY2xhc3M9Ildv
cmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXpl
OjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6
IzFGNDk3RCI+SGksIG9uZSBvYnNlcnZhdGlvbiBhbmQgb25lIHF1ZXN0aW9uLiBUaGUgb2JzZXJ2
YXRpb24gaXMgdGhhdCBhbnl0aGluZyBvbiB0aGUgb3BlbjxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N
CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQt
ZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5JbnRl
cm5ldCB0aGF0IHByb3ZpZGVzIGEgc2VydmljZSBjYW4gYmUgc3ViamVjdCB0byBEZW5pYWwgb2Yg
U2VydmljZSDigJMgYW5kLCBJIGFtIG5vdDxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZx
dW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZjtjb2xvcjojMUY0OTdEIj5qdXN0IHRhbGtpbmcg
YWJvdXQgdGhlIExJU1AgbWFwcGluZyBzeXN0ZW0uIFRoZSBxdWVzdGlvbiBpcyBob3cgaXMgaXQg
dGhhdCB3ZSBoYXZlPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQ7Zm9udC1mYW1pbHk6JnF1b3Q7Q2FsaWJyaSZx
dW90OyxzYW5zLXNlcmlmO2NvbG9yOiMxRjQ5N0QiPm5vdCB5ZXQgc2VlbiBEb1MgYXR0YWNrcyB0
YWtlIGRvd24gY3JpdGljYWwgSW50ZXJuZXQgc2VydmljZXMgc3VjaCBhcyBvbmxpbmUgYmFua2lu
Zzs8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBzdHls
ZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNhbnMt
c2VyaWY7Y29sb3I6IzFGNDk3RCI+aGF2ZSB3ZSBqdXN0IGJlZW4gbHVja3kgdXAgdG8gbm93Pzxv
OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp
Zjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0i
TXNvTm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdDtmb250LWZhbWlseTomcXVv
dDtDYWxpYnJpJnF1b3Q7LHNhbnMtc2VyaWY7Y29sb3I6IzFGNDk3RCI+VGhhbmtzIC0gRnJlZDxv
OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJm
b250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJp
Zjtjb2xvcjojMUY0OTdEIj48bzpwPiZuYnNwOzwvbzpwPjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxl
PSJib3JkZXI6bm9uZTtib3JkZXItbGVmdDpzb2xpZCBibHVlIDEuNXB0O3BhZGRpbmc6MGluIDBp
biAwaW4gNC4wcHQiPg0KPGRpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci10b3A6
c29saWQgI0UxRTFFMSAxLjBwdDtwYWRkaW5nOjMuMHB0IDBpbiAwaW4gMGluIj4NCjxwIGNsYXNz
PSJNc29Ob3JtYWwiPjxiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5
OiZxdW90O0NhbGlicmkmcXVvdDssc2Fucy1zZXJpZiI+RnJvbTo8L3NwYW4+PC9iPjxzcGFuIHN0
eWxlPSJmb250LXNpemU6MTEuMHB0O2ZvbnQtZmFtaWx5OiZxdW90O0NhbGlicmkmcXVvdDssc2Fu
cy1zZXJpZiI+IGxpc3AgW21haWx0bzpsaXNwLWJvdW5jZXNAaWV0Zi5vcmddDQo8Yj5PbiBCZWhh
bGYgT2YgPC9iPlBhZG1hIFBpbGxheS1Fc25hdWx0PGJyPg0KPGI+U2VudDo8L2I+IFNhdHVyZGF5
LCBPY3RvYmVyIDI5LCAyMDE2IDEwOjM5IEFNPGJyPg0KPGI+VG86PC9iPiBEaW5vIEZhcmluYWNj
aSAmbHQ7ZmFyaW5hY2NpQGdtYWlsLmNvbSZndDs8YnI+DQo8Yj5DYzo8L2I+IGlkZWFzQGlldGYu
b3JnOyBsaXNwQGlldGYub3JnPGJyPg0KPGI+U3ViamVjdDo8L2I+IFJlOiBbbGlzcF0gW0lkZWFz
XSBGVzogVGVjaG5pY2FsIHBsZW5hcnk6IEF0dGFja3MgYWdhaW5zdCB0aGUgYXJjaGl0ZWN0dXJl
IC0gaW1wbGljYXRpb25zIGZvciB0aGUgTmV0d29yayBNYXBwaW5nIFN5c3RlbTxvOnA+PC9vOnA+
PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZu
YnNwOzwvbzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwv
bzpwPjwvcD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwv
cD4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5PbiBTYXQsIE9jdCAyOSwgMjAxNiBhdCAx
MDoyMCBBTSwgRGlubyBGYXJpbmFjY2kgJmx0OzxhIGhyZWY9Im1haWx0bzpmYXJpbmFjY2lAZ21h
aWwuY29tIiB0YXJnZXQ9Il9ibGFuayI+ZmFyaW5hY2NpQGdtYWlsLmNvbTwvYT4mZ3Q7IHdyb3Rl
OjxvOnA+PC9vOnA+PC9wPg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1s
ZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4t
bGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFu
IGNsYXNzPSJnbWFpbC0iPiZndDsgSW4gc2VjdGlvbiA1IG9mIGRyYWZ0LXBhZG1hLWlkZWFzLXBy
b2JsZW0tc3RhdGVtZW50LCB0aGVyZSBpcyBhIHNlY3Rpb24gaW4gdGhlIHRhYmxlIHdoaWNoIHNw
ZWNpZmljYWxseSBkaXNjdXNzIGFib3V0IHRoZSBzdHJ1Y3R1cmUgb2YgSURzIGFuZCB3aGV0aGVy
IHdlIHNob3VsZCB1c2VkIHRoZW0gZm9yIHNwZWNpZmljIGNsYXNzZXMgb3IgYXMgdGhlIE5ldHdv
cmsgTWFwcGluZw0KIHN5c3RlbSBpcyBwcm9wb3NpbmcgdG8gYXR0YWNoIG1ldGFkYXRhIHRvIElE
Ljwvc3Bhbj48YnI+DQo8YnI+DQpNYXliZSB3ZSBjYW4gZXhwZXJpbWVudCB3aXRoIHRoZSBFSUQt
cHJlZml4IGJsb2NrIDIwMDE6NTo6LzMyIGZyb20gUkZDIDc5NTQvNzk1NSB0byBhbGxvY2F0ZSBz
dWItYmxvY2tzIGZyb20gbGFyZ2UgcmVnaW9ucyBvZiB0aGUgd29ybGQuIFllcywgZ2VvZ3JhcGhp
Y2FsIGFsbG9jYXRpb25zIHdpdGhvdXQgdGhlIGlzc3VlIG9mIHRoZSBwYXN0LCBzaW5jZSBFSURz
IGFyZSBub3QgaW5qZWN0ZWQgaW50byB0aGUgdW5kZXJsYXkgcm91dGluZyBhbmQgYXJlDQogbm90
IGJhc2VkIG9uIEludGVybmV0IHRvcG9sb2d5LjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1b3Rl
Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPC9k
aXY+DQo8YmxvY2txdW90ZSBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVyLWxlZnQ6c29saWQgI0ND
Q0NDQyAxLjBwdDtwYWRkaW5nOjBpbiAwaW4gMGluIDYuMHB0O21hcmdpbi1sZWZ0OjQuOHB0O21h
cmdpbi1yaWdodDowaW4iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+RG8gdGhpcyBmaXJzdCBhbmQg
dGhlbiBkZWNpZGUgd2hpY2gsIHNheSBjb250aW5lbnQgYmxvY2sgaXMgcmVnaXN0ZXJlZCB0byBh
IHJlZ2lvbmFsIG1hcHBpbmcgc3lzdGVtLiBBbmQgaWYgYW4gSUQgbmVlZHMgdG8gcmVnaXN0ZXIg
dG8gbXVsdGlwbGUgbWFwcGluZyBzeXN0ZW1zLiBUaGUgbWFwcGluZyBzeXN0ZW1zIHNob3VsZCBj
b25zaWRlcmVkIHRvIGJlIHJlbGF0aXZlbHkgbG9jYWwgaW4gc2NvcGUgYW5kIG1heQ0KIG92ZXJs
YXAuPGJyPg0KPGJyPg0KVGhpcyBjb3VsZCBoZWxwIG1pdGlnYXRlIERvUyBhdHRhY2tzIHRvIGEg
c21hbGxlciAoYnV0IHN0aWxsIHNjYWxhYmxlKSBwYXJ0IG9mIHRoZSBpbmZyYXN0cnVjdHVyZS48
bzpwPjwvbzpwPjwvcD4NCjwvYmxvY2txdW90ZT4NCjxkaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFs
Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNsYXNzPSJNc29Ob3Jt
YWwiPiZuYnNwOyZsdDtQYWRtYSZndDsgQWdyZWUuPG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxk
aXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjwvZGl2Pg0K
PGRpdj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYW5rczxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+
DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+UGFkbWE8bzpwPjwvbzpwPjwvcD4NCjwvZGl2
Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJvcmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0ND
Q0MgMS4wcHQ7cGFkZGluZzowaW4gMGluIDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJn
aW4tcmlnaHQ6MGluIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJnaW4tYm90dG9t
OjEyLjBwdCI+PHNwYW4gc3R5bGU9ImNvbG9yOiM4ODg4ODgiPjxicj4NCjxzcGFuIGNsYXNzPSJn
bWFpbC1ob2VuemIiPkRpbm88L3NwYW4+PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9ibG9ja3F1
b3RlPg0KPC9kaXY+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpwPjwvcD4N
CjwvZGl2Pg0KPC9kaXY+DQo8L2Rpdj4NCjwvZGl2Pg0KPC9ib2R5Pg0KPC9odG1sPg0K

--_000_1fb6fb630dd345cf8bed1d8164b04dd2XCH150608nwnosboeingcom_--


From nobody Mon Oct 31 10:27:56 2016
Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D8AD12958B; Mon, 31 Oct 2016 10:27:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level: 
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-vItdVpkIgi; Mon, 31 Oct 2016 10:27:51 -0700 (PDT)
Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28D97129969; Mon, 31 Oct 2016 10:27:51 -0700 (PDT)
Received: by mail-pf0-x233.google.com with SMTP id d2so4790398pfd.0; Mon, 31 Oct 2016 10:27:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;  h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IBH8M5usExNxonKy//RQEir0SHCqpYOTuxe9xknt16E=; b=X4msh9FMW+/sCNW9V/IjiVtj2+CHrPIyT6bNxGj09IHqpc2ExwwD0wxfWSBEoOypW2 /MqcsLWdUzPj+KO51aCmk9yEUD8NEFjp7zkPIaSeRLIQwQ41OFwxpFUlVBgENbHVoSkF wTB2zDT/NjI6m3xgI4D51EmF6kHI8NowOT85MFqcDwnhKIp7VnOB66JzCgW/rj1nxCo6 c4xp6dzNna94kZjqDoF9HhBG1VlKVUNyVFr+dCWJ/hpvCmCKWUTKlfm4fgSI7piZAFBz +DEUX9QrZLgkIBHmm+6d/4PZ5UcAi4WvAQaCCU/cv7xwKKIHt/GbNfD5i7pTp9dv6T/p xVtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=IBH8M5usExNxonKy//RQEir0SHCqpYOTuxe9xknt16E=; b=XyONpgpmersmWxcyP2JosvoC4Ea0H9Hc5Lm5IfsteLEIRSwPP00x5WCRDGteLaZq+R r2yxxtXI9urYRo5WC0+x2X+XOKdl2HsBYZWk1fwa2fluZi8P6N6tkU/89A4YmHLp1C0m qqhPg0GrrvHC+PkiYsVR57Ny+1mDyrwLHXsRMkV9/K6cseYRdG3orGFTK/xyRPvMfBnI FkjYylNYm67t3JvzpIEEpFQea5oKq2RQNyA8qALRzZcBXRCIIZe+RNOGh9OxPeJ8mxSn y9HPxd2ntPX9H3xSqlwQq9hWGYmaR2dpLNviamXaaLMq2P1tSg89162esA3lOYY4QZ2U eGJg==
X-Gm-Message-State: ABUngvc2sfXADFszVncL83D5FttOnpzx5WC09HQu3TTtNyJ3i1BCWo7Uv3MgwgNoU9gu/Q==
X-Received: by 10.99.242.5 with SMTP id v5mr42424296pgh.137.1477934870808; Mon, 31 Oct 2016 10:27:50 -0700 (PDT)
Received: from [10.197.31.157] (173-11-119-245-SFBA.hfc.comcastbusiness.net. [173.11.119.245]) by smtp.gmail.com with ESMTPSA id v6sm8238324pab.14.2016.10.31.10.27.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 31 Oct 2016 10:27:50 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <1fb6fb630dd345cf8bed1d8164b04dd2@XCH15-06-08.nw.nos.boeing.com>
Date: Mon, 31 Oct 2016 10:02:57 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <CCA233D5-9A07-4451-9894-466408FECE0D@gmail.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com> <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com> <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com> <1fb6fb630dd345cf8bed1d8164b04dd2@XCH15-06-08.nw.nos.boeing.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
X-Mailer: Apple Mail (2.3226)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/hX1O2ufblwIpZ36njqnO-YE-70Y>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 17:27:52 -0000

> Hi, one observation and one question. The observation is that anything =
on the open
> Internet that provides a service can be subject to Denial of Service =
=E2=80=93 and, I am not
> just talking about the LISP mapping system. The question is how is it =
that we have
> not yet seen DoS attacks take down critical Internet services such as =
online banking;
> have we just been lucky up to now?

Fred, it has happened. Just hidden to avoid headlines and fear.

Dino


From nobody Mon Oct 31 11:48:54 2016
Return-Path: <padma@huawei.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 692361299D3; Mon, 31 Oct 2016 11:48:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.718
X-Spam-Level: 
X-Spam-Status: No, score=-5.718 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_fLGN6O-rWg; Mon, 31 Oct 2016 11:48:46 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC1141299A8; Mon, 31 Oct 2016 11:48:45 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml707-cah.china.huawei.com) ([172.18.7.190]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CZK87733; Mon, 31 Oct 2016 18:48:43 +0000 (GMT)
Received: from DFWEML702-CAH.china.huawei.com (10.193.5.176) by lhreml707-cah.china.huawei.com (10.201.5.199) with Microsoft SMTP Server (TLS) id 14.3.235.1; Mon, 31 Oct 2016 18:48:40 +0000
Received: from DFWEML501-MBB.china.huawei.com ([10.193.5.179]) by dfweml702-cah.china.huawei.com ([10.193.5.176]) with mapi id 14.03.0235.001; Mon, 31 Oct 2016 11:48:31 -0700
From: Padmadevi Pillay Esnault <padma@huawei.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>
Thread-Topic: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
Thread-Index: AQHSM5Q+tB8Wu9GAmk+kxUM29tK5Q6DDP3GA//+hTHA=
Date: Mon, 31 Oct 2016 18:48:31 +0000
Message-ID: <EC7A99B9A59C1B4695037EEB5036666B012C7540@dfweml501-mbb>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com> <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com> <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com> <1fb6fb630dd345cf8bed1d8164b04dd2@XCH15-06-08.nw.nos.boeing.com> <CCA233D5-9A07-4451-9894-466408FECE0D@gmail.com>
In-Reply-To: <CCA233D5-9A07-4451-9894-466408FECE0D@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [10.213.48.228]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A090202.5817920B.027A, ss=1, re=0.000, recu=0.000, reip=0.000,  cl=1, cld=1, fgs=0, ip=0.0.0.0, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: b55a82351c1e69ef9caa1780a4478e68
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/qApQQFWlU0cqto_5rvlz9yAgIjA>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 18:48:48 -0000

SGkgRnJlZA0KDQpUaGFua3MgZm9yIHJhaXNpbmcgdGhpcyBpbnRlcmVzdGluZyBxdWVzdGlvbi4N
Cg0KWWVzIGl0IGhhcyBoYXBwZW5lZCBhbmQgd2lsbCBjb250aW51ZSB0byBkbyBzby4gSXQgd2ls
bCBhIHZlcnkgc2Vuc2l0aXZlIHRvcGljIHRoYXQgbm9uZSBvZiB0aGUgZW50aXRpZXMgYXR0YWNr
IHdvdWxkIHdhbnQgdG8gYmUgcHVibGljaXplZCBhdCBhbGwgY29zdC4NClRoYXQgc2FpZCwgaXQg
aXMgbXVjaCBlYXNpZXIgZm9yIGEgcHJpdmF0ZSBpbnN0aXR1dGlvbiB0byBrZWVwIGl0IHVuZGVy
IHRoZSB3cmFwcy4NCg0KQXJlIHRoZXkgdGFraW5nIG1lYXN1cmVzPyBBYnNvbHV0ZWx5IQ0KSXQg
aXMgcHJldHR5IHJlY2VudCB0aGF0IHdlIG5vdyBoYXZlIGF1dGhlbnRpY2F0aW9uIGJhc2VkIG9u
IHdoaWNoIGNvbXB1dGVyIGlzIHVzZWQgdG8gbG9naW4gdXNpbmcgMiBzdGVwIHZlcmlmaWNhdGlv
bi4gVGhlIHR3bw0KU3RlcCB2ZXJpZmljYXRpb24gaW52b2x2aW5nIGNvbmZpcm1hdGlvbiBvZiBj
b2RlIHNlbnQgdG8gbW9iaWxlIGNhbiBiZSBjb25zaWRlcmVkIGEgdGVsbCB0YWxlIHNpZ24uDQoN
CkkgdGhpbmsgdGhlIGRpZmZlcmVuY2Ugd2l0aCB0aGUgbGF0ZXN0IGF0dGFjayBpcyB0aGF0IA0K
LSBpdCBpbnZvbHZlZCB0aGUgRE5TIHN5c3RlbSBvciBvdGhlciBzZXJ2aWNlcyB0aGF0IGNhbm5v
dCByZWx5IG9uIHRoZSB0d28gc3RlcCB2ZXJpZmljYXRpb24gZm9yIGluc3RhbmNlIHdoaWNoIGNv
dWxkIHBvdGVudGlhbGx5IGlkZW50aWZ5IGl0IHRoZSByZXF1ZXN0cyBhcmUgZnJvbSBib3RuZXRz
LiANClRoZSBsYXJnZXIgYW5kIGluZGlzY3JpbWluYXRlIHlvdSBhcmUgYWJvdXQgdXNlcnMgdG8g
eW91ciBzZXJ2aWNlLCB0aGUgaGlnaGVyIHRoZSByaXNrIG9mIGEgRERPUyBhdHRhY2sgd2FpdGlu
ZyB0byBoYXBwZW4uDQotIEl0IGlzIGhhcmRlciB0byBrZWVwIGl0IHVuZGVyIHRoZSB3cmFwcyB3
aGVuIHlvdSBoYXZlIG11bHRpcGxlIHBhcnRpZXMgaW52b2x2ZWQuDQoNCkNvbWluZyBiYWNrIHRv
IHRoZSBtYXBwaW5nIHN5c3RlbXMsIHdoaWxlIGl0IG1heSBiZSB2dWxuZXJhYmxlIGp1c3QgYXMg
bWFueSBvdGhlciBjb21wb25lbnRzIG9mIHRoZSBpbnRlcm5ldCwgbm93IGlzIHRpbWUgZm9yIHJl
dGhpbmtpbmcuIA0KSSBhbSByZWFsbHkgbG9va2luZyBmb3J3YXJkIHRvIHRoZSB0ZWNobmljYWwg
cGxlbmFyeS4gVGhlIGxhdGVzdCBhdHRhY2sgaGlnaGxpZ2h0cyB0aGUgdXJnZW5jeSB0byBnZXQg
c3RhcnRlZCBvbiB3b3JraW5nIG9uIGl0LiANClRoZSBtb3RpdmF0aW9uIGZvciB0aGUgSURFQVMg
cHJvYmxlbSBzdGF0ZW1lbnQgaXMgdG8gaWRlbnRpZnkgdGhlc2UgY3JpdGljYWwgaXNzdWVzIGFu
ZCBwcm92aWRlIGEgZnJhbWV3b3JrIGxldmVyYWdpbmcgcHJvcGVydGllcyBpbiBJRCBlbmFibGVk
IG5ldHdvcmtzLg0KSU1ITywgaXQgaXMgYmVzdCB0byBoYXZlIGEgZnJhbWV3b3JrIGZvciBhbGwg
SUQgZW5hYmxlZCBuZXR3b3JrcyByYXRoZXIgdGhhbiBnb2luZyBhYm91dCBpdCBpbiBwaWVjZW1l
YWwsIGFuZCB0aGlzIGlzIHRoZSBnb2FsIGZvciBJREVBUywgb3IgYXQgbGVhc3QgaXQgaXMgYSBz
dGFydGluZyBwb2ludC4NCg0KUGFkbWENCg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZy
b206IElkZWFzIFttYWlsdG86aWRlYXMtYm91bmNlc0BpZXRmLm9yZ10gT24gQmVoYWxmIE9mIERp
bm8gRmFyaW5hY2NpDQpTZW50OiBNb25kYXksIE9jdG9iZXIgMzEsIDIwMTYgMTA6MDMgQU0NClRv
OiBUZW1wbGluLCBGcmVkIEwNCkNjOiBQYWRtYSBQaWxsYXktRXNuYXVsdDsgaWRlYXNAaWV0Zi5v
cmc7IGxpc3BAaWV0Zi5vcmcNClN1YmplY3Q6IFJlOiBbSWRlYXNdIFtsaXNwXSBGVzogVGVjaG5p
Y2FsIHBsZW5hcnk6IEF0dGFja3MgYWdhaW5zdCB0aGUgYXJjaGl0ZWN0dXJlIC0gaW1wbGljYXRp
b25zIGZvciB0aGUgTmV0d29yayBNYXBwaW5nIFN5c3RlbQ0KDQo+IEhpLCBvbmUgb2JzZXJ2YXRp
b24gYW5kIG9uZSBxdWVzdGlvbi4gVGhlIG9ic2VydmF0aW9uIGlzIHRoYXQgYW55dGhpbmcgb24g
dGhlIG9wZW4NCj4gSW50ZXJuZXQgdGhhdCBwcm92aWRlcyBhIHNlcnZpY2UgY2FuIGJlIHN1Ympl
Y3QgdG8gRGVuaWFsIG9mIFNlcnZpY2Ug4oCTIGFuZCwgSSBhbSBub3QNCj4ganVzdCB0YWxraW5n
IGFib3V0IHRoZSBMSVNQIG1hcHBpbmcgc3lzdGVtLiBUaGUgcXVlc3Rpb24gaXMgaG93IGlzIGl0
IHRoYXQgd2UgaGF2ZQ0KPiBub3QgeWV0IHNlZW4gRG9TIGF0dGFja3MgdGFrZSBkb3duIGNyaXRp
Y2FsIEludGVybmV0IHNlcnZpY2VzIHN1Y2ggYXMgb25saW5lIGJhbmtpbmc7DQo+IGhhdmUgd2Ug
anVzdCBiZWVuIGx1Y2t5IHVwIHRvIG5vdz8NCg0KRnJlZCwgaXQgaGFzIGhhcHBlbmVkLiBKdXN0
IGhpZGRlbiB0byBhdm9pZCBoZWFkbGluZXMgYW5kIGZlYXIuDQoNCkRpbm8NCg0KX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18NCklkZWFzIG1haWxpbmcgbGlz
dA0KSWRlYXNAaWV0Zi5vcmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8v
aWRlYXMNCg==